last executing test programs:

15m12.600901719s ago: executing program 2 (id=21):
socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000380)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0)
write$cgroup_devices(r3, &(0x7f0000000000)=ANY=[], 0x9)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r3, 0x0)
r4 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x100000a, 0x4082172, 0xffffffffffffffff, 0x0)
getdents(r4, &(0x7f00000005c0)=""/147, 0x93)
getdents64(r4, 0x0, 0x0)

15m10.159310722s ago: executing program 2 (id=23):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$XFS_IOC_PATH_TO_HANDLE(r2, 0xc01c5869, &(0x7f0000000780)={r2, 0x0, 0x201, 0x0, 0x7, &(0x7f0000000700), 0x0})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0), 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, 0x0, <r3=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f00000004c0)={r3, 0x0, 0x4, 0x0, 0x2, [<r4=>0x0], [0x0, 0x0, 0x0, 0x10000], [0x0, 0x0, 0xfffffffc], [0x1]})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0xb5})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000080)={r4, 0x0, <r5=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r5})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000080))
ioctl$DRM_IOCTL_MODE_ADDFB2(0xffffffffffffffff, 0xc06464b8, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

15m9.623476033s ago: executing program 2 (id=26):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000200)=@abs={0x0, 0x0, 0x204e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
clock_gettime(0x7, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x4c}]}, &(0x7f0000000080)='syzkaller\x00'}, 0x94)
r3 = socket$kcm(0x10, 0x2, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x42000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000100), r5)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/mem_sleep', 0x101a02, 0x0)
copy_file_range(r6, &(0x7f0000000000)=0x8, r6, 0x0, 0x4, 0x0)
linkat(0xffffffffffffffff, &(0x7f0000000480)='./file0/file0\x00', r6, &(0x7f00000005c0)='./file0\x00', 0x1400)
sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r5, 0x0, 0x4800)
syz_clone(0x80e1280, &(0x7f0000000300)="9e920a23254f1e8e10bc2525225d1be304e664460c7294865830d05532a786006f797def105426ddfacafb122b851c3761852017b5a5f6cc3f976f82bb62941cc5e95b41c0060418131f747a52f3e63c96acab52ec1976fb", 0x58, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000540)="dcc2938a0e1c2baf1362a0e787778391ca695d28b423c1557c9efa164efc748d5bec470bcdbea6d330324c85aaae14402bd2fc38b3e535a9ae59d34239c0b2878bfdefaca5a40b374270fe91a450d840834f7960c84e3ac28a17ec794ffd7e2205931ec946a72deb0f7c")
mount$9p_rdma(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0xc0004, &(0x7f0000000840)=ANY=[@ANYBLOB="7472616e733d72646d612d706f72743d3078303030303030303030303030346532342c74696d656f75743d3078303030303030303030303030303030382c66736e616d653d21852c66736d616769633d30783030303030303030303030453024e16c4f59cd526c4871357a8bf6553030312c00f499a65516ffa4581bcc7ca54ef2a052c43232d9"])
ioctl$sock_SIOCBRDELBR(r4, 0x89a2, &(0x7f0000000000)='bridge0\x00')
sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140604000000000e000a000f0000000280000012", 0x2d}], 0x1}, 0x0)

15m7.822387184s ago: executing program 4 (id=31):
socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000380)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$cgroup_devices(r3, &(0x7f0000000000)=ANY=[], 0x9)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r3, 0x0)
r4 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x100000a, 0x4082172, 0xffffffffffffffff, 0x0)
getdents(r4, &(0x7f00000005c0)=""/147, 0x93)

15m6.537130832s ago: executing program 4 (id=33):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000200)=@abs={0x0, 0x0, 0x204e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
clock_gettime(0x7, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x4c}]}, &(0x7f0000000080)='syzkaller\x00'}, 0x94)
r3 = socket$kcm(0x10, 0x2, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x42000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/mem_sleep', 0x101a02, 0x0)
copy_file_range(r5, &(0x7f0000000000)=0x8, r5, 0x0, 0x4, 0x0)
linkat(0xffffffffffffffff, &(0x7f0000000480)='./file0/file0\x00', r5, &(0x7f00000005c0)='./file0\x00', 0x1400)
sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(0xffffffffffffffff, 0x0, 0x4800)
syz_clone(0x80e1280, &(0x7f0000000300)="9e920a23254f1e8e10bc2525225d1be304e664460c7294865830d05532a786006f797def105426ddfacafb122b851c3761852017b5a5f6cc3f976f82bb62941cc5e95b41c0060418131f747a52f3e63c96acab52ec1976fb", 0x58, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000540)="dcc2938a0e1c2baf1362a0e787778391ca695d28b423c1557c9efa164efc748d5bec470bcdbea6d330324c85aaae14402bd2fc38b3e535a9ae59d34239c0b2878bfdefaca5a40b374270fe91a450d840834f7960c84e3ac28a17ec794ffd7e2205931ec946a72deb0f7c")
mount$9p_rdma(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0xc0004, &(0x7f0000000840)=ANY=[@ANYBLOB="7472616e733d72646d612d706f72743d3078303030303030303030303030346532342c74696d656f75743d3078303030303030303030303030303030382c66736e616d653d21852c66736d616769633d30783030303030303030303030453024e16c4f59cd526c4871357a8bf6553030312c00f499a65516ffa4581bcc7ca54ef2a052c43232d9"])
ioctl$sock_SIOCBRDELBR(r4, 0x89a2, &(0x7f0000000000)='bridge0\x00')
sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140604000000000e000a000f0000000280000012", 0x2d}], 0x1}, 0x0)

15m4.881050717s ago: executing program 4 (id=34):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000200)=@abs={0x0, 0x0, 0x204e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
clock_gettime(0x7, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x4c}]}, &(0x7f0000000080)='syzkaller\x00'}, 0x94)
r3 = socket$kcm(0x10, 0x2, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x42000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/mem_sleep', 0x101a02, 0x0)
copy_file_range(r6, &(0x7f0000000000)=0x8, r6, 0x0, 0x4, 0x0)
linkat(0xffffffffffffffff, &(0x7f0000000480)='./file0/file0\x00', r6, &(0x7f00000005c0)='./file0\x00', 0x1400)
sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r5, 0x0, 0x4800)
syz_clone(0x80e1280, &(0x7f0000000300)="9e920a23254f1e8e10bc2525225d1be304e664460c7294865830d05532a786006f797def105426ddfacafb122b851c3761852017b5a5f6cc3f976f82bb62941cc5e95b41c0060418131f747a52f3e63c96acab52ec1976fb", 0x58, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000540)="dcc2938a0e1c2baf1362a0e787778391ca695d28b423c1557c9efa164efc748d5bec470bcdbea6d330324c85aaae14402bd2fc38b3e535a9ae59d34239c0b2878bfdefaca5a40b374270fe91a450d840834f7960c84e3ac28a17ec794ffd7e2205931ec946a72deb0f7c")
mount$9p_rdma(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0xc0004, &(0x7f0000000840)=ANY=[@ANYBLOB="7472616e733d72646d612d706f72743d3078303030303030303030303030346532342c74696d656f75743d3078303030303030303030303030303030382c66736e616d653d21852c66736d616769633d30783030303030303030303030453024e16c4f59cd526c4871357a8bf6553030312c00f499a65516ffa4581bcc7ca54ef2a052c43232d9"])
ioctl$sock_SIOCBRDELBR(r4, 0x89a2, &(0x7f0000000000)='bridge0\x00')
sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140604000000000e000a000f0000000280000012", 0x2d}], 0x1}, 0x0)

15m3.105700621s ago: executing program 4 (id=37):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
rseq(&(0x7f0000000280)={0x0, 0x0, 0x0, 0x5}, 0x20, 0x0, 0x0)
io_getevents(0x0, 0x1, 0x0, 0x0, 0x0)
listen(0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
flock(r1, 0x2)

15m1.642600079s ago: executing program 4 (id=40):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000200)=@abs={0x0, 0x0, 0x204e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
clock_gettime(0x7, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x4c}]}, &(0x7f0000000080)='syzkaller\x00'}, 0x94)
r3 = socket$kcm(0x10, 0x2, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/mem_sleep', 0x101a02, 0x0)
copy_file_range(r6, &(0x7f0000000000)=0x8, r6, 0x0, 0x4, 0x0)
linkat(0xffffffffffffffff, &(0x7f0000000480)='./file0/file0\x00', r6, &(0x7f00000005c0)='./file0\x00', 0x1400)
sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r5, 0x0, 0x4800)
syz_clone(0x80e1280, &(0x7f0000000300)="9e920a23254f1e8e10bc2525225d1be304e664460c7294865830d05532a786006f797def105426ddfacafb122b851c3761852017b5a5f6cc3f976f82bb62941cc5e95b41c0060418131f747a52f3e63c96acab52ec1976fb", 0x58, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000540)="dcc2938a0e1c2baf1362a0e787778391ca695d28b423c1557c9efa164efc748d5bec470bcdbea6d330324c85aaae14402bd2fc38b3e535a9ae59d34239c0b2878bfdefaca5a40b374270fe91a450d840834f7960c84e3ac28a17ec794ffd7e2205931ec946a72deb0f7c")
mount$9p_rdma(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0xc0004, &(0x7f0000000840)=ANY=[@ANYBLOB="7472616e733d72646d612d706f72743d3078303030303030303030303030346532342c74696d656f75743d3078303030303030303030303030303030382c66736e616d653d21852c66736d616769633d30783030303030303030303030453024e16c4f59cd526c4871357a8bf6553030312c00f499a65516ffa4581bcc7ca54ef2a052c43232d9"])
ioctl$sock_SIOCBRDELBR(r4, 0x89a2, &(0x7f0000000000)='bridge0\x00')
sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140604000000000e000a000f0000000280000012", 0x2d}], 0x1}, 0x0)

15m0.218158558s ago: executing program 4 (id=42):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
r0 = socket$kcm(0x2b, 0x1, 0x0)
sendmsg$inet(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x2, 0x4001, @empty}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x200048cc)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0)
sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r5 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002d00)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131"], 0x20}}, 0x800)
recvmmsg(r6, &(0x7f0000000780)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000001180)=""/4096, 0x1000}, {&(0x7f0000000440)=""/128, 0x80}], 0x2, &(0x7f00000004c0)=""/193, 0xc1}, 0x7f}, {{&(0x7f00000005c0)=@in, 0x80, &(0x7f0000000700)=[{&(0x7f0000000640)=""/35, 0x23}, {0x0}], 0x2, &(0x7f0000000740)=""/23, 0x17}, 0x3}], 0x2, 0x40012100, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000100)={0x0, r5}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x1, 0x17, &(0x7f00000007c0)=@ringbuf={{}, {{}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x7, 0x1, 0xb, 0x9, 0x0, 0x20}}, {{0x6, 0x0, 0x6}, {0x6, 0x0, 0x0, 0xb}}, [@printk={@p, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0xa, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x5}, {0x56}}], {{0x4, 0x1, 0x2, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000780)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={<r8=>0xffffffffffffffff}, 0x13f, 0x5}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r7, &(0x7f00000000c0)={0xe, 0x18, 0xfa00, @id_tos={&(0x7f0000000400), r8, 0x0, 0x3, 0x1}}, 0x20)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_SET_COALESCE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000000)={0x30, r2, 0x1, 0x70bd2b, 0x0, {{0x2}, {@val={0x8, 0x3, r9}, @val={0xc, 0x99, {0x9, 0x44}}}}, [@NL80211_ATTR_COALESCE_RULE_CONDITION={0x8, 0x2, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x2400c891}, 0x0)
shutdown(r0, 0x1)

14m54.68703492s ago: executing program 2 (id=48):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000200)=@abs={0x0, 0x0, 0x204e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
clock_gettime(0x7, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x4c}]}, &(0x7f0000000080)='syzkaller\x00'}, 0x94)
r3 = socket$kcm(0x10, 0x2, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x42000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/mem_sleep', 0x101a02, 0x0)
copy_file_range(r5, &(0x7f0000000000)=0x8, r5, 0x0, 0x4, 0x0)
linkat(0xffffffffffffffff, &(0x7f0000000480)='./file0/file0\x00', r5, &(0x7f00000005c0)='./file0\x00', 0x1400)
sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(0xffffffffffffffff, 0x0, 0x4800)
syz_clone(0x80e1280, &(0x7f0000000300)="9e920a23254f1e8e10bc2525225d1be304e664460c7294865830d05532a786006f797def105426ddfacafb122b851c3761852017b5a5f6cc3f976f82bb62941cc5e95b41c0060418131f747a52f3e63c96acab52ec1976fb", 0x58, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000540)="dcc2938a0e1c2baf1362a0e787778391ca695d28b423c1557c9efa164efc748d5bec470bcdbea6d330324c85aaae14402bd2fc38b3e535a9ae59d34239c0b2878bfdefaca5a40b374270fe91a450d840834f7960c84e3ac28a17ec794ffd7e2205931ec946a72deb0f7c")
mount$9p_rdma(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0xc0004, &(0x7f0000000840)=ANY=[@ANYBLOB="7472616e733d72646d612d706f72743d3078303030303030303030303030346532342c74696d656f75743d3078303030303030303030303030303030382c66736e616d653d21852c66736d616769633d30783030303030303030303030453024e16c4f59cd526c4871357a8bf6553030312c00f499a65516ffa4581bcc7ca54ef2a052c43232d9"])
ioctl$sock_SIOCBRDELBR(r4, 0x89a2, &(0x7f0000000000)='bridge0\x00')
sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140604000000000e000a000f0000000280000012", 0x2d}], 0x1}, 0x0)

14m52.305432759s ago: executing program 2 (id=50):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000200)=@abs={0x0, 0x0, 0x204e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
clock_gettime(0x7, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x4c}]}, &(0x7f0000000080)='syzkaller\x00'}, 0x94)
r3 = socket$kcm(0x10, 0x2, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x42000, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/mem_sleep', 0x101a02, 0x0)
copy_file_range(r6, &(0x7f0000000000)=0x8, r6, 0x0, 0x4, 0x0)
linkat(0xffffffffffffffff, &(0x7f0000000480)='./file0/file0\x00', r6, &(0x7f00000005c0)='./file0\x00', 0x1400)
sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r5, 0x0, 0x4800)
syz_clone(0x80e1280, &(0x7f0000000300)="9e920a23254f1e8e10bc2525225d1be304e664460c7294865830d05532a786006f797def105426ddfacafb122b851c3761852017b5a5f6cc3f976f82bb62941cc5e95b41c0060418131f747a52f3e63c96acab52ec1976fb", 0x58, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000540)="dcc2938a0e1c2baf1362a0e787778391ca695d28b423c1557c9efa164efc748d5bec470bcdbea6d330324c85aaae14402bd2fc38b3e535a9ae59d34239c0b2878bfdefaca5a40b374270fe91a450d840834f7960c84e3ac28a17ec794ffd7e2205931ec946a72deb0f7c")
mount$9p_rdma(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0xc0004, &(0x7f0000000840)=ANY=[@ANYBLOB="7472616e733d72646d612d706f72743d3078303030303030303030303030346532342c74696d656f75743d3078303030303030303030303030303030382c66736e616d653d21852c66736d616769633d30783030303030303030303030453024e16c4f59cd526c4871357a8bf6553030312c00f499a65516ffa4581bcc7ca54ef2a052c43232d9"])
ioctl$sock_SIOCBRDELBR(r4, 0x89a2, &(0x7f0000000000)='bridge0\x00')
sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140604000000000e000a000f0000000280000012", 0x2d}], 0x1}, 0x0)

14m51.041146189s ago: executing program 2 (id=52):
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
add_key(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
openat$vcs(0xffffffffffffff9c, 0x0, 0x101402, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x8000102)
getsockopt$inet6_mptcp_buf(0xffffffffffffffff, 0x11c, 0x1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet(0x2, 0x3, 0xd)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r2 = syz_init_net_socket$llc(0x1a, 0x801, 0x0)
bind$llc(r2, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x81, 0x42}, 0x10)
listen(r2, 0x2)
sendmsg$NFT_MSG_GETCHAIN(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x2040005}, 0x40000)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @byteorder={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_BYTEORDER_SIZE={0x8, 0x5, 0x1, 0x0, 0xb9}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0)
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000340)='.\x00', 0xa50003d1)

14m44.885417395s ago: executing program 32 (id=42):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
r0 = socket$kcm(0x2b, 0x1, 0x0)
sendmsg$inet(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x2, 0x4001, @empty}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x200048cc)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0)
sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r5 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002d00)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131"], 0x20}}, 0x800)
recvmmsg(r6, &(0x7f0000000780)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000001180)=""/4096, 0x1000}, {&(0x7f0000000440)=""/128, 0x80}], 0x2, &(0x7f00000004c0)=""/193, 0xc1}, 0x7f}, {{&(0x7f00000005c0)=@in, 0x80, &(0x7f0000000700)=[{&(0x7f0000000640)=""/35, 0x23}, {0x0}], 0x2, &(0x7f0000000740)=""/23, 0x17}, 0x3}], 0x2, 0x40012100, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000100)={0x0, r5}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x1, 0x17, &(0x7f00000007c0)=@ringbuf={{}, {{}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x7, 0x1, 0xb, 0x9, 0x0, 0x20}}, {{0x6, 0x0, 0x6}, {0x6, 0x0, 0x0, 0xb}}, [@printk={@p, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0xa, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x5}, {0x56}}], {{0x4, 0x1, 0x2, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000780)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={<r8=>0xffffffffffffffff}, 0x13f, 0x5}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r7, &(0x7f00000000c0)={0xe, 0x18, 0xfa00, @id_tos={&(0x7f0000000400), r8, 0x0, 0x3, 0x1}}, 0x20)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_SET_COALESCE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000000)={0x30, r2, 0x1, 0x70bd2b, 0x0, {{0x2}, {@val={0x8, 0x3, r9}, @val={0xc, 0x99, {0x9, 0x44}}}}, [@NL80211_ATTR_COALESCE_RULE_CONDITION={0x8, 0x2, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x2400c891}, 0x0)
shutdown(r0, 0x1)

14m34.742021738s ago: executing program 33 (id=52):
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
add_key(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
openat$vcs(0xffffffffffffff9c, 0x0, 0x101402, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x8000102)
getsockopt$inet6_mptcp_buf(0xffffffffffffffff, 0x11c, 0x1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet(0x2, 0x3, 0xd)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r2 = syz_init_net_socket$llc(0x1a, 0x801, 0x0)
bind$llc(r2, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x81, 0x42}, 0x10)
listen(r2, 0x2)
sendmsg$NFT_MSG_GETCHAIN(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x2040005}, 0x40000)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @byteorder={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_BYTEORDER_SIZE={0x8, 0x5, 0x1, 0x0, 0xb9}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0)
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000340)='.\x00', 0xa50003d1)

5m20.540543057s ago: executing program 0 (id=816):
r0 = epoll_create1(0x0)
syncfs(r0)
r1 = socket$nl_audit(0x10, 0x3, 0x9)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x3, 0x0, 0x46, 0xfffffff2}, {0xfff8, 0xf6, 0x6, 0x4}]}, 0x10)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$inet_mtu(r2, 0x0, 0xa, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
setsockopt(0xffffffffffffffff, 0xf93, 0x4, &(0x7f0000000100)="ed8e114722e44a0362ba6856403f27cc665c6f43b4", 0x15)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000140), 0x740, 0x0)
r3 = syz_open_dev$hiddev(0x0, 0x5, 0x200000)
ioctl$HIDIOCGCOLLECTIONINFO(r3, 0xc0104811, &(0x7f00000001c0)={0x101, 0x1, 0x6, 0x6})
socket$nl_netfilter(0x10, 0x3, 0xc)
connect$rxrpc(0xffffffffffffffff, &(0x7f0000001300)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x4e23, @private=0xa010102}}, 0x24)
pipe2$9p(&(0x7f0000001340)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x4880)
write$P9_RSETATTR(r4, &(0x7f0000001380)={0x7, 0x1b, 0x1}, 0x7)
ioctl$XFS_IOC_GETBMAPX(r0, 0xc0205838, &(0x7f00000013c0)={0xd, 0x3, 0x6, 0x81, 0x6, 0x2})
remap_file_pages(&(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x1000000, 0x0, 0x2)
bpf$PROG_LOAD(0x5, 0x0, 0xffffffffffffff03)

5m19.731588585s ago: executing program 0 (id=818):
prctl$PR_GET_FPEXC(0xb, &(0x7f00000000c0))
r0 = syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x21081e, &(0x7f00000001c0)={[{@grpquota}, {@nogrpid}, {@quota}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
quotactl$Q_SETQUOTA(0x80001801, &(0x7f00000003c0)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000280)={0x1, 0x400, 0xc, 0x2000000000008, 0x6, 0x7, 0x6, 0x4f64, 0x7f})
r1 = syz_open_dev$evdev(&(0x7f0000000100), 0xfffffffbfffffffd, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000140)={<r2=>r1, 0x4, 0x8000, 0x2})
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={@ifindex, 0x36, 0x0, 0xd, &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8, 0x0, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0], <r3=>0x0}, 0x40)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000400)={@fallback=r0, 0xffffffffffffffff, 0x8, 0x0, r2, @void, @value, @void, @void, r3}, 0x20)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="2400000078000100000000000000000007"], 0x24}}, 0x0)
r4 = socket(0x10, 0x3, 0x0)
sendmmsg(r4, &(0x7f0000000000), 0x400000000000235, 0x0)
ioctl$EVIOCSMASK(r1, 0x40104593, &(0x7f0000000080)={0x1, 0xfffffe07, 0x0})
syz_mount_image$exfat(0x0, &(0x7f0000000d80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2941842, 0x0, 0x2, 0x0, &(0x7f0000000080))

5m18.061572071s ago: executing program 0 (id=821):
syz_open_dev$dri(&(0x7f00000000c0), 0x5d, 0x0)
prlimit64(0x0, 0x4, &(0x7f0000000140)={0xdddc, 0x8b}, 0x0)
socket$rds(0x15, 0x5, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0xc0)
getrlimit(0x6, &(0x7f0000000080))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfffff000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket(0x40000000015, 0x5, 0x0)
sendto$inet6(r3, 0x0, 0x0, 0x4000040, &(0x7f0000000000)={0xa, 0x4e20, 0x8, @ipv4={'\x00', '\xff\xff', @empty}, 0x20000092}, 0x71)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x2)
r4 = fsopen(&(0x7f0000000000)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000040)='source', &(0x7f0000005fc0)='//\xf2/\x06\b/\xdf/o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcf\xcb\x92\xf1\x83\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o', 0x0)
add_key(0x0, &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0x1, 0xfffffffffffffffe)

