last executing test programs:

11m2.797774114s ago: executing program 32 (id=7):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x10)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000240)='./file1/file0\x00', 0x40009, &(0x7f0000000340)={[], [{@euid_eq}]}, 0xfe, 0x57a, &(0x7f0000000580)="$eJzs3U1rG0cfAPD/yi95fZ44EELbQzHk0JQ0cmz3JYUe0mNpQwPtPRWyYoLlKFhyiN1AkkNzyaWEQikNlH6A3nsM/QL9FIE2EEow7aEXlZVXjhJJsezItlr9frDJzM6uZ0azM5rRSmwAQ2sy/ScX8WpEfJ1EHGlJG40scXL9uLUnN4rplkS9/tkfSSTZvubxSfb/oSzySkT88lXEqVx7vtWV1YVCuVxayuJTtcWrU9WV1dOXFwvzpfnSlZnZ2bPvzM68/967favrmxf++u7TBx+dvXti7dufHh29l8S5OJyltdbjJdxqjUzGZPaajMW55w6c7kNmgyTZ6wKwLSNZPx+LdAw4EiNZrwf++25GRB0YUon+D0OqOQ9oru37tA7+13j84foCqL3+o+ufjcT+xtro4FryzMooXe9O9CH/NI+ff79/L92if59DAGzq1u2IODM62j7+Jdn4t31nejjm+TyMf7B7HqTzn7c6zX9yG/Of6DD/OdSh727H5v0/96jDaUm/PqVO538fdJz/bty0mhjJYv9rzPnGkkuXy6V0bPt/RJyMsX1p/EX3c86uPax3S2ud/6Vbmn9zLpiV49HovmfPmSvUCi9T51aPb0e81nH+m2y0f9Kh/dPX40KPeRwv3X+9W9rm9d9Z9R8j3mhp/6cpyTOhF9yfnGpcD1PNq6Ldn3eO/9ot/72uf9r+Bzte/xv1n0ha79dWt57HD/v/LnVL2+71P5583giPZ/uuF2q1pemI8eST9v0zT89txpvHp/U/eeLF41+n6/9ARHzRY/3vHLvT9dBBaP+5LbX/1gMPP/7y+27599b+bzdCJ7M9vYx/vRbwZV47AAAAAAAAGDS5iDgcSS6/Ec7l8vn173cci4O5cqVaO3WpsnxlLhq/lZ2IsVzzTveRlu9DTGffh23GZ5rx8fX4bEQcjYhvRg404vlipTy315UHAAAAAAAAAAAAAAAAAACAAXGoy+//U7+NdDxlfHdLCOwoj/yG4bVp/+/Hk56AgbTV9/99O1QOYPdta/5/oP/lAHaf9T8MqbG9LgCwl7z/w/DS/2F46f8wvPR/AAAAAAAAAAAAAAAAAAAAAAAAAAAA6KsL58+nW33tyY1iGp+7trK8ULl2eq5UXcgvLhfzxcrS1fx8pTJfLuWLlcXN/l65Urk6PRPL16dqpWptqrqyenGxsnyldvHyYmG+dLHkaUMAAAAAAAAAAAAAAAAAAADQrrqyulAol0tLAoMdGBmMYrQHRgejGL0GbsZAFGNnA3f70Ls7DBbFXR6cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACDzTwAAAP//dzsyzQ==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x4, 0xc, &(0x7f00000004c0)=ANY=[@ANYRES16=r0, @ANYBLOB="a057598df6ba8a6b93e5acbf03188ccafd4bc1dcb587eba1c51e1c489866d6302e3ae3015ee807ff22e6ade4dcb19dc571992ed72b48e359db5ceb2bfeac1e15ed130ab4e441ed827b53b1edc3e6a272de694aa0f3227f8c98316931b9e356a98fe796e95ac6b1c8682159672db8f6948f65a97757078259031c637c1e154bdd5704bbacbcf76982317f8f8cad57"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket$inet6(0xa, 0x3, 0x8)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x28)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x10, &(0x7f0000000000)=0x7a, 0x1)
sendmmsg$inet6(r4, &(0x7f0000004580)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='$\x00\x00\x00\x00\x00\x00\x00)\x00\x00\x002'], 0x28}}], 0x1, 0x0)
recvmmsg(r4, &(0x7f00000011c0), 0x0, 0x40001100, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r3, 0x80049367, &(0x7f0000000380))
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_int(r5, &(0x7f00000001c0)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000040), 0x1)
syz_mount_image$ext4(&(0x7f0000000300)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x50, &(0x7f0000000440)={[{@barrier_val={'barrier', 0x3d, 0x2}}, {}, {@nobh}, {@init_itable_val={'init_itable', 0x3d, 0x3}}, {@data_err_ignore}]}, 0x2, 0x3f7, &(0x7f0000001200)="$eJzs3M1uG0UcAPD/bj5K0rQOEgdUOESAIAhI6kCAIiQKVz4uwANESVoq3KZqjERLDgVx4sQBcePQF+DAA1QVQkLiFXgBVKlCaQ5wC1p713HjD2LZqVPn95NWnlmPM/P3blYz490J4Niai4jzETEWEUsRUcr3p/kWN+tbVu7+9tbqzvbWahK7ux//nUSS7yv+VpK/nswz82lE+m3EUzdb6928fuPzlUpl/VqeX6xevrq4ef3GK5cur1xcv7h+pfzGuXJ5eenN8msDi/XH5148N/be+TM//Vm6szw5OZW1dyZ/rzmOQZmLucZ3st/yoCsbssk2+x4bQjsAAOguzfv+47X+fynGaqm6UixuDbVxAAAAwEDsvpO/AgAAACMsMfYHAACAEVfcB3B/e2u12A5040Dp0G5JeKjuvRsRs3vPNu804h9vPL860eH51kGYi4irzyelbItDeg4ZAKDZnaz/c7Zd/y+NJ5vKncjX85gacP1z+/Kt/Z/07oCrfEDW/3s7InZa+n9pUWR2LM+dqnUVJ5ILlyrrZyPidETMx8SJLF/uUsf7//z8Uaf3svh/S06dLras/ux1r0R6d/zEg59ZW6mu9BNzs3tfR5wZbxd/0uj/JhEx3UcdY1/deqvTe/8f/+HavRXxQtvjv7dyT9J9faLF2vmwWJwVrf795pcPO9U/7Piz4z/dPf7ZpHm9ps3e67j92R9P1xJtomoe//Ry/k8mn9TSxbjsy5Vq9Vo5YjL5oHX/0t5ni3xRPot//tn2///F9S/J17Saya8Bvfru+19f7l6iHn+2ZfUXY8GHIYt/rafj33vi9du/f9qp/ubj3z7+7PjX1wCbz/cc5Pp30Ab2890BAADAoyKtzWsk6UJ+J8BMpOnCQn2+44mYTisbm9WXLmx8cWWtPv8xGxNpMdNVapoPLdd/Rm/kl/blX42IxyPih9JULb+wulFZG3bwAAAAcEycLMb/jbmA+vg/89eI3OMPAAAA5D/UAwAAAKPN+B8AAABGWj/r+h3fRPbNHYFmHPnEM0ejGUNITMSRaEYfiWFfmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB5t/wUAAP//Iba0AQ==")

10m53.217767008s ago: executing program 33 (id=12):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240))
socket$alg(0x26, 0x5, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x6d91fb6102d8d9cc, 0x0, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000000)=<r0=>0x0)
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x0, 0x0)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000300)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0)
io_setup(0x3fe, &(0x7f00000001c0)=<r5=>0x0)
io_getevents(r5, 0x5, 0x0, &(0x7f0000000040), 0x0)
io_submit(r5, 0x1, &(0x7f0000000280)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, r4, 0x0}])
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$MSR(0x0, 0x0, 0x0)
read$msr(r6, &(0x7f0000002000)=""/102400, 0x19000)
ioprio_set$uid(0x3, 0x0, 0x0)
r7 = syz_open_dev$loop(&(0x7f0000000180), 0x8, 0x40400)
ioctl$BLKTRACESETUP(r7, 0xc0481273, &(0x7f0000000280)={'\x00', 0x7, 0x200, 0x6, 0x5, 0x400000})

10m22.326941824s ago: executing program 0 (id=88):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000001040)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000c80)=[@hopopts={{0x30, 0x29, 0x36, {0x3c, 0x2, '\x00', [@hao={0xc9, 0x10, @ipv4={'\x00', '\xff\xff', @empty}}]}}}], 0x30}}], 0x1, 0x20000000)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00'})

10m21.970660041s ago: executing program 0 (id=90):
socket$inet6_udplite(0xa, 0x2, 0x88)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r1, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0x801, 0x43, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x8}, [@IFLA_XDP={0x14, 0x2b, 0x0, 0x1, [@IFLA_XDP_FLAGS={0x8, 0x3, 0x2}, @IFLA_XDP_FD={0x8, 0x1, r1}]}, @IFLA_GROUP={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20048050}, 0x40014)

10m20.670766971s ago: executing program 0 (id=96):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r0, &(0x7f0000000100), 0x18)
sendmsg$can_j1939(r0, &(0x7f00000002c0)={&(0x7f0000000140)={0x1d, 0x0, 0x2, {0x1, 0x0, 0x3}, 0x2}, 0x18, &(0x7f0000001140)={0x0}, 0x1, 0x0, 0x0, 0x4004}, 0x20040091)

10m20.391296399s ago: executing program 0 (id=99):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={<r5=>0xffffffffffffffff})
recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="5000000010000104000000000030000000000000", @ANYRES32=r6, @ANYBLOB="0000000000000000300012800b00010065727370616e00002000028004001200050016000200"], 0x50}, 0x1, 0x0, 0x0, 0x4000}, 0x4080)
sendmsg$nl_route(r4, 0x0, 0x0)

10m17.351968059s ago: executing program 0 (id=105):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r0}, 0x9)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
setsockopt(0xffffffffffffffff, 0x1, 0x10000000000009, 0x0, 0x0)
setsockopt(0xffffffffffffffff, 0x1, 0x9, 0x0, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
close_range(r1, 0xffffffffffffffff, 0x0)

10m16.254776036s ago: executing program 0 (id=108):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000e60000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0x4f33}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="180300000005000000000000000000001801000011af000000000000002020207b1af8ff00000000bfa100000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r6)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x2c, r7, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x2004c890}, 0x2000c800)

10m0.537854429s ago: executing program 34 (id=108):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000e60000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0x4f33}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="180300000005000000000000000000001801000011af000000000000002020207b1af8ff00000000bfa100000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r6)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x2c, r7, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x2004c890}, 0x2000c800)

9m11.666785661s ago: executing program 4 (id=197):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000005000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b0000000500000008040000cd00000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000008000000000000000000000181100", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$netlink(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
r3 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r3, 0x8983, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r1}, 0x10)
write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
r6 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$DCCPDIAG_GETSOCK(r6, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000010}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r7 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r7, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
r8 = socket$netlink(0x10, 0x3, 0x0)
writev(r8, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r8, &(0x7f0000000040)=[{&(0x7f0000000400)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000200000000000006040000000000f93132", 0x39}], 0x1)

9m10.098342441s ago: executing program 4 (id=201):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
r3 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)={0x151c40, 0x0, 0xb}, 0x18)
getdents64(r3, &(0x7f0000000340)=""/97, 0x61)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
socket$key(0xf, 0x3, 0x2)
socket$inet6(0xa, 0x80002, 0x8a)
r7 = socket(0x10, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r7, 0x89f1, &(0x7f0000000000)={'ip6tnl0\x00', &(0x7f0000000080)={'syztnl2\x00', 0x0, 0x0, 0x8, 0xc, 0xffffff97, 0x18, @local, @loopback={0x12, 0x460c6}, 0x8000, 0x0, 0x1, 0xfffffffc}})
sendmsg$nl_route(r1, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c00000021000f0000f901000000000002"], 0x1c}}, 0x0)

9m7.107242582s ago: executing program 4 (id=204):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = inotify_init()
inotify_add_watch(r0, &(0x7f0000000000)='./file0\x00', 0x2000018)
r1 = open(&(0x7f00000000c0)='./file0\x00', 0x14000, 0x50)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000080)={'syztnl1\x00', &(0x7f0000000180)={'syztnl0\x00', <r2=>0x0, 0x29, 0x0, 0x6f, 0x8, 0x0, @dev={0xfe, 0x80, '\x00', 0xb}, @local, 0x1, 0x40, 0x1000, 0x9}})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mkdir(&(0x7f0000000200)='./bus\x00', 0x10)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYRES16=r1, @ANYRESOCT], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r2, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

9m6.745720672s ago: executing program 4 (id=205):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r0, 0x0, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = socket(0xa, 0x2, 0x0)
connect$inet6(r5, &(0x7f0000000080)={0xa, 0x4e20, 0x2003, @local, 0x2}, 0x1c)
r6 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='iocharset=cp865,uid=', @ANYRESHEX=0x0, @ANYBLOB=',namecase=1,uid=', @ANYRESHEX=0x0, @ANYBLOB="2c666d61736b3d30303030303030303030303030303030303030303031302c757466382c666d61736b3d30303030303030303030303030303030303030303030362c6572726f72733d636f6e74696e75652c7379735f747a2c616c6c6f775f7574696d653d30303030303030303030303030303030303134373036342c00968868822eaa4073da2a8bad3e75bf3fa58e5fe9023e2efe14b61e42154e792855b9c44517fcaf42990fa252a8fcc76df45041b88e383db02cc075636a6b415c49ee2ad1af7ecfc73f3809bce1541b2c780705cdd96cfb760a1f342582ee152abbe3f5828666937a5068d6170f62dc427b22ae7bd20a2fb9094ffaf7b7eda15af87283045448d6cabb51f8a411539d39a9d6db38d1"], 0x1, 0x1545, &(0x7f0000001a00)="$eJzs3AucTVX7OPDnWWvtMSROk1yGtdazOcllmSTJJUkuSZIkSW4JSZO8kpAYQpKGJCSXIYkhJJeJSeN+v18SkqRJkpDckvX/TPFXb97f+77/t19+/988389nf2Y9Z+9n7Wef55w5e2/mfNt1aK0mtas3IiL4j+CvP5IAIBYABgJAXgAIAKB8XPm4rPU5JSb9Zzthf64HU690BexK4v5nb9z/7I37n71x/7M37n/2xv3P3rj/2Rv3n7HsbNO0Qtfwkn2XP/v+fyzf////CH/+/y+SWWbsl2vKXNcNIOZfTeH+Z2/c//+1gn9lI+5/9pTzwk/uf3YVe6ULYH+lPpd/mN//2UGOf7iG+5+9cf8Zy86u9P3nv3KJuczxQuR/2HNw5MK12V+0vyv9+mOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxlj2c9pcoALg4vtJ1McYYY4wxxhhj7M/jc1zpChhjjDHGGGOMMfbfD0GABAUBxEAOiIWckAsEAFwNeSAvROAaiINrIR9cB/mhABSEQhAPhaEIaDBggSCEolAMonA9FIcboASUhFJQGhyUgQS4EcrCTVAObobycAtUgFuhIlSCylAFboOqcDtUgzugOtwJNaAm1ILacBfUgbuhLtwD9eBeqA/3IcD90BAegEbwIDSGh6AJPAxN4RFoBs2hBbSEVv91PjS4bP7z0BNegF7QG5KgD/SFF6Ef9IcB8BIMhJdhELwCg+FVSIYhMBReg2HwOgyHN2AEjIRR8CaMhrdgDIyFcTAeUmACTIS3YRK8A5PhXZgCUyEVpsF0eA9mwEyYBe/DbPgA5sBcmAfzIQ0+hAWwENLhI1gEH0MGLIYlsBSWwXJYASthFayGNbAW1sF62AAbYRNshi2wFbbBdtgBn8BO+BR2wW7YA5/BXvj838w/9Xf53RAQUKBAhQpjMAZjMRZzYS7MjbkxD+bBCEYwDuMwH+bD/JgfC2JBjMd4LIJF0KBBQsKiWBSjGMXiWBxLYAkshaXQocMETMCyeBOWw3JYHstjBayAFbESVsIqWAWrYlWshtWwOlbHGlgDa2EtvAvvwj5YF+tiPayH9bH+xdtT2AgbYWNsjE2wCTbFptgMm2ELbIGtsBW2xtbYBttgO2yH7bE9dsAOmIiJ2BE7YifshJ2xM3bBLtgVu2I37I7dM5/PAfgCvoC9sYbog32xL/bD5BwD8CV8CV/GQfgKvoKvYjIOwaH4Gr6Gr+NwPIkjcCSOwlFYVbyFY3AskhiPKZiCE3EiTsJJmFXouzgVU3EaTsfpOANn4kx8H2fjB/gBzsW5OB/TMA0X4EJMx3RchKcwAxfjElyKy3A5LsOVuApX4hpci2twPa7HjbgRN+Nm3IpbcTtux09QAeCnuBt3YzLuxb24D/fhftyPB/AAZmImHsSDeAgP4WE8jEfwCB7FY3gcj+EJPIEn8RSextN4Fs/iOXw2/uvGn5RcnQwiixJKxIgYEStiRS6RS+QWuUUekUdERETEiTiRT+QT+UV+UVAUFPEiXhQRRYQRRpAIYwBAREVUFBfFRQlRQpQSpYQTTiSIBFFWlBXlRDlRXtwiKohbRUVRSbR1VUQVUVW0c9XEHaK6qC5qiJqilqgtaos6oo6oK+qKeqKeqC/qiwbiftFQ9MEB+KDI6kwTMQSbiqHYTDQX8sJvsNZiOLYRbUU78bgYiSOwg2jtEsVToqMYg53E38RYfEZ0EeOxq3hOdBPdRQ/xvOgp2rheoreYjH1EXzEV+4n+YoB4SczAmuJ9nJ2zlnhVJIshYqh4TczH18Vw8YYYIUaKUeJNMVq8JcaIsWKcGC9SxAQxUbwtJol3xGTxrpgipopUMU1MF++JGWKmmCXeF7PFB2KOmCvmifkiTXwoFoiFIl18JBaJj0WGWCyWiKVimVguVoiVYpVYLdaItWKdWC82iI1ik9gstoitYpvYLnaIT8RO8anYJXaLPeIzsVd8LvaJL8R+8aU4IL4SmeJrcVB8Iw6Jb8Vh8Z04Ir4XR8UxcVz8IE6IH8VJcUqcFmfEWfGTOCd+FueFFyBRCimlkoGMkTlkrMwpc8mrZG4ZXHh2r5Fx8lqZT14n88sCsqAsJONlYVlEammklSRDWVQWk1F5vSwub5AlZElZSpaWTpaRCfJGWVbeJMvJm2V5eYusIG+VFWUlWVlWkbfJqvJ2CZFf91FD1pS1ZG15l0yCu2VdeY+sJ++V9eV9soG8XzaUD8hG8kHZWD4km8iHZVP5iGwmm8sWsqVsJR+VreVjso1sK9vJx2V7+YTsIJ+UifIp2VH6Cy+RZ2QX+azsKp+T3WR32UP+LM9LL3vJ3hL6gOwrX5T9ZH85IBYA5MtykHxFDpavymQ5RA6Vr8lh8nU5XL4hR8iRcpR8U46Wb8kxcqwcJ8fLFDlBTpRvy0nyHTlZviunyKkyVU6TA+TAX2aaJeU/zX/7MvmDf9n7RrlJbpZb5Fa5TW6XO+QncqfcKXfJXXKP3CP3yr1yn9wn98v98oA8IDNlpjwoD8pD8pA8LA/LI/KIPCqPyTPyB3lC/ihPylPylDwjz8qz8tyF5wAUKqGkUipQMSqHilU5VS51lcqtrlZ5VF4VUdeoOHWtyqeuU/lVAVVQFVLxqrAqorQyyipSoSqqiqmouh4vvGBUKVVaOVVGJagb/518VVzdoEqokr/Lv1hf0j+or5VqpVqr1qqNaqPaqXaqvWqvOqgOKlElqo6qo+qkOqnOqrPqorqorqqr6qa6qR6qh+qpeqpeqpdKUkmqr3pR9VP91QD1khqoXlaD1CA1WA1WySpZDVVD1TA1TA1Xw9UINUKNUqPUaDVajVFj1Dg1TqWoFDVRTVST1CQ1WU1WU9QUlapS1XQ1Xc1QM9QsNUvNVrPVHDVHzVPzVJpKUwvUApWu0tUitUhlqMVqsVqqlqrlarlaqVaq1Wq1WqvWqvVqvcpQm9QmtUVtUdvUNrVD7VA71U61S+1Se9QetVftVfvUPrVf7VcH1AGVqTLVQXVQHVKH1GF1WB1RR9RRdVQdV8fVCXVCnVQn1Wl1Wp1VZ9U5dU6dV+ezTvsCEYhABSqICWKC2CA2yBXkCnIHuYM8QZ4gEkSCuCAuyBdcF+QPCgQFg0JBfFA4KBLowAQ2EBeaHg2uD4oHNwQlgpJBqaB04IIyQUJwY1A2uCkoF9wclA9uCSoEtwYVg0pB5aBKcFtQNbg9qBbcEVQP7gxqBDWDWkHt4K6gTnB3UDe4J6gX3BvUD+4LGgT3Bw2DB4JGwYNB4+ChoEnwcNA0eCRoFjQPWgQtg1Z/6vzenyzwmOule+sk3Uf31S/qfrq/HqBf0gP1y3qQfkUP1q/qZD1ED9Wv6WH6dT1cv6FH6JF6lH5Tj9Zv6TF6rB6nx+sUPUFP1G/rSfodPVm/q6foqTpVT9PT9Xt6hp6pZ+n39Wz9gZ6j5+p5er5O0x/qBXqhTtcf6UX6Y52hF+sleqleppfrFXqlXqVX6zV6rV6n1+sNeqPepDfrLXqr3qa36x36E71Tf6p36d16j/5M79Wf6336C71ff6kP6K90pv5aH9Tf6EP6W31Yf6eP6O/1UX1MH9c/6BP6R31Sn9Kn9Rl9Vv+kz+mf9Xnts07usz7ejTLKxJgYE2tiTS6Ty+Q2uU0ek8dETMTEmTiTz+Qz+U1+U9AUNPEm3hQxRUwWMmSKmqImaqKmuCluSpgSppQpZZxxJsEkmLKmrClnypnyprypYCqYiqaiqWwqm9vMbeZ2c7u5w9xh7jR3mpqmpqltaps6po6pa+qaeqaeqW/qmwamgWloGppGppFpbBqbJqaJaWqammammWlhWphWppVpbVqbNqaNaWfamfamvelgOphEk2g6mo6mk+lkOpvOpovpYrqarqab6WZ6mB6mp+lpepleJskkmb6mr+ln+pkBZoAZaAaaQWaQGWwGm2STbIaaoWaYGWaGm+FmhBlpRmWdqJq3zBgz1owz402KSTETzUQzyUwyk81kM8VMMakm1Uw3080MM8PMMrPMbDPbzDFzzDwzz6SZNLPALDDpJt0sMotMhskwS8wSs8wsMyvMCrPKrDJrzBqzDtaZDWaD2WQ2mS1mi9lmtpkdZofZaXaaXWaX2WP2mL1mr9ln9pn9Zr85YA6YTJNpDpqD5pA5ZA6bw+aIOWKOmqPmuDluTpgT5qQ5aU6b0+asKXDh89KbWJvT5rJX2dz2apvH5rV/Hxe0hWy8LWyLWG3z2wK/i421toQtaUvZ0tbZMjbB3viHuKKtZCvbKvY2W9Xebqv9Ia5j77Z17T22nr3X1rZ3/S6ub++zDezDtiEigG1uG9uWtol92Da1j9hmtrltYVva9vYJ28E+aRPtU7ajffoP8QK70K6yq+0au9busrvtaXvGHrLf2rP2J9vL9rYD7ct2kH3FDrav2mQ75A/xKPumHW3fsmPsWDvOjv9DPMVOtal2mp1u37Mz7Mw/xGn2Qzvbpts5dq6dZ+f/EmfVlG4/sovsxzbDBrDELrXL7HK7wq68WKvPa9fbDXaj3Wk/tVvsVrvNbrc7Lp4I2912j/3M7rWf24P2G7vffmkP2MM20379S5x1fIftd/aI/d4etcfscfuDPWF/VBezs479B/uzPW+9BUICkqQooBjKQbGUk3LRVZSbrqY8lJcidA3F0bWUj66j/FSAClIhiqfCVIQ0GbJEFFJRKkZRup4ulleKSpOjMpRAN1JZuonK0c1Unm6hCnQrVaRKVJmq0G1UlW6nanQHVac7qQbVpFpUm+6iOnQ31aV7qB7dS/XpPmpA91NDeoAa0YPUmB6iJvQwNaVHqBk1pxbUklrRo9SaHqM21Jba0ePUnp6gDvQkJdJT1JGepk70N+pMz1AXepa60nPUjbpTD3qeetIL1It6UxL1ob70IvWj/jSAXqKB9DINoldoML1KyTSEhtJrNIxep+H0Bo2gkTSK3qTR9BaNobE0jsZTCk2gifQ2TaJ3aDK9S1NoKqXSNJpO79EMmkmz6H2aTR/QHJpL82g+pdGHtIAWUjp9RIvoY8qgxbSEltIyWk4raCWtotW0htbSOlpPG2gjbaLNtIW20jbaTjvoE9pJn9Iu2k176DPaS5/TPvqC9tOXdIC+okz6mg7SN3SIvqXD9J3vTd/TUTpGx+kHOkE/0kk6RafpDJ2ln+gc/UznyROEGIpQhioMwpgwRxgb5gxzhVeFucOrwzxh3jASXhPGhdeG+cLrwvxhgbBgWCiMDwuHRUIdmtCGFIZh0bBYGA2vD4uHN4QlwpJhqbB06MIyYUJ4Y1g2vCksF94clg9vCSuEt4YVw0rhw/dWCW8Lq4a3h9XCO8Lq4Z1hjbBmWCusHd4V1gnvDuuG94T1wnvDcuF9YYPw/rBh+EDYKHwwbBw+FDYJHw6bho+EzcLmYYuwZdgqfDRsHT4Wtgnbhu3Cx8P24RNhh/DJMDF8KuwYPv3L+vsW/uP1SWGfsG/4Yvhi6P09cl50fjQt+mF0QXRhND36UXRR9ONoRnRxdEl0aXRZdHl0RXRldFV0dXRNdG10XXR9dEN0Y9T72jnAoRNOOuUCF+NyuFiX0+VyV7nc7mqXx+V1EXeNi3PXunzuOpffFXAFXSEX7wq7Ik4746wjF7qirpiLuutdcXeDK+FKulKutHOujEtwLV0r18q1do+5Nq6ta+ced4+7J9wT7kn3pHvKdXRPu07ub66ze8Z1cc+6Z91zrpvr7nq4511PNyHPr+/JJNfX9XX9XD83wA1wA91AN8gNcoPdYJfskt1QN9QNc8PccDfcjXAj3Cg3yo12o90YN8aNc+NciktxE91EN8lNcpPdZDfFTXGpLtVNd9PdDDfDVZ35617muDlunpvn0lyaW+CyzhnT3SK3yGW4DLfELXHL3DK3wq1wq9wqt8atcevcOrfBbXCb3Ca3xW1x29w2t8PtcDvdTrfL5/11UrfX7XP73H633x1wX7lM97U76L5xh9y37rD7zh1x37uj7pg77n5wJ9yP7qQ75U67M+6s+8mdcz+78867lMiEyMTI25FJkXcikyPvRqZEpkZSI9Mi0yPvRWZEZkZmRd6PzI58EJkTmRuZF5kfSYt8GFkQWRhJj3wUWRT5OJIRWRxZElkaWRZZHvG+8JbQF/XFfNRf74v7G3wJX9KX8qW982V8gr/Rl/U3+XL+Zl/e3+Ir+Ft9RV/JV/aP+Ga+uW/hW/pW/lHf2j/m2/i2vp1/3Lf3T/gO/kmf6J/yHf3TvpP/m+/sn/Fd/LO+q3/Od/PdfQ//vO/pX/C9fG+f5Pv4vv5F38/39wP8S36gf9kP8q/4wf5Vn+yH+KH+NT/Mv+6H+zf8CD/Sj4p504++eIkM432Kn+An+rf9JP+On+zf9VPOep/qp/np/j0/w8/0s/z7frb/wM/xc/08P9+n+Q/9Ar/Qp/uP/CL/sc/wiy/eVPYr/Eq/yq/2a/xav86v9xv8Rr/Jb/Zb/Fa/zW/3O/wnfqf/1O/yu/0e/5nf6z/3+/wXfr//0h/wX/lM/7U/6L/xh/y3/rD/zh/x3/uj/pg/7n/wJ/yP/qQ/5U/7M/6s/8mf8z/78/w3a4wxxhhj/5IJl4bi92t+vZ3f5zI54jcb9wWAq7cWyvzt+qwzynX5fx33F/HtIwDwVO+uD15catRI+r/bZkgIis0FuPgvQVli4FK8GNrBE5AIbaHsZevvL7qfpT/On5T0m/mjtwDk+k1OLFyKL83/BQAmXWb+Rx8ftaBCeDruv5h/LkCJYpdycsKleDG0++X+Slso9w/qL9D6n9Sf88sUgDa/yckNl+JL9SfAY/A0JP5uS8YYY4wxxhhj7Ff9ReXOF68/L/6Pz7+/vs26Po9Xl3JywKX4n12fM8YYY4wxxhhj7Mp7pnuPJx9NTGzb+d8fVPt/yvqXB03hv2tmHlx24D3AxUcUAPyHEwJkDeRfeRSb/5J9JV946/z9qmVnfAD/M1r5Zwyu8C8mxhhjjDHG2J/u0kn/7x9XV6ogxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGMsG/orvk6Mv02AMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcZYdvd/AgAA//8vzfwg")
sendfile(r5, r6, 0x0, 0x11000002)

