last executing test programs:

2m38.373784468s ago: executing program 1 (id=280):
r0 = socket$inet6_icmp_raw(0x1c, 0x3, 0x3a)
connect$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c)
sendmsg(r0, &(0x7f0000001640)={0x0, 0x0, 0x0}, 0x80)

2m36.631318996s ago: executing program 1 (id=283):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000380)='mmap_lock_acquire_returned\x00', r0}, 0x18)
r1 = fsopen(&(0x7f0000000080)='sysfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x0)
fchdir(r2)
r3 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getdents64(r3, &(0x7f0000001f80)=""/4103, 0x1007)

2m36.395096369s ago: executing program 1 (id=287):
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x3, 0x410, 0xffffffffffffffff, 0x0)
mincore(&(0x7f0000ffb000/0x2000)=nil, 0x2000, &(0x7f0000002040)=""/4103)

2m36.237603662s ago: executing program 1 (id=289):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000001a300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r3, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r4=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f00000001c0)={r4, <r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_ATOMIC(r3, 0xc03864bc, &(0x7f0000000380)={0x0, 0x1, &(0x7f0000000440)=[r5], 0x0, 0x0, &(0x7f0000000040), 0x0, 0x300})

2m35.079691941s ago: executing program 1 (id=294):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x13, &(0x7f0000001640)={@broadcast, @remote={0xac, 0x14, 0x0}}, 0xc)

2m34.983200322s ago: executing program 1 (id=295):
symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000700)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
r0 = open(&(0x7f00000002c0)='.\x00', 0x0, 0x0)
mkdirat(r0, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0)
mount(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0xfffffffffffffffc, 0x0, 0x0)
r1 = open$dir(&(0x7f0000000080)='.\x00', 0x10000, 0x0)
r2 = open$dir(&(0x7f0000000080)='.\x00', 0x0, 0x0)
mkdirat(r2, &(0x7f00000001c0)='./file1\x00', 0x4)
renameat(r1, &(0x7f0000000040)='./file1\x00', r2, &(0x7f0000000180)='./file0\x00')
mkdir(&(0x7f0000000040)='./file\x00', 0x30)
sync()
sync()

2m19.828323256s ago: executing program 32 (id=295):
symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000700)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
r0 = open(&(0x7f00000002c0)='.\x00', 0x0, 0x0)
mkdirat(r0, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0)
mount(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0xfffffffffffffffc, 0x0, 0x0)
r1 = open$dir(&(0x7f0000000080)='.\x00', 0x10000, 0x0)
r2 = open$dir(&(0x7f0000000080)='.\x00', 0x0, 0x0)
mkdirat(r2, &(0x7f00000001c0)='./file1\x00', 0x4)
renameat(r1, &(0x7f0000000040)='./file1\x00', r2, &(0x7f0000000180)='./file0\x00')
mkdir(&(0x7f0000000040)='./file\x00', 0x30)
sync()
sync()

1m20.402727099s ago: executing program 0 (id=468):
socket(0x27, 0x3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/diskstats\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, 0x0, 0x0)
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
syz_pidfd_open(0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x1, 0xfffffffffffffffd, 0x0, 0x0, 0x2000000000005153, 0xa7}, 0x0, &(0x7f00000002c0)={0x3fb, 0x800000008003, 0xffffffffffff0001, 0x9, 0x40000000000000, 0x8000000000000001, 0x80000002, 0x1c1}, 0x0, 0x0)
read$FUSE(r0, &(0x7f00000001c0)={0x2020}, 0x2020)

1m19.473561144s ago: executing program 0 (id=469):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000004980)={0x11, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41000, 0x40, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8001}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
syz_mount_image$ocfs2(&(0x7f0000004840), &(0x7f0000000180)='./bus\x00', 0x8c0, &(0x7f0000004680)=ANY=[@ANYBLOB="61636c2c6e6f696e74722c6174696d655f7175616e74756d3d30303030303030303030303030303030303030372c6c6f63616c666c6f636b732c6c6f63616c616c6c6f633d30303030303030303030303030303030303030332c6c6f63616c666c6f636b732c696e74722c6865617274626561743d6e6f6e652c0024855616ead4c7dc9e9da093713b0e6a6e67e1af8e4f5d7cbff1185218b41bcefa2f4f41b8212051258a0a6168526c8eef9d759bbb36a4b49ff8042320899ca9b6e9fa68a0abe364e0e2d46408f18da37d557aa1ebb8aa29451a584f1980dc477bd97f6a0446b8957872e51c2adf98e1acff806babdc9d58bc06d6d0b19476862cebe64cafa5a069852602786f40bf6a1bf7594e171d16ced9409b168ef591c2f5b676a2eb18e8a3b91275fd4467aea2037bd9790e240137bc7c80cc99e9dd662a5f"], 0x7, 0x4430, &(0x7f0000000240)="$eJzs3c9PHNcdAPA3A67BtV1wfXClSl2pllq1FQKf2mKpGGNjsKkrt7aqXNYLrG2ShbVgiXLwgdws5RQphygHK5Fy42RxyNX5E3LJ0TlbSg65RIpkhWh3Z2FndldsEAux8/kcGOb9Zr8zb98chhcnKg+W1nJLa7nCSq68cG/tQu7tcml9uRjiQ9K2/2OH1z/d6cV1ctTX3i/ZzctX/3vnQgifL375Ynt7eztU9Ye2xpp+/+7bRwvNx4Y4U6fabvvWDsobIYSzLeOq6gsh/P+zEKIQwqUkbTI5DoYQToV63p1H793NHdBonj4vXsy/nHu8NX5+dvPJVue/PQrho9Lv/nZ/+es/9o1/9ZcD6h4AAAAAAAAAAAAAAAAAgFfc9K2bt/8zOhaeRaF/M2p9X3c6OXZ6P3b7wPyh938sAAAAAAAAAAAAAAAAAAAA/Eztvv+fi860ef9/KjlOdKi//a/ej5Hemfn3zakro2PJ/u9RS/7fk6RvLvWF4Tb7vmf3f7+Uqd9+//fWfvarMb5Gv0MhikdS53E8MhLCJ8nG7+eiE3GpvFb5673y+srigQ3jlZWOf333/lR0kg39u43/ZKb93u///9uWq6l6fvfgLrHXWjr+fR3Lffpu1FX8L2fqHUb82b90/PtraYPNBSbqE0A1/u/37x3/qUz7vYr/6RBCLqqONZeaAaprmGp6p/UKaen4H6ulpabO5IPsdP9/n4n/lUz7RzX/b2S/iGgrHf9f1dIGUiV27//heO/7/2qm/aOIf3X8G77/u5KO//F6Yn+qSO2T7Hb+n86036v4346TcZ6OUlfAZlRP7/T/6khLx3+gJX/3+S/uav13LVP/sJ7/Gv02nv8a0/+fo/rzH+2l4z/YsVy39/9Mpl6v5/+J2vqP/UrH/0QtLb12Hqr97Db+s5n2exX/2qpkoBH/3fnkh+P19I+t/7qSjv+v64lxc4mN2s/a+i/ae/1/PdP+Uaz/quPfiHvb6+siHf+THctV4/9FF9//NzL1muLfurg4IKPW+vuWjv+pjuVq9//A3vGfy9Tr9f3/p142DgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAKmEyOQyEaSp/H8chICJeT83PhRDRfWMzPl8oLb62FMJWk58KZ6H6pPF8o5ZdWyovFfKFUKi+EcCXJPxsGorVSuZJfLjy8utPWYPSgWFitzBcLlRDCdJL++3Cq0db8UmW58DCEcG0n7zdxefXhg8JKfnFp9Z+jo6OjYWZnDMNR8Z1KcaVS772eG8LsTt2hqGlwtezrO2M5Gb1ZXl9dKZRq6Tea6pTKC4VSU525JO+DMBxVVtdXFgqVYr5Uvt/o7yhNJMepmVv/u3VjrCX/blQ/Th7usAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4iZ6N/+PDEEJ//SwOIUw0fonalX/6vHgx/3Lu8db4+dnNJ1svOpUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Ed24EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsEvHKA0EURiA34yF2nkMq2W3s11RRAtXBE+gx/AwehQv4R1SpEibIgSSWQibXdgmqb6veTA/M+/BPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHme3ruPt7qJSHG1uYz4+/pfHOYvpf7cj9+/OMOMnM7za/fwWDfl39NRfleOlm3epevV92eM1N7vYE+G+7TX97menGtq36bm6/veRMpVRLQlv005V9W8twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACALTtwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgWMBAAAAAGH+1lH0bQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPArAAD//9kGHvg=")
mknod(&(0x7f00000048c0)='./file0\x00', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x57d901, 0x83)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f00000001c0)={0x8000042, 0x3}, 0x10)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000140)={0x10000042, 0x0, 0x2}, 0x10)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0)
ftruncate(r2, 0x8800000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
sendfile(r3, r2, 0x0, 0x578410eb)
socket$inet_sctp(0x2, 0x1, 0x84)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000400)='fdinfo/3\x00')
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)

1m18.055992027s ago: executing program 0 (id=472):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1c, 0x8, 0x40, 0x42, 0x1}, 0x50)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, &(0x7f0000000000)='.dead\x00', &(0x7f0000000080))
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x33)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000dc0)={{r5, <r6=>0xffffffffffffffff}, &(0x7f0000000500), &(0x7f00000000c0)='%ps    \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000003c0)={r6}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x25, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r6}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = getpid()
sendmsg$unix(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000700)=[{0x0}, {0x0}, {0x0}], 0x3, &(0x7f0000000780)=[@cred={{0x1c, 0x1, 0x2, {r7, 0x0, 0xee00}}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee01}}}], 0x58}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x700, &(0x7f0000000200)=ANY=[@ANYBLOB])

1m16.519114152s ago: executing program 0 (id=474):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x200040c0)
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r0 = socket$netlink(0x10, 0x3, 0xa)
r1 = dup(r0)
r2 = open(&(0x7f0000000040)='./file1\x00', 0x1850c2, 0x14c)
ftruncate(r2, 0x200004)
sendfile(r1, r2, 0x0, 0x80001d00c0d1)

1m15.982936251s ago: executing program 0 (id=475):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_int(r0, 0x6, 0x24, &(0x7f0000000000)=0x1, 0x4)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
recvmmsg(r0, &(0x7f00000002c0), 0x220, 0x100, 0x0)

1m7.883489264s ago: executing program 0 (id=485):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
socket$inet_tcp(0x2, 0x1, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
open_tree(0xffffffffffffff9c, 0x0, 0x89901)
r0 = socket$inet6(0xa, 0x3, 0x1)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000580)=@raw={'raw\x00', 0x8, 0x3, 0x560, 0x0, 0xffffffff, 0xffffffff, 0xf0, 0xffffffff, 0x490, 0xffffffff, 0xffffffff, 0x490, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@mcast2, 'vxcan1\x00', {0x8}}}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xfd}}, [], [0x0, 0xffffffff], 'pim6reg\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x3a0, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_virt_wifi\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x5}}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@mcast2, 'bridge_slave_0\x00', {0x53}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x5c0)
ioctl$SIOCSIFMTU(r1, 0x8923, &(0x7f0000000000)={'vxcan1\x00', 0x96})

52.655646295s ago: executing program 33 (id=485):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
socket$inet_tcp(0x2, 0x1, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
open_tree(0xffffffffffffff9c, 0x0, 0x89901)
r0 = socket$inet6(0xa, 0x3, 0x1)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000580)=@raw={'raw\x00', 0x8, 0x3, 0x560, 0x0, 0xffffffff, 0xffffffff, 0xf0, 0xffffffff, 0x490, 0xffffffff, 0xffffffff, 0x490, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@mcast2, 'vxcan1\x00', {0x8}}}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xfd}}, [], [0x0, 0xffffffff], 'pim6reg\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x3a0, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_virt_wifi\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x5}}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@mcast2, 'bridge_slave_0\x00', {0x53}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x5c0)
ioctl$SIOCSIFMTU(r1, 0x8923, &(0x7f0000000000)={'vxcan1\x00', 0x96})

22.928732253s ago: executing program 2 (id=541):
msgget$private(0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000480)='./file2\x00', 0xc0ed4040, &(0x7f00000000c0)={[{@noblock_validity}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}, {@journal_dev={'journal_dev', 0x3d, 0x714}}, {@grpid}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x2}}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x3}}, {@nolazytime}, {@jqfmt_vfsv1}]}, 0xf5, 0x47a, &(0x7f0000000ac0)="$eJzs3M9vFFUcAPDvTLel5YdFxB8gaBWMxB8tLT/kYGI0mnjQaKIHjKd1WwhSwEBNhBBFDxjjwZB4Nx5N/As86cWoJxOveDckxHABPa2ZnRnaLrulpQu7uJ9PMux7M7O89903b/fNe7sNoG+NZf8kEesj4mJEjEZEpfmEsfzh2pWztX+unK0lUa+/9XeSPS2uXjlbK/6LxpZZl++o14v8mhblnn83ojo7O3OyyE/MHftg4tTpM88eOVY9PHN45vjUgQN792wf2j+1ryNxZnFd3frxiW1bXn3nwuu1gxfe+/X7rL7ri+NlHJ00lr+6LT3R6cK6bMOCdFLpYkVYkazdBovtYozGQIxcPzYar3zW1coBt1ul1edz4Vwd+B/LBupAPyo/6LP733K7Q+OOnnD5xXzCI4v7WrHlRyqRFucMNt3fdtJwRBw89+832Ra3aR4CAGChH7PxzzOtxn9pPLDgvHuKNZSNEXFvRGyKiPsiYnNE3B/ROPfBiHhoheU3r5DcOP5JLy3K1gdWWMLSsvHf88Xa1uLxXzn6i40DRW5DI/7B5NCR2ZndxWuyKwbXZPnJRU9Z7KeX//iqed+XxTT72ILxX7Zl5S+OML3UPEE3XZ2rrj7y3OVPI7ZWWsWfXF8HTCJiS0RsvcUyjjz13bZ2x1rFX46Fb6oD60z1byOezNv/XDTFX0rark9OPrd/at/EcMzO7J4or4ob/fb7+Tfblb+q+Dsga/+1La//PP7sHjEZjjh1+szRxnrtqVso5M/Pa0mbQ5tvGv+N139tZ8RQ8nYjPVSeVTwOJa9lDyPl/o+qc3Mnp+afW+Ybj5N5/Lt2zMdfjfn+vym/PWu8Eg9HRHYRb4+IRyLi0aLtHouIxyNixxLh//LSzvfbHWvf/kvMyndQFv/0Eu2fveVlqfn2X3li4OjPP7Qrv76s9t/bSO0q9izn/W+5FVzNawcAAAB3i7TxHfgkHb+eTtPx8fw7/JtjbVqJiKcPnfjw+HT+XfmNMZiWM12jC+ZDJ4u54TI/1ZTfU8wbfz0w0siP107MTnc7eOhz69r0/8xfnV1qAXqR32tB/9L/oX/p/9C/9H/oXy90uwJAdwy13v3Jna4H0BUrH/8P35Z6AHee+3/oX/o/9C/9H/pS29/Gp6v6yf/dmqj0RjVaJkZ6oxplItKeqEbnEm98kXeJXqlPmags+49Z3GJiTctD3X5nAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6Iz/AgAA///NIdoS")
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xa8f94000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900030073797a32000000001400048008000240326565a708000140000000000900010073797a300000000048000000060a010400000000000000000100000008000b40000000000900010073797a3000000000200004801c0001800b00010072656a65637400000c000280080001400000000114000000110001"], 0xd0}}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, 0x0, 0x0)
r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r6, &(0x7f0000000840)=[{0x0}], 0x1)
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0)
r8 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
sendfile(r8, r7, 0x0, 0x4)

21.27776967s ago: executing program 5 (id=502):
syz_usb_connect(0x1, 0x3d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b"], 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f00000010c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x460, 0x280, 0x268, 0x300, 0x280, 0x268, 0x390, 0x460, 0x460, 0x390, 0x460, 0x9, 0x0, {[{{@uncond, 0x0, 0x240, 0x280, 0x0, {0x9401}, [@common=@inet=@hashlimit2={{0x150}, {'hsr0\x00', {0x0, 0xb, 0x0, 0x3, 0x0, 0x5, 0x9}}}, @common=@unspec=@limit={{0x48}, {0xfff, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x2}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x8, 0x21, "6bb6778f9bdec125b0fb4f26be757b1e6f2fb8e9079627dc6726c4bc85e9"}}}, {{@ipv6={@private2, @remote, [], [], 'ip6gretap0\x00', 'ip6_vti0\x00'}, 0x0, 0xa8, 0x110}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x511)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000040)={0x84, @rand_addr=0x64010100, 0x4e20, 0x3, 'wrr\x00', 0x1, 0x80005, 0x6f}, 0x2c)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r4, 0x0, 0x487, &(0x7f0000000580)={{0x84, @multicast2, 0x4e20, 0x3, 'lc\x00', 0x2, 0x3, 0x4e}, {@private=0xa010102, 0x4e20, 0x2, 0xa, 0x80012d58, 0x12d5c}}, 0x44)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r5, 0x0, 0x487, &(0x7f0000000580)={{0x84, @multicast2, 0x4e23, 0x3, 'sed\x00', 0x6, 0x3, 0x1815}, {@private=0xa010102, 0xce20, 0x4, 0xa, 0x80812f58, 0x12d5c}}, 0x44)
r6 = socket(0x2a, 0x2, 0x0)
r7 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r7, 0x8933, &(0x7f0000000080))
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={0x0, 0x3c}}, 0x0)
ioctl$SIOCSIFMTU(r6, 0x8922, &(0x7f0000000080)={'dummy0\x00'})
r9 = socket$inet_icmp(0x2, 0x2, 0x1)
connect$inet(r9, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)

18.687524293s ago: executing program 2 (id=548):
r0 = syz_open_procfs(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8000, 0x20000000019}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
getsockopt$bt_BT_VOICE(r0, 0x112, 0xb, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, 0x0, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfdef)
r4 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
setsockopt$inet_opts(r4, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x3, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180a0002000000000000000000000001a36bd8cd55000000050000000700008a95000000000000"], &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x45057bf4ccb05c67, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xc9b}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r5, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000740)='wlan0\x00', 0x10)
setsockopt$inet_opts(r4, 0x0, 0x4, 0x0, 0x0)
setsockopt$inet_opts(r4, 0x0, 0x1, &(0x7f0000000300)="18", 0x1)
setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000000c0), 0x4)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
r6 = semget$private(0x0, 0x4000000009, 0x208)
semop(r6, &(0x7f0000000000), 0x0)

