last executing test programs:

16.317070822s ago: executing program 0 (id=332):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes-aesni)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4$alg(r0, 0x0, 0x0, 0x80800)
sendmmsg(r1, &(0x7f00000002c0)=[{{0x0, 0x0, &(0x7f0000000940)=[{&(0x7f00000003c0)="18", 0x1}], 0x1}}], 0x1, 0x408d4)
io_setup(0xff, &(0x7f0000000380)=<r2=>0x0)
io_submit(r2, 0x2000000000000225, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0xfffb, r1, &(0x7f0000000340), 0x2d}])

15.098094282s ago: executing program 0 (id=336):
r0 = syz_open_dev$vbi(&(0x7f0000000340), 0x0, 0x2)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0x8a5, 0x93, 0x1, 0x2, 0xd59f80, 0x19ef, 0x6, 0x19ef, 0x3, 0x4, 0x27ff, 0x2800, 0x2, 0xbb6, 0x0, 0x8, {0x8, 0xffffffff}, 0xd0, 0x9}})

14.837887067s ago: executing program 0 (id=339):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

9.637773703s ago: executing program 2 (id=355):
openat$sequencer(0xffffffffffffff9c, 0x0, 0x48c00, 0x0)
r0 = syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
writev(r0, 0x0, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000180)={0x0, 0x2}, &(0x7f00000001c0)=0x8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mremap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x4000, 0x2, &(0x7f00002a0000/0x4000)=nil)
r6 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
ioctl$BLKTRACESETUP(r6, 0xc0481273, &(0x7f0000000500)={'\x00', 0x7ef, 0x28, 0x9, 0xb, 0xc1ac})
ioctl$BLKTRACESTART(r6, 0x1274, 0x0)

9.476174308s ago: executing program 4 (id=356):
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
syz_mount_image$nilfs2(&(0x7f0000000380), &(0x7f0000000a40)='./file0\x00', 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="6f726465723d72656c617865642c6572726f72733d636f6e74696e75652c6e6f646973636172642c6e6f646973636172642c6572726f72733d72656d6f756e742d726f2c6572726f72733d72656d6f756e742d726f2c003a1ccae93ad1f003892fde90e0b7be1e73612c72c15005a140bd719cebc7ac3546a61f052df456cd9d896e7d7e0d3047dee5e2a4592737a421e3c508914eaf57d4d83d76daf0077169365d0449bbd14cbce5c377673b26a47104615f31533130f459f2dcdfa5d1e1c62c9d3bbeb15894158e7a7fe88f553c167564bd79b70cc61b29adf332ae040730361e9df2cc87b4b732501c23f50299ff5946619b25d413f6184ef8a702c82e1d2f850a0b7da18de5e1c74b8ff20d582b7a5edd683171a7140bf613d922e6"], 0xf, 0xa02, &(0x7f0000001ec0)="$eJzs3U9sXEcdAOB5a68d16mzhgKmoYmBAqmgTrCtKrmkMZRrpN7KsQppiHBTlHBpVakpUsUNRap67IGqh1wQFeLSA1JEVUQvQZQ7CoVKVVGgFQipoNYo9sx6d+zH/rG99vp9n/Tz+L2ZfTPPu943fp6dCUBl1Va/Li7OFCG89PqLj/zkD698twghHG2WaLSUW9uqhxCKtsevuxUzPv7w2XObpUWYX/2atsPZ283HToYQrobZcCM0wsL7j829ubT08vWbj16efuH02zt0+gAAUCln3/jH7x94761vTP/nF0fOhPHm/tQ/b8TtydjvPxH793n/v2hJi5btZCwrNxIj//thJCs3mtUzWlJfPTtOvaTcWIf6Rlr2bXaeALAfrN/XK2pzbdu12tzc2nX/jlvjY8XcpYvLT1zZpYYCANvmXw+HEM4IIYQQokqxcmi3eyAAQNXl44U3uJqPLNia5tEOdFf/7aXa5o+HbTDo17/6h6v+V5/3jsP22a+vpnRe6fcojWPIxxGOZI/r9fe/lh1ntMd2lo0rHJbxhmXtzH+ue1VZ+3t9HndLWfvz8bB7VVn783G6e1VZ+8cH3I5+lbX/wIDb0a+y9k80v9uvV7jtcd/q1/V3iyNZfuv1M39PH5b3eACg3UfG/wkhhBCVi+d2uwMCAOw5+fw4K1HKz+fjyfPzeXjy/HxeoDx/vEP+gQ75AMBGC7+68PNrxfr/+bc6Hi6Nu7grppM9ticfrdFr/Vsd97TV+odl3BIA1fbUTxe/89aZpZG1+X/Xr2WfZPP/prl6r8XtNO7yYLbdnPt3tr2eWkm5gztxUgDA/5Wuv2Xz/94dt2dCvXji4vL5E3F7Kqa/G6+P39n/zQG3GwDoX7fz/8+E9vn/Dzb312ut/YJD6/uL1n5BI9s/X7J/IW5Px/T74xOr++fOPbX8ve0+eQCoqDe+dfC1D357Kazd/1///3e6/59u4zfiWLsPYoHUT0j3Bzbc/z/WXs9UWbkT7eUOlZU72V6ukZWrx8jn3cjHB05kj0vjFNK4h9TfSeMap8vak02QMZaVG41xd9aeqaw9G873RHt78nloUv2NbH8+7iGVmw4AsNGVp5/5wePLy+cv+8Y3vqngN8+FEDbL2u13JmCnHf/Rkz88fuXpZx68+OTjF85fOH9pYXH+1KmHFucXHzq+el//eOvdfQBgP1jv9O92SwAAAAAAAAAAAAAAgDKD+KTxbp8jANDu7w+HEM6ILEb2QBuEECk+2gNtEGKfxcpKvuIvAMBg9bre/lY1jxbn80/rHqT04IN/nL4Tqdjtpfb+kvWL2U6Dfv2rf7jqf/X57a2/ub5I1+9/tfYDzPZX761fnjzZWv+9o13Wn5//sf7q/3NW/9dCd/Wv/Cyrv8+pcd/J6r+ry/o3nP/J/ur/S6z/nrh97Mvd1t/+/Kf1dtJyOBPZ+UyW1P/Xevv5p7X9ej7/Az2cdIt34/kDQBXVdrsBOyT1ElI/OvVDWtfnCy3r7IWsfLf9/1p2nHy9vn6l46Z+0BfjdurupHUD8/UOe21/Wp9wKjtu0WW/tuz1Myz/VSpr/3Y9jzutrP35epB7VVn7xwbcjn6VtT//vdyrytrf559VA1fW/okBt2NYHY5p2fUwXX+mYl7abmTbk5s8F/u1bwEAw+7bp2/ef+3rozfy9fnTdT39GTgZ/6a+npXL+wsTWd+xyMp/KaY/jukrMf1NTN/Jjrez/20DgGp6z+f/hBBCiMpF1T//5/4CVVb113/Vz7/a7/6e/07S6yO/j5+Mdsivt+SPbJI/1uHx41l+/nwd6JB/T3bclSjlf6ZD/mc75H+uQ/5Mh/xDHfLv7ZB/uEP+FzrkH+mQf7RDPgDD6fMx9f4OANWRj/tz/QeA/S9NrOP6DwDV8amYll3/7+uQDwAMn0/H1PUdACqk2Hymx63O2wMMjzS/dPo9j8uBhPtj+pWYfjWmab2UPpdfAfaA//7713+7VqzP93c4y+92Pvmi1v7Ju3z9nwe6bE/++b1e57NvdFnPTtU/vcX6AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABis2urXxcWZIoSXXn/xkX+e+tO7RQjhaLNEo6Xc2la9ZXu27TghvFaspR9/+Oy51vSTmBZhPhShaO4PZ283a5oMIVwNs+FGaISF9x+be3Np6eXrNx+9PP3C6bd38EcAAAAA+97/AgAA//87+jkE")

8.516188556s ago: executing program 2 (id=357):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000640)={0x0, 0x107000})
write(0xffffffffffffffff, &(0x7f0000000000)="390000001408000000fc8d316a000db7ff18005191", 0x15)
ioctl$KVM_NMI(r3, 0xae9a)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

8.326228426s ago: executing program 4 (id=358):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0xd40, 0xd2)
close(r0)
socket$phonet_pipe(0x23, 0x5, 0x2)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
write$usbip_server(r0, 0x0, 0xea)

8.236172331s ago: executing program 0 (id=359):
syz_mount_image$vfat(&(0x7f0000000500), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="757466383d302c756d61736b3d30303030303030303030303030303030303134373537372c73686f72746e616d653d6d697865642c636865636b3d7374726963742c636f6465706167653d313235302c6e6f6e756d7461696c3d302c756e695f786c6174653d312c756e695f786c6174653d302c756e695f786c6174653d312c696f636861727365743d63703836332c73686f72746e616d653d77696e6e742c756e695f786c6174653d302c6e6f6e756d7461696c3d302c756e695f786c6174653d302c73686f72746e616d653d6c6f7765722c726f6469722c0073e891503a0309d91d60a3f79fb445ef040adbfaebe458f48306d4472e78e0c79837a8ba4cdfcf2664aea65ded67e7618d999eb426ea4d6e3c245287de93a7671165d44c0692c1e44faa189afae462610344caaf8690af6f5b8092420bf6e652ec1dd96df4f7fa2122c8a1eb91332abb080a48cf8d995e2f518dc460183619759f02357d416969cde8685c58841fd65e9ae556ec5221ab219a826bb13cc6ebfb345749e676fa449156aaef0e2d00409ca2cf5ae7c47b594d6a41fab2"], 0x26, 0x34b, &(0x7f0000000700)="$eJzs3TtoZNUbAPBv9uYN+0+KPwStRjtBlk3EQquEZYXFFLoy+GocTNZH7riQwYFskdlpFEvFRtDKzkLLrcVCxM7C1hVkVWzcbmEXr8zcm5k7j2hWTOKyv18RPr5zvjnn3HvC3LxOXlmL7c3puHTz5o2Ym6vE1Nq5tbhViaU4FUnkrsaIzmgCALiX3Mqy+D3LldLLk3t/sLAfzRzD3ACAo9F7/3/t9CAxe5KzAQCOwwFf/496ZmL28pFNCwA4QmPv/w8PNY98m3+q/zsBAMC967kXX3p6fSPiYrU6F9F4t1Vr1eLJQfv6pXgj0tiKs7EYdyLyB4X8aaH78akLG+fPVrt+Xopat6JVi2i0W7X8SWE96dXPxkosxlJRn/Xrk279Sq++GhFX273xo1Fp1aZjoRj/h4XYitVYjP+P1Udc2Di/Wi1eoNbYr29HdGJufxHd+Z+Jxfju1bgcaWxGt3Yw/72VavVctlGqr/d+ELJ5EjcEAAAAAAAAAAAAAAAAAAAAAID7wplq31L//Jus0W69c3G0w1L5fJ1WLW8uzgfq5OcDZbP7p/O8l4yeDzR8Pk+rNhWnTnTlAAAAAAAAAAAAAAAAAAAA8N/R3J2Jeppu7TR3r2yXg3Yp89Y3n381H6N93kwGmZjKX26oT5GLUlUS/fKsX54lQ32KIIkYdP7sWn/GeSaZsJaxVcz2FljOVIo51dP09EM/fTw26O6V7T8GmSTGLstwUClGLjU1/pen/qLq4GD1b/pcz7LsoPK9j8arohIxNXbj/o3g6xuvP/BYc/nxXubL4tCHRx5dfP76h5/+ul1Po7g0aTqz07yT/eOxktL+qRTXuRITNtvEoDPIdHaau/Xk+99eePD9b4f6zI9tkiLIypm394O54dtdT9MvRkefyYPuNA+z0ukJm39y8PLt/u69+4u5/Mla/drej78ctqr0ieWgDgAAAAAAAAAAAAAAAAAAOBalvxW/C088e3QzAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDjN/j//6WgM5Y5THC7HeNNs1s7zQMHnz/WpQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcB/7MwAA//+xzHAn")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x100002, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
write$cgroup_type(r0, &(0x7f0000000180), 0x40010)

7.549470615s ago: executing program 2 (id=361):
syz_usb_connect(0x3, 0x24, &(0x7f0000001040)=ANY=[@ANYBLOB="1201000229639010861a2d754d2d01020301090212000100000000090401"], 0x0)

6.159135386s ago: executing program 1 (id=365):
r0 = socket(0x10, 0x3, 0x6)
r1 = socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=@newqdisc={0x88, 0x24, 0xf0b, 0x20, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [0x0, 0x0, 0x1], 0x0, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3dc], [0x0, 0x4]}}}}]}, 0x88}}, 0x20000000)

5.314196786s ago: executing program 3 (id=367):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="180300000005000000000000000000001801000011af000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000d5030000020000838500000071000000180100002020752500000000806020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
pipe2$9p(&(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r3, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
utime(&(0x7f0000000200)='./file0\x00', 0x0)
stat(&(0x7f0000000340)='./file0\x00', &(0x7f00000004c0))

5.24526421s ago: executing program 1 (id=368):
mount$bind(0x0, &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x40001e0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket(0x10, 0x803, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendto(r4, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r4, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x598}, {&(0x7f00000007c0)=""/154, 0x4c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})
r5 = landlock_create_ruleset(&(0x7f0000000140)={0x0, 0x3}, 0x10, 0x0)
landlock_restrict_self(r5, 0x0)
r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000300)='\x00', 0x81901)
move_mount(r6, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r7 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_GUEST_MEMFD(r7, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000})

5.160458355s ago: executing program 2 (id=369):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, 0x0, 0x0)
setsockopt$MRT_INIT(r1, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r3, 0x0, 0xca, &(0x7f00000000c0)={0x8, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev={0xac, 0x14, 0x14, 0x40}}, 0x10)
setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8)
syz_emit_ethernet(0x2a, &(0x7f0000000240)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x80, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @echo_reply={0x0, 0x0, 0x0, 0x67, 0xd2}}}}}, 0x0)
r4 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_MFC_PROXY(r4, 0x0, 0xd2, &(0x7f0000000200)={@private=0xa010101, @multicast2=0xe0000300, 0x0, "028a3f6c58b274e6d8451697efe42811ee1df06e9264f7d866b1970548fc3c7b", 0xb2, 0xfffffff7, 0x4, 0x40000006}, 0x3c)

5.022173255s ago: executing program 3 (id=370):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x20004040)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
syz_mount_image$ocfs2(&(0x7f0000000600), &(0x7f0000004780)='./file0\x00', 0x10000, &(0x7f00000006c0)={[{@usrquota}, {@coherency_full}, {@err_ro}, {@heartbeat_none}, {@err_cont}, {@nointr}, {@localalloc}]}, 0x1, 0x4710, &(0x7f0000008f40)="$eJzs212IXFcBB/BzZ1ezmybb/UibpOnHJBFctCybPlXrQ1yrNpo2H9pWU2Wd3Ww3q7M76+6MFgxSgyAKghIEFT+oCqUvtSAG+lKLUPADaRVKRdH6IlKogg8GbaArM3Nvdu6d2d7JTtLS9veDdvaee8+5Z/a/99w590wKseqphdXiwmqxtFSszN6/ekvxc5VybXEuFF4lr/X56c6VyEn2r50j7/vAR+65JYQ/HPvah9bW1tZC3XDo6EDLz+f/fXq29TVRyNSpt9u5taY/1h556edveaUj8pwIIexo61ddXwjhY78IYUsIYSQuG41fB0MI20IIUQjh0d/868cDvXShxdl7X3ju2JnD+85MPf7YMxfmj254YBTCd8u7b55ffHF/323Pv+MynR4AAF7RB48fufvo5IHwZBSGzvW3f17fGb8mn4/vfNun7nq4f33/Gt3pexVDBQAAgIz1+f9w9HKH9bpkZS1ZEnzigRN3PxWt7zexfX07dNeR298/eSBe/43a9t8aF/3zvX2NNdTsum92/XckU7/z+u/6eR7+6rO/XHrr5vuf9C8573CIChOp7UJhYiKEY1PN7V3R1kK5slp95/2V2tLJzZ/3jSKdf3b1fn1Bv9v8RzPV89b/d3/i8z8b7O/lHYyF7F9tfbvY/qdMB+n8Nx7Lf/KlqKv8xzL18vK/4+nt53+1pZd3kD0jlyKdf/NC3Nd6QLE5ANTz/2Z/fv47Mu3n5f/9qXOPntjE93/q48xwVO/rQGoEeDku3+ArTGSk828GkRo641/kRtf//zL5X5NpPy//Oyv/+N3ferj/bzT+j0/10uabRzr/ZhDF1BHr1/9IIf/6vzbTfl7+vz3152c/2dO9uj3/ev/H3f+7ks4/vhGnB8/Gb7Lb8X9npv28/HeN3ffQwib6/eHBuJ9DURhr+dbpufotbGh9vboxpanvXt7ESd4E0vk3f2upS2eo+dK4/ofzx/9dmfbz8n9oz9ffc7qn7/92Hv8njf9dSec/2Ci7lPxfyuS/O9N+Xv4/PP33v9x3mcf/+vZB+Xclnf/Wtv3rz38KXc3/rsvUz3v+s2/0qUf+2sP8P+lfct7k+U/yHGI8aj7/obN0/ldteFy39/89mXp51/+3/vP80/t7Gf+jAU8AepDOf1uzsMMEsNv8r8+0n5f/F+758sf/tIn5X+MT30CSf8v8f0uz/Kjxvyvp/Lc3C1P/GOrBxv8b9/+oPff/ZvK/IdN+Xv4XDk30f+Uy3//r/R/v8Cibdun8hzY8rp7/77u4/9+YqZeX/xf3/vTFm3v6/B/CpLn+pqXzv3rD4xrX/0B+/jdl6uXl/51v/PqJB3vo/9t7qEs2/+a9PnU5xZ/Nu53/FzPt5+X/o/HzZ/dfgfnfre7/XUnn31w1v5T8s/P/vZn28/L/3pEfrPRfgec/d8gfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgU0bj1+EQFSZS24XCxEQIY/H2rrA1mimdnJ4pV2Y/sxrCjri8GEaj+XJlplSeXliqnJybLpXLldkQron37wgD0Wq5Up1eLC1fe7GtwejUXGmlOjNXqoYQdsbl14ftSVszC9XF0nLj2KTOVVHps7VKtTRRW51bCbsvlm9LyudXKrXl6y62dXWhsrJ8qrQ0fXJh5d2Tk5OTYc/FPo9Ecw9U55aqzd4299brJHWHo5Y309h9Q8v5Pl2prSyVyo3yG1vqlCuzpXJLnZtazlddqS3Nlqpz0+XKfHK+YkvdlvfW2L033jceRlLvL6mbdTB+vf3Q8Y8eP3ygbX8xSue9VFucm9ze+W8CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDeuJ29717dDCH3NrUII4WDyQxT/l3L23heeO3bm8L4zU48/9syF+aOdjgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg/+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVh535equjiOACfGd/7WiCltBFyGRgiojsJC/pFJJXXyJZtWge1SsigKDCMaFkQBEHtooKgVVD5F0QtXLaqNrVoYRBCxehMXu4o96bQ6J3ngeHMMOOZLwzO3Dmf4QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGwc53fNdyTtlT1bF5fO3hDa033/hxCGo6X1r/vbQlcI4fu3qbNhhTbTVdf/u/GZ0fxZoz9rB0cf3xyO1l5/9rfZeTtDFA/UbO+O4nhgYO39t6p7/S8m+6MQ4qILoRBzI8/OVUIIbUUXQiF+fZ69nNzf/yu6EArR++l+R3L9K00cu47HMxvU9r1feirpbzzK52L1Un/ts7/R/7h7QGt5f/rah9hFLb3X6ft/lC7eB8th+tSxjy+LLoLCTM9MHC+6BgAA4N+60CD/D9uW1h9ejUJXZz73/1GX/3fX9b9y/r/swc5bI1PNhBCr2pEbm0y2Bw+sp8/NrLlBvTN91+++rRjvKSv5f7nJ/8vtb/J/Wo/8v9zk/yWwsPou+T+JN/L/Unp6e9/8q6KLoDDyfwAAKJ8jJ8cmqoNDycv/lp/t+by+J22raZ7+6M5k35OacSP54eZ29MTYocODQ+l1zw8ILs//EC/uXUi/96hvM+N13100mv+h+/nc7I32/BHVJr/fyOrLzmv+BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjN7tzTMAhGYRj9biuiNloVTVj4SfCBBkYEIIUZDehgwgAMhIACBnLOcm/yLC8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwPP9q7wuvr80RnqtEWkqu+zaP8fT7Gfu22F5nz1u3AoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMYOHMgAAAAACPO3zqP9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBUAAAA//8psMw3")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000480)={0x2020, 0x0, 0x0, <r2=>0x0, <r3=>0x0}, 0x2020)
fchown(r0, r2, r3)