9m5.273252023s ago: executing program 4 (id=208):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xd23}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0}, 0x0, &(0x7f0000000040)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10)
open(&(0x7f0000000080)='./file1\x00', 0x64842, 0x22)
lgetxattr(0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1e, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x5, 0xba, &(0x7f0000000300)=""/186, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000180), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000200)='./file0\x00', 0x0, &(0x7f0000000340)={[{@nodioread_nolock}, {@min_batch_time}, {@barrier_val={'barrier', 0x3d, 0x40}}, {@nodelalloc}]}, 0x5, 0x795, &(0x7f0000000cc0)="$eJzs3c9rXNUeAPDvnSRNk/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTsmgRwY2g4kLQTdf+qDu3/tjqf+FCWqqmxYoLidyZO+20mUmTNjOj5vOBmznn3js553vP/XHunMtMAHvWRPonF3EoIt5NIsay+UlEDNVTgxEnGuvdXl8rplMSGxuv/pzU17m1vlaMlvekDmSZ/0fEN29FHM415g+3lFtdWZ0vlMulpSw/VVs4P1VdWT1ybqEwV5orLR6bnpk5evyZ48d2L9Zfv189eP29l578/MTvb/7v6jvfJnEiDmbLWuPYLRMxkW2ToXQT3uPF3S6sz5J+V4CHkh6aA42jPA7FWAzUUx2M9LJmAEC3bAAAe1CiDwAAe0zzc4Bb62vF5tTfTyR668YLEbG/EX9zfLOxZDAbs9tfHwcdvZXcMzKSRMT4LpQ/EREff/n6p+kUWTu0G0szvgbstkuXI+LM+MTm83+y6ZmFnXpqq4UbjadBJu6bvdeuP9BPX6X9n2fb9f9yd/o/0ab/M9zm2H0YDz7+c9d2oZiO0v7f8y3Ptt1uiT8zPpDl/lXv8w0lZ8+VS+m57d8RMRlDw2l+ur5q+17a5M0/bnYqv7X/98v7b3ySlp++3l0jd21w+N73zA7XCo8ad9ONyxGPDbaLP7nT/kmH/u+pbZbx8nNvf9RpWRp/Gm9z2hx/d21ciXiibfvfbctky+cTp+q7w1Rzp2jjix8+HO1Ufmv7p1NafvNeoBfS9h/dOv7xpPV5zerOy/juytjXnZY9OP42+3+hVtiXvFZP78vmXSzUakvTEfuSVzbPP3r3vc18c/00/snH2x//jWLb7//pPeGZbcY/eP2nzx4+/u5K45/dUfvvPHH19vxAp/K31/4z9dRkNidt/wfFtd0KPsq2AwAAAAAAAAAAAAAAAAAAAAAAAIDtykXEwUhy+TvpXC6fb/yG939jNFeuVGuHz1aWF2ej/lvZ4zGUa37V5VjL96FOZ9+H38wfvS//dET8JyI+GB6p5/PFSnm238EDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOZAh9//T/043O/aAQBds7/fFQAAes71HwD2np1d/0e6Vg8AoHfc/wPA3rPt6/+Z7tYDAOgd9/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB02amTJ9Np47f1tWKan72wsjxfuXBktlSdzy8sF/PFytL5/FylMlcu5YuVhY7/6FLjpVypnJ+JxeWLU7VStTZVXVk9vVBZXqydPrdQmCudLg31LDIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2L7qyup8oVwuLUlsmRhJE4PZRvsL1KffiUEb4R+eaD1LjPTn5AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwN/BnAAAA//+9uipa")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setsockopt$packet_int(r5, 0x107, 0x14, &(0x7f0000000000)=0xf41, 0x4)
sendto$packet(r5, &(0x7f0000000240), 0x0, 0x800, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r8 = dup(r7)
pselect6(0x40, &(0x7f0000000980)={0x7, 0xfa70, 0x4, 0x4, 0x0, 0x10000, 0x3, 0x5}, &(0x7f00000009c0)={0x8, 0x100000000, 0x0, 0x1, 0x3ff, 0x4, 0x4, 0x98}, &(0x7f0000000a00)={0xf, 0x0, 0x786, 0x7c1, 0xfffffffffffffff9, 0x9e3, 0x5}, &(0x7f0000000a40)={0x77359400}, &(0x7f0000000ac0)={&(0x7f0000000a80)={[0x10000]}, 0x8})
write$UHID_INPUT(r8, &(0x7f0000002080)={0xf, {"a2e3ad21e08eeb661b5d500987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f353b68090890e0878f0e1ac6e7049b3b46959b649a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07410936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c554336909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f6777478bc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5dc29a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f6435f7590000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9a53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02da93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d0300000000000000b378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d678746383074c6bc1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b3c7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0da42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

9m2.538025949s ago: executing program 4 (id=210):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1801000001ffffeb00000000eb658e0d850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee6, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x5, &(0x7f0000000340)=ANY=[@ANYRESOCT=r0, @ANYRESOCT=r0, @ANYRES16], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
brk(0x200000001000)
socket$inet_tcp(0x2, 0x1, 0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0)
read$FUSE(r4, &(0x7f0000004cc0)={0x2020}, 0x2020)
pread64(r4, &(0x7f0000000180)=""/75, 0x4b, 0xa0ef)
read$FUSE(r4, &(0x7f0000000380)={0x2020}, 0x2020)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20000000)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2008002, &(0x7f0000000380), 0x1, 0x55f, &(0x7f0000000d00)="$eJzs3c9vHFcdAPDvjH9t0zROoAeogAQoBBRlN960UdVLwwWEqkqIigPikBp7Y5nsZkN2XWoTCfdvAAkkTvAncEDigNQTB24cEELigBDlgFTAAsVIHBbN7Njd2rvNNl7v1t7PR5rMj/dmvu+ts/PevrXnBTC1LkXEdkTMR8RrEbFYHE+KJW52lyzfw50HK7s7D1aS6HRe/WeSp2fHoueczJPFNUsR8fWvRHw7ORy3tbl1Z7ler90v9ivtxr1Ka3Pr6npjea22Vrtbrd5YunHthevPVw+c+Ydzj1vXi41fvPPl9Ze/8etfffLt321/8ftZsc4Wab31GKVu1ef242RmI+Ll4wg2ATPFen7C5eDxpBHxkYj4TP7+X4yZ/H8nAHCadTqL0Vns3R+gNDAFADhh0nwMLEnLEZGmRSeg3B3DezrOpPVmq33ldnPj7mp3rOx8zKW31+u1axcW/vTdPPNcku0v5Wl5er5fPbB/PSIuRMSPFp7I98srzfrqZLo8ADD1nuxt/yPiPwtpWi4PdWqfb/UAgBOjNOkCAABjp/0HgOmj/QeA6TNE+1982b997GUBAMbD538AmD7afwCYPtp/AJgqX3vllWzp7BbPv159fXPjTvP1q6u11p1yY2OlvNK8f6+81myu5c/saTzqevVm897Sc7HxRqVda7Urrc2tW43mxt32rfy53rdqc2OpFQDwfi5cfOuPSURsv/hEvkTPXA7aajjd0hHmAk6WmaOcrIMAJ5rZvmB6DdWE552E3x57WYDJ6Psw71Lfzff6yQcI4veM4EPl8seHH/83xzOcLh9wZP/3xzJJPjARjzf+/9LIywGMn/F/mF6dTnJwzv/5/SQA4FQ6wq/wdX4wqk4IMFGPmsx7JN//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwClzNiK+E0lazucCT7N/03I54qmIOB9zye31eu1aRJyLixExt5DtL0260ADAEaV/T4r5vy4vPnv2YOp88t+FfB0R3/vpqz9+Y7ndvr+UHf/X/vGFvenDqu+ed4R5BQGA4f11mEx5+10t1j0f5B/uPFjZW46xjIe886X9yUdXdnce5Es3ZTY6nU4nopT3Jc78O4nZ4pxSRDwTETMjiL/9ZkR8rF/9k3xs5Hwx82lv/ChiPzXW+Ol74qd5WnedvXwfHUFZYNq8ld1/bvZ7/6VxKV/3f/+X8jvU0eX3v1LE3r1vtyf+bBFppk/87D1/adgYz/3mq4cOdha7aW9GPDPbL36yHz8ZEP/ZIeP/+ROf+uFLA9I6P4u4HP3j98aqtBv3Kq3NravrjeW12lrtbrV6Y+nGtReuP1+t5GPUlb2R6sP+8eKVc4PKltX/zID4pb71n98/93ND1v/n/3vtW59+d3fhYPwvfLb/z//pvvG7sjbx80PGXz7zy4HTd2fxVwfU/1E//ytDxn/7b1urQ2YFAMagtbl1Z7ler90/0kb2KXQU1zm0kRVxuMx73cXBeYoMN9/vOn+JfGNEL8uAjawzNkzmueN6VY99Y3a/rzjaK38zu+KYq5OOvBZH2ng4rliTuR8B43OoeQQAAAAAAAAAAAAAAD50xvGnS5OuIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKfX/wMAAP//8RXBxA==")

8m47.356249752s ago: executing program 35 (id=210):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1801000001ffffeb00000000eb658e0d850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee6, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x5, &(0x7f0000000340)=ANY=[@ANYRESOCT=r0, @ANYRESOCT=r0, @ANYRES16], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
brk(0x200000001000)
socket$inet_tcp(0x2, 0x1, 0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/crypto\x00', 0x0, 0x0)
read$FUSE(r4, &(0x7f0000004cc0)={0x2020}, 0x2020)
pread64(r4, &(0x7f0000000180)=""/75, 0x4b, 0xa0ef)
read$FUSE(r4, &(0x7f0000000380)={0x2020}, 0x2020)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20000000)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x2008002, &(0x7f0000000380), 0x1, 0x55f, &(0x7f0000000d00)="$eJzs3c9vHFcdAPDvjH9t0zROoAeogAQoBBRlN960UdVLwwWEqkqIigPikBp7Y5nsZkN2XWoTCfdvAAkkTvAncEDigNQTB24cEELigBDlgFTAAsVIHBbN7Njd2rvNNl7v1t7PR5rMj/dmvu+ts/PevrXnBTC1LkXEdkTMR8RrEbFYHE+KJW52lyzfw50HK7s7D1aS6HRe/WeSp2fHoueczJPFNUsR8fWvRHw7ORy3tbl1Z7ler90v9ivtxr1Ka3Pr6npjea22Vrtbrd5YunHthevPVw+c+Ydzj1vXi41fvPPl9Ze/8etfffLt321/8ftZsc4Wab31GKVu1ef242RmI+Ll4wg2ATPFen7C5eDxpBHxkYj4TP7+X4yZ/H8nAHCadTqL0Vns3R+gNDAFADhh0nwMLEnLEZGmRSeg3B3DezrOpPVmq33ldnPj7mp3rOx8zKW31+u1axcW/vTdPPNcku0v5Wl5er5fPbB/PSIuRMSPFp7I98srzfrqZLo8ADD1nuxt/yPiPwtpWi4PdWqfb/UAgBOjNOkCAABjp/0HgOmj/QeA6TNE+1982b997GUBAMbD538AmD7afwCYPtp/AJgqX3vllWzp7BbPv159fXPjTvP1q6u11p1yY2OlvNK8f6+81myu5c/saTzqevVm897Sc7HxRqVda7Urrc2tW43mxt32rfy53rdqc2OpFQDwfi5cfOuPSURsv/hEvkTPXA7aajjd0hHmAk6WmaOcrIMAJ5rZvmB6DdWE552E3x57WYDJ6Psw71Lfzff6yQcI4veM4EPl8seHH/83xzOcLh9wZP/3xzJJPjARjzf+/9LIywGMn/F/mF6dTnJwzv/5/SQA4FQ6wq/wdX4wqk4IMFGPmsx7JN//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwClzNiK+E0lazucCT7N/03I54qmIOB9zye31eu1aRJyLixExt5DtL0260ADAEaV/T4r5vy4vPnv2YOp88t+FfB0R3/vpqz9+Y7ndvr+UHf/X/vGFvenDqu+ed4R5BQGA4f11mEx5+10t1j0f5B/uPFjZW46xjIe886X9yUdXdnce5Es3ZTY6nU4nopT3Jc78O4nZ4pxSRDwTETMjiL/9ZkR8rF/9k3xs5Hwx82lv/ChiPzXW+Ol74qd5WnedvXwfHUFZYNq8ld1/bvZ7/6VxKV/3f/+X8jvU0eX3v1LE3r1vtyf+bBFppk/87D1/adgYz/3mq4cOdha7aW9GPDPbL36yHz8ZEP/ZIeP/+ROf+uFLA9I6P4u4HP3j98aqtBv3Kq3NravrjeW12lrtbrV6Y+nGtReuP1+t5GPUlb2R6sP+8eKVc4PKltX/zID4pb71n98/93ND1v/n/3vtW59+d3fhYPwvfLb/z//pvvG7sjbx80PGXz7zy4HTd2fxVwfU/1E//ytDxn/7b1urQ2YFAMagtbl1Z7ler90/0kb2KXQU1zm0kRVxuMx73cXBeYoMN9/vOn+JfGNEL8uAjawzNkzmueN6VY99Y3a/rzjaK38zu+KYq5OOvBZH2ng4rliTuR8B43OoeQQAAAAAAAAAAAAAAD50xvGnS5OuIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKfX/wMAAP//8RXBxA==")

2m47.775385252s ago: executing program 7 (id=801):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000080000000000000000400000095"], &(0x7f0000000100)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000100)="200000001e006bcd9e3fe3dc6e08000007000000190000007ea60864160af365", 0x20}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

2m46.739376666s ago: executing program 7 (id=805):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000440)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
getitimer(0x0, 0x0)

2m45.430972423s ago: executing program 7 (id=813):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
writev(r0, &(0x7f0000000800)=[{&(0x7f0000000200)="d0287581a5801cad1f414261ea47ded61e1272ca34b984b6b416fb1443620d5feb2d88924240b6cf3d89efd9432fb353160874f5db42435b7d47bca45691c46c83a8ee748688b6c29ae4b3328827f23cdcac9a61fbce119d7009fdc4ca0634c51b38", 0x62}], 0x1)

2m44.852472481s ago: executing program 7 (id=815):
syz_io_uring_setup(0x9e, &(0x7f0000000000)={0x0, 0xec25, 0x0, 0x2, 0x40000333}, 0x0, 0x0)
r0 = socket$inet6(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c000000190001000000000000000000021800000000fd000000ed0008000100ac1414003400080004"], 0x2c}}, 0x0)
sendto$inet6(r0, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b)

2m39.075825448s ago: executing program 7 (id=831):
socket$kcm(0xa, 0x3, 0x106)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0x17, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000072"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r1)
r2 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r2, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x20008000)
r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1e6b0b725ad99b817fd98cd824498949714e32f21dcc4ae5437aca55f21f3ca9e822d182054d54d53cd2b6da714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed00000000000000000000000000000000000000006c63b40e0c00000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f79829c90bd2114252581567acae715cbe1b57d5cda432c5b9443999f7d24195405f2e76ba88454cc9227069ccb7b37b41215c000000003be991e5e897284cdd6043058cec00000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r4, r3, 0x26}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{r4, <r5=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000080)=r1}, 0x20)
recvmsg(r2, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e00)=[{&(0x7f0000000a80)=""/20, 0x14}], 0x1}, 0x0)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000480)={r5, &(0x7f0000000440)}, 0x20)
socket$kcm(0xa, 0x5, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff})
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='percpu_alloc_percpu\x00'}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
recvmsg(r6, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x30040)

2m38.007398628s ago: executing program 7 (id=837):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$pppoe(0x18, 0x1, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
madvise(&(0x7f000060c000/0x4000)=nil, 0x4000, 0x16)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
socket$netlink(0x10, 0x3, 0x0)
mq_open(&(0x7f0000000280)='eth0\x00', 0x42, 0x0, 0x0)
ptrace(0x10, 0x1)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x17, 0x0, 0x0)
ioctl$PPPOEIOCDFWD(r0, 0x40047459, 0x1000000000000)

2m31.842163999s ago: executing program 5 (id=846):
open(&(0x7f0000000040)='./file0\x00', 0x200802, 0xc0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
preadv(r2, 0x0, 0x0, 0x400, 0xc)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = socket(0x10, 0x803, 0x0)
r6 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'lo\x00', <r7=>0x0})
sendmsg$nl_route(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="300000001d000109", @ANYRES32=r7, @ANYBLOB="1000000814000100"], 0x30}}, 0x80)
r8 = syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
socket$inet6(0xa, 0x2, 0x3a)
write$UHID_INPUT(r8, &(0x7f00000005c0)={0x9, {"a2e3ad21ed0d52f91b5a090987f70e06d038e7ff7fc6e5539b5b43078b089b3b073172090890e0878f0e1ac6e7049b3371959b6e9a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d074c0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6b922f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa0b9d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c71568f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897f3411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2de8a50ddefeb12c46342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f02f4cded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
sendmsg$IPCTNL_MSG_CT_GET(r0, 0x0, 0x0)

2m30.391509969s ago: executing program 5 (id=848):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_emit_ethernet(0x96, &(0x7f0000000240)=ANY=[@ANYBLOB="c16d473d990c0180c200000008004500dd8700000000002f90780a010101e00000012480886400300000a9e30205c05481cd37808b64a6b35486f9a9658334393d4ced02013b48c8ac3f454dec5278a5ddaff09e9ac607652d10000800000086dd080088be00000000100000000100000000000000080022eb0000fbff200000800200000010000000000000000800655800000000"], 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x24008844, 0x0, 0x0)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
r6 = openat$cgroup_procs(r1, &(0x7f00000002c0)='tasks\x00', 0x2, 0x0)
sendmsg$DEVLINK_CMD_RATE_GET(r0, 0x0, 0x40)
write$cgroup_pid(r6, &(0x7f00000000c0), 0x12)