15.977657387s ago: executing program 2 (id=551):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYRES32], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x30}, 0x94)
getpid()
timer_create(0x2, 0x0, &(0x7f0000000300)=<r0=>0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sendmsg$nl_crypto(0xffffffffffffffff, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0)
r3 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f0000000100)={0x1b, "5660359c3245d1c42317afad7d48ed51000000000000000100", <r4=>0xffffffffffffffff})
r5 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x141100, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f0000000140)={0x1000, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27", <r6=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r4, 0xc0303e03, &(0x7f00000000c0)={"9e04139e7b01f8d886cd05c04000", r6})
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1000002)
timer_settime(r0, 0x1, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_open_dev$video4linux(0x0, 0x5, 0x0)
ioctl$RTC_WIE_ON(0xffffffffffffffff, 0x700f)

15.80319874s ago: executing program 5 (id=552):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000200)='./file0\x00', 0x800, &(0x7f00000001c0)=ANY=[@ANYRES32=0x0, @ANYRESOCT, @ANYRES32, @ANYRES16], 0x1, 0x36e, &(0x7f0000000c00)="$eJzs3c9rI2UYwPEnaZpMumyTgygK0ge96GVoq2c1yC6IAZfuRtwVhNntREPGpMyESERsPXkVb/4DgsseFzwsqP9AL97WixdP9iIIuog4Mr/SJJ00aTZL0/b7gTZP8r7PzPvmF88byJuD9776uFn3zLrVkayhkhEReSRSlqwkMtFFXlLsycuX/nz4/PWbt96uVKtXtlSvVm68sqmqq2s/fPJZMe72oCD75Q8OxPht/+n9Zw/+u/FRw9OGp612Ry293f61Y912bN1ueE1T9ZpjW56tjZZnu1F7O2qvO+2dnZ5are3LKzuu7XlqtXratHvaaWvH7an1odVoqWmaenklbbjnmDFDTu3u1pZVmfGEd2bMw7z94/v+Mc2uW7GWRMzikZba3Sc6LgAAsJBG6v9vkhqhLNl+QZmJ1wL5MB5eBgT1fxKH9X+wWDis/++98FPn0rv3V+P6/0E+rf5/9Zcof6j+D84+9/r/u5HrRyuiM2/3JJ0fq/7HYlgbfkX+frhijwX1f/Bq6K/ov3j/3noYUP8DAAAAAAAAAAAAAAAAAAAAAHAWPPL9ku/7peQy+Tv8CkF8Pbl23BeNceaMe/wL8Y4C/ecDzqXrN2+JEX5xL7cq4nzZrXVr0WXcnnRcl5L8Gz4fYtGGE3thowbK8qOz260txwlL4f+KiIojtmxIScpD+WF89a3qlQ2NRPnh+Xe7tUxuJcivSyPM35SSPJWev5man5eXXhzIN6UkP9+RtjiyHb+PJfmfb6i++U51JL8Y9kvz+pN9SAAAAAAAmDtT1YiXz+Xh9W+0fjdN1bT2YC0vg+vzo58P9NfX66nr81zpudzpzh0AAAAAgIvCy3/atBzHdr3e2KAok/oU4qONNOVkwpGDIDdFn6HgYRgsH9dnaWCG0x45H/+CxrTDcL2eTD3mJPirIKl3ZrKF61CTkX6vThkk85+is3HSh8D1siefu+16a8F4dKbpDATJx0bj+si1WY88Lkh2zp3U+Zmvv/17tlNk4l17B5teu29MmGkYZEZu2ZvwpP3D9yeOZzn93eL7WX5kBgAAAMCCSIr+opfc8sbpDggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAtortukjQlOe44AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAovg/AAD//5h69bA=")
r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
r1 = open(&(0x7f0000000780)='./bus\x00', 0x14507e, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000f4)
io_setup(0x5ff, &(0x7f0000000400)=<r2=>0x0)
io_submit(r2, 0x1ffffff0, &(0x7f0000001d00)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000000)="96", 0xffffff20}, &(0x7f0000000740)={0x0, 0x0, 0x41, 0x3, 0x0, r0, 0x0, 0x0, 0xffffffffffffffff}])

14.360723854s ago: executing program 3 (id=555):
r0 = syz_clone(0x20300000, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(r0, &(0x7f0000000100)='io\x00')
preadv(r1, 0x0, 0x0, 0x401, 0x9)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0xfff}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000440), 0x40000, 0x0)
syz_io_uring_setup(0x4fc, 0x0, &(0x7f0000000340), 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f00000000c0)=0x6)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0xc000)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x8)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNDCTL_TMR_CONTINUE(r4, 0x5404)

13.97523661s ago: executing program 5 (id=557):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_open_dev$cec(0x0, 0x0, 0x88801)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$CEC_DQEVENT(r1, 0xc0506107, 0x0)
getxattr(0x0, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x8}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff, 0x2}, 0x0, 0x0)
syz_usb_connect$cdc_ncm(0x4, 0x6e, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801004800000000004000000850000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4}, 0x94)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000280)=ANY=[@ANYRES32=r4, @ANYRES32=r5, @ANYBLOB="05"], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r4}, &(0x7f00000006c0), &(0x7f0000000700)=r3}, 0x20)
sendmsg$inet(r2, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1}, 0x3)

13.236475583s ago: executing program 3 (id=558):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r4}, 0x18)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r0, 0x400455c8, 0x0)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x100000)

10.677690915s ago: executing program 3 (id=560):
r0 = syz_open_procfs(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8000, 0x20000000019}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
getsockopt$bt_BT_VOICE(r0, 0x112, 0xb, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, 0x0, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfdef)
r4 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
setsockopt$inet_opts(r4, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x3, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180a0002000000000000000000000001a36bd8cd55000000050000000700008a95000000000000"], &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x45057bf4ccb05c67, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xc9b}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r5, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000740)='wlan0\x00', 0x10)
setsockopt$inet_opts(r4, 0x0, 0x4, 0x0, 0x0)
setsockopt$inet_opts(r4, 0x0, 0x1, &(0x7f0000000300)="18", 0x1)
setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000000c0), 0x4)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
r6 = semget$private(0x0, 0x4000000009, 0x208)
semop(r6, &(0x7f0000000000), 0x0)

10.296214241s ago: executing program 2 (id=561):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)

8.977699492s ago: executing program 3 (id=562):
socket(0x27, 0x3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/diskstats\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)}, {0x0}], 0x2)
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
syz_pidfd_open(0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x1, 0xfffffffffffffffd, 0x0, 0x0, 0x2000000000005153, 0xa7}, 0x0, &(0x7f00000002c0)={0x3fb, 0x800000008003, 0xffffffffffff0001, 0x9, 0x40000000000000, 0x8000000000000001, 0x80000002, 0x1c1}, 0x0, 0x0)
read$FUSE(r0, &(0x7f00000001c0)={0x2020}, 0x2020)

8.942040153s ago: executing program 4 (id=563):
openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000000)='tasks\x00', 0x2, 0x0)
gettid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x36, &(0x7f0000000600)=ANY=[@ANYBLOB], 0x8)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
r3 = accept4(r2, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000001c0)="00940a37", 0x4)
sendto$unix(r3, &(0x7f0000000440)="36d9a32e92c131d730b1abaedb51eb66fd2d5b1f7eda4f0e859fdaf294bad70673813533d8bf1c6a77b65a7afdc01b29e73571071a68d5def5d7df839810da130b9348f4d9d407eb478d5bfb298c552a498271af70914e14ba9476fd2a0e47984c25ea20afab3064a748add27a7149e9c4705475bda2ecec9ec30214f28c5e16fd3f50f604f20232c534409e52bff64fc6ca0f5e254083aec2794b7216e002e87caf3d0fa7d04ff9e3b03e81595a04979594ff6ea888bf13de8e8f74c6178e31e47593732ae1a501ad3641d423195a788efdb643f50a8c8b9794a62f7b8dfa0fa7da9d391b92ce2a7f9fe0f9d584a3775f", 0x703d59595f6742a8, 0x800, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='configfs\x00', 0x0, 0x0)
r4 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000840)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x10}, 0x18)
utimensat(r4, 0x0, 0x0, 0x0)

8.843068225s ago: executing program 5 (id=564):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000004980)={0x11, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41000, 0x40, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8001}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
syz_mount_image$ocfs2(&(0x7f0000004840), &(0x7f0000000180)='./bus\x00', 0x8c0, &(0x7f0000004680)=ANY=[@ANYBLOB="61636c2c6e6f696e74722c6174696d655f7175616e74756d3d30303030303030303030303030303030303030372c6c6f63616c666c6f636b732c6c6f63616c616c6c6f633d30303030303030303030303030303030303030332c6c6f63616c666c6f636b732c696e74722c6865617274626561743d6e6f6e652c0024855616ead4c7dc9e9da093713b0e6a6e67e1af8e4f5d7cbff1185218b41bcefa2f4f41b8212051258a0a6168526c8eef9d759bbb36a4b49ff8042320899ca9b6e9fa68a0abe364e0e2d46408f18da37d557aa1ebb8aa29451a584f1980dc477bd97f6a0446b8957872e51c2adf98e1acff806babdc9d58bc06d6d0b19476862cebe64cafa5a069852602786f40bf6a1bf7594e171d16ced9409b168ef591c2f5b676a2eb18e8a3b91275fd4467aea2037bd9790e240137bc7c80cc99e9dd662a5f"], 0x7, 0x4430, &(0x7f0000000240)="$eJzs3c9PHNcdAPA3A67BtV1wfXClSl2pllq1FQKf2mKpGGNjsKkrt7aqXNYLrG2ShbVgiXLwgdws5RQphygHK5Fy42RxyNX5E3LJ0TlbSg65RIpkhWh3Z2FndldsEAux8/kcGOb9Zr8zb98chhcnKg+W1nJLa7nCSq68cG/tQu7tcml9uRjiQ9K2/2OH1z/d6cV1ctTX3i/ZzctX/3vnQgifL375Ynt7eztU9Ye2xpp+/+7bRwvNx4Y4U6fabvvWDsobIYSzLeOq6gsh/P+zEKIQwqUkbTI5DoYQToV63p1H793NHdBonj4vXsy/nHu8NX5+dvPJVue/PQrho9Lv/nZ/+es/9o1/9ZcD6h4AAAAAAAAAAAAAAAAAgFfc9K2bt/8zOhaeRaF/M2p9X3c6OXZ6P3b7wPyh938sAAAAAAAAAAAAAAAAAAAA/Eztvv+fi860ef9/KjlOdKi//a/ej5Hemfn3zakro2PJ/u9RS/7fk6RvLvWF4Tb7vmf3f7+Uqd9+//fWfvarMb5Gv0MhikdS53E8MhLCJ8nG7+eiE3GpvFb5673y+srigQ3jlZWOf333/lR0kg39u43/ZKb93u///9uWq6l6fvfgLrHXWjr+fR3Lffpu1FX8L2fqHUb82b90/PtraYPNBSbqE0A1/u/37x3/qUz7vYr/6RBCLqqONZeaAaprmGp6p/UKaen4H6ulpabO5IPsdP9/n4n/lUz7RzX/b2S/iGgrHf9f1dIGUiV27//heO/7/2qm/aOIf3X8G77/u5KO//F6Yn+qSO2T7Hb+n86036v4346TcZ6OUlfAZlRP7/T/6khLx3+gJX/3+S/uav13LVP/sJ7/Gv02nv8a0/+fo/rzH+2l4z/YsVy39/9Mpl6v5/+J2vqP/UrH/0QtLb12Hqr97Db+s5n2exX/2qpkoBH/3fnkh+P19I+t/7qSjv+v64lxc4mN2s/a+i/ae/1/PdP+Uaz/quPfiHvb6+siHf+THctV4/9FF9//NzL1muLfurg4IKPW+vuWjv+pjuVq9//A3vGfy9Tr9f3/p142DgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAKmEyOQyEaSp/H8chICJeT83PhRDRfWMzPl8oLb62FMJWk58KZ6H6pPF8o5ZdWyovFfKFUKi+EcCXJPxsGorVSuZJfLjy8utPWYPSgWFitzBcLlRDCdJL++3Cq0db8UmW58DCEcG0n7zdxefXhg8JKfnFp9Z+jo6OjYWZnDMNR8Z1KcaVS772eG8LsTt2hqGlwtezrO2M5Gb1ZXl9dKZRq6Tea6pTKC4VSU525JO+DMBxVVtdXFgqVYr5Uvt/o7yhNJMepmVv/u3VjrCX/blQ/Th7usAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4iZ6N/+PDEEJ//SwOIUw0fonalX/6vHgx/3Lu8db4+dnNJ1svOpUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Ed24EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsEvHKA0EURiA34yF2nkMq2W3s11RRAtXBE+gx/AwehQv4R1SpEibIgSSWQibXdgmqb6veTA/M+/BPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHme3ruPt7qJSHG1uYz4+/pfHOYvpf7cj9+/OMOMnM7za/fwWDfl39NRfleOlm3epevV92eM1N7vYE+G+7TX97menGtq36bm6/veRMpVRLQlv005V9W8twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACALTtwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgWMBAAAAAGH+1lH0bQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPArAAD//9kGHvg=")
mknod(&(0x7f00000048c0)='./file0\x00', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x57d901, 0x83)
socket$tipc(0x1e, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0)
ftruncate(r1, 0x8800000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff})
sendfile(r2, r1, 0x0, 0x578410eb)
socket$inet_sctp(0x2, 0x1, 0x84)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000400)='fdinfo/3\x00')
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)

8.111901356s ago: executing program 2 (id=565):
writev(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r2}, 0x10)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
sendmsg(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[@ANYBLOB="5c0000000206050800000000000000000000000005000400000000000900020073797a30000000001400078008001340000000000800064000000000050005000000000005000100060000000d000300686173683a6d6163"], 0x5c}}, 0x0)

7.617912925s ago: executing program 4 (id=566):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000047000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a876d839240d29c035055b67db3e6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7e8dc34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bb44b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334583239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bf4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc508afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd360000000000000000ae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c97a088a22e8b15c3e233db00002e30d46a0024d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c29c5c0ed5bcdf510c3c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ced92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f68fa8d7c2dfb28e1f05e46b0933c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b19abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d588afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda6900002a070886df42b27098773b45198b4a34ac97febd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f0000000000f8e10238d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d63521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07afef12ef060cd4403a099f32468f658000b4082d43e12186195cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea209b53b230ef0f2ab85cbdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bd3339403004b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab900000000000000000000d71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdbf24a0c5441ce046078492b53467cfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89cb349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb15f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c00c57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137df47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b558982016b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8b49e3d0168bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85a3009a5d30f479e293a3302e11350ea857b37e76ca3f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c8ffe0d508dcee3070e8b42ac38545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f98117919472b61b20026d7e646174b55d251f7f8ca5ccc22a5efb33b217eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4444e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24000000000000000000000000000000000000cd3211b3842b68a4eddca2eae28529e97a98d7ec3fd902df1ba8fc2ad2377e72d4e7aeacbbccef5614cd965511558f40720025c022bc9c213e407f6bc4b673c55aa8e729299a37fd6339acd906ac861ba56c9fa9b8b12b5e68a3cdadb906355e1f1d336a243172affe50d0fb36c3718a7498eed3d398f405a34d494414e87ef1ce1845510d43d00171d6b4b762f89564c22d542a119878709cd6822c3a3eb47a849b0737929fe9e1eecd1bff5a2b9880e2a6d8a3b3b7e88a673c96cda4455eff1c530db0e6598a2686aa09aeaf0f1aed95aeb8b0a2cc5ca31c0f56285cc05f7090a0e0583cf540d18cd8817e685c7b4ff176178ac1234f23e54445ec20b2689832d78409897a0307e89ebcd5f4ba042a3d10237a5a8a9a6eda36d2f337dc54537b80e8433341b135b4c5bb0173ffde46ccd260e1d4f2c51e8b07bb256f1317912cb1fc9e491e0bb9109e475cc795c23ad9f4f0042c5e9c655a4d865bc4a266e6a1d3d2b7ee53be9efb33a98933b5ba74ee3ac8d34b6af8c1fdbffade3abc80842b74354162f5b994ab5254cb068bc5e2ae242a1d37d0d49947c9317fa1a46c9e259ce0e1f9db992c53f7830a5e8f4fac6b187eb9f15ba61f730f86d7d7b63bbc7a1d9ff37e87a90a14e0655304da069f9009b62717649b6c6af94fcba713f8ee6fcce25aef44d009966614b61be9369ffc589a79051b0a0000000000000003ebd34c41afe268c33c9322c3a783772aec998f51a6e70fb932a8019e72ef5ab127bb30c79ebfd867441083546305fb39449c40a166ea389a6b77b7c87f66e8bf5806726b8fc50b943627314803a12c33312dce0a10f852da3e000000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x3e, 0xffffffffffffffff, 0x8, 0x0, 0xee, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x7}, 0x48)
socket$kcm(0x10, 0x3, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001a00)={r0, 0x18000000000002a0, 0xe80, 0x0, &(0x7f0000000480)="b9ff0307683a268cb8f8ffff888e", 0x0, 0xfe, 0x60000009, 0x0, 0x0, 0x0, 0x0}, 0x50)

6.873907107s ago: executing program 5 (id=567):
r0 = openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$RTC_IRQP_SET(r0, 0x4008700c, 0x800018f1)
iopl(0x3)
r1 = gettid()
mknod(&(0x7f0000000180)='./file0\x00', 0x1ffa, 0x0)
acct(&(0x7f0000000140)='./file0\x00')
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000001c0)={&(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0], 0x4, 0x80800})
creat(&(0x7f0000000040)='./file0\x00', 0x51)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8)
r3 = gettid()
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0x4, 0x0, 0x0, {{@in=@empty, @in=@remote, 0x0, 0x2400, 0x1000, 0x0, 0x2, 0x20, 0x20, 0x84, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0xfffffffffffffffe}, {}, 0x7}}, 0xb8}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
unshare(0x2a020480)
r6 = gettid()
signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0xfffffffffffffffb]}, 0x8, 0x800)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
rt_sigqueueinfo(r6, 0x21, &(0x7f0000000040)={0x0, 0x0, 0xfffffffb})
setsockopt$inet_tcp_int(r5, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)