4.112732164s ago: executing program 1 (id=371):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000002c0)={0x44, 0x0, &(0x7f0000000440)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x54, 0x0, &(0x7f0000000500)="7f67fecead9f9aff5bf25263f7859733998fc0f8a2c6dd3047f022fcfd3877c4b5bef1c362ac5c9c18443dee16f743b586e8cdd175b866a22ec0ed322f48266e38da6728c9b0a8eac1be2992f34310016a566d21"})

4.109251126s ago: executing program 4 (id=372):
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./bus\x00', 0x1000004, &(0x7f0000000040)=ANY=[@ANYBLOB='utf8=1,iocharset=1,uni_xlate=0,rodir,utf8=1,utf8=0,flush,uni_xlate=0,nonumtail=0,tz=UTC,codepage=1251,utf8=0,shortname=lower,iocharset=cp852,iocharset=koi8-ru,nonumtail=0,\x00'/188], 0x1, 0x380, &(0x7f0000000940)="$eJzs3U+IG1UYAPAvO9lNVtDdmygI0ZugS9ubXmyRLRT3ohL8g4jBblWSVdjgYnvodj0oHgWPevKmoAcP4lEERbx58GoFqYoH7a3Q0ifJZGbSJLvdIltZ/P2g5PG99733ZuaRTMPk7UvHo3t6Ps5cvnwpms1a1I8/fjyu1GI5sihciGkLM2IAwOFwJaX4O+Um65qzU2q3YVoAwAEafv6/EhGtWM4jb3+7V/vk0x8ADr3R//8X92pTfQ/QuLHijQObFgBwgKa+/3+gPl69MPxXhupjTwUAAIfV0889/8SJtYinWq1mxMa7W+2tdjxa1Z84E69FL9bjSCzFtYj8RqG4W0jp5Km11SOtVms7fluOdkTMjRLb+Z3CiWyY34ijsRTLo/zR3UZKKTv5xdrq0dZQRFzYHo4fG7Wtq/Pl+D/fEevVjUfRyfAl4tTa6rHWqIP2RpG/HbFTPagwmP9KLMWPL5fdpFQ8wbi2ev5oMekqf6vdiNPlWZh6EmKXRyMAAAAAAAAAAAAAAAAAAAAAAGB/Vlql5XL/nDR4zXfKWVmZUT/cHyfPH+0PtJPvD5QaKVL6662H2+9l+TY9xf5AE/vzZFs2EgQAAAAAAAAAAAAAAAAAAIBS/+xCdHq99c3+2XPd8cL2Zv/sXEQMIq9//9k3izHd5iaFej5EI6IcojUa9ly3k7KiccoiptOzweBF5JMvyxmPt2mURzFzGo3dq3q9O+//9cMqcl9W9Hy9apPF7APMxqbx2ETPG3flU7qVE1UWjo1HGtOjX0wpjUXeGU8//+JE42b0oxZRv/ULd647F2VkcXSOyzZpUPju0qv3FGe/83XKPfjQ0jMXP/j4j26nNxg5z1rY7F9L3U6taLyP0UfdpeElqNZGLfJCbXwl1Hfvp9nZuTHSyX7689l73/9hfychjUfeHKzniTZZfjifT6S/MFrYg2lOVC1W6fPFaV2fn7H4b1aYuKbXU0r1uGFtTBXu/uirT1P65fd9D1GZm3rbqP37dx4AAAAAAAAAAAAAAAAAAGBS9aPfIjL6se/8XlmPPHnwMwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA26f6+/9jhZ0LMRHZT+Hq9oysxvpmP2Lhvz5MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+5/4JAAD//0slWyw=")
creat(&(0x7f0000000440)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
unlink(&(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

3.885650276s ago: executing program 2 (id=373):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth1_virt_wifi\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0xfffffffffffffe1e, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r1}}, 0x24}}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket(0x1a, 0x3, 0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
add_key(&(0x7f0000000280)='rxrpc\x00', 0x0, &(0x7f0000000240)="dfd9", 0x2, 0xfffffffffffffffe)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x8)
r2 = socket(0x2, 0x80805, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="020d00091500000000000000000000002800120000000200000000000000fd0006000000000000000000000000000000ac1e0001000000000000000000000000ffffffff00000000000000000000000005000500000000000e81b82bd8ecf6e7893ff471aa3ede0a00000000000000fe8000000000000000000000000000aa000000000000000005000600000000000a00000000000000fc02000000000000000000000000000000000000000000000100180000000000"], 0xa8}}, 0x0)
open(&(0x7f0000000780)='./bus\x00', 0x14507e, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$evdev(0x0, 0x40800400, 0x2b6a41)
bpf$PROG_LOAD(0x5, 0x0, 0xffffffffffffff55)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$TIOCL_SETSEL(r5, 0x541c, &(0x7f00000000c0)={0x2, {0x2, 0x3bf, 0x3, 0x14a}})
ioctl$TCSETS2(r5, 0x402c542b, &(0x7f0000000080)={0xfffe7527, 0x10000, 0xefc9, 0x7f9, 0xb2, "20ab9809006ea4a7446c180000cd681ec267a0", 0x7, 0x200008})
ioctl$TIOCL_PASTESEL(r5, 0x541c, &(0x7f0000000000))
syz_io_uring_setup(0x6ead, &(0x7f0000000100)={0x0, 0x2ea8, 0x400, 0x2, 0x1a2}, &(0x7f0000000400), &(0x7f00000003c0))

3.869984061s ago: executing program 1 (id=374):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = accept$unix(0xffffffffffffffff, &(0x7f0000000240), &(0x7f00000001c0)=0x6e)
mmap(&(0x7f00004f4000/0x4000)=nil, 0x4000, 0xc, 0x8031, r1, 0x75b08000)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'bond0\x00'})
r2 = eventfd(0x401)
write$eventfd(r2, &(0x7f00000000c0)=0xfffffffffffffffe, 0x8)
read$eventfd(r2, &(0x7f00000012c0), 0x8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x44400, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3d, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x2, 0x0, 0x7ffffdbd}]})
mlockall(0x4)
rmdir(&(0x7f0000000100)='./file0\x00')
bind$netlink(r4, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r5 = socket$inet6(0xa, 0x80003, 0x6)
connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000000340)={{{@in=@broadcast, @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0xfffc, 0x0, 0xa}, {0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, {0x0, 0x4, 0x0, 0xa78a}, 0xfffffffe, 0x0, 0x1}, {{@in=@private, 0x0, 0x33}, 0x0, @in=@rand_addr=0x64010101, 0x0, 0x3, 0x1, 0x7}}, 0xe8)
sendmmsg(r5, &(0x7f0000000480), 0x2e9, 0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[@ANYBLOB="020602000200000002000000000000001b6382586b0f5155c5189c5e9c87b6ab492f69610957963d00de9e"], 0x10}}, 0x0)
connect$inet6(r5, &(0x7f0000000180)={0xa, 0x4e20, 0xffffffff, @empty, 0x5}, 0x1c)

3.646077625s ago: executing program 3 (id=375):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, 0x0}], 0x1, 0x1c, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

3.575748236s ago: executing program 0 (id=376):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="180800000000000000000000000000008510", @ANYRES32], &(0x7f0000000000)='GPL\x00', 0x2, 0xee, &(0x7f0000000340)=""/238}, 0x94)

2.092254369s ago: executing program 0 (id=377):
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000000180)='./bus\x00', 0x0, &(0x7f0000000440), 0x1, 0x559d, &(0x7f0000005680)="$eJzs3X1sVWcdB/BzeynlJaFlyjLUhfkPThCpmFiEoEVgAoPRgSbDwCgO2BAGhQRhY9OOOZ0jk4Y5xoovDKQCxq6+rJiYIbqIcU4mi8OGEXnJIuICK4yoJNOZ3nufy73n0vYO5zq3z4e05z73d57nPPfk/HG/lz7nRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBF0cHlC/627gfLv/nQdSenbLz/zAMnap57fNP4u+fsHnX4gVVXtp1uaip99fmzNyy67+GqoSf2zD8URYlUv0Sm/7xPTZ65aNa86X3CgLU3prcVFZ0dMt31WLrRO+/Jjn75P/OjKCqNDZDMbCf1z2kn4geIVhYO2KXtVWNWDdw4cdrmssmDFibrGgtfOh369PQEekrmunrx4rVUnfpdEtsj28659BJ5l2i6f/yCe1NeBADwulTWpDbZt6OZt7jZdn28HmtXx9oNsXZ4h9CQ27gc6XF7dzbPa+L1HppndToqlHU6z1g9c/6z7Zp4/1g7FjVexzzzd81Emj6dzbMuVu+peQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8ldx9/JanSzb96H1L149MHh887BdfbdryvUnt5VO+tm9D2+9bn3tPU1Ppq8+fvWHRfQ9XDT2xZ/6hKKpI9Uukuyfm7mjd8LMVU1b/fM6jzefee8euZGbcsO2Vs3PUFh58vDyKPp9TeTEMe2pAFNXkF1LN6NHCwuLUgymhAAAAwNvJ4NTvkmw7HQdL89qJVJpMpP4F6bC4vWrMqoEbJ07bXDZ50MJkXePlj1fTyXjVlxwv2664+JPICcYh/sbHu1gPu64sGKdr8RHjeX7U0AuHj3x9+Ya1jf1P7u87MDnpV1+uHXzFnNGvXDt2zG1/fWRHQf6v6Dr/hzMn/wMAAPDfkP/j43Stu/w/7Mj9Z+469dN1tZ/ZNvf4+G/UDnhX5Zo/NX/4c+uHTZ3Y69iVWwry/zV5hyzI/2HGIf+XRJeX/wEAAOCt7H+d/6sLxulad/l/2ZoRf592YdbEJ8Zd+OGZO4f88uCRaG/9iC+03P6B/bP7DWj4SUH+rywu//fKnXZ48pkw4SXlUVRZ/EkFAAAA8oT/d7/40ULI6+lPDuJ5fc75g5NuLn3w7EdmXzt029Ehu9rP/2PJ8k0XRjfPGF716acrNhTk/+ri8n/pm/NyAQAAgCI8tfgTN+2Mpk/6UPU9h/cv2P5I/bK1K5c2liWm/ntl2/X/au5dkP9risv/ZT3zcgAAAIBLOPSlbbtfm7msdXhz2fmtf3jtz49fPXz1gabKoyt/O7B0RWvt4oL8X1tc/u+X2WZWPqQ77Q9/hfBQeRT16XhQly78Jmr4ZLYAAAAAvEFCTv/nsbaRO68r+/VT339586zvfHvQ3m/NONj43Qn9b5n44IEZB56sLcj/dV3f/z/c6SCs/8+7/1/B+v+cQvquf2PdGAAAAIB3osL1/OH2+OlvLujs+/eLXf9/4xdbXzp++/yvtL97yE3LXr7tils/Nv7UH6ffmdw57q6SqVNfOl2Q/+uLy//J3O0b+f1/AAAAcBn+377/b3bBOF3r7v7/Mx+752j7X14YN2Jm49pFJ8dv/PG8Lc88trvq6nMLbu77wWeX7i3I/w3F5f+w7Z/78vaF83NveRRd1fEgczfBXWG6S2KFltKcQvrEx3rMCj0yhZaynEJKXazHqPIoen/Hg/pYYWAoNMQK7QMyha2xwrOhkLkesoXmWGFfuNI2DchMN17YEwqZBRYtYQVF/+ySiFiPVzrr0VG4ZI8XsgcHAAB4RwnhOZNlS/ObUTzKtiS626FfdzuUdLdDsrsdesV2iO/Y2fNRbX4hPH9+zRO/q/xoyWcP3XrHhOEjF667t2HsgeTcCdc/uaPvuRWnR68uyP9bi8v/4VT0Tm86W/8fhfX/me81zK7/rw2FilihJRRq4ncMqAnHSIfd9eEYFTWZHu1XZQsAAADwthY+F0j28DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgP+zde5xU1Z0g8NNNP2homhbjK2JsdW1Fh6ZBUT/BB2omGmBNo+zMuPhohEaRVhBhIq5RULObxMEoKlFnRmEVRlZx8AVkNQE1ooloNI5mRh1DMGrcjR/FiH6yxrif7lunqLrVZRcCSjvf7x9dp+p3nrceXefeW+cCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/Max/9MYj/umiJ0eP2jBvwPJXDv/vH9YfumzRO//rT89ed9ve8763ftWSJZV/en7jSZO/c8PhjRtWTnghhJbOcmVJ8bLTF6/4waoLvvGtB0+76e5395y9tCpTbyYe+nb8Kc/cuTK2+tt+IawsC6EiHRhcmwQqM/drY30Da0PYKWwOZEu09UlKpBsOj9WEsDBsDmSr+lFNCLU5gXG/fGT1vI7E9TUh7B9CqE638e/VSRs16UBjVRLokw5Mq0gCH3ycyAZWlScB2GrxzZB90S9vyc9Q33W5Iq+/ym3Wsc9Xeni9YqK+eL63jt3OncpRlX6gZauetoLq2C4K3h5rvNt6wLutYDtf42nL/SKV+Yby8eZQdSif1DZ5wqz2mfGR8tDU1KtYTdvpeX5x4yUTtyTdY16HsQP12+R1+Pj5A+9c0Dhm15sf3jD59apnF2xtN4tt3u2tOmRecz3meYxG+jzpAW+/gm9JDb50hRBuP37T2799aez//dWDTw9+75tDzxrywitD627+7rR+f332/6m8ZerGgvl//SfP/+PLOd6W5+WOrX5Yl8zN4yO1MfF2XTI3BwAAgB6jJ+w1fWPEQW/Xrmt4eN+vr5h83qJ5r51+7p+rftp3wkEnnjL0+3fcOPW0gvl/Q2nH/+Mh/9rc0a4JYWRn4or+Ieze+XgSWBq7c1b/EPbpTLXkB45NBdaEsEdnYlC2qlSJ3rFEQyrwRl0mMDIVWBsDLanA4hi4JhW4MgaWpwITY2BNKnBcDIQp+eM4qC4zjpIDNTHQmmzE5fEshD/UxdZS2+qlbFUAAADbSGZ2WJl/N+dch63NEKeXy2u6yxDPwC6aoTpVQ3oGm51WFa2horsayrurITvuOZ88/IKay7qrueA0jLL8DO8deN/c1Q/8249vnHDYUwd92HrGy+tXPTp6U6+/e2fMjy8dN3/Y+IL5f/Mnz/+ru+hIWcHx/xDGdv6NucszkfZsvLUlLwMAAACwFSpeW3ryL+Z+VLbkZ+ds3P8vTxt3de8V++47YO3B9/2/hjcHHL9q/4L5/8jSzv+P+0R65WQO6+JuiKn9Q2jODyTVjigMJEe9+2YCAAAA0BNkj8dnj4VPydwmp2in59OF+Vu2MH888D+yy/yDx129rnn17adMGXHomjWbztj15WUbntpl/3deOPDk00+4f2rDPQXz/5bSzv/vk3+bdGJt7MV1/UPonRN4PPayI9CpIQbWH5MfyIx/bdwAV8WqMicmZKu6KpZojYHmVGBhsRLPZEvsnh/IPFnZxq/IjmNKpkROAAAAAD5zcXdAPC4fz/9/+tx+j/7jslsueXDJutD37OW/uOzo4QPnD+791rRnDnnkb989eWrB/L91y87/75wHF5ze3943hCEVIfRK/zBgXZ9kYcAYqC3LJH7cJ6mrV7qqy/uEMKJjYOmqNmTW/69IrzH4XE1SVQzsvu8dGxs7ErfXhDAkN/DC+EXDOxKzUoFs439VE8LeHaNNN76id9J4ZbrxG3uH8JWcQLaqib1D6GisKl3Vo9WZ6xikq1peHcLOOYFsVYdXhzA7ANBTxf+lk3IfvHD2xVMntLe3zdiOibgTvyZMntLe1jRxWvuk6iJ9mpTqc946RnMLx1TqpW9ezqxRdNeopv6lpLM/FGzObSuzI7/gzMHM/fhlqLJznMMq8+4ekh7ygfsVNhFyvkoVG3L5dh5yn9xKNj+JBfXH/FWhb+g968K2GU0XTZg5c8bQ5G+p2Yclf+NxpmRbDU1vqz5d9a2El0fR5bJSPu22asytZMjM86YPuXD2xYOnnDfh7Laz284/bPhhRxwx7NBDhw/pGFRz8rebkTZ2VXNqpB8vKnFY23CkX67IqeSz+NCQkJDoaYlVv9vj5aN3Wfq9FbcsnvHz9qPafv71nXces6Tqmy9suvSy/Z/+Hx8UzP+nf/L8P37qxA/+zPoMxY7/18fD/Mnjmw/zt8bAwlKP/9cXO5qfPTGgIRWYEwNzHOYHAADgiyHujox7M+NO6Ufm7/Yvd467b8z89Qc/ue65svV9Dv77D39fXnnZuP9yzAMNt333bwrm/3NK+/3/Nlr/P7t0/ahiy/wPiiWai63/n17mP7v+/5xi6/+nl/nPrv+/8HNY/39WNpDaJH+w/j8AAPBF8Nmt/9/t8v7pCwQUZOh2ef/0BQIKMnS7jH+pFwjY4vX/H2k4aORPVn/nN43LLpj2zn8bct/oAXs2/O6Rva6cNHXk6NEjBv9Lwfz/mtLm/xbuBwAAgB3HAROPfWrjpL2Pvfp/3rbTHj9p/fauh+3y/WVHts3ftH7i39z27jl/XTD/X1ja/P+zX/8vFDv/v6FYoKXYwoDW/wMAAKCHKrb+39Abv3X5q4uPu/+ey6eNam0dP/uKq/dbfUD1qeGl0fMb/mLGvR8VzP+Xlzb/j6ddlOfljr35sC5Z0y6k17R7uy77kwEAAADoGcpDU1NliXnzFkY99tO3+WJmKdBPSud68sH9nn/gqyNOnL+46urXynYb9vFT1888+Piv/fDVjXtdcse55+1XMP9fU9r8P+93GY+fP/DOBY1jdv3w5oc3TH696tkFm4//AwAAANtPqfslAAAAAAAAAAAAAACAz98JD//k6rcnLvnanIW/3PWnvcY+u3zDrDlNs2uvf/WH1/7qiDsfHlfw+/8wtrNcsd//x+v+xd8XfCkvd2y1+/X/MvfHjb57dueShevqQtgvNzD18qk7hcy1+Q/IDaw+fdBuHYnL0yUeeuW41zoSZ6YDJw4e8H5H4shUoDUukrhHOhCvqvh+v1QgLq/4XDoQt8fydKAqE/hev2QcZelt9WZtsq3K0tvqxdoQ+ucEsttqZW3SRll6gNenAtkBXpAOxAGelAmUp3t1d9+kVzFQG4ve2jfpFQAAO6z4LbAyTJ7S3tYcv8LH2y9X5N9GeUuWzS2stqzE5l/OLE1216im/qWke6W/i26+1nhlqO4YwtCCr6u5Wco6R7ltaulm032pyJC7W+2tvEi5tC3ddFXFR1STjKhp4rT2SZXdDvyQ7rMMq+g2y9CCyU5ulvLOTVpCLSX0pYQRlbhtSuhyvF8empp6pXJ9NQbrQ57uXhGl/l4/d52/Yq+C3DxPvtn+1BP//PzKfR7/89Nnf/BXk7596byzznj3yHOq/+E/lz39XwfuXDD/ry9t/l+dO673MxcDmBOvrDeifwitJY4IAAAAvvjOOf+V+d999No31rc0vjZtyLWr/3X2jRdX1C298i9ffOhvN42/+sytjb/58zv2eXjyhGe+dO4hy054fZ+DL2s88637/mLeuAev6nvLD+ff8YOC+X9DafP/uAcrcyg42duxJl7//4r+IXReWr8+CSyNwz2rfwj7dKZaYonkgvqjYonmJLA07jAZFEu0tuRX1TsGlqcCb9RlAmtSgbUxkNlLcUfI7Mq5ti6E4Z2psfklpscS9anAN2OgIRVoioHmVKBfDIxMBX7fLxNoSQWejIEwJX9b3dcvs60AAAC2RGaeVZl/N6TnecsrustQ1l2GPt1lKO8uQ3V3GYqNIt6/N2aoTJ28UpaTqTJda02qloIM8WL4W9yvggzhmfyc6YIFTcfzD7LnG5TlZ3jg5K/ec9WCyYPKf/XR2qWt790/ccWts49eec5Df/fEpH0X3XX93gXz/+bS5v998m+T1tfG+f/m6/8lgcdj966Lp443xMD6Y/IDmR0Da+Nk96psVS2ZEplJ+1WxxMgYaEgFpsfAyFSgdWwmsHC3/EBmpp1t/Ips41MyJXICAAAA8JmLOwjibpo4///jsmePeqxi0V3/+ur4u+6d89Y99/70nntuvXf07Zu+/twVF7970UcF8/+Rpc3/Y3t9cxu7Mvbmt/1CWFm2uTfZwODaJBD3Y9TGn8cPrA1hp5wdHNkSbX2SElWphsNjNckv1KvSVf2oJlljIN4f98tHVs/rSFxfE8L+OXtfsm38e3XSRk060FiVBPqkA9MqkkDc85MNrCpPArDVsnsF4wsqc6pLVn3X5Yq8/r4o1wRND69gH2gX+br6zdX2Up1+ILNPNWvLnraC6tguCt4ea7zbeuK7rd67LfeLVOYbysebQ9WhfFLb5Amz2mfGR3J/yVpgOz3Pub9SLSW9DV6Hcz59b7tXne5Ac+rjo7nrcl2/DstidY+fP/DOBY1jdr354Q2TX696dkHJ3Sgi/lD4maoB9bmbd3urDpnXXI/7PGnxedIT/w00eNpCCBsuPeG6kVXTr1g5+pAj93rttFOqZ7437+/vf+mBd/f9xxUTh31tQMH8v6W0+X9F6rbTH+PGvLB/CAfmbNx1cfMf3z/5HMwJJJ+SOxcGkkPur9YV/eQEAACAbS27uyO7v2BK5jY5ITw9Ty7M37KF+eP+ipFd5i+13z8adMpe9+9297hrTz3qpn/+zdh+G8e/uOSYFa1HNS49+mf/6cyaeQXz/9ZPnv/3TnXT8X/H/9lOHP/v0o6+K7p3+oE5W7UruqA6tgvH/7u0o7/bHP/vkuP/jv93xfH/bjj+36Ud/Wkr+JY03ZeuEMKwMWcMrr1r8BPvD1z96yeemvJvc1sn3PONq27Z8+Nv1y9eUL9r34L5//TS5v/W/+t60b7s+n+txdb/m15s/b851v8DAAC2qyILzaXneQWr9xVkSK/eV5Ch2wUCu11i0Pp/W7z+32NHHTl++ejFv16z95gDLus7d+6puzx504stM9+vue2D93f7xYGjCub/c0qb/8eXQ9/c1nvK+n8NY4tUdU0MTLcwIAAAADuiYjsIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HztfsN1449prj7pN8dfWjP6+w+tO6D6mldOvXTZhFsnfeX28wfNWrFkSeWfnt940uTv3HB444aVE14IYUpnubKkeNnpi1f8YNUF3/jWg6fddPe7e85eWp2ptzJzu2de7tjqh3UhLMx5pDYm3q7ruLM5MG703bMrOhLr6kLYLzcw9fKpO3UkFteFcEBuYPXpg3brSFyeLvHQK8e91pE4Mx04cfCA9zsSR2YCZenu/kO/pLtl6e7O6xdC/5xAtrvn9suvKtvGCZlAebqNf6pN2oiB2lj0xtqkjRhojyWm9A5hSEUIvdJV/aw6qapXuqr/XZ1U1Std1WXVIYwIIVSkq/p1VVJVRXrkz1QlVcXA7vvesbGxI7GoKoQhuYEXxi8a3pGYkQpkGz+lKoS9O14y6cbvq0war0w3fkNlCF8JIVSlS2yqSEpUpUtsqAhh55zA5o1YEcLswBdD/PSZlPvghbMvnjqhvb1txnZMVGXaqgmTp7S3NU2c1j6pOtWnYspy0h/P/fRjf3njJRM7bu8a1dS/lHRFplxlZ5eHVebdPWRH733sV5/cSjY/HwX1x/xVoW/oPevCthlNF02YOXPG0ORvqdmHJX97ZaLJthraU7ZVY24lQ2aeN33IhbMvHjzlvAlnt53ddv5hww874ohhhx46fEjHoJqTv9tipIs++5F+uSKnks/i/S8hIdHTEuV5n27NO/rneMEX/c0drQzVnR/QBdOK3CxlnaPcFoM+9lOO+NN8Tel2REMLJg4FWYZ1n+WQgsnE5iw1SZbOr3UFk8Pcmso7N2m8Xx6amnoV2w71+XdzN+9bW7F5X8xsulLTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD/ZwcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IFjAQAAAABh/tZh9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwKAAD//y85Ijg=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.kill\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
ftruncate(r0, 0xc17a)
syz_mount_image$msdos(&(0x7f00000000c0), &(0x7f0000000f00)='.\x00', 0x1a4a438, &(0x7f0000000000)=ANY=[], 0xb, 0x0, &(0x7f00000000c0))
syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000000240)='./file1\x00', 0x80, &(0x7f000009df00)=ANY=[@ANYBLOB="6465636fae706f736f2c6769643d", @ANYRESHEX=0x0, @ANYBLOB=',barrier,nodecompose,barrier,nls=cp1250,context=sysadm_u,\x00'], 0x1, 0x712, &(0x7f0000002100)="$eJzs3U9sW3cdAPDvc2wnTqXM29qtIKRGq6hgZW0SM1okBAEhlMOEKnHZNbTJGtXJqiRDaYVoBgyOcECohx2GUDjshHZAGuKAgDMIiSsq50rcKyQwes/Pju3EjtPmT9N9PtLz+733fn++77uff/GfVQ7gE2vuzShtRhJzF9/YSI8fbNXqD7Zqy63yaLNaIaLY3EWyEpH8OWI2mlt8Kj2Zd5f0G+f1hx+/f+H+h7XmUTHfsvqF3nblXXtoDBhhM99iMiJG8v0+Ffv1d32X/u7tq+ukHXeasPOtxMFxa+ywuZ/mfZ/vwMlxL2KktMv5asR4RIxFRPZSIF8dCkcc3oHb1yoHAAAAT6eRvSo89ygexUZMHE04AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8GxImr8ZmORboVWejKT1+//l/FyqXD7meAf7wh7X31u89NUjCgUAAAAAAAAADsFH+Rf35x7Fo9iIidb5RpJ95/9KdnA6ezwV78RaLMRqXIqNmI/1WI/VmI4oTXR0WN6YX19fnd7Z8peRtmw0GvfyljMRUd3RcuYIbhoAAAAAAAAAnl0/jLmYOO4gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgUxJRau6y7XSrXI1CMSLGIqKc1tuM+EOrfKKMdh/+8bjiAAAAgKNTyfcTyf+ahUaSved/KXvfPxbvxEqsx1KsRz0W4kb2WUDzXX/h75u1+oOt2nK67ez46//eVxxZjxExEu/2GXkqq3Gm3WIuvhXfiYsxGddiNZbiezEf67EQk1FJbyLmI4lqpfnpRbUV5+7xznYdXeuN7VzP8dkskkosxlIW26W4Xs5Cz+8hHfNsx2i/K0f0jPhump3ka7khc3Sj47/Xz/PPZXKN54bs43BUszsvtTMyleY+z8bzg3O/z3nSO9J0FNqfQZ3eHiU97B2plfPv7ifn4/k+zfVPunN+0Hb9KO1f4/2q92ZiJgr57It4qTvntz97/4Xuxp//x5+u3Sys3Lq5uHbxEG/pUJVahd5M1Doy8fLg2Zdnop5mYnP4TJR6T4w9wX0coHQKpWtethQNuVp+MyvNxysdU/DtuBELcSWmYjquxlR8OWai1jXDznTltVhb7s5J9lwr7Fzf8uXrF4Vdgj//uY5KP+1Y645fmpfnYzuvnStdNbuWn5n9WUx1ZOmFwbNv338F0vE/nZfTMX7U/ovzNOjKRL42t6J7cXAmftVIH9fqK7dWb87fHnK8C/k+fdq+1702//og7ufxpfMlXXGL2VGWk0prvqTXXmxH252vcv6NS7NdYce1M+1r1ZiIpfh232dqOX8Nt7On5rWXO6/9c3vlLOevb1rXKrGYROtVTrwd9exVSI/Jo8kqAEMbf3W8XHlY+Wvlg8qPKzcrb4x9Y/Tq6GfKUfpL8fcjvy38pvCV5NX4IH4QE8cdKQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAvW7ty9NV+vL6y2CzHWe+ZJC+W+Yw0uRGHPOlunhuswqhGDx0ryQvlg7/0kFirROvPfswfa80cRMaBO+YmHSPI59lr++1OHkJ+02wPpsPXDadmZxkjnpUbTvT7Ni61Wu/dcjLWx6DPoaPtZMPu36q35+n8aXXUqHRnrv2ac1F8OBLpdXl++fXntzt3Xlpbn31p4a2Fl5uqVq1dqX5r+4uXFpfrCVPPxuKMEDsPanbsjQ1U8deihAAAAAAAAAAAAAEPK/+//9cf+xwzFPeqUV9d2H/ncUd8qAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcELNvRmlzUhieurSVHr8YKtWT7dWebtmMSIKEZF8v7lPzaYP1Y7ukn7jvP7w4/cv3P+wtt1XsVW/MKjdcDbzLSYjYiTf7210l2529ne9o7/Nxwovad9hmrDzpcfqBA7e/wMAAP//rIH7fA==")
symlink(&(0x7f000000a900)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
lseek(r0, 0x8, 0x4)