2m29.221673462s ago: executing program 5 (id=851):
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
r0 = inotify_init()
inotify_add_watch(r0, &(0x7f0000000000)='./file0\x00', 0x2000018)
r1 = open(&(0x7f00000000c0)='./file0\x00', 0x14000, 0x50)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r2}, 0x18)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mkdir(&(0x7f0000000200)='./bus\x00', 0x10)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chroot(&(0x7f0000000000)='./bus\x00')
syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYRES16=r1, @ANYRESOCT], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

2m23.49826597s ago: executing program 5 (id=859):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r6)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=@newqdisc={0x48, 0x24, 0x5820a61ca228651, 0x0, 0x2, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x7fffffff, 0x1}}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001d00)=@newtfilter={0x64, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0xc}, {0xfff2}, {0xfff1, 0x3d}}, [@filter_kind_options=@f_bpf={{0x8}, {0x38, 0x2, [@TCA_BPF_ACT={0x34, 0x1, [@m_vlan={0x30, 0x9, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}}]}, 0x64}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c}}]}, 0x78}, 0x1, 0x0, 0x0, 0x4040004}, 0x0)

2m21.837225144s ago: executing program 36 (id=837):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$pppoe(0x18, 0x1, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
madvise(&(0x7f000060c000/0x4000)=nil, 0x4000, 0x16)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
socket$netlink(0x10, 0x3, 0x0)
mq_open(&(0x7f0000000280)='eth0\x00', 0x42, 0x0, 0x0)
ptrace(0x10, 0x1)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x17, 0x0, 0x0)
ioctl$PPPOEIOCDFWD(r0, 0x40047459, 0x1000000000000)

2m21.767937594s ago: executing program 5 (id=864):
r0 = socket$nl_route(0x10, 0x3, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x20, 0x0, 0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f00000013c0)='./file0/file0\x00', 0x42, 0x0)
bind$unix(0xffffffffffffffff, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x6e)
listen(0xffffffffffffffff, 0x786)
mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x10044, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r1}})
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7)
syz_mount_image$bcachefs(&(0x7f0000000100), &(0x7f0000000180)='./file0\x00', 0x10112, &(0x7f0000000040)=ANY=[@ANYRES8], 0x1, 0x5a12, &(0x7f00000079c0)="$eJzs3X+QXFW9IPBzu3syk5n8mAR4RJDJEMh7PHiaCb8K5dUz7+17+gp4VCxe+QgbhUAmGE1CKj8EAkpwwSUFWGhhKeofaCG7SLSoglUiJfJjE1bRLKtLbSG1uov+4RaypASylOUyr2b6np6e233n9vT05Ad8PpXM7XP69Pece+7p231O35kOAAAAvCPsu3XrwYtP+IeffHb4jZv+8Qcbbw595bH8nligP91ed7hayKHUXVk0ts2Oi7+44du/Hbzq7378UO+33ty79uR1v/z7Y6567BMX7Lnna0++PveRt14qihvH0+nj6eSVJISeHx740uf2Pnv8aF4yb/RnaWcIC5KFTy5IMiGG/hhCWJsmFmXufPiNs9aNbm++vXtC/vxMOeP9nW30OI8OrB0Hrz0j/OpvV93ys8Xf/U7X7pd3jhdJeurGUwjzrqh/fFcIYXb6f1QcbXE8xkG7MoTQW/e48wradUqL7V+Wkz4x3c5Kt30FceL9SzLpUqZcNh11Zba9BfVNV1472i1XZE4mnT0ZTVdeO2P+gnT7/XR7+hTjl9N9KCehlIRKrfkbkvExEuqOWxKSsWPZU0uXasc2pPufSSeZdCmTLndl9mus3nSglZNkYv7rc6vpTH48HVfS/JPrz9VNXJKT/65025M+Ud+M6ZC9UdXXcKO2X2Niuw5M0pZDoVR3DmqWXzvw6cHoS/P6koUNjxlpIt63d9UdS8urn9rXn9OO5KEkjZ+0FX/HTxfM+diDu7ZnX9dr8a8opfFLbcX/9YX7X71s1ze/mhv/rhi/3Fb8Mx/vfeXCp29dkts/B2L/VNqKv+alZ+5cfOyVu3Pbf2+M39NW/BV79nfPPfj4E7ntH4r9M7ut+C+e/8HfPPD8oy/nxg8xfm9b8Vfv2fz57oGDp+XGfyL2T1974+e13ee+MDDwu8G8+M/F+HPbin//znvef9/82y/IPb4rY//0txX/olMfu2XOwUdPyjt3Jvd26pUT4J3pmPQ91m1put155nTVzRe+Mlipvuebk/6f28mKMm8+R+uZ18n4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBCOO6M//Kh//2R/lcqabo7vfFiqbqN+bNCSGaHELZuW7Nl2/pNVw9+4prtWzat2TC4Ztvg8KZtW64fPPuvBrcMb96w5vrRe4fec1b1cQtDUt0mJzXU3T0yMlLqn5gX6/s3p+7+1dLz/s/vQxg67hcDldz2L7tn433HNvmZkawY+cDG7Rf/4pxvpPvVn7arv0m7RkZGRkJOu/7vpX+674sHfntaCEN/Nlm7nnnxb340oUFjGeNxUqXuUG1Qd9LbtB21Vqftif1VWbd+w/DQ5P07+vhyzn782xte/uO6677wp2r/9uTuR4v9O3vFyIbSl1dd9P+/fGM1o6hdh+u4F/V33IvYvth/PWl/z0v3a17OflVy9uvWnz3x/A9P2PX6zjBUeW1xY91F+9WVDoCu5F0t1Rtr6E0WTMjvScvHIx4ft2zbxs3Ltl6/4z3rN665evjq4U3vW3728nOHzjn3nGVje76sw/sf6//zFvf/0Iyn+Z/a+f34s7XxNLFds6bcH6PtKu6P+hblPf96L/nc3e+75+mLqxlF4zyWrp1P0m3v6HFeHurGW2NfNduvouMTQhhs1g+vvn5BOP5/rL+l6DxUf2Tqf2YkK0aeXfKHb5z39UV/Xc04JOf5+ga1eZ6vtXq8PWP91ZMej5EjtH+7Qzndr76m7Vr+7NNdd+z7/adr7Zs1K1y3Ztu2LcurP+ekLZ2TnNi0XdncuF+Lx36WQ9otoTZMm4zXUV2h2r7s+TMWz/ZqX3pfX7Kw6X5lxfv2rrpjaXn1U/vyejp5qFrj7DC3uk3enVNyQ+aB5VqDm9V/pD7/isbHwIe+/shHHvne2Q3j48zqz6L9SnL267vP33/3t77w77/Xuf360N/s7//D//z40mrGEX9eKVcbUmt12p6k/rxyZghFz7/Fofl+5D7/Ss33p+j5l61nvHzzeIOZdF8ot/V8PfPx3lcufPrWJbnP1wOTPV/rd/bGCY8rFzxfj5Txk31+JZWJ7Zi559eEgZKsGPnxbcfsfPKmlSdUM4peL2ulm43rs1qYf+Ts148ue2HgmsF/9987d9749l89fPkv16z4TDWj/eMe29KZ496T9m9PTv/WWh3nnfX9+96rrtmwtppf1M+H7/1vui2Y/8RTydbrd3xyzYYNw1u2trZfrb6exnqyvdzu62k8uy0s2K9Sw37N3I1W+qvV51ts/9q2+2vi860vJG29Luz46YI5H3tw1/b+hkelFV1RSuOX2or/6wv3v3rZrm9+NTf+XTF+pa34a1565s7Fx165Ozf+vUkav6et+Cv27O+ee/DxJ3LjD8X2z24r/ovnf/A3Dzz/6Mu58UOM39de/7+2+9wXBgZ+lxv/uSStZ/Q9UggPv3HWumo6CV3p8y22o2tCu0I2nWTSpUy6XJ8uxVWEtIJykkzMj+XS/JPr2tLMv+Tkx3dhPYuq2zdjOmRvTJ5/pCnVnfub5Re9TwUAeLuLn//H96Dx8//h9I1S/koDjJvuPGxRTtw4Dxtfz5n4GeuiNH58fFwHHHhvGBrd3jxYfaM/1c8R4vMhu84Z6zntlIkxCtc5R8bqb1jnLFp/X5JJx3ZV18srdfPQVOO8phJaWH9vrGfy9ffM7hd/njV4W0OzBuvWrbLHrytdMWt2vUOmvZXRCHnjI7suFq/nGJgXVo7V1+L4yF5HE49D9jqaWM8JmRNnu9fR5I2P/sZ+mNCuOD5iuUnGx1iTiz+PbDx+YZL+HT9+zaNlj98UjnfPaPmOfj77Vu3u2uezHVg3bHpKO3TrhjP7eZh1yZz46RPsSF83jPlxPyotrid+JCe/U+uJ8XQR23VgkrYcCtYTgberOP+PrxGj8//RN+D/L1OuaJ6SfdcY4+VeJ1Ru3p6ieUfjdXq9bb2Or96z+fPdAwdPy32f80Sr1+ltnpDqLbjup6gfl2bShf2Ys0BTNN/L1lPU79nrMvrC3Lb6/f6d97z/vvm3X5Db7yurL6TF/X53dXNf2o8F/T7T13Me/dcZmC80jX+UXMdQtH522OYj6YVPMzUf+eec/KnOR3obbtT2a8yROx8ZfyGdMB/pOrTtAgCOHnH+X/v8LJ3//69YIH0fUTRvPT2TjvFy560570/y5q3/lG6vy5TvS3+jYqrvmy869bFb5hx89KTcecu9rc5D/+OEVH/hPHR68+bcecTKzlwvnjuPqM2zpjdPzG1/bZ44vXl6zse0dfP06c2jc/unNo+euA5w9/7W4sd1gBg/+3HC+DpAB+e5b40XOnTz3IL1ukxlMdnqet1hmUfPm7ifMzKPTn99dqbm0Zfk5E91Ht3XcKO2X2OO3Hn0xHzzaADg7SrO/+PbuDj/fzpTbrqfs+fOCzr0vj3790Bq8Z+bkXnlePwOff6bO+/o0Oe/xfPWmZ7Xz/S6xNH++e9Mrwv1j/0Bz5laJztsny8fKfPitFLzYgAAjmRx/j87TefP/6c3P2mYv3VV30KOz0+Ovvl5fTnz85z4b5v5ee/Yjhy9618ze53MoZj/j9Slj7j5f0ynyRHzfwAAjkBx/h9/7TH+/b//nKazf7f+aJynB5+jv5Pm6Uf5dSodXmeL8euvAzjK1wGO6OsAYjrU3Zg9Xt46AAAAh0PX2Eyp8ffsP5pus79nn/d7+ZfllG9VJX17fOW2LcPDl2/fvHbNtuHLN12zdnjr5dduWb9t2/Cmarnpzhtz5y3pvLErVNL+aF4uO2+bn/49hPk5fw8hWz6GPXHsRuPfQ8hWO7vg7wiMH7/W2pt3/EqTlG82PvKOd178f8kpH9WO/1UfP/PydVsvX79p/bb1yc6GcqOz1t4pfG9mkv6f0velZn40KE39+zvj4ZleO0oN7ehK+yPv+9mTTDsWpC1ZkPf9Bznt/sl/++KnTh350wMhDB1Xfve0+i9ZMfKfLh3+p237frF5tP2lSdtfK5m2q+j7SrPl4/5UNlyzddsZ667Zvin7jZLtiesZpVp6htYz0qd/ucX1idU5+VP9/f1yw40jU8vrEwAATBA//4/vZ+Pnh19I30DF/Nbn6dP7/Dh3nj7U2jw9+71kRfP0bPm4v63O03uaztP/6/1xj4vm6dn6i+bpzco3m6fnzbvz4v9zTvmpan2ctHGdR5x+Prhre+44uaK1cZL9PoOicZItP9VxkkxzPSdbf9E4aVa+2TjJO+558T+cUz5P0Xio1MbD9K7LyR0Pd7U2Hv4yky4aD9nyUx0PpWmOh2z9ReOhWflm4yHv+ObFvzinfKsmjo/RgTE2LoYvv/aaLZ+sKzfT338RGi/JaKV9s8YfO7Pf/9Gu1vt3Zq/7mn77Q1gxlpPX/pm9rmz67S/q/ylcVzYvNFxXltv+56a3EtZ6+2f2+10y8oo3Pv5QrdemZ4Ki68+K1nFX5eRPdR13VsONI5N1XDh84vw/ftwT5/+3p9tOfwx09H9Pmu8xaxq/Q99jVvQ+5h33ep79yN3rOQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDbQndl0dh2361bD158wj/85LPDb9z0jz/YePNf3PDt3w5e9Xc/fqj3W2/uXXvyul/+/TFXPfaJC/bc87UnX5/7yFsvFQbuH/tZOT1N9oSQvJKE0PPDA1/63N5njx/NS0II5aR/ZwgLkoVPLkgyEYb+GEJYW2vnxDsffuOsdaPbm2/vnpA/PxMku1+hrxzbU9/OEK4r3COOQvE47zh47RnhV3+76pafLf7ud7p2v7xzvEjSUzeeQph3Rf3ju0IIs9P/o+JoWxQfnG5XhhB66x53XkG7Tmmx/cty0iem21nptq8gTrx/SSZdypTLpqOuzLa3oL7pymtHu+WKzMmksyej6cprZ8xfkG6/n25Pn2L8cvyfhFISKrXmb0jGx0ioO25JSMaOZU8tXaod25DufyadZNKlTLrcldmvsXrTgVZOkon5sVwmP56OK2n+yfXn6iYuycl/V7rtSZ+ob8Z0yN6o6mu4UduvMbFdByZpS+o/FBdpX6nuHNQsv3bg04PRl+b1JQsbHjPSRLxv76o7lpZXP7WvP6cdyUNJGj9pK/6Ony6Y87EHd21flBf/ilIav9RW/F9fuP/Vy3Z986u58e+K8cttxT/z8d5XLnz61iW5/XMg9k+lrfhrXnrmzsXHXrk7t/33xvg9bcVfsWd/99yDjz+R2/6h2D+z24r/4vkf/M0Dzz/6cm78EOP3thV/9Z7Nn+8eOHhabvwnYv/0tTd+Xtt97gsDA78bzIv/XIw/t6349++85/33zb/9gkU5LwzJytg//W3Fv+jUx26Zc/DRk/LOncm9nXrlBHhnOiZ9j3Vbmm53njlddfOFrwxWqu/55qT/53ayoozReuZVb1ZmsBoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN5mfn7j2R+99AMfXlVJQkhyyow0Ee8rz1qxYrCNete89Mydi4+9cnd93qI24gAAAADF4jy8VMvpCYvCtcnscGLT8nGN4MSYSibmZ9cQYpzsGkG7cUpN4pTaiFPuUHsqHYrT1aE4szoUp7tDcXoK4vSE1uLMniROZXQEtNie3knb03qcvg7FmdOhOHM7FGdeh+LM71Cc/knjtD4OF3QozsIOxTmmQ3GO7VCc4zoU5886FOf4DsXJrilPdRzOTUuekBdn7Ea5ME4lKdfuaLaefnxaz0nTrKevoJ65Ra/HLdYzu8V6Tsk8rjTFenparOfPW6gnabK/tXSL9fzlNPenVFBPHLfXZdsX64mpFsf/9R2Ks6NDcW7oUJwbOxTn0x2K85kOxblpmnEAWhXn/+Pzvf7QXfnr0JuecbKrAHG+u3jsZ+PrXd4JKcZ7dyZ/VlG87EQ9E2/xVNuXXUDIxFuSye+aEK9Sm49MEq+nPt7SzJ2T7e/5K5q3rT7e6Zn87kniTdgBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgEfn7j2R+99AMfXhWSMPqvqZEm4n3lWStWDLZR795Vdywtr35qX31ed6WNQAAAAEChOA/vquX0hO7K8tCdzJpQriddB+hJ0+X+6nZgXlg5uk0GS2Pp3mTBpI+rpI9btm3j5mVbr9/xnvUb11w9fPXwpvctP3v5uUPnnHvOsnXrNwwPVX+G0F0QL4Qwtvyw9fodn1yzYcPwlq3VzGz7F6WPW5Smk/RxA+8NQ6Pbm9P2Lyyor9RQX4du7AoNdxUfPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf2XXXkPkOssHgL9nZnZmum3+nT+9TUOzHXIpUasmcSuplu4BwUJzIUtBZqtrCTbB4qYJbVJiHduAbU1QhJZAiOSDkVhsLX7pxRaxFwKRGg24MUhbNB/0g9JqJS35ICkjuzNnbjvTWYeSm7/fh3POPO/zvs95z8LCc2YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7JqujE6Wx8YnhqMQoh451S6SsXQ2jksD1P3KS9t+kBs5vbw1lssMsBAAAADQV9KHDzUi+ZDLh5AO185+WhxaBkKz7wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP73TFdGJ8tj4xOXRiFEPXKqXSRj6Wwclwaoe/K9Zz77xsjI31pjxQHWAQAAAPpL+vBUI5IPxbAkDEXXznT+jWjybmBhx/xaXlOyzqJ55nW+O+iVt2SeeTfMM+9jffLW1887AwAAAFz4kv4/04gUQi6zYE4/nPT//fr6JO/6jrx0/Tz/3wpk550JAAAAfLik/881IsWQyxQb/fp8+/3FHXnJ/H7f2yfzl/WY3+/7/HX1s+/pAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODCMV0ZnSyPjU+koxCiHjnVLpKxdDaOSwPUXfXy8D/WHH50cWsslxlgIQAAAKCvpA9vtt75kMsMh6Fw6WzfP3Lbgee+9NwLoyGEWpufzYadG7dvv29V7ZjkrTx6eOj7R9759py8lbXjOdsgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwkZmujE6Wx8YnLolCiHrkVLtIxtLZOC4NUPetz3/xL0+dePHt1lhxgHUAAACA/pI+vNn750MxZEM2XD37qbXXn5HqmN/rnQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABw8bj/mw9+Y+PU1Kb7XJybi2o6hPPgNly4aL841/+ZAACAj9r1IQrV/9I1G871XQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOeD6croZHlsfCIfhRD1yKl2kYyls3FcGqBu/NKx3ILTL7/aGisOsA4AAADQX9KHN3v/fCiGoTAUrpr91O2dwGz/XziLNwkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcV6Yro5PlsfGJBVEIUY+cahfJWDobx6UB6j65a//nDl3+vdtbY7nMAAsBAAAAfSV9eLYRyYdc5uMhF66rf55qnxCl6+fu7wWa87a1TRue97xK27z0vOft7thZpr6b2rx8sl6hdm7MKzXnperzSi3ziqFRvtSYN/uw9rZVW9DnPuc+eQAAADh7kv4/14gUQi6Ta+n/f9qWX9DnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9TFdGJ8tj4xNRFELUI6faRTKWzsZxaYC6D/72/y/76s/27GiNFQdYBwAAAOgv6cObvX8+FMOi8H9h0WzfHwrt+UneP8tnDj3xr78uD2HF1cdHMp3L/ii5+PVbt77SeQgh1Z6dCuHyer2oR73f/P6JB5ZWzzwVwoqr0tfNqRc+vF77knH1+fKmdduPHN/W5+EAAADARSLp/4cakULIZe7t2f8nnXef/r9htgG//IFdv7iyfqx35B0zUoV6vVSPel9Y+syfl63++zsz/f/cep9sXH16/5ZDV7YVrEU6RHF1bMuO9cdvOphKdl2rn+6onzyXL3/r7X9v3vn4mVr9fMjX4ws7bqVWbe6xo3yIq1OpfRNrP9hXaa+f6bH/R3/36olfLdzz/kz9964fbtS/IXSrX9t5pmf9cElcHb7jsb037z+8vr1+CKHUrf67798ervnjPY907n+4Y+HWJ9967HwAcfXo4lMHVx8o3tJeP+qonzz/n594cu9PHv/uC0n95Lciy5fMt36qo/7ru6/Y9drDGxa210/12P8rd74xsrX0nT907v/utlUzPe9i7v6fvvHZu97cGD/UOQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHBxma6MTpbHxidSUQhRj5xqF8lYOhvHpQHqnlxz7N079/z4h62x4gDrAAAAAP0lfXiz98+HYsiGbBie7fufL29at/3I8W2hUBuN6ufM1Nb7t39i89Yd9959ju4cAAAAmK+Ta6LZ/j/TiBRCLrM0DNX7/7EtO9Yfv+lgKun/UzPnKISw+Z6pTStCI+/13Vfseu3hDQsb7wlCmP1ZQH4m7zPNvNtuPVY49aevL+uat6qZd3TxqYOrDxRvSfJCa97K0Hg/8fSNz9715sb4ocb9teZ96mtbp+qvJ5J1h+94bO/N+w+vTyXvMern4fq6Sd5Uat/E2g/2VVKFkJsZT9fz8vV995cf+G8CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABeq6croZHlsfCKkQ4h65FRb1QPJWDobx6UB6q5d+stHLjv94qLWWC4zwEIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8B924EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsF9/IVKVfRzAn2dm993ZnV3d1RfaitbVisIulIKIuqmoCI0QujIkLM2LKAgiCrtoDY3Eim6CrBuJCqotBIPcJNFijf5JN11UUGBdBCIt1C7SRcXMPGecPc5pdNaC6vOB4dnnOed8z++c55kzewAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB/lL6e0Xp7ZMdDc7dfcPMnT9w7+/it7z2w7bLH3vhhfNONH+8dePXk9OblW76+aemmA/etmdr90uFfht757VjH4EcbzcrUrYQQT8QQKu/PPP/k9Kfn1cZiCKEchydCGIlLDo/EXMLqX0MIm5t1zt+4b/aqLbV2266+eeOLcyH56wrVclZPw/D8evl3qaR1tnXukSvCtzes3/75srff6p08PnFql1jbp5zWUwiLNrYe3xtC6E+fmmy1jWYHp3ZdCGGg5bhrOtR18RnWv6qgf2Fq/5faaoecbPuKXL+U2y/fz/Tm2oEO51uoojq63a+TwVw//zBaqGadq9qPj6T23dSuPMv8cvaJoRRDT7P8++OpNRJa5i2GWJ/LSrNfas5tSNef68dcv5Trl3tz11U/b1po5Rjnj2f75cazx3FPGl/e+qxu446C8fNTW0lf1JNZP+T/aKie9kfzuuqyumb+pJa/Q6nlGdRuvDnxaTKqaawal5x2zO9tZNum1z99aXnDB0eGC+qIe2PKj13lb/1sZPCuN3c+PFqUv7GU8ktd5X+39uhPd+58+cXC/Oey/HJX+VceHDix9sMdKwrvz0x2f3rOKD+mfrbt7mMfPbPs//dMtpvrev6eLL/SVf3XTx3tG5o7eKiw/tXZ/envKv+b6275/vUv9x8vzA9Z/kBX+RumHny2b2zu8sL8Q42vQrW+QrtYPz9PXv3V2NiP40X5X2T3f6hNfuyY/9rE7mtfWbxrTeH6XJfdn+GU339W9d92yYHtg3P7Lyp6dsY95+qXE+C/aWn6H+up1O/0nrlvttT2PXOhWt4XXhjvafwCDabP0Lk8UU7tPIv+wnwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAPduCABAAAAEDQ/9ftCBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeCgAA//86OCSl")
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = openat$vsock(0xffffffffffffff9c, 0x0, 0x22000, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
read$FUSE(r6, 0x0, 0x0)
fanotify_mark(r5, 0x1, 0x0, r6, &(0x7f0000000280)='./file1\x00')
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="40000000100001040000fffe0000000000000000", @ANYRES32=0x0, @ANYBLOB="7b13000000000000200012800b00010067656e657665000010000280060005004e20000004000600a536be71b3e3bae141238e7123cf9b751630d1bc8ace60797c6301ab9438d52fb7ae44d43ea6c75f2843a729eb0f70dea257c22e5f35eb6c050b3d7988137a5eab542f713c3e3fcd651989d3f208f97f4d0376ab3e5e6bbc87994d689bf6b4f6199ef87116fe87cbfebbe68eac196f39b3be1c1c0a8f2ef1d7f641b07d06180403acaf4db2603d6827375b863682edce0244bb44efc26ca81bc52e9bdf2a6e632c6c2fa7e09561d56fcf4e87198a7fb312ad8134192a2d66"], 0x40}}, 0x40800)