6.760961569s ago: executing program 4 (id=568):
msgget$private(0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000480)='./file2\x00', 0xc0ed4040, &(0x7f00000000c0)={[{@noblock_validity}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}, {@journal_dev={'journal_dev', 0x3d, 0x714}}, {@grpid}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x2}}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x3}}, {@nolazytime}, {@jqfmt_vfsv1}]}, 0xf5, 0x47a, &(0x7f0000000ac0)="$eJzs3M9vFFUcAPDvTLel5YdFxB8gaBWMxB8tLT/kYGI0mnjQaKIHjKd1WwhSwEBNhBBFDxjjwZB4Nx5N/As86cWoJxOveDckxHABPa2ZnRnaLrulpQu7uJ9PMux7M7O89903b/fNe7sNoG+NZf8kEesj4mJEjEZEpfmEsfzh2pWztX+unK0lUa+/9XeSPS2uXjlbK/6LxpZZl++o14v8mhblnn83ojo7O3OyyE/MHftg4tTpM88eOVY9PHN45vjUgQN792wf2j+1ryNxZnFd3frxiW1bXn3nwuu1gxfe+/X7rL7ri+NlHJ00lr+6LT3R6cK6bMOCdFLpYkVYkazdBovtYozGQIxcPzYar3zW1coBt1ul1edz4Vwd+B/LBupAPyo/6LP733K7Q+OOnnD5xXzCI4v7WrHlRyqRFucMNt3fdtJwRBw89+832Ra3aR4CAGChH7PxzzOtxn9pPLDgvHuKNZSNEXFvRGyKiPsiYnNE3B/ROPfBiHhoheU3r5DcOP5JLy3K1gdWWMLSsvHf88Xa1uLxXzn6i40DRW5DI/7B5NCR2ZndxWuyKwbXZPnJRU9Z7KeX//iqed+XxTT72ILxX7Zl5S+OML3UPEE3XZ2rrj7y3OVPI7ZWWsWfXF8HTCJiS0RsvcUyjjz13bZ2x1rFX46Fb6oD60z1byOezNv/XDTFX0rark9OPrd/at/EcMzO7J4or4ob/fb7+Tfblb+q+Dsga/+1La//PP7sHjEZjjh1+szRxnrtqVso5M/Pa0mbQ5tvGv+N139tZ8RQ8nYjPVSeVTwOJa9lDyPl/o+qc3Mnp+afW+Ybj5N5/Lt2zMdfjfn+vym/PWu8Eg9HRHYRb4+IRyLi0aLtHouIxyNixxLh//LSzvfbHWvf/kvMyndQFv/0Eu2fveVlqfn2X3li4OjPP7Qrv76s9t/bSO0q9izn/W+5FVzNawcAAAB3i7TxHfgkHb+eTtPx8fw7/JtjbVqJiKcPnfjw+HT+XfmNMZiWM12jC+ZDJ4u54TI/1ZTfU8wbfz0w0siP107MTnc7eOhz69r0/8xfnV1qAXqR32tB/9L/oX/p/9C/9H/oXy90uwJAdwy13v3Jna4H0BUrH/8P35Z6AHee+3/oX/o/9C/9H/pS29/Gp6v6yf/dmqj0RjVaJkZ6oxplItKeqEbnEm98kXeJXqlPmags+49Z3GJiTctD3X5nAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6Iz/AgAA///NIdoS")
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xa8f94000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900030073797a32000000001400048008000240326565a708000140000000000900010073797a300000000048000000060a010400000000000000000100000008000b40000000000900010073797a3000000000200004801c0001800b00010072656a65637400000c000280080001400000000114000000110001"], 0xd0}}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, 0x0, 0x0)
r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r6, &(0x7f0000000840)=[{0x0}], 0x1)
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0)
r8 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
sendfile(r8, r7, 0x0, 0x4)

5.653737367s ago: executing program 4 (id=569):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
ioctl$TIOCSETD(r0, 0x5423, 0x0)
ioctl$TCFLSH(r0, 0x400455c8, 0x0)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x100000)

4.454340097s ago: executing program 4 (id=570):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYRES32], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x30}, 0x94)
getpid()
timer_create(0x2, 0x0, &(0x7f0000000300)=<r0=>0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sendmsg$nl_crypto(0xffffffffffffffff, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0)
r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000100)={0x1b, "5660359c3245d1c42317afad7d48ed51000000000000000100", <r3=>0xffffffffffffffff})
r4 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x141100, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, &(0x7f0000000140)={0x1000, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27", <r5=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r3, 0xc0303e03, &(0x7f00000000c0)={"9e04139e7b01f8d886cd05c04000", r5})
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a44, 0x1700)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1000002)
timer_settime(r0, 0x1, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x800, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_open_dev$video4linux(0x0, 0x5, 0x0)
ioctl$RTC_WIE_ON(0xffffffffffffffff, 0x700f)

3.787244588s ago: executing program 3 (id=571):
r0 = syz_open_procfs(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8000, 0x20000000019}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
getsockopt$bt_BT_VOICE(r0, 0x112, 0xb, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfdef)
r4 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
setsockopt$inet_opts(r4, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x3, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180a0002000000000000000000000001a36bd8cd55000000050000000700008a95000000000000"], &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x45057bf4ccb05c67, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xc9b}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r5, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000740)='wlan0\x00', 0x10)
setsockopt$inet_opts(r4, 0x0, 0x4, 0x0, 0x0)
setsockopt$inet_opts(r4, 0x0, 0x1, &(0x7f0000000300)="18", 0x1)
setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000000c0), 0x4)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
r6 = semget$private(0x0, 0x4000000009, 0x208)
semop(r6, &(0x7f0000000000), 0x0)

1.536354845s ago: executing program 3 (id=572):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_open_dev$cec(0x0, 0x0, 0x88801)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$CEC_DQEVENT(r1, 0xc0506107, 0x0)
getxattr(0x0, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x8}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff, 0x2}, 0x0, 0x0)
syz_usb_connect$cdc_ncm(0x4, 0x6e, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801004800000000004000000850000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4}, 0x94)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000280)=ANY=[@ANYRES32=r4, @ANYRES32=r5, @ANYBLOB="05"], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r4}, &(0x7f00000006c0), &(0x7f0000000700)=r3}, 0x20)
sendmsg$inet(r2, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1}, 0x3)

1.110282242s ago: executing program 5 (id=573):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x200040c0)
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$netlink(0x10, 0x3, 0xa)
r2 = dup(r1)
r3 = open(&(0x7f0000000040)='./file1\x00', 0x1850c2, 0x14c)
ftruncate(r3, 0x200004)
sendfile(r2, r3, 0x0, 0x80001d00c0d1)

1.040004353s ago: executing program 4 (id=574):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x44001)
openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000000)='tasks\x00', 0x2, 0x0)
gettid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x36, &(0x7f0000000600)=ANY=[@ANYBLOB], 0x8)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
r3 = accept4(r2, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000001c0)="00940a37", 0x4)
sendto$unix(r3, &(0x7f0000000440)="36d9a32e92c131d730b1abaedb51eb66fd2d5b1f7eda4f0e859fdaf294bad70673813533d8bf1c6a77b65a7afdc01b29e73571071a68d5def5d7df839810da130b9348f4d9d407eb478d5bfb298c552a498271af70914e14ba9476fd2a0e47984c25ea20afab3064a748add27a7149e9c4705475bda2ecec9ec30214f28c5e16fd3f50f604f20232c534409e52bff64fc6ca0f5e254083aec2794b7216e002e87caf3d0fa7d04ff9e3b03e81595a04979594ff6ea888bf13de8e8f74c6178e31e47593732ae1a501ad3641d423195a788efdb643f50a8c8b9794a62f7b8dfa0fa7da9d391b92ce2a7f9fe0f9d584a3775f", 0x703d59595f6742a8, 0x800, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='configfs\x00', 0x0, 0x0)
r4 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000840)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x10}, 0x18)
utimensat(r4, 0x0, 0x0, 0x0)