5m16.667057266s ago: executing program 0 (id=824):
prctl$PR_SET_IO_FLUSHER(0x43, 0xfffffffffffffffd)
r0 = memfd_create(&(0x7f0000000400)='\xa3\x9fn\xb4dR\x04i5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x85\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xf7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\"q\x1b0)\xccm\xacz\xc1\xadd\x9b6a\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xd4\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x4]PZ\x9e\xd5Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e\x10D\x7f!\xca\x0ev\x15h$\x01\xdd\xe5\xce\xf8*\xb3\x01\x85\a\xe4qv&\x9c\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a', 0x0)
execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r1, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r2, &(0x7f0000000280)=[{&(0x7f0000000440)="580000001400192340834b80040d8c560a06ffffff7f000000000000000058000b480400945f64009400050038925a01000000800000008004000000ff0109000000fff5dd0000000800030006010000418e01400004fcff", 0x58}], 0x1)
r3 = gettid()
prctl$PR_SCHED_CORE(0x3e, 0x3, r3, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r2)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$inet_pktinfo(r4, 0x0, 0x8, &(0x7f00000013c0)={<r5=>0x0, @empty, @empty}, &(0x7f0000001400)=0xc)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f00000014c0)={'ip6tnl0\x00', &(0x7f0000001440)={'syztnl0\x00', <r6=>0x0, 0x4, 0xb9, 0x49, 0x3, 0x22, @private1={0xfc, 0x1, '\x00', 0x1}, @empty, 0x1, 0x8, 0x4, 0x1}})
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000001500)={'team0\x00', <r7=>0x0})
getsockname$packet(0xffffffffffffffff, &(0x7f0000001540)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000001580)=0x14)
sendmsg$TEAM_CMD_NOOP(r2, &(0x7f0000002080)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20c0b020}, 0xc, &(0x7f0000002040)={&(0x7f0000001ac0)={0x568, 0x0, 0x200, 0x70bd27, 0x25dfdbfb, {}, [{{0x8}, {0xb8, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xef5}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8}, {0x208, 0x2, 0x0, 0x1, [{0x54, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x24, 0x4, [{0xc2a, 0x5, 0xbb, 0x5}, {0x9, 0x7, 0x4c, 0x6}, {0x1, 0xa, 0x6d, 0xfffffffe}, {0x1, 0x0, 0xa9, 0x2}]}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x5e52}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}, {0x3c, 0x1, @name={{0x24}, {0x5}, {0xb, 0x4, 'random\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x400}}}]}}, {{0x8}, {0x168, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0xba}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}]}}, {{0x8, 0x1, r5}, {0xc4, 0x2, 0x0, 0x1, [{0x84, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x54, 0x4, [{0x2, 0x2, 0x3, 0x4fa}, {0xb0d, 0x8, 0xc3, 0x8}, {0x1, 0x6, 0xa9, 0x9}, {0x401, 0x65, 0x7, 0x2}, {0x7, 0x8, 0x3, 0x7}, {0xda13, 0x7f, 0x3, 0x6}, {0x6, 0x0, 0x7, 0x4}, {0x10, 0x8, 0x2, 0x5af3}, {0x54, 0x1, 0x8, 0x5}, {0x8, 0x5, 0x8, 0x6}]}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r6}}}]}}, {{0x8, 0x1, r7}, {0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r8}}}]}}]}, 0x568}, 0x1, 0x0, 0x0, 0x4048014}, 0x20040000)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000200)={0x0, r4}, 0x8)
unshare(0x8040480)
unshare(0x10000900)
openat$kvm(0xffffffffffffff9c, 0x0, 0x723080, 0x0)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000180)='./file0\x00', 0x3810754, &(0x7f00000001c0), 0x4, 0x4b1, &(0x7f0000000bc0)="$eJzs3MtvVNUfAPDvvX3w/NH+EB8gahWNjQ+gBZWFCzUaXWBiogtc1rYQpFBDayKESDUGl4bEPTGu/BdcuTLGlYlb3RpDQpSY8Ng45s69F2amM4VOpzNAP59kOufMPefe8+25d3ruOdMJYM0ayX4kEZsj4reIGMqz9QVG8qerl89MXrt8ZjKJSuXdv5JquSuXz0yWRct6m4rMaBqRfpEUB6k3d+r0sYmZmemTRX7P/PGP9sydOv380eMTR6aPTJ8YP3Bg/76xl14cf6EjcWZturLj09md2996//zbk4fOf7C+bnttHJ0ykgX+d6WqcdtTnT5Yj/1buRln0t/r1nC7+iIi666B6vU/FH1xs/OG4o3Pe9o4YFVl79l/NL44cCO1UAHuYUm0VS3aqwbcOco/9Nn9b/no4vCj5y69mt8AZXFfLR75lv5Ii1/QwCoefyQiDi1cv5A9omEeotJk3gAAYKV+yMY/zy0e/yUR8UBNuaRYGxqOiP9HxNaIuC8itkXE/UXZByPioWUev3FpaPH4M73YZmi3JRv/vVysbdWP/9KyyHBfkftfNf6B5PDRmem9EbElIkZjYF2WH2u283IXr//6Vavj147/Di3k7SjHgsVOLvavq6lw9tv8uUOD0kufRezobxZ/Ul0JSKJSyfp+e0TsWN6ut5SJo898tzN7fvPxxYXq479+YXH8S+jAOlPlm4in8/5fiIb4S8nS65N71sfM9N6sP6pnxWI//3LunVZNX1H8HZD1/8b687/ctDF/GvonqV2vnVv+Mc79/mXLe8r+W8bfcP5HxNTE/MRg8l51zXqweO2Tifn5k2MRg8nBar7u9fGbdct8WT6Lf3RX8+t/a1Eni//hiMhO4kci4tGIeKzou+yUfiIidi0R/0+vPflhq213Qv9PNX3/u3H+D9f3//ITfcd+/L7V8ZeMv/oOkvX//mp2tKiT9X+eWt8yrtbNKeu0ezYDAADA3SeNiM2RpLtvpNN09+788/LbYmM6Mzs3/+zh2Y9PTOX/IzAcA2k5/zlUMx86liwUe8zz48Vccbl9XzFv/HU5rTA5OzPVw7iB/Dpvdv1n/uxrXmdDV1sIrKrqYtTgUiW2dq0tQHc1rqOnPWoH0H23+zmaFvcDwF2s3c/RGSfA3W/J6/+V7rUD6L5m1//ZhryxP9yb2hv/bzrQ8YYAXef7GmHtWnz9J9fqvx6owcF1q94moDv8/Yc1aSX/178qieq8Y++bIXGrRKSrdoiF5ddK79TzeQWJDW1X76/5bZRfFLTc/fTm/QgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDT/gsAAP//gZXwUg==")
ioctl$XFS_IOC_FSBULKSTAT(0xffffffffffffffff, 0xc0205865, &(0x7f0000000800)={&(0x7f0000000300)=0x4, 0x7, &(0x7f00000004c0)=[{}, {}, {}, {}], &(0x7f00000002c0)})
mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x81c0, 0x0)
ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, &(0x7f0000000000)=0x1)
prlimit64(0x0, 0x9, &(0x7f0000000080)={0xcd75, 0xb}, &(0x7f0000000100))
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000001a80)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000040)="a1"})
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000010000000400000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
ioctl$PPPIOCATTACH(r0, 0x4004743d, &(0x7f00000000c0)=0x4)
bpf$PROG_BIND_MAP(0x23, &(0x7f00000001c0), 0xc)

5m15.576871864s ago: executing program 0 (id=827):
r0 = socket$netlink(0x10, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$COMEDI_CMD(0xffffffffffffffff, 0x80506409, 0x0)
r4 = bpf$ITER_CREATE(0x21, &(0x7f00000000c0), 0x8)
r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000300)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, r4}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000040)=@framed={{0x18, 0x7, 0x0, 0x0, 0x400000}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r5}}, @func={0x85, 0x0, 0x1, 0x0, 0x3}, @initr0, @exit]}, &(0x7f0000000000)='GPL\x00'}, 0x94)
syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff)
r6 = shmget(0x1, 0x3000, 0x200, &(0x7f0000ffa000/0x3000)=nil)
shmctl$IPC_RMID(r6, 0x0)
ioctl$OCFS2_IOC_GROUP_ADD(0xffffffffffffffff, 0x40186f02, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'lo\x00'})
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r7)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r8, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="14fff5001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffcffff03400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

5m12.945079585s ago: executing program 0 (id=833):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x200000, &(0x7f0000000340)={[{@dioread_nolock}, {@norecovery}, {@min_batch_time={'min_batch_time', 0x3d, 0x1}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x200000}}, {@bsdgroups}, {@noblock_validity}, {@errors_remount}, {@acl}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x343}}, {@jqfmt_vfsold}, {@delalloc}, {@init_itable_val={'init_itable', 0x3d, 0xfffffffffffffffa}}], [{@pcr={'pcr', 0x3d, 0x6}}, {@smackfstransmute={'smackfstransmute', 0x3d, '%+'}}, {@uid_lt}, {@appraise_type}, {@rootcontext={'rootcontext', 0x3d, 'system_u'}}]}, 0xfd, 0x57e, &(0x7f0000001240)="$eJzs3U1rG9caAOB3ZClfzr12IIR77+ISyKIpIXJs9yOFQtJlaUMD7T4VtmKC5ShYcojdQJNFs+mmhEIpDZT+gO67DP0D/RWBNhBKMO2iFFxGHjmKJfkrcqVGzwOTnKMZzTlHZ96jMzOSFcDQOpn+k4v4b0R8kUSMtazLR7by5Pp2q09vz6RLEmtrH/6axIVN+0qy/0ezzH8i4sfPIs7k2sutLa/MlyqV8mKWn6gv3JioLa+cvbZQmivPla9PTU+ff3166q033+hZW1+9/PvXHzx89/znp1a/+v7xsftJXIyj2bq0XT0o4k5r5mTpzyxViIubNpzsQWGDJOl3BdiTkSzOC5GOAWMxkkU98PL7NCLWgCGViH8YUs15QPPcvkfnwf8YT95ZPwFqb39+/dpIHGqcGx1ZTZ47M0rPd8d7UH5axg+/PLifLrH1dYjD2+QBduXO3Yg4l8+3j39JNv7t3bnGxeOtbS5j2N5/oJ8epvOf5E5EW/znNuY/0WH+M9ohdvfi2T7WpzPt8Z973INiukrnf293nP9uDF3jI1nuX405XyG5eq1SPhcR/46I01E4mOa3up9zfvXRWrd1rfO/dEnLb84Fs3o8zh98/jmzpXrpRdrc6sndiP91nP8mG/2fdOj/9PW4vMMyTpQf/L/buu3bv7/Wvot4pWP/P7ujlWx9f3KicTxMNI+Kdr/dO/FTt/L73f60/49s3f7xpPV+ba3rrrreOPr20B/lbuv2evwfSD5qpA9kj90q1euLkxEHkvfzo5sfn3r23Ga+uX3a/tOnOsf/Vsd/Olp93PWleN694/e6bjoI/T+7q/7ffeLRe5980638nfX/a43U6eyRnYx/O63gi7x2AAAAAAAAMGhyEXE0klxxI53LFYvrn+84HkdylWqtfuZqden6bDS+KzsehVzzTvdYy+chJrPPwzbzU5vy0xFxLCK+HDncyBdnqpXZfjceAAAAAAAAAAAAAAAAAAAABsRol+//p34e6XftgH3X+GGDg/2uBdAP2/7kfy9+6QkYSNvGP/DS2n38uzIALwvv/zC8xD8ML/EPw2un8V8Y2+eKAH877/8wvMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAA9NTlS5fSZW316e2ZND97c3lpvnrz7Gy5Nl9cWJopzlQXbxTnqtW5Srk4U13Ybn+VavXG5FQs3Zqol2v1idryypWF6tL1+pVrC6W58pVywR8bBgAAAAAAAAAAAAAAAAAAgDa15ZX5UqVSXpTomrgQA1GN/Wzguj09PT8orZDoaaLPAxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtPgrAAD//20CM10=")
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42042, 0x14a)
r0 = openat(0xffffffffffffff9c, &(0x7f00000006c0)='./file1\x00', 0x42, 0x0)
fallocate(r0, 0x0, 0x1, 0x8ffff)
creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)

5m12.603185098s ago: executing program 34 (id=833):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x200000, &(0x7f0000000340)={[{@dioread_nolock}, {@norecovery}, {@min_batch_time={'min_batch_time', 0x3d, 0x1}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x200000}}, {@bsdgroups}, {@noblock_validity}, {@errors_remount}, {@acl}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x343}}, {@jqfmt_vfsold}, {@delalloc}, {@init_itable_val={'init_itable', 0x3d, 0xfffffffffffffffa}}], [{@pcr={'pcr', 0x3d, 0x6}}, {@smackfstransmute={'smackfstransmute', 0x3d, '%+'}}, {@uid_lt}, {@appraise_type}, {@rootcontext={'rootcontext', 0x3d, 'system_u'}}]}, 0xfd, 0x57e, &(0x7f0000001240)="$eJzs3U1rG9caAOB3ZClfzr12IIR77+ISyKIpIXJs9yOFQtJlaUMD7T4VtmKC5ShYcojdQJNFs+mmhEIpDZT+gO67DP0D/RWBNhBKMO2iFFxGHjmKJfkrcqVGzwOTnKMZzTlHZ96jMzOSFcDQOpn+k4v4b0R8kUSMtazLR7by5Pp2q09vz6RLEmtrH/6axIVN+0qy/0ezzH8i4sfPIs7k2sutLa/MlyqV8mKWn6gv3JioLa+cvbZQmivPla9PTU+ff3166q033+hZW1+9/PvXHzx89/znp1a/+v7xsftJXIyj2bq0XT0o4k5r5mTpzyxViIubNpzsQWGDJOl3BdiTkSzOC5GOAWMxkkU98PL7NCLWgCGViH8YUs15QPPcvkfnwf8YT95ZPwFqb39+/dpIHGqcGx1ZTZ47M0rPd8d7UH5axg+/PLifLrH1dYjD2+QBduXO3Yg4l8+3j39JNv7t3bnGxeOtbS5j2N5/oJ8epvOf5E5EW/znNuY/0WH+M9ohdvfi2T7WpzPt8Z973INiukrnf293nP9uDF3jI1nuX405XyG5eq1SPhcR/46I01E4mOa3up9zfvXRWrd1rfO/dEnLb84Fs3o8zh98/jmzpXrpRdrc6sndiP91nP8mG/2fdOj/9PW4vMMyTpQf/L/buu3bv7/Wvot4pWP/P7ujlWx9f3KicTxMNI+Kdr/dO/FTt/L73f60/49s3f7xpPV+ba3rrrreOPr20B/lbuv2evwfSD5qpA9kj90q1euLkxEHkvfzo5sfn3r23Ga+uX3a/tOnOsf/Vsd/Olp93PWleN694/e6bjoI/T+7q/7ffeLRe5980638nfX/a43U6eyRnYx/O63gi7x2AAAAAAAAMGhyEXE0klxxI53LFYvrn+84HkdylWqtfuZqden6bDS+KzsehVzzTvdYy+chJrPPwzbzU5vy0xFxLCK+HDncyBdnqpXZfjceAAAAAAAAAAAAAAAAAAAABsRol+//p34e6XftgH3X+GGDg/2uBdAP2/7kfy9+6QkYSNvGP/DS2n38uzIALwvv/zC8xD8ML/EPw2un8V8Y2+eKAH877/8wvMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAA9NTlS5fSZW316e2ZND97c3lpvnrz7Gy5Nl9cWJopzlQXbxTnqtW5Srk4U13Ybn+VavXG5FQs3Zqol2v1idryypWF6tL1+pVrC6W58pVywR8bBgAAAAAAAAAAAAAAAAAAgDa15ZX5UqVSXpTomrgQA1GN/Wzguj09PT8orZDoaaLPAxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtPgrAAD//20CM10=")
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42042, 0x14a)
r0 = openat(0xffffffffffffff9c, &(0x7f00000006c0)='./file1\x00', 0x42, 0x0)
fallocate(r0, 0x0, 0x1, 0x8ffff)
creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)

9.151161541s ago: executing program 3 (id=1245):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000600)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6469725f726573765f6c6576656c3d30303030303030303030303030303030303030332c726573765f6c6576656c3d30303030303030303030303030303030303030362c636f686572656e63793d66756c6c2c6c6f63616c666c6f636b732c636f686572656e63793d66756c6c2c6e6f61636c2c004c98065b85e5b137d63b2211c62c402045083da9bddc3b0d88d44ecd24ba5288d428197284f332858b83349af2c7646f1e07e91120d7f23ce20389bbc031d81d654f1ca08f61c92d90e6ea478843c1ad942c7c257f9ff5348dd038e947775991ad90f8861dada21d5fa2de7042b5e2cbbcd1ada2b568e375812eb0bc448e68eda4c70cf1d5adf566142ed45924fe72a1eb1a914faf754b9d94bf0fdc1f98c708bd89940b5ef96e328240c39559b35bc83c15c15104f3b3fe1945f0278c34e2399dadcd9776ac659afcbb239569140ab408ad87f15b353941"], 0x1, 0x442a, &(0x7f0000004480)="$eJzs3c9vVNUeAPBzb/seLQ94LY8FLzFxEkk0apqWlVoSSymUFioGhRg3w7QdoDrtkHZqXLCoOxJXJi6MC6KJu65IF27xT3DjEtckunBjQkKsmZk7be/tTDrWTivk80nonXt+z3znnjl3cTlxonJ7bik3t5QrLOTKMzeXTuc+KZeW54sh3icH3T/t6UScxP7gXDl34b3rp0P4Yfanx+vr6+uhqjs0NbTl9e+/3Z3ZemyIM3Wq7TZvba98GEI4sW1cVV0hhA++DyEKIZxN0kaTY28I4Vio512/+/mN3B6N5sGj4pn806l7a8OnJlfvr7V+71EIX5f+//qt+V9e6hr++dU96h4AAAAAAAAAAAAAAAAAgGfc+NUr194dHAoPo9C9Gm1/Xnc8ObZ6PnZ9z7zY1nifJKX/7vsGAAAAAAAAAAAAAAAAAACAf5LN5/9z0fEmz/+PJceRFvXX3+78GOmciXeujJ0fHEr2f4+25b+RJP16tiv0N9n3Pbv/+9lM/eb7v2/vZ7ca42v02xeieCB1HscDAyF8m2z8fjI6HJfKS5XXbpaXF2b3bBjPrHT867v3p6KTbOjfbvxHM+13fv///237NlXPb+zdV+y5lo5/V8ty330WtRX/c5l6+xF/di8d/+5aWu/WAiP1CaAa/y+6d47/WKb9TsX/WAghF1XHmkvNANU1TDW91XqFtHT8/1VLS02dyQfZ6vp/kon/+Uz7BzX/r2R/iGgqHf9/19J6UiU2r//+eOfr/0Km/YOIf3X8K37/25KO/6F6YneqSO2TbHf+H8+036n4X4uTcR6LUt+A1aie3ur/qyMtHf+ebfmb939xW+u/i5n6+3X/1+i3cf/XmP5fier3fzSXjn9vy3LtXv8TmXqdnv9Haus/disd/8O1tPTaua/2t934T2ba71T8a6uSnkb8N+eTPw7V07+x/mtLOv7/qSfGW0us1P7W1n/Rzuv/S5n2D2L9Vx3/StzZXp8X6fgfaVmuGv8f2/j9v5yp1/n4hzBorb9r6fgfbVmudv337Bz/qUy9Tsf/5U42DgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAMGE2OfSGKB1LncTwwEMK55PxkOBxNF2bz06XyzMdLIYwl6blwPLpVKk8XSvm5hfJsMV8olcozIZxP8k+EnmipVK7k5wt3Lmy01RvdLhYWK9PFQiWEMJ6kvxCONtqanqvMF+6EEC5u5P03Li/euV1YyM/OLb41ODg4GCY2xtAfFT+tFBcq9d7ruSFMbtTti7YMrpZ9aWMsR6KPysuLC4VSLf3yljql8kyhtKXOVJL3ZeiPKovLCzOFSjFfKt9q9HeQRpLj2MTV969eHtqWfyOqH0f3d1gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/EUPh9/8KoTQXT+LQwi5KHkRJf9SHjwqnsk/nbq3NnxqcvX+2uNmZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiTHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzSP0oDQRQH4DdjoaXHsFp2O9sVRbRwRfAEegwPo0fxEt7BIkXaFCGQzELYP7BNUn1f82B+zLwH8wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACWe3zr3l/rJiLF1fYy4vfz7/84fy71+276/sUZZuR0nl66+4e6Kf+eRvltOVq1eZ9u1l8fMVF7P4M9Ge7TwbjP0Ny+zc3X972OlKuIaEt+k3KuqmVvAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOzYgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCwAAAAAI87eOom8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4FcAAAD//0OnJ0Q=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c", 0x15)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000001300)=ANY=[], 0x438}, 0x1, 0x0, 0x0, 0x20044811}, 0x20000004)
recvmsg$qrtr(r2, &(0x7f0000000b40)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000640)=""/1, 0x1}, {&(0x7f0000000700)=""/192, 0xc0}, {&(0x7f0000000000)=""/43, 0x2b}], 0x3, 0x0, 0x0, 0x10000}, 0x38, 0x2)
pwrite64(r0, &(0x7f00000005c0)='\"', 0x1, 0x4fed0)
truncate(&(0x7f0000000280)='./file1\x00', 0x1)
r3 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
fstat(r3, &(0x7f0000000300))
clock_gettime(0x0, &(0x7f0000000040)={<r4=>0x0, <r5=>0x0})
epoll_pwait2(r3, &(0x7f0000000000)=[{}, {}], 0x2, &(0x7f00000000c0)={r4, r5+10000000}, &(0x7f0000000100)={[0x7fffffff]}, 0x8)
ftruncate(r3, 0x2007ffc)
sendfile(r3, r3, 0x0, 0x800000009)

7.825413353s ago: executing program 3 (id=1246):
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000280)=ANY=[@ANYRES16=r0, @ANYRES16=r1, @ANYRESDEC=r1, @ANYRES64=r1, @ANYRES64=r1], 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r3 = syz_open_dev$vim2m(&(0x7f0000000680), 0x8, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x800007, 0x11, r3, 0x0)
madvise(&(0x7f0000000000/0x1000)=nil, 0x1000, 0xa)
syz_clone(0x81000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r0)
symlinkat(&(0x7f0000000040)='./file0/file0/file0\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00')
listxattr(&(0x7f0000000000)='./file0/file0/file0/file0\x00', 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000001c0)={'ip6_vti0\x00', &(0x7f0000000100)={'ip6gre0\x00', 0x0, 0x29, 0x2, 0x20, 0x1, 0x24, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @remote, 0x1, 0x7800, 0x6, 0x8}})
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="2c000000200d25a529bd7000fcdbdf250a0000edfe0000010200a50000"], 0x2c}, 0x1, 0x0, 0x0, 0x20008081}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000580)={'batadv_slave_0\x00', <r6=>0x0})
ioctl$sock_inet6_SIOCADDRT(r4, 0x890b, &(0x7f00000002c0)={@ipv4={'\x00', '\xff\xff', @multicast1}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @dev={0xfe, 0x80, '\x00', 0x25}, 0x1, 0x6, 0xe5, 0x100, 0x4, 0x540000, r6})
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_inet6_SIOCADDRT(r7, 0x890b, &(0x7f00000006c0)={@private0, @loopback, @private0, 0xfffffffe, 0xa, 0x0, 0x100, 0x6, 0x180107, r6})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={r2, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000200)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000002c0)=[0x0], 0x0, 0xe7, &(0x7f0000000300)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000340), &(0x7f0000000380), 0x8, 0x27, 0x8, 0x8, &(0x7f00000003c0)}}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r8 = getpid()
sched_setscheduler(r8, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000001d40)=[{{&(0x7f00000005c0)=@l2={0x1f, 0x0, @fixed}, 0x80, &(0x7f0000004040)=[{&(0x7f0000001c80)=""/110, 0x6e}, {&(0x7f00000007c0)=""/13, 0xd}, {&(0x7f0000000880)=""/244, 0xf4}, {&(0x7f0000000980)=""/40, 0x28}, {&(0x7f00000009c0)=""/4096, 0x1000}, {&(0x7f00000019c0)}, {&(0x7f0000001a00)=""/85, 0x55}, {&(0x7f0000001a80)=""/221, 0xdd}, {&(0x7f0000001b80)=""/220, 0xdc}, {&(0x7f0000001e40)=""/4096, 0x1000}, {&(0x7f0000000080)=""/59, 0x3b}, {&(0x7f0000002e80)=""/4096, 0x1000}, {&(0x7f0000003e80)=""/194, 0xc2}, {&(0x7f0000003f80)=""/134, 0x86}], 0xe}, 0xb37a}], 0x52, 0x2, 0x0)

4.584715701s ago: executing program 3 (id=1253):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000600)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6469725f726573765f6c6576656c3d30303030303030303030303030303030303030332c726573765f6c6576656c3d30303030303030303030303030303030303030362c636f686572656e63793d66756c6c2c6c6f63616c666c6f636b732c636f686572656e63793d66756c6c2c6e6f61636c2c004c98065b85e5b137d63b2211c62c402045083da9bddc3b0d88d44ecd24ba5288d428197284f332858b83349af2c7646f1e07e91120d7f23ce20389bbc031d81d654f1ca08f61c92d90e6ea478843c1ad942c7c257f9ff5348dd038e947775991ad90f8861dada21d5fa2de7042b5e2cbbcd1ada2b568e375812eb0bc448e68eda4c70cf1d5adf566142ed45924fe72a1eb1a914faf754b9d94bf0fdc1f98c708bd89940b5ef96e328240c39559b35bc83c15c15104f3b3fe1945f0278c34e2399dadcd9776ac659afcbb239569140ab408ad87f15b353941"], 0x1, 0x442a, &(0x7f0000004480)="$eJzs3c9vVNUeAPBzb/seLQ94LY8FLzFxEkk0apqWlVoSSymUFioGhRg3w7QdoDrtkHZqXLCoOxJXJi6MC6KJu65IF27xT3DjEtckunBjQkKsmZk7be/tTDrWTivk80nonXt+z3znnjl3cTlxonJ7bik3t5QrLOTKMzeXTuc+KZeW54sh3icH3T/t6UScxP7gXDl34b3rp0P4Yfanx+vr6+uhqjs0NbTl9e+/3Z3ZemyIM3Wq7TZvba98GEI4sW1cVV0hhA++DyEKIZxN0kaTY28I4Vio512/+/mN3B6N5sGj4pn806l7a8OnJlfvr7V+71EIX5f+//qt+V9e6hr++dU96h4AAAAAAAAAAAAAAAAAgGfc+NUr194dHAoPo9C9Gm1/Xnc8ObZ6PnZ9z7zY1nifJKX/7vsGAAAAAAAAAAAAAAAAAACAf5LN5/9z0fEmz/+PJceRFvXX3+78GOmciXeujJ0fHEr2f4+25b+RJP16tiv0N9n3Pbv/+9lM/eb7v2/vZ7ca42v02xeieCB1HscDAyF8m2z8fjI6HJfKS5XXbpaXF2b3bBjPrHT867v3p6KTbOjfbvxHM+13fv///237NlXPb+zdV+y5lo5/V8ty330WtRX/c5l6+xF/di8d/+5aWu/WAiP1CaAa/y+6d47/WKb9TsX/WAghF1XHmkvNANU1TDW91XqFtHT8/1VLS02dyQfZ6vp/kon/+Uz7BzX/r2R/iGgqHf9/19J6UiU2r//+eOfr/0Km/YOIf3X8K37/25KO/6F6YneqSO2TbHf+H8+036n4X4uTcR6LUt+A1aie3ur/qyMtHf+ebfmb939xW+u/i5n6+3X/1+i3cf/XmP5fier3fzSXjn9vy3LtXv8TmXqdnv9Haus/disd/8O1tPTaua/2t934T2ba71T8a6uSnkb8N+eTPw7V07+x/mtLOv7/qSfGW0us1P7W1n/Rzuv/S5n2D2L9Vx3/StzZXp8X6fgfaVmuGv8f2/j9v5yp1/n4hzBorb9r6fgfbVmudv337Bz/qUy9Tsf/5U42DgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAMGE2OfSGKB1LncTwwEMK55PxkOBxNF2bz06XyzMdLIYwl6blwPLpVKk8XSvm5hfJsMV8olcozIZxP8k+EnmipVK7k5wt3Lmy01RvdLhYWK9PFQiWEMJ6kvxCONtqanqvMF+6EEC5u5P03Li/euV1YyM/OLb41ODg4GCY2xtAfFT+tFBcq9d7ruSFMbtTti7YMrpZ9aWMsR6KPysuLC4VSLf3yljql8kyhtKXOVJL3ZeiPKovLCzOFSjFfKt9q9HeQRpLj2MTV969eHtqWfyOqH0f3d1gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/EUPh9/8KoTQXT+LQwi5KHkRJf9SHjwqnsk/nbq3NnxqcvX+2uNmZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiTHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzSP0oDQRQH4DdjoaXHsFp2O9sVRbRwRfAEegwPo0fxEt7BIkXaFCGQzELYP7BNUn1f82B+zLwH8wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACWe3zr3l/rJiLF1fYy4vfz7/84fy71+276/sUZZuR0nl66+4e6Kf+eRvltOVq1eZ9u1l8fMVF7P4M9Ge7TwbjP0Ny+zc3X972OlKuIaEt+k3KuqmVvAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOzYgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCwAAAAAI87eOom8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4FcAAAD//0OnJ0Q=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c", 0x15)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000001300)=ANY=[], 0x438}, 0x1, 0x0, 0x0, 0x20044811}, 0x20000004)
recvmsg$qrtr(r2, &(0x7f0000000b40)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000640)=""/1, 0x1}, {&(0x7f0000000700)=""/192, 0xc0}, {&(0x7f0000000000)=""/43, 0x2b}], 0x3, 0x0, 0x0, 0x10000}, 0x38, 0x2)
pwrite64(r0, &(0x7f00000005c0)='\"', 0x1, 0x4fed0)
truncate(&(0x7f0000000280)='./file1\x00', 0x1)
r3 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
fstat(r3, &(0x7f0000000300))
clock_gettime(0x0, &(0x7f0000000040)={<r4=>0x0, <r5=>0x0})
epoll_pwait2(r3, &(0x7f0000000000)=[{}, {}], 0x2, &(0x7f00000000c0)={r4, r5+10000000}, &(0x7f0000000100)={[0x7fffffff]}, 0x8)
ftruncate(r3, 0x2007ffc)
sendfile(r3, r3, 0x0, 0x800000009)