2m14.87300152s ago: executing program 5 (id=876):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x75b08000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x18e)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x20000023896)
ioctl$TIOCSERGETLSR(0xffffffffffffffff, 0x5459, &(0x7f0000000000))
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

1m59.539497105s ago: executing program 37 (id=876):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x75b08000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x18e)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x20000023896)
ioctl$TIOCSERGETLSR(0xffffffffffffffff, 0x5459, &(0x7f0000000000))
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

36.476807133s ago: executing program 6 (id=1070):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
syz_emit_ethernet(0x86, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
close(r4)

33.902396724s ago: executing program 6 (id=1074):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_emit_ethernet(0x96, &(0x7f0000000240)=ANY=[@ANYBLOB="c16d473d990c0180c200000008004500dd8700000000002f90780a010101e00000012480886400300000a9e30205c05481cd37808b64a6b35486f9a9658334393d4ced02013b48c8ac3f454dec5278a5ddaff09e9ac607652d10000800000086dd080088be00000000100000000100000000000000080022eb0000fbff200000800200000010000000000000000800655800000000"], 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x24008844, 0x0, 0x0)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
r5 = openat$cgroup_procs(r1, &(0x7f00000002c0)='tasks\x00', 0x2, 0x0)
sendmsg$DEVLINK_CMD_RATE_GET(r0, 0x0, 0x40)
write$cgroup_pid(r5, &(0x7f00000000c0), 0x12)

29.067976541s ago: executing program 6 (id=1084):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
connect$unix(0xffffffffffffffff, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
syz_emit_ethernet(0x86, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
close(r2)

27.492949475s ago: executing program 6 (id=1087):
r0 = socket$kcm(0x29, 0x2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001cc0)=ANY=[@ANYBLOB], &(0x7f0000000140)='GPL\x00'}, 0x94)
r2 = socket$kcm(0x2, 0x1, 0x0)
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000001c0)=r1, 0x4)
sendmsg$inet(r2, &(0x7f0000000300)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x20000015)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000000040)={r2, r1})
ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x89e1, &(0x7f0000000100)={r2})

26.231336636s ago: executing program 6 (id=1089):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4e21, 0xd, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x11}}, 0xfff}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x3c)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='westwood\x00', 0x9)
r1 = socket$inet6(0x10, 0x2, 0x4)
sendto$inet6(r1, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0)

25.736406584s ago: executing program 6 (id=1091):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000d80)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000007000000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x9, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x4c, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x4004040)
r4 = fsopen(&(0x7f0000000180)='configfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
fchdir(0xffffffffffffffff)
write$UHID_CREATE2(0xffffffffffffffff, 0x0, 0x118)
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x840, &(0x7f0000000340)={[{@test_dummy_encryption_v1}, {@test_dummy_encryption_v1}, {@nomblk_io_submit}, {@nomblk_io_submit}]}, 0x1, 0x241, &(0x7f0000000540)="$eJzs3U9oFFccB/DfzO42TbKUtL0UCm2hlNIGQnor9JJeWgiUEEoptIUUES9KIsQEb4knLx70rJKTlyDejB4ll+BFETxFzSFeBA0eDB70sDI7iUSz/oGJO+J8PjC7M7vvze8Ns983exkmgMoaiIiRiKhFxGBENCIi2dngm3wZ2Npc6F2ZiGi1/nyYtNvl27ntfv0RMR8RP0fEcprEwXrE7NK/649Xf//+xEzju3NL//R29SC3bKyv/bF5duz4xdGfZq/fvD+WxEg0XziuvZd0+KyeRHz2Loq9J5J62SPgbYwfvXAry/3nEfFtO/+NSCM/eSenP1puxI9nXtX31IMbX3ZzrMDea7Ua2TVwvgVUThoRzUjSoYjI19N0aCj/D3+71pcempo+MnhgamZyf9kzFbBXmhFrv13uudT/Uv7v1fL8Ax+uLP9/jS/eydY3a2WPBuimLP+D/8/9EPIPlSP/UF3yD9Ul/1Bdr8t/WtKYgO5w/Yfqkn+oLvmH6pJ/qC75h+ramX8AoFpaPWXfgQyUpez5BwAAAAAAAAAAAAAAAAAA2G2hd2Vie+lWzaunIzZ+jYh6p/q1recQfNx+7XuUZM2eS/Juhfz3dcEdFHS+5LuvP7lbbv1rX5Vbf24yYv5YRAzX67t/f0nh52B8+obvG/sKFijol7/Lrf90sdz6o6sRV7L5Z7jT/JPGF+33zvNPMzt/BesfflJwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTNswAAAP//ceptKw==")

12.008328665s ago: executing program 8 (id=1131):
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000000180)='./bus\x00', 0x0, &(0x7f0000000440), 0x1, 0x559d, &(0x7f0000005680)="$eJzs3X1sVWcdB/BzeynlJaFlyjLUhfkPThCpmFiEoEVgAoPRgSbDwCgO2BAGhQRhY9OOOZ0jk4Y5xoovDKQCxq6+rJiYIbqIcU4mi8OGEXnJIuICK4yoJNOZ3nufy73n0vYO5zq3z4e05z73d57nPPfk/HG/lz7nRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBF0cHlC/627gfLv/nQdSenbLz/zAMnap57fNP4u+fsHnX4gVVXtp1uaip99fmzNyy67+GqoSf2zD8URYlUv0Sm/7xPTZ65aNa86X3CgLU3prcVFZ0dMt31WLrRO+/Jjn75P/OjKCqNDZDMbCf1z2kn4geIVhYO2KXtVWNWDdw4cdrmssmDFibrGgtfOh369PQEekrmunrx4rVUnfpdEtsj28659BJ5l2i6f/yCe1NeBADwulTWpDbZt6OZt7jZdn28HmtXx9oNsXZ4h9CQ27gc6XF7dzbPa+L1HppndToqlHU6z1g9c/6z7Zp4/1g7FjVexzzzd81Emj6dzbMuVu+peQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8ldx9/JanSzb96H1L149MHh887BdfbdryvUnt5VO+tm9D2+9bn3tPU1Ppq8+fvWHRfQ9XDT2xZ/6hKKpI9Uukuyfm7mjd8LMVU1b/fM6jzefee8euZGbcsO2Vs3PUFh58vDyKPp9TeTEMe2pAFNXkF1LN6NHCwuLUgymhAAAAwNvJ4NTvkmw7HQdL89qJVJpMpP4F6bC4vWrMqoEbJ07bXDZ50MJkXePlj1fTyXjVlxwv2664+JPICcYh/sbHu1gPu64sGKdr8RHjeX7U0AuHj3x9+Ya1jf1P7u87MDnpV1+uHXzFnNGvXDt2zG1/fWRHQf6v6Dr/hzMn/wMAAPDfkP/j43Stu/w/7Mj9Z+469dN1tZ/ZNvf4+G/UDnhX5Zo/NX/4c+uHTZ3Y69iVWwry/zV5hyzI/2HGIf+XRJeX/wEAAOCt7H+d/6sLxulad/l/2ZoRf592YdbEJ8Zd+OGZO4f88uCRaG/9iC+03P6B/bP7DWj4SUH+rywu//fKnXZ48pkw4SXlUVRZ/EkFAAAA8oT/d7/40ULI6+lPDuJ5fc75g5NuLn3w7EdmXzt029Ehu9rP/2PJ8k0XRjfPGF716acrNhTk/+ri8n/pm/NyAQAAgCI8tfgTN+2Mpk/6UPU9h/cv2P5I/bK1K5c2liWm/ntl2/X/au5dkP9risv/ZT3zcgAAAIBLOPSlbbtfm7msdXhz2fmtf3jtz49fPXz1gabKoyt/O7B0RWvt4oL8X1tc/u+X2WZWPqQ77Q9/hfBQeRT16XhQly78Jmr4ZLYAAAAAvEFCTv/nsbaRO68r+/VT339586zvfHvQ3m/NONj43Qn9b5n44IEZB56sLcj/dV3f/z/c6SCs/8+7/1/B+v+cQvquf2PdGAAAAIB3osL1/OH2+OlvLujs+/eLXf9/4xdbXzp++/yvtL97yE3LXr7tils/Nv7UH6ffmdw57q6SqVNfOl2Q/+uLy//J3O0b+f1/AAAAcBn+377/b3bBOF3r7v7/Mx+752j7X14YN2Jm49pFJ8dv/PG8Lc88trvq6nMLbu77wWeX7i3I/w3F5f+w7Z/78vaF83NveRRd1fEgczfBXWG6S2KFltKcQvrEx3rMCj0yhZaynEJKXazHqPIoen/Hg/pYYWAoNMQK7QMyha2xwrOhkLkesoXmWGFfuNI2DchMN17YEwqZBRYtYQVF/+ySiFiPVzrr0VG4ZI8XsgcHAAB4RwnhOZNlS/ObUTzKtiS626FfdzuUdLdDsrsdesV2iO/Y2fNRbX4hPH9+zRO/q/xoyWcP3XrHhOEjF667t2HsgeTcCdc/uaPvuRWnR68uyP9bi8v/4VT0Tm86W/8fhfX/me81zK7/rw2FilihJRRq4ncMqAnHSIfd9eEYFTWZHu1XZQsAAADwthY+F0j28DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgP+zde5xU1Z0g8NNNP2homhbjK2JsdW1Fh6ZBUT/BB2omGmBNo+zMuPhohEaRVhBhIq5RULObxMEoKlFnRmEVRlZx8AVkNQE1ooloNI5mRh1DMGrcjR/FiH6yxrif7lunqLrVZRcCSjvf7x9dp+p3nrceXefeW+cCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/Max/9MYj/umiJ0eP2jBvwPJXDv/vH9YfumzRO//rT89ed9ve8763ftWSJZV/en7jSZO/c8PhjRtWTnghhJbOcmVJ8bLTF6/4waoLvvGtB0+76e5395y9tCpTbyYe+nb8Kc/cuTK2+tt+IawsC6EiHRhcmwQqM/drY30Da0PYKWwOZEu09UlKpBsOj9WEsDBsDmSr+lFNCLU5gXG/fGT1vI7E9TUh7B9CqE638e/VSRs16UBjVRLokw5Mq0gCH3ycyAZWlScB2GrxzZB90S9vyc9Q33W5Iq+/ym3Wsc9Xeni9YqK+eL63jt3OncpRlX6gZauetoLq2C4K3h5rvNt6wLutYDtf42nL/SKV+Yby8eZQdSif1DZ5wqz2mfGR8tDU1KtYTdvpeX5x4yUTtyTdY16HsQP12+R1+Pj5A+9c0Dhm15sf3jD59apnF2xtN4tt3u2tOmRecz3meYxG+jzpAW+/gm9JDb50hRBuP37T2799aez//dWDTw9+75tDzxrywitD627+7rR+f332/6m8ZerGgvl//SfP/+PLOd6W5+WOrX5Yl8zN4yO1MfF2XTI3BwAAgB6jJ+w1fWPEQW/Xrmt4eN+vr5h83qJ5r51+7p+rftp3wkEnnjL0+3fcOPW0gvl/Q2nH/+Mh/9rc0a4JYWRn4or+Ieze+XgSWBq7c1b/EPbpTLXkB45NBdaEsEdnYlC2qlSJ3rFEQyrwRl0mMDIVWBsDLanA4hi4JhW4MgaWpwITY2BNKnBcDIQp+eM4qC4zjpIDNTHQmmzE5fEshD/UxdZS2+qlbFUAAADbSGZ2WJl/N+dch63NEKeXy2u6yxDPwC6aoTpVQ3oGm51WFa2horsayrurITvuOZ88/IKay7qrueA0jLL8DO8deN/c1Q/8249vnHDYUwd92HrGy+tXPTp6U6+/e2fMjy8dN3/Y+IL5f/Mnz/+ru+hIWcHx/xDGdv6NucszkfZsvLUlLwMAAACwFSpeW3ryL+Z+VLbkZ+ds3P8vTxt3de8V++47YO3B9/2/hjcHHL9q/4L5/8jSzv+P+0R65WQO6+JuiKn9Q2jODyTVjigMJEe9+2YCAAAA0BNkj8dnj4VPydwmp2in59OF+Vu2MH888D+yy/yDx129rnn17adMGXHomjWbztj15WUbntpl/3deOPDk00+4f2rDPQXz/5bSzv/vk3+bdGJt7MV1/UPonRN4PPayI9CpIQbWH5MfyIx/bdwAV8WqMicmZKu6KpZojYHmVGBhsRLPZEvsnh/IPFnZxq/IjmNKpkROAAAAAD5zcXdAPC4fz/9/+tx+j/7jslsueXDJutD37OW/uOzo4QPnD+791rRnDnnkb989eWrB/L91y87/75wHF5ze3943hCEVIfRK/zBgXZ9kYcAYqC3LJH7cJ6mrV7qqy/uEMKJjYOmqNmTW/69IrzH4XE1SVQzsvu8dGxs7ErfXhDAkN/DC+EXDOxKzUoFs439VE8LeHaNNN76id9J4ZbrxG3uH8JWcQLaqib1D6GisKl3Vo9WZ6xikq1peHcLOOYFsVYdXhzA7ANBTxf+lk3IfvHD2xVMntLe3zdiOibgTvyZMntLe1jRxWvuk6iJ9mpTqc946RnMLx1TqpW9ezqxRdNeopv6lpLM/FGzObSuzI7/gzMHM/fhlqLJznMMq8+4ekh7ygfsVNhFyvkoVG3L5dh5yn9xKNj+JBfXH/FWhb+g968K2GU0XTZg5c8bQ5G+p2Yclf+NxpmRbDU1vqz5d9a2El0fR5bJSPu22asytZMjM86YPuXD2xYOnnDfh7Laz284/bPhhRxwx7NBDhw/pGFRz8rebkTZ2VXNqpB8vKnFY23CkX67IqeSz+NCQkJDoaYlVv9vj5aN3Wfq9FbcsnvHz9qPafv71nXces6Tqmy9suvSy/Z/+Hx8UzP+nf/L8P37qxA/+zPoMxY7/18fD/Mnjmw/zt8bAwlKP/9cXO5qfPTGgIRWYEwNzHOYHAADgiyHujox7M+NO6Ufm7/Yvd467b8z89Qc/ue65svV9Dv77D39fXnnZuP9yzAMNt333bwrm/3NK+/3/Nlr/P7t0/ahiy/wPiiWai63/n17mP7v+/5xi6/+nl/nPrv+/8HNY/39WNpDaJH+w/j8AAPBF8Nmt/9/t8v7pCwQUZOh2ef/0BQIKMnS7jH+pFwjY4vX/H2k4aORPVn/nN43LLpj2zn8bct/oAXs2/O6Rva6cNHXk6NEjBv9Lwfz/mtLm/xbuBwAAgB3HAROPfWrjpL2Pvfp/3rbTHj9p/fauh+3y/WVHts3ftH7i39z27jl/XTD/X1ja/P+zX/8vFDv/v6FYoKXYwoDW/wMAAKCHKrb+39Abv3X5q4uPu/+ey6eNam0dP/uKq/dbfUD1qeGl0fMb/mLGvR8VzP+Xlzb/j6ddlOfljr35sC5Z0y6k17R7uy77kwEAAADoGcpDU1NliXnzFkY99tO3+WJmKdBPSud68sH9nn/gqyNOnL+46urXynYb9vFT1888+Piv/fDVjXtdcse55+1XMP9fU9r8P+93GY+fP/DOBY1jdv3w5oc3TH696tkFm4//AwAAANtPqfslAAAAAAAAAAAAAACAz98JD//k6rcnLvnanIW/3PWnvcY+u3zDrDlNs2uvf/WH1/7qiDsfHlfw+/8wtrNcsd//x+v+xd8XfCkvd2y1+/X/MvfHjb57dueShevqQtgvNzD18qk7hcy1+Q/IDaw+fdBuHYnL0yUeeuW41zoSZ6YDJw4e8H5H4shUoDUukrhHOhCvqvh+v1QgLq/4XDoQt8fydKAqE/hev2QcZelt9WZtsq3K0tvqxdoQ+ucEsttqZW3SRll6gNenAtkBXpAOxAGelAmUp3t1d9+kVzFQG4ve2jfpFQAAO6z4LbAyTJ7S3tYcv8LH2y9X5N9GeUuWzS2stqzE5l/OLE1216im/qWke6W/i26+1nhlqO4YwtCCr6u5Wco6R7ltaulm032pyJC7W+2tvEi5tC3ddFXFR1STjKhp4rT2SZXdDvyQ7rMMq+g2y9CCyU5ulvLOTVpCLSX0pYQRlbhtSuhyvF8empp6pXJ9NQbrQ57uXhGl/l4/d52/Yq+C3DxPvtn+1BP//PzKfR7/89Nnf/BXk7596byzznj3yHOq/+E/lz39XwfuXDD/ry9t/l+dO673MxcDmBOvrDeifwitJY4IAAAAvvjOOf+V+d999No31rc0vjZtyLWr/3X2jRdX1C298i9ffOhvN42/+sytjb/58zv2eXjyhGe+dO4hy054fZ+DL2s88637/mLeuAev6nvLD+ff8YOC+X9DafP/uAcrcyg42duxJl7//4r+IXReWr8+CSyNwz2rfwj7dKZaYonkgvqjYonmJLA07jAZFEu0tuRX1TsGlqcCb9RlAmtSgbUxkNlLcUfI7Mq5ti6E4Z2psfklpscS9anAN2OgIRVoioHmVKBfDIxMBX7fLxNoSQWejIEwJX9b3dcvs60AAAC2RGaeVZl/N6TnecsrustQ1l2GPt1lKO8uQ3V3GYqNIt6/N2aoTJ28UpaTqTJda02qloIM8WL4W9yvggzhmfyc6YIFTcfzD7LnG5TlZ3jg5K/ec9WCyYPKf/XR2qWt790/ccWts49eec5Df/fEpH0X3XX93gXz/+bS5v998m+T1tfG+f/m6/8lgcdj966Lp443xMD6Y/IDmR0Da+Nk96psVS2ZEplJ+1WxxMgYaEgFpsfAyFSgdWwmsHC3/EBmpp1t/Ips41MyJXICAAAA8JmLOwjibpo4///jsmePeqxi0V3/+ur4u+6d89Y99/70nntuvXf07Zu+/twVF7970UcF8/+Rpc3/Y3t9cxu7Mvbmt/1CWFm2uTfZwODaJBD3Y9TGn8cPrA1hp5wdHNkSbX2SElWphsNjNckv1KvSVf2oJlljIN4f98tHVs/rSFxfE8L+OXtfsm38e3XSRk060FiVBPqkA9MqkkDc85MNrCpPArDVsnsF4wsqc6pLVn3X5Yq8/r4o1wRND69gH2gX+br6zdX2Up1+ILNPNWvLnraC6tguCt4ea7zbeuK7rd67LfeLVOYbysebQ9WhfFLb5Amz2mfGR3J/yVpgOz3Pub9SLSW9DV6Hcz59b7tXne5Ac+rjo7nrcl2/DstidY+fP/DOBY1jdr354Q2TX696dkHJ3Sgi/lD4maoB9bmbd3urDpnXXI/7PGnxedIT/w00eNpCCBsuPeG6kVXTr1g5+pAj93rttFOqZ7437+/vf+mBd/f9xxUTh31tQMH8v6W0+X9F6rbTH+PGvLB/CAfmbNx1cfMf3z/5HMwJJJ+SOxcGkkPur9YV/eQEAACAbS27uyO7v2BK5jY5ITw9Ty7M37KF+eP+ipFd5i+13z8adMpe9+9297hrTz3qpn/+zdh+G8e/uOSYFa1HNS49+mf/6cyaeQXz/9ZPnv/3TnXT8X/H/9lOHP/v0o6+K7p3+oE5W7UruqA6tgvH/7u0o7/bHP/vkuP/jv93xfH/bjj+36Ud/Wkr+JY03ZeuEMKwMWcMrr1r8BPvD1z96yeemvJvc1sn3PONq27Z8+Nv1y9eUL9r34L5//TS5v/W/+t60b7s+n+txdb/m15s/b851v8DAAC2qyILzaXneQWr9xVkSK/eV5Ch2wUCu11i0Pp/W7z+32NHHTl++ejFv16z95gDLus7d+6puzx504stM9+vue2D93f7xYGjCub/c0qb/8eXQ9/c1nvK+n8NY4tUdU0MTLcwIAAAADuiYjsIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HztfsN1449prj7pN8dfWjP6+w+tO6D6mldOvXTZhFsnfeX28wfNWrFkSeWfnt940uTv3HB444aVE14IYUpnubKkeNnpi1f8YNUF3/jWg6fddPe7e85eWp2ptzJzu2de7tjqh3UhLMx5pDYm3q7ruLM5MG703bMrOhLr6kLYLzcw9fKpO3UkFteFcEBuYPXpg3brSFyeLvHQK8e91pE4Mx04cfCA9zsSR2YCZenu/kO/pLtl6e7O6xdC/5xAtrvn9suvKtvGCZlAebqNf6pN2oiB2lj0xtqkjRhojyWm9A5hSEUIvdJV/aw6qapXuqr/XZ1U1Std1WXVIYwIIVSkq/p1VVJVRXrkz1QlVcXA7vvesbGxI7GoKoQhuYEXxi8a3pGYkQpkGz+lKoS9O14y6cbvq0war0w3fkNlCF8JIVSlS2yqSEpUpUtsqAhh55zA5o1YEcLswBdD/PSZlPvghbMvnjqhvb1txnZMVGXaqgmTp7S3NU2c1j6pOtWnYspy0h/P/fRjf3njJRM7bu8a1dS/lHRFplxlZ5eHVebdPWRH733sV5/cSjY/HwX1x/xVoW/oPevCthlNF02YOXPG0ORvqdmHJX97ZaLJthraU7ZVY24lQ2aeN33IhbMvHjzlvAlnt53ddv5hww874ohhhx46fEjHoJqTv9tipIs++5F+uSKnks/i/S8hIdHTEuV5n27NO/rneMEX/c0drQzVnR/QBdOK3CxlnaPcFoM+9lOO+NN8Tel2REMLJg4FWYZ1n+WQgsnE5iw1SZbOr3UFk8Pcmso7N2m8Xx6amnoV2w71+XdzN+9bW7F5X8xsulLTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD/ZwcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IFjAQAAAABh/tZh9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwKAAD//y85Ijg=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuset.memory_pressure\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
ftruncate(r0, 0xc17a)
vmsplice(0xffffffffffffffff, &(0x7f0000002800)=[{0x0}], 0x1, 0x3)
lseek(r0, 0x8, 0x4)