0s ago: executing program 2 (id=575):
r0 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0xc010)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = gettid()
timer_create(0xb, &(0x7f00000000c0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = syz_open_dev$cec(&(0x7f0000000240), 0x0, 0x2182)
ioctl$CEC_RECEIVE(r3, 0xc0386106, &(0x7f0000000000)={0x0, 0x7, 0x1, 0x0, 0x0, 0x9, '&\x00', 0x0, 0x0, 0x4a, 0x0, 0x0, 0x0, 0xe})
sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)="59dbe828e5379d2f1107463145aa8a33a999ff865d", 0x15, 0x80, 0x0, 0x0)
close(0xffffffffffffffff)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000014c0)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x2, 0x3}}, 0x20)
write$RDMA_USER_CM_CMD_DISCONNECT(r0, &(0x7f0000007800)={0xa, 0x4}, 0xc)
syz_usb_connect(0x3, 0x36, 0x0, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.112' (ED25519) to the list of known hosts.
[   82.130812][ T5778] cgroup: Unknown subsys name 'net'
[   82.297195][ T5778] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   84.015477][ T5778] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   86.355692][ T5796] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   86.366307][ T5800] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   86.372730][ T5798] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   86.375291][ T5800] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   86.385140][ T5798] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   86.390943][ T5800] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   86.397823][ T5798] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   86.406658][ T5800] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   86.410538][ T5796] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   86.418820][ T5800] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   86.425020][ T5798] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   86.432894][ T5800] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   86.447483][ T5800] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   86.447731][ T5796] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   86.456587][ T5800] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   86.464330][ T5796] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   86.471389][ T5800] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   86.476996][ T5796] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   86.483742][ T5800] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   86.490932][ T5796] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   86.498176][ T5800] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   86.504287][ T5798] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   86.519087][ T5796] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   86.548661][ T5800] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   87.139526][ T5788] chnl_net:caif_netlink_parms(): no params data found
[   87.184179][ T5790] chnl_net:caif_netlink_parms(): no params data found
[   87.250985][ T5787] chnl_net:caif_netlink_parms(): no params data found
[   87.323947][ T5789] chnl_net:caif_netlink_parms(): no params data found
[   87.537581][ T5787] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.546121][ T5787] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.554967][ T5787] bridge_slave_0: entered allmulticast mode
[   87.563054][ T5787] bridge_slave_0: entered promiscuous mode
[   87.573592][ T5788] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.582117][ T5788] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.589755][ T5788] bridge_slave_0: entered allmulticast mode
[   87.597210][ T5788] bridge_slave_0: entered promiscuous mode
[   87.606627][ T5788] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.614202][ T5788] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.621838][ T5788] bridge_slave_1: entered allmulticast mode
[   87.630712][ T5788] bridge_slave_1: entered promiscuous mode
[   87.663119][ T5787] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.670718][ T5787] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.677985][ T5787] bridge_slave_1: entered allmulticast mode
[   87.686110][ T5787] bridge_slave_1: entered promiscuous mode
[   87.725891][ T5790] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.733231][ T5790] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.741968][ T5790] bridge_slave_0: entered allmulticast mode
[   87.750306][ T5790] bridge_slave_0: entered promiscuous mode
[   87.797048][ T5788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   87.806870][ T5790] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.816963][ T5790] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.824418][ T5790] bridge_slave_1: entered allmulticast mode
[   87.832886][ T5790] bridge_slave_1: entered promiscuous mode
[   87.891558][ T5788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   87.920501][ T5789] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.927780][ T5789] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.937563][ T5789] bridge_slave_0: entered allmulticast mode
[   87.945291][ T5789] bridge_slave_0: entered promiscuous mode
[   87.955321][ T5787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   87.968010][ T5787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   87.992587][ T5790] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   88.005369][ T5790] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   88.014992][ T5789] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.022573][ T5789] bridge0: port 2(bridge_slave_1) entered disabled state
[   88.030167][ T5789] bridge_slave_1: entered allmulticast mode
[   88.037242][ T5789] bridge_slave_1: entered promiscuous mode
[   88.075732][ T5788] team0: Port device team_slave_0 added
[   88.152488][ T5788] team0: Port device team_slave_1 added
[   88.176346][ T5790] team0: Port device team_slave_0 added
[   88.188885][ T5789] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   88.202035][ T5789] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   88.215702][ T5787] team0: Port device team_slave_0 added
[   88.225590][ T5787] team0: Port device team_slave_1 added
[   88.245361][ T5790] team0: Port device team_slave_1 added
[   88.276479][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.284182][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.311426][ T5788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.326942][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.334007][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.360097][ T5788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   88.434297][ T5789] team0: Port device team_slave_0 added
[   88.441438][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.449326][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.476081][ T5787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.488818][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.495821][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.522115][ T5787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   88.535548][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.542620][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.568646][ T5790] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.581776][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.588893][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.615231][ T5792] Bluetooth: hci3: command tx timeout
[   88.618474][ T5795] Bluetooth: hci0: command tx timeout
[   88.621165][ T5792] Bluetooth: hci2: command tx timeout
[   88.626407][ T5804] Bluetooth: hci1: command tx timeout
[   88.634074][ T5790] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   88.650758][ T5789] team0: Port device team_slave_1 added
[   88.729974][ T5788] hsr_slave_0: entered promiscuous mode
[   88.736798][ T5788] hsr_slave_1: entered promiscuous mode
[   88.758008][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.765472][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.791797][ T5789] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.842472][ T5787] hsr_slave_0: entered promiscuous mode
[   88.850874][ T5787] hsr_slave_1: entered promiscuous mode
[   88.857230][ T5787] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   88.865646][ T5787] Cannot create hsr debugfs directory
[   88.885173][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.892342][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.918615][ T5789] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   88.966904][ T5790] hsr_slave_0: entered promiscuous mode
[   88.973554][ T5790] hsr_slave_1: entered promiscuous mode
[   88.980292][ T5790] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   88.987923][ T5790] Cannot create hsr debugfs directory
[   89.094662][ T5789] hsr_slave_0: entered promiscuous mode
[   89.102921][ T5789] hsr_slave_1: entered promiscuous mode
[   89.109541][ T5789] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   89.117137][ T5789] Cannot create hsr debugfs directory
[   89.509020][ T5790] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   89.525323][ T5790] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   89.535874][ T5790] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   89.550684][ T5790] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   89.630936][ T5788] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   89.648698][ T5788] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   89.669552][ T5788] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   89.686250][ T5788] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   89.784789][ T5789] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   89.795033][ T5789] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   89.805946][ T5789] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   89.837165][ T5789] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   89.931989][ T5787] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   89.943808][ T5787] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   89.955866][ T5787] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   89.968202][ T5787] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   90.072117][ T5790] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.092142][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.159888][ T5788] 8021q: adding VLAN 0 to HW filter on device team0
[   90.174833][ T3430] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.182293][ T3430] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.212274][ T5790] 8021q: adding VLAN 0 to HW filter on device team0
[   90.236003][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.243243][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.264591][ T3478] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.271827][ T3478] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.305811][ T5789] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.324705][ T3478] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.331922][ T3478] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.383795][ T5789] 8021q: adding VLAN 0 to HW filter on device team0
[   90.465184][ T3478] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.472449][ T3478] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.511794][ T3478] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.519043][ T3478] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.544882][ T5787] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.624461][ T5787] 8021q: adding VLAN 0 to HW filter on device team0
[   90.689385][ T5804] Bluetooth: hci2: command tx timeout
[   90.694886][ T5804] Bluetooth: hci3: command tx timeout
[   90.701533][ T5795] Bluetooth: hci1: command tx timeout
[   90.701555][ T5800] Bluetooth: hci0: command tx timeout
[   90.719663][ T5789] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   90.748544][ T5789] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   90.803496][  T144] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.810807][  T144] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.851836][  T144] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.859106][  T144] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.003573][ T5787] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   91.053610][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.116406][ T5790] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.303700][ T5790] veth0_vlan: entered promiscuous mode
[   91.320514][ T5788] veth0_vlan: entered promiscuous mode
[   91.359894][ T5790] veth1_vlan: entered promiscuous mode
[   91.368129][ T5788] veth1_vlan: entered promiscuous mode
[   91.396913][ T5789] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.466374][ T5788] veth0_macvtap: entered promiscuous mode
[   91.510938][ T5788] veth1_macvtap: entered promiscuous mode
[   91.524776][ T5787] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.592422][ T5790] veth0_macvtap: entered promiscuous mode
[   91.605475][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.615498][ T5789] veth0_vlan: entered promiscuous mode
[   91.627687][ T5790] veth1_macvtap: entered promiscuous mode
[   91.654309][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1
[   91.675549][ T5789] veth1_vlan: entered promiscuous mode
[   91.686575][ T5788] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   91.695843][ T5788] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   91.705530][ T5788] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   91.714671][ T5788] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   91.733812][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   91.745400][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   91.758072][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.775393][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   91.786164][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   91.799956][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_1
[   91.843329][ T5790] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   91.852733][ T5790] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   91.862108][ T5790] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   91.871515][ T5790] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   91.952370][ T5787] veth0_vlan: entered promiscuous mode
[   92.020879][ T5789] veth0_macvtap: entered promiscuous mode
[   92.052470][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.063230][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.068053][ T5789] veth1_macvtap: entered promiscuous mode
[   92.092757][ T5787] veth1_vlan: entered promiscuous mode
[   92.146288][   T56] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.159318][   T56] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.177653][   T56] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.186530][   T56] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.260521][ T3430] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.274578][ T3430] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.275329][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   92.304715][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.320633][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   92.331934][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.344210][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_0
[   92.353229][ T5787] veth0_macvtap: entered promiscuous mode
[   92.382172][ T5787] veth1_macvtap: entered promiscuous mode
[   92.413643][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   92.431804][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.443882][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   92.456170][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.491057][ T2194] cfg80211: failed to load regulatory.db
[   92.511774][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.534603][ T5789] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.547285][ T5789] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.556852][ T5789] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.566013][ T5789] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.621280][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   92.718748][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   92.778467][ T5800] Bluetooth: hci0: command tx timeout
[   92.784356][ T5792] Bluetooth: hci3: command tx timeout
[   92.784430][ T5792] Bluetooth: hci1: command tx timeout
[   92.796366][ T5792] Bluetooth: hci2: command tx timeout
[   92.798446][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.817955][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   92.837025][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.962115][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   92.981878][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.006521][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.295291][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   93.324782][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.343056][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   93.362747][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.373284][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   93.388895][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.404832][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_1
[   93.618033][ T5787] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   93.708648][ T5787] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   93.744821][ T5787] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   94.516145][ T5787] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   94.588229][ T5888] lo speed is unknown, defaulting to 1000
[   94.594988][ T5888] lo speed is unknown, defaulting to 1000
[   94.604196][ T5888] lo speed is unknown, defaulting to 1000
[   94.617558][ T5888] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   94.636065][ T5888] infiniband 3yz0: RDMA CMA: cma_listen_on_dev, error -98
[   94.728233][ T5888] lo speed is unknown, defaulting to 1000
[   94.737093][ T5888] lo speed is unknown, defaulting to 1000
[   94.745487][ T5888] lo speed is unknown, defaulting to 1000
[   94.753024][ T5888] lo speed is unknown, defaulting to 1000
[   95.095686][ T5800] Bluetooth: hci0: command tx timeout
[   95.103276][ T5800] Bluetooth: hci2: command tx timeout
[   95.113395][ T5800] Bluetooth: hci1: command tx timeout
[   95.119605][ T5800] Bluetooth: hci3: command tx timeout
[   95.654621][  T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.669110][ T5896] syz.2.7[5896]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[   95.678024][  T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.697458][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.726312][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.833942][  T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.863746][  T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.949939][ T3544] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.026263][ T3544] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.135644][ T5901] syz.1.9 uses obsolete (PF_INET,SOCK_PACKET)
[   96.492602][ T5904] nbd0: detected capacity change from 0 to 127
[   96.924954][ T5792] block nbd0: Receive control failed (result -104)
[   97.049669][ T5910] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5'.
[   97.187967][ T5910] 8021q: VLANs not supported on gre0
[   97.229470][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   98.107172][ T5896] loop2: detected capacity change from 0 to 40427
[   98.136525][ T5896] F2FS-fs (loop2): heap/no_heap options were deprecated
[   98.149893][ T5921] netlink: 4 bytes leftover after parsing attributes in process `syz.0.13'.
[   98.159604][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   98.167842][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   98.283616][ T5896] F2FS-fs (loop2): build fault injection attr: rate: 19, type: 0x7ffff
[   98.369556][    T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!!
[   98.412441][    T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!!
[   98.458667][    T0] NOHZ tick-stop error: local softirq work is pending, handler #340!!!
[   98.472351][    T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!!
[   98.631599][    T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!!
[   98.702368][    T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!!
[   99.154938][ T5932] loop1: detected capacity change from 0 to 512
[   99.176530][ T5932] =======================================================
[   99.176530][ T5932] WARNING: The mand mount option has been deprecated and
[   99.176530][ T5932]          and is ignored by this kernel. Remove the mand
[   99.176530][ T5932]          option from the mount to silence this warning.
[   99.176530][ T5932] =======================================================
[   99.316261][ T5932] EXT4-fs (loop1): external journal device major/minor numbers have changed
[   99.390203][ T5932] syz.1.18: attempt to access beyond end of device
[   99.390203][ T5932] loop20: rw=0, sector=2, nr_sectors = 2 limit=0
[   99.436723][ T5932] EXT4-fs (loop1): couldn't read superblock of external journal
[   99.560691][ T5940] nbd1: detected capacity change from 0 to 127
[  101.528678][ T5948] sched: RT throttling activated
[  102.088373][ T5792] block nbd1: Receive control failed (result -104)
[  102.447300][ T5958] netlink: 104 bytes leftover after parsing attributes in process `syz.2.26'.
[  103.310899][ T5961] 9pnet_fd: Insufficient options for proto=fd
[  103.333032][ T5963] loop0: detected capacity change from 0 to 1024
[  103.340547][ T5963] EXT4-fs: inline encryption not supported
[  103.346431][ T5963] EXT4-fs: Ignoring removed i_version option
[  103.369127][ T5963] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  103.895887][ T5963] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  104.392755][ T5789] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  104.657336][ T5982] loop0: detected capacity change from 0 to 512