1.946654184s ago: executing program 3 (id=378):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = openat$kvm(0xffffff9c, &(0x7f0000000000), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="0100000000000000150001c0"])

1.894212411s ago: executing program 4 (id=379):
syz_emit_ethernet(0xce, &(0x7f0000000b00)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "7428dd", 0x98, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x2, 0x0, 0xfffd, 0x20000, 0x1000000, [{0x1, 0xc, "23d13a9528da89ca8687857fa1c05623e430a7e05df65bb50a75504311ee5de0f521d4ef8bdff765650746569fc64eab97bd29f1573ea4d0bf29234512d00dd30ae604dd40e3c151fd4d595866b48657d2cb4ed8721f45e586a02af6449001"}, {0x5, 0x4, "ef1dc0373c7ae5822ff95684d179152a6da7097d9a664860876ec7127430d92386b1dae46b"}]}}}}}}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@ipv6_newroute={0x30, 0x18, 0x1ef, 0x0, 0x0, {}, [@RTA_GATEWAY={0x14, 0x5, @loopback={0x0, 0x2}}]}, 0x30}, 0x1, 0x11}, 0x0)

1.893875438s ago: executing program 1 (id=380):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000001000900030073797a320000000014000000"], 0x7c}}, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$ipvs(0xffffff9c, 0x0, 0x2, 0x0)
close(0x3)
r2 = epoll_create(0x10000e9)
r3 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0), 0x2)
r4 = memfd_create(&(0x7f0000000580)='y\x105\xfb\xf7\x88\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7`\x9b=\xec\x9f\x1d\x9b@$\x8c\bb\x1a\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\'\xffO,4\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2\x01G\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\rr\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\xc6\x8a=\x04\xa35\x9b\xf5\x80E\x8f\x1e\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x10\x00'/276, 0x2)
ftruncate(r4, 0xffff)
fcntl$addseals(r4, 0x409, 0x7)
r5 = ioctl$UDMABUF_CREATE(r3, 0x40187542, &(0x7f0000000100)={r4, 0x0, 0x0, 0x1000})
r6 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0)
ioctl$I2C_PEC(r6, 0x708, 0xffffffffffffffff)
ioctl$I2C_SMBUS(r6, 0x720, &(0x7f0000000900)={0x0, 0x0, 0x7, &(0x7f00000008c0)={0x0, "cc3df0b97c31c635d41f1db17008852daad3915d105cea6345c0bd492ca56f24ee"}})
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r5, &(0x7f0000000080)={0x30000009})
r7 = syz_io_uring_setup(0x112, &(0x7f00000003c0)={0x0, 0xfded}, &(0x7f0000000040)=<r8=>0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, 0x0, 0x0, 0x4)
io_uring_enter(r7, 0x1f85, 0x40110a, 0x4d, 0x0, 0x85)

1.778049015s ago: executing program 2 (id=381):
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', 0x0})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x3, 0x0)
getsockname$packet(r4, &(0x7f00000002c0)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x7)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r5, @ANYBLOB="0000000000000000280012000c000100766574"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0x8}, {0xfff1, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800)
sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=@delchain={0x24, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r5, {0x1, 0x9}, {0xfff3, 0xffff}, {0x0, 0x1b}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x20, &(0x7f00000001c0)={&(0x7f0000000000)=@delchain={0x24, 0x11, 0x1, 0x1f, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}, 0x1, 0x0, 0x0, 0x4008000}, 0x0)
r6 = openat$adsp1(0xffffff9c, &(0x7f00000000c0), 0x200, 0x0)
read$dsp(r6, &(0x7f0000000100)=""/118, 0x76)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x10012, 0xffffffffffffffff, 0x0)
r7 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180), 0x802, 0x0)
ioctl$UI_DEV_SETUP(r7, 0x405c5503, &(0x7f0000000940)={{0x0, 0x2000, 0x0, 0xffff}, 'syz0\x00'})
ioctl$UI_SET_EVBIT(r7, 0x40045564, 0x16)
ioctl$UI_DEV_CREATE(r7, 0x5501)
write$input_event(r7, &(0x7f0000000400)={{}, 0x16, 0x1, 0x5}, 0x18)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x7)
pipe2$9p(&(0x7f0000000240), 0x0)
r8 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r8, 0x2000)
r9 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r10 = dup(r9)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
write$binfmt_aout(r10, 0x0, 0xffffffdb)
getsockopt$netrom_NETROM_T1(r8, 0x103, 0x1, &(0x7f0000000000), &(0x7f0000000040)=0x4)

265.791002ms ago: executing program 4 (id=382):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ppoll(&(0x7f00000021c0)=[{r0, 0x4240}], 0x1, 0x0, 0x0, 0x0)

98.545449ms ago: executing program 1 (id=383):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x7, &(0x7f0000000440)=ANY=[@ANYBLOB="8510000004000000950000000000000018000000000000000000000000000000950000000000000085100000fcffffff9500"], &(0x7f00000000c0)='GPL\x00'}, 0x94)

41.370947ms ago: executing program 3 (id=384):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000002c0)={0x44, 0x0, &(0x7f0000000440)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x54, 0x0, &(0x7f0000000500)="7f67fecead9f9aff5bf25263f7859733998fc0f8a2c6dd3047f022fcfd3877c4b5bef1c362ac5c9c18443dee16f743b586e8cdd175b866a22ec0ed322f48266e38da6728c9b0a8eac1be2992f34310016a566d21"})

25.682112ms ago: executing program 4 (id=385):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, 0x0, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
setsockopt$inet6_MCAST_JOIN_GROUP(r5, 0x29, 0x2a, &(0x7f0000000540)={0x5, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
connect$inet6(r5, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TLS_TX(r5, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_256={{0x303}, "c8444943470da91b", "42f3ac0e0b8a32be8fe91c368e60693800", "e7198360", "f7a5c1777af05eaa"}, 0x38)
sendto$inet6(r5, 0x0, 0x0, 0x8040, 0x0, 0x0)
write$binfmt_elf64(r5, 0x0, 0x78)
close_range(r0, 0xffffffffffffffff, 0x0)