10.914943463s ago: executing program 1 (id=1135):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000003b40)=ANY=[@ANYRES32=0x0, @ANYRESDEC, @ANYRES16=0x0, @ANYBLOB="b022fd84099290ab8ebe39cfc17f80bc2926131e9437a1dea9ca1756900531c14b67f7a9edd0d80c7c73649053153a8d8db6d3c0d3b3fa951f57d14071b61a27d968a0ae7bd580d2d9fd9034451c3ecffae80b234e72fb11e3a60c1208bd5262c5009e3e45582ed4203850292ed682fc5e26f5c2af47718ee5b4f2ed68f0b21b813ec22c4c61d3f22f5a01ebea6c484d8ef4ca90180b4587e0bee2f782fef574aa1e0ebc5d9e42452910d03c12feff7848f72ac5430476b9dc2457a09efdc6f181c408abe7b30cccd2c8fb85389e1cacd4f4b29a3d4a55941bf1bb416203732d6712d5a89470876ae6daec66f3fe1b39982c2781b115e20af7ce0a0c7c77db1073adc6e11597bd9f540f90f60b92dc84a5c764379c0b9426ff4f547182502633aa754dcfc63e46c7cef8e3a0c29bf5184ac150e90d884c59cba3dae7c531fb114534292629d8532c0f67ee37f2c349ea8f28199aff2aa335df5db411287a73adfbfff212cf7b6d277a361c55af160d98b5c3db84da37d80e07269c33f60f111ec3c09d8843e1f5499e71de9b48882b9415d45b20393888ec49f307d535580947b5a5b40b465382aa4a579f317d91792f8ed70e9401863bc0a21d7e15f828ae8f13c673a30cba6f10f89c8a018cc8bbe7072ffe1c5d4ef11f0f82cf967faef8608f8b289245f87607917b0c2578dbbe5186ac78b8cd9a5aff567aebe8a73dd547fdc503885a2df4953f3497688b7b1ede6a2e529b25ecc246a7bcb00077059d7e0100aa20cb4d1dbac6eec0a9f803601c799eddb9b271f0530842291167abffb982fe47a496e884ee3c17850f970cb3ac3342b832b8b984e2eb4836afb7727f7310a347add2a1094cfff7b44516593bbf15f3a9e0e2a788e99bdec6706ae9a39b4f8983ae38d4cdf866d9670de91036ea86646f195ec4b4ce462ea624b8875825262a301f9235496b935506109287bbcf4754e3fa637428a2e39a80cd07ffafd756839abddc721421754fcae705ab432fcdd6f3c004dfad9e6bfa87746dd41649dcd2bf1728a3d6d2ddf27a52957422a27f9e478530873d9f1861b71f2378540648b171bcbd44533723ae1a89e56e2f570c0571eb3c66fac65e3abad003a828f2d21cc990e57b80dd3762fe1204eb320591d6a93f9052b80494b2f52ad89d6374cf33040e2484c3384946450bb65835d65bebb4a91c0f82e598e5aa7ff9ba79f27bbd46240287721d2759fa24cec97658d8f17b3f424293f7253b74dae4b966c8089c546936953d8ce63463c26f1e296f56e17e7f890b6001ed5d9f739036842e989b40c02d3fe5227b1fb08a98f1b1f0c336346698e70171e74e40c5304a356b29c947672f8a0535b7ce3a66b276d09ca3d9fff030e41598649a310875f5b5801c471182c1f617c907f06b5f36a1f9294b0f4a95d0fc98682b1e38f2f94fb08f20c5e5c7afaa9fbbd84734a98dd9b33188f6b79334b09ca8e2de56457242f904b114a2c313b193fe421d7fa97da5ab77f363e83b4698bf903022d13826ded79a905f07f97dc0fc4cc290b969ee37075a4a80a0d86d0696eeea2048ebd1a97f8319b3342e515ae5c9e25ee933d926ae0f31af55aeb07da6508756ac9549ba8bbc0095a17cb647df12f926e595a531d7208ef75cfd6239f65a0584121c75e00f7c77990b90e6350b1a84eba4430979bb726ab02050573af29156bed8e243527593dc0c6de41d0b6775818a96ee97d153826a217e8d7e88c6c44baa781a495afeba3882a06f5b1a87b1e8ee1edf404ac3ade6f5af1f6cd22c01506b5f84befb55c86f79b56e4d5754be8f564f57852f991c2275cbf55937666e022c2b2f0d020156152377859b345f74fe66791421e5571a7900df89c9bef5c3cb19113fae5d524ae2edea5ca91baf096c02e1e860c9b5a97882da598ef1e39fcb61d83f997675a772ac37c0fbe65a9d379b9204a915fdb6a7c7cdbd14c0893cd5e8cfd56f4021756d6c6a25b258a69922a41f3c7bc43b69f46293b381a27ae5a3cfcf2526f8eadcb540ec87d6009d6a2939882140f9a447c5be4328a0681aa3002f6a9dfd836b362fb1d423d7c9571aeb50e2a6acb9ab4e85574baf27b1028db0f6647aa7fe995c1fbf8ab422bb15acf9ae6de73972c9549cb601297bbb1c740e8761af16c4785c4827b5dc5e52f4a82000f6f87670ec19fea4e04e564fc83c0ccf1b7fa2bb9ac3e56addfa7f5f6d1d3d3c92dea5de9fa42f1414a769b0cdc40e306fee0ad66573628b83a07fe087fcb3377848e1a7869e592c83bb594284da28a4f5db381059d56e5d4989042dadbbe6000b66184ca8fe9d293f6c70988f3d7b8ee00546a21aaeca498ae06fa7becc5a55914c7a1ab714d955a8b0bd72e8d6bbf4dd451b525fcbc9fb5c10747dee3c755d39be5c2d52345c56185a8d6cee878b72255acabf7dbefafaed94838532fd01ea6244c4ac929de6846084a07d19de7098e62b613775abe326d402f707c4fbb3968b0aac7f1f27537cbdecee19151b310bcbe2c848ef41eea747e85f87d5a160b2cb6b28d137e30c69770c1651e44a66f8e3394bec03c8256b89fd59bec449c6a2bdb351f53d05e463f75b834624b8c7b557dc38a398d726d0846fc2f062b5b32d10af38ce844c6811aaef73ace1d86813bc37433670f6180f9bd112ae00133077fc7a0bd12d7b4b3a53a3c16a9cb0e8112f18691aa3bd2215afdaa1d00c8ea4f4a302ea9ebc94afaad2549f646a8ae66b953fa9cd649a02c4b152cc6c7b55d99ddc3d0fd1fcd84da355eb02581dba9e4d9dd235d2d4c4e094161440e70926221d76ce70c8762485c8b801550cc208e5d1bfd184e622ff0950a912dd47163c838fd562f09ca1690e76da55a471ec67cb83bbb103975bd4683f0393ec8b843f55ba2c0bdc6c90b50031cfe751792bd5d0cb50c8ee93086794e18c4ed66d6bd09b499f8ff2f63a8920701ab0af5b4b75402b1d65b1eb515dc46e181a1699f21e67349c904f02f8358e28faff2ade65703d14dc2774b02acc731eee0941675502d95e0c32a7304f6e9af85ef220daea0de24cf79e35a59412e62835d3032f88d9ed7befd4f708bfd2d236bd188b6f951bbe13e3add84f111e20324a523426611ec15fb376e7306cbec6867f0b945047a4facf78154e68a66a36972d5a18af1403baa9b4b51fddd072ee1f0087add02485b40323bd708b76406e10a927a913d91c5d771d3aeb3cfafb54b1016785c61ed13060d5f1b550676a656b874fd392ae61c5044218df55cbb72b819990ffdb130fb17a14f7cb5a2a8aafedc6526d83762dbf320f15758030eeecf5652dccf04cdc68827400c768a21daff47212b87357ff0bcb36cae4d113a5d9815b07332cb42329321664d93e43e6dcd6115987007fc623088004f8ac943736eb2a045a25b1bbfbbc97571eabf875d924f6b7b0e524b1afa0ff499473aa7976de83b91928e84f8e445728778fe0e5a356a57f09ed254848cec31b7c5c9c7a2fca21befe15ffc9317e96f7ad582684ce625791b99563781bf64983e77be4f1a5893beec4b560fc15e9c21dd0c29bf2879dfaa257ba5ec97957050d5b2c1f25eb4064488c139dbf88f3b7c70850d6fdbf0603cdd4011bf76e0d9ee5c2b128b50dba5689a8f04d4caf62d777eab31aab4b4195da780901352d284885bf417eb05367ee1b5f2f8c5cfe7f0394fb977f3a3f96084375e22ccf6c3ee4659d68d2b1948a4a1783a4db2282c67d39613fa67be4dd144793b76c09dd563ef3d169f34318acbd62d3b2d64f9173d16e9801132918c3390172c6f64d049b4c894d593419e5f4d5a513fc5a64ddcd05b034e6d16fe88ff89a520c464f842ad5a62a6fc46f0e9d56d05d6f5e625d25f537cca62910981dd463255318d8273db13d27fdc6c17c2c54776ba3a246c413957f297b8ecb1adb5c3f1d4d8e4d7705bdb9268f956d2845b68511edd51cdc5d05de5d6d4b3f573592986fed325f1f3c6a9ef7740f9d843e11981d1ca515c7e722ec4d691c5e4d3a146e39bcf407f66418f754bb2508cb4cc843aa9d8eb63850e5b9103682ecc1fc8f972f394be9d31cb9efd0f693d4ec41fe8d0993b45d2f422f9ab604d3371c1bda1daa3206a027c4de5c8f2cf6d1fc7e6d1423a6c71e84f24e0a4dfbf4a331deff2ae649df9681a08846efc9f0001e7ef106f1bfa25ee2799b13f1f076e30e58078d186afb65301497e982478babf143972cc7072f70829b8faee46e56a1451ff7ddd0dd35816bfa29eee361de60fbc3222e89d70f1495be94d0e82072a0e572e3055c905552e6c45d2af3d4f505a99d947667059c1c92ce2d3549077539c4cec4c07337361eeb9f78813bf9e77b0a79f391ae6eb663deb53317f61ef8ddffdbd0ca2d8095c10c106b0968325bc1e88829d92399b809f1b881e9b9f0aeada5c5ee20fd0866070e3d5d41e62f5b6d2d25441babcdf9d3dc8ae3c140a6f352daf00ed38e248b236acd27f24bdebae0f272a5820ef77fb603fe3cc910a9d842129259e61d25dcf546cd770e4cccab470b20fa5f5972a6dd15853483de6e032f9726c166e81e8e0f9db4df397cc4a10b6e58708a31f48d7d2bae4ef92828c37088068b2ae433110dc7c08e6017d8b26e4e0382ca8fa62dc6f53c4cc2f0f78af72335c494f57f2414afe247e2291c395895bb18f701b6f4331feb759110c543dd94a238e782ad552047677558a50e7683d71a9e222fd19a9343e1d64528640a8099dedd19e4c747dda18ff25b15bddf750a54533b6ecfc75ad4a2909485f7fd759d45c74727b2e7300eae71a8784f5dd7f25b4b000ed3254264131cbbae316fb3a3bfbeb309dd2d18104629db354f447791eb882bf0333a520b8dba745b673d071b07e1de3e02fe751a1cf5908435b1a38edbd60483abdb15452c868844ceb96c449ab72999a55c79f9ce7405797142ef7095b4caf99d7bbe51cd4e963e4ffbbd2648761abd3894b5420a0add261ff9c0eff61aafd1ac5195ff15cadb5b0c7ce34d4d2d68146f3dae677e833b8be0f8a876153bb65398def38e4bf539d3a00047b19c483062fc1c2547b7d4f7d99b7035212ccfffeeb21ed7bbd6165ac7fbafbca3cef86fff655305706dd0baa607c50543bb0d66f0f4dbdd9c365fdb7b875dc5e7ee59afccc321ad1e31cc84687afda71231bb2e4dc3ce79ff3ce4bbafed8821a5b71bbf3844f110e2dd9557b596ac792d97506d22c0410bce435e20fa2e2d435361b5b6ac85f44763769723a7b629258f45e10578f70bef2e9c05af8032e357697dfcd30de9b3e953a36d6cb7a03ce69288b663f692793904dd8fb4ab6dc31ddf7f6942ef84c1e68c78bf9974f830ee2fccca84113cee98b47ed41a87fe610c5348dc38d4ada19862772317a70754870347ad87dbbb4c52349b0261aa8e108fcf387b24d4e2a77ba76e8472fd74ab6fa021277a24ef7a48d395b0fd1f9c0cf83bac56b433ffbfe5984a362e337969febf259988162c2b4842bd2fc0b230fee93a085003e615088abfe41889f7b5e0f380ffe55b66c1f7419993c3dd4aac5891494a183ddca2e415e1749489c925715f3c44d94b90d2d735f2b923bdbbbf1646580ab135356a9ee29bc19e73ded9a33798a69d248574e0c9e9f40a1c1ba52bc66a578d08b75f271a9e9f447efede09d6b3b57e0aa6322c18fd6f5e1c9d2753e0a6513cc04124ab89802eb9c504f0e5550868ab597629d7cc7447ed1b01b2ff4cf511aa098710b208b5aa0f595039a2f0e7294c5fe3b0c3e6c40000000000000000000000000000000002588beb10115f4b22f4ac997c86c49201ee9dceb2142ae61555bbbc4ef8cdd468a8ffbe6cbfc8877dd87292c70e10669bc99d8d5710f7719cc2cffc86cd529b6da2511d07aef4a1d9533ab58a76f80ad7fe91a17397d3c83481", @ANYBLOB="fe2ecf20a9a17bd2ed7e803f830375c150a1f848f604c2c1f932d2b7163be4b2b9a5bd521d185cfbee555b27608594beba6325923aaf5db74cff01000053db92c6c5fcbba0abd975fc76bea49b00513afc856ed89d3fadeda307ca587354322803b0983cc65725ae7f45fb95e7cdb28c6b886959b7dde2c87c73f6008cf6eed7861f24b7423704b95f3d05b92d3d7ff9d392833ecd02443320b60131a350360fcc1d659e2a03cb469caf0498bacae0735a161345b3d71a55f14ef636b6f832c7a6071fce83904dfd871b6d8e03648dbaa3a039eb5673792cae80335732030f9aeabaf3bb3cc4ca5fe75271d69b2e78beb2b81fc3cf3a18a7ae93a3cdbe6599b99408275e2b4b4477c6fcf4806134e839e13533ec000000000000006a1c000000000000000000000000000000000000000000000000000069c3288311b7414705e975eb3f1b77a120", @ANYRES64], 0x8, 0x2eb, &(0x7f00000004c0)="$eJzs3E1PE10UwPHTF0pbAmXx5DGaGG50o5sJVNdKYyAxNpEgNb4kJgNMtenYkpkGU2NEV26NH8IFYcmORPkCbNzpxo07NiYuZGEc0+kMhTKAlNIi/H8JmcPce6b3zgzk3AnD+r23T4t5W8vrFQnHlYRERDZEBiUsvpC3DbtxTLZ6JZf7fnw+f+f+g1uZbHZsUqnxzNSVtFJqYOjDsxcJr9tKr6wNPlr/nv629v/a2fXfU08KtirYqlSuKF1Nl79W9GnTULMFu6gpNWEaum2oQsk2rHp7ud6eN8tzc1Wll2b7k3OWYdtKL1VV0aiqSllVrKqKPNYLJaVpmupPCvaTW5yc1DMtJs+0eTA4IpaV0SMiktjRklvsyoAAAEBXNdf/YVHtrP+XLqxW+u4uD3j1/0osqP6/+qV+rG31f1xEAut///MD63/9YPX/zorodDlU/Y/jYSi2Y1eoEdYarYye9H5+Xa8fLg27AfU/AAAAAAAAAAAAAAAAAAAAAAD/gg3HSTmOk/K3/leviMRFxP8+IDUiIte7MGS00SGuP06Axot70QER8818bj5X33odVkXEFEOGJSW/3PvBU4v9N49UzaB8NBe8/IX5XMRtyeSl4OaPSKpHmvMdZ/xmdmxE1W3P75Hk1vy0pOS/4Px0YH5MLl3ckq9JSj7NSFlMmXXH0ch/OaLUjdvZpvyE2w8AAAAAgJNAU5sC1++atlt7PX9zfd38fCDSWF8PB67Po3Iu2t25AwAAAABwWtjV50XdNA1rjyAh+/dpPYge0ZH9Gf5tlv+3DEc30z0C/8O3NcW9nW0/LaEDnJZdgrC0kjVUm4067Cz8x0a79ZGJ0c5fQTc48+79z/Yd8NpyfJ+Zth5E9r4Bejr2CwgAAABAxzSKfn/PaHcHBAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAKdSJ/47W7TkCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx8WfAAAA//+SWQVN")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
recvmsg(0xffffffffffffffff, 0x0, 0x40081)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
getpeername$inet6(r1, 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, 0x0, 0x143042, 0xf0)
pwritev2(r2, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5412, 0x0, 0x0)
fdatasync(r0)
ftruncate(r0, 0x5)

10.400272108s ago: executing program 38 (id=1091):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000d80)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000007000000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x9, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x4c, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x4004040)
r4 = fsopen(&(0x7f0000000180)='configfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
fchdir(0xffffffffffffffff)
write$UHID_CREATE2(0xffffffffffffffff, 0x0, 0x118)
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x840, &(0x7f0000000340)={[{@test_dummy_encryption_v1}, {@test_dummy_encryption_v1}, {@nomblk_io_submit}, {@nomblk_io_submit}]}, 0x1, 0x241, &(0x7f0000000540)="$eJzs3U9oFFccB/DfzO42TbKUtL0UCm2hlNIGQnor9JJeWgiUEEoptIUUES9KIsQEb4knLx70rJKTlyDejB4ll+BFETxFzSFeBA0eDB70sDI7iUSz/oGJO+J8PjC7M7vvze8Ns983exkmgMoaiIiRiKhFxGBENCIi2dngm3wZ2Npc6F2ZiGi1/nyYtNvl27ntfv0RMR8RP0fEcprEwXrE7NK/649Xf//+xEzju3NL//R29SC3bKyv/bF5duz4xdGfZq/fvD+WxEg0XziuvZd0+KyeRHz2Loq9J5J62SPgbYwfvXAry/3nEfFtO/+NSCM/eSenP1puxI9nXtX31IMbX3ZzrMDea7Ua2TVwvgVUThoRzUjSoYjI19N0aCj/D3+71pcempo+MnhgamZyf9kzFbBXmhFrv13uudT/Uv7v1fL8Ax+uLP9/jS/eydY3a2WPBuimLP+D/8/9EPIPlSP/UF3yD9Ul/1Bdr8t/WtKYgO5w/Yfqkn+oLvmH6pJ/qC75h+ramX8AoFpaPWXfgQyUpez5BwAAAAAAAAAAAAAAAAAA2G2hd2Vie+lWzaunIzZ+jYh6p/q1recQfNx+7XuUZM2eS/Juhfz3dcEdFHS+5LuvP7lbbv1rX5Vbf24yYv5YRAzX67t/f0nh52B8+obvG/sKFijol7/Lrf90sdz6o6sRV7L5Z7jT/JPGF+33zvNPMzt/BesfflJwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTNswAAAP//ceptKw==")

9.891611991s ago: executing program 1 (id=1140):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000380)='sched_switch\x00', r0}, 0x18)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")

8.857043047s ago: executing program 1 (id=1143):
r0 = socket$kcm(0x29, 0x2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001cc0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123f51c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef23d430f6296b32a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed4048d3b3e3962dcddef6af1a11972a6b4975022278d00031e5388ee5c867ddd58211d6ece1ccb0cd2b6d3cffd962867a3a2f624f992daa94a0c556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff020000000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd0971d379380bf63432872cfed453870000b219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d3f153b3d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a74e04bde740750fa4d9aaa705989b8e673e3296e52d3112874ec51d6fe048ba6866adebab53168770a71ad901ace383e7927de217d6bf74daf41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafce5c1b3f97a297c9e490f241999085afabdd529f62ca0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637f99f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7a36b26a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec737555392a0b06491cba71f897144910fe050038ec9e475e89298b7bf4d769ccc18eede0068ca1457870eb30d211e23ccc8e06dddeb6179d257ab5000013c86ba9affb12ec757c7234c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad1e1f4933545fc3c741374211663f6b63b1dd044dd0117c9b737b9b59418006c1bc1aafa2768e82597251e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff75067d2a214f8c9d9b2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b101000f49e298727340e87cdefb40e56e9cfad973347d0de7ba4754ff231a1b933d8f931b8c552b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf444b032dad13007b82e6044f643fc8cd07a97e2bbe636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935f602325984386b21b96492ae662082b56cf666e63a757c0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e71338a40c7669522e8dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f24a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2603bfab96831957a08e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be42827dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d01af43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2ddf4c4d26f1cdd8c3c9736cf5e5082de3b484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b0033f8dfe0fd9bb2a70801f763524e1d"], &(0x7f0000000140)='GPL\x00'}, 0x94)
r2 = socket$kcm(0x2, 0x1, 0x0)
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000001c0)=r1, 0x4)
sendmsg$inet(r2, &(0x7f0000000300)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x20000015)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000000040)={r2, r1})
ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x89e1, &(0x7f0000000100)={r2})

8.138158725s ago: executing program 9 (id=1144):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0)
read(r0, &(0x7f0000001400)=""/4096, 0x1000)

7.641543458s ago: executing program 3 (id=1145):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000640)=ANY=[@ANYBLOB="300000001a00010000000000000000008100800000000000000000001400"], 0x30}}, 0x0)

7.034295681s ago: executing program 1 (id=1146):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000001040)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000c80)=[@hopopts={{0x30, 0x29, 0x36, {0x3c, 0x2, '\x00', [@hao={0xc9, 0x10, @ipv4={'\x00', '\xff\xff', @empty}}]}}}], 0x30}}], 0x1, 0x20000000)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, 0x0, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00'})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

7.03376723s ago: executing program 9 (id=1147):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x48582, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000440)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x3, 0x7, 0x5, 0x6685, 0x2, 0x9, 0x80000001, 0x2, 0x3800000}}}}]}, 0x58}}, 0x0)
r4 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@gettfilter={0x24, 0x2e, 0x1, 0x70bd29, 0x25dfdbf7, {0x0, 0x0, 0x0, 0x0, {0xd, 0xa}, {0xb, 0xfff1}, {0xf, 0xc}}}, 0x24}, 0x1, 0x0, 0x0, 0x20008090}, 0x4041080)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="240000000104010200000180000000000000000008000540000000000500010001"], 0x24}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)

6.883273464s ago: executing program 8 (id=1148):
prlimit64(0x0, 0xe, 0x0, 0x0)
fallocate(0xffffffffffffffff, 0x3, 0x9, 0x10000)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x90)
ioctl$EVIOCGPROP(0xffffffffffffffff, 0x40047438, &(0x7f0000000180)=""/246)
ioctl$PPPIOCSFLAGS1(0xffffffffffffffff, 0x40047459, 0x0)

6.863727905s ago: executing program 2 (id=1149):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106(generic-gcm-aesni)\x00'}, 0x58)
setsockopt$ALG_SET_AEAD_AUTHSIZE(r0, 0x117, 0x5, 0x0, 0x10)

6.762426425s ago: executing program 3 (id=1150):
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000540)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
sendmsg$tipc(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000000), 0x10, &(0x7f0000000480)}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000380)='sched_switch\x00', r1}, 0x18)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000c80)={'lo\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}, {0xe}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x8}]}}]}, 0x38}}, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000000c0)={@mcast1, 0x800, 0x0, 0x2000000000903, 0x1, 0x1}, 0x20)
socket$netlink(0x10, 0x3, 0x10)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")

6.551106834s ago: executing program 8 (id=1151):
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
r0 = inotify_init()
inotify_add_watch(r0, &(0x7f0000000000)='./file0\x00', 0x2000018)
r1 = open(&(0x7f00000000c0)='./file0\x00', 0x14000, 0x50)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r2}, 0x18)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r3 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mkdir(&(0x7f0000000200)='./bus\x00', 0x10)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chroot(&(0x7f0000000000)='./bus\x00')
syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYRES16=r1, @ANYRESOCT], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

6.043099814s ago: executing program 1 (id=1152):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040), 0x0, 0x0, 0x0, 0x7400}, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000580)=ANY=[], 0xfe33)
r1 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000580)=ANY=[], 0xfe33)

5.582248678s ago: executing program 2 (id=1153):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x16, 0xf, &(0x7f00000000c0)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @printk={@ld, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x73}}]}, &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)