[  104.747968][ T5982] EXT4-fs (loop0): external journal device major/minor numbers have changed
[  104.814850][ T5982] syz.0.31: attempt to access beyond end of device
[  104.814850][ T5982] loop20: rw=0, sector=2, nr_sectors = 2 limit=0
[  104.816350][ T5978] loop3: detected capacity change from 0 to 32768
[  104.904136][ T5982] EXT4-fs (loop0): couldn't read superblock of external journal
[  104.954964][ T5978] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  105.066039][ T5966] loop2: detected capacity change from 0 to 32768
[  105.594029][   T28] audit: type=1326 audit(1753595301.394:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5977 comm="syz.3.32" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5a2bf8e9a9 code=0x0
[  105.632195][ T5966] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present!
[  106.196402][ T5966] (syz.2.28,5966,1):ocfs2_init_local_system_inodes:492 ERROR: status=-22, sysfile=10, slot=0
[  106.302854][ T5966] (syz.2.28,5966,0):ocfs2_init_local_system_inodes:501 ERROR: status = -22
[  106.337576][ T5966] (syz.2.28,5966,0):ocfs2_mount_volume:1816 ERROR: status = -22
[  106.383128][ T5966] (syz.2.28,5966,0):ocfs2_fill_super:1178 ERROR: status = -22
[  106.499168][ T5787] ocfs2: Unmounting device (7,3) on (node local)
[  107.033387][ T5980] loop1: detected capacity change from 0 to 32768
[  107.064586][ T5997] No such timeout policy "syz0"
[  107.316492][ T5980] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.33 (5980)
[  107.920020][ T5980] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  108.148696][ T5980] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  108.157498][ T5980] BTRFS info (device loop1): use no compression
[  108.164205][ T5980] BTRFS info (device loop1): doing ref verification
[  108.171525][ T5980] BTRFS info (device loop1): force clearing of disk cache
[  108.179130][ T5980] BTRFS info (device loop1): max_inline at 0
[  108.185208][ T5980] BTRFS info (device loop1): setting nodatasum
[  108.194111][ T5980] BTRFS info (device loop1): using free space tree
[  108.203078][ T5980] workqueue: Failed to create a rescuer kthread for wq "btrfs-worker": -EINTR
[  108.224637][ T5980] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR
[  108.246151][ T5980] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR
[  108.257124][ T5980] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR
[  108.275331][ T5980] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[  108.286908][ T5980] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[  108.307787][ T5980] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[  108.318484][ T5980] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR
[  108.331396][ T5980] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[  108.353134][ T5980] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  108.400476][ T5980] BTRFS error (device loop1): open_ctree failed: -12
[  111.896959][ T6048] ptrace attach of "./syz-executor exec"[5788] was attempted by "./syz-executor exec"[6048]
[  112.972639][ T6054] Zero length message leads to an empty skb
[  115.576964][ T5792] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  117.311202][ T6079] loop1: detected capacity change from 0 to 512
[  117.335489][ T6079] EXT4-fs (loop1): external journal device major/minor numbers have changed
[  117.593000][ T6079] syz.1.56: attempt to access beyond end of device
[  117.593000][ T6079] loop20: rw=0, sector=2, nr_sectors = 2 limit=0
[  117.620879][ T6079] EXT4-fs (loop1): couldn't read superblock of external journal
[  119.096419][ T6073] loop2: detected capacity change from 0 to 40427
[  119.374238][ T6073] F2FS-fs (loop2): invalid crc value
[  119.383904][ T6075] loop0: detected capacity change from 0 to 32768
[  119.394236][ T6075] XFS: ikeep mount option is deprecated.
[  119.446427][ T6073] F2FS-fs (loop2): Found nat_bits in checkpoint
[  119.722502][ T6075] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  120.005451][ T6073] F2FS-fs (loop2): Start checkpoint disabled!
[  120.991185][ T6075] XFS (loop0): Ending clean mount
[  121.048155][ T6075] XFS (loop0): Quotacheck needed: Please wait.
[  122.069931][ T5792] Bluetooth: hci4: command 0x1003 tx timeout
[  122.076951][ T5800] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  122.079743][ T6075] XFS (loop0): Quotacheck: Done.
[  122.123260][ T6088] loop3: detected capacity change from 0 to 40427
[  122.134378][ T6088] F2FS-fs (loop3): Invalid log sectors per block(0) log sectorsize(9)
[  122.159876][ T6088] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  122.174741][ T6088] F2FS-fs (loop3): invalid crc value
[  122.956989][ T6127] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  123.030839][ T5789] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  123.896766][ T6133] loop1: detected capacity change from 0 to 512
[  124.030971][ T6133] EXT4-fs error (device loop1): ext4_orphan_get:1425: comm syz.1.66: bad orphan inode 13
[  124.059049][ T6088] F2FS-fs (loop3): Start checkpoint disabled!
[  124.086292][ T6133] ext4_test_bit(bit=12, block=4) = 1
[  124.113301][ T6088] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  124.119567][ T6133] is_bad_inode(inode)=0
[  124.133160][ T6133] NEXT_ORPHAN(inode)=0
[  124.137313][ T6133] max_ino=32
[  124.165736][ T6088] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  124.168340][ T6133] i_nlink=1
[  124.180093][ T6133] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  124.198886][ T5880] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  124.259420][ T6133] EXT4-fs warning (device loop1): dx_probe:833: inode #2: comm syz.1.66: Unrecognised inode hash code 20
[  124.302295][ T6133] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.66: Corrupt directory, running e2fsck is recommended
[  124.325887][ T6133] EXT4-fs warning (device loop1): dx_probe:833: inode #2: comm syz.1.66: Unrecognised inode hash code 20
[  124.360470][ T6133] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.66: Corrupt directory, running e2fsck is recommended
[  124.410751][ T5880] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  124.440633][ T5880] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  124.472551][ T5880] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  124.495071][ T5790] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  124.511246][ T5880] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  124.543773][ T5880] usb 3-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  124.556647][ T5880] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  124.571972][ T5880] usb 3-1: Product: syz
[  124.576315][ T5880] usb 3-1: Manufacturer: syz
[  124.584834][ T5880] usb 3-1: SerialNumber: syz
[  124.592454][ T6139] loop0: detected capacity change from 0 to 512
[  124.596843][ T5880] usb 3-1: config 0 descriptor??
[  124.649032][ T6139] EXT4-fs (loop0): external journal device major/minor numbers have changed
[  124.689505][ T6139] syz.0.65: attempt to access beyond end of device
[  124.689505][ T6139] loop20: rw=0, sector=2, nr_sectors = 2 limit=0
[  124.733818][ T6141] loop1: detected capacity change from 0 to 256
[  124.742749][ T6139] EXT4-fs (loop0): couldn't read superblock of external journal
[  124.782766][ T6141] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  125.031753][ T6141] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[  125.049054][ T5880] adutux 3-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0
[  125.597760][ T6141] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c1d22, utbl_chksum : 0xe619d30d)
[  125.663680][ T5880] usb 3-1: USB disconnect, device number 2
[  125.951968][ T6148] nbd2: detected capacity change from 0 to 127
[  126.059786][ T5800] block nbd2: Receive control failed (result -104)
[  127.187984][ T6155] loop1: detected capacity change from 0 to 32768
[  127.197279][ T1057] block nbd0: Possible stuck request ffff888021af8000: control (read@0,4096B). Runtime 30 seconds
[  127.298991][ T6160] Bluetooth: MGMT ver 1.22
[  127.335303][ T6155] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  127.371575][ T6157] Bluetooth: hci0: Opcode 0x0c1a failed: -112
[  127.966451][ T6169] loop2: detected capacity change from 0 to 4096
[  128.210766][ T6175] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  128.250611][ T5790] ocfs2: Unmounting device (7,1) on (node local)
[  128.328439][   T28] audit: type=1800 audit(1753595324.454:3): pid=6169 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.74" name="file1" dev="loop2" ino=15 res=0 errno=0
[  128.706989][ T6183] loop2: detected capacity change from 0 to 512
[  128.756364][ T6183] EXT4-fs (loop2): external journal device major/minor numbers have changed
[  128.795084][ T6183] syz.2.78: attempt to access beyond end of device
[  128.795084][ T6183] loop20: rw=0, sector=2, nr_sectors = 2 limit=0
[  129.078341][ T6183] EXT4-fs (loop2): couldn't read superblock of external journal
[  129.448768][ T5792] Bluetooth: hci0: command 0x0c1a tx timeout
[  129.549918][ T5800] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  130.302441][   T24] block nbd1: Possible stuck request ffff888021b28000: control (read@0,4096B). Runtime 30 seconds
[  131.518378][ T5800] Bluetooth: hci0: command 0x0c1a tx timeout
[  132.438631][ T6208] loop2: detected capacity change from 0 to 32768
[  132.521754][ T6208] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  133.256195][ T5788] ocfs2: Unmounting device (7,2) on (node local)
[  133.470978][ T1285] ieee802154 phy0 wpan0: encryption failed: -22
[  133.477713][ T1285] ieee802154 phy1 wpan1: encryption failed: -22
[  135.872090][ T6239] loop2: detected capacity change from 0 to 512
[  135.920375][ T6239] EXT4-fs (loop2): external journal device major/minor numbers have changed
[  135.950664][ T6239] syz.2.93: attempt to access beyond end of device
[  135.950664][ T6239] loop20: rw=0, sector=2, nr_sectors = 2 limit=0
[  135.952248][ T6218] loop3: detected capacity change from 0 to 32768
[  136.038998][ T6239] EXT4-fs (loop2): couldn't read superblock of external journal
[  136.559779][ T5946] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  138.164316][ T6262] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_to_bridge, syncid = 512, id = 0
[  138.178559][ T6263] IPVS: stopping backup sync thread 6262 ...
[  140.200017][ T6273] nbd3: detected capacity change from 0 to 127
[  140.419871][    T8] IPVS: starting estimator thread 0...
[  140.511948][ T6282] snd_dummy snd_dummy.0: control 2:4:7:syz0:1791 is already present
[  140.523875][ T6281] IPVS: using max 16 ests per chain, 38400 per kthread
[  140.778636][ T5800] block nbd3: Receive control failed (result -104)
[  141.669255][ T6290] netlink: 4 bytes leftover after parsing attributes in process `syz.3.107'.
[  141.697622][ T6290] netlink: 4 bytes leftover after parsing attributes in process `syz.3.107'.
[  141.730097][ T6290] veth1_macvtap: left promiscuous mode
[  146.153801][ T2194] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  146.235996][ T6325] netlink: 20 bytes leftover after parsing attributes in process `syz.1.116'.
[  146.401902][ T2194] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  146.418684][ T2194] usb 4-1: config 0 interface 0 has no altsetting 0
[  146.444724][ T2194] usb 4-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce
[  146.455438][ T2194] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  146.465438][ T2194] usb 4-1: Product: syz
[  146.470705][ T2194] usb 4-1: Manufacturer: syz
[  146.475786][ T2194] usb 4-1: SerialNumber: syz
[  146.509980][ T2194] usb 4-1: config 0 descriptor??
[  146.565957][ T2194] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state.
[  146.640074][ T2194] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  146.657422][ T2194] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0)
[  146.666691][ T2194] usb 4-1: media controller created
[  146.836085][ T2194] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  146.999065][ T2194] DVB: Unable to find symbol tda10046_attach()
[  147.005339][ T2194] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0'
[  147.038540][ T2194] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected.
[  147.326054][ T2194] dvb_usb_m920x: probe of 4-1:0.0 failed with error -71
[  147.333653][ T5880] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  147.362088][ T2194] usb 4-1: USB disconnect, device number 2
[  147.529545][ T5880] usb 2-1: Using ep0 maxpacket: 16
[  147.547100][ T5880] usb 2-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15
[  147.588367][ T5880] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  147.596462][ T5880] usb 2-1: Product: syz
[  147.638435][ T5880] usb 2-1: Manufacturer: syz
[  147.643147][ T5880] usb 2-1: SerialNumber: syz
[  147.660513][ T5880] usb 2-1: config 0 descriptor??
[  147.682583][ T5880] ssu100 2-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  148.015269][ T6347] netlink: 24 bytes leftover after parsing attributes in process `syz.0.121'.
[  148.506795][ T5880] ssu100: probe of 2-1:0.0 failed with error -71
[  148.538684][ T5880] usb 2-1: USB disconnect, device number 2
[  148.700042][ T6348] orangefs_mount: mount request failed with -4
[  151.678759][ T2194] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  152.198490][ T2194] usb 1-1: Using ep0 maxpacket: 8
[  152.218839][ T2194] usb 1-1: config 0 has no interfaces?
[  152.236200][ T2194] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  152.257207][ T2194] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  152.277795][ T2194] usb 1-1: Product: syz
[  152.282493][ T2194] usb 1-1: Manufacturer: syz
[  152.287175][ T2194] usb 1-1: SerialNumber: syz
[  152.316840][ T2194] usb 1-1: config 0 descriptor??
[  152.572136][ T2194] usb 1-1: USB disconnect, device number 2
[  152.933695][ T6358] loop3: detected capacity change from 0 to 32768
[  153.015241][ T6358] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  153.311963][ T6358] XFS (loop3): Ending clean mount
[  153.361675][ T6358] XFS (loop3): Quotacheck needed: Please wait.
[  153.422073][ T6378] nbd4: detected capacity change from 0 to 127
[  153.496193][ T5800] block nbd4: Receive control failed (result -104)
[  153.549528][ T6358] XFS (loop3): Quotacheck: Done.
[  153.704092][ T5787] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  153.875443][ T6386] loop2: detected capacity change from 0 to 16
[  153.934028][ T6386] erofs: Unknown parameter 'P'
[  154.832984][ T6401] loop3: detected capacity change from 0 to 128
[  154.867225][ T6401] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  154.910652][ T6401] ext4 filesystem being mounted at /27/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  154.939899][ T6407] binder_alloc: 6406: binder_alloc_buf, no vma
[  155.024218][ T5787] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  155.028469][  T787] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  155.456209][ T6413] loop3: detected capacity change from 0 to 32768
[  155.480081][ T6417] nbd5: detected capacity change from 0 to 127
[  155.498427][  T787] usb 3-1: Using ep0 maxpacket: 16
[  155.504439][ T6413] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  155.533190][  T787] usb 3-1: config 0 has an invalid interface number: 8 but max is 0
[  155.541601][ T5792] block nbd5: Receive control failed (result -104)
[  155.888493][ T5800] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  155.895305][ T5792] Bluetooth: hci4: command 0x1003 tx timeout
[  156.001752][  T787] usb 3-1: config 0 has no interface number 0
[  156.008871][  T787] usb 3-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  156.019910][  T787] usb 3-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  156.032345][  T787] usb 3-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  156.041822][  T787] usb 3-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  156.058579][  T787] usb 3-1: Product: syz
[  156.062802][  T787] usb 3-1: SerialNumber: syz
[  156.099560][  T787] usb 3-1: config 0 descriptor??
[  156.126666][  T787] cm109 3-1:0.8: invalid payload size 0, expected 4
[  156.138185][  T787] input: CM109 USB driver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.8/input/input5
[  156.196684][ T5787] ocfs2: Unmounting device (7,3) on (node local)
[  156.492407][    C0] cm109 3-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90
[  156.564434][ T1057] block nbd2: Possible stuck request ffff888021ba0000: control (read@0,1024B). Runtime 30 seconds
[  156.576116][ T1057] block nbd2: Possible stuck request ffff888021ba0200: control (read@1024,3072B). Runtime 30 seconds
[  157.020457][ T6426] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  157.081644][   T23] usb 3-1: USB disconnect, device number 3
[  157.750183][ T1057] block nbd0: Possible stuck request ffff888021af8000: control (read@0,4096B). Runtime 60 seconds
[  157.996072][   T23] cm109 3-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  158.275234][ T6447] No such timeout policy "syz0"
[  158.289313][ T5792] Bluetooth: hci0: command 0x0c1a tx timeout
[  161.241106][   T24] block nbd1: Possible stuck request ffff888021b28000: control (read@0,4096B). Runtime 60 seconds
[  162.762684][ T6469] loop2: detected capacity change from 0 to 32768
[  163.028069][ T6469] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  163.640322][ T5788] ocfs2: Unmounting device (7,2) on (node local)
[  163.808570][ T6481] Bluetooth: hci0: Opcode 0x0c1a failed: -112
[  164.139895][ T5804] Bluetooth: hci4: command 0x1003 tx timeout
[  164.221894][ T5792] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  164.818010][ T6492] loop2: detected capacity change from 0 to 1764
[  164.941204][ T6492] iso9660: Corrupted directory entry in block 2 of inode 1920
[  165.108688][ T5845] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  165.461814][ T6498] loop0: detected capacity change from 0 to 32768
[  165.594850][ T6498] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  165.700327][ T5845] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  165.767384][ T6505] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  165.785018][ T6505] comedi comedi3: 8255: I/O port conflict (0x2,4)
[  165.798271][ T6505] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  165.814421][ T6505] comedi comedi3: 8255: I/O port conflict (0x5c952399,4)
[  165.824844][ T5845] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  165.828587][ T5792] Bluetooth: hci0: command 0x0c1a tx timeout
[  165.843069][ T5800] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  165.856295][ T6505] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  165.863914][ T6505] comedi comedi3: 8255: I/O port conflict (0x3ff,4)
[  165.873754][ T6505] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  165.880931][ T6505] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  165.887683][ T6505] comedi comedi3: 8255: I/O port conflict (0x9,4)
[  165.895784][ T6505] comedi comedi3: 8255: I/O port conflict (0x6,4)
[  165.921907][ T6505] comedi comedi3: 8255: I/O port conflict (0x4,4)
[  165.938282][ T6505] comedi comedi3: 8255: I/O port conflict (0x3,4)
[  165.948180][ T6505] comedi comedi3: 8255: I/O port conflict (0xffffffff80000089,4)
[  165.958797][ T6505] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffd,4)
[  165.990432][ T5845] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  166.495839][ T5845] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  166.746107][ T6507] loop2: detected capacity change from 0 to 32768
[  166.787247][ T6494] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  166.819339][ T6507] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  166.876165][ T5845] usb 4-1: Quirk or no altest; falling back to MIDI 1.0
[  166.934747][ T5789] ocfs2: Unmounting device (7,0) on (node local)
[  167.003195][ T6507] XFS (loop2): Ending clean mount
[  167.190600][ T2194] XFS (loop2): Metadata CRC error detected at xfs_rmapbt_read_verify+0x42/0xd0, xfs_rmapbt block 0x14 
[  167.227426][ T2194] XFS (loop2): Unmount and run xfs_repair
[  167.286355][ T2194] XFS (loop2): First 128 bytes of corrupted metadata buffer:
[  167.376742][ T5845] usb 4-1: USB disconnect, device number 3
[  167.858077][ T6523] sctp: failed to load transform for md5: -2
[  167.915672][ T5792] Bluetooth: hci0: command 0x0c1a tx timeout
[  168.093662][ T2194] 00000000: 52 4d 42 33 00 00 00 0c ff ff ff ff ff ff ff ff  RMB3............
[  168.103209][ T2194] 00000010: 00 a7 50 00 00 00 00 14 00 00 00 01 00 00 00 80  ..P.............
[  168.112737][ T2194] 00000020: bf dc 47 fc 10 d8 4e ed a5 62 11 a8 31 b3 f7 91  ..G...N..b..1...
[  168.121702][ T2194] 00000030: 00 00 00 00 5b af 3b 1d 00 00 00 00 00 00 00 01  ....[.;.........
[  168.130854][ T2194] 00000040: ff ff ff ff ff ff ff fd 00 00 00 00 00 00 00 00  ................
[  168.140862][ T2194] 00000050: 00 00 00 01 00 00 00 02 ff ff ff ff ff ff ff fb  ................
[  168.149838][ T2194] 00000060: 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 02  ................
[  168.158801][ T2194] 00000070: ff ff ff ff ff ff ff fa 00 00 00 00 00 00 00 00  ................
[  168.168780][ T6507] XFS (loop2): metadata I/O error in "xfs_btree_read_buf_block+0x1d7/0x2d0" at daddr 0x14 len 4 error 74
[  168.181140][ T6507] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0x182e/0x1e00 (fs/xfs/libxfs/xfs_defer.c:598).  Shutting down filesystem.
[  168.198599][ T6507] XFS (loop2): Please unmount the filesystem and rectify the problem(s)
[  168.229687][ T6507] syz.2.166 (6507) used greatest stack depth: 20712 bytes left
[  168.277551][ T5788] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  169.341008][ T6551] loop0: detected capacity change from 0 to 8
[  169.702244][ T6551] SQUASHFS error: lzo decompression failed, data probably corrupt
[  169.729406][ T6551] SQUASHFS error: Failed to read block 0x1d2: -5
[  169.756289][ T6551] SQUASHFS error: Unable to read metadata cache entry [1d0]
[  169.776655][ T6551] SQUASHFS error: Unable to read directory block [1d0:26]
[  170.365786][ T6559] loop1: detected capacity change from 0 to 2048