0s ago: executing program 3 (id=386):
socket$inet_tcp(0x2, 0x1, 0x0)
openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_dev$I2C(0x0, 0x10001, 0x240000)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, r3, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000340)={r4, 0x0, 0x0, 0x0, 0x1, [<r5=>0x0], [0x0, 0x7], [0x0, 0x80000002, 0x2], [0x0, 0x0, 0x1, 0x1]})
bind$inet6(0xffffffffffffffff, &(0x7f0000000240)={0xa, 0x4e23, 0x1, @empty, 0x3}, 0x1c)
socket$inet_icmp(0x2, 0x2, 0x1)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0x806})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000080)={r5, 0x0, <r6=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r6})
close_range(r0, 0xffffffffffffffff, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.215' (ED25519) to the list of known hosts.
[   96.051225][ T5847] cgroup: Unknown subsys name 'net'
[   96.164364][ T5847] cgroup: Unknown subsys name 'cpuset'
[   96.174277][ T5847] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   98.040702][ T5847] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  100.808303][ T5181] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  100.817930][ T5181] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  100.825901][ T5181] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  100.834502][ T5181] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  100.842829][ T5181] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  100.850732][ T5181] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  100.886515][ T5867] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  100.895974][ T5867] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  100.906447][ T5867] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  100.914654][ T5867] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  100.956948][ T5867] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  100.969895][ T5867] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  100.978110][ T5867] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  100.983589][   T52] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  100.993167][ T5867] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  100.994634][   T52] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  101.009080][ T5867] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  101.010473][   T52] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  101.024467][   T52] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  101.037566][ T5878] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  101.038238][   T52] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  101.064727][   T52] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  101.079547][   T52] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  101.091505][   T52] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  101.100371][   T52] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  101.672197][ T5860] chnl_net:caif_netlink_parms(): no params data found
[  101.718775][ T5864] chnl_net:caif_netlink_parms(): no params data found
[  101.828480][ T5871] chnl_net:caif_netlink_parms(): no params data found
[  102.011245][ T5877] chnl_net:caif_netlink_parms(): no params data found
[  102.049361][ T5870] chnl_net:caif_netlink_parms(): no params data found
[  102.132221][ T5860] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.139497][ T5860] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.147601][ T5860] bridge_slave_0: entered allmulticast mode
[  102.155435][ T5860] bridge_slave_0: entered promiscuous mode
[  102.164820][ T5860] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.172562][ T5860] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.179884][ T5860] bridge_slave_1: entered allmulticast mode
[  102.187484][ T5860] bridge_slave_1: entered promiscuous mode
[  102.287238][ T5864] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.294525][ T5864] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.302345][ T5864] bridge_slave_0: entered allmulticast mode
[  102.310558][ T5864] bridge_slave_0: entered promiscuous mode
[  102.336307][ T5871] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.343698][ T5871] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.351303][ T5871] bridge_slave_0: entered allmulticast mode
[  102.358569][ T5871] bridge_slave_0: entered promiscuous mode
[  102.369562][ T5860] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  102.384469][ T5860] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  102.394346][ T5864] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.401986][ T5864] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.409235][ T5864] bridge_slave_1: entered allmulticast mode
[  102.417429][ T5864] bridge_slave_1: entered promiscuous mode
[  102.444231][ T5871] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.452195][ T5871] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.459398][ T5871] bridge_slave_1: entered allmulticast mode
[  102.467991][ T5871] bridge_slave_1: entered promiscuous mode
[  102.549751][ T5860] team0: Port device team_slave_0 added
[  102.558891][ T5860] team0: Port device team_slave_1 added
[  102.655027][ T5871] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  102.694458][ T5864] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  102.706886][ T5864] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  102.716462][ T5870] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.724640][ T5870] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.732044][ T5870] bridge_slave_0: entered allmulticast mode
[  102.739469][ T5870] bridge_slave_0: entered promiscuous mode
[  102.747333][ T5877] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.754900][ T5877] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.762494][ T5877] bridge_slave_0: entered allmulticast mode
[  102.769795][ T5877] bridge_slave_0: entered promiscuous mode
[  102.779548][ T5871] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  102.806182][    T9] cfg80211: failed to load regulatory.db
[  102.814630][ T5860] batman_adv: batadv0: Adding interface: batadv_slave_0
[  102.821990][ T5860] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  102.848462][ T5860] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  102.862735][ T5860] batman_adv: batadv0: Adding interface: batadv_slave_1
[  102.869728][ T5860] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  102.896527][ T5867] Bluetooth: hci0: command tx timeout
[  102.897082][ T5860] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  102.943224][ T5870] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.950783][ T5870] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.958046][ T5870] bridge_slave_1: entered allmulticast mode
[  102.968184][ T5870] bridge_slave_1: entered promiscuous mode
[  102.970665][ T5867] Bluetooth: hci1: command tx timeout
[  102.993712][ T5877] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.001149][ T5877] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.008356][ T5877] bridge_slave_1: entered allmulticast mode
[  103.016604][ T5877] bridge_slave_1: entered promiscuous mode
[  103.048264][ T5864] team0: Port device team_slave_0 added
[  103.099693][ T5871] team0: Port device team_slave_0 added
[  103.108124][ T5871] team0: Port device team_slave_1 added
[  103.124290][ T5867] Bluetooth: hci3: command tx timeout
[  103.124297][   T52] Bluetooth: hci2: command tx timeout
[  103.124512][   T52] Bluetooth: hci4: command tx timeout
[  103.145562][ T5864] team0: Port device team_slave_1 added
[  103.154421][ T5870] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  103.166919][ T5877] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  103.218913][ T5870] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  103.244869][ T5877] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  103.289017][ T5860] hsr_slave_0: entered promiscuous mode
[  103.296294][ T5860] hsr_slave_1: entered promiscuous mode
[  103.335191][ T5870] team0: Port device team_slave_0 added
[  103.356789][ T5871] batman_adv: batadv0: Adding interface: batadv_slave_0
[  103.364356][ T5871] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  103.391610][ T5871] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  103.405423][ T5871] batman_adv: batadv0: Adding interface: batadv_slave_1
[  103.412551][ T5871] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  103.439081][ T5871] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  103.466826][ T5864] batman_adv: batadv0: Adding interface: batadv_slave_0
[  103.474164][ T5864] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  103.500242][ T5864] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  103.514275][ T5870] team0: Port device team_slave_1 added
[  103.536954][ T5877] team0: Port device team_slave_0 added
[  103.558245][ T5864] batman_adv: batadv0: Adding interface: batadv_slave_1
[  103.565363][ T5864] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  103.591774][ T5864] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  103.621628][ T5877] team0: Port device team_slave_1 added
[  103.689303][ T5870] batman_adv: batadv0: Adding interface: batadv_slave_0
[  103.696771][ T5870] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  103.722755][ T5870] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  103.773715][ T5870] batman_adv: batadv0: Adding interface: batadv_slave_1
[  103.782018][ T5870] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  103.809094][ T5870] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  103.830134][ T5877] batman_adv: batadv0: Adding interface: batadv_slave_0
[  103.837152][ T5877] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  103.864216][ T5877] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  103.877573][ T5877] batman_adv: batadv0: Adding interface: batadv_slave_1
[  103.884991][ T5877] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  103.912056][ T5877] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  103.929834][ T5871] hsr_slave_0: entered promiscuous mode
[  103.936704][ T5871] hsr_slave_1: entered promiscuous mode
[  103.943148][ T5871] debugfs: 'hsr0' already exists in 'hsr'
[  103.949053][ T5871] Cannot create hsr debugfs directory
[  104.118447][ T5864] hsr_slave_0: entered promiscuous mode
[  104.125638][ T5864] hsr_slave_1: entered promiscuous mode
[  104.132139][ T5864] debugfs: 'hsr0' already exists in 'hsr'
[  104.137964][ T5864] Cannot create hsr debugfs directory
[  104.171400][ T5870] hsr_slave_0: entered promiscuous mode
[  104.177885][ T5870] hsr_slave_1: entered promiscuous mode
[  104.184713][ T5870] debugfs: 'hsr0' already exists in 'hsr'
[  104.190558][ T5870] Cannot create hsr debugfs directory
[  104.252291][ T5877] hsr_slave_0: entered promiscuous mode
[  104.259259][ T5877] hsr_slave_1: entered promiscuous mode
[  104.266001][ T5877] debugfs: 'hsr0' already exists in 'hsr'
[  104.272197][ T5877] Cannot create hsr debugfs directory
[  104.630348][ T5860] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  104.706371][ T5860] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  104.744954][ T5860] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  104.762707][ T5860] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  104.888272][ T5871] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  104.904728][ T5871] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  104.916627][ T5871] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  104.952254][ T5871] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  104.970519][   T52] Bluetooth: hci0: command tx timeout
[  105.028245][ T5870] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  105.040921][ T5870] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  105.051613][   T52] Bluetooth: hci1: command tx timeout
[  105.074521][ T5870] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  105.085394][ T5870] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  105.200918][   T52] Bluetooth: hci3: command tx timeout
[  105.201395][ T5181] Bluetooth: hci4: command tx timeout
[  105.210563][ T5867] Bluetooth: hci2: command tx timeout
[  105.218062][ T5877] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  105.246242][ T5877] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  105.258124][ T5877] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  105.269453][ T5877] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  105.333852][ T5860] 8021q: adding VLAN 0 to HW filter on device bond0
[  105.389748][ T5864] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  105.402875][ T5864] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  105.415151][ T5864] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  105.428280][ T5864] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  105.481017][ T5860] 8021q: adding VLAN 0 to HW filter on device team0
[  105.549761][ T5871] 8021q: adding VLAN 0 to HW filter on device bond0
[  105.569094][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.576500][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.588810][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.596016][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.686053][ T5870] 8021q: adding VLAN 0 to HW filter on device bond0
[  105.698018][ T5871] 8021q: adding VLAN 0 to HW filter on device team0
[  105.713520][   T61] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.720936][   T61] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.754592][   T61] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.761906][   T61] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.806287][ T5870] 8021q: adding VLAN 0 to HW filter on device team0
[  105.896665][   T50] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.904048][   T50] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.945216][   T50] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.952535][   T50] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.979293][ T5877] 8021q: adding VLAN 0 to HW filter on device bond0
[  106.044713][ T5864] 8021q: adding VLAN 0 to HW filter on device bond0
[  106.108853][ T5864] 8021q: adding VLAN 0 to HW filter on device team0
[  106.139169][ T5877] 8021q: adding VLAN 0 to HW filter on device team0
[  106.177350][ T5870] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  106.232600][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.240005][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.270009][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.277294][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.305982][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.313315][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.335122][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.342486][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.458777][ T5860] 8021q: adding VLAN 0 to HW filter on device batadv0
[  106.604542][ T5871] 8021q: adding VLAN 0 to HW filter on device batadv0
[  106.817424][ T5860] veth0_vlan: entered promiscuous mode
[  106.874063][ T5860] veth1_vlan: entered promiscuous mode
[  106.888677][ T5871] veth0_vlan: entered promiscuous mode
[  106.903944][ T5870] 8021q: adding VLAN 0 to HW filter on device batadv0
[  106.938067][ T5871] veth1_vlan: entered promiscuous mode
[  107.042540][ T5867] Bluetooth: hci0: command tx timeout
[  107.059510][ T5860] veth0_macvtap: entered promiscuous mode
[  107.097735][ T5871] veth0_macvtap: entered promiscuous mode
[  107.120636][ T5867] Bluetooth: hci1: command tx timeout
[  107.129480][ T5871] veth1_macvtap: entered promiscuous mode
[  107.144232][ T5860] veth1_macvtap: entered promiscuous mode
[  107.163190][ T5870] veth0_vlan: entered promiscuous mode
[  107.176406][ T5870] veth1_vlan: entered promiscuous mode
[  107.192117][ T5864] 8021q: adding VLAN 0 to HW filter on device batadv0
[  107.217155][ T5877] 8021q: adding VLAN 0 to HW filter on device batadv0
[  107.271166][ T5871] batman_adv: batadv0: Interface activated: batadv_slave_0
[  107.281300][ T5867] Bluetooth: hci2: command tx timeout
[  107.282013][ T5181] Bluetooth: hci3: command tx timeout
[  107.286795][ T5867] Bluetooth: hci4: command tx timeout
[  107.306242][ T5871] batman_adv: batadv0: Interface activated: batadv_slave_1
[  107.364691][ T5860] batman_adv: batadv0: Interface activated: batadv_slave_0
[  107.378439][ T5870] veth0_macvtap: entered promiscuous mode
[  107.389180][   T61] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  107.418106][ T5860] batman_adv: batadv0: Interface activated: batadv_slave_1
[  107.432886][   T61] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  107.445511][   T61] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  107.498487][ T5870] veth1_macvtap: entered promiscuous mode
[  107.515226][   T61] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  107.564882][   T61] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  107.622833][   T61] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  107.632438][   T61] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  107.666771][   T61] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  107.678720][ T5877] veth0_vlan: entered promiscuous mode
[  107.722028][   T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.734034][   T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.749160][ T5870] batman_adv: batadv0: Interface activated: batadv_slave_0
[  107.788537][ T5877] veth1_vlan: entered promiscuous mode
[  107.826487][ T5870] batman_adv: batadv0: Interface activated: batadv_slave_1
[  107.835837][   T50] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.845389][   T50] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.869122][ T5864] veth0_vlan: entered promiscuous mode
[  107.923160][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  107.954588][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  107.963941][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  107.966579][ T5871] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  107.998402][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.013999][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.025390][ T5864] veth1_vlan: entered promiscuous mode
[  108.038080][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  108.144551][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.153003][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.282870][ T5877] veth0_macvtap: entered promiscuous mode
[  108.329564][ T5864] veth0_macvtap: entered promiscuous mode
[  108.687778][ T5975] loop2: detected capacity change from 0 to 256
[  109.163020][ T5867] Bluetooth: hci0: command tx timeout
[  109.186408][ T5864] veth1_macvtap: entered promiscuous mode
[  109.200946][ T5867] Bluetooth: hci1: command tx timeout
[  109.265491][ T5877] veth1_macvtap: entered promiscuous mode
[  109.331784][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.340007][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.360642][ T5867] Bluetooth: hci3: command tx timeout
[  109.367854][   T52] Bluetooth: hci2: command tx timeout
[  109.367903][   T52] Bluetooth: hci4: command tx timeout
[  109.405183][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  109.424860][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  109.424959][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  109.483300][ T5864] batman_adv: batadv0: Interface activated: batadv_slave_0
[  109.546623][ T5864] batman_adv: batadv0: Interface activated: batadv_slave_1
[  109.707165][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.734969][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.762128][ T5990] loop2: detected capacity change from 0 to 128
[  109.774628][ T5877] batman_adv: batadv0: Interface activated: batadv_slave_0
[  109.801970][   T61] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  109.832100][   T61] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  109.855544][   T61] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  109.871540][   T61] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  109.908859][ T5877] batman_adv: batadv0: Interface activated: batadv_slave_1
[  109.997862][   T61] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  110.093939][   T61] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  110.111297][   T61] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  110.150043][   T61] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  110.233042][ T5996] capability: warning: `syz.2.10' uses 32-bit capabilities (legacy support in use)
[  110.260622][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  110.403601][ T5999] loop0: detected capacity change from 0 to 1024
[  110.436084][ T5977] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.470307][ T5977] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.539658][ T5999] Quota error (device loop0): do_check_range: Getting block 64 out of range 1-5
[  110.605712][ T5999] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0
[  110.646570][ T5999] EXT4-fs error (device loop0): ext4_acquire_dquot:6943: comm syz.0.11: Failed to acquire dquot type 0
[  110.695111][ T5999] EXT4-fs error (device loop0): mb_free_blocks:2017: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt.
[  110.717991][ T5977] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.733295][ T5999] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #13: comm syz.0.11: corrupted inode contents
[  110.740163][ T5977] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.759874][ T5999] EXT4-fs error (device loop0): ext4_dirty_inode:6538: inode #13: comm syz.0.11: mark_inode_dirty error
[  110.801558][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.860255][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.871077][ T5999] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #13: comm syz.0.11: corrupted inode contents
[  110.929648][ T5999] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #13: comm syz.0.11: mark_inode_dirty error
[  110.963448][ T5999] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #13: comm syz.0.11: corrupted inode contents
[  111.011819][ T5999] EXT4-fs error (device loop0) in ext4_orphan_del:305: Corrupt filesystem
[  111.046321][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  111.047004][ T5999] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #13: comm syz.0.11: corrupted inode contents