5.56189366s ago: executing program 1 (id=1154):
open(&(0x7f0000000040)='./file0\x00', 0x200802, 0xc0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
preadv(r1, 0x0, 0x0, 0x400, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = socket(0x10, 0x803, 0x0)
r5 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00', <r6=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="300000001d000109", @ANYRES32=r6, @ANYBLOB="1000000814000100"], 0x30}}, 0x80)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
socket$inet6(0xa, 0x2, 0x3a)
write$UHID_INPUT(r7, &(0x7f00000005c0)={0x9, {"a2e3ad21ed0d52f91b5a090987f70e06d038e7ff7fc6e5539b5b43078b089b3b073172090890e0878f0e1ac6e7049b3371959b6e9a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d074c0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6b922f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa0b9d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c71568f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897f3411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2de8a50ddefeb12c46342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f02f4cded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
sendmsg$IPCTNL_MSG_CT_GET(r0, 0x0, 0x0)

5.53288507s ago: executing program 3 (id=1155):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$kcm(0x11, 0x200000000000002, 0x300)
close(r0)

4.9113169s ago: executing program 2 (id=1156):
socket$kcm(0xa, 0x3, 0x106)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0x17, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000072"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r1)
r2 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r2, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x20008000)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r3, 0xffffffffffffffff, 0x26}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{r3, <r4=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000080)=r1}, 0x20)
recvmsg(r2, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e00)=[{&(0x7f0000000a80)=""/20, 0x14}], 0x1}, 0x0)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000480)={r4, &(0x7f0000000440)}, 0x20)

4.827187226s ago: executing program 8 (id=1157):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000005"], 0x48)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000008900000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000fdffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000000000850000007500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.current\x00', 0x275a, 0x0)
write$cgroup_int(r3, &(0x7f0000000100), 0x1001)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b00)={&(0x7f0000000ac0)='mm_page_free_batched\x00', r2}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0)

4.546809585s ago: executing program 9 (id=1158):
r0 = socket$kcm(0x29, 0x2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001cc0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123f51c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef23d430f6296b32a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed4048d3b3e3962dcddef6af1a11972a6b4975022278d00031e5388ee5c867ddd58211d6ece1ccb0cd2b6d3cffd962867a3a2f624f992daa94a0c556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff020000000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd0971d379380bf63432872cfed453870000b219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d3f153b3d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a74e04bde740750fa4d9aaa705989b8e673e3296e52d3112874ec51d6fe048ba6866adebab53168770a71ad901ace383e7927de217d6bf74daf41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafce5c1b3f97a297c9e490f241999085afabdd529f62ca0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637f99f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7a36b26a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec737555392a0b06491cba71f897144910fe050038ec9e475e89298b7bf4d769ccc18eede0068ca1457870eb30d211e23ccc8e06dddeb6179d257ab5000013c86ba9affb12ec757c7234c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad1e1f4933545fc3c741374211663f6b63b1dd044dd0117c9b737b9b59418006c1bc1aafa2768e82597251e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff75067d2a214f8c9d9b2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b101000f49e298727340e87cdefb40e56e9cfad973347d0de7ba4754ff231a1b933d8f931b8c552b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf444b032dad13007b82e6044f643fc8cd07a97e2bbe636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935f602325984386b21b96492ae662082b56cf666e63a757c0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e71338a40c7669522e8dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f24a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2603bfab96831957a08e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be42827dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d01af43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2ddf4c4d26f1cdd8c3c9736cf5e5082de3b484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b0033f8dfe0fd9bb2a70801f763524e1d"], &(0x7f0000000140)='GPL\x00'}, 0x94)
r2 = socket$kcm(0x2, 0x1, 0x0)
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000001c0)=r1, 0x4)
sendmsg$inet(r2, &(0x7f0000000300)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x20000015)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000000040)={r2, r1})
ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x89e1, &(0x7f0000000100)={r2})

4.472227649s ago: executing program 3 (id=1159):
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x301c40a, &(0x7f0000000740)={[{@rodir}, {@shortname_winnt}, {@numtail}, {@utf8no}, {@iocharset={'iocharset', 0x3d, 'cp936'}}, {@rodir}, {@uni_xlateno}, {@fat=@codepage={'codepage', 0x3d, '1251'}}, {@utf8no}, {@shortname_lower}, {@uni_xlate}, {@utf8no}, {@uni_xlateno}, {@shortname_winnt}, {@iocharset={'iocharset', 0x3d, 'cp437'}}, {@shortname_lower}, {@shortname_win95}, {@fat=@check_strict}]}, 0x6, 0x2d5, &(0x7f0000000240)="$eJzs3T+LHGUcB/Df7O3tTrTYLaxEcEALq5BLa7OHJCBeZdhCLfQwCcjtIiRw4B+cTWUl2FhY+AoEwRdi4zsQbAU7IwRGZnYmM5vbXPbk9sTc59PcM8883+f5zdxwO1fccx+9Mj+6ncXdB1/+FmmaRG8Sk3iYxDh60VgUS/nycPJtAAD/Zw+LIv6sP9/PkksiIt1eWQDAFm32+d9vmz9fSFkAwBbdeu/9d/YPDm68m2Vp3Jx/fTwtf7Mvvy7P79+NT2IWd+JajOJRRPWisBvV20LZvFkURd7PSuN4fZ4fT8vk/MNf6vn3/4io8nsxinHV9fhto8q/fXBjL1vq5POyjhfq9Sdl/nqM4qXH4ZX89TX5mA7ijdc69V+NUfz6cXwas7hdFdHmv9rLsreK7/764oOyvDKf5MfTYTWuVex0j65czLcHAAAAAAAAAAAAAAAAAAAAAIDn1NV675xhVPv3lF31/js7j8qD3cga49X9eZb5pJmouz9QURR5ET80++tcy7KsqAe2+X683O9uLAgAAAAAAAAAAAAAAAAAAACX1/3PPj86nM3u3DuXRrMbQD8i/r4V8W/nmXR6Xo3TBw/rNQ9ns17dXB3T7/bETjMmiTi1jPIizum2PKtx5UTNdePHnzaaJ4lY1D3psxfdXb/WeTaap+voMFl/D4fR9KT1Q/L9IKIdM4inLbFY7Rk8rYwizvL4DdaeGm0W/6a+2nKeF6uevDm1OJmK5InCkqQz5s3fl3PVPcmTVzGo7uq6MiJtGm18dUy60fMc6TJ+8mdFYrcOAAAAAAAAAAAAAAAAAADYqvavf9ecfHBqtFcMt1YWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFyo9v//n6GR1+ENBg/i3v3/+BIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4BP4JAAD//47KXt4=")
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000240)={0x2, 0x4e20, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000ccb000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x23}}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001a00)=ANY=[@ANYBLOB="18000000030000000000000026d0000095002b000000000093adff012255f674412d02000000880b5f04596a5e99fce658be2f200c699223886d8be4b50000005ab527ee3697f98125f30e6326996a3cfee33025a30b45bdcf2c69d105e5e55a1d273683623f1a5dc6e3c7e20eb7a98ecf3bd2cf898e924abe26ac296f660e69ba982fd76e00dcff7f0000ca6b78ad833488cfe4109eaf009eddcf21f5c63cde2f00150200000001000000520a0000151d010000000100bf00000000cc587424363da52001a3cdf2000000db74596fd72c002a60c1bc7dc8c38b7d2e13c50424b9dd1145d03ff45f70685c6bd9ff41c69b7de406e89dcbb7677e65a88a8407a9e7f9c0e91028b0856eb1ed9474480737a55ebb0bd701f7fb21135c6172eba7eb8a341f07e5a2d1e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d93a433f50479387467824262852c7939db5672d07cdbe8e14abf56497e5d56dbe37551b870b2851c3f0a1a9ebfcba105a6ccdd01b0f04edb256c0200000073f6db43661bd7f0e2536ffbfe5ca31b4083145531458b7d1e341c6b351ebc5223f54d6bec93f4ef088e5d1be2515226988d664709ff03f1aa3dc7f1580ace9bf2afd28d0700000000000000d6eb372713255012e028cb2654d493a0b43bf21375709f348f5eda2967199cc936859a538100070000000000dc10e13ef227f627a40000ad1fa253d33fa74f172d3407ae4e1e347c0c6ef9dd2b6bb700000000000000000c586272c3f4d79bc36315745cb149f3cb385e6add14652003c7cdd3324f07d134d3a6c718bbd1aafe1140cff0be4c6f8df084c5e9734ae30aa9af030025f01ab03a9b1074407136bc506031f0916a39d3057d55183612b39e73ae8e6dc30356886a831836469e2051d937eb85f3f2d5ae2c1dca476b97419a3b76ed62409d004d7fbe362145d19605d760df4c5124ca325d374b371867a79b35c6617fc3327191fbf514573f0e30d1d60be2168fffc2f3dccd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257bc9110971b749ccd74089ed6b86f81ca3ba47d8f71d290ed1b1a11f7a67125170c88c3b6a50692cc0064fc6bbd312536ac15016c85c6332226401b110da9c786eeca22debc99335587b54c13c3107008fa069af8223b38ced735c2d906551004d8dc10d88738488da01ffa4add56474573c964a270000f2f16625c0c10200000000c7a5ca60fdad159f2e44171f39638410020000004825d081f2d987f05c534187738655d7dc958f2046fa0c1619a6554b82d9c162eb61ca74f1ffdaccf0ea5f06e0fca8b27ff3983ab74fd3d560700a1fab44e77e312b3b129e000302d613916c9bcf9f0000fac73a5b6bfb27f88dba816020be760f7b45e001efada8000000000000fdaf4660402f7b3b79a433e08074ea2462974a00040000eb01352638f56dae0249d15ba8767259658878b7492cfbacde9b57cf4de00788adce638190f3570e0b4c80ef682df22201270955afb6008846557ee3bc09fda6dbb6550d597300eb82a184c96ffde5a30e5433e866665b98ca2002c804c22ff2634b7bfbf5c0d586cda5b45fd00dede1e88a4d41dee7cc76d7a23d06acb1d2d4c58faea84158bb440df2a694f4cdcaa4f65c22efffffffffffdd00000000d503d79986958115ae07b70f991430b7fb475d77b869ee02000000000000000000001ffff0ef89b2a68d2b05c995445d8a7700bcdfbec74fb2dd163e863315e84498dfb52bb93f6c9084659ce777ddac563c8596c2b1d8180289a61faa95a82bf1cfb7f2fd7252e9322abe282c33445d443a67467893b9bf0d1c8130ae6b226900000635376413c29f7c6f7b7e29b9a0c64e68328661f0c06e21f7d7dc22174ea4447a6f60edef3a4168d40200fbc71104512efe8e5d7d934aa289b4bd2b870000000000000000000007000000002000000000009b777883a02f0593dfc4cb4114b9f9cf4ad155110cc6ace2b322ac31bfa27847c799c8009a1ea5b98e525e6383ad7fd9795170e7b11e247603c2ff49a11459c7f606d729d3979676bffb3049166bb84a0f061991bd57c2566c10c282352aba05b6164ef876915a3f2491e4793e590dcc71de10da96366c1e992c0068c940dd4422c9882d3aa0f8a797b8fea6efcfb5276b7679f15559edaa977504cc0b2f777acb907ebf5fc14add71d0bca37405ded69b77ab4a3d7487fd04000000de17e1e13b93669b79556abb722d9c085b189b5fd1f30e8dc813f608830b110001732135e8e7262f290000923bfb6b41ff3792cee2fc37eee739c3e36a4bc80112968ec0d8902eced1fe552018014a463abbbf7ccd6a92a5734e3ebfca9b6e88e031f31de2183652e77c164c646a1cfd3710aa4205d8d4d4f974133ccb1e49feb42664eccd809c0ba8917eda87489e8946d5c8156197bcb66fd5606c63e3389ee9e8552381646365066ef9a36a449c96485c22ad1aa423b7b89efbc6cd54000bb0ea5f4f1e8773144fb6ac9a44d43593d77e66aa7ed7f3d4e7b211590c738888d02b2dbb0b2ba73ec72e1d8d7360a128499dd19e1e7b9b0671f4f58515b45ecb9964f3c4ddb8234391d514f8d996d8d6dd7f8fadfee2d7a0035638ce27c2936cb04b30a0eb0cde0000000000000040000000ec3c12ecee8fc3a40000000000000000e215b00ce2570b930723cbadb4033d1b8aaa2cfb3fb89e4a6e89737fd6232218a9e0c099d1eb59d60b3cca089785642f327139bc4394fb6d547a9b3c22599e780c1da7433fb47615d372e3fffe9703e37d5c87d513165278650738efcc04d27b766cf7f60066edd292f6c8a2174f391ed164bb1816819ceb3e378e776d422bc946cd9501accebeac3a5b31d8abc68ae537cd44a04e6bc21c35a7beab2610c51e593676bf635a20f597f4631b91454d182f826071f5210bd6d93173589929b23801e63c2266fde13b5a04b8d48be057c752bc415a756ea9b4d34156c4f73dd5e5924ef101a5fcdaf37c7ba2c4a9de9b000000000000000000000000000000a73b862e4b63c245616b522345587d0ee65a6902bdd0abd941e8aba37510b222ae544f395edd1b92ad53fc68f08ea00edc5e10d768836169dd296d56b306e8b75778c37571792a6c3d8b02ef378ebd59422cdd008bef6f80a80a68641ea5ed4f1126bb676098c10bf663eb3fb8c839364d28fd046dc64b35f9c3397ce6f4ad357b0000000000090000000088c7a8e2638f650a6f04a6f33a090f59414d6ebcbc687e66d600000000bd0a58ea6d36fc2cf9b9a71c137a2a22adb1006f371d4faf47285fd66fe0389afb96854bb360edcdf11b4ff6dd578bba93e949d240cde9b5836cb46032484dc19c93db7b6e5afa10547c78e76a3111557346e52566df196fd630561bb908fff4d2e19562aabd43742a26a43799f8636fa04ceb40c9e4ca1cfbbc7b949cd245a3ee118fd0d4f639444539af8766028d4ac4d4c548e290199e0dacbb4f6796b39bf32934d941ba2f88e3ebd0cf8e24f99eca86e4ca9b2cd2b54044a7fc4631572a6378a32df288785f146275c1f548e2a0c1016744e05f9de5044373d7650125027547eefe7b2d8c8871bb65395fae99d8456883705bfdfb00001854b2e5efa8aaf25827d659f592b1575281ec125de7fb91cd81d91dcb19f5cdf1e1e2b4a8a1389753a09110538689e38e07fb2dc72bd4fd11d7bc16aac5d85c6101bb722895248e463a5fb45ce0e564e90cb19d5993b471687ae4165e29cf2f58082115f5f8569896eedfd798733223e6d6584997510c374912ab798bd4af4654c01bb2c411bc36468ddd62b4eba5cfc8953526e0e5b1359797956152d0098ce47c62c3fe5a23219389622b7f65bf03527d25c3941b9cf1ffeedf6d99082bb57ea871c12213cc40900f83033bc18c529171fae324c315bc6ce358831d0230412212acfd5fc8d5cb0d028cf568e8bb40e27befe2ff01f7c6674a4d86d900633ea36641e0a781ea0ea7f2d928b8b22e2f97dd13348927375baea6863bef4acf4299096ada5cdd2a0eaafaa760a79d102d1e0c0000000000000000007926653b8d79ce16a432f124786a0bc3c5b7d196822492ae1ccf91aeac16406ad6f9cd3d96d57fceba8360ae49f73351814c9c2972f11064aaf3739d9100f9c0e4d0cb17d50c82e305ba7d62cf1cc6da26e34982a8c74dd8122cf5b5e7c34fd2712a0cef05e4d8ec7dd363219676bd9b19943185b132eb35a695e208dfa5cecdb1d6425c8879063c0f11bd64291a4209ee6dc1d9e9010013f6148c603e6a335e298efd6ab5cccc47a2c568c6afec54f8251bd840752addf200371361c9eedf05ed98585cf6d99e9e56055064bda2d373369761238c278147cd0eb7799f6b9c9fcaa3fd282154994f5b25420c86db9b6401e885de1c615a719a1c83e8fbbb181282dbaf3313a4e4a4877e9f37607e2cd6da0cf6371ec06a75f5a4206b2418ad8897ae149085d63f01f22eca44033234b3930b4d5da756669a1d59d69e7de54abf439988ed7ec33c2d0a901bb0985a24878984d8a4340fa9a356d100926fb5f2ef9976366a61b8cc2bcb1c072b0e9c564852388e1edff10d75b3832792e471cc15b40380f94d834243080158603fbc9134d6983c540525447478984611c0d9666941bfc0a30db47a8828b6e5c51aee2094599b4ce52795750e1764f1657ca8c5633c71287239dddf5c651496f7bbd148c937f083d2e4e0197dbc6ff0649c749707b17399b1d7efad23abb8b40b38704737e15662ae4913a4a001cd3b71c7af75b5ffad9780650c800a40ca80ddc41987919142fd28dbf22db5f4c435415a03455e1d55d1783ccef97d7e4655cf839d06f06e137bbe462a03b3100231914b19739dd57b4f12d026ad0c7fd3"], &(0x7f00002bf000)='GPL\x00', 0x4, 0x436, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffc95}, 0x48)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r3 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000180)={r0, r1})
shutdown(r0, 0x1)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0)

4.338104601s ago: executing program 2 (id=1160):
r0 = getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0}, 0x18)
r3 = socket$rds(0x15, 0x5, 0x0)
ioctl$sock_ifreq(r3, 0x89b1, &(0x7f0000000100)={'bond0\x00', @ifru_names='bond_slave_1\x00'})

4.161765355s ago: executing program 8 (id=1161):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet(0x2, 0x1, 0x0)
getsockopt$inet_tcp_buf(r3, 0x6, 0xd, 0x0, &(0x7f00000003c0))
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mincore(&(0x7f0000947000/0x3000)=nil, 0x3000, &(0x7f0000000240)=""/121)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r5 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r6=>0x0})
connect$can_bcm(r5, &(0x7f00000000c0)={0x1d, r6}, 0x10)
sendmsg$can_bcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="01000000220900"/16, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYBLOB="0600000001"], 0x80}}, 0x0)

4.104776857s ago: executing program 9 (id=1162):
prlimit64(0x0, 0xe, 0x0, 0x0)
fallocate(0xffffffffffffffff, 0x3, 0x9, 0x10000)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x90)
ioctl$EVIOCGPROP(0xffffffffffffffff, 0x40047438, &(0x7f0000000180)=""/246)
ioctl$PPPIOCSFLAGS1(0xffffffffffffffff, 0x40047459, 0x0)

2.867344388s ago: executing program 9 (id=1163):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000001040)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000c80)=[@hopopts={{0x30, 0x29, 0x36, {0x3c, 0x2, '\x00', [@hao={0xc9, 0x10, @ipv4={'\x00', '\xff\xff', @empty}}]}}}], 0x30}}], 0x1, 0x20000000)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, 0x0, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00'})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