[  170.619528][ T1057] block nbd3: Possible stuck request ffff888021c00000: control (read@0,4096B). Runtime 30 seconds
[  170.671222][ T6559] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  171.177239][ T6561] loop0: detected capacity change from 0 to 32768
[  171.279579][ T6561] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  172.205815][ T6565] loop1: detected capacity change from 0 to 4096
[  172.214776][ T5800] Bluetooth: hci4: command 0x1003 tx timeout
[  172.221155][ T5792] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  172.380405][ T6572] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  172.503673][ T5789] ocfs2: Unmounting device (7,0) on (node local)
[  172.975608][ T6581] netlink: 136 bytes leftover after parsing attributes in process `syz.2.182'.
[  173.168922][ T6582] netlink: 20 bytes leftover after parsing attributes in process `syz.0.180'.
[  176.013178][ T6606] netlink: 8 bytes leftover after parsing attributes in process `syz.2.189'.
[  176.110122][ T2194] IPVS: starting estimator thread 0...
[  176.790525][ T6609] IPVS: using max 18 ests per chain, 43200 per kthread
[  176.872504][ T6613] loop3: detected capacity change from 0 to 512
[  176.892448][ T6613] EXT4-fs (loop3): external journal device major/minor numbers have changed
[  176.914233][ T6613] syz.3.191: attempt to access beyond end of device
[  176.914233][ T6613] loop20: rw=0, sector=2, nr_sectors = 2 limit=0
[  176.947739][ T6613] EXT4-fs (loop3): couldn't read superblock of external journal
[  177.255773][ T6615] netlink: 32 bytes leftover after parsing attributes in process `syz.3.191'.
[  177.908602][ T6621] loop3: detected capacity change from 0 to 136
[  178.129489][ T5792] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  180.018595][ T5845] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  180.428827][ T5845] usb 1-1: Using ep0 maxpacket: 16
[  180.444647][ T5845] usb 1-1: config 0 has an invalid interface number: 8 but max is 0
[  180.479737][ T5845] usb 1-1: config 0 has no interface number 0
[  180.515165][ T5845] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  180.568671][ T5845] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  180.583097][ T5845] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  180.598161][ T6643] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  180.616203][ T6645] loop3: detected capacity change from 0 to 512
[  180.631154][ T5845] usb 1-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  180.648406][ T5845] usb 1-1: Product: syz
[  180.652872][ T5845] usb 1-1: SerialNumber: syz
[  180.687474][ T5845] usb 1-1: config 0 descriptor??
[  180.721680][ T6645] EXT4-fs (loop3): external journal device major/minor numbers have changed
[  180.738649][ T6645] syz.3.202: attempt to access beyond end of device
[  180.738649][ T6645] loop20: rw=0, sector=2, nr_sectors = 2 limit=0
[  180.744499][ T5845] cm109 1-1:0.8: invalid payload size 0, expected 4
[  180.793412][ T5845] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.8/input/input6
[  180.847491][ T6645] EXT4-fs (loop3): couldn't read superblock of external journal
[  181.513509][ T6652] netlink: 32 bytes leftover after parsing attributes in process `syz.3.202'.
[  182.017021][    C0] cm109 1-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90
[  182.484558][ T5831] usb 1-1: USB disconnect, device number 3
[  182.636289][ T5831] cm109 1-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  183.968635][ T6021] block nbd4: Possible stuck request ffff888021ca0000: control (read@0,4096B). Runtime 30 seconds
[  184.350890][ T6668] netlink: 8 bytes leftover after parsing attributes in process `syz.2.208'.
[  186.248548][ T5923] block nbd5: Possible stuck request ffff888021cd0000: control (read@0,1024B). Runtime 30 seconds
[  186.259477][ T5923] block nbd5: Possible stuck request ffff888021cd0200: control (read@1024,1024B). Runtime 30 seconds
[  186.270711][ T5923] block nbd5: Possible stuck request ffff888021cd0400: control (read@2048,1024B). Runtime 30 seconds
[  186.282807][ T5923] block nbd5: Possible stuck request ffff888021cd0600: control (read@3072,1024B). Runtime 30 seconds
[  186.378009][ T6681] loop1: detected capacity change from 0 to 128
[  187.488385][ T6021] block nbd2: Possible stuck request ffff888021ba0000: control (read@0,1024B). Runtime 60 seconds
[  187.499120][ T6021] block nbd2: Possible stuck request ffff888021ba0200: control (read@1024,3072B). Runtime 60 seconds
[  187.917342][ T6021] block nbd0: Possible stuck request ffff888021af8000: control (read@0,4096B). Runtime 90 seconds
[  188.014951][ T6694] loop0: detected capacity change from 0 to 512
[  188.280524][ T6694] EXT4-fs (loop0): external journal device major/minor numbers have changed
[  188.398712][ T6694] syz.0.214: attempt to access beyond end of device
[  188.398712][ T6694] loop20: rw=0, sector=2, nr_sectors = 2 limit=0
[  188.428380][ T6694] EXT4-fs (loop0): couldn't read superblock of external journal
[  188.684987][ T3544] kworker/u4:12: attempt to access beyond end of device
[  188.684987][ T3544] loop1: rw=1, sector=145, nr_sectors = 80 limit=128
[  188.755046][ T6698] netlink: 12 bytes leftover after parsing attributes in process `syz.0.214'.
[  189.341307][ T6656] syz.3.205 (6656): drop_caches: 1
[  189.341334][ T6657] syz.3.205 (6657): drop_caches: 1
[  189.713003][ T6708] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  191.659430][ T5923] block nbd1: Possible stuck request ffff888021b28000: control (read@0,4096B). Runtime 90 seconds
[  193.118339][ T5831] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  193.308480][ T5831] usb 3-1: Using ep0 maxpacket: 8
[  193.422482][ T5831] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  193.433839][ T5831] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  193.444297][ T5831] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  193.466623][ T5831] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  193.542172][ T5831] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  193.583993][ T5831] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  193.935557][ T5831] usb 3-1: GET_CAPABILITIES returned 0
[  193.941930][ T5831] usbtmc 3-1:16.0: can't read capabilities
[  194.179473][ T5831] usb 3-1: USB disconnect, device number 4
[  194.852781][ T1285] ieee802154 phy0 wpan0: encryption failed: -22
[  194.958374][ T1285] ieee802154 phy1 wpan1: encryption failed: -22
[  197.170440][ T6776] loop2: detected capacity change from 0 to 32768
[  197.470899][ T6776] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  198.280195][ T6790] loop0: detected capacity change from 0 to 512
[  198.326353][ T6790] EXT4-fs (loop0): external journal device major/minor numbers have changed
[  198.435601][ T6790] syz.0.241: attempt to access beyond end of device
[  198.435601][ T6790] loop20: rw=0, sector=2, nr_sectors = 2 limit=0
[  198.562423][ T6790] EXT4-fs (loop0): couldn't read superblock of external journal
[  198.628682][ T5788] ocfs2: Unmounting device (7,2) on (node local)
[  198.929624][ T6795] netlink: 12 bytes leftover after parsing attributes in process `syz.0.241'.
[  199.562279][ T6804] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  201.340724][ T6021] block nbd3: Possible stuck request ffff888021c00000: control (read@0,4096B). Runtime 60 seconds
[  202.562871][ T6832] loop2: detected capacity change from 0 to 512
[  202.573677][ T6832] EXT4-fs: Ignoring removed mblk_io_submit option
[  202.585424][ T6832] ext4: Unknown parameter 'seclabel'
[  204.605890][ T6835] loop1: detected capacity change from 0 to 32768
[  204.925110][ T6835] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  207.185504][ T5790] ocfs2: Unmounting device (7,1) on (node local)
[  212.413577][ T5795] Bluetooth: hci1: command 0x0406 tx timeout
[  212.420012][ T5796] Bluetooth: hci0: command 0x0c1a tx timeout
[  212.426142][ T5106] Bluetooth: hci2: command 0x0406 tx timeout
[  213.648475][   T50] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  214.060155][ T6021] block nbd4: Possible stuck request ffff888021ca0000: control (read@0,4096B). Runtime 60 seconds
[  215.490162][ T7015] loop0: detected capacity change from 0 to 512
[  215.515263][ T7015] EXT4-fs (loop0): external journal device major/minor numbers have changed
[  215.553729][ T7015] syz.0.307: attempt to access beyond end of device
[  215.553729][ T7015] loop20: rw=0, sector=2, nr_sectors = 2 limit=0
[  215.578392][ T7015] EXT4-fs (loop0): couldn't read superblock of external journal
[  215.781555][ T5161] udevd[5161]: worker [6535] terminated by signal 33 (Unknown signal 33)
[  215.790375][ T5161] udevd[5161]: worker [6535] failed while handling '/devices/virtual/block/loop0'
[  216.614728][ T5923] block nbd5: Possible stuck request ffff888021cd0000: control (read@0,1024B). Runtime 60 seconds
[  216.625896][ T5923] block nbd5: Possible stuck request ffff888021cd0200: control (read@1024,1024B). Runtime 60 seconds
[  216.638151][ T5923] block nbd5: Possible stuck request ffff888021cd0400: control (read@2048,1024B). Runtime 60 seconds
[  216.650553][ T5923] block nbd5: Possible stuck request ffff888021cd0600: control (read@3072,1024B). Runtime 60 seconds
[  217.889041][ T6021] block nbd2: Possible stuck request ffff888021ba0000: control (read@0,1024B). Runtime 90 seconds
[  217.900178][ T6021] block nbd2: Possible stuck request ffff888021ba0200: control (read@1024,3072B). Runtime 90 seconds
[  218.534099][ T6021] block nbd0: Possible stuck request ffff888021af8000: control (read@0,4096B). Runtime 120 seconds
[  221.594292][ T7087] netlink: 28 bytes leftover after parsing attributes in process `syz.0.331'.
[  221.838502][ T5923] block nbd1: Possible stuck request ffff888021b28000: control (read@0,4096B). Runtime 120 seconds
[  222.669706][ T7098] loop3: detected capacity change from 0 to 32768
[  222.817532][ T7098] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  222.967700][ T7093] loop0: detected capacity change from 0 to 40427
[  222.981739][ T7093] F2FS-fs (loop0): build fault injection attr: rate: 690, type: 0x7ffff
[  223.009255][ T7093] F2FS-fs (loop0): Image doesn't support compression
[  223.082653][ T7093] F2FS-fs (loop0): invalid crc value
[  223.135823][ T7093] F2FS-fs (loop0): Found nat_bits in checkpoint
[  223.333439][ T7093] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  223.375311][ T5787] ocfs2: Unmounting device (7,3) on (node local)
[  223.491186][ T7093] syz.0.332: attempt to access beyond end of device
[  223.491186][ T7093] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  223.554487][ T7105] syz.0.332: attempt to access beyond end of device
[  223.554487][ T7105] loop0: rw=2049, sector=45104, nr_sectors = 16 limit=40427
[  223.648111][ T5789] syz-executor: attempt to access beyond end of device
[  223.648111][ T5789] loop0: rw=2049, sector=45120, nr_sectors = 8 limit=40427
[  223.679816][ T5789] F2FS-fs (loop0): inject write IO error in f2fs_write_end_io of __submit_merged_bio+0x256/0x630
[  223.698992][ T5789] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  225.473188][ T7115] loop2: detected capacity change from 0 to 256
[  225.555256][ T7115] FAT-fs (loop2): Directory bread(block 64) failed
[  225.578093][ T7115] FAT-fs (loop2): Directory bread(block 65) failed
[  225.596216][ T7115] FAT-fs (loop2): Directory bread(block 66) failed
[  225.621201][ T7115] FAT-fs (loop2): Directory bread(block 67) failed
[  225.652919][ T7115] FAT-fs (loop2): Directory bread(block 68) failed
[  225.655556][ T7117] loop3: detected capacity change from 0 to 1024
[  225.666728][ T7115] FAT-fs (loop2): Directory bread(block 69) failed
[  225.718018][ T7115] FAT-fs (loop2): Directory bread(block 70) failed
[  225.728438][ T7115] FAT-fs (loop2): Directory bread(block 71) failed
[  225.737776][ T7115] FAT-fs (loop2): Directory bread(block 72) failed
[  225.785356][ T7115] FAT-fs (loop2): Directory bread(block 73) failed
[  225.855214][ T7117] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  226.243480][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  229.174008][ T7138] loop0: detected capacity change from 0 to 32768
[  229.347568][ T7138] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  229.868720][ T5789] ocfs2: Unmounting device (7,0) on (node local)
[  232.234077][ T6021] block nbd3: Possible stuck request ffff888021c00000: control (read@0,4096B). Runtime 90 seconds
[  232.857159][   T50] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  232.899706][   T50] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  232.910153][   T50] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  232.922455][   T50] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  232.938386][   T50] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  232.946409][   T50] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  233.675766][ T7163] lo speed is unknown, defaulting to 1000
[  234.270622][ T7184] netlink: 44 bytes leftover after parsing attributes in process `syz.0.356'.
[  234.509480][ T7184] bridge0: port 2(bridge_slave_1) entered disabled state
[  234.519119][ T7184] bridge0: port 1(bridge_slave_0) entered disabled state
[  235.131254][ T5804] Bluetooth: hci4: command tx timeout
[  235.459553][ T7163] chnl_net:caif_netlink_parms(): no params data found
[  235.840681][ T7210] loop2: detected capacity change from 0 to 512
[  235.860741][ T7210] EXT4-fs (loop2): external journal device major/minor numbers have changed
[  235.884132][ T7210] syz.2.361: attempt to access beyond end of device
[  235.884132][ T7210] loop20: rw=0, sector=2, nr_sectors = 2 limit=0
[  235.897281][ T7210] EXT4-fs (loop2): couldn't read superblock of external journal
[  236.140482][ T7163] bridge0: port 1(bridge_slave_0) entered blocking state
[  236.758715][ T7163] bridge0: port 1(bridge_slave_0) entered disabled state
[  236.766230][ T7163] bridge_slave_0: entered allmulticast mode
[  236.939421][ T7163] bridge_slave_0: entered promiscuous mode
[  236.961195][ T7163] bridge0: port 2(bridge_slave_1) entered blocking state
[  236.999464][ T7163] bridge0: port 2(bridge_slave_1) entered disabled state
[  237.018970][ T7163] bridge_slave_1: entered allmulticast mode
[  237.026634][ T7163] bridge_slave_1: entered promiscuous mode
[  237.178913][ T5804] Bluetooth: hci4: command tx timeout
[  237.233804][ T7163] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  237.264700][ T7163] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  237.537839][ T7163] team0: Port device team_slave_0 added
[  237.569260][ T7163] team0: Port device team_slave_1 added
[  239.248940][ T5804] Bluetooth: hci4: command tx timeout
[  239.689069][ T7163] batman_adv: batadv0: Adding interface: batadv_slave_0
[  239.888378][ T7163] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  240.582802][ T7163] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  240.692347][ T7163] batman_adv: batadv0: Adding interface: batadv_slave_1
[  240.708635][ T7163] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  240.759447][ T7163] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  241.037061][ T7163] hsr_slave_0: entered promiscuous mode
[  241.099085][ T7163] hsr_slave_1: entered promiscuous mode
[  241.113497][ T7237] loop0: detected capacity change from 0 to 512
[  241.134379][ T7163] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  241.144471][ T7163] Cannot create hsr debugfs directory
[  241.164197][ T7235] loop3: detected capacity change from 0 to 1024
[  241.192736][ T7237] EXT4-fs (loop0): external journal device major/minor numbers have changed
[  241.223200][ T7237] syz.0.370: attempt to access beyond end of device
[  241.223200][ T7237] loop20: rw=0, sector=2, nr_sectors = 2 limit=0
[  241.229490][ T7235] EXT4-fs: Ignoring removed oldalloc option
[  241.253695][ T7237] EXT4-fs (loop0): couldn't read superblock of external journal
[  241.279212][ T7235] EXT4-fs: Ignoring removed orlov option
[  241.329441][ T5804] Bluetooth: hci4: command tx timeout
[  241.550913][ T7235] EXT4-fs (loop3): stripe (2) is not aligned with cluster size (16), stripe is disabled
[  242.148363][ T5881] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  242.448437][ T5881] usb 3-1: Using ep0 maxpacket: 16
[  242.455464][ T7235] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  242.468635][ T5881] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0
[  242.482806][ T5881] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x89 has an invalid bInterval 0, changing to 7
[  242.518263][ T5881] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x89 has invalid wMaxPacketSize 0
[  242.528087][ T5881] usb 3-1: config 0 interface 0 has no altsetting 0
[  242.549683][ T5881] usb 3-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb
[  242.559098][ T5881] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  242.567124][ T5881] usb 3-1: Product: syz
[  242.571360][ T5881] usb 3-1: Manufacturer: syz
[  242.575977][ T5881] usb 3-1: SerialNumber: syz
[  242.616283][ T5881] usb 3-1: config 0 descriptor??
[  242.855152][ T7163] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  242.877398][ T5881] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input8
[  242.899801][ T7163] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  242.909999][ T5146] synaptics_usb 3-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  242.920314][ T7163] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  242.928441][ T5146] synaptics_usb 3-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  242.986822][ T7163] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  243.179168][ T5146] synaptics_usb 3-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  243.222400][ T5881] usb 3-1: USB disconnect, device number 5
[  243.546527][ T5787] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  243.566347][ T7163] 8021q: adding VLAN 0 to HW filter on device bond0
[  243.591637][ T7163] 8021q: adding VLAN 0 to HW filter on device team0
[  243.623833][  T144] bridge0: port 1(bridge_slave_0) entered blocking state
[  243.631347][  T144] bridge0: port 1(bridge_slave_0) entered forwarding state
[  243.702785][  T144] bridge0: port 2(bridge_slave_1) entered blocking state
[  243.710071][  T144] bridge0: port 2(bridge_slave_1) entered forwarding state
[  244.616991][ T6021] block nbd4: Possible stuck request ffff888021ca0000: control (read@0,4096B). Runtime 90 seconds
[  244.699232][ T7263] loop2: detected capacity change from 0 to 4096
[  245.749008][ T7163] 8021q: adding VLAN 0 to HW filter on device batadv0
[  246.200212][ T5804] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  247.308022][ T5923] block nbd5: Possible stuck request ffff888021cd0000: control (read@0,1024B). Runtime 90 seconds
[  247.327596][ T5923] block nbd5: Possible stuck request ffff888021cd0200: control (read@1024,1024B). Runtime 90 seconds
[  247.340248][ T5923] block nbd5: Possible stuck request ffff888021cd0400: control (read@2048,1024B). Runtime 90 seconds
[  247.352339][ T5923] block nbd5: Possible stuck request ffff888021cd0600: control (read@3072,1024B). Runtime 90 seconds
[  247.371004][ T7292] loop0: detected capacity change from 0 to 16
[  247.543247][ T7292] erofs: (device loop0): mounted with root inode @ nid 36.
[  247.993376][ T7298] loop3: detected capacity change from 0 to 32768
[  248.011094][ T6021] block nbd2: Possible stuck request ffff888021ba0000: control (read@0,1024B). Runtime 120 seconds
[  248.022996][ T6021] block nbd2: Possible stuck request ffff888021ba0200: control (read@1024,3072B). Runtime 120 seconds
[  248.135934][ T7298] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  248.308713][ T7292] syz.0.378: attempt to access beyond end of device
[  248.308713][ T7292] loop0: rw=0, sector=48, nr_sectors = 16 limit=16
[  248.396976][ T7292] syz.0.378: attempt to access beyond end of device
[  248.396976][ T7292] loop0: rw=0, sector=48, nr_sectors = 16 limit=16
[  248.613084][ T6021] block nbd0: Possible stuck request ffff888021af8000: control (read@0,4096B). Runtime 150 seconds
[  248.681211][ T7163] veth0_vlan: entered promiscuous mode
[  248.697877][ T7163] veth1_vlan: entered promiscuous mode
[  248.934642][ T5787] ocfs2: Unmounting device (7,3) on (node local)
[  249.545801][ T7163] veth0_macvtap: entered promiscuous mode
[  249.582564][ T7163] veth1_macvtap: entered promiscuous mode
[  249.661314][ T7163] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  249.704202][ T7163] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  249.745335][ T7163] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  249.776893][ T7163] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  249.806557][ T7163] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  249.836988][ T7163] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  249.864676][ T7163] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  249.886195][ T7163] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  250.350485][ T7163] batman_adv: batadv0: Interface activated: batadv_slave_0
[  250.665913][ T7163] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  250.679517][ T7163] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  250.690156][ T7163] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  250.701034][ T7163] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  250.718783][ T7163] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  250.734026][ T7163] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  250.766755][ T7163] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  250.779707][ T7163] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  250.803479][ T7163] batman_adv: batadv0: Interface activated: batadv_slave_1
[  250.876986][ T7163] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  250.902368][ T7163] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  250.911344][ T7324] netlink: 4 bytes leftover after parsing attributes in process `syz.3.388'.
[  251.218756][ T7163] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  251.334304][ T7163] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  251.629983][ T7329] loop2: detected capacity change from 0 to 256