3.948053761s ago: executing program 1 (id=1254):
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
syz_emit_vhci(0x0, 0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000240)={0x0, 0x0, 0x0})
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
r0 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f00000000c0)={0x3, 0x980900})
r1 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r1, 0x4020565a, &(0x7f00000000c0)={0x3, 0x980900, 0x3})
connect$pptp(0xffffffffffffffff, &(0x7f0000000040)={0x18, 0x2, {0x2, @empty}}, 0x1e)
ioctl$VIDIOC_QUERYMENU(r0, 0xc008561c, &(0x7f0000000100)={0x980900, 0xff80, @name="ea8dd03fa72836ba95935cd834c7b2bb431da1f2462e78a208e78fe608a462a8"})
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0)
syz_usb_connect$uac1(0x2, 0x79, &(0x7f00000011c0)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x20, 0x763, 0x2003, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x67, 0x3, 0x1, 0x3, 0x20, 0x9b, "", {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x4, 0xa}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0xe, 0xa, 0x1006}]}, {{0x9, 0x5, 0x1, 0x9, 0x400, 0x44, 0x4, 0xff, {0x7, 0x25, 0x1, 0x0, 0x2c, 0xb}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x620, 0x6, 0xcc, 0x9, {0x7, 0x25, 0x1, 0x0, 0x80, 0x4}}}}}}}}]}}, &(0x7f0000001340)={0x0, 0x0, 0x0, 0x0})

3.671124907s ago: executing program 3 (id=1255):
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x6)
r0 = getpid()
r1 = socket$packet(0x11, 0x3, 0x300)
open$dir(&(0x7f0000000180)='./file1\x00', 0x101000, 0x32)
setsockopt$packet_fanout(r1, 0x107, 0x12, 0x0, 0x0)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x2}, 0x4)
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x5c}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00!'], 0x5c}}, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r4, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r4, 0x84, 0x75, &(0x7f0000000040)={0x0, 0x80000001}, 0x8)
bind$inet6(r4, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r4, &(0x7f00000054c0)=[{{&(0x7f0000000580)={0xa, 0x4e23, 0x1, @loopback}, 0x1c, &(0x7f00000006c0)=[{&(0x7f0000001680)='\t', 0x1}], 0x1}}], 0x1, 0x8020)
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f00000000c0)={0x0, 0x7, 0x9}, 0x8)

3.196799237s ago: executing program 1 (id=1256):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f00000000c0)={0x0, 0x0, 0x10}, 0xc)
socket$packet(0x11, 0x2, 0x300) (async)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000fed000/0x13000)=nil, &(0x7f0000ff5000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000fe9000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) (async)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) (async)
r1 = io_uring_setup(0x1f41, &(0x7f0000000040)={0x0, 0x100aeb9, 0xd000, 0x5, 0x60}) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x800, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {0x10}, {0xe, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x40005}, 0x0) (async)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) (async)
io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) (async)
syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f0000000040)='./file0\x00', 0x10000, &(0x7f0000002380)=ANY=[@ANYBLOB='nodots,showexec,dots,uid=', @ANYRESHEX=0xee00, @ANYBLOB=',check=normal,fmask=00000000000000000000002,sys_immutable,nodots,dots,nodots,nodots,nodots,fmask=00000000000000000177777,dots,quiet,nodots,nodots,check=relaxed,nodots,umask=00000000000000000076645,nodots,nodots,nfs=stale_rw,nodots,smackfsfloor=fmask,defcontext=unconfined_u,permit_directio,permit_directio,fscontext=staff_u,seclabel,euid>', @ANYRESDEC, @ANYRES64], 0xff, 0x1f5, &(0x7f0000000600)="$eJzs3cFqE1EUANCbmCYTcdGdIAgjLnRV1C+oSAUxIFSy0J2gK7NqN6mb9jP8Bf/LD5CuspEncSadmKYxBDKj7Tmb3pn7Xt+7M2SSTW5SFL7f/RpZ1or2fuzHpBW70Y6ZswAArpNJSvEjFZreCwBQjzXe/3/WvCUAYMvevnv/+vlgcHCY51nE+dl4OB4Wf4v8y1eDgyf5b7vVrPPxeHjrIv80X/zsMM3vxO0y/6yYn1+kuxEx7Mbjh0V+mnvxZpD/Ob8XH7dcOwAAAAAAAAAAAAAAAAAAAAAANOV+5DNL+/vs7S3m+2W+OJrrD7TQv6cT9zrlYdUeKJ3WURQAAAAAAAAAAAAAAAAAAAD8Z45Pvnz+MBp9OqqCXkTMn+ksGXN10Cr/8VqDmw/asdn0flnmBou2yku03QL7y2/uOkF0/pW7s2mQ17BWf+XlTWkaLH8VzNpiXDm9GxGrV390uOnmJyml0bcHR8cnkVYOrp4RvVqfSAAAAAAAAAAAAAAAAAAAcHPNfev7kqyJDQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAA6rf/58Gl8+sDE4j4k78dfBsrZ3IGq0VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA6+tXAAAA//85ziI4") (async)
r3 = io_uring_setup(0x2398, &(0x7f0000001600)={0x0, 0x1f1e, 0x400, 0x0, 0x379})
io_uring_register$IORING_UNREGISTER_RING_FDS(r3, 0x15, &(0x7f0000006f00)=[{0x0, 0x0, 0x0, 0x0, 0x0}], 0x1)
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000000)='./file1\x00', 0x4000, &(0x7f0000000140)=ANY=[@ANYBLOB="6e6f6e756d7461696c3d302c636865636b3d7374726963742c756d61736b3d30303030303030303030303030303030303133363033302c756e695f786c6174653d312c756e695f786c6174653d302c666d61736b3d30303030303030303030303030303030303030303034302c757466383d302c6e6f6e756d7461696c3d302c73686f72746e616d653d77696e39352c73686f72746e616d653d6c6f7765722c73686f72746e616d653d77696e6e742c756e695f786c6174653d312c74696d655f6f66667365743d3078303030303030303030303030303166622c666c7573682c756e695f786c6174653d302c73686f72746e616d653d77696e39352c00208893fdd4787adad4209069"], 0x6, 0x2b4, &(0x7f0000000280)="$eJzs3b2LY1UUAPDzZvKlFklhJYIPtLBx2dnWJoNkIZhKSaEWuri7IJMg7MKAHxi3srWx9C8QBDv/CRsLe8FWsHPBhSfva5KsL9nJYGb8+P2auXPvOe+e9+bODCly8t7z85Pbadx98OnP0eslcTCMYTxMYhAHUfs81gy/DADg3+xhlsVvWWl9Jdmal6/29lsaALAnm///b/Dd3ksCAPbszbfefv14Mhm9kaa9uDn/4nSav7LPv5brx3fjg5jFnbge/XgUkZ0pxzezLFu00twgXpovTqd55vzdH6rrH/8aUeQfRT8GxdR6/ngyOkpLK/mLvI6nq/2Hef6N6MezDfuPJ6MbDfkx7cTLL67Ufy368eP78WHM4nZRRJH/yh/jyeizozR9Lfvq90/eycvL85PF6bRbxC1lh5f8owEAAAAAAAAAAAAAAAAAAAAA4D/sWtU7pxtF/558quq/c/go/6YdaW2w3p+nzD/rEvxYf6BFFl/X/Xmup2maVYHL/FY814rW1dw1AAAAAAAAAAAAAAAAAAAA/LPc/+jjk1uz2Z17f8ug7gZQv63/otcZrsy8EA0xgzib6S63PKi23XLlOKxjkoitZeRX3Kn49pN33zB4alPWN9/u+uh6T45pX6DCHQf16Tq5lTQ/w27UM736kHy/GtOJc+7V2bSU7XT8Oo1L/Z3vvfNMMVhsiYlkW2Gv/lI+uWomefwuOsVTbUxvV4Pyd6HpbOx0nv/6tyLRrQMAAAAAAAAAAAAAAAAAAPZq+abfhsUHG5J+Gpcf8h+DPVcHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJdj+fn/OwwWVfI5gjtx7/4V3yIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/A38GAAD//9PXYcU=") (async)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000100)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x7, '\x00', 0x0, 0x0}, 0x50) (async)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="9feb0100180000000000000024000000240000000a000000080000000200000fffffffff0e00800000000000030000000700000003000000fdffffff00000000000000002e"], 0x0, 0x46, 0x0, 0x6}, 0x28) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0xfffffffb}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x5}}, {}, [@snprintf={{0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1200}, {0x3, 0x3, 0x3, 0xa, 0x2, 0xfff0}, {0x6, 0x0, 0xd, 0x9, 0x0, 0x8, 0x8}, {0x3, 0x3, 0x6, 0xa, 0x9, 0xfff0, 0x41}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x8, 0x2, 0x0, r4}, {}, {0x15, 0x0, 0x0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f00000002c0)='GPL\x00', 0x9, 0x0, 0x0, 0x40f00, 0x48, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x5, @loopback}, 0x1c) (async)
sendto$inet6(r0, &(0x7f0000000180)="1a", 0x1, 0x10, &(0x7f0000000480)={0xa, 0x4e23, 0x4, @loopback}, 0x1c) (async)
sendmmsg$sock(r0, &(0x7f0000001680)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="11", 0xfffd}], 0x1}}], 0x1, 0x8015) (async)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x9, 0x40032, 0xffffffffffffffff, 0x397c2000) (async)
ppoll(0x0, 0x0, &(0x7f0000000200), 0x0, 0x0)

3.075776175s ago: executing program 1 (id=1257):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(r0, &(0x7f0000000540)={0xa, 0x4e22, 0x7, @empty, 0x1fc}, 0x1c)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0x5)
shutdown(r1, 0x200000000000000)

1.728649753s ago: executing program 1 (id=1258):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x157)
signalfd(0xffffffffffffffff, 0x0, 0x0)
r1 = fsopen(&(0x7f0000000080)='binfmt_misc\x00', 0x1)
close(0x3)
socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x7a, 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000680)='./file0\x00', &(0x7f0000000380), 0x14c98, &(0x7f0000001480)=ANY=[@ANYBLOB='trans=fd,rfdno', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])

1.723228076s ago: executing program 3 (id=1259):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
setrlimit(0xa, &(0x7f0000000000)={0x3, 0x6})
syz_mount_image$ocfs2(&(0x7f00000026c0), &(0x7f0000004780)='./file0\x00', 0x200000, &(0x7f0000000340)=ANY=[@ANYBLOB="6a6f75726e616c5f6173796e635f636f6d6d69742c636f686572656e63793d66756c6c2c6572726f72733d636f6e74696e75652c6865617274626561743d6e6f6e652c6572726f72733d636f6e74696e75652c6e6f696e74722c67727071756f74612c001796fa694353e3807803df5ea6fd4d6e6a2613d336eb62b863dcd89e37b45f8bd04199a14c48b3e553e035ab300ba3c60c27682a8ab5656969d829535c0862f6e3a35f15fe4d50c0d5c74631344625d6224c436474bb101ff47a14c51e342ca291c09c35d9d31b06b6b86cb9dccae387b5f1e7c5e1d445d52845a3fa4c77234ea9d37c8a277c85e69a85cc6ffeb225bebbca91b569b80ee303c9a21c58db5d96fb87f1713e0e9b896e37becae2e7a978259a0847e9fb08dcb8b9f84f616463da2507db1b3489769e99"], 0x1, 0x4703, &(0x7f0000004800)="$eJzs212IXFcBB/BzZ1ezmybb/UibpOnHJBFctCybPlXrQ1yrNpo2H9pWU2Wd3Ww3q7M76+6MFgxSgyAKghIEFT+oCqUvtSAG+lKLUPADaRVKRdH6IlKogg8GbaArM3Nvdu6d2d7JTtLS9veDdvaee8+5Z/a/99w590wKseqphdXiwmqxtFSszN6/ekvxc5VybXEuFF4lr/X56c6VyEn2r50j7/vAR+65JYQ/HPvah9bW1tZC3XDo6EDLz+f/fXq29TVRyNSpt9u5taY/1h556edveaUj8pwIIexo61ddXwjhY78IYUsIYSQuG41fB0MI20IIUQjh0d/868cDvXShxdl7X3ju2JnD+85MPf7YMxfmj254YBTCd8u7b55ffHF/323Pv+MynR4AAF7RB48fufvo5IHwZBSGzvW3f17fGb8mn4/vfNun7nq4f33/Gt3pexVDBQAAgIz1+f9w9HKH9bpkZS1ZEnzigRN3PxWt7zexfX07dNeR298/eSBe/43a9t8aF/3zvX2NNdTsum92/XckU7/z+u/6eR7+6rO/XHrr5vuf9C8573CIChOp7UJhYiKEY1PN7V3R1kK5slp95/2V2tLJzZ/3jSKdf3b1fn1Bv9v8RzPV89b/d3/i8z8b7O/lHYyF7F9tfbvY/qdMB+n8Nx7Lf/KlqKv8xzL18vK/4+nt53+1pZd3kD0jlyKdf/NC3Nd6QLE5ANTz/2Z/fv47Mu3n5f/9qXOPntjE93/q48xwVO/rQGoEeDku3+ArTGSk828GkRo641/kRtf//zL5X5NpPy//Oyv/+N3ferj/bzT+j0/10uabRzr/ZhDF1BHr1/9IIf/6vzbTfl7+vz3152c/2dO9uj3/ev/H3f+7ks4/vhGnB8/Gb7Lb8X9npv28/HeN3ffQwib6/eHBuJ9DURhr+dbpufotbGh9vboxpanvXt7ESd4E0vk3f2upS2eo+dK4/ofzx/9dmfbz8n9oz9ffc7qn7/92Hv8njf9dSec/2Ci7lPxfyuS/O9N+Xv4/PP33v9x3mcf/+vZB+Xclnf/Wtv3rz38KXc3/rsvUz3v+s2/0qUf+2sP8P+lfct7k+U/yHGI8aj7/obN0/ldteFy39/89mXp51/+3/vP80/t7Gf+jAU8AepDOf1uzsMMEsNv8r8+0n5f/F+758sf/tIn5X+MT30CSf8v8f0uz/Kjxvyvp/Lc3C1P/GOrBxv8b9/+oPff/ZvK/IdN+Xv4XDk30f+Uy3//r/R/v8Cibdun8hzY8rp7/77u4/9+YqZeX/xf3/vTFm3v6/B/CpLn+pqXzv3rD4xrX/0B+/jdl6uXl/51v/PqJB3vo/9t7qEs2/+a9PnU5xZ/Nu53/FzPt5+X/o/HzZ/dfgfnfre7/XUnn31w1v5T8s/P/vZn28/L/3pEfrPRfgec/d8gfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgU0bj1+EQFSZS24XCxEQIY/H2rrA1mimdnJ4pV2Y/sxrCjri8GEaj+XJlplSeXliqnJybLpXLldkQron37wgD0Wq5Up1eLC1fe7GtwejUXGmlOjNXqoYQdsbl14ftSVszC9XF0nLj2KTOVVHps7VKtTRRW51bCbsvlm9LyudXKrXl6y62dXWhsrJ8qrQ0fXJh5d2Tk5OTYc/FPo9Ecw9U55aqzd4299brJHWHo5Y309h9Q8v5Pl2prSyVyo3yG1vqlCuzpXJLnZtazlddqS3Nlqpz0+XKfHK+YkvdlvfW2L033jceRlLvL6mbdTB+vf3Q8Y8eP3ygbX8xSue9VFucm9ze+W8CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDeuJ29717dDCH3NrUII4WDyQxT/l3L23heeO3bm8L4zU48/9syF+aOdjgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg/+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVh535equjiOACfGd/7WiCltBFyGRgiojsJC/pFJJXXyJZtWge1SsigKDCMaFkQBEHtooKgVVD5F0QtXLaqNrVoYRBBxehMXu4IN7zQMed5YDgzzL1nvjBw78z5HA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD6cXbHYlfWXtq1eWnr7g+hMz/3fwhhNFne/7y3I/SEEL5+mTkdVmkLPU39v5mcGy9fNfm9t3/84fXRZO31F98trtsdknSo4XhnkqZDQ2vvf6O6M/hsejAJIY1dCFEsjD05UwshdMQuhCh+fpy/mP2+/xe7EKLo/3C3K7v/tdiFEMXW3Z/6avkzHtVzvn5hsPG/v9UjeBuP6KxDb09eeZe6qZX3Mn//T/LN+2A1zJ448v557CKIZnZu6mjsGgAAgL/rXIv8P2xZ3r9/OQk93eXc/1tT/t/b1P/q+f+Ke9tvjM20FUJsK41NZsfD+9rpc+M7NXD19uua8Z6qkv9Xm/y/2uT/1Sb/rzb5f7XJ/8m8kv9X0uObexZfxC6CaOT/AABQPYeOT0zVh0eyl/9NPzrLeX1f3tbzPP3BremBRw3jRvLDf9vhYxMHDg6P5Pe9PCC4sv5DunT2ez7fo7ktTDbNu2i1/kPv04X5a53lT9T/cP5GUV9xXes/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC/2J17GgbBKAyj321F1EarogkLPwk+0MCIAKQwowEdTBiAgRBQwEDOWe5NnuUFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnu9f5XXx/aUx0muNSFPZZdf+OZ5mP3PfDsv77HHjVgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjYgQMZAAAAAGH+1nm0HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgKcCAAD//wTsyzo=")
creat(&(0x7f00000009c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x44)

1.485314852s ago: executing program 1 (id=1260):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$PIO_SCRNMAP(r0, 0x4b41, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r1=>0x0)
timer_settime(r1, 0x1, &(0x7f0000000040)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
timer_settime(r1, 0x0, &(0x7f0000000000)={{0x0, 0x3938700}, {0x0, 0x989680}}, &(0x7f0000000040))

1.296036935s ago: executing program 1 (id=1261):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000200)=@abs={0x0, 0x0, 0x204e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
clock_gettime(0x7, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x4c}]}, &(0x7f0000000080)='syzkaller\x00'}, 0x94)
r3 = socket$kcm(0x10, 0x2, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x42000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/mem_sleep', 0x101a02, 0x0)
copy_file_range(r6, &(0x7f0000000000)=0x8, r6, 0x0, 0x4, 0x0)
linkat(0xffffffffffffffff, &(0x7f0000000480)='./file0/file0\x00', r6, &(0x7f00000005c0)='./file0\x00', 0x1400)
sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r5, 0x0, 0x4800)
syz_clone(0x80e1280, &(0x7f0000000300)="9e920a23254f1e8e10bc2525225d1be304e664460c7294865830d05532a786006f797def105426ddfacafb122b851c3761852017b5a5f6cc3f976f82bb62941cc5e95b41c0060418131f747a52f3e63c96acab52ec1976fb", 0x58, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000540)="dcc2938a0e1c2baf1362a0e787778391ca695d28b423c1557c9efa164efc748d5bec470bcdbea6d330324c85aaae14402bd2fc38b3e535a9ae59d34239c0b2878bfdefaca5a40b374270fe91a450d840834f7960c84e3ac28a17ec794ffd7e2205931ec946a72deb0f7c")
mount$9p_rdma(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0xc0004, &(0x7f0000000840)=ANY=[@ANYBLOB='trans=rdma-port=0x0000000000004e24,timeout=0x0000000000000008,fsname'])
ioctl$sock_SIOCBRDELBR(r4, 0x89a2, &(0x7f0000000000)='bridge0\x00')
sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140604000000000e000a000f0000000280000012", 0x2d}], 0x1}, 0x0)

0s ago: executing program 3 (id=1262):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
getsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000000080), 0x2)
r1 = socket$kcm(0xa, 0x1, 0x106)
sendmsg$kcm(r1, 0x0, 0x20000011)
openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0xc0, 0x49, 0x7fff0000}]})
ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r2, 0x40082104, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
quotactl$Q_QUOTAON(0xffffffff80000201, &(0x7f0000000140)=@loop={'/dev/loop', 0x0}, 0x0, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCDARP(r5, 0x8953, &(0x7f0000000100)={{0x2, 0x4ea4, @remote}, {0x6}, 0x0, {0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x10}}, 'hsr0\x00'})
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r7, 0x3b82, &(0x7f0000000000)={0x18, 0x0, 0x1, 0x0, &(0x7f0000000100)=[{0x7ff, 0x1081}]})
ioctl$IOMMU_IOAS_MAP(r7, 0x3b85, &(0x7f0000000040)={0x28, 0x0, 0x0, 0x0, &(0x7f0000000200)="549e7dcf72eccac5c08e98", 0xb, 0x6})
ioctl$IOMMU_OPTION$IOMMU_OPTION_HUGE_PAGES(0xffffffffffffffff, 0x3b87, &(0x7f0000000180)={0x18, 0x1, 0x1, 0x0, 0x0, 0x4})
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000002380)=ANY=[@ANYBLOB="acc13727aaeaa7af1b11834df48b4c43116d109751463ed17605e1d8a9ced9383f92dfdb7a62cce8ac7fbc4967be74c880a81c694df4d0ceab0a043856c3c113cd9e80be4a8e40b7b51b8c04ab3ca829568d401f99d1252f82356f8edbb3f4e625d46b2c245d659f6711fdfeffa745ac1f905feb1ca242bfeb3cdf05392695453afbc7e6a8a910ab7b151dba4ed03ad4028979c52c45ffc14841a96f418a07ea2f4b229bb3ea000000000000005d7b31d0f28c24996b5b296bfd874fa75f14e54d008679accf5a93934cdf3e2af3e4ba5c7cc10d00000000000000000000ff64b102632826aaabce7eb09f57f30a2f47d1006f342d10875b305a45fe297c0979f06b9e4127a79b902bc530a913d0dd266646fe210d64627f35706374fdfb686e5aec0eb0fd6988348ce47ba6d21b89c3197bbe914e81ce8708820f569ac96df4a3eec1aa5c4c75cafb7de5596e7952dd03c42590aca557556af7019b13ed30068aeda98c433550f93e5ed649773fb7b1c2a0fd17bde35ea0dff0b93c0cf138b5e6c306fd040fdf072d"], 0x7c}, 0x1, 0x0, 0x0, 0xc001}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="142100001000010000000000000000000000000a3c000000060a0b040000000000000004801800018007000100637400000c00028008000240000000000900020073797a3200000000140000001100010000000000000000000000000a00000000000000a624d1b36c8b6660b424e9027b200cdcf6d2db7bc74fd504e6e695076f57a8e0e61dc591a25d5bbc6ccbeb38f856bc845e6061442c788b5be19377d73364d2a6309f51f889b242c7918e1063"], 0x64}}, 0x10)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r9 = syz_open_procfs(0x0, &(0x7f0000002340)='attr/fscreate\x00')
read$FUSE(r9, &(0x7f0000000300)={0x2020}, 0x2020)
ioctl$SNDRV_TIMER_IOCTL_PAUSE(r9, 0x54a3)
pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x1200, 0x0, 0x3)
bind$inet(r8, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10)
setsockopt$sock_int(r8, 0x1, 0x6, &(0x7f0000000140)=0x8, 0x4)
connect$inet(r8, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)

kernel console output (not intermixed with test programs):