2.74242378s ago: executing program 2 (id=1164):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x1)
pwrite64(r0, &(0x7f0000000140), 0x0, 0x8080c61)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
syz_mount_image$bcachefs(&(0x7f0000000140), &(0x7f0000000100)='./file0\x00', 0x2800000, &(0x7f0000002080)=ANY=[], 0xfd, 0x5a7a, &(0x7f0000006680)="$eJzs3WuQXNV9IPBzu3s0Lz1GAgcZzGiQ0Ybg2BrxKj9SsZJN7BQQSi5SDmJlw4BGRLYkVHoEECSILHhRAS6cIpXg5ANxYXYxiosq2BiFMuGxEmtjq9h4qS1MrZ3F/uAtwqIKoKVcXs/W9NzT032779yenh4hid+vYG7fM6f/99xzT9++/9NX0wEAAID3hEN37Dx62em/+90/G3/71t/7h623hcFytbwvVhhKlze+Wy3kWOqtLK8us+PiV2/+xk9Hrv3t7zw68PV3Dm48a9MPf+eUa5/8wsUH7v/rZ95a9PgvXy2KG8fTudPryetJCH3fPvIXXzr4wmmTZcniyZ+lvSEsTZY9szQJ4fb6EKM/DyFsTFeWZ+I/9vb5myaXt93V21C+JFPPeH9vmzzOSQhhz9EbPhR+9Fvrb//+im/+Xc/+1/ZOV0n66sZTCIuvrn9+TwihP/1/UhxtcTwm6XJdCGGg7nkfLWjXB9to96TVmfK4fka6XJAuBwvixd+vzKyXMvWy61FPZjlQsL25ymtHp/WKLMysJ12KG+W1M5YvTZffSpfnzjJ+Od2HchJKSajUmr8lmR4joe64JSGpHsu+2nqpdmxDuv+Z9SSzXsqsl3sy+1XdbjrQyknSWB7rZcrj6biSlp9Vf65u4fK6x/X13h/L0hfqO9k6maCDTQ9q+1UV23VkhrYcC6W6c1Cr8tqBTw/GYFo2mCxres5EC/F3B9ffvaq84dlDQzntSB5N0vhJR/H3fG/pws8/sm939n29Fv/qUhq/1FH8H19y+I0r933tq7nx743xyx3FP++pgdcvee6Olbn9cyT2T6Wj+GOvPn/PilOv2Z/b/gdi/L6O4q89cLh30dGnns5t/2jsn/6O4r/yiU/95OGXnngtN36I8Qc6ir/hwPYv9w4fPSc3/tOxfwY7Gz9v7r/o5eHhn43kxX8xxl/UUfyH9vZ+/MEld12ce3zXxf4Z6ij+pWc/efvCo0+cmXfuTB7o1jsnwHvTKek11p3peqd55lzV5Qt/NVKZuuZbmP6/qJsbylx8ZvMEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOiG933ov376f3126PVKut6bPnilNLWM5QtCSPpDCDt3je3YtXnbdSNfuH73jm1jW0bGdo2Mb9u146aRC359ZMf49i1jN03+dvTD5089b1lIppbJmU3b7p2YmCgNNZbF7f3bs/f/aNVH//e/hDD6vh8MV3Lbv/r+rQ+e2uJnRrJ24pNbd1/2gwv/Nt2vobRdQy3aNTExMRFy2vV/rvjFg39+5KfnhDD6KzO16/lXfvMfGxpULZiOkyr1hqkG9SYDLdtRa3XanthflU2bt4yPzty/k88v5+zHv7v5tZ9vuvErv5jq377c/Wizf/vXTmwp/eX6S//fX94yVVDUrnfruE/2dzkn5mS74l7E9sX+60v7e3G6X4tz9quSs193fP/pl759+r639obRypsrmo910X71pAOgJ3l/W9uNWxhIljaU96X14xGPz1u9a+v21Ttv2vPhzVvHrhu/bnzbx9ZcsOai0QsvunB1dc9Xd3n/4/b/TZv7f2zG05I/3vut+LO98dTYrgWz7o/JdhX3R32L8l5/A5d/6b6P3f/cZVMFReeVWLt2PkmXA5PHeU2oG2/NfdVqv4qOTwhhpFU/vPHWxeG0/7H59qLzUP2Rqf+ZkaydeGHlv/7tR/9m+W9MFRyT83x9gzo8z9daPd2ean/1pcdj4jjt3970bNqbDLZs15oXnuu5+9C//EmtfQsWhBvHdu3asWbq58K0pQuTM1q2K1sa92tF9Wc5pN0SasO0xXid1BOm2pc9f8bq2V4dTH83mCxruV9Z8XcH19+9qrzh2UN5PZ08OrXF/rBoapl8IKfmlswTy7UGt9r+8fr6Kxofw5/+m8c/+/jfX9A0Ps6b+lm0X0nOfn3zpYfu+/pX/sPfd2+/Pv2bh4f+9X/+0aqpgmNwXglzOq+UpxpSa3XanqT+vHJeCEWvvxWh9X7kvv5Krfen6PWX3c50/dbxRjLrg6Hc0ev1vKcGXr/kuTtW5r5ej8z0eq3f2VsanlcueL0eL+9L2ddXUmlsx/y9vhoGSrJ24jt3nrL3mVvXnT5VUPR+Wavdalyf30b+kbNf/3jly8PXj/z7/96988Y3fv2xq344tvZPpwo6P+6xLd057n1p//bl9G+t1THvrO/fj1x7/ZaNU+VF/fzuXf+my4L8J55Kdt6054tjW7aM79jZ3n61+34at5Pt5U7fT+PZbVnBfpWa9mv+HrTTX+2+3mL7N3bcX42vt8GQdPS+sOd7Sxd+/pF9u4eanpVu6OpSGr/UUfwfX3L4jSv3fe2rufHvjfErHcUfe/X5e1aces3+3PgPJGn8vuL4i0NT/LUHDvcuOvrU07nxR2P7+ztq/yuf+NRPHn7piddy44cYf7Cz/n9z/0UvDw//LDf+i0m6nclrpBAee/v8TVPrSehJX2+xHT0N7QrZ9SSzXsqsl+vXS3EWId1AOUkay2O9tPysura08oc55fEqrG/51PKduB6yD2YuP96U6s79rcqLrlMBAE528fP/eA0aP/8fTy+U8mcaYNpc87DlOXFjHjY9n9P4GevyNH58fpwHHP5IGJ1c3jYydaE/288R4ushO88Zt3POBxtjtJyfOFC/ker2m+Y5i+bfV2bWY7um5ssrdXloqjmvqYQ25t+btzPz/Htm94s/zxq5s6lZI3XzVtnj15POmLW63yHT3spkhLzxkZ0Xi/dzDC8O66rba3N8ZO+jicchex9N3M7pmRNnp/fR5I2PoeZ+aGhXHB+x3gzjo9rk4s8jm49fmKF/p49f62jZ4zeL4903WX++P5/twrxhy1PasZs3nN/Pw46LeckW8Y/xvOTCpvjpC+x4nzeM5bGfKm3OJ342p7xb84nxdBHbdWSGthwL5hOBk1XM/+N7xGT+P3kB/n8z9YrylOxVY4yXe59Qzk3YRXlH8316Ax29j284sP3LvcNHz8m9znm63fv0tjesDRTc91PUj6sy64X9mDNBU5TvZbdT1O/Z+zIGw6KO+v2hvfd//MEld12c2+/rpt5Ii/v9voa1RQX9fgLkC63jyxdOpnyhOX6X7mMomj/Lz0fKtXbMSz6S3vg0X/nIH+SUzzYfGWh6UNuvquM3H5l+I23IR3qObbsAgBNHzP9rn5+l+f8/xwuL9DqiKG89N7Me4+XmrTnXJ3l56++nyxsz9QfTf1Ex2+vmS89+8vaFR584MzdveaDdPPQ/NawNFeahc8ubc/OIdd25Xzw3j6jlWXPLE3PbX8sT55an53xMW5enzy2Pzu2fWh7dOA9w3+HpTGOm+HEeIDd+bR6gi3nuL6crHbs8t2C+LrOxuNrufN2xzqMnS3oWN+5nY1480J08Ov3ns/OVR1+eUz7bPHqw6UFtv6qO3zy6sVweDQCcrGL+Hy/jqvl/bwjPxQr98cHcPmfPzQu6dN2e/XsgtfgvzkteOR2/S5//Fud98523zndeP9/zEif657/zPS80VP0DnvM1T/au3e86L3nxP9cetZ0XpxuVFwMAcDyL+X9M8+Pn/89l6s01P2nK33qmLiGn85MTLz+vr3cC5+dXhGOVn/eeyPn5iT7/Nb/3yZxc+f+0Dj8Xf2fiJM7/q22W/wMAnJBi/h//2WP8+3//JV3P/t36NvP0B7K38/oc3efoQZ7eRp7e5Xm2GL/+PoATeB6gPPd5gP5jfn98/3T9k2keoKonmAwAADgB9FQzpeZ/Z/+5dJn9d/Z5/y7/ypz67aqkl8fX7NoxPn7V7u0bx3aNX7Xt+o3jO6+6YcfmXbvGa9fOc8sbc/OWNG/sCZW0P1rXy+ZtS9K/h7Ak5+8hZOvHsGdUHzT/PYTsZvsL/o7A9PFrr715x680Q/1W4yPveOfF/8Oc+lHt+F/7R+ddtWnnVZu3bd61eWzL5j3jjfWGqv+Suv3vzYyfU87q+1IzP5qUZv/9nfHwzK0dpaZ29KT9kff97EmmHUvTlizN+/6DnHZ/97/9+R+fPfGLh0MYfV/5A3Pqv2TtxH++Yvz3dx36wfbJ9pdmbH+tZtquou8rzdaP+1PZcv3OXR/adP3ubdlvlOxMnM8o1dbn6b6G9OVfbnN+YkNO+Wz//X656cHxqe35CQAAGsTP/+P1bPz88CvpBVQsL8zTt03Vm+vnx7l5+mh7eXr2e8mK8vRs/bi/7ebpfXPM07PbL8rTW9Vvlafn5d158f8gp/5stT9OOrjPo5L2wyP7dueOk6vbGyfZ7zMoGifZ+rMdJ8kcx0l2+0XjpFX9VuMk77jnxf9MTv08ReOhUhsPc7svJ3c83NveePi1zHrReMjWn+14KM1xPGS3XzQeWtVvNR7yjm9z/MYJgu7M/04OjOq4GL/qhut3fLGu3nx//0VoviWjnfYtmH7u/H7/R6fa79/5ve9r7u0PYW21JK/98fOBBbNqf7v3lc29/UX9P4v7yhaHpvvKctv/4txmwtpv/6zuS7wt/q7d73fJyKve/PxjNV+bDrui+8+K5nHX55TPdh53QdOD45N5XHj3xPw/Xs3F/P+udNntj4FO/O9J6+D++3gO9j1m+f3f5nXMe+79PPuRu/dzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgJNCb2V5dXnojp1HLzv9d7/7Z+Nv3/p7/7D1tl+9+Rs/Hbn2t7/z6MDX3zm48axNP/ydU6598gsXH7j/r595a9Hjv3y1MPBQ9Wfl3HS1L4Tk9SSEvm8f+YsvHXzhtMmyJIRQTob2hrA0WfbM0iQTYfTnIYSNtXY2/vKxt8/fNLm87a7ehvIlmSDZ/QqD5die+naGcGPhHnEC6kvH2Z6jN3wo/Oi31t/+/RXf/Lue/a/tna6S9NWNpxAWX13//J4QQn/6/6Q42pbHJ6fLdSGEgbrnfbSgXR9ss/2rc9bPSJcL0uVgQZz4+5WZ9VKmXnY96sks6/a1v2DTHclrR6f1iizMrGdPRnOV185YvjRdfitdnjvL+OX4fxJKSajUmr8lmR4joe64JSGpHsu+2nqpdmxDuv+Z9SSzXsqsl3sy+1XdbjrQyknSWB7rZcrj6biSlp9Vf65u4fKc8veny770hfpOXA/ZB1MGmx7U9qsqtuvIDG1J/cfWxZXiZ7ahVHcOalVeO/DpwRhMywaTZU3PmWgh/u7g+rtXlTc8e2gopx3Jo0kaP+ko/p7vLV34+Uf27V6eF//qUhq/1FH8H19y+I0r933tq7nx743xyx3FP++pgdcvee6Olbn9cyT2T6Wj+GOvPn/PilOv2Z/b/gdi/L6O4q89cLh30dGnns5t/2jsn/6O4r/yiU/95OGXnngtN36I8Qc6ir/hwPYv9w4fPSc3/tOxfwY7Gz9v7r/o5eHhn43kxX8xxl/UUfyH9t7/8QeX3HVx7vFdF/tnqKP4l5795O0Ljz5xZt65M3mgW++cAO9Np6TXWHem653mmXNVly/81Uhl6ppvYfr/om5uKGNyO4vnMT4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACenf7rlgs9d8cnPrK8kISQ5dSZaiL8rL1i7dqSD7Y69+vw9K069Zn992fIO4gAAAADFYh5eqpX0heXhhqQ/nNGyfpwjOCOuJY3l2TmEGCc7R9BpnFKLOKUO4pS71J5Kl+L0dCnOgi7F6e1SnL6COH2hvTj9M8SpTI6ANtszMGN72o8z2KU4C7sUZ1EmRKdxFnepPUu6FGdoxjjtj8OlXYqzrEtxTulSnFO7FOd9XYrzK12Kc1qX4mTnlGc7DhelNU/Pi1N9UC6MU0nKtV+0mk8/Ld3OmXPczmDBdhYVvR+3uZ3+NrfzwczzSrPcTl+b27lgjttJ2tzOr81xO6WC7cRxe2O2fXE7ca3N8X9Tl+Ls6VKcm7sU55YuxfmTLsX50y7FuTU0XpzONg5Au2L+P53vDYXeym+EgfSMk50FiPnuiurP5ve7vBNSjPeBTPmConjZRD0Tb8Vs25edQMjEW5kp72mIV6nlIzPE66uPtyrzy5n29xNrW7etPt65mfLeGeI17AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAP/dMsFn7vik59ZH5Iw+V9LEy3E35UXrF070sF2D66/e1V5w7OH6st6Kx0EAgAAAArFPLynVtIXeitrQm+yoKFeXzoP0Jeul4emlsOLw7rJZTJSqq4PJEtnfF4lfd7qXVu3r955054Pb946dt34dePbPrbmgjUXjV540YWrN23eMj469TOE3oJ4IYTq9MPOm/Z8cWzLlvEdO6cKs+1fnj5vebqepM8b/kgYnVzelrZ/WcH2Sk3bm78HxUcPAAAAAAAAAAAAAAAAAAAAAAD+P7v2GyJpXQcA/PvMzM6Mq5cb/hsP7xzOU6ys9FpDS9wHggT/HC5CzFqbHHmStHqH3onZpAepKUWgHBwXvujCJE1645+UyD8cGGYJ7XWESvmiXhRahoovQpnY3Xnm38442yS35/X5vJjnme/v+/t9f7+H4+D7zAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABxa8/XJ2drU9Mx4EpEMyGn0kY3li2laHaHuV57c/oPS+nfO7IyVCiMsBAAAAAyV9eFjrUg5SoV85OPkxW8bomMg2n0/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw/2e+Pjlbm5qeOTqJSAbkNPrIxvLFNK2OUPfVtx7+7Evr1/+tM1YZYR0AAABguKwPz7Ui5ajEaTGWnLzQ+bei2buBtT3zl/LasnXWrTCv993BoLzTVph3xgrzPjYkb3PzenMAAADAh1/W/xdakYkoFdYs64ez/n9YX5/lndqTl29eq51J76u4kiQAAABgBbL+v9SKVKJUqLT69ZX2+xvaocWfzrP5w363z+af3pOXzR/2e/5lzavf6QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgw2O+Pjlbm5qeyScRyYCcRh/ZWL6YptUR6m56avwfl+y/Y0NnrFQYYSEAAABgqKwPb7fe5SgVxmMsjl7s+9dfdN+jX3r08cmIWGrzi8W4ecuOHTdsWviMTVneOS/sH/v+c69/e1neOUufq3ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgAzNfn5ytTU3PHJVEJANyGn1kY/limlZHqPvK57/4lwcPPvFaZ6wywjoAAADAcFkf3u79y1GJYhTjxMVvnb3+glzP/EHvDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAjx43fvOUbW+bmtt7gZnVuGvmIw2Ab/+NN9s/pcNnPh/+mvNrbWN3/lwAAgA/eqZFE47900uWrvWsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBwMF+fnK1NTc+Uk4hkQE4jU2oHsrF8MU2rI9RNn3yxtOadp57pjFVGWAcAAAAYLuvD271/OSoxFmNxwuK3fu8EGgv9/8Qh3CQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwWJmvT87WpqZn1iQRyYCcRh/ZWL6YptUR6j6wa+/n7j/2exd3xkqFERYCAAAAhsr68GIrUo5S4eNRilOa3+e6JyT55rX/e4H2vO1d08ZXPK/eNS//fvOSQkRr3l09Jys0T7M0r5ytN7F0bdWrtuflmvOqHfMq0Spfbc1bfFi7u6qtGXK+5U8eAAAADp2s/y+1IhNRKpQ6+v+fNq9HNa+D+tzcod04AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHDYma9PztampmeSJCIZkNPoIxvLF9O0OkLdW3770WO++rO7d3bGKiOsAwAAAAyX9eHt3r8clVgXH4l1i31/THTnZ3n/rL17/73/+uuZEWefeGB9oXfZH2U3v37lwqd7PyJy3dm5iGOb9ZIB9X7z+3tv2th498GIs0/In7KsXrx/ve4l08Zjta2X7XjuwPYhDwcAAACOEFn/P9aKTESpcP3A/j/rvIf0/y2LDfixN+36xfHNz2ZH3jMjN9GslxtQ7wsbH/7z6ef9/fWF/n95vU+27j6997r7j+8quBTpkaSNqet2bj5w7r5cduql+vme+tlz+fK3Xvv3NTff8+5S/XKUm/G1PVtZqrb8s6d8pI253J6ZS9/bU++uXxhw/jt+98zBX629++2F+m+dOt6qf0b0q7908sLA+nFU2hi/4s7d5+/dv7m7fkRU+9V/4+2L46Q/Xnt77/nH42DXwp1PvvOz9wGkjRc2vLnvvPsqF3TXT3rqZ8//5wcf2P2Te777eFY/+1uRM0+LFdbP9dR//q7jdj172+Vru+vnBpz/6StfWr+t+p0/9J7/6q5VCwN3sfz8D531yFUvb0lv7R0CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4sszXJ2drU9MzuSQiGZDT6CMbyxfTtDpC3VcvefGNK+/+8Q87Y5UR1gEAAACGy/rwdu9fjkoUoxjji33/Y7Wtl+147sD2mFgaTZrXwty2G3d84pptO6+/epV2DgAAAKzUq5cki/1/oRWZiFJhY4w1+/+p63ZuPnDuvlzW/+cWrklEXHPt3Nazo5X3/F3H7Xr2tsvXtt4TRCz+WUB5Ie8z7byLLnxx4s0/ff30vnmb2nkvbHhz33n3VS7I8qIz75xovZ946KxHrnp5S3pra3+deZ/62ra55uuJbN3xK+7cff7e/Ztz2XuM5nW8uW6WN5fbM3Ppe3vquYkoLYznm3nl5rkBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgOXm65OztanpmchHJANyGp2agWwsX0zT6gh1L934y9uPeeeJdZ2xUmGEhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP+wAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhf36CY2j7OMA/jy7yZtNNmmT9gWjYppWRamHFgURvaioSCtS8FQpUm3tQRQEEaUeTKUVS1W8CFYvRVRQoxQq2FgsrZKK/4oXDyooVA9CKQY0S/Ggks0zm81kpxs3KiifDyxPnmdmvvObmWefzQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwL9KT9dwvT2x56Ha7Rfc/MkT904/fut7D+y67LE3fhjdduPHB/tePTu5ffWOr29aue3IfRsm9r90/JeBd3471Tb40dlmbepWQohnYgiV96eef3Ly0/NmxmIIoRwHx0IYiiuOD8VcwvpfQwjbG3XO33ho+qodM+2ufT3zxpfnQvLXFarlrJ5Zg/Pr5b+lkubZztojV4Rvb9i8+/NVb7/VPX56bG6XOLNPOc2nEJZtbT6+O4TQmz4zstk2nB2c2k0hhL6m465pU9fFi6x/XQi1XL/uwtT+L7XVNjnZ9jW5fim3X76f6c61fW3Ot1RFdbTdr7ez8/Xn+vnFaKkada5rPT6U2ndTu/ZP5pezTwylGLoa5d8f5+ZIaHpuMcT6s6w0+qXGsw3p+nP9mOuXcv1yd+666udNE60c4/zxbL/ceLYcd6Xx1c1rdQt3FIyfn9pK+qKezfoh/8es6oI/GtdVl9U1dY5a/gmlpjWo1XjjwaeHUU1j1bhiwTG/t5Btm9z89KXlLR+cGCyoIx6MKT92lL/zs6H+u97c+/BwUf7WUsovdZT/3caTP9259+UXC/Ofy/LLHeVfebTvzMYP96wpvD9TcyvIYvJj6mfb7j710TOr/n/PeKtnXc88kN3/Skf1Xz9xsmegdvRYYf3rs/vT21H+N9fd8v3rXx4+XZgfsvy+jvK3TDz4bM9I7fLC/GOzX4VqfYZ2MH9+Hr/6q5GRH0eL8r/I7v9Ai/zYNv+1sf3XvrJ834bC+bkpuz+DKX/hD9u58m+75Mju/trhi4rWznhgsb+wALSyMv2P9VTqt3vPPDRdavmeuVRN7wsvjHbN/gL1p8/AX3minJnzLPsb8wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgD/YgQMSAAAAAEH/X7cjUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgqAAD//0wFDK4=")
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
fanotify_init(0x1, 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000340)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000100)='./file1\x00', 0x804c10, &(0x7f0000000180)=ANY=[], 0xfa, 0x669, &(0x7f0000000640)="$eJzs3c1vHGcdB/DvrDd2Ni3BTZM2oEq1GgkQFolf5IK5EBBCPlSoKgfOVuI0VjZpsV3kVog6vF576B9QDr4gTkjcIxUOXODWG/KxEhKXXjCnRTs7a6/XL10njb1pP59o9nmeeWae+T2/2Zl9saIN8IW1MJn6gxRZmHxlvd3e2pxtbm3O3u3Wk4wl2UjqSWpJiv+2Wq0Pk+tJsTNM0Vfu8/7y/GsffbL1cadVr5Zy+9pR+/WpttvoW73RXTeRZKQqH8Ge8W488njFTuTXk1ypSjh1Z5K09vjZ35/e6enROGjvsycSI/B4FZ3XzX3Gk3PVhd5+H9B95a2dbHSDGxtwu/53EAAAAPCkGeQz8Je3s5314vwJhAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACfCxu7v/9fVEutW59I0f39/9FqXar6cHnxeJs/eFxxAAAAAAAAAMAJenE721nP+W67VZR/83+pbFwsH5/KW1nNUlZyNetZzFrWspLpJOM9A42uL66trUwPsOfMgXvOfEqgY1XZ+GzmDQAAAAAAAACfM7/Kwu7f/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYBgUyUinSHG/Z/V4avUkZ5OMtldsJP/s1p9kD047AAAAADgBY8l21nO+224VuZjkufI7gLN5K/eyluWspZml3Cy/F+h86q9tbc42tzZn77aX/eN+/z/HCqMcMZ3vHg4+8uVyi0ZuZblcczU38kaauZlauWfb5Sqe7qh9cd1vx1R8rzJgZDersj3z96pyn3ePNdnDHPPLlPEyI2d2MjJVxdbOxjPdM3PwGTrm2ek/0nRqO8Fe7DvS6N7JPFTOz1Vlez6/Oyznp6I/EzM9z77njs558vW//OmnU1V9eKY0mJGqbJWPjf2ZmO3JxPODZOJ2896d27dWJ5+0TOwzVWbi0k57IT/KTzKZibyalSzn51nMWpYykR+WtcXq5Bc9l/whmbq+p/Xqp0UyWj1DOyfreDG9VO57Psv5cd7IzSzl5fLfTKbz7cxlLvM9Z/jS0We4vOprh1z1rS8dGPyVb1SVRpLfV+VwaOf1mZ689t5zx8u+3jW7WbowQJaOeW+sf7WqtI/x66ocDv2ZmO7JxLNHZ+IP5W1ltXnvzsrtxTcHO9yF96pK+zr6bTIxPDeS9vPlQvtkla29z45237MH9k2XfRd3+mr7+i7t9HWu1I1Dr9TR6j3c/pFmyr7nD+ybLfsu9/Qd9H4LgKF37pvnRhv/bvyj8UHjN43bjVfO/mDsO2MvjObMX898tz418rXaC8Wf80F+ufv5HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeHirb79zZ7HZXFrpq7RarXcP6RqwUq+O8JC7P0IlE/96qn3kA7q6P2d2gvF85enk5OY+rJX/tVqtak1xyDZ//NvQJKpVGYrUnVLl9O5JwMm4tnb3zWurb7/zreW7i68vvb50b35ubn5qfu7l2Wu3lptLU53H044SeBx2X/RPOxIAAAAAAAAAAABgUCfx3wlOe44AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAk21hMvUHKTI9dXWq3d7anG22l259d8t6klqS4hdJ8WFyPZ0l4z3DFYcd5/3l+dc++mTr492x6t3ta0ftN5iNaslEkpFOef+zGu9GVR6pOGoKxc4M2wm70k0cnLb/BwAA//+o5gZ+")
creat(0x0, 0x182)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0)
pwrite64(r4, &(0x7f0000000140)='2', 0xfdef, 0xfecc)

1.336870526s ago: executing program 3 (id=1165):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{0x0}], 0x1, 0x0, 0x0, 0x7400}, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000580)=ANY=[], 0xfe33)
r1 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000580)=ANY=[], 0xfe33)

835.392389ms ago: executing program 9 (id=1166):
syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x3200004, &(0x7f0000000900)={[{@nls={'nls', 0x3d, 'macinuit'}}, {@gid}, {@umask={'umask', 0x3d, 0x1000}}, {@uid}, {@type={'type', 0x3d, "8cc687ef"}}, {@force}, {@nodecompose}, {@type={'type', 0x3d, "664b981f"}}]}, 0x3, 0x6b9, &(0x7f0000000240)="$eJzs3U1sHGcZB/D/bJx1Nkip26ZtQEi1GqmCRiR2ViVBQmpACOUQoQguvVqJ01jZpJXtorRCZAMUJE6cUA8cilA49IQQQionRDkjIXHh5BuHSNw45AAYzezsem1vHDuOvab9/aTJvLPv1zOP52N37GgDfGpdfD2Huyly8dSl2+X2yr12Z+Ve+2a/nGQySSOZ6K1StJLi4+RCeks+W75YD1c8bJ5X739UTLz/Ybu3NVEvVfvGVv02GdmymxwZbBxKMt0r/nvbw24ar1qqca6sjfeYikHcZcJO9hMH47a6SXetsvHI7ts/b4ED607vvrnJVHI0vbtr+T4g9dXh0VeG8dvy2tTdvzgAAABgr4z8LD/sqQd5kNs5tj/hAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwCdD0fvOwKJeGv3ydIr+9/83h75TvznmcHfpvWvV6ttPjTsQAAAAAAAAANiVFx/kQW7nWH97tah+5/9StXG8+vczeTtLmc9iTud25rKc5SxmNsnU0EDN23PLy4uzwz2rPxJY+nnKnqurq3fqnmdH9jy7Pq7uxkBH/aXBpkYAAAAAAAAA8Kn1g1xc+/0/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcBEVyqLeqluP98lQaE0mOJGkW04PmzbEG+wT8cdwBAAAAwN5r1etjxX97hdWi+sz/fPW5/0jezq0sZyHL6WQ+V6tnAb1P/Y2/dtudlXvtm+WyeeCv/XNHcVQjpvfsYfTMM1WL5wY9Luab+U5OZTqXs5iFfDdzWc58pvONqjSXIlP104uplXut9GPdHO+FdVuXN8b24lC5jO9EFUkr17JQxXY6V5r90Bt1uxNDs/2+mWyY8W6ZneK12jZzdLVel3v0s3p9MExVe354kJGZOvdlNp4ezvvm3O/wONk402wag2dQx9dmKTc3zvRYOT9ar8tc/3hvc77DR2nrM9H9abnVP/qe3zrnyRf/9qfL1xu3bly/tnTq4BxGj2njMdEeysQL28pEp8xEdxeZOLKb+J+cZp2N3lV0Z1fLl6q+x7KQb+XNXM18zmUmszmfmXwlZ9PO2aG8Prd1XqtzrbGzc+3kF+pCeU/6ydC9ad9MPqyizOvTQ3kdvtJNVXXDr6xl6ZltZKloZnSW/j4ylInP1YVyjh8O3XHGb5CJxtq1uR/ds1tn4pf/WU2y1Ll1Y/H63FvbnO/lel2etu+tvzb/6ons0M7Vu1seL8+UP6z0bhvDR0dZ92y/bt2RM1vVHR/Urb/PNZupzude3aPO1HKk5++OGqlX98LIWdpV3YmhunXvcvJmOoN3IQAcYEdfOdps3W/9pfVB60et661LR74+eX7y880c/vPEHw79pvHrxleLV/JBvp9j444UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+CZbeeffGXKczv3gAC2k84QHvjqzqp6L3SvNg7PtWhcP7O+mhnTSe3OqI+m2SLbo3x5HMVpID8DOd62RiH+aazIiqS4NXWkljEE+SGwfkC+6AvXBm+eZbZ5beefdLCzfn3ph/Y/7W2fPnXjvX/vLsnTPXFjrzM71/xx0lsBfW3gaMOxIAAAAAAAAAAABgu3bz3wn+cWl7jUdMW3THsK8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/6eLr+dwN0VmZ07PlNsr99qdcumX11pOJGkkKb6XFB8nF9JbMjU0XPGweV69/9EvXn7/w/baWBP99o0N/X73r9XVHe5Ft14yneRQvX60yW2Nd2VovO4OA+spBntYJuxkP3Ewbv8LAAD///zfBvQ=")
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x42, 0x1fe)
llistxattr(&(0x7f0000000000)='./file1\x00', 0x0, 0x0)