[  251.684506][ T7329] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  251.726315][ T7329] exFAT-fs (loop2): Medium has reported failures. Some data may be lost.
[  251.817665][ T3436] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  251.826849][ T3436] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  251.839100][  T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  251.877579][ T7329] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  251.898084][  T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  252.049238][ T5804] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  252.077115][ T7331] loop3: detected capacity change from 0 to 32768
[  252.384094][ T7331] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  252.471536][ T5923] block nbd1: Possible stuck request ffff888021b28000: control (read@0,4096B). Runtime 150 seconds
[  253.776049][   T48] Bluetooth: Error in BCSP hdr checksum
[  254.032111][ T3478] Bluetooth: Error in BCSP hdr checksum
[  254.064352][ T5787] ocfs2: Unmounting device (7,3) on (node local)
[  254.290659][   T48] Bluetooth: Error in BCSP hdr checksum
[  254.370843][ T7347] loop2: detected capacity change from 0 to 32768
[  254.427247][ T7347] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  254.611468][ T7347] XFS (loop2): Ending clean mount
[  254.688169][ T5880] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  254.706347][   T48] Bluetooth: Error in BCSP hdr checksum
[  254.881011][ T7363] hub 2-0:1.0: USB hub found
[  254.889913][ T7363] hub 2-0:1.0: 1 port detected
[  254.998318][ T5880] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  255.011983][   T50] Bluetooth: hci5: command 0x1003 tx timeout
[  255.019858][ T5804] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  255.452929][ T5880] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  255.497418][ T5880] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  255.671976][ T5788] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  255.692099][ T5880] usb 4-1: config 0 descriptor??
[  256.303510][ T1285] ieee802154 phy0 wpan0: encryption failed: -22
[  256.311132][ T1285] ieee802154 phy1 wpan1: encryption failed: -22
[  256.874195][ T5880] keytouch 0003:0926:3333.0001: fixing up Keytouch IEC report descriptor
[  256.955396][ T5880] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.0001/input/input9
[  257.973894][ T5880] keytouch 0003:0926:3333.0001: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0
[  258.366347][ T7387] loop4: detected capacity change from 0 to 32768
[  258.419503][ T7387] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  258.715930][ T5860] usb 4-1: USB disconnect, device number 4
[  258.788778][ T5881] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  258.825859][ T7388] fido_id[7388]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory
[  258.946426][ T7163] ocfs2: Unmounting device (7,4) on (node local)
[  259.038504][ T5881] usb 1-1: Using ep0 maxpacket: 32
[  259.858542][ T5881] usb 1-1: unable to get BOS descriptor or descriptor too short
[  259.868158][ T5881] usb 1-1: config 128 has an invalid interface number: 127 but max is 3
[  259.876698][ T5881] usb 1-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[  259.905006][ T5881] usb 1-1: config 128 has 1 interface, different from the descriptor's value: 4
[  259.915349][ T5881] usb 1-1: config 128 has no interface number 0
[  259.928373][ T5881] usb 1-1: config 128 interface 127 altsetting 14 has an invalid endpoint with address 0xFF, skipping
[  259.948390][ T5881] usb 1-1: config 128 interface 127 has no altsetting 0
[  259.958935][ T5881] usb 1-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55
[  259.975295][ T5881] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  259.983497][ T5881] usb 1-1: Product: syz
[  259.988724][ T5881] usb 1-1: Manufacturer: syz
[  259.993395][ T5881] usb 1-1: SerialNumber: syz
[  260.010791][ T7394] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  261.271028][ T5881] usb 1-1: USB disconnect, device number 4
[  261.382063][ T7396] udevd[7396]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  262.460019][ T7422] warning: `syz.2.416' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  262.740896][ T6021] block nbd3: Possible stuck request ffff888021c00000: control (read@0,4096B). Runtime 120 seconds
[  263.783465][ T7429] loop4: detected capacity change from 0 to 32768
[  263.858854][ T7429] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  263.894874][ T7431] loop3: detected capacity change from 0 to 1024
[  264.546198][ T7431] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  264.621568][ T7163] ocfs2: Unmounting device (7,4) on (node local)
[  266.172262][   T28] audit: type=1800 audit(1753595462.314:4): pid=7431 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.420" name="file1" dev="loop3" ino=839 res=0 errno=0
[  267.515164][ T7455] loop4: detected capacity change from 0 to 4096
[  268.552161][ T7455] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512).
[  269.640426][ T7455] ntfs3: loop4: ino=3, ntfs_set_state failed, -22.
[  269.703958][ T7467] netlink: 5364 bytes leftover after parsing attributes in process `syz.0.430'.
[  270.216098][ T7471] loop3: detected capacity change from 0 to 32768
[  270.484290][ T3544] ntfs3: loop4: ino=3, ntfs3_write_inode failed, -22.
[  270.521597][ T7471] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  270.682520][ T7163] ntfs3: loop4: ino=3, ntfs_set_state failed, -22.
[  270.705454][ T7163] ntfs3: loop4: Mark volume as dirty due to NTFS errors
[  270.887073][ T7163] ntfs3: loop4: ino=3, ntfs_set_state failed, -22.
[  270.902899][ T3478] ntfs3: loop4: ino=3, ntfs3_write_inode failed, -22.
[  271.638714][ T5787] ocfs2: Unmounting device (7,3) on (node local)
[  273.414938][ T7493] loop0: detected capacity change from 0 to 8192
[  273.431387][ T7495] loop3: detected capacity change from 0 to 512
[  273.451438][ T7495] EXT4-fs (loop3): external journal device major/minor numbers have changed
[  273.653524][ T7495] syz.3.437: attempt to access beyond end of device
[  273.653524][ T7495] loop20: rw=0, sector=2, nr_sectors = 2 limit=0
[  274.428989][ T7495] EXT4-fs (loop3): couldn't read superblock of external journal
[  275.198435][ T6021] block nbd4: Possible stuck request ffff888021ca0000: control (read@0,4096B). Runtime 120 seconds
[  275.413763][ T7507] lo speed is unknown, defaulting to 1000
[  275.448712][ T7507] lo speed is unknown, defaulting to 1000
[  275.455266][ T7507] lo speed is unknown, defaulting to 1000
[  275.650993][ T7507] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  275.810754][ T5804] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  276.361852][ T7507] lo speed is unknown, defaulting to 1000
[  276.387169][ T7507] lo speed is unknown, defaulting to 1000
[  276.410262][ T7507] lo speed is unknown, defaulting to 1000
[  276.434121][ T7507] lo speed is unknown, defaulting to 1000
[  276.482786][ T7507] lo speed is unknown, defaulting to 1000
[  276.510898][ T7508] netlink: 16 bytes leftover after parsing attributes in process `syz.3.440'.
[  276.762289][ T7519] loop4: detected capacity change from 0 to 32768
[  276.804139][ T7519] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  277.409444][   T24] block nbd5: Possible stuck request ffff888021cd0000: control (read@0,1024B). Runtime 120 seconds
[  277.420374][   T24] block nbd5: Possible stuck request ffff888021cd0200: control (read@1024,1024B). Runtime 120 seconds
[  277.431610][   T24] block nbd5: Possible stuck request ffff888021cd0400: control (read@2048,1024B). Runtime 120 seconds
[  277.443226][   T24] block nbd5: Possible stuck request ffff888021cd0600: control (read@3072,1024B). Runtime 120 seconds
[  277.756380][ T7163] ocfs2: Unmounting device (7,4) on (node local)
[  278.049180][ T6021] block nbd2: Possible stuck request ffff888021ba0000: control (read@0,1024B). Runtime 150 seconds
[  278.060367][ T6021] block nbd2: Possible stuck request ffff888021ba0200: control (read@1024,3072B). Runtime 150 seconds
[  278.293224][ T7535] loop0: detected capacity change from 0 to 512
[  278.311084][ T7535] EXT4-fs (loop0): external journal device major/minor numbers have changed
[  278.418696][ T7535] syz.0.449: attempt to access beyond end of device
[  278.418696][ T7535] loop20: rw=0, sector=2, nr_sectors = 2 limit=0
[  278.785802][ T1057] block nbd0: Possible stuck request ffff888021af8000: control (read@0,4096B). Runtime 180 seconds
[  278.796737][ T7535] EXT4-fs (loop0): couldn't read superblock of external journal
[  280.861384][ T5881] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  281.262625][ T5881] usb 1-1: Using ep0 maxpacket: 8
[  281.270416][ T5881] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  281.281430][ T5881] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  281.308385][ T5881] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  281.473421][ T5881] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  281.546545][ T5881] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  281.557718][ T5881] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  282.027078][ T5881] usb 1-1: GET_CAPABILITIES returned 0
[  282.082240][ T5881] usbtmc 1-1:16.0: can't read capabilities
[  282.406330][ T5831] usb 1-1: USB disconnect, device number 5
[  282.540803][   T24] block nbd1: Possible stuck request ffff888021b28000: control (read@0,4096B). Runtime 180 seconds
[  283.139822][ T7561] loop2: detected capacity change from 0 to 1024
[  283.162916][ T7561] EXT4-fs: Ignoring removed bh option
[  283.216340][ T7561] EXT4-fs: inline encryption not supported
[  283.278029][ T7561] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  283.349950][ T7561] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c80ce018, mo2=0000]
[  283.421489][   T50] Bluetooth: hci5: command 0x1003 tx timeout
[  283.429259][ T5804] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  283.759495][ T7567] loop3: detected capacity change from 0 to 32768
[  283.860301][ T7561] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #3: block 2: comm syz.2.456: lblock 2 mapped to illegal pblock 2 (length 1)
[  283.889785][ T7567] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  283.983067][ T7561] Quota error (device loop2): qtree_write_dquot: dquota write failed
[  284.435871][ T7561] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #3: block 48: comm syz.2.456: lblock 0 mapped to illegal pblock 48 (length 1)
[  284.508277][ T7561] Quota error (device loop2): v2_write_file_info: Can't write info structure
[  284.517683][ T7561] EXT4-fs error (device loop2): ext4_acquire_dquot:6938: comm syz.2.456: Failed to acquire dquot type 0
[  284.604065][ T7561] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5902: Corrupt filesystem
[  284.722895][ T7561] EXT4-fs error (device loop2): ext4_evict_inode:252: inode #11: comm syz.2.456: mark_inode_dirty error
[  284.746590][ T5787] ocfs2: Unmounting device (7,3) on (node local)
[  284.758126][ T7561] EXT4-fs warning (device loop2): ext4_evict_inode:255: couldn't mark inode dirty (err -117)
[  284.769615][ T7561] EXT4-fs (loop2): 1 orphan inode deleted
[  284.777469][ T7561] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  284.792426][ T3478] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #3: block 1: comm kworker/u4:10: lblock 1 mapped to illegal pblock 1 (length 1)
[  284.857424][ T3478] Quota error (device loop2): remove_tree: Can't read quota data block 1
[  285.388672][ T3478] EXT4-fs error (device loop2): ext4_release_dquot:6974: comm kworker/u4:10: Failed to release dquot type 0
[  285.503545][ T7561] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #3: block 48: comm syz.2.456: lblock 0 mapped to illegal pblock 48 (length 1)
[  285.509901][ T7581] loop3: detected capacity change from 0 to 512
[  285.636479][ T7581] EXT4-fs (loop3): external journal device major/minor numbers have changed
[  285.648867][ T7581] syz.3.461: attempt to access beyond end of device
[  285.648867][ T7581] loop20: rw=0, sector=2, nr_sectors = 2 limit=0
[  285.688635][ T7561] Quota error (device loop2): v2_read_header: Failed header read: expected=8 got=-117
[  285.717280][ T7581] EXT4-fs (loop3): couldn't read superblock of external journal
[  286.088821][ T6024] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  287.193782][ T5788] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  290.448454][ T5804] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  290.695843][ T7609] loop0: detected capacity change from 0 to 32768
[  290.786654][ T7609] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  291.678748][ T5789] ocfs2: Unmounting device (7,0) on (node local)
[  292.475974][ T7623] afs: Unknown parameter 'GPL'
[  293.873372][ T7629] loop2: detected capacity change from 0 to 512
[  294.001272][ T7629] EXT4-fs (loop2): external journal device major/minor numbers have changed
[  294.048746][ T1057] block nbd3: Possible stuck request ffff888021c00000: control (read@0,4096B). Runtime 150 seconds
[  294.144975][ T7629] syz.2.473: attempt to access beyond end of device
[  294.144975][ T7629] loop20: rw=0, sector=2, nr_sectors = 2 limit=0
[  294.277777][ T7629] EXT4-fs (loop2): couldn't read superblock of external journal
[  299.573465][ T5804] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  299.581738][   T50] Bluetooth: hci5: command 0x1003 tx timeout
[  300.008989][ T7656] loop3: detected capacity change from 0 to 32768
[  300.384962][ T7656] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  301.810648][ T7668] xt_hashlimit: size too large, truncated to 1048576
[  301.927764][ T7669] –: renamed from vxcan1 (while UP)
[  302.001802][ T5787] ocfs2: Unmounting device (7,3) on (node local)
[  304.302038][ T7681] loop3: detected capacity change from 0 to 512
[  304.408272][ T7681] EXT4-fs (loop3): external journal device major/minor numbers have changed
[  304.512557][ T7681] syz.3.486: attempt to access beyond end of device
[  304.512557][ T7681] loop20: rw=0, sector=2, nr_sectors = 2 limit=0
[  304.585301][ T7681] EXT4-fs (loop3): couldn't read superblock of external journal
[  305.569143][ T1057] block nbd4: Possible stuck request ffff888021ca0000: control (read@0,4096B). Runtime 150 seconds
[  308.279188][   T24] block nbd5: Possible stuck request ffff888021cd0000: control (read@0,1024B). Runtime 150 seconds
[  308.279597][ T1057] block nbd2: Possible stuck request ffff888021ba0000: control (read@0,1024B). Runtime 180 seconds
[  308.290185][   T24] block nbd5: Possible stuck request ffff888021cd0200: control (read@1024,1024B). Runtime 150 seconds
[  308.301120][ T1057] block nbd2: Possible stuck request ffff888021ba0200: control (read@1024,3072B). Runtime 180 seconds
[  308.312665][   T24] block nbd5: Possible stuck request ffff888021cd0400: control (read@2048,1024B). Runtime 150 seconds
[  308.334798][   T24] block nbd5: Possible stuck request ffff888021cd0600: control (read@3072,1024B). Runtime 150 seconds
[  309.419537][ T1057] block nbd0: Possible stuck request ffff888021af8000: control (read@0,4096B). Runtime 210 seconds
[  309.781089][ T7701] loop4: detected capacity change from 0 to 32768
[  309.869706][ T7701] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  310.621688][ T7163] ocfs2: Unmounting device (7,4) on (node local)
[  311.090110][   T50] Bluetooth: hci5: command 0x1003 tx timeout
[  311.096682][ T5804] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  312.627546][   T24] block nbd1: Possible stuck request ffff888021b28000: control (read@0,4096B). Runtime 210 seconds
[  314.345425][ T7725] loop3: detected capacity change from 0 to 512
[  314.417309][ T7725] EXT4-fs (loop3): external journal device major/minor numbers have changed
[  314.458718][ T7725] syz.3.499: attempt to access beyond end of device
[  314.458718][ T7725] loop20: rw=0, sector=2, nr_sectors = 2 limit=0
[  314.498300][ T7725] EXT4-fs (loop3): couldn't read superblock of external journal
[  317.563576][ T7745] loop2: detected capacity change from 0 to 32768
[  317.602562][ T7745] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  317.732922][ T1285] ieee802154 phy0 wpan0: encryption failed: -22
[  318.258430][ T1285] ieee802154 phy1 wpan1: encryption failed: -22
[  318.513887][ T5788] ocfs2: Unmounting device (7,2) on (node local)
[  320.091470][   T50] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  320.125037][   T50] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  320.135703][   T50] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  320.154585][   T50] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  320.164024][   T50] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  320.172017][   T50] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  320.423471][ T7758] lo speed is unknown, defaulting to 1000
[  320.465119][ T7758] lo speed is unknown, defaulting to 1000
[  321.898630][ T5804] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  322.088086][ T7774] loop3: detected capacity change from 0 to 512
[  322.136231][ T7774] EXT4-fs (loop3): external journal device major/minor numbers have changed
[  322.182029][ T7774] syz.3.509: attempt to access beyond end of device
[  322.182029][ T7774] loop20: rw=0, sector=2, nr_sectors = 2 limit=0
[  322.234062][ T7774] EXT4-fs (loop3): couldn't read superblock of external journal
[  322.446130][ T5804] Bluetooth: hci6: command tx timeout
[  324.902892][ T5804] Bluetooth: hci6: command tx timeout
[  324.935537][ T1057] block nbd3: Possible stuck request ffff888021c00000: control (read@0,4096B). Runtime 180 seconds
[  325.105696][ T7758] chnl_net:caif_netlink_parms(): no params data found
[  325.493523][ T7792] loop4: detected capacity change from 0 to 32768
[  325.596045][ T7792] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  326.435652][ T7163] ocfs2: Unmounting device (7,4) on (node local)
[  326.928316][ T5804] Bluetooth: hci6: command tx timeout
[  326.966543][ T7758] bridge0: port 1(bridge_slave_0) entered blocking state
[  327.088470][ T7758] bridge0: port 1(bridge_slave_0) entered disabled state
[  327.095814][ T7758] bridge_slave_0: entered allmulticast mode
[  327.141819][ T7758] bridge_slave_0: entered promiscuous mode
[  327.239444][ T7758] bridge0: port 2(bridge_slave_1) entered blocking state
[  327.248110][ T7758] bridge0: port 2(bridge_slave_1) entered disabled state
[  327.269701][ T7758] bridge_slave_1: entered allmulticast mode
[  327.304638][ T7758] bridge_slave_1: entered promiscuous mode
[  328.793860][ T7758] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  329.031917][ T5804] Bluetooth: hci6: command tx timeout
[  329.081675][ T7758] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  330.128540][ T5800] Bluetooth: hci3: command 0x0406 tx timeout
[  330.376404][ T7758] team0: Port device team_slave_0 added
[  330.411839][ T7758] team0: Port device team_slave_1 added
[  330.594497][ T7758] batman_adv: batadv0: Adding interface: batadv_slave_0
[  330.628859][ T7758] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  330.656449][ T7758] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  330.675445][ T7758] batman_adv: batadv0: Adding interface: batadv_slave_1
[  330.687728][ T7758] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  331.899120][ T7758] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  332.129431][ T5804] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  332.137657][   T50] Bluetooth: hci5: command 0x1003 tx timeout
[  332.395164][ T7758] hsr_slave_0: entered promiscuous mode
[  332.402745][ T7758] hsr_slave_1: entered promiscuous mode
[  332.415845][ T7758] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  332.434275][ T7758] Cannot create hsr debugfs directory
[  334.656026][ T7836] loop2: detected capacity change from 0 to 32768
[  334.804074][ T7836] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  335.420187][ T7758] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  335.482458][ T7758] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  335.963638][ T7758] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  335.973347][ T1057] block nbd4: Possible stuck request ffff888021ca0000: control (read@0,4096B). Runtime 180 seconds
[  336.060522][ T5788] ocfs2: Unmounting device (7,2) on (node local)
[  336.071316][ T7758] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  336.460785][ T7857] loop3: detected capacity change from 0 to 512
[  336.496458][ T7857] EXT4-fs (loop3): external journal device major/minor numbers have changed
[  336.514874][ T7857] syz.3.522: attempt to access beyond end of device
[  336.514874][ T7857] loop20: rw=0, sector=2, nr_sectors = 2 limit=0
[  336.578242][ T7857] EXT4-fs (loop3): couldn't read superblock of external journal
[  336.591474][ T7758] 8021q: adding VLAN 0 to HW filter on device bond0
[  336.749255][ T7758] 8021q: adding VLAN 0 to HW filter on device team0
[  336.893643][ T6024] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  336.908011][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  336.915351][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  338.644741][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  338.652022][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  338.890884][   T24] block nbd5: Possible stuck request ffff888021cd0000: control (read@0,1024B). Runtime 180 seconds
[  338.890892][ T1057] block nbd2: Possible stuck request ffff888021ba0000: control (read@0,1024B). Runtime 210 seconds
[  338.890936][ T1057] block nbd2: Possible stuck request ffff888021ba0200: control (read@1024,3072B). Runtime 210 seconds
[  338.904365][   T24] block nbd5: Possible stuck request ffff888021cd0200: control (read@1024,1024B). Runtime 180 seconds
[  339.376517][   T24] block nbd5: Possible stuck request ffff888021cd0400: control (read@2048,1024B). Runtime 180 seconds
[  339.388258][   T24] block nbd5: Possible stuck request ffff888021cd0600: control (read@3072,1024B). Runtime 180 seconds
[  339.494732][ T1057] block nbd0: Possible stuck request ffff888021af8000: control (read@0,4096B). Runtime 240 seconds