e failed, -22.
[  736.453986][  T157] ntfs3(loop3): ino=3, ntfs3_write_inode failed, -22.
[  736.644348][T10477] loop3: detected capacity change from 0 to 256
[  737.533545][T10485] netlink: 52 bytes leftover after parsing attributes in process `syz.3.873'.
[  737.574627][T10487] binder: 10481:10487 ioctl 4018620d 0 returned -22
[  737.650309][T10488] binder: 10481:10488 ioctl c0306201 200000000040 returned -22
[  737.723415][ T6285] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  737.803227][ T6285] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  737.826380][ T6285] bond0 (unregistering): Released all slaves
[  738.113897][ T6285] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  738.213263][ T6285] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  738.274498][ T6285] bond0 (unregistering): Released all slaves
[  738.456638][T10295] team0: Port device team_slave_0 added
[  738.479665][T10295] team0: Port device team_slave_1 added
[  738.767236][T10295] batman_adv: batadv0: Adding interface: batadv_slave_0
[  738.767253][T10295] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  738.767278][T10295] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  738.787260][T10295] batman_adv: batadv0: Adding interface: batadv_slave_1
[  738.787279][T10295] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  738.787310][T10295] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  739.425881][T10490] loop1: detected capacity change from 0 to 32768
[  739.567790][T10490] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.874 (10490)
[  739.792257][ T5597] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  739.864528][T10295] hsr_slave_0: entered promiscuous mode
[  739.870001][T10295] hsr_slave_1: entered promiscuous mode
[  739.870964][T10490] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  739.870996][T10490] BTRFS info (device loop1): using sha256 checksum algorithm
[  739.871104][T10490] BTRFS error (device loop1): cannot disable free-space-tree
[  739.871332][T10490] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  739.871499][T10490] BTRFS error (device loop1): open_ctree failed: -22
[  739.878940][T10295] debugfs: 'hsr0' already exists in 'hsr'
[  739.878965][T10295] Cannot create hsr debugfs directory
[  739.879939][T10089] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  739.954004][ T5597] usb 4-1: config 1 has an invalid interface number: 9 but max is 1
[  739.954034][ T5597] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  739.954054][ T5597] usb 4-1: config 1 has no interface number 1
[  739.954121][ T5597] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  739.954150][ T5597] usb 4-1: config 1 interface 0 has no altsetting 1
[  739.956658][ T5597] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  739.956687][ T5597] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  739.956707][ T5597] usb 4-1: Product: syz
[  739.956720][ T5597] usb 4-1: Manufacturer: syz
[  739.956734][ T5597] usb 4-1: SerialNumber: syz
[  740.064481][ T5597] cdc_ncm 4-1:1.0: CDC Union missing and no IAD found
[  740.064528][ T5597] cdc_ncm 4-1:1.0: bind() failure
[  740.106029][T10089] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  740.167182][ T5597] cdc_ncm 4-1:1.9: CDC Union missing and no IAD found
[  740.167230][ T5597] cdc_ncm 4-1:1.9: bind() failure
[  740.542148][T10089] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  740.569952][T10089] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  740.594943][ T5750] usb 4-1: USB disconnect, device number 26
[  740.628669][ T5271] 8021q: adding VLAN 0 to HW filter on device eth12
[  741.267440][T10089] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  741.407762][T10089] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  741.452298][    T9] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  742.539266][    T9] usb 2-1: device descriptor read/64, error -71
[  742.796049][    T9] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  742.923293][    T9] usb 2-1: device descriptor read/64, error -71
[  742.934594][T10547] netlink: 52 bytes leftover after parsing attributes in process `syz.3.882'.
[  742.965111][T10089] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  743.038628][    T9] usb usb2-port1: attempt power cycle
[  743.076364][T10089] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  743.178165][T10554] FAULT_INJECTION: forcing a failure.
[  743.178165][T10554] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  743.178198][T10554] CPU: 1 UID: 0 PID: 10554 Comm: syz.3.883 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  743.178218][T10554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  743.178228][T10554] Call Trace:
[  743.178235][T10554]  <TASK>
[  743.178243][T10554]  dump_stack_lvl+0xe8/0x150
[  743.178271][T10554]  should_fail_ex+0x46b/0x600
[  743.178295][T10554]  _copy_from_user+0x2d/0xb0
[  743.178317][T10554]  memdup_user+0x5e/0xd0
[  743.178335][T10554]  strndup_user+0x68/0xd0
[  743.178358][T10554]  __se_sys_mount+0x9d/0x420
[  743.178376][T10554]  ? ksys_write+0x248/0x270
[  743.178399][T10554]  ? __pfx___se_sys_mount+0x10/0x10
[  743.178422][T10554]  ? __x64_sys_mount+0x20/0xc0
[  743.178439][T10554]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  743.178458][T10554]  do_syscall_64+0x15f/0xf80
[  743.178481][T10554]  ? trace_irq_disable+0x3b/0x140
[  743.178502][T10554]  ? clear_bhb_loop+0x40/0x90
[  743.178523][T10554]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  743.178540][T10554] RIP: 0033:0x7f5a02c8cdd9
[  743.178556][T10554] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  743.178570][T10554] RSP: 002b:00007f5a00ede028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  743.178590][T10554] RAX: ffffffffffffffda RBX: 00007f5a02f05fa0 RCX: 00007f5a02c8cdd9
[  743.178602][T10554] RDX: 00002000000001c0 RSI: 0000200000000180 RDI: 0000200000000000
[  743.178614][T10554] RBP: 00007f5a00ede090 R08: 0000000000000000 R09: 0000000000000000
[  743.178624][T10554] R10: 0000000001000000 R11: 0000000000000246 R12: 0000000000000001
[  743.178634][T10554] R13: 00007f5a02f06038 R14: 00007f5a02f05fa0 R15: 00007ffd01dfc438
[  743.178663][T10554]  </TASK>
[  743.424251][    T9] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  743.444476][    T9] usb 2-1: device descriptor read/8, error -71
[  743.692346][    T9] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  743.721383][    T9] usb 2-1: device descriptor read/8, error -71
[  743.745274][ T6285] hsr_slave_0: left promiscuous mode
[  743.783170][ T6285] hsr_slave_1: left promiscuous mode
[  743.784417][ T6285] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  743.784443][ T6285] batman_adv: batadv0: Removing interface: batadv_slave_0
[  743.838864][ T6285] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  743.838893][ T6285] batman_adv: batadv0: Removing interface: batadv_slave_1
[  743.850662][    T9] usb usb2-port1: unable to enumerate USB device
[  743.905401][T10573] 9p: Bad value for 'wfdno'
[  743.918110][T10573] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  744.032224][ T6285] hsr_slave_0: left promiscuous mode
[  744.074006][ T6285] hsr_slave_1: left promiscuous mode
[  744.075244][ T6285] batman_adv: batadv0: Removing interface: batadv_slave_0
[  744.113512][ T6285] batman_adv: batadv0: Removing interface: batadv_slave_1
[  744.479275][T10583] loop1: detected capacity change from 0 to 64
[  744.632884][ T6285] veth1_macvtap: left promiscuous mode
[  744.633002][ T6285] veth0_macvtap: left promiscuous mode
[  744.633328][ T6285] veth1_vlan: left promiscuous mode
[  744.671275][ T6285] veth0_vlan: left promiscuous mode
[  745.052697][T10590] loop3: detected capacity change from 0 to 256
[  745.124383][ T5618] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  745.149676][T10590] exFAT-fs (loop3): failed to load upcase table (idx : 0x0001053e, chksum : 0x9ba9f90d, utbl_chksum : 0xe619d30d)
[  745.155038][T10590] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  745.155050][T10590] IPv6: NLM_F_CREATE should be set when creating new route
[  745.292561][ T5618] usb 2-1: config 127 has an invalid interface number: 7 but max is 0
[  745.292594][ T5618] usb 2-1: config 127 contains an unexpected descriptor of type 0x2, skipping
[  745.292612][ T5618] usb 2-1: config 127 has an invalid descriptor of length 0, skipping remainder of the config
[  745.292631][ T5618] usb 2-1: config 127 has no interface number 0
[  745.292678][ T5618] usb 2-1: config 127 interface 7 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  745.292705][ T5618] usb 2-1: config 127 interface 7 has no altsetting 0
[  745.374575][ T5618] usb 2-1: New USB device found, idVendor=0421, idProduct=04ce, bcdDevice=2e.06
[  745.374603][ T5618] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  745.374620][ T5618] usb 2-1: Product: syz
[  745.374633][ T5618] usb 2-1: Manufacturer: syz
[  745.374646][ T5618] usb 2-1: SerialNumber: syz
[  745.658474][ T6285] team_slave_1 (unregistering): left promiscuous mode
[  745.692740][ T6285] team0 (unregistering): Port device team_slave_1 removed
[  745.702454][ T6285] team_slave_0 (unregistering): left promiscuous mode
[  745.742721][ T6285] team0 (unregistering): Port device team_slave_0 removed
[  745.978461][ T5618] rndis_host 2-1:127.7: skipping garbage
[  745.978476][ T5618] rndis_host 2-1:127.7: skipping garbage
[  745.978484][ T5618] rndis_host 2-1:127.7: skipping garbage
[  745.978492][ T5618] rndis_host 2-1:127.7: rndis: master #0/0000000000000000 slave #1/0000000000000000
[  745.979300][ T5618] cdc_acm 2-1:127.7: skipping garbage
[  745.979311][ T5618] cdc_acm 2-1:127.7: skipping garbage
[  745.979318][ T5618] cdc_acm 2-1:127.7: skipping garbage
[  746.039090][ T5618] usb 2-1: USB disconnect, device number 20
[  746.223309][ T6285] team0 (unregistering): Port device team_slave_1 removed
[  746.263047][ T6285] team0 (unregistering): Port device team_slave_0 removed
[  746.905099][T10196] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  746.939450][T10196] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  747.349274][T10595] CUSE: unknown device info "
"
[  747.349286][T10595] CUSE: unknown device info ""
[  747.349291][T10595] CUSE: unknown device info "ÿw"
[  747.349296][T10595] CUSE: unknown device info ""
[  747.349300][T10595] CUSE: unknown device info ""
[  747.349303][T10595] CUSE: unknown device info ""
[  747.349308][T10595] CUSE: unknown device info ""
[  747.349312][T10595] CUSE: unknown device info ""
[  747.349316][T10595] CUSE: DEVNAME unspecified
[  747.413726][T10196] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  747.440729][T10599] loop3: detected capacity change from 0 to 4096
[  747.474736][T10599] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512).
[  747.475353][T10599] ntfs3(loop3): ino=3, mi_enum_attr
[  747.624749][ T1336] ieee802154 phy0 wpan0: encryption failed: -22
[  747.624816][ T1336] ieee802154 phy1 wpan1: encryption failed: -22
[  747.850474][T10196] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  747.898258][T10599] ntfs3(loop3): Failed to initialize $Extend/$ObjId.
[  747.927575][T10196] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  748.003493][T10608] netlink: 24 bytes leftover after parsing attributes in process `syz.1.895'.
[  748.004144][T10196] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  748.112556][T10196] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  748.114160][T10599] ntfs3: Cannot use different iocharset when remounting!
[  748.253440][T10196] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  748.272999][T10612] FAULT_INJECTION: forcing a failure.
[  748.272999][T10612] name failslab, interval 1, probability 0, space 0, times 0
[  748.273036][T10612] CPU: 0 UID: 0 PID: 10612 Comm: syz.1.896 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  748.273059][T10612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  748.273069][T10612] Call Trace:
[  748.273077][T10612]  <TASK>
[  748.273085][T10612]  dump_stack_lvl+0xe8/0x150
[  748.273113][T10612]  should_fail_ex+0x46b/0x600
[  748.273139][T10612]  should_failslab+0xa8/0x100
[  748.273168][T10612]  __kmalloc_noprof+0xdf/0x7b0
[  748.273193][T10612]  ? bpf_test_init+0x9f/0x150
[  748.273218][T10612]  ? __lock_acquire+0x6b5/0x2d10
[  748.273252][T10612]  bpf_test_init+0x9f/0x150
[  748.273281][T10612]  bpf_prog_test_run_skb+0x392/0x2260
[  748.273329][T10612]  ? __fget_files+0x3a6/0x420
[  748.273349][T10612]  ? __fget_files+0x2a/0x420
[  748.273374][T10612]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  748.273402][T10612]  bpf_prog_test_run+0x2cd/0x340
[  748.273434][T10612]  __sys_bpf+0x643/0x950
[  748.273463][T10612]  ? __pfx___sys_bpf+0x10/0x10
[  748.273485][T10612]  ? rt_mutex_slowunlock+0x1cb/0x300
[  748.273524][T10612]  ? ksys_write+0x248/0x270
[  748.273552][T10612]  ? __pfx_ksys_write+0x10/0x10
[  748.273581][T10612]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  748.273603][T10612]  __x64_sys_bpf+0x7c/0x90
[  748.273628][T10612]  do_syscall_64+0x15f/0xf80
[  748.273658][T10612]  ? clear_bhb_loop+0x40/0x90
[  748.273682][T10612]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  748.273701][T10612] RIP: 0033:0x7f525e07cdd9
[  748.273720][T10612] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  748.273742][T10612] RSP: 002b:00007f525c2d6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  748.273763][T10612] RAX: ffffffffffffffda RBX: 00007f525e2f5fa0 RCX: 00007f525e07cdd9
[  748.273776][T10612] RDX: 0000000000000050 RSI: 00002000000003c0 RDI: 000000000000000a
[  748.273787][T10612] RBP: 00007f525c2d6090 R08: 0000000000000000 R09: 0000000000000000
[  748.273798][T10612] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  748.273808][T10612] R13: 00007f525e2f6038 R14: 00007f525e2f5fa0 R15: 00007ffe68cdb1f8
[  748.273848][T10612]  </TASK>
[  752.556804][ T5271] 8021q: adding VLAN 0 to HW filter on device eth9
[  754.047120][T10650] loop3: detected capacity change from 0 to 32768
[  754.147532][T10650] JBD2: Ignoring recovery information on journal
[  754.218609][T10650] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  754.468165][ T5621] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  754.527980][ T5621] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  754.613856][ T5621] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  754.688399][ T5621] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  754.748312][ T5621] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  755.591778][T10658] loop1: detected capacity change from 0 to 32768
[  755.620135][T10658] debugfs: 'B1DE653C5FFC4D88B33B244AAB9EB3E9' already exists in 'ocfs2'
[  755.673447][T10658] JBD2: Ignoring recovery information on journal
[  755.691484][ T5608] ocfs2: Unmounting device (7,3) on (node local)
[  755.743183][T10658] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  757.012831][T10295] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  757.052322][ T5623] Bluetooth: hci2: command tx timeout
[  757.064703][ T5610] ocfs2: Unmounting device (7,1) on (node local)
[  757.681355][T10295] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  758.080045][T10295] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  758.122208][T10676] netlink: 28 bytes leftover after parsing attributes in process `syz.3.906'.
[  758.247944][T10295] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  758.316630][T10295] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  758.411703][T10295] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  758.457408][T10295] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  758.795979][T10684] loop1: detected capacity change from 0 to 32768
[  758.842315][T10684] JBD2: Ignoring recovery information on journal
[  758.950959][T10684] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  758.977266][T10295] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  759.131830][ T5623] Bluetooth: hci2: command tx timeout
[  759.200008][T10196] 8021q: adding VLAN 0 to HW filter on device bond0
[  759.803857][ T5610] ocfs2: Unmounting device (7,1) on (node local)
[  761.514338][ T5623] Bluetooth: hci2: command tx timeout
[  761.614542][ T5271] 8021q: adding VLAN 0 to HW filter on device eth10
[  762.810942][T10729] loop1: detected capacity change from 0 to 256
[  763.107113][T10729] FAT-fs (loop1): Directory bread(block 64) failed
[  763.107153][T10729] FAT-fs (loop1): Directory bread(block 65) failed
[  763.107283][T10729] FAT-fs (loop1): Directory bread(block 66) failed
[  763.107307][T10729] FAT-fs (loop1): Directory bread(block 67) failed
[  763.107414][T10729] FAT-fs (loop1): Directory bread(block 68) failed
[  763.107436][T10729] FAT-fs (loop1): Directory bread(block 69) failed
[  763.107542][T10729] FAT-fs (loop1): Directory bread(block 70) failed
[  763.107565][T10729] FAT-fs (loop1): Directory bread(block 71) failed
[  763.107748][T10729] FAT-fs (loop1): Directory bread(block 72) failed
[  763.107771][T10729] FAT-fs (loop1): Directory bread(block 73) failed
[  763.398471][ T5621] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  763.480838][ T5621] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  763.490387][ T5621] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  763.491884][ T5621] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  763.514418][T10735] loop3: detected capacity change from 0 to 32768
[  763.525653][ T5625] Bluetooth: hci2: command tx timeout
[  763.546259][ T5621] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  765.070646][T10750] loop1: detected capacity change from 0 to 32768
[  765.159159][T10750] JBD2: Ignoring recovery information on journal
[  765.213345][T10750] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  765.338962][T10757] loop3: detected capacity change from 0 to 256
[  765.340113][T10757] exfat: Deprecated parameter 'namecase'
[  765.340218][T10757] exfat: Deprecated parameter 'namecase'
[  765.340251][T10757] exfat: Deprecated parameter 'namecase'
[  765.781715][T10757] exFAT-fs (loop3): failed to load upcase table (idx : 0x0001fe89, chksum : 0xc374f927, utbl_chksum : 0xe619d30d)
[  765.785621][T10757] exFAT-fs (loop3): failed to load alloc-bitmap
[  765.785639][T10757] exFAT-fs (loop3): failed to recognize exfat type
[  765.947285][ T5621] Bluetooth: hci3: command tx timeout
[  765.947813][ T5610] ocfs2: Unmounting device (7,1) on (node local)
[  766.332718][ T5271] 8021q: adding VLAN 0 to HW filter on device eth11
[  766.842972][T10295] 8021q: adding VLAN 0 to HW filter on device bond0
[  767.013092][T10295] 8021q: adding VLAN 0 to HW filter on device team0
[  767.066861][T10771] loop1: detected capacity change from 0 to 32768
[  767.277418][T10771] JBD2: Ignoring recovery information on journal
[  767.322983][T10771] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  768.695527][ T5621] Bluetooth: hci3: command tx timeout
[  769.165177][ T5610] ocfs2: Unmounting device (7,1) on (node local)
[  769.836070][  T147] bridge0: port 1(bridge_slave_0) entered blocking state
[  769.836315][  T147] bridge0: port 1(bridge_slave_0) entered forwarding state
[  769.969629][T10786] loop3: detected capacity change from 0 to 512
[  769.984033][T10786] EXT4-fs: Ignoring removed mblk_io_submit option
[  770.234627][T10786] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -13
[  770.482360][T10786] EXT4-fs error (device loop3): ext4_clear_blocks:876: inode #13: comm syz.3.921: attempt to clear invalid blocks 2 len 1
[  770.482401][T10786] loop3: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117
[  770.504286][    C1] EXT4-fs (loop3): error count since last fsck: 1
[  770.504310][    C1] EXT4-fs (loop3): initial error at time 1777686109: ext4_clear_blocks:876: inode 13
[  770.504335][    C1] EXT4-fs (loop3): last error at time 1777686109: ext4_clear_blocks:876: inode 13
[  770.504941][T10786] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  770.607008][T10786] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz.3.921: invalid indirect mapped block 1819239214 (level 0)
[  770.607059][T10786] loop3: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117
[  770.608619][ T5750] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  770.689199][T10786] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz.3.921: invalid indirect mapped block 1819239214 (level 1)
[  770.689238][T10786] loop3: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117
[  770.710943][ T3395] bridge0: port 2(bridge_slave_1) entered blocking state
[  770.711233][ T3395] bridge0: port 2(bridge_slave_1) entered forwarding state
[  770.722247][ T5621] Bluetooth: hci3: command tx timeout
[  770.736781][T10786] EXT4-fs (loop3): 1 truncate cleaned up
[  770.745757][T10786] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  770.807847][ T5750] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  770.807879][ T5750] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  770.839151][ T5750] usb 2-1: config 0 descriptor??
[  770.861744][ T5750] cp210x 2-1:0.0: cp210x converter detected
[  771.162355][ T6285] bridge_slave_1: left allmulticast mode
[  771.162393][ T6285] bridge_slave_1: left promiscuous mode
[  771.162801][ T6285] bridge0: port 2(bridge_slave_1) entered disabled state
[  771.268172][ T6285] bridge_slave_0: left allmulticast mode
[  771.268211][ T6285] bridge_slave_0: left promiscuous mode
[  771.268750][ T6285] bridge0: port 1(bridge_slave_0) entered disabled state
[  771.288841][ T5750] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32
[  771.424669][ T5623] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  771.594524][ T5623] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  771.619226][ T5623] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  771.645738][ T5623] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  771.646940][ T5623] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  771.886106][ T5750] usb 2-1: cp210x converter now attached to ttyUSB0
[  772.115978][ T5750] usb 2-1: USB disconnect, device number 21
[  772.321989][ T5750] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  772.424382][ T6285] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  772.463049][ T5750] cp210x 2-1:0.0: device disconnected
[  772.522869][ T6285] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  772.583886][ T6285] bond0 (unregistering): Released all slaves
[  772.643124][T10648] bridge0: port 1(bridge_slave_0) entered blocking state
[  772.643449][T10648] bridge0: port 1(bridge_slave_0) entered disabled state
[  772.643832][T10648] bridge_slave_0: entered allmulticast mode
[  772.647613][T10648] bridge_slave_0: entered promiscuous mode
[  772.749024][T10648] bridge0: port 2(bridge_slave_1) entered blocking state
[  772.749360][T10648] bridge0: port 2(bridge_slave_1) entered disabled state
[  772.749689][T10648] bridge_slave_1: entered allmulticast mode
[  772.753410][T10648] bridge_slave_1: entered promiscuous mode
[  772.802162][ T5621] Bluetooth: hci3: command tx timeout
[  773.097888][ T5608] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  773.508903][T10648] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  773.866489][ T5621] Bluetooth: hci5: command tx timeout
[  774.278661][T10814] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  774.278747][T10814] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  774.284824][T10814] vhci_hcd vhci_hcd.0: Device attached
[  774.465139][T10816] vhci_hcd: connection closed
[  774.494273][   T44] vhci_hcd vhci_hcd.1: stop threads
[  774.494306][   T44] vhci_hcd vhci_hcd.1: release socket
[  774.494348][   T44] vhci_hcd vhci_hcd.1: disconnect device
[  774.837992][T10648] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  775.192912][T10821] loop1: detected capacity change from 0 to 32768
[  776.011287][ T5621] Bluetooth: hci5: command tx timeout
[  776.501080][T10821] JBD2: Ignoring recovery information on journal
[  776.525492][T10825] syz.3.927 (10825) used greatest stack depth: 18208 bytes left
[  776.591420][T10821] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  776.932699][ T6285] hsr_slave_0: left promiscuous mode
[  777.016683][ T6285] hsr_slave_1: left promiscuous mode
[  777.017415][ T6285] batman_adv: batadv0: Removing interface: batadv_slave_0
[  777.053805][ T6285] batman_adv: batadv0: Removing interface: batadv_slave_1
[  777.397026][ T5610] ocfs2: Unmounting device (7,1) on (node local)
[  778.087169][ T5621] Bluetooth: hci5: command tx timeout
[  780.162258][ T5621] Bluetooth: hci5: command tx timeout
[  780.429496][ T6285] team0 (unregistering): Port device team_slave_1 removed
[  781.252928][ T6285] team0 (unregistering): Port device team_slave_0 removed
[  782.317046][T10648] team0: Port device team_slave_0 added
[  782.411246][T10648] team0: Port device team_slave_1 added
[  782.938457][T10852] loop1: detected capacity change from 0 to 40427
[  782.959001][T10852] F2FS-fs (loop1): invalid crc value
[  783.192184][T10852] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  783.273083][T10852] F2FS-fs (loop1): Start checkpoint disabled!
[  783.373571][T10852] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0
[  783.380576][T10852] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  783.390727][T10852] F2FS-fs (loop1): Can't enable fs-verity on inode 10: the verity feature is not enabled on this filesystem
[  785.351034][ T1245] kworker/u8:9: attempt to access beyond end of device
[  785.351034][ T1245] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  785.434965][ T1245] CPU: 1 UID: 0 PID: 1245 Comm: kworker/u8:9 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  785.434999][ T1245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  785.435013][ T1245] Workqueue: writeback wb_workfn (flush-7:1)
[  785.435053][ T1245] Call Trace:
[  785.435061][ T1245]  <TASK>
[  785.435071][ T1245]  dump_stack_lvl+0xe8/0x150
[  785.435104][ T1245]  f2fs_stop_checkpoint+0x383/0x540
[  785.435133][ T1245]  f2fs_write_end_io+0x1274/0x1740
[  785.435186][ T1245]  __submit_merged_bio+0x256/0x6a0
[  785.435217][ T1245]  __submit_merged_write_cond+0x3c9/0x4e0
[  785.435251][ T1245]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  785.435301][ T1245]  f2fs_write_data_pages+0x287e/0x34f0