[  111.101204][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  111.132356][ T5999] EXT4-fs error (device loop0): ext4_truncate:4666: inode #13: comm syz.0.11: mark_inode_dirty error
[  111.171359][ T5999] EXT4-fs error (device loop0) in ext4_process_orphan:347: Corrupt filesystem
[  111.240803][ T5999] EXT4-fs (loop0): 1 truncate cleaned up
[  111.248881][ T5999] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  111.294189][ T6005] loop2: detected capacity change from 0 to 32768
[  111.465020][ T6011] find_entry called with index >= next_index
[  111.677263][ T6012] FAULT_INJECTION: forcing a failure.
[  111.677263][ T6012] name failslab, interval 1, probability 0, space 0, times 1
[  111.699648][ T6012] CPU: 0 UID: 0 PID: 6012 Comm: syz.3.4 Not tainted syzkaller #0 PREEMPT(full) 
[  111.699680][ T6012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  111.699707][ T6012] Call Trace:
[  111.699716][ T6012]  <TASK>
[  111.699726][ T6012]  dump_stack_lvl+0x189/0x250
[  111.699766][ T6012]  ? __pfx____ratelimit+0x10/0x10
[  111.699801][ T6012]  ? __pfx_dump_stack_lvl+0x10/0x10
[  111.699828][ T6012]  ? __pfx__printk+0x10/0x10
[  111.699863][ T6012]  ? __pfx___might_resched+0x10/0x10
[  111.699897][ T6012]  ? fs_reclaim_acquire+0x7d/0x100
[  111.699936][ T6012]  should_fail_ex+0x414/0x560
[  111.699976][ T6012]  should_failslab+0xa8/0x100
[  111.700011][ T6012]  __kmalloc_cache_noprof+0x6f/0x6f0
[  111.700040][ T6012]  ? netlink_lookup+0x30/0x200
[  111.700065][ T6012]  ? genl_start+0x1c9/0x6c0
[  111.700097][ T6012]  genl_start+0x1c9/0x6c0
[  111.700124][ T6012]  ? netlink_lookup+0x30/0x200
[  111.700151][ T6012]  __netlink_dump_start+0x466/0x7e0
[  111.700182][ T6012]  genl_family_rcv_msg_dumpit+0x1e7/0x2c0
[  111.700214][ T6012]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[  111.700241][ T6012]  ? genl_get_cmd+0x7d9/0x910
[  111.700273][ T6012]  ? __pfx_genl_start+0x10/0x10
[  111.700298][ T6012]  ? __pfx_genl_dumpit+0x10/0x10
[  111.700323][ T6012]  ? __pfx_genl_done+0x10/0x10
[  111.700369][ T6012]  genl_rcv_msg+0x5da/0x790
[  111.700404][ T6012]  ? __pfx_genl_rcv_msg+0x10/0x10
[  111.700432][ T6012]  ? __pfx_ovs_dp_cmd_dump+0x10/0x10
[  111.700469][ T6012]  ? __asan_memcpy+0x40/0x70
[  111.700493][ T6012]  ? __pfx_ref_tracker_free+0x10/0x10
[  111.700523][ T6012]  netlink_rcv_skb+0x208/0x470
[  111.700543][ T6012]  ? __lock_acquire+0xab9/0xd20
[  111.700574][ T6012]  ? __pfx_genl_rcv_msg+0x10/0x10
[  111.700604][ T6012]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  111.700648][ T6012]  ? down_read+0x1ad/0x2e0
[  111.700678][ T6012]  genl_rcv+0x28/0x40
[  111.700711][ T6012]  netlink_unicast+0x82c/0x9e0
[  111.700754][ T6012]  ? __pfx_netlink_unicast+0x10/0x10
[  111.700791][ T6012]  ? netlink_sendmsg+0x642/0xb30
[  111.700811][ T6012]  ? skb_put+0x11b/0x210
[  111.700838][ T6012]  netlink_sendmsg+0x805/0xb30
[  111.700871][ T6012]  ? __pfx_netlink_sendmsg+0x10/0x10
[  111.700898][ T6012]  ? aa_sock_msg_perm+0xf1/0x1d0
[  111.700921][ T6012]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  111.700943][ T6012]  ? __pfx_netlink_sendmsg+0x10/0x10
[  111.700967][ T6012]  __sock_sendmsg+0x219/0x270
[  111.701003][ T6012]  ____sys_sendmsg+0x505/0x830
[  111.701036][ T6012]  ? __pfx_____sys_sendmsg+0x10/0x10
[  111.701073][ T6012]  ? import_iovec+0x74/0xa0
[  111.701106][ T6012]  ___sys_sendmsg+0x21f/0x2a0
[  111.701135][ T6012]  ? __pfx____sys_sendmsg+0x10/0x10
[  111.701204][ T6012]  ? __fget_files+0x2a/0x420
[  111.701234][ T6012]  ? __fget_files+0x3a0/0x420
[  111.701278][ T6012]  __x64_sys_sendmsg+0x19b/0x260
[  111.701308][ T6012]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  111.701346][ T6012]  ? __pfx_ksys_write+0x10/0x10
[  111.701378][ T6012]  ? do_syscall_64+0xbe/0xfa0
[  111.701405][ T6012]  do_syscall_64+0xfa/0xfa0
[  111.701428][ T6012]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.701449][ T6012]  ? asm_sysvec_call_function_single+0x1a/0x20
[  111.701471][ T6012]  ? clear_bhb_loop+0x60/0xb0
[  111.701497][ T6012]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.701518][ T6012] RIP: 0033:0x7ff4dc78ebe9
[  111.701550][ T6012] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  111.701568][ T6012] RSP: 002b:00007ff4dd553038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  111.701591][ T6012] RAX: ffffffffffffffda RBX: 00007ff4dc9c5fa0 RCX: 00007ff4dc78ebe9
[  111.701607][ T6012] RDX: 0000000000000880 RSI: 00002000000029c0 RDI: 0000000000000003
[  111.701620][ T6012] RBP: 00007ff4dd553090 R08: 0000000000000000 R09: 0000000000000000
[  111.701633][ T6012] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  111.701646][ T6012] R13: 00007ff4dc9c6038 R14: 00007ff4dc9c5fa0 R15: 00007ffc308deab8
[  111.701683][ T6012]  </TASK>
[  112.173553][ T6001] loop1: detected capacity change from 0 to 32768
[  112.268739][ T5870] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  112.356884][ T6015] find_entry called with index >= next_index
[  112.409115][ T6017] Zero length message leads to an empty skb
[  112.419576][ T6017] netlink: 28 bytes leftover after parsing attributes in process `syz.4.17'.
[  112.651306][ T6021] loop3: detected capacity change from 0 to 8
[  112.694693][ T6021] MTD: Attempt to mount non-MTD device "/dev/loop3"
[  112.801082][ T6021] cramfs: bad data blocksize 4294967270
[  112.807169][ T6021] cramfs: Error -3 while decompressing!
[  112.826911][ T6020] loop4: detected capacity change from 0 to 4096
[  112.862677][ T6021] cramfs: ffffffff99e0e8e2(26)->ffff888073d64000(4096)
[  112.948988][ T6021] cramfs: bad data blocksize 3221485902
[  112.975422][ T6027] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  113.023244][ T6021] cramfs: bad data blocksize 4294967270
[  113.032652][   T30] audit: type=1800 audit(1757131491.732:2): pid=6021 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.16" name="file2" dev="loop3" ino=348 res=0 errno=0
[  113.595239][ T6031] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  113.599457][ T6021] cramfs: bad data blocksize 4294967270
[  113.640247][   T30] audit: type=1800 audit(1757131492.332:3): pid=6021 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.16" name="file2" dev="loop3" ino=348 res=0 errno=0
[  114.043883][ T6031] loop0: detected capacity change from 0 to 32768
[  114.058902][ T6031] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.20 (6031)
[  114.114355][ T6031] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  114.125986][ T6031] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[  114.256230][ T6031] BTRFS info (device loop0): enabling ssd optimizations
[  114.263654][ T6031] BTRFS info (device loop0): enabling free space tree
[  115.260615][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  115.269535][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  115.279171][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  115.291558][    T0] NOHZ tick-stop error: local softirq work is pending, handler #88!!!
[  115.318032][ T6059] vivid-007: =================  START STATUS  =================
[  115.326906][ T6059] vivid-007: Enable Output Cropping: true
[  115.333824][ T6059] vivid-007: Enable Output Composing: true
[  115.339887][ T6059] vivid-007: Enable Output Scaler: true
[  115.345757][ T6059] vivid-007: Tx RGB Quantization Range: Automatic
[  115.352514][ T6059] vivid-007: Transmit Mode: HDMI
[  115.357616][ T6059] vivid-007: Hotplug Present: 0x00000000
[  115.365833][ T6059] vivid-007: RxSense Present: 0x00000000
[  115.372357][ T6059] vivid-007: EDID Present: 0x00000000
[  115.378652][ T6059] vivid-007: ==================  END STATUS  ==================
[  115.480360][    T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!!
[  115.490709][    T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!!
[  115.864261][ T6058] loop2: detected capacity change from 0 to 16
[  115.871407][ T6058] erofs: Unknown parameter ''
[  116.474476][ T5870] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  117.111817][ T6069] loop3: detected capacity change from 0 to 128
[  117.521349][ T6075] netlink: 'syz.4.27': attribute type 6 has an invalid length.
[  117.606104][ T6069] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  117.778019][ T6069] ext4 filesystem being mounted at /2/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  118.146148][ T6083] FAULT_INJECTION: forcing a failure.
[  118.146148][ T6083] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  118.294256][ T6083] CPU: 1 UID: 0 PID: 6083 Comm: syz.2.29 Not tainted syzkaller #0 PREEMPT(full) 
[  118.294286][ T6083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  118.294299][ T6083] Call Trace:
[  118.294307][ T6083]  <TASK>
[  118.294315][ T6083]  dump_stack_lvl+0x189/0x250
[  118.294339][ T6083]  ? __pfx____ratelimit+0x10/0x10
[  118.294364][ T6083]  ? __pfx_dump_stack_lvl+0x10/0x10
[  118.294383][ T6083]  ? __pfx__printk+0x10/0x10
[  118.294405][ T6083]  ? __might_fault+0xb0/0x130
[  118.294435][ T6083]  should_fail_ex+0x414/0x560
[  118.294463][ T6083]  copy_fpstate_to_sigframe+0xa8d/0xce0
[  118.294487][ T6083]  ? copy_fpstate_to_sigframe+0x181/0xce0
[  118.294512][ T6083]  ? __pfx_copy_fpstate_to_sigframe+0x10/0x10
[  118.294543][ T6083]  ? __lock_acquire+0xab9/0xd20
[  118.294569][ T6083]  ? fpu__alloc_mathframe+0xad/0x130
[  118.294591][ T6083]  get_sigframe+0x58d/0x7d0
[  118.294615][ T6083]  ? __pfx_get_sigframe+0x10/0x10
[  118.294638][ T6083]  ? posixtimer_deliver_signal+0x305/0x410
[  118.294661][ T6083]  x64_setup_rt_frame+0x15b/0xd40
[  118.294685][ T6083]  ? lockdep_hardirqs_on+0x9c/0x150
[  118.294702][ T6083]  ? _raw_spin_unlock_irq+0x2e/0x50
[  118.294725][ T6083]  ? get_signal+0x1151/0x1340
[  118.294753][ T6083]  ? __pfx_x64_setup_rt_frame+0x10/0x10
[  118.294780][ T6083]  arch_do_signal_or_restart+0x3d7/0x750
[  118.294800][ T6083]  ? fdget_pos+0x18f/0x320
[  118.294826][ T6083]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  118.294857][ T6083]  ? exit_to_user_mode_loop+0x40/0x130
[  118.294880][ T6083]  exit_to_user_mode_loop+0x75/0x130
[  118.294904][ T6083]  do_syscall_64+0x2bd/0xfa0
[  118.294921][ T6083]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.294935][ T6083]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  118.294950][ T6083]  ? clear_bhb_loop+0x60/0xb0
[  118.294969][ T6083]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.294983][ T6083] RIP: 0033:0x7f2b7fb8ebe7
[  118.294997][ T6083] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89
[  118.295009][ T6083] RSP: 002b:00007f2b80a18038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[  118.295026][ T6083] RAX: 0000000000000013 RBX: 00007f2b7fdc5fa0 RCX: 00007f2b7fb8ebe9
[  118.295036][ T6083] RDX: 0000000000000001 RSI: 0000200000000780 RDI: 0000000000000003
[  118.295046][ T6083] RBP: 00007f2b80a18090 R08: 0000000000000000 R09: 0000000000000000
[  118.295055][ T6083] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  118.295064][ T6083] R13: 00007f2b7fdc6038 R14: 00007f2b7fdc5fa0 R15: 00007ffd092b3d08
[  118.295088][ T6083]  </TASK>
[  118.846278][ T6083] loop2: detected capacity change from 0 to 1024
[  119.270490][ T5997] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  119.311288][ T6092] loop1: detected capacity change from 0 to 16
[  119.482739][ T6092] erofs (device loop1): EXPERIMENTAL EROFS subpage compressed block support in use. Use at your own risk!
[  119.542729][ T6092] erofs (device loop1): mounted with root inode @ nid 36.
[  120.769209][ T6105] loop2: detected capacity change from 0 to 1024
[  120.950315][ T6103] loop0: detected capacity change from 0 to 32768
[  120.974601][ T6105] =======================================================
[  120.974601][ T6105] WARNING: The mand mount option has been deprecated and
[  120.974601][ T6105]          and is ignored by this kernel. Remove the mand
[  120.974601][ T6105]          option from the mount to silence this warning.
[  120.974601][ T6105] =======================================================
[  121.024179][ T6103] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.34 (6103)
[  121.045137][ T6103] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  121.055552][ T6103] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[  121.076238][ T5877] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  121.164046][ T6105] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  121.177422][ T6105] ext4 filesystem being mounted at /11/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  121.766707][ T6103] BTRFS info (device loop0): enabling ssd optimizations
[  121.773972][ T6103] BTRFS info (device loop0): enabling free space tree
[  121.998333][ T6118] netlink: 4 bytes leftover after parsing attributes in process `syz.1.31'.
[  122.116265][ T5871] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  123.494439][ T5870] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  123.495187][ T6138] FAULT_INJECTION: forcing a failure.
[  123.495187][ T6138] name failslab, interval 1, probability 0, space 0, times 0
[  123.610239][ T6138] CPU: 0 UID: 0 PID: 6138 Comm: syz.3.38 Not tainted syzkaller #0 PREEMPT(full) 
[  123.610268][ T6138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  123.610280][ T6138] Call Trace:
[  123.610289][ T6138]  <TASK>
[  123.610298][ T6138]  dump_stack_lvl+0x189/0x250
[  123.610330][ T6138]  ? __pfx____ratelimit+0x10/0x10
[  123.610366][ T6138]  ? __pfx_dump_stack_lvl+0x10/0x10
[  123.610392][ T6138]  ? __pfx__printk+0x10/0x10
[  123.610428][ T6138]  ? __pfx___might_resched+0x10/0x10
[  123.610466][ T6138]  should_fail_ex+0x414/0x560
[  123.610506][ T6138]  should_failslab+0xa8/0x100
[  123.610552][ T6138]  __kmalloc_noprof+0xcb/0x7f0
[  123.610580][ T6138]  ? kfree+0x4d/0x6d0
[  123.610603][ T6138]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  123.610634][ T6138]  tomoyo_realpath_from_path+0xe3/0x5d0
[  123.610658][ T6138]  ? tomoyo_domain+0xd9/0x130
[  123.610687][ T6138]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  123.610718][ T6138]  tomoyo_path_number_perm+0x1e8/0x5a0
[  123.610753][ T6138]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  123.610826][ T6138]  ? __fget_files+0x2a/0x420
[  123.610863][ T6138]  ? __fget_files+0x3a0/0x420
[  123.610893][ T6138]  ? __fget_files+0x2a/0x420
[  123.610929][ T6138]  security_file_ioctl+0xcb/0x2d0
[  123.610961][ T6138]  __se_sys_ioctl+0x47/0x170
[  123.610989][ T6138]  do_syscall_64+0xfa/0xfa0
[  123.611009][ T6138]  ? lockdep_hardirqs_on+0x9c/0x150
[  123.611031][ T6138]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.611053][ T6138]  ? clear_bhb_loop+0x60/0xb0
[  123.611080][ T6138]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.611101][ T6138] RIP: 0033:0x7ff4dc78ebe9
[  123.611119][ T6138] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  123.611137][ T6138] RSP: 002b:00007ff4dd553038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  123.611160][ T6138] RAX: ffffffffffffffda RBX: 00007ff4dc9c5fa0 RCX: 00007ff4dc78ebe9
[  123.611176][ T6138] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  123.611189][ T6138] RBP: 00007ff4dd553090 R08: 0000000000000000 R09: 0000000000000000
[  123.611202][ T6138] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  123.611215][ T6138] R13: 00007ff4dc9c6038 R14: 00007ff4dc9c5fa0 R15: 00007ffc308deab8
[  123.611251][ T6138]  </TASK>
[  123.611331][ T6138] ERROR: Out of memory at tomoyo_realpath_from_path.
[  124.820436][ T6159] @: renamed from vlan0 (while UP)
[  125.150180][ T5997] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  125.340466][ T5997] usb 1-1: Using ep0 maxpacket: 16
[  125.378638][ T5997] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  125.431195][ T5997] usb 1-1: config 0 interface 0 altsetting 1 endpoint 0x7 has an invalid bInterval 0, changing to 7
[  125.488395][ T5997] usb 1-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  125.544456][ T5997] usb 1-1: config 0 interface 0 has no altsetting 0
[  125.571014][ T6171] loop3: detected capacity change from 0 to 64
[  125.593001][ T5997] usb 1-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb
[  125.607015][ T6171] hfs: Unknown parameter 'syzkaller0'
[  125.610145][ T5997] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  125.660139][ T5997] usb 1-1: Product: syz
[  125.671868][ T5997] usb 1-1: Manufacturer: syz
[  125.707157][ T5997] usb 1-1: SerialNumber: syz
[  125.748789][ T5997] usb 1-1: config 0 descriptor??
[  126.491873][ T6143] loop2: detected capacity change from 0 to 32768
[  126.584105][ T6143] gfs2: fsid=norecovery: Trying to join cluster "lock_nolock", "norecovery"
[  126.595006][ T6143] gfs2: fsid=norecovery: Now mounting FS (format 0)...
[  126.676827][ T6143] syz.2.41: attempt to access beyond end of device
[  126.676827][ T6143] loop2: rw=12288, sector=18446744073709551608, nr_sectors = 8 limit=32768
[  126.702971][ T6194] loop1: detected capacity change from 0 to 16
[  126.711089][ T6194] erofs: Unknown parameter ''
[  126.771561][ T6143] gfs2: fsid=norecovery.s: fatal: filesystem consistency error - inode = 1 19, function = gfs2_jdesc_check, file = fs/gfs2/super.c, line = 119
[  126.885067][ T6143] gfs2: fsid=norecovery.s: G:  s:SH n:2/13 f:aqo t:SH d:EX/0 a:0 v:0 r:2 m:20 p:2
[  126.956814][ T6143] gfs2: fsid=norecovery.s:  H: s:SH f:eEcH e:0 p:6143 [syz.2.41] init_journal+0x17f8/0x2260
[  127.021534][ T6143] gfs2: fsid=norecovery.s:  I: n:1/19 t:8 f:0x00 d:0x00000200 s:8388608 p:0
[  127.070264][ T6143] gfs2: fsid=norecovery.s: about to withdraw this file system
[  127.123747][ T6143] gfs2: fsid=norecovery.s: Journal recovery skipped for jid 0 until next mount.
[  127.175358][ T6143] gfs2: fsid=norecovery.s: Glock dequeues delayed: 0
[  127.211910][ T6143] gfs2: fsid=norecovery.s: File system withdrawn
[  127.230577][ T6143] CPU: 0 UID: 0 PID: 6143 Comm: syz.2.41 Not tainted syzkaller #0 PREEMPT(full) 
[  127.230607][ T6143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  127.230621][ T6143] Call Trace:
[  127.230630][ T6143]  <TASK>
[  127.230641][ T6143]  dump_stack_lvl+0x189/0x250
[  127.230678][ T6143]  ? __pfx_dump_stack_lvl+0x10/0x10
[  127.230707][ T6143]  ? __pfx__printk+0x10/0x10
[  127.230741][ T6143]  ? kobject_uevent_env+0x36b/0x8c0
[  127.230781][ T6143]  gfs2_withdraw+0xb30/0x1430
[  127.230830][ T6143]  ? __pfx_gfs2_withdraw+0x10/0x10
[  127.230862][ T6143]  ? __pfx_wake_up_bit+0x10/0x10
[  127.230891][ T6143]  ? _raw_spin_unlock+0x3f/0x50
[  127.230931][ T6143]  ? gfs2_consist_inode_i+0xf5/0x110
[  127.230965][ T6143]  gfs2_jdesc_check+0x17d/0x2f0
[  127.231005][ T6143]  check_journal_clean+0x158/0x310
[  127.231038][ T6143]  ? __pfx_check_journal_clean+0x10/0x10
[  127.231071][ T6143]  ? init_journal+0x17f8/0x2260
[  127.231110][ T6143]  ? do_raw_spin_unlock+0x122/0x240
[  127.231140][ T6143]  ? _raw_spin_unlock+0x28/0x50
[  127.231173][ T6143]  ? gfs2_jdesc_find+0xab/0xc0
[  127.231231][ T6143]  init_journal+0x17f8/0x2260
[  127.231274][ T6143]  ? init_inodes+0xdb/0x320
[  127.231309][ T6143]  ? __pfx_init_journal+0x10/0x10
[  127.231339][ T6143]  ? vsnprintf+0xe11/0xf00
[  127.231382][ T6143]  ? snprintf+0xda/0x120
[  127.231414][ T6143]  ? init_inodes+0xdb/0x320
[  127.231443][ T6143]  ? __pfx_snprintf+0x10/0x10
[  127.231475][ T6143]  ? gfs2_glock_nq_num+0x13d/0x170
[  127.231513][ T6143]  init_inodes+0xdb/0x320
[  127.231557][ T6143]  gfs2_fill_super+0x1923/0x20d0
[  127.231610][ T6143]  ? __pfx_gfs2_fill_super+0x10/0x10
[  127.231645][ T6143]  ? init_locking+0xb8/0x210
[  127.231673][ T6143]  ? sb_set_blocksize+0x104/0x180
[  127.231712][ T6143]  ? setup_bdev_super+0x4c1/0x5b0
[  127.231746][ T6143]  get_tree_bdev_flags+0x40b/0x4d0
[  127.231776][ T6143]  ? __pfx_gfs2_fill_super+0x10/0x10
[  127.231806][ T6143]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  127.231834][ T6143]  ? __pfx_vfs_parse_comma_sep+0x10/0x10
[  127.231881][ T6143]  gfs2_get_tree+0x51/0x1e0
[  127.231916][ T6143]  vfs_get_tree+0x8f/0x2b0
[  127.231948][ T6143]  do_new_mount+0x302/0xa10
[  127.231979][ T6143]  ? apparmor_capable+0x137/0x1b0
[  127.232018][ T6143]  ? __pfx_do_new_mount+0x10/0x10
[  127.232050][ T6143]  ? ns_capable+0x8a/0xf0
[  127.232089][ T6143]  ? kmem_cache_free+0x19a/0x690
[  127.232134][ T6143]  __se_sys_mount+0x313/0x410
[  127.232174][ T6143]  ? __pfx___se_sys_mount+0x10/0x10
[  127.232212][ T6143]  ? do_syscall_64+0xbe/0xfa0
[  127.232233][ T6143]  ? __x64_sys_mount+0x20/0xc0
[  127.232268][ T6143]  do_syscall_64+0xfa/0xfa0
[  127.232290][ T6143]  ? lockdep_hardirqs_on+0x9c/0x150
[  127.232312][ T6143]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  127.232334][ T6143]  ? clear_bhb_loop+0x60/0xb0
[  127.232362][ T6143]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  127.232384][ T6143] RIP: 0033:0x7f2b7fb9038a
[  127.232404][ T6143] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  127.232422][ T6143] RSP: 002b:00007f2b80a17e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  127.232446][ T6143] RAX: ffffffffffffffda RBX: 00007f2b80a17ef0 RCX: 00007f2b7fb9038a
[  127.232462][ T6143] RDX: 0000200000000400 RSI: 0000200000012500 RDI: 00007f2b80a17eb0
[  127.232478][ T6143] RBP: 0000200000000400 R08: 00007f2b80a17ef0 R09: 0000000000200001
[  127.232494][ T6143] R10: 0000000000200001 R11: 0000000000000246 R12: 0000200000012500
[  127.232508][ T6143] R13: 00007f2b80a17eb0 R14: 00000000000125bb R15: 0000200000000180
[  127.232552][ T6143]  </TASK>
[  127.232713][ T6143] gfs2: fsid=norecovery.s: Error checking journal for spectator mount.
[  127.756467][ T6158] loop0: detected capacity change from 0 to 32768
[  127.828554][ T6202] netlink: 'syz.1.52': attribute type 11 has an invalid length.
[  127.836420][ T6202] netlink: 224 bytes leftover after parsing attributes in process `syz.1.52'.
[  128.009867][ T6158] JBD2: journal reset failed
[  128.014994][ T6158] (syz.0.42,6158,0):ocfs2_journal_load:1167 ERROR: Failed to load journal!
[  128.040234][ T6158] (syz.0.42,6158,0):ocfs2_check_volume:2374 ERROR: ocfs2 journal load failed! -4
[  128.258055][ T1210] usb 1-1: USB disconnect, device number 2
[  128.586588][ T6221] loop3: detected capacity change from 0 to 2048
[  128.791204][ T6221] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  128.896747][ T6225] futex_wake_op: syz.2.54 tries to shift op by -1; fix this program
[  128.905128][ T6225] futex_wake_op: syz.2.54 tries to shift op by -1; fix this program
[  128.913325][ T6225] futex_wake_op: syz.2.54 tries to shift op by -1; fix this program
[  128.921480][ T6225] futex_wake_op: syz.2.54 tries to shift op by -1; fix this program