[  339.575068][ T7758] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  340.677974][ T7758] 8021q: adding VLAN 0 to HW filter on device batadv0
[  343.548287][   T24] block nbd1: Possible stuck request ffff888021b28000: control (read@0,4096B). Runtime 240 seconds
[  343.827297][ T7901] loop2: detected capacity change from 0 to 32768
[  343.869998][ T7901] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  343.874290][ T7758] veth0_vlan: entered promiscuous mode
[  343.902112][ T7758] veth1_vlan: entered promiscuous mode
[  343.948926][ T7758] veth0_macvtap: entered promiscuous mode
[  343.980941][ T7758] veth1_macvtap: entered promiscuous mode
[  344.500636][ T7758] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  344.578364][ T7758] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  344.589076][ T7758] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  344.600505][ T7758] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  344.613483][ T7758] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  344.624684][ T7758] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  344.636206][ T7758] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  344.647315][ T7758] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  344.657993][ T7758] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  344.669074][ T7758] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  344.714323][ T7758] batman_adv: batadv0: Interface activated: batadv_slave_0
[  344.930467][ T5804] Bluetooth: hci2: command 0x1003 tx timeout
[  344.940394][   T50] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  344.961387][ T7758] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  345.000383][ T5788] ocfs2: Unmounting device (7,2) on (node local)
[  345.028857][ T7758] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  345.197527][ T7758] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  345.298444][ T7758] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  345.319676][ T7758] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  345.340582][ T7758] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  345.354869][ T7758] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  345.368394][ T7758] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  345.378689][ T7758] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  345.480050][ T7758] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  345.521564][ T7758] batman_adv: batadv0: Interface activated: batadv_slave_1
[  345.592815][ T7758] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  345.623903][ T7758] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  346.732159][ T7758] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  346.779805][ T7758] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  347.087856][   T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  347.130237][   T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  347.281961][   T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  347.375524][   T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  349.048571][   T27] usb 6-1: new low-speed USB device number 2 using dummy_hcd
[  349.411425][   T27] usb 6-1: config 0 has an invalid interface number: 55 but max is 0
[  349.421602][   T27] usb 6-1: config 0 has no interface number 0
[  349.427900][   T27] usb 6-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0x80, skipping
[  349.439806][   T27] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  349.460228][ T7937] loop2: detected capacity change from 0 to 512
[  349.654814][   T27] usb 6-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0xAB, skipping
[  349.665927][   T27] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  349.750890][ T7937] EXT4-fs (loop2): external journal device major/minor numbers have changed
[  350.173124][ T7937] syz.2.541: attempt to access beyond end of device
[  350.173124][ T7937] loop20: rw=0, sector=2, nr_sectors = 2 limit=0
[  350.186252][   T27] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  350.197847][ T7937] EXT4-fs (loop2): couldn't read superblock of external journal
[  350.206570][   T27] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  350.411419][   T27] usb 6-1: config 0 descriptor??
[  350.417794][ T7932] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  350.430968][   T27] ldusb 6-1:0.55: Interrupt in endpoint not found
[  351.017827][   T27] IPVS: starting estimator thread 0...
[  351.138752][ T7943] IPVS: using max 16 ests per chain, 38400 per kthread
[  351.809990][ T5804] Bluetooth: hci2: command 0x1003 tx timeout
[  351.816581][   T50] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  353.778000][   T54] usb 6-1: USB disconnect, device number 2
[  354.056388][ T7951] loop4: detected capacity change from 0 to 32768
[  354.163171][ T7951] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  354.190206][ T7953] loop5: detected capacity change from 0 to 128
[  354.761271][   T28] audit: type=1800 audit(1753595550.914:5): pid=7953 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.552" name="bus" dev="loop5" ino=1048602 res=0 errno=0
[  355.370375][ T7163] ocfs2: Unmounting device (7,4) on (node local)
[  355.371347][ T7953] syz.5.552: attempt to access beyond end of device
[  355.371347][ T7953] loop5: rw=2049, sector=249, nr_sectors = 792 limit=128
[  355.489530][ T1057] block nbd3: Possible stuck request ffff888021c00000: control (read@0,4096B). Runtime 210 seconds
[  355.737016][ T5804] Bluetooth: hci4: command 0x0406 tx timeout
[  356.471472][ T7970] loop4: detected capacity change from 0 to 512
[  356.563105][ T7970] EXT4-fs (loop4): external journal device major/minor numbers have changed
[  356.637309][ T7970] syz.4.556: attempt to access beyond end of device
[  356.637309][ T7970] loop20: rw=0, sector=2, nr_sectors = 2 limit=0
[  356.679275][ T7970] EXT4-fs (loop4): couldn't read superblock of external journal
[  356.743135][ T7396] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  358.848417][ T5804] Bluetooth: hci2: command 0x1003 tx timeout
[  358.855561][   T50] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  361.948932][ T8000] loop5: detected capacity change from 0 to 32768
[  362.077577][ T8000] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  362.910128][ T7758] ocfs2: Unmounting device (7,5) on (node local)
[  362.947927][ T8012] loop4: detected capacity change from 0 to 512
[  362.966586][ T8012] EXT4-fs (loop4): external journal device major/minor numbers have changed
[  362.998573][ T8012] syz.4.568: attempt to access beyond end of device
[  362.998573][ T8012] loop20: rw=0, sector=2, nr_sectors = 2 limit=0
[  363.038381][ T8012] EXT4-fs (loop4): couldn't read superblock of external journal
[  366.387051][ T1057] block nbd4: Possible stuck request ffff888021ca0000: control (read@0,4096B). Runtime 210 seconds
[  368.943611][ T6021] block nbd2: Possible stuck request ffff888021ba0000: control (read@0,1024B). Runtime 240 seconds
[  368.954581][ T6021] block nbd2: Possible stuck request ffff888021ba0200: control (read@1024,3072B). Runtime 240 seconds
[  369.569217][   T29] INFO: task syz.1.295:6982 blocked for more than 144 seconds.
[  369.576942][   T29]       Not tainted 6.6.100-syzkaller #0
[  369.597816][ T6021] block nbd0: Possible stuck request ffff888021af8000: control (read@0,4096B). Runtime 270 seconds
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  369.658634][   T24] block nbd5: Possible stuck request ffff888021cd0000: control (read@0,1024B). Runtime 210 seconds
[  369.669713][   T24] block nbd5: Possible stuck request ffff888021cd0200: control (read@1024,1024B). Runtime 210 seconds
[  369.681073][   T24] block nbd5: Possible stuck request ffff888021cd0400: control (read@2048,1024B). Runtime 210 seconds
[  369.692755][   T24] block nbd5: Possible stuck request ffff888021cd0600: control (read@3072,1024B). Runtime 210 seconds
[  369.720565][   T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  369.798511][   T29] task:syz.1.295       state:D stack:27944 pid:6982  ppid:5790   flags:0x00004004
[  369.858312][   T29] Call Trace:
[  369.861682][   T29]  <TASK>
[  369.868639][   T29]  __schedule+0x14d2/0x44d0
[  369.873242][   T29]  ? asan.module_dtor+0x20/0x20
[  369.925399][   T29]  ? __mutex_lock+0x6b2/0xcc0
[  369.938609][   T29]  ? __mutex_trylock_common+0x84/0x250
[  369.965118][   T29]  ? trace_raw_output_contention_end+0xd0/0xd0
[  369.978940][   T29]  schedule+0xbd/0x170
[  369.983108][   T29]  schedule_preempt_disabled+0x13/0x20
[  370.003182][   T29]  __mutex_lock+0x6b7/0xcc0
[  370.007766][   T29]  ? __mutex_lock+0x4e8/0xcc0
[  370.018308][   T29]  ? sync_bdevs+0x1af/0x330
[  370.029047][   T29]  ? mutex_lock_nested+0x20/0x20
[  370.034097][   T29]  ? _atomic_dec_and_lock+0x93/0x120
[  370.039478][   T29]  ? do_raw_spin_unlock+0x121/0x230
[  370.044733][   T29]  sync_bdevs+0x1af/0x330
[  370.051399][   T29]  ksys_sync+0xba/0x150
[  370.055606][   T29]  ? sync_filesystem+0x220/0x220
[  370.068370][   T29]  ? syscall_enter_from_user_mode+0x25/0x80
[  370.075568][   T29]  ? lockdep_hardirqs_on+0x98/0x150
[  370.082399][   T29]  __ia32_sys_sync+0xe/0x20
[  370.087006][   T29]  do_syscall_64+0x55/0xb0
[  370.092178][   T29]  ? clear_bhb_loop+0x40/0x90
[  370.096881][   T29]  ? clear_bhb_loop+0x40/0x90
[  370.102034][   T29]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  370.107985][   T29] RIP: 0033:0x7f585a18e9a9
[  370.112970][   T29] RSP: 002b:00007f585af9b038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  370.121833][   T29] RAX: ffffffffffffffda RBX: 00007f585a3b5fa0 RCX: 00007f585a18e9a9
[  370.132710][   T29] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  370.141081][   T29] RBP: 00007f585a3b5fa0 R08: 0000000000000000 R09: 0000000000000000
[  370.149443][   T29] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  370.157462][   T29] R13: 0000000000000000 R14: 00007f585a3b5fa0 R15: 00007ffc41de7528
[  370.166163][   T29]  </TASK>
[  370.179937][   T29] INFO: task syz.1.295:6990 blocked for more than 144 seconds.
[  370.228754][   T29]       Not tainted 6.6.100-syzkaller #0
[  370.234475][   T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  370.306460][   T29] task:syz.1.295       state:D stack:27504 pid:6990  ppid:5790   flags:0x00004004
[  370.338246][   T29] Call Trace:
[  370.358255][   T29]  <TASK>
[  370.361370][   T29]  __schedule+0x14d2/0x44d0
[  370.365969][   T29]  ? asan.module_dtor+0x20/0x20
[  370.441886][   T29]  ? __mutex_lock+0x6b2/0xcc0
[  370.446703][   T29]  ? __mutex_trylock_common+0x84/0x250
[  370.488296][   T29]  ? trace_raw_output_contention_end+0xd0/0xd0
[  370.494567][   T29]  schedule+0xbd/0x170
[  370.538398][   T29]  schedule_preempt_disabled+0x13/0x20
[  370.543971][   T29]  __mutex_lock+0x6b7/0xcc0
[  370.586202][   T29]  ? __mutex_lock+0x4e8/0xcc0
[  370.618362][   T29]  ? sync_bdevs+0x1af/0x330
[  370.623026][   T29]  ? mutex_lock_nested+0x20/0x20
[  370.658637][   T29]  ? _atomic_dec_and_lock+0x93/0x120
[  370.664040][   T29]  ? do_raw_spin_unlock+0x121/0x230
[  370.706311][   T29]  sync_bdevs+0x1af/0x330
[  370.728477][   T29]  ksys_sync+0xba/0x150
[  370.733183][   T29]  ? sync_filesystem+0x220/0x220
[  370.768799][   T29]  ? syscall_enter_from_user_mode+0x25/0x80
[  370.774767][   T29]  ? lockdep_hardirqs_on+0x98/0x150
[  370.808273][   T29]  __ia32_sys_sync+0xe/0x20
[  370.812976][   T29]  do_syscall_64+0x55/0xb0
[  370.817526][   T29]  ? clear_bhb_loop+0x40/0x90
[  370.848991][   T29]  ? clear_bhb_loop+0x40/0x90
[  370.853786][   T29]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  370.888225][   T29] RIP: 0033:0x7f585a18e9a9
[  370.892739][   T29] RSP: 002b:00007f585af7a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  370.918281][   T29] RAX: ffffffffffffffda RBX: 00007f585a3b6080 RCX: 00007f585a18e9a9
[  370.926347][   T29] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  370.958230][   T29] RBP: 00007f585a3b6080 R08: 0000000000000000 R09: 0000000000000000
[  370.966290][   T29] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  371.008355][   T29] R13: 0000000000000001 R14: 00007f585a3b6080 R15: 00007ffc41de7528
[  371.016461][   T29]  </TASK>
[  371.028626][   T29] 
[  371.028626][   T29] Showing all locks held in the system:
[  371.058214][   T29] 1 lock held by khungtaskd/29:
[  371.063585][   T29]  #0: ffffffff8cd2fba0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x290
[  371.077701][   T29] 2 locks held by kworker/0:2/787:
[  371.083274][   T29] 2 locks held by kworker/u4:8/3436:
[  371.088919][   T29] 2 locks held by getty/5551:
[  371.093640][   T29]  #0: ffff88814ce5a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  371.104006][   T29]  #1: ffffc9000327b2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x425/0x1380
[  371.114642][   T29] 1 lock held by udevd/5799:
[  371.119601][   T29]  #0: ffff888021a434c8 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0x121/0x600
[  371.130051][   T29] 1 lock held by udevd/5803:
[  371.134683][   T29]  #0: ffff88814137f4c8 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0x121/0x600
[  371.144851][   T29] 1 lock held by udevd/5805:
[  371.150336][   T29]  #0: ffff8881417004c8 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0x121/0x600
[  371.160696][   T29] 2 locks held by kworker/1:6/5880:
[  371.165946][   T29]  #0: ffff888017872538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0
[  371.177300][   T29]  #1: ffffc90004977d00 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_scheduled_works+0x957/0x15b0
[  371.189578][   T29] 1 lock held by udevd/5946:
[  371.194214][   T29]  #0: ffff888021a7c4c8 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0x121/0x600
[  371.204966][   T29] 1 lock held by udevd/6147:
[  371.209695][   T29]  #0: ffff888021a9e4c8 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0x121/0x600
[  371.220016][   T29] 1 lock held by udevd/6335:
[  371.224613][   T29]  #0: ffff888021a994c8 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0x121/0x600
[  371.234785][   T29] 1 lock held by syz.1.295/6982:
[  371.239802][   T29]  #0: ffff888021a9e4c8 (&disk->open_mutex){+.+.}-{3:3}, at: sync_bdevs+0x1af/0x330
[  371.249355][   T29] 1 lock held by syz.1.295/6990:
[  371.255174][   T29]  #0: ffff888021a9e4c8 (&disk->open_mutex){+.+.}-{3:3}, at: sync_bdevs+0x1af/0x330
[  371.264938][   T29] 5 locks held by syz-executor/7163:
[  371.270489][   T29]  #0: ffff88803035ce70 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x212/0x510
[  371.280926][   T29]  #1: ffff88803035c0b8 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x4c9/0xfb0
[  371.290644][   T29]  #2: ffffffff8e128748 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xa1/0x220
[  371.300828][   T29]  #3: ffff88805c7b9b38 (&conn->lock#2){+.+.}-{3:3}, at: l2cap_conn_del+0x70/0x660
[  371.310283][   T29]  #4: ffffffff8cd35b78 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x360/0x830
[  371.322195][   T29] 3 locks held by syz-executor/7758:
[  371.327523][   T29]  #0: ffff88804bcf4e70 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x212/0x510
[  371.337629][   T29]  #1: ffff88804bcf40b8 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x4c9/0xfb0
[  371.347323][   T29]  #2: ffffffff8e128748 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xa1/0x220
[  371.358185][   T29] 3 locks held by syz.2.575/8049:
[  371.363263][   T29]  #0: ffff88807be90e70 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x212/0x510
[  371.373330][   T29]  #1: ffff88807be900b8 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x4c9/0xfb0
[  371.383232][   T29]  #2: ffffffff8cd35b78 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x448/0x830
[  371.426338][   T29] 
[  371.431562][   T29] =============================================
[  371.431562][   T29] 
[  371.458533][   T29] NMI backtrace for cpu 0
[  371.462966][   T29] CPU: 0 PID: 29 Comm: khungtaskd Not tainted 6.6.100-syzkaller #0
[  371.470917][   T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  371.481124][   T29] Call Trace:
[  371.484439][   T29]  <TASK>
[  371.487402][   T29]  dump_stack_lvl+0x16c/0x230
[  371.492150][   T29]  ? show_regs_print_info+0x20/0x20
[  371.497407][   T29]  ? load_image+0x3b0/0x3b0
[  371.501992][   T29]  nmi_cpu_backtrace+0x39b/0x3d0
[  371.507005][   T29]  ? nmi_trigger_cpumask_backtrace+0x2f0/0x2f0
[  371.513219][   T29]  ? _printk+0xd0/0x110
[  371.517422][   T29]  ? load_image+0x3b0/0x3b0
[  371.522018][   T29]  ? load_image+0x3b0/0x3b0
[  371.526578][   T29]  ? arch_trigger_cpumask_backtrace+0x10/0x10
[  371.532714][   T29]  nmi_trigger_cpumask_backtrace+0x17a/0x2f0
[  371.538830][   T29]  watchdog+0xf41/0xf80
[  371.543036][   T29]  ? watchdog+0x1e1/0xf80
[  371.547424][   T29]  kthread+0x2fa/0x390
[  371.551528][   T29]  ? hungtask_pm_notify+0x90/0x90
[  371.556606][   T29]  ? kthread_blkcg+0xd0/0xd0
[  371.561240][   T29]  ret_from_fork+0x48/0x80
[  371.565716][   T29]  ? kthread_blkcg+0xd0/0xd0
[  371.570433][   T29]  ret_from_fork_asm+0x11/0x20
[  371.575259][   T29]  </TASK>
[  371.580677][   T29] Sending NMI from CPU 0 to CPUs 1:
[  371.585969][    C1] NMI backtrace for cpu 1
[  371.585986][    C1] CPU: 1 PID: 6718 Comm: syz.3.220 Not tainted 6.6.100-syzkaller #0
[  371.586003][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  371.586012][    C1] RIP: 0010:lock_release+0xd2/0x8b0
[  371.586038][    C1] Code: 52 75 00 48 0f a3 1d 15 f3 e2 0c 73 0d e8 26 15 08 00 84 c0 0f 84 2c 05 00 00 48 c7 c0 5c b2 4a 8e 48 c1 e8 03 42 0f b6 04 28 <84> c0 0f 85 34 05 00 00 83 3d 9b 27 e3 0c 00 0f 84 8c 04 00 00 65
[  371.586052][    C1] RSP: 0018:ffffc90019aff7c0 EFLAGS: 00000a07
[  371.586067][    C1] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0b5a7cfe38ca3300
[  371.586078][    C1] RDX: 0000000000000000 RSI: ffffffff8afc66e0 RDI: ffffffff8afc66a0
[  371.586089][    C1] RBP: ffffc90019aff8c8 R08: ffffffff8e4a7daf R09: 1ffffffff1c94fb5
[  371.586101][    C1] R10: dffffc0000000000 R11: fffffbfff1c94fb6 R12: ffffffff81d0acb6
[  371.586112][    C1] R13: dffffc0000000000 R14: ffffea0001a2b940 R15: 1ffff9200335ff04
[  371.586124][    C1] FS:  0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[  371.586138][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  371.586148][    C1] CR2: 00007f446798df70 CR3: 0000000019af0000 CR4: 00000000003506e0
[  371.586163][    C1] Call Trace:
[  371.586169][    C1]  <TASK>
[  371.586179][    C1]  ? read_lock_is_recursive+0x20/0x20
[  371.586198][    C1]  ? __lock_acquire+0x7c80/0x7c80
[  371.586215][    C1]  ? do_raw_spin_trylock+0xac/0x180
[  371.586243][    C1]  _raw_spin_unlock+0x16/0x40
[  371.586268][    C1]  free_unref_page+0x186/0x2e0
[  371.586295][    C1]  vfree+0x1a6/0x320
[  371.586316][    C1]  ? kcov_open+0x90/0x90
[  371.586336][    C1]  kcov_close+0x2b/0x50
[  371.586354][    C1]  __fput+0x234/0x970
[  371.586385][    C1]  task_work_run+0x1ce/0x250
[  371.586409][    C1]  ? task_work_cancel+0x240/0x240
[  371.586431][    C1]  ? do_exit+0x906/0x23c0
[  371.586453][    C1]  ? kmem_cache_free+0xf8/0x280
[  371.586479][    C1]  do_exit+0x90b/0x23c0
[  371.586506][    C1]  ? put_task_struct+0xc0/0xc0
[  371.586531][    C1]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  371.586549][    C1]  ? get_signal+0x1255/0x1400
[  371.586574][    C1]  ? lock_chain_count+0x20/0x20
[  371.586594][    C1]  do_group_exit+0x21b/0x2d0
[  371.586617][    C1]  ? lockdep_hardirqs_on+0x98/0x150
[  371.586643][    C1]  get_signal+0x12fc/0x1400
[  371.586678][    C1]  arch_do_signal_or_restart+0x96/0x780
[  371.586705][    C1]  ? __remove_hrtimer+0x470/0x470
[  371.586724][    C1]  ? get_sigframe_size+0x20/0x20
[  371.586753][    C1]  ? __se_sys_clock_nanosleep+0x2ea/0x370
[  371.586770][    C1]  ? exit_to_user_mode_loop+0x3b/0x110
[  371.586796][    C1]  exit_to_user_mode_loop+0x70/0x110
[  371.586818][    C1]  exit_to_user_mode_prepare+0xb1/0x140
[  371.586841][    C1]  syscall_exit_to_user_mode+0x1a/0x50
[  371.586865][    C1]  do_syscall_64+0x61/0xb0
[  371.586882][    C1]  ? clear_bhb_loop+0x40/0x90
[  371.586897][    C1]  ? clear_bhb_loop+0x40/0x90
[  371.586912][    C1]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  371.586945][    C1] RIP: 0033:0x7f5a2bfc1265
[  371.586958][    C1] Code: Unable to access opcode bytes at 0x7f5a2bfc123b.
[  371.586966][    C1] RSP: 002b:00007f5a2ce47f80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6
[  371.586981][    C1] RAX: fffffffffffffdfc RBX: 00007f5a2c1b5fa0 RCX: 00007f5a2bfc1265
[  371.586992][    C1] RDX: 00007f5a2ce47fc0 RSI: 0000000000000000 RDI: 0000000000000000
[  371.587002][    C1] RBP: 00007f5a2c010d69 R08: 0000000000000000 R09: 0000000000000000
[  371.587012][    C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  371.587021][    C1] R13: 0000000000000001 R14: 00007f5a2c1b5fa0 R15: 00007fff4be2e2a8
[  371.587040][    C1]  </TASK>
[  371.940430][   T29] Kernel panic - not syncing: hung_task: blocked tasks
[  371.947361][   T29] CPU: 0 PID: 29 Comm: khungtaskd Not tainted 6.6.100-syzkaller #0
[  371.955296][   T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  371.965397][   T29] Call Trace:
[  371.968718][   T29]  <TASK>
[  371.971687][   T29]  dump_stack_lvl+0x16c/0x230
[  371.976435][   T29]  ? show_regs_print_info+0x20/0x20
[  371.981700][   T29]  ? load_image+0x3b0/0x3b0
[  371.986271][   T29]  panic+0x2c0/0x710
[  371.990303][   T29]  ? schedule_preempt_disabled+0x20/0x20
[  371.996000][   T29]  ? bpf_jit_dump+0xd0/0xd0
[  372.000553][   T29]  ? __irq_work_queue_local+0x13a/0x3b0
[  372.006147][   T29]  ? nmi_trigger_cpumask_backtrace+0x2a4/0x2f0
[  372.012353][   T29]  watchdog+0xf80/0xf80
[  372.016563][   T29]  ? watchdog+0x1e1/0xf80
[  372.020953][   T29]  kthread+0x2fa/0x390
[  372.025068][   T29]  ? hungtask_pm_notify+0x90/0x90
[  372.030134][   T29]  ? kthread_blkcg+0xd0/0xd0
[  372.034764][   T29]  ret_from_fork+0x48/0x80
[  372.039225][   T29]  ? kthread_blkcg+0xd0/0xd0
[  372.043859][   T29]  ret_from_fork_asm+0x11/0x20
[  372.048692][   T29]  </TASK>
[  372.052059][   T29] Kernel Offset: disabled
[  372.056400][   T29] Rebooting in 86400 seconds..