[  785.435370][ T1245]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  785.435458][ T1245]  ? __lock_acquire+0x6b5/0x2d10
[  785.435535][ T1245]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  785.435564][ T1245]  do_writepages+0x32e/0x550
[  785.435591][ T1245]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  785.435616][ T1245]  ? reacquire_held_locks+0x104/0x190
[  785.435637][ T1245]  ? rt_spin_lock+0x1e0/0x400
[  785.435673][ T1245]  __writeback_single_inode+0x133/0x10e0
[  785.435706][ T1245]  ? rt_spin_unlock+0x160/0x200
[  785.435735][ T1245]  writeback_sb_inodes+0x97f/0x1980
[  785.435779][ T1245]  ? lockdep_hardirqs_on+0x7a/0x110
[  785.435828][ T1245]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  785.435896][ T1245]  ? rcu_is_watching+0x15/0xb0
[  785.435930][ T1245]  wb_writeback+0x445/0xb00
[  785.435956][ T1245]  ? queue_io+0x211/0x440
[  785.435984][ T1245]  ? __pfx_wb_writeback+0x10/0x10
[  785.436024][ T1245]  wb_workfn+0x3fd/0xf20
[  785.436050][ T1245]  ? look_up_lock_class+0x57/0x110
[  785.436100][ T1245]  ? __pfx_wb_workfn+0x10/0x10
[  785.436137][ T1245]  ? do_raw_spin_unlock+0xf5/0x210
[  785.436171][ T1245]  ? process_one_work+0x8b7/0x1710
[  785.436199][ T1245]  ? process_one_work+0x8b7/0x1710
[  785.436239][ T1245]  ? process_one_work+0x8b7/0x1710
[  785.436262][ T1245]  process_one_work+0x9a3/0x1710
[  785.436314][ T1245]  ? __pfx_process_one_work+0x10/0x10
[  785.436337][ T1245]  ? do_raw_spin_lock+0x12b/0x2f0
[  785.436383][ T1245]  worker_thread+0xba8/0x11e0
[  785.436422][ T1245]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  785.436455][ T1245]  ? __kthread_parkme+0x7a/0x1f0
[  785.436483][ T1245]  ? __kthread_parkme+0x19c/0x1f0
[  785.436518][ T1245]  kthread+0x388/0x470
[  785.436550][ T1245]  ? __pfx_worker_thread+0x10/0x10
[  785.436574][ T1245]  ? __pfx_kthread+0x10/0x10
[  785.436607][ T1245]  ret_from_fork+0x514/0xb70
[  785.436635][ T1245]  ? __pfx_ret_from_fork+0x10/0x10
[  785.436662][ T1245]  ? __switch_to+0xc79/0x1410
[  785.436688][ T1245]  ? __pfx_kthread+0x10/0x10
[  785.436721][ T1245]  ret_from_fork_asm+0x1a/0x30
[  785.436770][ T1245]  </TASK>
[  785.656201][ T1245] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  787.405867][T10648] batman_adv: batadv0: Adding interface: batadv_slave_0
[  787.405881][T10648] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  787.405897][T10648] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  788.758623][ T5271] 8021q: adding VLAN 0 to HW filter on device eth13
[  788.880960][T10648] batman_adv: batadv0: Adding interface: batadv_slave_1
[  788.880980][T10648] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  788.881009][T10648] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  789.317766][T10648] hsr_slave_0: entered promiscuous mode
[  789.329205][T10648] hsr_slave_1: entered promiscuous mode
[  791.576223][T10905] loop1: detected capacity change from 0 to 4096
[  791.666926][T10905] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  792.331072][ T5610] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  794.420472][T10928] loop1: detected capacity change from 0 to 2048
[  794.488262][T10928] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024)
[  794.524283][T10928] NILFS error (device loop1): nilfs_bmap_lookup_at_level: broken bmap (inode number=6)
[  794.525402][T10928] Remounting filesystem read-only
[  794.527917][T10929] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  794.760748][ T5271] 8021q: adding VLAN 0 to HW filter on device eth14
[  796.541994][T10737] bridge0: port 1(bridge_slave_0) entered blocking state
[  796.542320][T10737] bridge0: port 1(bridge_slave_0) entered disabled state
[  796.542627][T10737] bridge_slave_0: entered allmulticast mode
[  797.186998][T10737] bridge_slave_0: entered promiscuous mode
[  797.375433][T10944] loop3: detected capacity change from 0 to 32768
[  797.376059][T10944] btrfs: Unknown parameter 'fragment'
[  797.828851][T10947] loop3: detected capacity change from 0 to 512
[  797.844124][T10947] 9p: Bad value for 'rfdno'
[  799.009049][T10737] bridge0: port 2(bridge_slave_1) entered blocking state
[  799.009382][T10737] bridge0: port 2(bridge_slave_1) entered disabled state
[  799.009725][T10737] bridge_slave_1: entered allmulticast mode
[  799.040865][T10737] bridge_slave_1: entered promiscuous mode
[  800.286380][ T5618] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  801.482142][ T5618] usb 2-1: Using ep0 maxpacket: 8
[  801.504211][ T5618] usb 2-1: config index 0 descriptor too short (expected 30, got 18)
[  801.539420][ T5618] usb 2-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  801.539452][ T5618] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  801.539473][ T5618] usb 2-1: Product: syz
[  801.539487][ T5618] usb 2-1: Manufacturer: syz
[  801.539501][ T5618] usb 2-1: SerialNumber: syz
[  801.613100][ T5618] usb 2-1: config 0 descriptor??
[  801.628280][ T5618] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  801.628315][ T5618] usb 2-1: setting power ON
[  801.631498][ T5618] dvb-usb: bulk message failed: -22 (2/0)
[  801.672873][T10737] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  801.732490][ T5618] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  801.734783][ T5618] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  801.734822][ T5618] usb 2-1: media controller created
[  801.772822][T10737] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  801.813152][ T5618] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  801.980529][ T5618] usb 2-1: selecting invalid altsetting 6
[  801.980557][ T5618] usb 2-1: digital interface selection failed (-22)
[  801.980573][ T5618] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  802.019714][ T5618] usb 2-1: setting power OFF
[  802.019898][ T5618] dvb-usb: bulk message failed: -22 (2/0)
[  802.019920][ T5618] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  802.019933][ T5618] (NULL device *): no alternate interface
[  802.156037][T10967] loop3: detected capacity change from 0 to 4096
[  802.166269][T10967] ntfs3(loop3): Primary boot: invalid bytes per MFT record 20480 (5).
[  802.205628][T10967] ntfs3(loop3): try to read out of volume at offset 0x1ffe00
[  802.307142][T10967] netlink: 8 bytes leftover after parsing attributes in process `syz.3.951'.
[  802.307168][T10967] netlink: 4 bytes leftover after parsing attributes in process `syz.3.951'.
[  802.307193][T10967] netlink: 'syz.3.951': attribute type 14 has an invalid length.
[  802.307206][T10967] netlink: 'syz.3.951': attribute type 13 has an invalid length.
[  802.358228][ T5618] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  802.418303][ T5618] usb 2-1: USB disconnect, device number 22
[  805.712470][T10737] team0: Port device team_slave_0 added
[  805.830334][T10737] team0: Port device team_slave_1 added
[  805.833992][T10798] bridge0: port 1(bridge_slave_0) entered blocking state
[  805.834277][T10798] bridge0: port 1(bridge_slave_0) entered disabled state
[  805.834556][T10798] bridge_slave_0: entered allmulticast mode
[  805.851613][T10798] bridge_slave_0: entered promiscuous mode
[  806.098098][T10798] bridge0: port 2(bridge_slave_1) entered blocking state
[  806.098334][T10798] bridge0: port 2(bridge_slave_1) entered disabled state
[  806.098509][T10798] bridge_slave_1: entered allmulticast mode
[  806.104252][T10798] bridge_slave_1: entered promiscuous mode
[  806.830126][T10993] loop3: detected capacity change from 0 to 512
[  806.885390][T10993] EXT4-fs: test_dummy_encryption requires encrypt feature
[  807.907217][T10737] batman_adv: batadv0: Adding interface: batadv_slave_0
[  807.907988][T10737] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  807.908020][T10737] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  808.094325][T10996] veth1_macvtap: left promiscuous mode
[  808.094345][T10996] macsec0: entered promiscuous mode
[  808.114341][T10997] veth1_macvtap: entered promiscuous mode
[  808.136733][T10997] macsec0: left promiscuous mode
[  808.159477][T10737] batman_adv: batadv0: Adding interface: batadv_slave_1
[  808.159495][T10737] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  808.159525][T10737] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  809.055996][ T1336] ieee802154 phy0 wpan0: encryption failed: -22
[  809.056109][ T1336] ieee802154 phy1 wpan1: encryption failed: -22
[  809.130659][T10798] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  809.241382][T10798] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  809.499915][T11006] loop3: detected capacity change from 0 to 128
[  809.552399][T11008] tmpfs: Unknown parameter 'usrquotap#'
[  811.252341][T11025] comedi comedi2: dt2814: I/O base address or length out of range
[  811.327280][T11025] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  811.419447][T10798] team0: Port device team_slave_0 added
[  811.565173][T10737] hsr_slave_0: entered promiscuous mode
[  811.567771][T10737] hsr_slave_1: entered promiscuous mode
[  811.570111][T10737] debugfs: 'hsr0' already exists in 'hsr'
[  811.570139][T10737] Cannot create hsr debugfs directory
[  811.587905][T10798] team0: Port device team_slave_1 added
[  811.966342][T10798] batman_adv: batadv0: Adding interface: batadv_slave_0
[  811.966360][T10798] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  811.966384][T10798] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  812.054825][T10798] batman_adv: batadv0: Adding interface: batadv_slave_1
[  812.054843][T10798] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  812.054867][T10798] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  812.468173][T11029] loop1: detected capacity change from 0 to 256
[  812.532784][T11029] FAT-fs (loop1): Directory bread(block 64) failed
[  812.532810][T11029] FAT-fs (loop1): Directory bread(block 65) failed
[  812.532870][T11029] FAT-fs (loop1): Directory bread(block 66) failed
[  812.532883][T11029] FAT-fs (loop1): Directory bread(block 67) failed
[  812.532943][T11029] FAT-fs (loop1): Directory bread(block 68) failed
[  812.532956][T11029] FAT-fs (loop1): Directory bread(block 69) failed
[  812.533013][T11029] FAT-fs (loop1): Directory bread(block 70) failed
[  812.533034][T11029] FAT-fs (loop1): Directory bread(block 71) failed
[  812.533094][T11029] FAT-fs (loop1): Directory bread(block 72) failed
[  812.533107][T11029] FAT-fs (loop1): Directory bread(block 73) failed
[  813.543687][T10798] hsr_slave_0: entered promiscuous mode
[  813.547105][T10798] hsr_slave_1: entered promiscuous mode
[  813.549652][T10798] debugfs: 'hsr0' already exists in 'hsr'
[  813.549678][T10798] Cannot create hsr debugfs directory
[  814.330612][T11039] tmpfs: Unknown parameter 'usrquotap#'
[  814.467867][ T5623] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  814.610665][ T5623] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  814.638464][ T5623] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  814.640424][ T5623] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  814.656645][ T5623] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  814.955569][T11050] netlink: 24 bytes leftover after parsing attributes in process `syz.3.971'.
[  816.815273][ T5621] Bluetooth: hci1: command tx timeout
[  819.028153][ T5621] Bluetooth: hci1: command tx timeout
[  820.595368][T11074] loop1: detected capacity change from 0 to 256
[  820.710619][T11074] FAT-fs (loop1): Directory bread(block 64) failed
[  820.710658][T11074] FAT-fs (loop1): Directory bread(block 65) failed
[  820.710765][T11074] FAT-fs (loop1): Directory bread(block 66) failed
[  820.710789][T11074] FAT-fs (loop1): Directory bread(block 67) failed
[  820.711325][T11074] FAT-fs (loop1): Directory bread(block 68) failed
[  820.711353][T11074] FAT-fs (loop1): Directory bread(block 69) failed
[  820.711466][T11074] FAT-fs (loop1): Directory bread(block 70) failed
[  820.711489][T11074] FAT-fs (loop1): Directory bread(block 71) failed
[  820.711591][T11074] FAT-fs (loop1): Directory bread(block 72) failed
[  820.711615][T11074] FAT-fs (loop1): Directory bread(block 73) failed
[  821.050469][ T5621] Bluetooth: hci1: command tx timeout
[  822.941460][ T5271] 8021q: adding VLAN 0 to HW filter on device eth15
[  823.122517][ T5621] Bluetooth: hci1: command tx timeout
[  827.909455][ T5623] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  828.012166][ T5623] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  828.014883][ T5623] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  828.018216][ T5623] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  828.020988][ T5623] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  829.554482][ T5271] 8021q: adding VLAN 0 to HW filter on device eth16
[  829.998547][T11137] tmpfs: Unknown parameter 'usrquotap#'
[  830.324578][ T5623] Bluetooth: hci2: command tx timeout
[  830.376078][ T3357] bridge_slave_1: left allmulticast mode
[  830.376116][ T3357] bridge_slave_1: left promiscuous mode
[  830.376433][ T3357] bridge0: port 2(bridge_slave_1) entered disabled state
[  830.529726][T11151] loop1: detected capacity change from 0 to 1024
[  830.544131][T11151] ext4: Unknown parameter 'dont_measure'
[  830.649550][ T3357] bridge_slave_0: left allmulticast mode
[  830.649589][ T3357] bridge_slave_0: left promiscuous mode
[  830.649886][ T3357] bridge0: port 1(bridge_slave_0) entered disabled state
[  830.884251][ T3357] bridge_slave_1: left allmulticast mode
[  830.884289][ T3357] bridge_slave_1: left promiscuous mode
[  830.884582][ T3357] bridge0: port 2(bridge_slave_1) entered disabled state
[  830.964427][ T3357] bridge_slave_0: left allmulticast mode
[  830.964466][ T3357] bridge_slave_0: left promiscuous mode
[  830.964782][ T3357] bridge0: port 1(bridge_slave_0) entered disabled state
[  831.885472][ T5621] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  831.963100][ T5621] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  831.965027][ T5621] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  831.981971][ T5621] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  831.985010][ T5621] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  832.403377][ T5621] Bluetooth: hci2: command tx timeout
[  832.594166][ T3357] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  832.653181][ T3357] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  832.715157][ T3357] bond0 (unregistering): Released all slaves
[  833.212936][ T3357] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  833.312893][ T3357] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  833.383062][ T3357] bond0 (unregistering): Released all slaves
[  834.246524][ T5621] Bluetooth: hci6: command tx timeout
[  834.547755][ T5621] Bluetooth: hci2: command tx timeout
[  835.282282][ T3357] hsr_slave_0: left promiscuous mode
[  835.329002][ T3357] hsr_slave_1: left promiscuous mode
[  835.330211][ T3357] batman_adv: batadv0: Removing interface: batadv_slave_0
[  835.389955][ T3357] batman_adv: batadv0: Removing interface: batadv_slave_1
[  835.535832][T11215] loop3: detected capacity change from 0 to 256
[  835.604325][ T3357] hsr_slave_0: left promiscuous mode
[  835.663000][ T3357] hsr_slave_1: left promiscuous mode
[  835.664233][ T3357] batman_adv: batadv0: Removing interface: batadv_slave_0
[  835.709991][ T3357] batman_adv: batadv0: Removing interface: batadv_slave_1
[  835.721915][T11215] FAT-fs (loop3): Directory bread(block 64) failed
[  835.721947][T11215] FAT-fs (loop3): Directory bread(block 65) failed
[  835.722664][T11215] FAT-fs (loop3): Directory bread(block 66) failed
[  835.722690][T11215] FAT-fs (loop3): Directory bread(block 67) failed
[  835.722795][T11215] FAT-fs (loop3): Directory bread(block 68) failed
[  835.722815][T11215] FAT-fs (loop3): Directory bread(block 69) failed
[  835.722907][T11215] FAT-fs (loop3): Directory bread(block 70) failed
[  835.722927][T11215] FAT-fs (loop3): Directory bread(block 71) failed
[  835.723018][T11215] FAT-fs (loop3): Directory bread(block 72) failed
[  835.723038][T11215] FAT-fs (loop3): Directory bread(block 73) failed
[  836.322428][ T5621] Bluetooth: hci6: command tx timeout
[  836.572206][ T5621] Bluetooth: hci2: command tx timeout
[  838.402319][ T5621] Bluetooth: hci6: command tx timeout
[  841.279366][ T5621] Bluetooth: hci6: command tx timeout
[  841.368069][ T3357] team0 (unregistering): Port device team_slave_1 removed
[  841.456582][ T3357] team0 (unregistering): Port device team_slave_0 removed
[  841.611867][T11250] tmpfs: Unknown parameter 'usrquotap#'
[  843.174357][ T3357] team0 (unregistering): Port device team_slave_1 removed
[  843.389499][ T3357] team0 (unregistering): Port device team_slave_0 removed
[  845.033481][T11266] netlink: 40 bytes leftover after parsing attributes in process `syz.3.991'.
[  846.959355][T11278] FAULT_INJECTION: forcing a failure.
[  846.959355][T11278] name failslab, interval 1, probability 0, space 0, times 0
[  846.959388][T11278] CPU: 0 UID: 0 PID: 11278 Comm: syz.1.993 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  846.959411][T11278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  846.959422][T11278] Call Trace:
[  846.959430][T11278]  <TASK>
[  846.959439][T11278]  dump_stack_lvl+0xe8/0x150
[  846.959469][T11278]  should_fail_ex+0x46b/0x600
[  846.959497][T11278]  should_failslab+0xa8/0x100
[  846.959524][T11278]  kmem_cache_alloc_noprof+0x87/0x680
[  846.959548][T11278]  ? security_inode_alloc+0x39/0x310
[  846.959581][T11278]  security_inode_alloc+0x39/0x310
[  846.959610][T11278]  inode_init_always_gfp+0x99a/0xd50
[  846.959637][T11278]  ? __pfx_shmem_alloc_inode+0x10/0x10
[  846.959665][T11278]  alloc_inode+0x82/0x1b0
[  846.959684][T11278]  new_inode+0x22/0x170
[  846.959709][T11278]  shmem_get_inode+0x3da/0xf70
[  846.959745][T11278]  ? __pfx_shmem_get_inode+0x10/0x10
[  846.959773][T11278]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  846.959810][T11278]  __shmem_file_setup+0x20b/0x370
[  846.959831][T11278]  ? rt_spin_lock+0x1e0/0x400
[  846.959853][T11278]  ? __pfx___shmem_file_setup+0x10/0x10
[  846.959877][T11278]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  846.959906][T11278]  memfd_alloc_file+0x99/0x570
[  846.959931][T11278]  ? __pfx_memfd_alloc_file+0x10/0x10
[  846.959972][T11278]  __se_sys_memfd_create+0x329/0x420
[  846.959994][T11278]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  846.960016][T11278]  do_syscall_64+0x15f/0xf80
[  846.960045][T11278]  ? trace_irq_disable+0x3b/0x140
[  846.960071][T11278]  ? clear_bhb_loop+0x40/0x90
[  846.960096][T11278]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  846.960116][T11278] RIP: 0033:0x7f525e07cdd9
[  846.960134][T11278] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  846.960151][T11278] RSP: 002b:00007f525c2d5e08 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  846.960173][T11278] RAX: ffffffffffffffda RBX: 0000000000004458 RCX: 00007f525e07cdd9
[  846.960188][T11278] RDX: 00007f525c2d5ee0 RSI: 0000000000000000 RDI: 00007f525e112f49
[  846.960200][T11278] RBP: 0000200000006840 R08: 00000000ffffffff R09: 0000000000000000
[  846.960213][T11278] R10: 0000000000000001 R11: 0000000000000202 R12: 0000200000000040
[  846.960225][T11278] R13: 00007f525c2d5ee0 R14: 00007f525c2d5ea0 R15: 0000200000000600
[  846.960257][T11278]  </TASK>
[  848.450514][T11286] tmpfs: Unknown parameter 'usrquotap#'
[  849.051785][T11040] bridge0: port 1(bridge_slave_0) entered blocking state
[  849.052491][T11040] bridge0: port 1(bridge_slave_0) entered disabled state
[  849.052774][T11040] bridge_slave_0: entered allmulticast mode
[  849.056695][T11040] bridge_slave_0: entered promiscuous mode
[  849.157237][T11040] bridge0: port 2(bridge_slave_1) entered blocking state
[  849.157476][T11040] bridge0: port 2(bridge_slave_1) entered disabled state
[  849.157693][T11040] bridge_slave_1: entered allmulticast mode
[  849.160119][T11040] bridge_slave_1: entered promiscuous mode
[  849.403951][T11040] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  849.537433][T11040] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  849.909525][T11305] FAULT_INJECTION: forcing a failure.
[  849.909525][T11305] name failslab, interval 1, probability 0, space 0, times 0
[  849.909566][T11305] CPU: 1 UID: 0 PID: 11305 Comm: syz.1.1000 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  849.909590][T11305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  849.909601][T11305] Call Trace:
[  849.909609][T11305]  <TASK>
[  849.909618][T11305]  dump_stack_lvl+0xe8/0x150
[  849.909652][T11305]  should_fail_ex+0x46b/0x600
[  849.909681][T11305]  should_failslab+0xa8/0x100
[  849.909712][T11305]  __kmalloc_noprof+0xdf/0x7b0
[  849.909738][T11305]  ? io_cache_alloc_new+0x40/0x100
[  849.909782][T11305]  io_cache_alloc_new+0x40/0x100
[  849.909810][T11305]  io_msg_alloc_async+0x212/0x380
[  849.909845][T11305]  io_connect_prep+0x1b1/0x300
[  849.909872][T11305]  io_submit_sqes+0xb8d/0x2240
[  849.909935][T11305]  __se_sys_io_uring_enter+0x34a/0x1c40
[  849.909971][T11305]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  849.910005][T11305]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[  849.910034][T11305]  ? fput+0xa0/0xd0
[  849.910055][T11305]  ? ksys_write+0x248/0x270
[  849.910085][T11305]  ? __pfx_ksys_write+0x10/0x10
[  849.910118][T11305]  ? __x64_sys_io_uring_enter+0x21/0xf0
[  849.910147][T11305]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  849.910170][T11305]  do_syscall_64+0x15f/0xf80
[  849.910200][T11305]  ? trace_irq_disable+0x3b/0x140
[  849.910227][T11305]  ? clear_bhb_loop+0x40/0x90
[  849.910254][T11305]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  849.910274][T11305] RIP: 0033:0x7f525e07cdd9
[  849.910295][T11305] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  849.910313][T11305] RSP: 002b:00007f525c2d6028 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  849.910337][T11305] RAX: ffffffffffffffda RBX: 00007f525e2f5fa0 RCX: 00007f525e07cdd9
[  849.910352][T11305] RDX: 0000000000007721 RSI: 0000000000002219 RDI: 0000000000000000
[  849.910366][T11305] RBP: 00007f525c2d6090 R08: 0000000000000000 R09: 0000000000000000
[  849.910378][T11305] R10: 0000000000000016 R11: 0000000000000246 R12: 0000000000000001
[  849.910390][T11305] R13: 00007f525e2f6038 R14: 00007f525e2f5fa0 R15: 00007ffe68cdb1f8
[  849.910425][T11305]  </TASK>
[  850.258002][T11040] team0: Port device team_slave_0 added
[  850.515013][T11300] loop3: detected capacity change from 0 to 32768
[  850.626724][T11300] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  850.727876][T11300] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  850.809481][T11300] XFS (loop3): Starting recovery (logdev: internal)
[  851.078091][T11300] XFS (loop3): Ending recovery (logdev: internal)
[  851.368137][T11040] team0: Port device team_slave_1 added
[  851.505672][ T5608] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  852.430381][T11318] bridge0: port 2(bridge_slave_1) entered disabled state
[  852.430937][T11318] bridge0: port 1(bridge_slave_0) entered disabled state
[  852.520062][T11318] team0: left promiscuous mode
[  852.520079][T11318] team_slave_0: left promiscuous mode
[  852.520191][T11318] team_slave_1: left promiscuous mode
[  852.526293][T11325] netlink: 'syz.3.1002': attribute type 27 has an invalid length.
[  854.245937][T11332] tmpfs: Unknown parameter 'usrquotap#'
[  854.261124][T11318] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  854.287702][T11318] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  854.414242][T11334] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1005'.
[  855.463083][T11318] bond1: left promiscuous mode
[  855.463102][T11318] bridge1: left promiscuous mode
[  855.477095][T11318] bond1: left allmulticast mode
[  855.477114][T11318] bridge1: left allmulticast mode
[  855.502204][T11318] macvlan2: left promiscuous mode
[  855.929504][ T6607] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  856.184288][ T6607] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  856.330124][T11344] loop3: detected capacity change from 0 to 256
[  856.355709][ T6607] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  856.386391][T11040] batman_adv: batadv0: Adding interface: batadv_slave_0
[  856.386408][T11040] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  856.386433][T11040] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  856.462709][ T6607] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  856.465134][T11040] batman_adv: batadv0: Adding interface: batadv_slave_1
[  856.465148][T11040] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  856.465177][T11040] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  857.005443][T11356] loop1: detected capacity change from 0 to 4096
[  857.008154][T11356] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512).
[  857.226946][T11356] ntfs3(loop1): Failed to initialize $Extend/$Reparse.
[  857.424817][T11102] bridge0: port 1(bridge_slave_0) entered blocking state
[  857.425156][T11102] bridge0: port 1(bridge_slave_0) entered disabled state
[  857.426679][T11102] bridge_slave_0: entered allmulticast mode
[  857.446695][T11102] bridge_slave_0: entered promiscuous mode
[  857.896760][T11102] bridge0: port 2(bridge_slave_1) entered blocking state
[  857.897204][T11102] bridge0: port 2(bridge_slave_1) entered disabled state
[  857.899133][T11102] bridge_slave_1: entered allmulticast mode
[  857.910510][T11102] bridge_slave_1: entered promiscuous mode
[  857.927561][T11040] hsr_slave_0: entered promiscuous mode
[  857.929641][T11040] hsr_slave_1: entered promiscuous mode
[  857.931347][T11040] debugfs: 'hsr0' already exists in 'hsr'
[  857.931370][T11040] Cannot create hsr debugfs directory
[  858.139650][T11369] loop3: detected capacity change from 0 to 128
[  859.087939][T11369] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; going on - but anything won't be destroyed because it's read-only
[  859.096353][T11369] hpfs: filesystem error: improperly stopped
[  859.096445][T11369] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  859.096521][T11369] hpfs: Proceeding, but your filesystem could be corrupted if you delete files or directories
[  859.096563][T11369] hpfs: filesystem error: dir band size mismatch: dir_band_start==00000012, dir_band_end==7b318cc3, n_dir_band==00000002