[  128.929609][ T6225] futex_wake_op: syz.2.54 tries to shift op by -1; fix this program
[  128.937785][ T6225] futex_wake_op: syz.2.54 tries to shift op by -1; fix this program
[  128.945895][ T6225] futex_wake_op: syz.2.54 tries to shift op by -1; fix this program
[  128.954049][ T6225] futex_wake_op: syz.2.54 tries to shift op by -1; fix this program
[  128.962175][ T6225] futex_wake_op: syz.2.54 tries to shift op by -1; fix this program
[  128.970396][ T6225] futex_wake_op: syz.2.54 tries to shift op by -1; fix this program
[  129.002984][ T6218] UDF-fs: incorrect filename length (10)
[  129.729842][ T6240] loop2: detected capacity change from 0 to 128
[  129.753305][ T6243] netlink: 12 bytes leftover after parsing attributes in process `syz.0.59'.
[  129.798216][ T6243] netlink: 24 bytes leftover after parsing attributes in process `syz.0.59'.
[  130.805062][ T5871] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF
[  130.881435][ T5871] FAT-fs (loop2): Filesystem has been set read-only
[  131.099985][ T6254] loop2: detected capacity change from 0 to 1024
[  131.121518][ T6254] EXT4-fs: Ignoring removed i_version option
[  131.137870][ T6254] EXT4-fs: Ignoring removed nomblk_io_submit option
[  131.183261][ T6258] loop0: detected capacity change from 0 to 1024
[  131.265391][ T6258] EXT4-fs: Ignoring removed nobh option
[  131.285034][ T6254] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  131.375886][ T6258] EXT4-fs: Ignoring removed bh option
[  131.432229][ T6265] netlink: 8 bytes leftover after parsing attributes in process `syz.1.64'.
[  132.101917][ T6258] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  132.229970][ T6236] loop4: detected capacity change from 0 to 32768
[  132.280314][   T10] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  132.488096][   T30] audit: type=1326 audit(1757131511.172:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6271 comm="syz.1.68" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa362f8ebe9 code=0x0
[  132.532654][   T10] usb 3-1: Using ep0 maxpacket: 32
[  132.641426][   T10] usb 3-1: config 0 has an invalid interface number: 239 but max is 0
[  132.729242][   T10] usb 3-1: config 0 has no interface number 0
[  132.808446][   T10] usb 3-1: config 0 interface 239 altsetting 4 bulk endpoint 0x2 has invalid maxpacket 8
[  132.915279][   T10] usb 3-1: config 0 interface 239 altsetting 4 has an endpoint descriptor with address 0xF1, changing to 0x81
[  133.060419][   T10] usb 3-1: config 0 interface 239 altsetting 4 endpoint 0x81 has an invalid bInterval 127, changing to 10
[  133.202209][   T10] usb 3-1: config 0 interface 239 altsetting 4 endpoint 0x81 has invalid maxpacket 57427, setting to 1024
[  133.216105][   T10] usb 3-1: config 0 interface 239 altsetting 4 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[  133.289665][   T10] usb 3-1: config 0 interface 239 altsetting 4 has an endpoint descriptor with address 0xA9, changing to 0x89
[  133.385768][   T10] usb 3-1: config 0 interface 239 altsetting 4 endpoint 0x89 has invalid maxpacket 28648, setting to 1024
[  133.420235][   T10] usb 3-1: config 0 interface 239 altsetting 4 bulk endpoint 0x89 has invalid maxpacket 1024
[  133.432876][ T5870] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  133.511294][   T10] usb 3-1: config 0 interface 239 altsetting 4 has 6 endpoint descriptors, different from the interface descriptor's value: 4
[  133.735172][   T10] usb 3-1: config 0 interface 239 has no altsetting 0
[  133.925729][ T6286] binder: 6284:6286 ioctl 6628 0 returned -22
[  134.638025][ T6297] use of bytesused == 0 is deprecated and will be removed in the future,
[  134.700254][   T10] usb 3-1: New USB device found, idVendor=105b, idProduct=1799, bcdDevice=36.e9
[  134.709447][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  134.710748][ T6297] use the actual size instead.
[  134.757856][   T10] usb 3-1: config 0 descriptor??
[  134.768307][   T10] usb 3-1: can't set config #0, error -71
[  134.802074][ T6302] netlink: 12 bytes leftover after parsing attributes in process `syz.0.72'.
[  134.826060][   T10] usb 3-1: USB disconnect, device number 2
[  134.893860][ T5871] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  135.845320][ T6313] loop2: detected capacity change from 0 to 128
[  136.051928][ T6316] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  136.893071][ T5871] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF
[  137.111605][   T30] audit: type=1326 audit(1757131515.822:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6319 comm="syz.3.80" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff4dc78ebe9 code=0x0
[  137.190259][ T5871] FAT-fs (loop2): Filesystem has been set read-only
[  138.336430][   T30] audit: type=1326 audit(1757131517.042:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6330 comm="syz.4.83" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f74a9d8ebe9 code=0x0
[  138.525246][ T6337] loop0: detected capacity change from 0 to 65
[  138.525625][ T6335] loop4: detected capacity change from 0 to 4096
[  138.580644][ T6335] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  138.636733][ T6337] BFS-fs: bfs_fill_super(): NOTE: filesystem loop0 was created with 512 inodes, the real maximum is 511, mounting anyway
[  138.661115][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  138.667712][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  138.803170][ T6335] kvm: emulating exchange as write
[  140.100283][ T5864] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  140.280157][ T5997] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  140.710154][ T5997] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  140.887463][ T6365] tipc: Started in network mode
[  140.900359][ T6365] tipc: Node identity 7a28c6e4f7dd, cluster identity 4711
[  140.907613][ T5997] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  140.930569][ T6365] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  140.956851][ T5997] usb 2-1: config 0 descriptor??
[  140.982601][ T6365] tipc: Resetting bearer <eth:syzkaller0>
[  141.046117][ T6363] tipc: Disabling bearer <eth:syzkaller0>
[  141.185567][ T5997] udl 2-1:0.0: [drm] Unrecognized vendor firmware descriptor
[  141.403613][   T30] audit: type=1326 audit(1757131520.032:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6373 comm="syz.3.92" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff4dc78ebe9 code=0x0
[  141.498709][ T5997] [drm:udl_init] *ERROR* Selecting channel failed
[  142.198208][ T5997] [drm] Initialized udl 0.0.1 for 2-1:0.0 on minor 2
[  142.273232][ T6381] binder: 6380:6381 ioctl c0306201 200000000440 returned -14
[  142.291317][ T5997] [drm] Initialized udl on minor 2
[  142.305641][ T5997] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  142.370854][ T5997] udl 2-1:0.0: [drm] Cannot find any crtc or sizes
[  142.395215][    T9] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  142.430513][ T5997] usb 2-1: USB disconnect, device number 2
[  142.441810][    T9] udl 2-1:0.0: [drm] Cannot find any crtc or sizes
[  142.670933][ T6355] loop2: detected capacity change from 0 to 32768
[  142.688904][ T6355] ocfs2: Unknown parameter 'nousev_xattr'
[  142.742830][ T6385] netlink: 'syz.1.95': attribute type 10 has an invalid length.
[  142.816603][ T6385] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  142.848110][ T6355] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  143.079408][ T6395] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  143.454918][ T6406] loop2: detected capacity change from 0 to 256
[  143.474565][ T1210] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  143.634263][ T6406] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[  143.842765][ T1210] usb 5-1: device descriptor read/64, error -71
[  144.244251][ T1210] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  144.611934][ T1210] usb 5-1: device descriptor read/64, error -71
[  144.724031][ T1210] usb usb5-port1: attempt power cycle
[  145.283258][ T6422] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  145.299973][ T1210] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  145.333152][ T1210] usb 5-1: device descriptor read/8, error -71
[  150.890253][ T5945] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  151.530324][ T5945] usb 3-1: Using ep0 maxpacket: 8
[  151.542290][ T5945] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  151.557035][ T5945] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[  151.566366][ T5945] usb 3-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0x68, changing to 0x8
[  151.582426][ T5945] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x8 has an invalid bInterval 111, changing to 7
[  151.595529][ T5945] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x8 has invalid maxpacket 25695, setting to 1024
[  151.611397][ T5945] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  151.697243][ T5945] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  151.989869][ T5944] usb 1-1: new full-speed USB device number 3 using dummy_hcd
[  152.223140][ T5945] hub 3-1:1.0: bad descriptor, ignoring hub
[  152.229124][ T5945] hub 3-1:1.0: probe with driver hub failed with error -5
[  152.238047][ T5945] cdc_wdm 3-1:1.0: skipping garbage
[  152.245355][ T5945] cdc_wdm 3-1:1.0: skipping garbage
[  152.251004][ T5945] cdc_wdm 3-1:1.0: probe with driver cdc_wdm failed with error -22
[  152.983535][ T5945] usb 3-1: USB disconnect, device number 3
[  153.079006][    T9] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  153.257849][    T9] usb 2-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  153.313162][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  153.460526][ T6470] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000).
[  153.478461][ T6470] qnx6: wrong signature (magic) in superblock #1.
[  153.485278][ T6470] qnx6: unable to read the first superblock
[  153.522329][    T9] usb 2-1: Product: syz
[  153.541069][    T9] usb 2-1: Manufacturer: syz
[  153.610846][    T9] usb 2-1: SerialNumber: syz
[  154.019561][    T9] usb 2-1: config 0 descriptor??
[  154.166618][    T9] i2c-tiny-usb 2-1:0.0: version 6d.cc found at bus 002 address 003
[  154.210784][ T6466] faux_driver regulatory: loading /lib/firmware/regulatory.db.p7s failed with error -4
[  154.235703][   T30] audit: type=1800 audit(1757131532.912:8): pid=6466 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.115" name="regulatory.db.p7s" dev="sda1" ino=449 res=0 errno=0
[  154.277252][ T6466] faux_driver regulatory: Direct firmware load for regulatory.db.p7s failed with error -4
[  154.307670][ T6466] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db.p7s
[  154.368705][ T6473] Bluetooth: MGMT ver 1.23
[  154.389994][ T6473] loop2: detected capacity change from 0 to 512
[  154.446657][ T6473] EXT4-fs (loop2): invalid first ino: 4160749579
[  154.603358][    T9]  (null): failure reading functionality
[  154.639467][ T6476] loop2: detected capacity change from 0 to 1024
[  154.743750][ T6476] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  154.748997][ T6480] loop3: detected capacity change from 0 to 128
[  154.776422][ T6480] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  154.790591][ T6480] hpfs: filesystem error: improperly stopped
[  154.796660][ T6480] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  154.897139][    T9] i2c i2c-1: connected i2c-tiny-usb device
[  154.926857][ T6480] hpfs: You really don't want any checks? You are crazy...
[  154.937493][    T9] usb 2-1: USB disconnect, device number 3
[  154.953841][ T6466] syz.0.115 (6466) used greatest stack depth: 17784 bytes left
[  154.972948][ T6480] hpfs: hpfs_map_sector(): read error
[  155.002524][ T6480] hpfs: code page support is disabled
[  155.027543][ T6480] hpfs: hpfs_map_4sectors(): unaligned read
[  155.060506][ T6480] hpfs: hpfs_map_4sectors(): unaligned read
[  155.085942][ T6462] loop4: detected capacity change from 0 to 32768
[  155.183540][ T6480] hpfs: filesystem error: unable to find root dir
[  156.129831][ T5871] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  156.522252][ T5181] Bluetooth: hci4: ACL packet for unknown connection handle 0
[  157.081471][ T6495] bond_slave_0: entered promiscuous mode
[  157.087439][ T6495] bond_slave_1: entered promiscuous mode
[  157.560025][ T6495] macvtap1: entered allmulticast mode
[  157.633997][ T6495] bond0: entered allmulticast mode
[  157.690268][ T6495] bond_slave_0: entered allmulticast mode
[  157.752350][ T6495] bond_slave_1: entered allmulticast mode
[  157.776232][ T6495] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  157.852672][ T6495] bond0: left allmulticast mode
[  157.858123][ T6495] bond_slave_0: left allmulticast mode
[  157.941362][ T6495] bond_slave_1: left allmulticast mode
[  158.007846][ T6495] bond_slave_0: left promiscuous mode
[  158.013679][ T6495] bond_slave_1: left promiscuous mode
[  160.722307][ T6536] loop1: detected capacity change from 0 to 65
[  160.806363][ T6536] BFS-fs: bfs_fill_super(): NOTE: filesystem loop1 was created with 512 inodes, the real maximum is 511, mounting anyway
[  163.387235][ T6556] loop4: detected capacity change from 0 to 65
[  163.433955][ T6556] BFS-fs: bfs_fill_super(): NOTE: filesystem loop4 was created with 512 inodes, the real maximum is 511, mounting anyway
[  163.792870][ T6552] tmpfs: Bad value for 'mpol'
[  164.496956][ T6565] vivid-007: =================  START STATUS  =================
[  164.504851][ T6565] vivid-007: Enable Output Cropping: true
[  164.510786][ T6565] vivid-007: Enable Output Composing: true
[  164.516820][ T6565] vivid-007: Enable Output Scaler: true
[  164.522923][ T6565] vivid-007: Tx RGB Quantization Range: Automatic
[  164.530388][ T6565] vivid-007: Transmit Mode: HDMI
[  164.535509][ T6565] vivid-007: Hotplug Present: 0x00000000
[  164.542263][ T6565] vivid-007: RxSense Present: 0x00000000
[  164.562397][ T6565] vivid-007: EDID Present: 0x00000000
[  164.568058][ T6565] vivid-007: ==================  END STATUS  ==================
[  165.541833][ T6572] syz.3.144 uses obsolete (PF_INET,SOCK_PACKET)
[  165.569066][ T6567] mmap: syz.1.141 (6567) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  166.301110][  T979] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  166.520311][  T979] usb 4-1: Using ep0 maxpacket: 16
[  166.584583][  T979] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  166.584616][  T979] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  166.600595][  T979] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  166.600629][  T979] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  166.600650][  T979] usb 4-1: Product: syz
[  166.600665][  T979] usb 4-1: Manufacturer: syz
[  166.600679][  T979] usb 4-1: SerialNumber: syz
[  167.026737][  T979] usb 4-1: cannot find UAC_HEADER
[  167.436350][  T979] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -22
[  168.074103][  T979] usb 4-1: USB disconnect, device number 3
[  168.793064][ T5984] udevd[5984]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  169.472564][ T6596] loop1: detected capacity change from 0 to 64
[  169.554929][ T6594] loop0: detected capacity change from 0 to 16
[  169.562082][ T6594] erofs: Unknown parameter ''
[  170.224270][ T6600] ip6_tunnel: non-ECT from 0000:0000:00c7:0000:0000:ffff:ffff:ffff with DS=0xd
[  171.746071][ T6617] loop4: detected capacity change from 0 to 65
[  171.789237][ T6617] BFS-fs: bfs_fill_super(): NOTE: filesystem loop4 was created with 512 inodes, the real maximum is 511, mounting anyway
[  172.734015][ T6614] loop1: detected capacity change from 0 to 32768
[  172.753930][ T6614] XFS: noikeep mount option is deprecated.
[  172.928259][ T6614] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  173.182339][ T6614] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  173.211746][ T6614] XFS (loop1): Starting recovery (logdev: internal)
[  173.316774][ T6614] XFS (loop1): Ending recovery (logdev: internal)
[  173.383211][   T30] audit: type=1800 audit(1757131552.082:9): pid=6614 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.157" name="file2" dev="loop1" ino=4423 res=0 errno=0
[  173.710511][ T6633] XFS (loop1): User initiated shutdown received.
[  173.815584][   T30] audit: type=1800 audit(1757131552.482:10): pid=6634 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.157" name="file2" dev="loop1" ino=4423 res=0 errno=0
[  174.003783][ T6633] XFS (loop1): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x71/0x150 (fs/xfs/xfs_fsops.c:472).  Shutting down filesystem.
[  174.301724][ T6633] XFS (loop1): Please unmount the filesystem and rectify the problem(s)
[  176.017205][   T30] audit: type=1326 audit(1757131553.982:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6640 comm="syz.0.161" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f438d58ebe9 code=0x0
[  176.126133][ T5860] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  176.230899][ T6651] netlink: 12 bytes leftover after parsing attributes in process `syz.0.167'.
[  176.438348][ T6653] loop4: detected capacity change from 0 to 16
[  176.446657][ T6653] erofs: Unknown parameter ''
[  177.891844][ T6668] tmpfs: Unknown parameter 'grp{uota'
[  177.975875][ T6668] loop4: detected capacity change from 0 to 256
[  177.983403][ T6668] exfat: Unknown parameter ''
[  180.461151][ T6685] loop4: detected capacity change from 0 to 512
[  180.514220][ T6685] EXT4-fs: Ignoring removed oldalloc option
[  180.580930][ T6685] EXT4-fs (loop4): 1 truncate cleaned up
[  180.613123][ T6685] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  180.693905][   T30] audit: type=1800 audit(1757131559.402:12): pid=6685 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.175" name="file1" dev="loop4" ino=15 res=0 errno=0
[  181.150284][   T30] audit: type=1804 audit(1757131559.772:13): pid=6695 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.175" name="/newroot/31/file1/file1" dev="loop4" ino=15 res=1 errno=0
[  181.606181][ T6685] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #13: comm syz.4.175: invalid indirect mapped block 234881024 (level 0)
[  181.626257][ T6685] EXT4-fs (loop4): Remounting filesystem read-only
[  181.737889][ T5864] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  182.061471][ T6706] (unnamed net_device) (uninitialized): down delay (262144) is not a multiple of miimon (5), value rounded to 262140 ms
[  184.490889][ T6720] loop3: detected capacity change from 0 to 32768
[  184.540937][ T6720] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.183 (6720)
[  184.563723][ T6720] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  184.574090][ T6720] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  184.827953][ T6720] BTRFS info (device loop3): enabling ssd optimizations
[  184.835023][ T6720] BTRFS info (device loop3): enabling free space tree
[  186.605108][ T5877] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  186.998138][ T6744] netlink: 12 bytes leftover after parsing attributes in process `syz.0.186'.
[  190.120777][ T6775] process 'syz.3.193' launched './file2' with NULL argv: empty string added
[  190.559415][ T6780] loop2: detected capacity change from 0 to 4096
[  191.361034][ T6801] loop1: detected capacity change from 0 to 512
[  191.383920][ T6801] EXT4-fs: Ignoring removed nomblk_io_submit option
[  191.432236][ T6801] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  191.450416][ T6801] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  191.556418][ T6801] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4183: comm syz.1.205: Allocating blocks 41-42 which overlap fs metadata
[  191.645738][ T6801] EXT4-fs (loop1): Remounting filesystem read-only
[  191.653148][ T6801] Quota error (device loop1): write_blk: dquota write failed
[  191.661708][ T6801] Quota error (device loop1): find_free_dqentry: Can't write quota data block 5
[  191.673776][ T6801] Quota error (device loop1): write_blk: dquota write failed
[  191.681822][ T6801] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  191.692176][ T6801] EXT4-fs (loop1): 1 truncate cleaned up
[  191.718664][ T6801] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  191.913517][ T5860] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  191.967036][ T6822] random: crng reseeded on system resumption
[  192.016979][ T6821] netlink: 4 bytes leftover after parsing attributes in process `syz.2.212'.
[  192.176167][ T6826] IPVS: Error joining to the multicast group
[  192.521846][ T6839] loop1: detected capacity change from 0 to 256
[  192.593370][ T6839] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  192.605642][ T6839] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[  192.626432][ T6839] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  192.737555][ T6840] batman_adv: batadv0: Adding interface: dummy0
[  192.748083][ T6840] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  192.852637][ T6840] batman_adv: batadv0: Interface activated: dummy0
[  193.003813][ T6843] batadv0: mtu less than device minimum
[  193.011410][ T6843] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  193.023753][ T6843] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  193.035843][ T6843] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  193.047992][ T6843] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  193.060114][ T6843] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  193.072201][ T6843] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  193.084288][ T6843] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  193.096401][ T6843] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  193.108500][ T6843] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  193.271944][ T6846] loop4: detected capacity change from 0 to 1024
[  193.325278][ T6846] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  193.401940][ T6850] fuse: Unknown parameter '0x0000000000000003'
[  193.417339][ T6846] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e84ce118, mo2=0000]
[  193.453437][ T6846] System zones: 0-1, 3-12
[  193.518146][ T6846] EXT4-fs error (device loop4): ext4_ext_check_inode:523: inode #11: comm syz.4.223: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[  193.584445][ T6846] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.223: couldn't read orphan inode 11 (err -117)
[  193.623228][ T6846] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  193.978453][ T5864] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  194.579097][ T6878] loop2: detected capacity change from 0 to 4096