[  859.887519][T11102] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  859.955808][T11102] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  860.124360][T11389] loop3: detected capacity change from 0 to 64
[  860.129687][T11389] hfs: invalid btree extent records
[  860.129894][T11389] hfs: unable to open extent tree
[  860.129902][T11389] hfs: can't find a HFS filesystem on dev loop3
[  860.509572][T11396] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1015'.
[  860.592250][ T5618] usb 4-1: new full-speed USB device number 27 using dummy_hcd
[  860.759056][ T5618] usb 4-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  860.759704][ T5618] usb 4-1: config 4 has 0 interfaces, different from the descriptor's value: 1
[  860.784013][ T5618] usb 4-1: New USB device found, idVendor=1044, idProduct=7001, bcdDevice= 5.20
[  860.784045][ T5618] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  860.784090][ T5618] usb 4-1: Product: syz
[  860.784106][ T5618] usb 4-1: Manufacturer: syz
[  860.784120][ T5618] usb 4-1: SerialNumber: syz
[  860.804893][T11102] team0: Port device team_slave_0 added
[  861.078334][T11102] team0: Port device team_slave_1 added
[  861.078778][T11179] bridge0: port 1(bridge_slave_0) entered blocking state
[  861.079161][T11179] bridge0: port 1(bridge_slave_0) entered disabled state
[  861.079442][T11179] bridge_slave_0: entered allmulticast mode
[  861.085442][T11179] bridge_slave_0: entered promiscuous mode
[  861.665668][T11179] bridge0: port 2(bridge_slave_1) entered blocking state
[  861.666319][T11179] bridge0: port 2(bridge_slave_1) entered disabled state
[  861.666619][T11179] bridge_slave_1: entered allmulticast mode
[  861.670713][T11179] bridge_slave_1: entered promiscuous mode
[  861.999471][T11409] loop3: detected capacity change from 0 to 128
[  862.080497][T11409] affs: No valid root block on device loop3
[  863.715578][T11409] loop3: detected capacity change from 0 to 32768
[  864.097335][T11409] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  864.267591][T11409] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  864.287725][T11409] XFS (loop3): Starting recovery (logdev: internal)
[  864.336586][T11409] XFS (loop3): Ending recovery (logdev: internal)
[  864.617417][T11102] batman_adv: batadv0: Adding interface: batadv_slave_0
[  864.617436][T11102] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  864.617463][T11102] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  864.765624][T11102] batman_adv: batadv0: Adding interface: batadv_slave_1
[  864.765643][T11102] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  864.765672][T11102] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  864.794604][T11179] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  864.889687][T11179] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  865.136375][T11179] team0: Port device team_slave_0 added
[  865.226344][T11179] team0: Port device team_slave_1 added
[  865.256846][T11102] hsr_slave_0: entered promiscuous mode
[  865.260474][T11102] hsr_slave_1: entered promiscuous mode
[  865.274784][T11102] debugfs: 'hsr0' already exists in 'hsr'
[  865.274814][T11102] Cannot create hsr debugfs directory
[  865.340539][ T5748] usb 4-1: USB disconnect, device number 27
[  865.347592][T11421] netlink: 'syz.1.1020': attribute type 11 has an invalid length.
[  865.703179][ T5608] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  865.861235][T11179] batman_adv: batadv0: Adding interface: batadv_slave_0
[  865.861254][T11179] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  865.861280][T11179] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  866.328651][T11179] batman_adv: batadv0: Adding interface: batadv_slave_1
[  866.328670][T11179] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  866.328701][T11179] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  867.169973][ T5597] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  867.185263][T11179] hsr_slave_0: entered promiscuous mode
[  867.195976][T11179] hsr_slave_1: entered promiscuous mode
[  867.209268][T11179] debugfs: 'hsr0' already exists in 'hsr'
[  867.209298][T11179] Cannot create hsr debugfs directory
[  868.704129][ T5597] usb 4-1: config 220 has an invalid interface number: 76 but max is 2
[  868.704161][ T5597] usb 4-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  868.704181][ T5597] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  868.704201][ T5597] usb 4-1: config 220 has no interface number 2
[  868.704295][ T5597] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  868.704324][ T5597] usb 4-1: config 220 interface 0 has no altsetting 0
[  868.704343][ T5597] usb 4-1: config 220 interface 76 has no altsetting 0
[  868.704362][ T5597] usb 4-1: config 220 interface 1 has no altsetting 0
[  868.709387][ T5597] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  868.709418][ T5597] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  868.709439][ T5597] usb 4-1: Product: syz
[  868.709454][ T5597] usb 4-1: Manufacturer: syz
[  868.709469][ T5597] usb 4-1: SerialNumber: syz
[  868.973577][ T5597] uvcvideo 4-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[  868.973615][ T5597] uvcvideo 4-1:220.0: No valid video chain found.
[  868.973753][ T5597] usb 4-1: selecting invalid altsetting 0
[  869.066424][ T5597] usb 4-1: selecting invalid altsetting 0
[  869.066468][ T5597] usbtest 4-1:220.1: probe with driver usbtest failed with error -22
[  869.096803][ T5597] usb 4-1: USB disconnect, device number 28
[  869.492293][ T3357] bridge_slave_1: left allmulticast mode
[  869.492335][ T3357] bridge_slave_1: left promiscuous mode
[  869.492607][ T3357] bridge0: port 2(bridge_slave_1) entered disabled state
[  869.564040][ T3357] bridge_slave_0: left allmulticast mode
[  869.564068][ T3357] bridge_slave_0: left promiscuous mode
[  869.564258][ T3357] bridge0: port 1(bridge_slave_0) entered disabled state
[  869.702249][ T3357] bridge_slave_1: left allmulticast mode
[  869.702277][ T3357] bridge_slave_1: left promiscuous mode
[  869.702460][ T3357] bridge0: port 2(bridge_slave_1) entered disabled state
[  869.763404][ T3357] bridge_slave_0: left allmulticast mode
[  869.763431][ T3357] bridge_slave_0: left promiscuous mode
[  869.763619][ T3357] bridge0: port 1(bridge_slave_0) entered disabled state
[  869.982880][ T3357] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  870.104438][ T3357] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  870.330986][ T3357] bond0 (unregistering): Released all slaves
[  870.573814][ T3357] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  870.684937][ T3357] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  870.694445][ T1336] ieee802154 phy0 wpan0: encryption failed: -22
[  870.696097][ T1336] ieee802154 phy1 wpan1: encryption failed: -22
[  870.817912][ T3357] bond0 (unregistering): Released all slaves
[  874.929300][   T38] audit: type=1326 audit(1777686213.596:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11443 comm="syz.1.1025" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f525e07cdd9 code=0x0
[  875.282818][ T3357] hsr_slave_0: left promiscuous mode
[  875.302162][ T3357] hsr_slave_1: left promiscuous mode
[  875.302961][ T3357] batman_adv: batadv0: Removing interface: batadv_slave_0
[  875.344663][ T3357] batman_adv: batadv0: Removing interface: batadv_slave_1
[  875.502214][ T3357] hsr_slave_0: left promiscuous mode
[  875.522613][ T3357] hsr_slave_1: left promiscuous mode
[  875.523313][ T3357] batman_adv: batadv0: Removing interface: batadv_slave_0
[  875.562836][ T3357] batman_adv: batadv0: Removing interface: batadv_slave_1
[  875.972827][ T3357] team0 (unregistering): Port device team_slave_1 removed
[  876.023085][ T3357] team0 (unregistering): Port device team_slave_0 removed
[  876.931125][ T5623] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  877.015940][ T5623] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  877.019888][ T5623] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  877.021917][ T5623] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  877.048708][ T5623] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  878.717018][T11460] loop3: detected capacity change from 0 to 256
[  878.810076][T11460] FAT-fs (loop3): Directory bread(block 64) failed
[  878.810116][T11460] FAT-fs (loop3): Directory bread(block 65) failed
[  878.810224][T11460] FAT-fs (loop3): Directory bread(block 66) failed
[  878.810248][T11460] FAT-fs (loop3): Directory bread(block 67) failed
[  878.810354][T11460] FAT-fs (loop3): Directory bread(block 68) failed
[  878.810376][T11460] FAT-fs (loop3): Directory bread(block 69) failed
[  878.810481][T11460] FAT-fs (loop3): Directory bread(block 70) failed
[  878.810505][T11460] FAT-fs (loop3): Directory bread(block 71) failed
[  878.810609][T11460] FAT-fs (loop3): Directory bread(block 72) failed
[  878.810631][T11460] FAT-fs (loop3): Directory bread(block 73) failed
[  879.293729][ T5621] Bluetooth: hci3: command tx timeout
[  879.754117][ T3357] team0 (unregistering): Port device team_slave_1 removed
[  879.794329][ T3357] team0 (unregistering): Port device team_slave_0 removed
[  880.232332][T11466] loop3: detected capacity change from 0 to 32768
[  880.277256][T11466] JBD2: Ignoring recovery information on journal
[  880.337965][T11466] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  880.874672][ T5608] ocfs2: Unmounting device (7,3) on (node local)
[  881.366957][ T5621] Bluetooth: hci3: command tx timeout
[  883.459793][ T5621] Bluetooth: hci3: command tx timeout
[  883.487834][T11501] loop3: detected capacity change from 0 to 1024
[  883.514190][T11501] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945)
[  883.514314][T11501] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  883.625855][T11501] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  883.635175][T11501] EXT4-fs (loop3): orphan cleanup on readonly fs
[  883.640042][T11501] EXT4-fs error (device loop3): ext4_read_inode_bitmap:167: comm syz.3.1037: Inode bitmap for bg 0 marked uninitialized
[  883.640072][T11501] loop3: lost filesystem error report for type 5 error -117
[  883.647973][T11501] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  884.477199][ T5608] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  885.522309][ T5621] Bluetooth: hci3: command tx timeout
[  885.870632][T11520] loop3: detected capacity change from 0 to 32768
[  885.959500][T11520] JBD2: Ignoring recovery information on journal
[  886.078052][T11520] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  886.578415][ T3357] bridge_slave_1: left allmulticast mode
[  886.578454][ T3357] bridge_slave_1: left promiscuous mode
[  886.578784][ T3357] bridge0: port 2(bridge_slave_1) entered disabled state
[  886.804939][ T3357] bridge_slave_0: left allmulticast mode
[  886.804977][ T3357] bridge_slave_0: left promiscuous mode
[  886.805303][ T3357] bridge0: port 1(bridge_slave_0) entered disabled state
[  887.092671][ T5608] ocfs2: Unmounting device (7,3) on (node local)
[  887.458321][ T5623] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  887.525524][ T5623] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  887.544938][ T5623] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  887.571629][ T5623] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  887.595693][ T5623] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  888.161773][T11550] loop3: detected capacity change from 0 to 256
[  888.280552][T11550] FAT-fs (loop3): Directory bread(block 64) failed
[  888.280589][T11550] FAT-fs (loop3): Directory bread(block 65) failed
[  888.280708][T11550] FAT-fs (loop3): Directory bread(block 66) failed
[  888.280731][T11550] FAT-fs (loop3): Directory bread(block 67) failed
[  888.280994][T11550] FAT-fs (loop3): Directory bread(block 68) failed
[  888.281017][T11550] FAT-fs (loop3): Directory bread(block 69) failed
[  888.281126][T11550] FAT-fs (loop3): Directory bread(block 70) failed
[  888.281149][T11550] FAT-fs (loop3): Directory bread(block 71) failed
[  888.281257][T11550] FAT-fs (loop3): Directory bread(block 72) failed
[  888.281280][T11550] FAT-fs (loop3): Directory bread(block 73) failed
[  888.385318][ T3357] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  889.082777][ T3357] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  889.145153][ T3357] bond0 (unregistering): Released all slaves
[  890.170782][ T5621] Bluetooth: hci1: command tx timeout
[  891.308258][T11450] bridge0: port 1(bridge_slave_0) entered blocking state
[  891.308730][T11450] bridge0: port 1(bridge_slave_0) entered disabled state
[  891.309087][T11450] bridge_slave_0: entered allmulticast mode
[  891.344132][T11450] bridge_slave_0: entered promiscuous mode
[  891.542288][ T5944] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  891.632520][ T3357] hsr_slave_0: left promiscuous mode
[  891.662195][ T3357] hsr_slave_1: left promiscuous mode
[  891.663395][ T3357] batman_adv: batadv0: Removing interface: batadv_slave_0
[  891.694369][ T5944] usb 4-1: Using ep0 maxpacket: 16
[  891.696786][ T5944] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  891.699845][ T5944] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  891.699872][ T5944] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  891.699892][ T5944] usb 4-1: Product: syz
[  891.699907][ T5944] usb 4-1: Manufacturer: syz
[  891.699921][ T5944] usb 4-1: SerialNumber: syz
[  891.757263][ T3357] batman_adv: batadv0: Removing interface: batadv_slave_1
[  891.769870][ T5944] usb 4-1: config 0 descriptor??
[  891.795859][ T5944] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  891.795897][ T5944] em28xx 4-1:0.0: DVB interface 0 found: bulk
[  892.299156][ T5623] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  892.992649][ T5625] Bluetooth: hci1: command tx timeout
[  893.137388][ T5623] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  893.151170][ T5623] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  893.162914][ T5623] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  893.163898][ T5623] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  893.261418][ T5944] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[  893.663537][ T3357] team0 (unregistering): Port device team_slave_1 removed
[  893.780409][ T3357] team0 (unregistering): Port device team_slave_0 removed
[  893.818198][ T5944] em28xx 4-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  893.818233][ T5944] em28xx 4-1:0.0: board has no eeprom
[  894.199222][ T5618] kernel write not supported for file /amidi2 (pid: 5618 comm: kworker/0:4)
[  894.261255][T11450] bridge0: port 2(bridge_slave_1) entered blocking state
[  894.261896][T11450] bridge0: port 2(bridge_slave_1) entered disabled state
[  894.277327][T11450] bridge_slave_1: entered allmulticast mode
[  894.291225][T11450] bridge_slave_1: entered promiscuous mode
[  895.042486][ T5623] Bluetooth: hci1: command tx timeout
[  895.192541][T11450] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  895.306637][ T5944] em28xx 4-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  895.306669][ T5944] em28xx 4-1:0.0: dvb set to bulk mode.
[  895.309879][ T5748] em28xx 4-1:0.0: Binding DVB extension
[  895.480493][ T5623] Bluetooth: hci2: command tx timeout
[  895.507048][T11594] em28xx 4-1:0.0: reading from i2c device at 0x0 failed (error=-5)
[  896.010320][T11450] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  897.589869][ T5623] Bluetooth: hci1: command tx timeout
[  897.589930][ T5623] Bluetooth: hci2: command tx timeout
[  897.997020][ T5750] usb 4-1: USB disconnect, device number 29
[  898.009154][ T5750] em28xx 4-1:0.0: Disconnecting em28xx
[  898.064388][ T5748] em28xx 4-1:0.0: Registering input extension
[  898.187263][ T5750] em28xx 4-1:0.0: Closing input extension
[  899.197249][T11450] team0: Port device team_slave_0 added
[  899.214946][T11450] team0: Port device team_slave_1 added
[  899.602238][ T5621] Bluetooth: hci2: command tx timeout
[  899.919318][T11450] batman_adv: batadv0: Adding interface: batadv_slave_0
[  899.919337][T11450] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  899.919363][T11450] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  900.061509][T11450] batman_adv: batadv0: Adding interface: batadv_slave_1
[  900.061529][T11450] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  900.061560][T11450] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  900.114510][T11664] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1055'.
[  900.666610][T11664] vlan2: entered promiscuous mode
[  900.666635][T11664] erspan0: entered promiscuous mode
[  900.968868][ T5750] em28xx 4-1:0.0: Freeing device
[  903.314061][ T5621] Bluetooth: hci2: command tx timeout
[  904.175412][T11450] hsr_slave_0: entered promiscuous mode
[  904.190643][T11450] hsr_slave_1: entered promiscuous mode
[  904.416498][  T823] usb 4-1: new full-speed USB device number 30 using dummy_hcd
[  904.582910][  T823] usb 4-1: not running at top speed; connect to a high speed hub
[  904.584181][  T823] usb 4-1: config 6 has an invalid descriptor of length 48, skipping remainder of the config
[  904.586739][  T823] usb 4-1: New USB device found, idVendor=1199, idProduct=9003, bcdDevice=d7.24
[  904.586768][  T823] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  904.586788][  T823] usb 4-1: Product: syz
[  904.586802][  T823] usb 4-1: Manufacturer: syz
[  904.586817][  T823] usb 4-1: SerialNumber: syz
[  904.867845][  T823] qmi_wwan 4-1:6.0: invalid descriptor buffer length
[  904.868162][  T823] qmi_wwan 4-1:6.0: probe with driver qmi_wwan failed with error -22
[  904.966544][  T823] usb 4-1: USB disconnect, device number 30
[  905.508750][T11701] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1064'.
[  908.946171][T11741] 9p: Bad value for 'rfdno'
[  908.982379][T11540] bridge0: port 1(bridge_slave_0) entered blocking state
[  908.982814][T11540] bridge0: port 1(bridge_slave_0) entered disabled state
[  908.983178][T11540] bridge_slave_0: entered allmulticast mode
[  908.999916][T11540] bridge_slave_0: entered promiscuous mode
[  909.156256][T11540] bridge0: port 2(bridge_slave_1) entered blocking state
[  909.156593][T11540] bridge0: port 2(bridge_slave_1) entered disabled state
[  909.156920][T11540] bridge_slave_1: entered allmulticast mode
[  909.162920][T11540] bridge_slave_1: entered promiscuous mode
[  909.509545][T11584] bridge0: port 1(bridge_slave_0) entered blocking state
[  909.509876][T11584] bridge0: port 1(bridge_slave_0) entered disabled state
[  909.510204][T11584] bridge_slave_0: entered allmulticast mode
[  909.535311][T11584] bridge_slave_0: entered promiscuous mode
[  909.556798][T11540] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  909.593362][T11584] bridge0: port 2(bridge_slave_1) entered blocking state
[  909.593905][T11584] bridge0: port 2(bridge_slave_1) entered disabled state
[  909.594240][T11584] bridge_slave_1: entered allmulticast mode
[  909.607642][T11584] bridge_slave_1: entered promiscuous mode
[  909.632458][T11540] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  910.039937][T11584] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  910.054760][T11540] team0: Port device team_slave_0 added
[  910.054852][T11450] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  910.110605][T11450] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  910.130980][T11584] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  910.147640][T11540] team0: Port device team_slave_1 added
[  910.149495][T11450] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  910.184812][T11450] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  910.587254][T11756] loop3: detected capacity change from 0 to 40427
[  910.611317][T11756] F2FS-fs (loop3): invalid crc value
[  910.730270][T11756] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  910.745248][T11756] F2FS-fs (loop3): Start checkpoint disabled!
[  910.767391][T11756] F2FS-fs (loop3): f2fs_disable_checkpoint() finish, err:0
[  910.767939][T11756] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  910.787310][   T38] audit: type=1800 audit(1777686258.456:119): pid=11756 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1075" name="file1" dev="loop3" ino=10 res=0 errno=0
[  911.048169][T11450] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  911.389435][T11761] syz.3.1075: attempt to access beyond end of device
[  911.389435][T11761] loop3: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  911.397456][T11761] syz.3.1075: attempt to access beyond end of device
[  911.397456][T11761] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  911.398833][T11761] syz.3.1075: attempt to access beyond end of device
[  911.398833][T11761] loop3: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  911.399790][T11761] syz.3.1075: attempt to access beyond end of device
[  911.399790][T11761] loop3: rw=2049, sector=45120, nr_sectors = 8 limit=40427
[  911.400288][T11761] syz.3.1075: attempt to access beyond end of device
[  911.400288][T11761] loop3: rw=2049, sector=45128, nr_sectors = 8 limit=40427
[  911.404918][T11761] syz.3.1075: attempt to access beyond end of device
[  911.404918][T11761] loop3: rw=2049, sector=45136, nr_sectors = 16 limit=40427
[  911.405476][T11761] syz.3.1075: attempt to access beyond end of device
[  911.405476][T11761] loop3: rw=2049, sector=45152, nr_sectors = 8 limit=40427
[  911.405995][T11761] syz.3.1075: attempt to access beyond end of device
[  911.405995][T11761] loop3: rw=2049, sector=45160, nr_sectors = 8 limit=40427
[  911.406469][T11761] syz.3.1075: attempt to access beyond end of device
[  911.406469][T11761] loop3: rw=2049, sector=45168, nr_sectors = 8 limit=40427
[  911.407020][T11761] syz.3.1075: attempt to access beyond end of device
[  911.407020][T11761] loop3: rw=2049, sector=45176, nr_sectors = 8 limit=40427
[  911.934058][T11760] Driver unsupported XDP return value 0 on prog  (id 159) dev N/A, expect packet loss!
[  912.045706][T11450] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  912.168995][T11450] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  912.206145][T11450] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  912.210900][T11584] team0: Port device team_slave_0 added
[  912.306045][T11540] batman_adv: batadv0: Adding interface: batadv_slave_0
[  912.306058][T11540] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  912.306075][T11540] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  912.370884][ T6285] CPU: 1 UID: 0 PID: 6285 Comm: kworker/u8:18 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  912.370912][ T6285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  912.370924][ T6285] Workqueue: writeback wb_workfn (flush-7:3)
[  912.370959][ T6285] Call Trace:
[  912.370966][ T6285]  <TASK>
[  912.370975][ T6285]  dump_stack_lvl+0xe8/0x150
[  912.371002][ T6285]  f2fs_stop_checkpoint+0x383/0x540
[  912.371028][ T6285]  f2fs_write_end_io+0x1274/0x1740
[  912.371073][ T6285]  __submit_merged_bio+0x256/0x6a0
[  912.371099][ T6285]  __submit_merged_write_cond+0x3c9/0x4e0
[  912.371129][ T6285]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  912.371174][ T6285]  f2fs_write_data_pages+0x287e/0x34f0
[  912.371236][ T6285]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  912.371318][ T6285]  ? __lock_acquire+0x6b5/0x2d10
[  912.371356][ T6285]  ? clockevents_program_event+0x491/0x630
[  912.371401][ T6285]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  912.371422][ T6285]  do_writepages+0x32e/0x550
[  912.371444][ T6285]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  912.371463][ T6285]  ? reacquire_held_locks+0x104/0x190
[  912.371480][ T6285]  ? rt_spin_lock+0x1e0/0x400
[  912.371510][ T6285]  __writeback_single_inode+0x133/0x10e0
[  912.371532][ T6285]  ? rt_spin_unlock+0x160/0x200
[  912.371555][ T6285]  writeback_sb_inodes+0x97f/0x1980
[  912.371594][ T6285]  ? lockdep_hardirqs_on+0x7a/0x110
[  912.371627][ T6285]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  912.371691][ T6285]  ? rcu_is_watching+0x15/0xb0
[  912.371720][ T6285]  wb_writeback+0x445/0xb00
[  912.371754][ T6285]  ? queue_io+0x211/0x440
[  912.371779][ T6285]  ? __pfx_wb_writeback+0x10/0x10
[  912.371815][ T6285]  wb_workfn+0x3fd/0xf20
[  912.371836][ T6285]  ? look_up_lock_class+0x57/0x110
[  912.371883][ T6285]  ? __pfx_wb_workfn+0x10/0x10
[  912.371914][ T6285]  ? do_raw_spin_lock+0x12b/0x2f0
[  912.371948][ T6285]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  912.371975][ T6285]  ? process_one_work+0x8b7/0x1710
[  912.371999][ T6285]  ? process_one_work+0x8b7/0x1710
[  912.372038][ T6285]  ? process_one_work+0x8b7/0x1710
[  912.372060][ T6285]  process_one_work+0x9a3/0x1710
[  912.372109][ T6285]  ? __pfx_process_one_work+0x10/0x10
[  912.372130][ T6285]  ? do_raw_spin_lock+0x12b/0x2f0
[  912.372179][ T6285]  worker_thread+0xba8/0x11e0
[  912.372219][ T6285]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  912.372252][ T6285]  ? __kthread_parkme+0x7a/0x1f0
[  912.372281][ T6285]  ? __kthread_parkme+0x19c/0x1f0
[  912.372318][ T6285]  kthread+0x388/0x470
[  912.372349][ T6285]  ? __pfx_worker_thread+0x10/0x10
[  912.372373][ T6285]  ? __pfx_kthread+0x10/0x10
[  912.372407][ T6285]  ret_from_fork+0x514/0xb70
[  912.372439][ T6285]  ? __pfx_ret_from_fork+0x10/0x10
[  912.372465][ T6285]  ? __switch_to+0xc79/0x1410
[  912.372493][ T6285]  ? __pfx_kthread+0x10/0x10
[  912.372526][ T6285]  ret_from_fork_asm+0x1a/0x30
[  912.372579][ T6285]  </TASK>
[  912.542206][ T6285] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  912.576698][T11584] team0: Port device team_slave_1 added
[  912.627737][T11540] batman_adv: batadv0: Adding interface: batadv_slave_1
[  912.627754][T11540] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  912.627780][T11540] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  912.878077][T11584] batman_adv: batadv0: Adding interface: batadv_slave_0
[  912.878097][T11584] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  912.878126][T11584] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  912.896877][T11584] batman_adv: batadv0: Adding interface: batadv_slave_1
[  912.896893][T11584] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  912.896918][T11584] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  913.708563][T11540] hsr_slave_0: entered promiscuous mode
[  913.710894][T11540] hsr_slave_1: entered promiscuous mode
[  913.713582][T11540] debugfs: 'hsr0' already exists in 'hsr'
[  913.713610][T11540] Cannot create hsr debugfs directory
[  913.838672][T11584] hsr_slave_0: entered promiscuous mode
[  913.848411][T11584] hsr_slave_1: entered promiscuous mode
[  913.850637][T11584] debugfs: 'hsr0' already exists in 'hsr'
[  913.850656][T11584] Cannot create hsr debugfs directory
[  913.876445][T11779] 9p: Bad value for 'rfdno'
[  914.465345][T11788] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1082'.
[  914.516400][T11788] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1082'.
[  915.858788][T11814] 9pnet_fd: Insufficient options for proto=fd
[  916.115652][ T5271] 8021q: adding VLAN 0 to HW filter on device eth13
[  920.577659][T11840] 9pnet_fd: Insufficient options for proto=fd
[  920.615973][ T3357] bridge_slave_1: left allmulticast mode
[  920.616012][ T3357] bridge_slave_1: left promiscuous mode
[  920.616335][ T3357] bridge0: port 2(bridge_slave_1) entered disabled state
[  920.693314][ T3357] bridge_slave_0: left allmulticast mode
[  920.693340][ T3357] bridge_slave_0: left promiscuous mode
[  920.693562][ T3357] bridge0: port 1(bridge_slave_0) entered disabled state
[  920.852456][T11850] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1098'.
[  920.888968][T11849] loop3: detected capacity change from 0 to 4096
[  920.890242][T11849] nilfs2: Unknown parameter 'ÿÿ4ÆFpÀ…Gæ8*±¾Š³ˆ˵Ùt©çŽ'
[  921.342393][ T3357] bridge_slave_1: left allmulticast mode
[  921.342440][ T3357] bridge_slave_1: left promiscuous mode
[  921.342877][ T3357] bridge0: port 2(bridge_slave_1) entered disabled state
[  921.403169][ T3357] bridge_slave_0: left allmulticast mode
[  921.403196][ T3357] bridge_slave_0: left promiscuous mode
[  921.403381][ T3357] bridge0: port 1(bridge_slave_0) entered disabled state
[  921.542268][ T3357] bridge_slave_1: left allmulticast mode
[  921.542309][ T3357] bridge_slave_1: left promiscuous mode
[  921.542572][ T3357] bridge0: port 2(bridge_slave_1) entered disabled state
[  921.623922][ T3357] bridge_slave_0: left allmulticast mode
[  921.623948][ T3357] bridge_slave_0: left promiscuous mode
[  921.624127][ T3357] bridge0: port 1(bridge_slave_0) entered disabled state
[  921.882734][ T3357] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  921.962794][ T3357] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  922.025771][ T3357] bond0 (unregistering): Released all slaves
[  922.163093][ T3357] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  922.262668][ T3357] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  922.324038][ T3357] bond0 (unregistering): Released all slaves
[  922.452722][ T3357] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  922.534868][ T3357] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  922.593744][ T3357] bond0 (unregistering): Released all slaves
[  923.532241][ T3357] hsr_slave_0: left promiscuous mode
[  923.592187][ T3357] hsr_slave_1: left promiscuous mode
[  923.593463][ T3357] batman_adv: batadv0: Removing interface: batadv_slave_0
[  923.634859][ T3357] batman_adv: batadv0: Removing interface: batadv_slave_1
[  923.857747][ T3357] hsr_slave_0: left promiscuous mode
[  923.873323][ T3357] hsr_slave_1: left promiscuous mode
[  923.875986][ T3357] batman_adv: batadv0: Removing interface: batadv_slave_0
[  923.913278][ T3357] batman_adv: batadv0: Removing interface: batadv_slave_1
[  924.122125][ T3357] hsr_slave_0: left promiscuous mode
[  924.163704][ T3357] hsr_slave_1: left promiscuous mode
[  924.164464][ T3357] batman_adv: batadv0: Removing interface: batadv_slave_0
[  924.182759][ T3357] batman_adv: batadv0: Removing interface: batadv_slave_1
[  924.613452][ T3357] team0 (unregistering): Port device team_slave_1 removed
[  924.692747][ T3357] team0 (unregistering): Port device team_slave_0 removed
[  925.222872][ T3357] team0 (unregistering): Port device team_slave_1 removed
[  925.266278][T11864] 9pnet_fd: Insufficient options for proto=fd
[  925.294110][ T3357] team0 (unregistering): Port device team_slave_0 removed
[  926.019713][ T3357] team0 (unregistering): Port device team_slave_1 removed
[  926.073206][ T3357] team0 (unregistering): Port device team_slave_0 removed
[  926.997026][T11450] 8021q: adding VLAN 0 to HW filter on device bond0
[  927.707555][ T5271] 8021q: adding VLAN 0 to HW filter on device eth14
[  927.721094][T11450] 8021q: adding VLAN 0 to HW filter on device team0
[  927.789770][   T44] bridge0: port 1(bridge_slave_0) entered blocking state
[  927.791471][   T44] bridge0: port 1(bridge_slave_0) entered forwarding state
[  927.848088][ T1357] bridge0: port 2(bridge_slave_1) entered blocking state
[  927.848360][ T1357] bridge0: port 2(bridge_slave_1) entered forwarding state
[  928.214924][T11901] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1110'.
[  932.267624][ T1336] ieee802154 phy0 wpan0: encryption failed: -22
[  932.267741][ T1336] ieee802154 phy1 wpan1: encryption failed: -22
[  934.253346][T11946] 9p: Bad value for 'wfdno'
[  934.532164][T11950] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1119'.
[  935.675505][ T5271] 8021q: adding VLAN 0 to HW filter on device eth15
[  939.895064][ T5623] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  939.969592][ T5623] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  939.972612][ T5623] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  940.060569][ T5623] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  940.069696][ T5623] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  940.464069][T11999] loop3: detected capacity change from 0 to 16
[  940.465264][T11999] erofs: Unknown parameter './file0'
[  940.483330][T11997] loop3: detected capacity change from 0 to 16
[  940.484244][T11997] erofs: Unknown parameter './file0'
[  941.185856][T12007] loop3: detected capacity change from 0 to 256
[  941.420961][T12007] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1126'.
[  941.420984][T12007] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  942.023729][T12024] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1127'.
[  942.345415][ T5623] Bluetooth: hci3: command tx timeout
[  944.407728][ T5623] Bluetooth: hci3: command tx timeout
[  946.495177][ T5623] Bluetooth: hci3: command tx timeout
[  946.520183][T12057] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1132'.
[  946.520206][T12057] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1132'.
[  948.273965][ T5621] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  948.353215][ T5621] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  948.356959][ T5621] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  948.358960][ T5621] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  948.388172][ T5621] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  948.573009][ T5623] Bluetooth: hci3: command tx timeout
[  949.074112][T12102] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1136'.
[  950.835749][ T5623] Bluetooth: hci5: command tx timeout
[  951.646033][T11991] bridge0: port 1(bridge_slave_0) entered blocking state
[  951.646352][T11991] bridge0: port 1(bridge_slave_0) entered disabled state
[  951.646705][T11991] bridge_slave_0: entered allmulticast mode
[  951.652866][T11991] bridge_slave_0: entered promiscuous mode
[  952.224172][T11991] bridge0: port 2(bridge_slave_1) entered blocking state
[  952.224589][T11991] bridge0: port 2(bridge_slave_1) entered disabled state
[  952.224931][T11991] bridge_slave_1: entered allmulticast mode
[  952.228645][T11991] bridge_slave_1: entered promiscuous mode
[  953.120877][T11588] Bluetooth: hci5: command tx timeout
[  953.149416][ T5621] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  953.251879][ T5621] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  953.254319][ T5621] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  953.258611][ T5621] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  953.259858][ T5621] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  953.496157][T11991] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  953.753460][T11991] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  954.362220][ T5748] usb 4-1: new full-speed USB device number 31 using dummy_hcd
[  954.524583][ T5748] usb 4-1: not running at top speed; connect to a high speed hub
[  954.526269][ T5748] usb 4-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config
[  954.530202][ T5748] usb 4-1: New USB device found, idVendor=1199, idProduct=9003, bcdDevice=d7.24
[  954.530232][ T5748] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  954.530251][ T5748] usb 4-1: Product: syz
[  954.530265][ T5748] usb 4-1: Manufacturer: syz
[  954.530278][ T5748] usb 4-1: SerialNumber: syz
[  955.021739][T11991] team0: Port device team_slave_0 added
[  955.124789][ T5621] Bluetooth: hci5: command tx timeout
[  955.265020][T11991] team0: Port device team_slave_1 added
[  955.456731][   T38] audit: type=1326 audit(1777686303.126:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12177 comm="syz.1.1146" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f525e07cdd9 code=0x0
[  955.523158][ T5621] Bluetooth: hci1: command tx timeout
[  955.762569][ T3357] bridge_slave_1: left allmulticast mode
[  955.762607][ T3357] bridge_slave_1: left promiscuous mode
[  955.762926][ T3357] bridge0: port 2(bridge_slave_1) entered disabled state
[  955.888062][ T3357] bridge_slave_0: left allmulticast mode
[  955.888103][ T3357] bridge_slave_0: left promiscuous mode
[  955.918664][ T3357] bridge0: port 1(bridge_slave_0) entered disabled state
[  957.202338][ T5621] Bluetooth: hci5: command tx timeout
[  957.367817][ T5748] qmi_wwan 4-1:6.0: invalid descriptor buffer length
[  957.376234][ T5748] qmi_wwan 4-1:6.0: probe with driver qmi_wwan failed with error -22
[  957.391617][ T5748] usb 4-1: USB disconnect, device number 31
[  957.603119][ T5621] Bluetooth: hci1: command tx timeout
[  957.833039][ T3357] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  957.913228][ T3357] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  957.934595][ T3357] bond0 (unregistering): Released all slaves
[  959.800563][ T5621] Bluetooth: hci1: command tx timeout
[  959.830190][T11991] batman_adv: batadv0: Adding interface: batadv_slave_0
[  959.830210][T11991] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  959.830237][T11991] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  959.894679][T11991] batman_adv: batadv0: Adding interface: batadv_slave_1
[  959.894698][T11991] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  959.894724][T11991] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  960.212140][ T3357] hsr_slave_0: left promiscuous mode
[  960.256041][ T3357] hsr_slave_1: left promiscuous mode
[  960.256930][ T3357] batman_adv: batadv0: Removing interface: batadv_slave_0
[  960.311698][ T3357] batman_adv: batadv0: Removing interface: batadv_slave_1
[  960.965126][ T3357] team0 (unregistering): Port device team_slave_1 removed
[  961.046482][ T3357] team0 (unregistering): Port device team_slave_0 removed
[  961.700105][T11991] hsr_slave_0: entered promiscuous mode
[  961.711262][T11991] hsr_slave_1: entered promiscuous mode
[  961.820848][T12244] netlink: 'syz.1.1158': attribute type 16 has an invalid length.
[  961.820874][T12244] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1158'.
[  961.842807][ T5621] Bluetooth: hci1: command tx timeout
[  961.848413][T12244] veth0_macvtap: entered allmulticast mode
[  963.556807][   T38] audit: type=1326 audit(1777686311.216:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12281 comm="syz.1.1166" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f525e07cdd9 code=0x0
[  963.932287][ T5271] 8021q: adding VLAN 0 to HW filter on device eth13
[  965.959312][T12091] bridge0: port 1(bridge_slave_0) entered blocking state
[  965.959743][T12091] bridge0: port 1(bridge_slave_0) entered disabled state
[  965.960082][T12091] bridge_slave_0: entered allmulticast mode
[  965.964645][T12091] bridge_slave_0: entered promiscuous mode
[  967.505006][T12307] loop3: detected capacity change from 0 to 32768
[  967.540145][T12307] workqueue: Failed to create a rescuer kthread for wq "xfs-buf/loop3": -EINTR
[  967.591702][T12091] bridge0: port 2(bridge_slave_1) entered blocking state
[  967.616400][T12091] bridge0: port 2(bridge_slave_1) entered disabled state
[  967.616722][T12091] bridge_slave_1: entered allmulticast mode
[  967.645462][T12091] bridge_slave_1: entered promiscuous mode
[  967.791423][T12325] loop3: detected capacity change from 0 to 64
[  968.295373][T12091] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  968.372772][ T5750] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  968.453799][T12091] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  968.553605][ T5750] usb 4-1: Using ep0 maxpacket: 8
[  968.557564][ T5750] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  968.557609][ T5750] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[  968.559902][ T5750] usb 4-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52
[  968.559932][ T5750] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  968.559961][ T5750] usb 4-1: Product: syz
[  968.559975][ T5750] usb 4-1: Manufacturer: syz
[  968.559990][ T5750] usb 4-1: SerialNumber: syz
[  968.629028][ T5750] usb 4-1: config 0 descriptor??
[  968.803761][T12143] bridge0: port 1(bridge_slave_0) entered blocking state
[  968.804064][T12143] bridge0: port 1(bridge_slave_0) entered disabled state
[  968.804356][T12143] bridge_slave_0: entered allmulticast mode
[  968.807587][T12143] bridge_slave_0: entered promiscuous mode
[  968.856173][T12331] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  968.874238][T12331] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  968.936567][ T5750] usb 4-1: USB disconnect, device number 33
[  970.718809][T12091] team0: Port device team_slave_0 added
[  970.732838][T12143] bridge0: port 2(bridge_slave_1) entered blocking state
[  970.733200][T12143] bridge0: port 2(bridge_slave_1) entered disabled state
[  971.669971][T12143] bridge_slave_1: entered allmulticast mode
[  971.683565][T12143] bridge_slave_1: entered promiscuous mode
[  971.717366][T12091] team0: Port device team_slave_1 added
[  972.601712][T12143] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  972.634968][T12091] batman_adv: batadv0: Adding interface: batadv_slave_0
[  972.634988][T12091] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  972.635017][T12091] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  972.712911][T12143] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  972.744263][T12091] batman_adv: batadv0: Adding interface: batadv_slave_1
[  972.744300][T12091] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  972.744331][T12091] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  973.028843][T12143] team0: Port device team_slave_0 added
[  973.204997][T12143] team0: Port device team_slave_1 added
[  973.954767][T12091] hsr_slave_0: entered promiscuous mode
[  973.964073][T12091] hsr_slave_1: entered promiscuous mode
[  973.970132][T12091] debugfs: 'hsr0' already exists in 'hsr'
[  973.970162][T12091] Cannot create hsr debugfs directory
[  973.975091][T12143] batman_adv: batadv0: Adding interface: batadv_slave_0
[  973.975107][T12143] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  973.975132][T12143] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  975.338840][T12143] batman_adv: batadv0: Adding interface: batadv_slave_1
[  975.338860][T12143] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  975.338890][T12143] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  977.367997][T12143] hsr_slave_0: entered promiscuous mode
[  977.370440][T12143] hsr_slave_1: entered promiscuous mode
[  977.388262][T12143] debugfs: 'hsr0' already exists in 'hsr'
[  977.388283][T12143] Cannot create hsr debugfs directory
[  977.510895][T12393] loop3: detected capacity change from 0 to 128
[  977.713895][T12393] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  977.714104][T12393] hpfs: filesystem error: improperly stopped
[  977.714121][T12393] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  977.714137][T12393] hpfs: You really don't want any checks? You are crazy...
[  977.714154][T12393] hpfs: Code page index out of array
[  977.714189][T12393] hpfs: code page support is disabled
[  977.741841][T12393] hpfs: hpfs_map_4sectors(): unaligned read
[  977.751257][T12393] hpfs: hpfs_map_4sectors(): unaligned read
[  977.751273][T12393] hpfs: filesystem error: unable to find root dir
[  978.502740][T12395] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  978.840620][T11991] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  979.036425][T11991] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  981.655177][T11991] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  981.681742][T11991] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  981.774589][T12416] loop3: detected capacity change from 0 to 256
[  981.836771][T12416] FAT-fs (loop3): Directory bread(block 64) failed
[  981.836798][T12416] FAT-fs (loop3): Directory bread(block 65) failed
[  981.836859][T12416] FAT-fs (loop3): Directory bread(block 66) failed
[  981.836873][T12416] FAT-fs (loop3): Directory bread(block 67) failed
[  981.836937][T12416] FAT-fs (loop3): Directory bread(block 68) failed
[  981.836951][T12416] FAT-fs (loop3): Directory bread(block 69) failed
[  981.837008][T12416] FAT-fs (loop3): Directory bread(block 70) failed
[  981.837021][T12416] FAT-fs (loop3): Directory bread(block 71) failed
[  981.837082][T12416] FAT-fs (loop3): Directory bread(block 72) failed
[  981.837096][T12416] FAT-fs (loop3): Directory bread(block 73) failed
[  982.372907][T11991] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  982.409602][T11991] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  982.703438][T11991] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  985.121001][T11991] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  985.913221][ T5748] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  986.062407][ T5748] usb 4-1: Using ep0 maxpacket: 32
[  986.073486][ T5748] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 128, changing to 11
[  986.073522][ T5748] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xB7, changing to 0x87
[  986.073547][ T5748] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  986.078618][ T5748] usb 4-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68
[  986.078651][ T5748] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  986.078672][ T5748] usb 4-1: Product: syz
[  986.078686][ T5748] usb 4-1: Manufacturer: syz
[  986.078701][ T5748] usb 4-1: SerialNumber: syz
[  986.152765][ T5748] usb 4-1: config 0 descriptor??
[  986.183362][ T5748] input: Generic X-Box pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input10
[  986.451708][T12433] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  986.457057][T12433] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  986.563817][T12433] loop3: detected capacity change from 0 to 512
[  988.256536][T12433] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  988.740089][T12433] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 48 vs 41 free clusters
[  988.783032][    C1] EXT4-fs (loop3): initial error at time 1777686336: ext4_mb_generate_buddy:1317
[  988.783067][    C1] EXT4-fs (loop3): last error at time 1777686336: ext4_mb_generate_buddy:1317
[  988.860122][T11991] 8021q: adding VLAN 0 to HW filter on device bond0
[  988.905077][T12433] Quota error (device loop3): write_blk: dquota write failed
[  988.905105][T12433] Quota error (device loop3): find_free_dqentry: Can't write quota data block 5
[  988.905476][T12433] Quota error (device loop3): write_blk: dquota write failed
[  988.973728][T12433] Quota error (device loop3): qtree_write_dquot: Error -28 occurred while creating quota
[  988.973781][T12433] EXT4-fs error (device loop3): ext4_acquire_dquot:7034: comm syz.3.1199: Failed to acquire dquot type 1
[  988.973802][T12433] loop3: lost filesystem error report for type 5 error -28
[  989.224738][T12433] EXT4-fs (loop3): 1 truncate cleaned up
[  989.248246][T12433] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  989.316463][ T5944] usb 4-1: USB disconnect, device number 34
[  989.333041][    C0] xpad 4-1:0.0: xpad_irq_out - usb_submit_urb failed with result -19
[  989.658990][ T5608] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  990.430677][ T5748] IPVS: starting estimator thread 0...
[  990.598890][T12474] IPVS: using max 13 ests per chain, 31200 per kthread
[  990.615430][ T5271] 8021q: adding VLAN 0 to HW filter on device eth14
[  990.680501][T12473] loop3: detected capacity change from 0 to 4096
[  991.228956][T12480] FAULT_INJECTION: forcing a failure.
[  991.228956][T12480] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  991.228998][T12480] CPU: 0 UID: 0 PID: 12480 Comm: syz.3.1204 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  991.229027][T12480] Tainted: [L]=SOFTLOCKUP
[  991.229036][T12480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  991.229048][T12480] Call Trace:
[  991.229057][T12480]  <TASK>
[  991.229067][T12480]  dump_stack_lvl+0xe8/0x150
[  991.229102][T12480]  should_fail_ex+0x46b/0x600
[  991.229132][T12480]  strncpy_from_user+0x36/0x2b0
[  991.229159][T12480]  getname_long+0x88/0x130
[  991.229184][T12480]  do_getname+0x181/0x250
[  991.229217][T12480]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  991.229241][T12480]  __se_sys_symlink+0x2b/0x2b0
[  991.229272][T12480]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  991.229294][T12480]  do_syscall_64+0x15f/0xf80
[  991.229329][T12480]  ? trace_irq_disable+0x3b/0x140
[  991.229356][T12480]  ? clear_bhb_loop+0x40/0x90
[  991.229381][T12480]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  991.229403][T12480] RIP: 0033:0x7f5a02c8cdd9
[  991.229424][T12480] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  991.229441][T12480] RSP: 002b:00007f5a00ebd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000058
[  991.229464][T12480] RAX: ffffffffffffffda RBX: 00007f5a02f06090 RCX: 00007f5a02c8cdd9
[  991.229480][T12480] RDX: 0000000000000000 RSI: 0000200000000440 RDI: 0000200000001640
[  991.229494][T12480] RBP: 00007f5a00ebd090 R08: 0000000000000000 R09: 0000000000000000
[  991.229507][T12480] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  991.229520][T12480] R13: 00007f5a02f06128 R14: 00007f5a02f06090 R15: 00007ffd01dfc438
[  991.229555][T12480]  </TASK>
[  991.330391][T11991] 8021q: adding VLAN 0 to HW filter on device team0
[  991.748807][ T6285] bridge0: port 1(bridge_slave_0) entered blocking state
[  991.764541][ T6285] bridge0: port 1(bridge_slave_0) entered forwarding state
[  993.022229][ T3357] bridge_slave_1: left allmulticast mode
[  993.022268][ T3357] bridge_slave_1: left promiscuous mode
[  993.022558][ T3357] bridge0: port 2(bridge_slave_1) entered disabled state
[  993.103902][ T3357] bridge_slave_0: left allmulticast mode
[  993.103940][ T3357] bridge_slave_0: left promiscuous mode
[  993.104249][ T3357] bridge0: port 1(bridge_slave_0) entered disabled state
[  993.283167][ T3357] bridge_slave_1: left allmulticast mode
[  993.283196][ T3357] bridge_slave_1: left promiscuous mode
[  993.283392][ T3357] bridge0: port 2(bridge_slave_1) entered disabled state
[  993.312552][ T5750] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  993.366064][ T1336] ieee802154 phy0 wpan0: encryption failed: -22
[  993.366263][ T1336] ieee802154 phy1 wpan1: encryption failed: -22
[  993.372272][ T3357] bridge_slave_0: left allmulticast mode
[  993.372304][ T3357] bridge_slave_0: left promiscuous mode
[  993.372570][ T3357] bridge0: port 1(bridge_slave_0) entered disabled state
[  993.464510][ T5750] usb 4-1: too many configurations: 9, using maximum allowed: 8
[  993.465650][ T5750] usb 4-1: config 0 has no interfaces?
[  993.466734][ T5750] usb 4-1: config 0 has no interfaces?
[  993.467795][ T5750] usb 4-1: config 0 has no interfaces?
[  993.468851][ T5750] usb 4-1: config 0 has no interfaces?
[  993.469932][ T5750] usb 4-1: config 0 has no interfaces?
[  993.470995][ T5750] usb 4-1: config 0 has no interfaces?
[  993.473713][ T5750] usb 4-1: config 0 has no interfaces?
[  993.495540][ T5750] usb 4-1: config 0 has no interfaces?
[  993.529307][ T5750] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  993.529328][ T5750] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  993.529341][ T5750] usb 4-1: Product: syz
[  993.529349][ T5750] usb 4-1: Manufacturer: syz
[  993.529358][ T5750] usb 4-1: SerialNumber: syz
[  993.545061][ T5750] usb 4-1: config 0 descriptor??
[  994.019174][ T5621] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201'
[  994.019196][ T5621] CPU: 0 UID: 0 PID: 5621 Comm: kworker/u9:3 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  994.019215][ T5621] Tainted: [L]=SOFTLOCKUP
[  994.019220][ T5621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  994.019228][ T5621] Workqueue: hci4 hci_rx_work
[  994.019252][ T5621] Call Trace:
[  994.019257][ T5621]  <TASK>
[  994.019264][ T5621]  dump_stack_lvl+0xe8/0x150
[  994.019283][ T5621]  sysfs_create_dir_ns+0x271/0x2a0
[  994.019297][ T5621]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  994.019313][ T5621]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  994.019328][ T5621]  ? rt_spin_unlock+0x160/0x200
[  994.019343][ T5621]  kobject_add_internal+0x631/0xd10
[  994.019361][ T5621]  kobject_add+0x163/0x240
[  994.019377][ T5621]  ? __pfx_kobject_add+0x10/0x10
[  994.019393][ T5621]  ? get_device_parent+0x370/0x3a0
[  994.019410][ T5621]  device_add+0x408/0xbb0
[  994.019427][ T5621]  hci_conn_add_sysfs+0xd5/0x210
[  994.019447][ T5621]  le_conn_complete_evt+0x10e6/0x16b0
[  994.019467][ T5621]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  994.019481][ T5621]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  994.019497][ T5621]  ? lockdep_hardirqs_on+0x7a/0x110
[  994.019515][ T5621]  ? skb_pull_data+0xfb/0x200