[  194.639684][ T6878] NILFS (loop2): invalid segment: Checksum error in segment payload
[  194.677898][ T6878] NILFS (loop2): trying rollback from an earlier position
[  194.728962][ T6878] NILFS (loop2): recovery complete
[  194.747053][ T6888] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  194.864515][   T30] audit: type=1800 audit(1757131573.562:14): pid=6878 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.236" name="bus" dev="loop2" ino=12 res=0 errno=0
[  194.902004][ T5945] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  194.954374][ T6482] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.005530][ T6890] loop0: detected capacity change from 0 to 8192
[  195.051855][ T6890] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  195.090157][ T5945] usb 2-1: Using ep0 maxpacket: 16
[  195.124705][ T5945] usb 2-1: config 0 has an invalid interface number: 41 but max is 0
[  195.155671][ T6482] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.163973][ T5945] usb 2-1: config 0 has no interface number 0
[  195.182292][ T5945] usb 2-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  195.212850][ T5945] usb 2-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  195.253316][ T5945] usb 2-1: config 0 interface 41 has no altsetting 0
[  195.286046][ T5945] usb 2-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  195.305896][ T5945] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  195.341369][ T6482] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.350242][ T5945] usb 2-1: Product: syz
[  195.357308][ T5945] usb 2-1: Manufacturer: syz
[  195.363823][ T5945] usb 2-1: SerialNumber: syz
[  195.394668][ T5945] usb 2-1: config 0 descriptor??
[  195.407951][ T6887] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  195.440775][ T6887] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  195.480021][ T6482] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.687986][ T6887] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  195.722885][ T6887] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  195.840552][ T6482] bridge_slave_1: left allmulticast mode
[  195.859214][ T6482] bridge_slave_1: left promiscuous mode
[  195.882335][ T6482] bridge0: port 2(bridge_slave_1) entered disabled state
[  195.948521][ T6482] bridge_slave_0: left allmulticast mode
[  195.964864][ T6482] bridge_slave_0: left promiscuous mode
[  195.980363][ T6482] bridge0: port 1(bridge_slave_0) entered disabled state
[  196.359203][ T5945] CoreChips 2-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0
[  196.422472][ T5867] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  196.440615][ T5867] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  196.450709][ T5867] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  196.462190][ T5867] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  196.470183][ T5867] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  196.604722][ T6913] loop2: detected capacity change from 0 to 512
[  196.612410][ T5945] CoreChips 2-1:0.41 (unnamed net_device) (uninitialized): Failed to send software reset:ffffffb9
[  196.633400][ T6913] EXT4-fs: Ignoring removed nomblk_io_submit option
[  196.642052][ T5945] CoreChips 2-1:0.41 (unnamed net_device) (uninitialized): Failed to power down PHY : -71
[  196.653320][ T5945] CoreChips 2-1:0.41: probe with driver CoreChips failed with error -71
[  196.689810][ T6913] EXT4-fs (loop2): filesystem is read-only
[  196.697310][ T5945] usb 2-1: USB disconnect, device number 4
[  196.734841][ T6913] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  196.760634][ T6913] EXT4-fs (loop2): filesystem is read-only
[  196.790246][ T6913] EXT4-fs (loop2): orphan cleanup on readonly fs
[  196.807606][ T6913] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #16: comm syz.2.247: iget: bad i_size value: 648518346341360424
[  196.829136][ T6913] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.247: couldn't read orphan inode 16 (err -117)
[  196.875353][ T6913] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  197.049373][ T6482] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  197.068769][ T6482] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  197.086819][ T6482] bond0 (unregistering): Released all slaves
[  197.105698][ T6482] bond1 (unregistering): Released all slaves
[  197.252769][ T6902] bridge0: port 2(bridge_slave_1) entered disabled state
[  197.262118][ T6902] bridge0: port 1(bridge_slave_0) entered disabled state
[  197.322511][ T6902] batman_adv: batadv0: Interface deactivated: dummy0
[  197.426719][ T6902] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  197.444302][ T6902] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  197.693098][ T6925] loop1: detected capacity change from 0 to 1024
[  197.711393][ T6925] EXT4-fs: Ignoring removed nobh option
[  197.713845][ T6927] netlink: 64 bytes leftover after parsing attributes in process `syz.4.250'.
[  197.772158][ T6925] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  197.949026][ T5860] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  198.065410][ T6935] loop0: detected capacity change from 0 to 4096
[  198.085063][ T6935] ntfs3(loop0): ino=3, Correct links count -> 2.
[  198.112180][   T61] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  198.159430][   T61] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  198.176571][   T61] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  198.187218][   T61] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  198.287655][ T6935] ntfs3(loop0): failed to convert "0080" to cp874
[  198.568737][ T5867] Bluetooth: hci4: command tx timeout
[  198.646538][ T6953] loop1: detected capacity change from 0 to 256
[  198.654392][ T6953] exfat: Deprecated parameter 'namecase'
[  198.684660][ T6953] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x25fbf2c1, utbl_chksum : 0xe619d30d)
[  198.900603][ T5945] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  198.916394][ T6482] hsr_slave_0: left promiscuous mode
[  198.942708][ T6482] hsr_slave_1: left promiscuous mode
[  198.959254][ T6482] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  198.971138][ T6482] batman_adv: batadv0: Removing interface: batadv_slave_0
[  198.991615][ T6958] loop1: detected capacity change from 0 to 4096
[  198.992326][ T6482] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  199.027881][ T6482] batman_adv: batadv0: Removing interface: batadv_slave_1
[  199.071564][ T5945] usb 1-1: Using ep0 maxpacket: 16
[  199.090798][ T5945] usb 1-1: config 0 has an invalid interface number: 105 but max is 0
[  199.099033][ T5945] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  199.124982][ T6482] veth1_macvtap: left promiscuous mode
[  199.131353][   T30] audit: type=1800 audit(1757131577.832:15): pid=6958 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.261" name="file1" dev="loop1" ino=33 res=0 errno=0
[  199.141632][ T6482] veth0_macvtap: left promiscuous mode
[  199.158161][ T5945] usb 1-1: config 0 has no interface number 0
[  199.181065][ T5945] usb 1-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  199.199133][ T6482] veth1_vlan: left promiscuous mode
[  199.204692][ T5945] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  199.218663][ T6482] veth0_vlan: left promiscuous mode
[  199.237194][ T5945] usb 1-1: Product: syz
[  199.245198][ T5945] usb 1-1: Manufacturer: syz
[  199.249858][ T5945] usb 1-1: SerialNumber: syz
[  199.258093][ T5945] usb 1-1: config 0 descriptor??
[  199.273281][ T5945] usb 1-1: Found UVC 0.00 device syz (046d:08f3)
[  199.279795][ T5945] usb 1-1: No valid video chain found.
[  199.496800][  T979] usb 1-1: USB disconnect, device number 4
[  200.098413][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  200.105427][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  200.623819][ T6482] team0 (unregistering): Port device team_slave_1 removed
[  200.650554][ T5867] Bluetooth: hci4: command tx timeout
[  200.694139][ T6482] team0 (unregistering): Port device team_slave_0 removed
[  201.589184][ T6966] sch_tbf: burst 824 is lower than device lo mtu (65550) !
[  202.276735][ T6908] chnl_net:caif_netlink_parms(): no params data found
[  202.498107][ T5871] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  202.753511][ T5867] Bluetooth: hci4: command tx timeout
[  202.782916][ T6994] loop1: detected capacity change from 0 to 4096
[  202.820405][ T6994] ntfs3(loop1): Different NTFS sector size (2048) and media sector size (512).
[  202.944961][ T6994] ntfs3(loop1): Failed to initialize $Extend/$ObjId.
[  203.322665][ T6908] bridge0: port 1(bridge_slave_0) entered blocking state
[  203.341785][ T6908] bridge0: port 1(bridge_slave_0) entered disabled state
[  203.353532][ T6908] bridge_slave_0: entered allmulticast mode
[  203.375208][ T6908] bridge_slave_0: entered promiscuous mode
[  203.393893][ T6908] bridge0: port 2(bridge_slave_1) entered blocking state
[  203.411306][ T6908] bridge0: port 2(bridge_slave_1) entered disabled state
[  203.430871][ T6908] bridge_slave_1: entered allmulticast mode
[  203.438842][ T6908] bridge_slave_1: entered promiscuous mode
[  203.490130][   T10] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  203.644797][ T6908] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  203.663506][   T10] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  203.675721][ T6908] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  203.687969][   T10] usb 2-1: config 0 has no interface number 0
[  203.707968][   T10] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  203.739878][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  203.768529][   T10] usb 2-1: Product: syz
[  203.788856][   T10] usb 2-1: Manufacturer: syz
[  203.800983][   T10] usb 2-1: SerialNumber: syz
[  203.808588][ T7015] loop0: detected capacity change from 0 to 64
[  203.828272][   T10] usb 2-1: config 0 descriptor??
[  203.914756][ T6908] team0: Port device team_slave_0 added
[  203.927308][ T6908] team0: Port device team_slave_1 added
[  203.940544][ T7015] overlayfs: upper fs needs to support d_type.
[  203.984456][ T7015] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  203.997803][ T7015] overlayfs: failed to set xattr on upper
[  204.023638][ T7015] overlayfs: ...falling back to redirect_dir=nofollow.
[  204.048959][ T7015] overlayfs: ...falling back to index=off.
[  204.071531][ T6908] batman_adv: batadv0: Adding interface: batadv_slave_0
[  204.073085][   T10] usb 2-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  204.078536][ T6908] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  204.078570][ T6908] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  204.084993][ T7015] overlayfs: ...falling back to uuid=null.
[  204.134729][ T6908] batman_adv: batadv0: Adding interface: batadv_slave_1
[  204.134806][   T10] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  204.147496][ T6908] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  204.186331][   T10] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  204.196632][ T6908] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  204.207565][   T10] usb 2-1: media controller created
[  204.276619][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  204.311626][ T5870] Trying to free block not in datazone
[  204.329908][ T5870] Trying to free block not in datazone
[  204.359040][ T5870] Trying to free block not in datazone
[  204.419660][   T10] i2c i2c-1: ec100: i2c rd failed=-71 reg=33
[  204.478523][ T6908] hsr_slave_0: entered promiscuous mode
[  204.511183][ T6908] hsr_slave_1: entered promiscuous mode
[  204.538213][ T6908] debugfs: 'hsr0' already exists in 'hsr'
[  204.566778][ T6908] Cannot create hsr debugfs directory
[  204.590938][   T10] usb 2-1: USB disconnect, device number 5
[  204.800131][ T5867] Bluetooth: hci4: command tx timeout
[  204.929284][ T6973] net_ratelimit: 10 callbacks suppressed
[  204.929306][ T6973] Set syz1 is full, maxelem 65536 reached
[  205.015149][ T7032] loop6: detected capacity change from 0 to 2560
[  205.055290][ T7032] Buffer I/O error on dev loop6, logical block 0, async page read
[  205.106042][ T7032] Buffer I/O error on dev loop6, logical block 0, async page read
[  205.181518][ T7032] Buffer I/O error on dev loop6, logical block 0, async page read
[  205.210319][ T7032] Buffer I/O error on dev loop6, logical block 0, async page read
[  205.222306][ T7036] netlink: 36 bytes leftover after parsing attributes in process `syz.0.273'.
[  205.261338][ T7032] Buffer I/O error on dev loop6, logical block 0, async page read
[  205.276499][ T7032] Buffer I/O error on dev loop6, logical block 0, async page read
[  205.286263][ T7032] Buffer I/O error on dev loop6, logical block 0, async page read
[  205.298128][ T7032] Buffer I/O error on dev loop6, logical block 0, async page read
[  205.404521][ T7032] ldm_validate_partition_table(): Disk read failed.
[  205.427028][ T7032] Buffer I/O error on dev loop6, logical block 0, async page read
[  205.446116][ T7032] Buffer I/O error on dev loop6, logical block 0, async page read
[  205.468504][ T7032] Dev loop6: unable to read RDB block 0
[  205.483080][ T7032]  loop6: unable to read partition table
[  205.493721][ T7032] loop_reread_partitions: partition scan of loop6 (3ŸA6‚³˜) failed (rc=-5)
[  205.780302][ T7053] loop4: detected capacity change from 0 to 256
[  205.799551][ T7052] loop0: detected capacity change from 0 to 512
[  205.830108][ T7052] ext4: Unknown parameter 'fowner<00000000000000000000'
[  206.058803][   T30] audit: type=1800 audit(1757131584.762:16): pid=7057 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.281" name="file1" dev="overlay" ino=336 res=0 errno=0
[  206.291339][ T7064] loop0: detected capacity change from 0 to 2048
[  206.344262][ T7064] NILFS (loop0): invalid segment: Magic number mismatch
[  206.373085][ T7064] NILFS (loop0): trying rollback from an earlier position
[  206.469517][ T7064] NILFS (loop0): recovery complete
[  206.490988][ T7074] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  206.565687][ T7073] geneve2: entered promiscuous mode
[  206.662737][ T7070] loop1: detected capacity change from 0 to 4096
[  207.056366][ T7085] block nbd0: Attempted send on invalid socket
[  207.118869][ T7087] binder: 7086:7087 ioctl 4018620d 0 returned -22
[  207.157429][ T7085] I/O error, dev nbd0, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  207.166927][ T7087] input: syz0 as /devices/virtual/input/input8
[  207.261465][ T5988] block nbd0: Attempted send on invalid socket
[  207.268511][ T5988] I/O error, dev nbd0, sector 256 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  207.279344][ T7085] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  207.390720][ T7085] block nbd0: Attempted send on invalid socket
[  207.396354][ T7094] bond_slave_0: entered promiscuous mode
[  207.403835][ T7094] bond_slave_1: entered promiscuous mode
[  207.409596][ T7094] mac80211_hwsim hwsim5 wlan1: entered promiscuous mode
[  207.424099][ T7085] I/O error, dev nbd0, sector 512 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  207.456506][ T7085] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  207.481101][ T7094] macsec1: entered promiscuous mode
[  207.486408][ T7094] bond0: entered promiscuous mode
[  207.521068][ T7085] block nbd0: Attempted send on invalid socket
[  207.545012][ T5867] Bluetooth: hci2: unknown advertising packet type: 0x82
[  207.545087][ T5867] Bluetooth: hci2: Dropping invalid advertising data
[  207.560728][ T5867] Bluetooth: hci2: Malformed LE Event: 0x02
[  207.570277][ T7085] I/O error, dev nbd0, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  207.596202][ T7094] macsec1: entered allmulticast mode
[  207.601019][ T7085] block nbd0: Attempted send on invalid socket
[  207.607896][ T7085] I/O error, dev nbd0, sector 512 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  207.610169][ T7094] bond0: entered allmulticast mode
[  207.635979][ T7094] bond_slave_0: entered allmulticast mode
[  207.648297][ T7094] bond_slave_1: entered allmulticast mode
[  207.654232][ T7094] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode
[  207.661556][ T7085] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  207.675977][ T7085] block nbd0: Attempted send on invalid socket
[  207.703033][ T7094] bond0: left allmulticast mode
[  207.722769][ T7094] bond_slave_0: left allmulticast mode
[  207.742507][ T7085] I/O error, dev nbd0, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  207.753344][ T7094] bond_slave_1: left allmulticast mode
[  207.758861][ T7094] mac80211_hwsim hwsim5 wlan1: left allmulticast mode
[  207.780495][ T7085] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  207.799707][ T7085] block nbd0: Attempted send on invalid socket
[  207.810347][ T7094] bond0: left promiscuous mode
[  207.815990][ T7094] bond_slave_0: left promiscuous mode
[  207.821517][ T7094] bond_slave_1: left promiscuous mode
[  207.827092][ T7094] mac80211_hwsim hwsim5 wlan1: left promiscuous mode
[  207.828734][ T7085] I/O error, dev nbd0, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  207.890249][ T7085] block nbd0: Attempted send on invalid socket
[  207.911354][ T7107] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[  207.931303][ T7085] I/O error, dev nbd0, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  207.943984][ T7085] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  207.957576][ T7107] overlayfs: missing 'lowerdir'
[  207.966318][ T6908] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  207.975466][ T7085] block nbd0: Attempted send on invalid socket
[  207.988056][ T7085] I/O error, dev nbd0, sector 2048 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  208.017128][ T6908] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  208.029575][ T7085] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  208.045813][ T6908] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  208.062405][ T7085] block nbd0: Attempted send on invalid socket
[  208.068815][ T7085] I/O error, dev nbd0, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  208.085883][ T6908] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  208.101137][ T7085] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  208.162056][ T7085] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  208.195173][ T7085] UDF-fs: warning (device nbd0): udf_fill_super: No partition found (1)
[  208.301393][ T1210] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  208.474874][ T1210] usb 3-1: Using ep0 maxpacket: 16
[  208.506374][ T1210] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  208.514857][ T6908] 8021q: adding VLAN 0 to HW filter on device bond0
[  208.534985][ T1210] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  208.570503][ T1210] usb 3-1: New USB device found, idVendor=06a3, idProduct=0621, bcdDevice= 0.00
[  208.605043][ T6908] 8021q: adding VLAN 0 to HW filter on device team0
[  208.614862][ T1210] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  208.648688][ T1210] usb 3-1: config 0 descriptor??
[  208.696267][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  208.703541][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  208.755983][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  208.763252][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  208.792922][  T979] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  208.814285][ T7135] syz_tun: entered promiscuous mode
[  208.828676][ T7135] batadv_slave_0: entered promiscuous mode
[  208.975946][  T979] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  209.009138][  T979] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  209.060444][  T979] usb 5-1: New USB device found, idVendor=0079, idProduct=1846, bcdDevice= 0.00
[  209.070910][  T979] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  209.084314][  T979] usb 5-1: config 0 descriptor??
[  209.116377][ T1210] saitek 0003:06A3:0621.0001: item fetching failed at offset 2/5
[  209.193709][ T1210] saitek 0003:06A3:0621.0001: parse failed
[  209.230666][ T1210] saitek 0003:06A3:0621.0001: probe with driver saitek failed with error -22
[  209.289763][ T1210] usb 3-1: USB disconnect, device number 4
[  209.408982][ T7154] netlink: 28 bytes leftover after parsing attributes in process `syz.1.307'.
[  209.448886][ T7154] netlink: 8 bytes leftover after parsing attributes in process `syz.1.307'.
[  209.633720][  T979] hid_mf 0003:0079:1846.0002: report_id 393985501 is invalid
[  209.641295][  T979] hid_mf 0003:0079:1846.0002: item 0 4 1 8 parsing failed
[  209.659208][  T979] hid_mf 0003:0079:1846.0002: HID parse failed.
[  209.674151][  T979] hid_mf 0003:0079:1846.0002: probe with driver hid_mf failed with error -22
[  209.860355][   T10] usb 5-1: USB disconnect, device number 6
[  209.872992][ T7164] tipc: Started in network mode
[  209.890438][ T7164] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711
[  209.904235][ T7164] tipc: Enabled bearer <eth:team0>, priority 0
[  210.087308][ T6908] 8021q: adding VLAN 0 to HW filter on device batadv0
[  211.206404][ T5925] tipc: Node number set to 11578026
[  211.481627][ T6908] veth0_vlan: entered promiscuous mode
[  211.487601][ T7181] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  211.823622][ T7185] loop2: detected capacity change from 0 to 256
[  211.846289][ T7185] vfat: Unknown parameter 'nnonumtail'
[  211.885287][ T6908] veth1_vlan: entered promiscuous mode
[  212.029408][ T6908] veth0_macvtap: entered promiscuous mode
[  212.137721][ T6908] veth1_macvtap: entered promiscuous mode
[  212.273817][ T6908] batman_adv: batadv0: Interface activated: batadv_slave_0
[  212.363256][ T6908] batman_adv: batadv0: Interface activated: batadv_slave_1
[  212.444079][   T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  212.525701][   T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  212.550741][  T979] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  212.585202][   T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  212.629505][   T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  212.730867][  T979] usb 2-1: Using ep0 maxpacket: 16
[  212.752684][  T979] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  212.786091][  T979] usb 2-1: config 0 has no interface number 0
[  212.809994][ T6482] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  212.833411][  T979] usb 2-1: config 0 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  212.867855][ T6482] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  212.907108][  T979] usb 2-1: New USB device found, idVendor=1a86, idProduct=752d, bcdDevice=2d.4d
[  212.963947][  T979] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  212.985607][  T979] usb 2-1: Product: syz
[  213.008234][  T979] usb 2-1: Manufacturer: syz
[  213.012001][   T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  213.043870][  T979] usb 2-1: SerialNumber: syz
[  213.068920][   T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  213.091015][  T979] usb 2-1: config 0 descriptor??
[  213.173970][  T979] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  213.202886][ T5867] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  213.213077][ T5867] Bluetooth: hci3: Injecting HCI hardware error event
[  213.221952][   T52] Bluetooth: hci3: hardware error 0x00
[  213.318392][   T30] audit: type=1326 audit(1757131592.012:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7194 comm="syz.1.318" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa362f8ebe9 code=0x0
[  213.369689][ T7215] loop2: detected capacity change from 0 to 1024
[  213.476842][ T7215] EXT4-fs: Ignoring removed nobh option
[  213.634142][  T979] snd-usb-audio 2-1:0.1: probe with driver snd-usb-audio failed with error -2
[  214.002453][ T7215] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  214.046303][ T5984] udevd[5984]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.1/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  214.103442][ T7215] EXT4-fs error (device loop2): mb_free_blocks:2017: group 0, inode 15: block 225:freeing already freed block (bit 14); block bitmap corrupt.
[  214.511054][ T7246] netlink: 8 bytes leftover after parsing attributes in process `syz.0.328'.
[  214.577546][ T5871] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  215.123544][ T5867] Bluetooth: hci0: command 0x0406 tx timeout
[  215.408352][   T52] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  215.425370][ T5944] usb 2-1: USB disconnect, device number 6
[  215.725371][ T7248] loop3: detected capacity change from 0 to 4096
[  215.787127][ T7248] NILFS (loop3): invalid segment: Checksum error in segment payload
[  215.813482][ T7248] NILFS (loop3): trying rollback from an earlier position
[  216.120593][ T5944] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  216.223364][ T7248] NILFS (loop3): recovery complete
[  216.299276][ T7266] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  216.355436][   T30] audit: type=1800 audit(1757131595.042:18): pid=7248 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.331" name="bus" dev="loop3" ino=12 res=0 errno=0
[  216.396337][ T5944] usb 3-1: Using ep0 maxpacket: 32
[  216.454728][ T5944] usb 3-1: config 128 has too many interfaces: 254, using maximum allowed: 32
[  216.484985][ T5944] usb 3-1: config 128 has 0 interfaces, different from the descriptor's value: 254
[  216.540339][ T5944] usb 3-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  216.584568][ T5944] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  217.113259][ T7288] loop3: detected capacity change from 0 to 128
[  217.183731][ T7290] warning: `syz.1.341' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  217.295451][ T7288] FAT-fs (loop3): error, corrupted directory (invalid entries)
[  217.330769][ T7288] FAT-fs (loop3): Filesystem has been set read-only
[  219.040226][ T5181] Bluetooth: hci4: command 0x0405 tx timeout
[  219.316966][  T979] usb 3-1: USB disconnect, device number 5
[  220.792441][ T7307] loop3: detected capacity change from 0 to 32768
[  221.347948][ T7307] read_mapping_page failed!
[  221.535947][ T7307] jfs_mount: Failed to read AGGREGATE_I
[  221.600766][ T7307] Mount JFS Failure: -5
[  221.616138][ T7307] jfs_mount failed w/return code = -5
[  222.165001][ T7345] loop4: detected capacity change from 0 to 2048
[  222.191993][ T7345] NILFS (loop4): invalid segment: Magic number mismatch
[  222.199058][ T7345] NILFS (loop4): trying rollback from an earlier position
[  222.216779][ T7345] NILFS (loop4): recovery complete
[  222.225936][ T7348] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  223.444070][ T7358] loop0: detected capacity change from 0 to 256
[  223.676207][ T7358] FAT-fs (loop0): Directory bread(block 64) failed
[  223.702943][ T7358] FAT-fs (loop0): Directory bread(block 65) failed
[  223.709634][ T7358] FAT-fs (loop0): Directory bread(block 66) failed
[  223.761413][ T7358] FAT-fs (loop0): Directory bread(block 67) failed
[  223.809378][ T7358] FAT-fs (loop0): Directory bread(block 68) failed
[  223.850227][ T7358] FAT-fs (loop0): Directory bread(block 69) failed
[  223.877433][ T7358] FAT-fs (loop0): Directory bread(block 70) failed
[  223.930577][ T7358] FAT-fs (loop0): Directory bread(block 71) failed
[  223.994065][ T7358] FAT-fs (loop0): Directory bread(block 72) failed
[  224.042813][ T7358] FAT-fs (loop0): Directory bread(block 73) failed
[  224.219627][ T7343] loop3: detected capacity change from 0 to 32768
[  224.270279][    T9] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  224.470167][    T9] usb 3-1: Using ep0 maxpacket: 16
[  224.530633][    T9] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  224.571458][    T9] usb 3-1: config 0 has no interface number 0
[  224.745555][ T7382] loop1: detected capacity change from 0 to 2048
[  224.885318][ T7382]  loop1: p2 p3 p7
[  225.328089][    T9] usb 3-1: New USB device found, idVendor=1a86, idProduct=752d, bcdDevice=2d.4d
[  225.354373][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  225.380162][    T9] usb 3-1: Product: syz
[  225.384397][    T9] usb 3-1: Manufacturer: syz
[  225.389008][    T9] usb 3-1: SerialNumber: syz
[  225.469484][    T9] usb 3-1: config 0 descriptor??
[  225.499287][    T9] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  225.527954][ T6559] udevd[6559]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory
[  225.534046][ T5866] udevd[5866]: inotify_add_watch(7, /dev/loop1p7, 10) failed: No such file or directory
[  225.547092][ T5862] udevd[5862]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory
[  225.624678][    T9] snd-usb-audio 3-1:0.1: probe with driver snd-usb-audio failed with error -2
[  225.716051][ T5945] usb 3-1: USB disconnect, device number 6
[  225.773259][ T6220] udevd[6220]: inotify_add_watch(7, /dev/loop1p7, 10) failed: No such file or directory
[  225.805096][ T5862] udevd[5862]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory
[  225.883779][ T6559] udevd[6559]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.1/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  226.149487][ T7392] syz.0.359: attempt to access beyond end of device
[  226.149487][ T7392] loop0: rw=2049, sector=1224, nr_sectors = 160 limit=256
[  226.198854][ T7392] syz.0.359: attempt to access beyond end of device
[  226.198854][ T7392] loop0: rw=2049, sector=1416, nr_sectors = 352 limit=256
[  226.285874][ T7392] syz.0.359: attempt to access beyond end of device
[  226.285874][ T7392] loop0: rw=2049, sector=1800, nr_sectors = 4 limit=256
[  226.672034][ T7402] lo: entered allmulticast mode
[  227.286741][ T7401] loop3: detected capacity change from 0 to 32768
[  227.324309][ T7401] (syz.3.370,7401,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  227.339293][ T7401] (syz.3.370,7401,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  227.416491][ T7401] JBD2: Ignoring recovery information on journal
[  227.476004][ T7401] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  227.537681][ T7401] (syz.3.370,7401,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x98842a5e, computed 0xe74db1cd. Applying ECC.
[  227.602793][ T7410] loop4: detected capacity change from 0 to 256
[  227.684722][ T7401] (syz.3.370,7401,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xdf8356d3, computed 0xb8c23ae4. Applying ECC.
[  227.698436][ T7401] (syz.3.370,7401,1):ocfs2_block_check_validate:416 ERROR: Fixed CRC32 failed: stored: 0xdf8356d3, computed 0x2acb7e3c
[  227.712233][ T7401] (syz.3.370,7401,1):ocfs2_read_quota_phys_block:160 ERROR: status = -5
[  227.721005][ T7401] (syz.3.370,7401,1):ocfs2_quota_read:201 ERROR: status = -5
[  227.722422][ T7412] netlink: 4 bytes leftover after parsing attributes in process `syz.2.373'.
[  227.728611][ T7401] Quota error (device loop3): qtree_write_dquot: Error -5 occurred while creating quota
[  227.747418][ T7401] (syz.3.370,7401,1):ocfs2_acquire_dquot:890 ERROR: status = -5
[  227.760861][ T5867] Bluetooth: hci1: command 0x0406 tx timeout
[  227.772184][ T5865] Bluetooth: hci2: command 0x0406 tx timeout
[  227.855120][ T7410] FAT-fs (loop4): Directory bread(block 64) failed
[  227.873489][ T7410] FAT-fs (loop4): Directory bread(block 65) failed
[  227.883875][ T7410] FAT-fs (loop4): Directory bread(block 66) failed
[  227.890544][ T7410] FAT-fs (loop4): Directory bread(block 67) failed
[  227.897259][ T7410] FAT-fs (loop4): Directory bread(block 68) failed
[  227.911236][ T7410] FAT-fs (loop4): Directory bread(block 69) failed
[  227.926966][ T7410] FAT-fs (loop4): Directory bread(block 70) failed
[  227.997492][ T6908] ocfs2: Unmounting device (7,3) on (node local)
[  228.197324][ T7410] FAT-fs (loop4): Directory bread(block 71) failed
[  228.228178][ T7410] FAT-fs (loop4): Directory bread(block 72) failed
[  228.235119][ T7410] FAT-fs (loop4): Directory bread(block 73) failed
[  231.244928][ T7436] netlink: 24 bytes leftover after parsing attributes in process `syz.2.381'.
[  231.336796][ T7439] netlink: 4 bytes leftover after parsing attributes in process `syz.2.381'.
[  231.536220][ T7439] input: syz0 as /devices/virtual/input/input9
[  231.757333][ T7447] ==================================================================
[  231.765473][ T7447] BUG: KASAN: slab-out-of-bounds in change_page_attr_set_clr+0x625/0xfc0
[  231.773958][ T7447] Read of size 8 at addr ffff888029b30408 by task syz.3.386/7447
[  231.781700][ T7447] 
[  231.784057][ T7447] CPU: 0 UID: 0 PID: 7447 Comm: syz.3.386 Not tainted syzkaller #0 PREEMPT(full) 
[  231.784084][ T7447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  231.784099][ T7447] Call Trace:
[  231.784110][ T7447]  <TASK>
[  231.784121][ T7447]  dump_stack_lvl+0x189/0x250
[  231.784159][ T7447]  ? __kasan_check_byte+0x12/0x40
[  231.784195][ T7447]  ? __pfx_dump_stack_lvl+0x10/0x10
[  231.784223][ T7447]  ? lock_release+0x4b/0x3e0
[  231.784260][ T7447]  ? __virt_addr_valid+0x4a5/0x5c0
[  231.784289][ T7447]  print_report+0xca/0x240
[  231.784312][ T7447]  ? change_page_attr_set_clr+0x625/0xfc0
[  231.784345][ T7447]  kasan_report+0x118/0x150
[  231.784381][ T7447]  ? change_page_attr_set_clr+0x625/0xfc0
[  231.784419][ T7447]  change_page_attr_set_clr+0x625/0xfc0
[  231.784463][ T7447]  ? __pfx_change_page_attr_set_clr+0x10/0x10
[  231.784497][ T7447]  ? __pfx_pagerange_is_ram_callback+0x10/0x10
[  231.784526][ T7447]  ? memtype_reserve+0x874/0xb30
[  231.784571][ T7447]  _set_pages_array+0x145/0x270
[  231.784609][ T7447]  drm_gem_shmem_get_pages_locked+0x2d0/0x440
[  231.784641][ T7447]  ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10
[  231.784676][ T7447]  drm_gem_shmem_pin_locked+0x22c/0x460
[  231.784705][ T7447]  ? __pfx_drm_gem_shmem_pin_locked+0x10/0x10
[  231.784736][ T7447]  ? ww_mutex_lock+0x3f/0x1c0
[  231.784763][ T7447]  drm_gem_map_attach+0x19c/0x1f0
[  231.784793][ T7447]  dma_buf_dynamic_attach+0x1ea/0x3d0
[  231.784829][ T7447]  ? __fget_files+0x3a0/0x420
[  231.784863][ T7447]  ? __pfx_drm_gem_shmem_prime_import_no_map+0x10/0x10
[  231.784895][ T7447]  drm_gem_shmem_prime_import_no_map+0xc1/0x2f0
[  231.784926][ T7447]  ? drm_gem_prime_fd_to_handle+0x185/0x4d0
[  231.784955][ T7447]  ? __pfx_drm_gem_shmem_prime_import_no_map+0x10/0x10
[  231.784986][ T7447]  drm_gem_prime_fd_to_handle+0x196/0x4d0
[  231.785023][ T7447]  drm_ioctl_kernel+0x2cc/0x390
[  231.785046][ T7447]  ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10
[  231.785075][ T7447]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  231.785104][ T7447]  drm_ioctl+0x67f/0xb10
[  231.785127][ T7447]  ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10
[  231.785160][ T7447]  ? __pfx_drm_ioctl+0x10/0x10
[  231.785189][ T7447]  ? __fget_files+0x3a0/0x420
[  231.785220][ T7447]  ? __fget_files+0x2a/0x420
[  231.785254][ T7447]  ? bpf_lsm_file_ioctl+0x9/0x20
[  231.785281][ T7447]  ? __pfx_drm_ioctl+0x10/0x10
[  231.785303][ T7447]  __se_sys_ioctl+0xf9/0x170
[  231.785329][ T7447]  do_syscall_64+0xfa/0xfa0
[  231.785353][ T7447]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  231.785376][ T7447]  ? asm_sysvec_call_function_single+0x1a/0x20
[  231.785399][ T7447]  ? clear_bhb_loop+0x60/0xb0
[  231.785424][ T7447]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  231.785446][ T7447] RIP: 0033:0x7fdef938ebe9
[  231.785473][ T7447] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  231.785492][ T7447] RSP: 002b:00007fdefa247038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  231.785516][ T7447] RAX: ffffffffffffffda RBX: 00007fdef95c6090 RCX: 00007fdef938ebe9
[  231.785540][ T7447] RDX: 0000200000000300 RSI: 00000000c00c642e RDI: 0000000000000007
[  231.785555][ T7447] RBP: 00007fdef9411e19 R08: 0000000000000000 R09: 0000000000000000
[  231.785570][ T7447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  231.785583][ T7447] R13: 00007fdef95c6128 R14: 00007fdef95c6090 R15: 00007ffc23efac68
[  231.785610][ T7447]  </TASK>
[  231.785618][ T7447] 
[  232.119567][ T7447] Allocated by task 7447:
[  232.123912][ T7447]  kasan_save_track+0x3e/0x80
[  232.128622][ T7447]  __kasan_kmalloc+0x93/0xb0
[  232.133242][ T7447]  __kvmalloc_node_noprof+0x5cd/0x910
[  232.138646][ T7447]  drm_gem_get_pages+0x166/0xa20
[  232.143616][ T7447]  drm_gem_shmem_get_pages_locked+0x201/0x440
[  232.149709][ T7447]  drm_gem_shmem_pin_locked+0x22c/0x460
[  232.155282][ T7447]  drm_gem_map_attach+0x19c/0x1f0
[  232.160333][ T7447]  dma_buf_dynamic_attach+0x1ea/0x3d0
[  232.165740][ T7447]  drm_gem_shmem_prime_import_no_map+0xc1/0x2f0
[  232.172017][ T7447]  drm_gem_prime_fd_to_handle+0x196/0x4d0
[  232.177768][ T7447]  drm_ioctl_kernel+0x2cc/0x390
[  232.182640][ T7447]  drm_ioctl+0x67f/0xb10
[  232.186905][ T7447]  __se_sys_ioctl+0xf9/0x170
[  232.191524][ T7447]  do_syscall_64+0xfa/0xfa0
[  232.196053][ T7447]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  232.201980][ T7447] 
[  232.204318][ T7447] The buggy address belongs to the object at ffff888029b30000
[  232.204318][ T7447]  which belongs to the cache kmalloc-2k of size 2048
[  232.218390][ T7447] The buggy address is located 0 bytes to the right of
[  232.218390][ T7447]  allocated 1032-byte region [ffff888029b30000, ffff888029b30408)
[  232.232994][ T7447] 
[  232.235339][ T7447] The buggy address belongs to the physical page:
[  232.241803][ T7447] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29b30
[  232.250591][ T7447] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  232.259109][ T7447] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  232.266686][ T7447] page_type: f5(slab)
[  232.270694][ T7447] raw: 00fff00000000040 ffff88801a842000 ffffea0001564400 dead000000000002
[  232.279392][ T7447] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[  232.288003][ T7447] head: 00fff00000000040 ffff88801a842000 ffffea0001564400 dead000000000002
[  232.296700][ T7447] head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[  232.305398][ T7447] head: 00fff00000000003 ffffea0000a6cc01 00000000ffffffff 00000000ffffffff
[  232.314099][ T7447] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  232.322821][ T7447] page dumped because: kasan: bad access detected
[  232.329265][ T7447] page_owner tracks the page as allocated
[  232.334993][ T7447] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5860, tgid 5860 (syz-executor), ts 102270935782, free_ts 80852632722
[  232.355863][ T7447]  post_alloc_hook+0x240/0x2a0
[  232.360665][ T7447]  get_page_from_freelist+0x21e4/0x22c0
[  232.366247][ T7447]  __alloc_frozen_pages_noprof+0x181/0x370
[  232.372095][ T7447]  alloc_pages_mpol+0x232/0x4a0
[  232.376984][ T7447]  allocate_slab+0x8a/0x330
[  232.381522][ T7447]  ___slab_alloc+0xbd1/0x13f0
[  232.386225][ T7447]  __slab_alloc+0x55/0xa0
[  232.390578][ T7447]  __kmalloc_node_track_caller_noprof+0x5c7/0x800
[  232.397031][ T7447]  kmalloc_reserve+0x136/0x290
[  232.401820][ T7447]  pskb_expand_head+0x18e/0x1150
[  232.406788][ T7447]  netlink_trim+0x1d5/0x2e0
[  232.411324][ T7447]  netlink_broadcast_filtered+0xd6/0x1000
[  232.417079][ T7447]  nlmsg_notify+0xf0/0x1a0
[  232.421516][ T7447]  __dev_notify_flags+0xf4/0x2e0
[  232.426479][ T7447]  rtnl_newlink_create+0x61c/0xb00
[  232.431626][ T7447]  rtnl_newlink+0x16d6/0x1c70
[  232.436333][ T7447] page last free pid 5718 tgid 5718 stack trace:
[  232.442693][ T7447]  __free_frozen_pages+0xbc4/0xd30
[  232.447884][ T7447]  __put_partials+0x146/0x170
[  232.452594][ T7447]  put_cpu_partial+0x17c/0x250
[  232.457393][ T7447]  __slab_free+0x2b9/0x390
[  232.461846][ T7447]  qlist_free_all+0x97/0x140
[  232.466485][ T7447]  kasan_quarantine_reduce+0x148/0x160
[  232.471998][ T7447]  __kasan_slab_alloc+0x22/0x80
[  232.476906][ T7447]  kmem_cache_alloc_lru_noprof+0x35d/0x6d0
[  232.482753][ T7447]  alloc_inode+0xb8/0x1b0
[  232.487124][ T7447]  create_pipe_files+0x51/0x7e0
[  232.492017][ T7447]  __do_pipe_flags+0x46/0x1f0
[  232.496737][ T7447]  do_pipe2+0x9c/0x170
[  232.500856][ T7447]  __x64_sys_pipe2+0x5a/0x70
[  232.505505][ T7447]  do_syscall_64+0xfa/0xfa0
[  232.510042][ T7447]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  232.515967][ T7447] 
[  232.518343][ T7447] Memory state around the buggy address:
[  232.524002][ T7447]  ffff888029b30300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  232.532102][ T7447]  ffff888029b30380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  232.540282][ T7447] >ffff888029b30400: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  232.548367][ T7447]                       ^
[  232.552722][ T7447]  ffff888029b30480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  232.560817][ T7447]  ffff888029b30500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  232.568931][ T7447] ==================================================================
[  232.639421][ T7447] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  232.646695][ T7447] CPU: 0 UID: 0 PID: 7447 Comm: syz.3.386 Not tainted syzkaller #0 PREEMPT(full) 
[  232.655964][ T7447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  232.666072][ T7447] Call Trace:
[  232.669379][ T7447]  <TASK>
[  232.672343][ T7447]  dump_stack_lvl+0x99/0x250
[  232.676965][ T7447]  ? __asan_memcpy+0x40/0x70
[  232.681581][ T7447]  ? __pfx_dump_stack_lvl+0x10/0x10
[  232.686810][ T7447]  ? __pfx__printk+0x10/0x10
[  232.691440][ T7447]  vpanic+0x237/0x6d0
[  232.695447][ T7447]  ? __pfx_vpanic+0x10/0x10
[  232.699971][ T7447]  ? preempt_schedule+0xae/0xc0
[  232.704843][ T7447]  ? __pfx_preempt_schedule+0x10/0x10
[  232.710234][ T7447]  panic+0xb9/0xc0
[  232.713979][ T7447]  ? __pfx_panic+0x10/0x10
[  232.718413][ T7447]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  232.724343][ T7447]  ? change_page_attr_set_clr+0x625/0xfc0
[  232.730094][ T7447]  check_panic_on_warn+0x89/0xb0
[  232.735071][ T7447]  ? change_page_attr_set_clr+0x625/0xfc0
[  232.740819][ T7447]  end_report+0x78/0x160
[  232.745090][ T7447]  kasan_report+0x129/0x150
[  232.749620][ T7447]  ? change_page_attr_set_clr+0x625/0xfc0
[  232.755372][ T7447]  change_page_attr_set_clr+0x625/0xfc0
[  232.760953][ T7447]  ? __pfx_change_page_attr_set_clr+0x10/0x10
[  232.767050][ T7447]  ? __pfx_pagerange_is_ram_callback+0x10/0x10
[  232.773249][ T7447]  ? memtype_reserve+0x874/0xb30
[  232.778214][ T7447]  _set_pages_array+0x145/0x270
[  232.783110][ T7447]  drm_gem_shmem_get_pages_locked+0x2d0/0x440
[  232.789210][ T7447]  ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10
[  232.795827][ T7447]  drm_gem_shmem_pin_locked+0x22c/0x460
[  232.801398][ T7447]  ? __pfx_drm_gem_shmem_pin_locked+0x10/0x10
[  232.807488][ T7447]  ? ww_mutex_lock+0x3f/0x1c0
[  232.812194][ T7447]  drm_gem_map_attach+0x19c/0x1f0
[  232.817241][ T7447]  dma_buf_dynamic_attach+0x1ea/0x3d0
[  232.822646][ T7447]  ? __fget_files+0x3a0/0x420
[  232.827359][ T7447]  ? __pfx_drm_gem_shmem_prime_import_no_map+0x10/0x10
[  232.834235][ T7447]  drm_gem_shmem_prime_import_no_map+0xc1/0x2f0
[  232.840500][ T7447]  ? drm_gem_prime_fd_to_handle+0x185/0x4d0
[  232.846416][ T7447]  ? __pfx_drm_gem_shmem_prime_import_no_map+0x10/0x10
[  232.853291][ T7447]  drm_gem_prime_fd_to_handle+0x196/0x4d0
[  232.859040][ T7447]  drm_ioctl_kernel+0x2cc/0x390
[  232.863908][ T7447]  ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10
[  232.870347][ T7447]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  232.875745][ T7447]  drm_ioctl+0x67f/0xb10
[  232.880007][ T7447]  ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10
[  232.886463][ T7447]  ? __pfx_drm_ioctl+0x10/0x10
[  232.891252][ T7447]  ? __fget_files+0x3a0/0x420
[  232.895953][ T7447]  ? __fget_files+0x2a/0x420
[  232.900573][ T7447]  ? bpf_lsm_file_ioctl+0x9/0x20
[  232.905534][ T7447]  ? __pfx_drm_ioctl+0x10/0x10
[  232.910314][ T7447]  __se_sys_ioctl+0xf9/0x170
[  232.914924][ T7447]  do_syscall_64+0xfa/0xfa0
[  232.919530][ T7447]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  232.925614][ T7447]  ? asm_sysvec_call_function_single+0x1a/0x20
[  232.931790][ T7447]  ? clear_bhb_loop+0x60/0xb0
[  232.936485][ T7447]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  232.942399][ T7447] RIP: 0033:0x7fdef938ebe9
[  232.946832][ T7447] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  232.966455][ T7447] RSP: 002b:00007fdefa247038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  232.974887][ T7447] RAX: ffffffffffffffda RBX: 00007fdef95c6090 RCX: 00007fdef938ebe9
[  232.982877][ T7447] RDX: 0000200000000300 RSI: 00000000c00c642e RDI: 0000000000000007
[  232.990862][ T7447] RBP: 00007fdef9411e19 R08: 0000000000000000 R09: 0000000000000000
[  232.998869][ T7447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  233.006876][ T7447] R13: 00007fdef95c6128 R14: 00007fdef95c6090 R15: 00007ffc23efac68
[  233.014872][ T7447]  </TASK>
[  233.018186][ T7447] Kernel Offset: disabled
[  233.022519][ T7447] Rebooting in 86400 seconds..