[  994.019530][ T5621]  hci_le_conn_complete_evt+0x187/0x470
[  994.019548][ T5621]  hci_event_packet+0x659/0xef0
[  994.019568][ T5621]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  994.019582][ T5621]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  994.019594][ T5621]  ? __pfx_hci_event_packet+0x10/0x10
[  994.019610][ T5621]  ? rt_spin_unlock+0x14f/0x200
[  994.019629][ T5621]  ? hci_send_to_monitor+0xe2/0x590
[  994.019645][ T5621]  hci_rx_work+0x3ee/0x1040
[  994.019678][ T5621]  ? process_one_work+0x8b7/0x1710
[  994.019692][ T5621]  process_one_work+0x9a3/0x1710
[  994.019722][ T5621]  ? __pfx_process_one_work+0x10/0x10
[  994.019735][ T5621]  ? do_raw_spin_lock+0x12b/0x2f0
[  994.019761][ T5621]  worker_thread+0xba8/0x11e0
[  994.019793][ T5621]  kthread+0x388/0x470
[  994.019811][ T5621]  ? __pfx_worker_thread+0x10/0x10
[  994.019824][ T5621]  ? __pfx_kthread+0x10/0x10
[  994.019842][ T5621]  ret_from_fork+0x514/0xb70
[  994.019861][ T5621]  ? __pfx_ret_from_fork+0x10/0x10
[  994.019876][ T5621]  ? __switch_to+0xc79/0x1410
[  994.019892][ T5621]  ? __pfx_kthread+0x10/0x10
[  994.019910][ T5621]  ret_from_fork_asm+0x1a/0x30
[  994.019945][ T5621]  </TASK>
[  994.020304][ T5621] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  994.020347][ T5621] Bluetooth: hci4: failed to register connection device
[  994.093019][ T3357] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  994.107325][T12508] netlink: 'syz.1.1211': attribute type 1 has an invalid length.
[  994.213114][ T3357] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  994.274986][ T3357] bond0 (unregistering): Released all slaves
[  994.473162][ T3357] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  994.552962][ T3357] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  994.614361][ T3357] bond0 (unregistering): Released all slaves
[  994.648265][ T5271] 8021q: adding VLAN 0 to HW filter on device eth15
[  995.360103][  T171] bridge0: port 2(bridge_slave_1) entered blocking state
[  995.360412][  T171] bridge0: port 2(bridge_slave_1) entered forwarding state
[  995.813636][ T3357] hsr_slave_0: left promiscuous mode
[  995.852166][ T3357] hsr_slave_1: left promiscuous mode
[  995.852980][ T3357] batman_adv: batadv0: Removing interface: batadv_slave_0
[  995.894396][ T3357] batman_adv: batadv0: Removing interface: batadv_slave_1
[  996.280811][ T5927] usb 4-1: USB disconnect, device number 35
[  996.332260][ T3357] hsr_slave_0: left promiscuous mode
[  996.436738][T12523] loop3: detected capacity change from 0 to 8
[  996.442097][T12523] SQUASHFS error: xz decompression failed, data probably corrupt
[  996.442131][T12523] SQUASHFS error: Failed to read block 0x108: -5
[  996.442150][T12523] SQUASHFS error: Unable to read metadata cache entry [106]
[  996.442166][T12523] SQUASHFS error: Unable to read inode 0x11f
[  997.420949][T12523] loop3: detected capacity change from 0 to 131072
[  997.421773][T12523] f2fs: Unknown parameter 'syzkaller'
[  997.510242][ T3357] hsr_slave_1: left promiscuous mode
[  997.520506][ T3357] batman_adv: batadv0: Removing interface: batadv_slave_0
[  997.599920][T12522] overlayfs: failed to resolve './file1': -2
[  997.993273][ T3357] batman_adv: batadv0: Removing interface: batadv_slave_1
[  998.331400][T12527] overlayfs: failed to resolve './file0': -2
[  998.748504][T12529] loop3: detected capacity change from 0 to 32768
[  998.794561][T12529] JBD2: Ignoring recovery information on journal
[  998.828003][T12529] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  999.353966][ T5608] ocfs2: Unmounting device (7,3) on (node local)
[  999.354170][ T3357] team0 (unregistering): Port device team_slave_1 removed
[  999.475662][ T3357] team0 (unregistering): Port device team_slave_0 removed
[  999.552447][T12538] loop3: detected capacity change from 0 to 64
[ 1000.058922][T12540] Trying to free block not in datazone
[ 1000.058940][T12540] Trying to free block not in datazone
[ 1000.058948][T12540] Trying to free block not in datazone
[ 1000.058957][T12540] Trying to free block not in datazone
[ 1000.058964][T12540] Trying to free block not in datazone
[ 1000.058973][T12540] Trying to free block not in datazone
[ 1000.059074][T12540] Trying to free block not in datazone
[ 1000.059082][T12540] Trying to free block not in datazone
[ 1000.059092][T12540] Trying to free block not in datazone
[ 1000.059103][T12540] Trying to free block not in datazone
[ 1000.059110][T12540] Trying to free block not in datazone
[ 1000.059117][T12540] Trying to free block not in datazone
[ 1000.059126][T12540] minix_free_block (loop3:6): bit already cleared
[ 1000.059142][T12540] Trying to free block not in datazone
[ 1000.059149][T12540] Trying to free block not in datazone
[ 1000.059157][T12540] Trying to free block not in datazone
[ 1000.059167][T12540] minix_free_block (loop3:7): bit already cleared
[ 1000.059179][T12540] Trying to free block not in datazone
[ 1000.059186][T12540] Trying to free block not in datazone
[ 1000.059194][T12540] Trying to free block not in datazone
[ 1000.059200][T12540] Trying to free block not in datazone
[ 1000.059208][T12540] Trying to free block not in datazone
[ 1000.059224][T12540] minix_free_block (loop3:6): bit already cleared
[ 1000.413297][ T3357] team0 (unregistering): Port device team_slave_1 removed
[ 1000.462660][ T3357] team0 (unregistering): Port device team_slave_0 removed
[ 1001.300309][ T5623] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1001.341515][ T5623] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1001.456582][ T5623] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1001.462749][T12551] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1224'.
[ 1001.463643][ T5623] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1001.466059][ T5623] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1002.309959][T12546] loop3: detected capacity change from 0 to 32768
[ 1002.926783][T12566] loop3: detected capacity change from 0 to 32768
[ 1003.107475][T12566] JBD2: Ignoring recovery information on journal
[ 1003.226410][T12566] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[ 1003.922964][ T5621] Bluetooth: hci2: command tx timeout
[ 1003.943137][ T5271] 8021q: adding VLAN 0 to HW filter on device eth16
[ 1004.290467][ T5608] ocfs2: Unmounting device (7,3) on (node local)
[ 1005.078571][T12602] loop3: detected capacity change from 0 to 2048
[ 1005.199075][T12602] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1006.002068][ T5621] Bluetooth: hci2: command tx timeout
[ 1006.127869][T12607] loop3: detected capacity change from 0 to 32768
[ 1006.242199][T12607] JBD2: Ignoring recovery information on journal
[ 1006.295091][T12607] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[ 1007.397152][ T5608] ocfs2: Unmounting device (7,3) on (node local)
[ 1008.083546][ T5621] Bluetooth: hci2: command tx timeout
[ 1008.223835][T12638] loop3: detected capacity change from 0 to 4096
[ 1008.261309][T12638] ntfs3(loop3): Different NTFS sector size (2048) and media sector size (512).
[ 1008.453826][T12638] ntfs3(loop3): Failed to initialize $Extend/$ObjId.
[ 1010.423254][ T5623] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1010.477599][T11588] Bluetooth: hci2: command tx timeout
[ 1010.493471][ T5623] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1010.498455][ T5623] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1010.499956][ T5623] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1010.504118][ T5623] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1011.093788][T12684] overlayfs: failed to clone upperpath
[ 1011.207460][T12547] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1011.207632][T12547] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1011.210970][T12547] bridge_slave_0: entered allmulticast mode
[ 1011.246694][T12547] bridge_slave_0: entered promiscuous mode
[ 1011.717260][T12691] loop3: detected capacity change from 0 to 32768
[ 1011.951347][T12691] JBD2: Ignoring recovery information on journal
[ 1012.057642][T12691] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[ 1012.653207][ T5608] ocfs2: Unmounting device (7,3) on (node local)
[ 1012.762757][ T5621] Bluetooth: hci3: command tx timeout
[ 1012.969062][T12547] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1012.969564][T12547] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1012.969879][T12547] bridge_slave_1: entered allmulticast mode
[ 1012.980032][T12547] bridge_slave_1: entered promiscuous mode
[ 1014.107072][T12547] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1014.155877][T12547] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1014.648999][T12711] loop3: detected capacity change from 0 to 32768
[ 1014.739075][ T5623] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1014.814059][T11588] Bluetooth: hci3: command tx timeout
[ 1014.863963][ T5623] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1014.867286][ T5623] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1014.916428][ T5623] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1014.925383][ T5623] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1014.951356][T12713] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[ 1014.963398][T12711] JBD2: Ignoring recovery information on journal
[ 1015.187552][T12711] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[ 1016.965851][ T5621] Bluetooth: hci3: command tx timeout
[ 1017.172688][ T5621] Bluetooth: hci6: command tx timeout
[ 1017.403080][ T5608] ocfs2: Unmounting device (7,3) on (node local)
[ 1017.607360][T12733] 9pnet_fd: Insufficient options for proto=fd
[ 1017.847896][T12547] team0: Port device team_slave_0 added
[ 1018.429260][T12547] team0: Port device team_slave_1 added
[ 1018.986202][T12752] loop3: detected capacity change from 0 to 32768
[ 1019.048036][ T5621] Bluetooth: hci3: command tx timeout
[ 1019.076667][T12752] JBD2: Ignoring recovery information on journal
[ 1019.129045][T12752] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[ 1019.221683][ T5621] Bluetooth: hci6: command tx timeout
[ 1019.523674][T12547] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1019.523693][T12547] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1019.523718][T12547] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1019.942932][ T5608] ocfs2: Unmounting device (7,3) on (node local)
[ 1020.000578][T12547] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1020.000598][T12547] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1020.000627][T12547] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1021.292834][ T5621] Bluetooth: hci6: command tx timeout
[ 1021.756744][T12774] 9pnet_fd: Insufficient options for proto=fd
[ 1022.100109][T12775] loop3: detected capacity change from 0 to 32768
[ 1022.136786][T12775] (syz.3.1259,12775,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[ 1022.161058][T12775] (syz.3.1259,12775,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[ 1022.219800][T12775] JBD2: Ignoring recovery information on journal
[ 1022.276114][T12775] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[ 1023.178803][T12547] hsr_slave_0: entered promiscuous mode
[ 1023.181190][T12547] hsr_slave_1: entered promiscuous mode
[ 1023.194954][T12547] debugfs: 'hsr0' already exists in 'hsr'
[ 1023.194984][T12547] Cannot create hsr debugfs directory
[ 1023.325018][T12775] 
[ 1023.325033][T12775] ======================================================
[ 1023.325044][T12775] WARNING: possible circular locking dependency detected
[ 1023.325058][T12775] syzkaller #0 Tainted: G             L     
[ 1023.325070][T12775] ------------------------------------------------------
[ 1023.325080][T12775] syz.3.1259/12775 is trying to acquire lock:
[ 1023.325093][T12775] ffff888053ce5c18 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_init_acl+0x1c3/0x800
[ 1023.325157][T12775] 
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1023.325157][T12775] but task is already holding lock:
[ 1023.325166][T12775] ffff888037bfa118 (&journal->j_trans_barrier){.+.+}-{4:4}, at: ocfs2_start_trans+0x3ac/0x700
[ 1023.325220][T12775] 
[ 1023.325220][T12775] which lock already depends on the new lock.
[ 1023.325220][T12775] 
[ 1023.325230][T12775] 
[ 1023.325230][T12775] the existing dependency chain (in reverse order) is:
[ 1023.325238][T12775] 
[ 1023.325238][T12775] -> #3 (&journal->j_trans_barrier){.+.+}-{4:4}:
[ 1023.325267][T12775]        down_read+0x97/0x200
[ 1023.325287][T12775]        ocfs2_start_trans+0x3ac/0x700
[ 1023.325314][T12775]        ocfs2_mknod+0x1181/0x2260
[ 1023.325336][T12775]        ocfs2_create+0x195/0x460
[ 1023.325358][T12775]        path_openat+0x13b4/0x38a0
[ 1023.325383][T12775]        do_file_open+0x23e/0x4a0
[ 1023.325406][T12775]        do_sys_openat2+0x113/0x200
[ 1023.325425][T12775]        __x64_sys_openat+0x138/0x170
[ 1023.325445][T12775]        do_syscall_64+0x15f/0xf80
[ 1023.325473][T12775]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1023.325493][T12775] 
[ 1023.325493][T12775] -> #2 (sb_internal#4){.+.+}-{0:0}:
[ 1023.325526][T12775]        lock_release+0x199/0x3c0
[ 1023.325555][T12775]        up_write+0x1a/0x60
[ 1023.325576][T12775]        ocfs2_free_alloc_context+0x97/0x1a0
[ 1023.325599][T12775]        ocfs2_write_begin_nolock+0x410f/0x41a0
[ 1023.325624][T12775]        ocfs2_write_begin+0x1c5/0x320
[ 1023.325647][T12775]        generic_perform_write+0x2af/0x8b0
[ 1023.325677][T12775]        ocfs2_file_write_iter+0x1666/0x1e70
[ 1023.325700][T12775]        vfs_write+0x629/0xba0
[ 1023.325723][T12775]        __x64_sys_pwrite64+0x19c/0x230
[ 1023.325748][T12775]        do_syscall_64+0x15f/0xf80
[ 1023.325775][T12775]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1023.325795][T12775] 
[ 1023.325795][T12775] -> #1 (&oi->ip_alloc_sem){++++}-{4:4}:
[ 1023.325831][T12775]        down_write+0x3a/0x50
[ 1023.325849][T12775]        ocfs2_try_remove_refcount_tree+0xb6/0x340
[ 1023.325876][T12775]        ocfs2_truncate_file+0xdf3/0x14e0
[ 1023.325895][T12775]        ocfs2_setattr+0x15e5/0x1ca0
[ 1023.325915][T12775]        notify_change+0xc18/0xf60
[ 1023.325943][T12775]        do_truncate+0x1c2/0x250
[ 1023.325968][T12775]        vfs_truncate+0x4b7/0x540
[ 1023.325993][T12775]        ksys_truncate+0xf3/0x1c0
[ 1023.326018][T12775]        __x64_sys_truncate+0x5b/0x70
[ 1023.326044][T12775]        do_syscall_64+0x15f/0xf80
[ 1023.326071][T12775]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1023.326091][T12775] 
[ 1023.326091][T12775] -> #0 (&oi->ip_xattr_sem){++++}-{4:4}:
[ 1023.326118][T12775]        __lock_acquire+0x15a5/0x2d10
[ 1023.326145][T12775]        lock_acquire+0x106/0x350
[ 1023.326173][T12775]        down_read+0x97/0x200
[ 1023.326189][T12775]        ocfs2_init_acl+0x1c3/0x800
[ 1023.326214][T12775]        ocfs2_mknod+0x1679/0x2260
[ 1023.326236][T12775]        ocfs2_create+0x195/0x460
[ 1023.326257][T12775]        path_openat+0x13b4/0x38a0
[ 1023.326281][T12775]        do_file_open+0x23e/0x4a0
[ 1023.326304][T12775]        do_sys_openat2+0x113/0x200
[ 1023.326322][T12775]        __x64_sys_creat+0x8f/0xc0
[ 1023.326342][T12775]        do_syscall_64+0x15f/0xf80
[ 1023.326369][T12775]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1023.326388][T12775] 
[ 1023.326388][T12775] other info that might help us debug this:
[ 1023.326388][T12775] 
[ 1023.326396][T12775] Chain exists of:
[ 1023.326396][T12775]   &oi->ip_xattr_sem --> sb_internal#4 --> &journal->j_trans_barrier
[ 1023.326396][T12775] 
[ 1023.326435][T12775]  Possible unsafe locking scenario:
[ 1023.326435][T12775] 
[ 1023.326443][T12775]        CPU0                    CPU1
[ 1023.326449][T12775]        ----                    ----
[ 1023.326457][T12775]   rlock(&journal->j_trans_barrier);
[ 1023.326471][T12775]                                lock(sb_internal#4);
[ 1023.326491][T12775]                                lock(&journal->j_trans_barrier);
[ 1023.326508][T12775]   rlock(&oi->ip_xattr_sem);
[ 1023.326522][T12775] 
[ 1023.326522][T12775]  *** DEADLOCK ***
[ 1023.326522][T12775] 
[ 1023.326529][T12775] 8 locks held by syz.3.1259/12775:
[ 1023.326541][T12775]  #0: ffff88803a814480 (sb_writers#18){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[ 1023.326599][T12775]  #1: ffff888053ce5f40 (&type->i_mutex_dir_key#13){++++}-{4:4}, at: path_openat+0xb5e/0x38a0
[ 1023.326657][T12775]  #2: ffff888053db4e80 (&ocfs2_sysfile_lock_key[INODE_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_suballoc_bits+0x16d/0x4840
[ 1023.326713][T12775]  #3: ffff888053db5f40 (&ocfs2_sysfile_lock_key[EXTENT_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_suballoc_bits+0x16d/0x4840
[ 1023.326769][T12775]  #4: ffff888053db2d00 (&ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_local_alloc_bits+0x11f/0x2660
[ 1023.326821][T12775]  #5: ffff88803a814770 (sb_internal#4){.+.+}-{0:0}, at: ocfs2_mknod+0x1181/0x2260
[ 1023.326888][T12775]  #6: ffff888037bfa118 (&journal->j_trans_barrier){.+.+}-{4:4}, at: ocfs2_start_trans+0x3ac/0x700
[ 1023.326944][T12775]  #7: ffff888070786bb0 (jbd2_handle#2){.+.+}-{0:0}, at: start_this_handle+0x2054/0x2290
[ 1023.327004][T12775] 
[ 1023.327004][T12775] stack backtrace:
[ 1023.327021][T12775] CPU: 0 UID: 0 PID: 12775 Comm: syz.3.1259 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1023.327050][T12775] Tainted: [L]=SOFTLOCKUP
[ 1023.327059][T12775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1023.327072][T12775] Call Trace:
[ 1023.327080][T12775]  <TASK>
[ 1023.327090][T12775]  dump_stack_lvl+0xe8/0x150
[ 1023.327118][T12775]  print_circular_bug+0x2e1/0x300
[ 1023.327144][T12775]  check_noncircular+0x12e/0x150
[ 1023.327170][T12775]  __lock_acquire+0x15a5/0x2d10
[ 1023.327211][T12775]  ? ocfs2_init_acl+0x1c3/0x800
[ 1023.327238][T12775]  lock_acquire+0x106/0x350
[ 1023.327267][T12775]  ? ocfs2_init_acl+0x1c3/0x800
[ 1023.327301][T12775]  down_read+0x97/0x200
[ 1023.327319][T12775]  ? ocfs2_init_acl+0x1c3/0x800
[ 1023.327346][T12775]  ? __pfx_down_read+0x10/0x10
[ 1023.327369][T12775]  ocfs2_init_acl+0x1c3/0x800
[ 1023.327396][T12775]  ? ocfs2_mknod_locked+0x158/0x290
[ 1023.327424][T12775]  ? __pfx_ocfs2_init_acl+0x10/0x10
[ 1023.327450][T12775]  ? dquot_alloc_inode+0x8ba/0xa50
[ 1023.327472][T12775]  ? dquot_alloc_inode+0x166/0xa50
[ 1023.327492][T12775]  ? ocfs2_block_signals+0x9a/0xe0
[ 1023.327519][T12775]  ? ocfs2_init_security_get+0x139/0x1a0
[ 1023.327552][T12775]  ocfs2_mknod+0x1679/0x2260
[ 1023.327582][T12775]  ? __pfx_ocfs2_mknod+0x10/0x10
[ 1023.327611][T12775]  ? __lock_acquire+0x6b5/0x2d10
[ 1023.327643][T12775]  ? __lock_acquire+0x6b5/0x2d10
[ 1023.327680][T12775]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1023.327711][T12775]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1023.327742][T12775]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1023.327771][T12775]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1023.327798][T12775]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[ 1023.327822][T12775]  ? reacquire_held_locks+0x104/0x190
[ 1023.327852][T12775]  ? rt_spin_lock+0x1e0/0x400
[ 1023.327877][T12775]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 1023.327903][T12775]  ? rt_spin_unlock+0x14f/0x200
[ 1023.327930][T12775]  ? rt_spin_unlock+0x160/0x200
[ 1023.327956][T12775]  ? rcu_is_watching+0x15/0xb0
[ 1023.327977][T12775]  ? ocfs2_lookup+0x60f/0xa20
[ 1023.328001][T12775]  ? __pfx_apparmor_path_mknod+0x10/0x10
[ 1023.328025][T12775]  ocfs2_create+0x195/0x460
[ 1023.328049][T12775]  ? __pfx_ocfs2_lookup+0x10/0x10
[ 1023.328072][T12775]  ? __pfx_ocfs2_permission+0x10/0x10
[ 1023.328096][T12775]  ? __pfx_ocfs2_create+0x10/0x10
[ 1023.328119][T12775]  ? bpf_lsm_inode_permission+0x9/0x20
[ 1023.328148][T12775]  ? security_inode_permission+0xb7/0x2e0
[ 1023.328181][T12775]  ? may_o_create+0x2d2/0x370
[ 1023.328208][T12775]  ? bpf_lsm_inode_create+0x9/0x20
[ 1023.328236][T12775]  ? __pfx_ocfs2_create+0x10/0x10
[ 1023.328259][T12775]  path_openat+0x13b4/0x38a0
[ 1023.328299][T12775]  ? __pfx_path_openat+0x10/0x10
[ 1023.328332][T12775]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1023.328363][T12775]  do_file_open+0x23e/0x4a0
[ 1023.328388][T12775]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1023.328420][T12775]  ? __pfx_do_file_open+0x10/0x10
[ 1023.328444][T12775]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[ 1023.328478][T12775]  ? alloc_fd+0x64e/0x6c0
[ 1023.328504][T12775]  do_sys_openat2+0x113/0x200
[ 1023.328525][T12775]  ? __se_sys_futex+0x3a8/0x450
[ 1023.328547][T12775]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1023.328571][T12775]  ? rcu_is_watching+0x15/0xb0
[ 1023.328592][T12775]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1023.328614][T12775]  __x64_sys_creat+0x8f/0xc0
[ 1023.328637][T12775]  do_syscall_64+0x15f/0xf80
[ 1023.328667][T12775]  ? trace_irq_disable+0x3b/0x140
[ 1023.328694][T12775]  ? clear_bhb_loop+0x40/0x90
[ 1023.328717][T12775]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1023.328738][T12775] RIP: 0033:0x7f5a02c8cdd9
[ 1023.328759][T12775] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1023.328778][T12775] RSP: 002b:00007f5a00ede028 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[ 1023.328801][T12775] RAX: ffffffffffffffda RBX: 00007f5a02f05fa0 RCX: 00007f5a02c8cdd9
[ 1023.328817][T12775] RDX: 0000000000000000 RSI: 0000000000000044 RDI: 00002000000009c0
[ 1023.328839][T12775] RBP: 00007f5a02d22d69 R08: 0000000000000000 R09: 0000000000000000
[ 1023.328853][T12775] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1023.328866][T12775] R13: 00007f5a02f06038 R14: 00007f5a02f05fa0 R15: 00007ffd01dfc438
[ 1023.328890][T12775]  </TASK>
[ 1023.342698][T12775] syz.3.1259 (12775) used greatest stack depth: 17624 bytes left
[ 1023.362107][ T5621] Bluetooth: hci6: command tx timeout
[ 1023.380473][ T5621] Bluetooth: hci4: ACL packet for unknown connection handle 457
[ 1024.125766][ T5608] ocfs2: Unmounting device (7,3) on (node local)
[ 1024.382122][ T3357] bridge_slave_1: left allmulticast mode
[ 1024.382147][ T3357] bridge_slave_1: left promiscuous mode
[ 1024.382281][ T3357] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1024.525294][ T3357] bridge_slave_0: left allmulticast mode
[ 1024.525315][ T3357] bridge_slave_0: left promiscuous mode
[ 1024.525447][ T3357] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1025.262552][ T3357] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1025.322559][ T3357] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1025.383025][ T3357] bond0 (unregistering): Released all slaves
[ 1026.592069][ T3357] hsr_slave_0: left promiscuous mode
[ 1026.632190][ T3357] hsr_slave_1: left promiscuous mode
[ 1026.632764][ T3357] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1026.672827][ T3357] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1027.092885][ T3357] team0 (unregistering): Port device team_slave_1 removed
[ 1027.112685][ T3357] team0 (unregistering): Port device team_slave_0 removed
[ 1027.466193][ T5271] 8021q: adding VLAN 0 to HW filter on device eth13
[ 1027.780673][ T5271] 8021q: adding VLAN 0 to HW filter on device eth14
[ 1028.175496][ T5271] 8021q: adding VLAN 0 to HW filter on device eth15
[ 1028.493632][ T5271] 8021q: adding VLAN 0 to HW filter on device eth16
[ 1029.333413][ T5271] 8021q: adding VLAN 0 to HW filter on device eth17
[ 1029.635113][ T5271] 8021q: adding VLAN 0 to HW filter on device eth18
[ 1029.863208][ T3357] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1029.938932][ T5271] 8021q: adding VLAN 0 to HW filter on device eth19
[ 1030.103082][ T3357] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1030.324538][ T3357] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1030.374525][ T5271] 8021q: adding VLAN 0 to HW filter on device eth20
[ 1030.543231][ T3357] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1030.642779][ T5271] 8021q: adding VLAN 0 to HW filter on device eth21
[ 1030.932607][ T3357] bridge_slave_1: left allmulticast mode
[ 1030.932636][ T3357] bridge_slave_1: left promiscuous mode
[ 1030.932831][ T3357] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1031.012556][ T3357] bridge_slave_0: left allmulticast mode
[ 1031.012579][ T3357] bridge_slave_0: left promiscuous mode
[ 1031.012725][ T3357] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1031.192110][ T3357] bridge_slave_1: left allmulticast mode
[ 1031.192132][ T3357] bridge_slave_1: left promiscuous mode
[ 1031.192251][ T3357] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1031.252449][ T3357] bridge_slave_0: left allmulticast mode
[ 1031.252470][ T3357] bridge_slave_0: left promiscuous mode
[ 1031.252589][ T3357] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1031.412173][ T3357] bridge_slave_1: left allmulticast mode
[ 1031.412194][ T3357] bridge_slave_1: left promiscuous mode
[ 1031.412314][ T3357] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1031.472503][ T3357] bridge_slave_0: left allmulticast mode
[ 1031.472524][ T3357] bridge_slave_0: left promiscuous mode
[ 1031.472648][ T3357] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1031.812280][ T3357] bridge_slave_1: left allmulticast mode
[ 1031.812312][ T3357] bridge_slave_1: left promiscuous mode
[ 1031.812496][ T3357] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1031.872457][ T3357] bridge_slave_0: left allmulticast mode
[ 1031.872479][ T3357] bridge_slave_0: left promiscuous mode
[ 1031.872597][ T3357] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1032.012195][ T3357] bridge_slave_1: left allmulticast mode
[ 1032.012225][ T3357] bridge_slave_1: left promiscuous mode
[ 1032.012469][ T3357] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1032.072488][ T3357] bridge_slave_0: left allmulticast mode
[ 1032.072510][ T3357] bridge_slave_0: left promiscuous mode
[ 1032.072670][ T3357] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1032.452562][ T3357] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1032.532481][ T3357] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1032.592788][ T3357] bond0 (unregistering): Released all slaves
[ 1032.692692][ T3357] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1032.792820][ T3357] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1032.852737][ T3357] bond0 (unregistering): Released all slaves