142.36371ms ago: executing program 3 (id=1167):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
syz_emit_ethernet(0x86, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
close(r4)

117.410587ms ago: executing program 2 (id=1168):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x16, 0xf, &(0x7f00000000c0)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @printk={@ld, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x73}}]}, &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r1, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000700)=""/8, 0x60ff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

0s ago: executing program 8 (id=1169):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x30000c6, &(0x7f00000000c0), 0x2, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580))
r2 = open$dir(&(0x7f0000000140)='./file0\x00', 0x500, 0x40)
getdents64(r2, 0x0, 0x0)

kernel console output (not intermixed with test programs):

vices/virtual/input/input12
[  539.309398][ T8396] hsr_slave_0: entered promiscuous mode
[  539.339435][ T8396] hsr_slave_1: entered promiscuous mode
[  539.361867][ T8396] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  539.393645][ T8396] Cannot create hsr debugfs directory
[  539.413093][ T8625] syzkaller0: entered promiscuous mode
[  539.418615][ T8625] syzkaller0: entered allmulticast mode
[  539.471162][ T8436] bridge0: port 2(bridge_slave_1) entered blocking state
[  539.478800][ T8436] bridge0: port 2(bridge_slave_1) entered disabled state
[  539.501985][ T8436] bridge_slave_1: entered allmulticast mode
[  539.522861][ T8436] bridge_slave_1: entered promiscuous mode
[  539.558752][ T8471] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  539.670271][ T8471] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  543.310629][ T8654] overlayfs: failed to resolve './file1': -2
[  544.154731][ T8436] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  544.219084][ T8436] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  544.585515][ T8664] loop5: detected capacity change from 0 to 1024
[  544.593071][ T8664] EXT4-fs: Ignoring removed orlov option
[  544.598750][ T8664] EXT4-fs: Ignoring removed nomblk_io_submit option
[  544.680470][ T8664] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  544.701642][ T8471] team0: Port device team_slave_0 added
[  544.716871][ T8471] team0: Port device team_slave_1 added
[  544.864778][ T5868] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  545.141223][ T8436] team0: Port device team_slave_0 added
[  545.156932][ T8471] batman_adv: batadv0: Adding interface: batadv_slave_0
[  545.176884][ T8672] loop1: detected capacity change from 0 to 256
[  545.200015][ T8471] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  545.284305][ T8471] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  545.619184][ T8436] team0: Port device team_slave_1 added
[  545.638220][ T8471] batman_adv: batadv0: Adding interface: batadv_slave_1
[  546.344721][ T8471] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  546.541222][ T8471] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  546.694207][ T8693] loop5: detected capacity change from 0 to 512
[  546.702847][ T8691] netlink: 12 bytes leftover after parsing attributes in process `syz.1.518'.
[  546.718153][ T8693] EXT4-fs: Ignoring removed bh option
[  546.738173][ T6045] bridge_slave_1: left allmulticast mode
[  546.748122][ T8693] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[  546.748354][ T6045] bridge_slave_1: left promiscuous mode
[  546.778597][ T6045] bridge0: port 2(bridge_slave_1) entered disabled state
[  546.790543][ T8693] EXT4-fs (loop5): 1 truncate cleaned up
[  546.798820][ T6045] bridge_slave_0: left allmulticast mode
[  546.801196][ T8693] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  546.829883][ T6045] bridge_slave_0: left promiscuous mode
[  546.835671][ T6045] bridge0: port 1(bridge_slave_0) entered disabled state
[  546.865652][ T6045] bridge_slave_1: left allmulticast mode
[  546.879981][ T6045] bridge_slave_1: left promiscuous mode
[  546.896069][ T6045] bridge0: port 2(bridge_slave_1) entered disabled state
[  546.922754][ T6045] bridge_slave_0: left allmulticast mode
[  546.936500][ T6045] bridge_slave_0: left promiscuous mode
[  546.947806][ T6045] bridge0: port 1(bridge_slave_0) entered disabled state
[  546.969157][ T6045] bridge_slave_1: left allmulticast mode
[  546.986622][ T6045] bridge_slave_1: left promiscuous mode
[  546.998387][ T6045] bridge0: port 2(bridge_slave_1) entered disabled state
[  547.018214][ T6045] bridge_slave_0: left allmulticast mode
[  547.038043][ T6045] bridge_slave_0: left promiscuous mode
[  547.048325][ T6045] bridge0: port 1(bridge_slave_0) entered disabled state
[  547.686726][ T6045] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  547.706998][ T6045] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  547.729212][ T6045] bond0 (unregistering): Released all slaves
[  547.927488][ T5868] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  547.985007][ T6045] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  548.038329][ T6045] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  548.048926][ T6045] bond0 (unregistering): Released all slaves
[  548.270061][ T6045] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  548.281450][ T6045] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  548.292096][ T6045] bond0 (unregistering): Released all slaves
[  549.035099][ T8436] batman_adv: batadv0: Adding interface: batadv_slave_0
[  549.056986][ T8436] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  549.091828][ T8436] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  549.109766][ T8678] syzkaller0: entered promiscuous mode
[  549.124979][ T8678] syzkaller0: entered allmulticast mode
[  549.374804][ T8708] loop5: detected capacity change from 0 to 256
[  549.402572][ T8708] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  549.413301][ T8708] exFAT-fs (loop5): Medium has reported failures. Some data may be lost.
[  549.454823][ T8708] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  549.534920][ T8708] input: syz1 as /devices/virtual/input/input13
[  550.120098][ T8436] batman_adv: batadv0: Adding interface: batadv_slave_1
[  550.127086][ T8436] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  550.311227][ T8436] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  551.801176][ T6045] hsr_slave_0: left promiscuous mode
[  552.131239][ T8719] overlayfs: failed to resolve './file1': -2
[  552.459935][ T6045] hsr_slave_1: left promiscuous mode
[  552.478612][ T6045] batman_adv: batadv0: Removing interface: batadv_slave_0
[  552.495955][ T6045] batman_adv: batadv0: Removing interface: batadv_slave_1
[  552.524780][ T6045] hsr_slave_0: left promiscuous mode
[  552.563659][ T6045] hsr_slave_1: left promiscuous mode
[  552.596445][ T6045] batman_adv: batadv0: Removing interface: batadv_slave_0
[  552.644199][ T6045] batman_adv: batadv0: Removing interface: batadv_slave_1
[  552.757828][ T6045] hsr_slave_0: left promiscuous mode
[  553.060281][ T6045] hsr_slave_1: left promiscuous mode
[  553.071449][ T6045] batman_adv: batadv0: Removing interface: batadv_slave_0
[  553.189503][ T8730] overlayfs: overlapping lowerdir path
[  553.193059][ T8732] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  553.414295][ T6045] batman_adv: batadv0: Removing interface: batadv_slave_1
[  554.094382][ T8736] loop1: detected capacity change from 0 to 256
[  554.151125][ T8738] loop5: detected capacity change from 0 to 512
[  554.201702][ T8738] EXT4-fs: Ignoring removed bh option
[  554.208015][ T8738] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[  554.326048][ T8738] EXT4-fs (loop5): 1 truncate cleaned up
[  554.357881][ T8738] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  554.571145][ T8744] overlayfs: failed to resolve './file1': -2
[  554.602670][ T6045] team0 (unregistering): Port device team_slave_1 removed
[  554.655143][ T6045] team0 (unregistering): Port device team_slave_0 removed
[  555.026598][ T8747] netlink: 12 bytes leftover after parsing attributes in process `syz.1.531'.
[  555.613034][ T6045] team0 (unregistering): Port device team_slave_1 removed
[  555.733205][ T6045] team0 (unregistering): Port device team_slave_0 removed
[  556.238963][ T5868] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  556.264027][ T6045] team0 (unregistering): Port device team_slave_1 removed
[  556.359283][ T6045] team0 (unregistering): Port device team_slave_0 removed
[  556.846908][ T8471] hsr_slave_0: entered promiscuous mode
[  556.854318][ T8471] hsr_slave_1: entered promiscuous mode
[  556.860809][ T8471] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  556.868378][ T8471] Cannot create hsr debugfs directory
[  557.911438][ T8774] loop1: detected capacity change from 0 to 1024
[  557.918955][ T8774] EXT4-fs: Ignoring removed orlov option
[  557.924916][ T8774] EXT4-fs: Ignoring removed nomblk_io_submit option
[  557.945053][ T8436] hsr_slave_0: entered promiscuous mode
[  557.977673][ T8436] hsr_slave_1: entered promiscuous mode
[  558.016788][ T8436] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  558.060298][ T8436] Cannot create hsr debugfs directory
[  558.118045][ T8774] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  558.377064][ T5867] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  559.020479][   T56] block nbd0: Possible stuck request ffff888026b4e000: control (read@0,1024B). Runtime 330 seconds
[  559.031556][   T56] block nbd0: Possible stuck request ffff888026b4e1c0: control (read@1024,1024B). Runtime 330 seconds
[  559.042731][   T56] block nbd0: Possible stuck request ffff888026b4e380: control (read@2048,1024B). Runtime 330 seconds
[  559.053918][   T56] block nbd0: Possible stuck request ffff888026b4e540: control (read@3072,1024B). Runtime 330 seconds
[  559.379673][ T8786] loop5: detected capacity change from 0 to 256
[  559.387957][ T8786] exfat: Deprecated parameter 'namecase'
[  559.394558][ T8786] exfat: Deprecated parameter 'utf8'
[  559.449626][ T8786] exFAT-fs (loop5): failed to load upcase table (idx : 0x0001ff53, chksum : 0xd72bb7d8, utbl_chksum : 0xe619d30d)
[  560.670991][ T8794] loop5: detected capacity change from 0 to 256
[  561.049233][ T8795] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  562.456023][ T8800] overlayfs: failed to resolve './file1': -2
[  562.479668][ T8803] netlink: 12 bytes leftover after parsing attributes in process `syz.6.544'.
[  565.560266][ T8817] loop1: detected capacity change from 0 to 256
[  565.619751][ T8817] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  565.630629][ T8817] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[  565.730061][ T8817] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  565.828655][ T8817] input: syz1 as /devices/virtual/input/input14
[  566.479782][ T8471] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  566.545073][ T8471] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  566.655290][ T8471] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  566.702436][ T8471] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  567.643568][ T8436] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  567.783403][ T8836] loop5: detected capacity change from 0 to 256
[  567.791195][ T8836] exfat: Deprecated parameter 'namecase'
[  567.796951][ T8836] exfat: Deprecated parameter 'utf8'
[  567.834662][ T8471] 8021q: adding VLAN 0 to HW filter on device bond0
[  567.910693][ T8436] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  567.978220][ T8836] exFAT-fs (loop5): failed to load upcase table (idx : 0x0001ff53, chksum : 0xd72bb7d8, utbl_chksum : 0xe619d30d)
[  569.035568][ T8436] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  569.572978][ T8845] loop6: detected capacity change from 0 to 256
[  569.679528][ T8436] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  569.892136][ T8850] netlink: 12 bytes leftover after parsing attributes in process `syz.1.555'.
[  569.907954][ T8471] 8021q: adding VLAN 0 to HW filter on device team0
[  569.992403][ T6054] bridge0: port 1(bridge_slave_0) entered blocking state
[  569.999626][ T6054] bridge0: port 1(bridge_slave_0) entered forwarding state
[  570.103602][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  570.110852][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  570.319397][ T5881] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  570.363456][ T5881] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  570.373587][ T5881] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  570.385611][ T5881] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  570.393702][ T5881] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  570.508277][ T8864] loop1: detected capacity change from 0 to 256
[  570.539484][ T8864] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  570.550449][ T8864] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[  570.613870][ T8864] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  570.719487][ T8864] input: syz1 as /devices/virtual/input/input15
[  571.246810][ T8870] loop6: detected capacity change from 0 to 512
[  571.254757][ T8870] EXT4-fs: Ignoring removed bh option
[  571.265862][ T8870] EXT4-fs (loop6): mounting ext3 file system using the ext4 subsystem
[  571.642667][ T8872] overlayfs: failed to resolve './file0': -2
[  572.277107][ T8870] EXT4-fs (loop6): 1 truncate cleaned up
[  572.292169][ T8870] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  572.470618][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  572.480147][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  572.765479][ T5881] Bluetooth: hci0: command tx timeout
[  573.571762][ T7460] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  574.080134][ T8889] overlayfs: overlapping lowerdir path
[  574.574753][ T8471] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  574.743813][ T8436] 8021q: adding VLAN 0 to HW filter on device bond0
[  574.780181][ T5881] Bluetooth: hci0: command tx timeout
[  576.126523][ T8902] loop6: detected capacity change from 0 to 256
[  576.135131][ T8902] exfat: Deprecated parameter 'namecase'
[  576.140965][ T8902] exfat: Deprecated parameter 'utf8'
[  576.202134][ T8905] netlink: 12 bytes leftover after parsing attributes in process `syz.5.565'.
[  576.219350][ T8902] exFAT-fs (loop6): failed to load upcase table (idx : 0x0001ff53, chksum : 0xd72bb7d8, utbl_chksum : 0xe619d30d)
[  576.581459][ T8910] overlayfs: failed to resolve './file1': -2
[  576.637042][ T8471] 8021q: adding VLAN 0 to HW filter on device batadv0
[  576.725606][ T8860] chnl_net:caif_netlink_parms(): no params data found
[  576.870108][ T5881] Bluetooth: hci0: command tx timeout
[  576.924871][ T6072] bridge_slave_1: left allmulticast mode
[  576.935133][ T6072] bridge_slave_1: left promiscuous mode
[  577.400367][ T6072] bridge0: port 2(bridge_slave_1) entered disabled state
[  578.408860][ T8919] overlayfs: overlapping lowerdir path
[  578.629723][ T8926] loop5: detected capacity change from 0 to 1024
[  578.649236][ T8926] EXT4-fs: Ignoring removed orlov option
[  578.655196][ T8926] EXT4-fs: Ignoring removed nomblk_io_submit option
[  578.927277][ T5874] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  578.939940][ T5874] Bluetooth: hci0: command tx timeout
[  578.948205][ T8926] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  578.949038][ T5874] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  578.970468][ T5874] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  578.986584][ T6072] bridge_slave_0: left allmulticast mode
[  578.990328][ T5874] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  579.001246][ T5874] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  579.018538][ T6072] bridge_slave_0: left promiscuous mode
[  579.033522][ T6072] bridge0: port 1(bridge_slave_0) entered disabled state
[  579.315898][ T8934] loop1: detected capacity change from 0 to 256
[  579.350385][ T8934] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  579.361477][ T8934] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[  579.434384][ T8934] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  579.558931][ T8934] input: syz1 as /devices/virtual/input/input16
[  580.693594][ T5881] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  580.704915][ T5881] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  580.712807][ T5881] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  580.721925][ T5881] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  580.729965][ T5881] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  581.063144][ T6072] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  581.098268][ T6072] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  581.112844][ T5881] Bluetooth: hci1: command tx timeout
[  581.148815][ T6072] bond0 (unregistering): Released all slaves
[  581.745396][ T8860] bridge0: port 1(bridge_slave_0) entered blocking state
[  581.752748][ T8860] bridge0: port 1(bridge_slave_0) entered disabled state
[  581.770425][ T8860] bridge_slave_0: entered allmulticast mode
[  581.778486][ T8860] bridge_slave_0: entered promiscuous mode
[  581.905842][ T8943] loop6: detected capacity change from 0 to 512
[  581.914186][ T8943] EXT4-fs: Ignoring removed bh option
[  581.920545][ T8943] EXT4-fs (loop6): mounting ext3 file system using the ext4 subsystem
[  581.931462][ T5868] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  581.936857][ T8943] EXT4-fs (loop6): 1 truncate cleaned up
[  581.973771][ T8943] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  582.008141][ T6072] hsr_slave_0: left promiscuous mode
[  582.045605][ T6072] hsr_slave_1: left promiscuous mode
[  582.103437][ T6072] batman_adv: batadv0: Removing interface: batadv_slave_0
[  582.397643][ T6072] batman_adv: batadv0: Removing interface: batadv_slave_1
[  582.834553][ T5881] Bluetooth: hci4: command tx timeout
[  583.223830][ T5881] Bluetooth: hci1: command tx timeout
[  584.661112][ T7460] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  584.757887][ T8962] netlink: 12 bytes leftover after parsing attributes in process `syz.1.577'.
[  584.890324][ T5881] Bluetooth: hci4: command tx timeout
[  585.261276][ T5881] Bluetooth: hci1: command tx timeout
[  586.060544][ T8971] loop5: detected capacity change from 0 to 256
[  586.079208][ T8971] exfat: Deprecated parameter 'namecase'
[  586.093963][ T8971] exfat: Deprecated parameter 'utf8'
[  586.109896][ T8971] exFAT-fs (loop5): failed to load upcase table (idx : 0x0001ff53, chksum : 0xd72bb7d8, utbl_chksum : 0xe619d30d)
[  586.612481][ T6072] team0 (unregistering): Port device team_slave_1 removed
[  586.731707][ T6072] team0 (unregistering): Port device team_slave_0 removed
[  586.939992][ T5881] Bluetooth: hci4: command tx timeout
[  587.864353][ T8983] overlayfs: overlapping lowerdir path
[  587.873894][ T8985] loop5: detected capacity change from 0 to 256
[  587.900330][ T5881] Bluetooth: hci1: command tx timeout
[  587.997263][ T8985] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  588.008183][ T8985] exFAT-fs (loop5): Medium has reported failures. Some data may be lost.
[  588.061550][ T8985] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  588.170975][ T8985] input: syz1 as /devices/virtual/input/input17
[  589.029971][ T5881] Bluetooth: hci4: command tx timeout
[  589.211072][   T56] block nbd0: Possible stuck request ffff888026b4e000: control (read@0,1024B). Runtime 360 seconds
[  589.227754][   T56] block nbd0: Possible stuck request ffff888026b4e1c0: control (read@1024,1024B). Runtime 360 seconds
[  589.242999][   T56] block nbd0: Possible stuck request ffff888026b4e380: control (read@2048,1024B). Runtime 360 seconds
[  589.264367][   T56] block nbd0: Possible stuck request ffff888026b4e540: control (read@3072,1024B). Runtime 360 seconds
[  589.593279][ T8860] bridge0: port 2(bridge_slave_1) entered blocking state
[  589.624173][ T8860] bridge0: port 2(bridge_slave_1) entered disabled state
[  589.639000][ T8860] bridge_slave_1: entered allmulticast mode
[  589.652710][ T8860] bridge_slave_1: entered promiscuous mode
[  590.308984][ T8860] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  590.334481][ T8860] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  590.695807][ T9000] loop5: detected capacity change from 0 to 512
[  590.733867][ T9000] EXT4-fs: Ignoring removed bh option
[  590.804571][ T9000] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[  590.864275][ T9000] EXT4-fs (loop5): 1 truncate cleaned up
[  590.894108][ T9000] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  591.883179][ T8860] team0: Port device team_slave_0 added
[  591.918350][ T8860] team0: Port device team_slave_1 added
[  593.213825][ T9015] overlayfs: overlapping lowerdir path
[  593.574277][ T9014] loop1: detected capacity change from 0 to 256
[  593.614118][ T5868] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  593.627950][ T9014] exfat: Deprecated parameter 'namecase'
[  593.716303][ T9014] exfat: Deprecated parameter 'utf8'
[  593.874735][ T9014] exFAT-fs (loop1): failed to load upcase table (idx : 0x0001ff53, chksum : 0xd72bb7d8, utbl_chksum : 0xe619d30d)
[  594.061749][ T8860] batman_adv: batadv0: Adding interface: batadv_slave_0
[  594.068894][ T8860] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  594.095333][ T8860] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  594.129746][ T9024] loop6: detected capacity change from 0 to 1024
[  594.147707][ T9024] EXT4-fs: Ignoring removed orlov option
[  594.149532][ T8937] chnl_net:caif_netlink_parms(): no params data found
[  594.157485][ T9024] EXT4-fs: Ignoring removed nomblk_io_submit option
[  594.198395][ T9024] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  594.233967][ T8860] batman_adv: batadv0: Adding interface: batadv_slave_1
[  594.293314][ T8860] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  594.359954][ T8860] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  594.448731][ T7460] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  594.736860][ T9029] overlayfs: failed to resolve './file1': -2
[  594.906283][ T8860] hsr_slave_0: entered promiscuous mode
[  594.913462][ T8860] hsr_slave_1: entered promiscuous mode
[  594.920681][ T8860] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  594.929144][ T8860] Cannot create hsr debugfs directory
[  596.882344][ T9046] netlink: 4 bytes leftover after parsing attributes in process `syz.5.596'.
[  597.185897][ T9048] loop1: detected capacity change from 0 to 256
[  597.197653][ T9048] exfat: Unknown parameter 'iochar'
[  599.248061][ T8920] chnl_net:caif_netlink_parms(): no params data found
[  599.367531][ T8937] bridge0: port 1(bridge_slave_0) entered blocking state
[  599.407898][ T8937] bridge0: port 1(bridge_slave_0) entered disabled state
[  599.450372][ T8937] bridge_slave_0: entered allmulticast mode
[  599.483173][ T8937] bridge_slave_0: entered promiscuous mode
[  599.523173][ T8937] bridge0: port 2(bridge_slave_1) entered blocking state
[  599.581945][ T8937] bridge0: port 2(bridge_slave_1) entered disabled state
[  599.618968][ T8937] bridge_slave_1: entered allmulticast mode
[  599.690707][ T8937] bridge_slave_1: entered promiscuous mode
[  599.797192][ T9057] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[  600.472594][ T9065] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  600.525143][ T9071] loop1: detected capacity change from 0 to 256
[  600.573518][ T9071] exfat: Deprecated parameter 'namecase'
[  600.639384][ T9072] overlayfs: failed to resolve './file1': -2
[  600.673458][ T9071] exfat: Deprecated parameter 'utf8'
[  600.966236][ T9071] exFAT-fs (loop1): failed to load upcase table (idx : 0x0001ff53, chksum : 0xd72bb7d8, utbl_chksum : 0xe619d30d)
[  601.605666][ T8937] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  602.637210][ T8920] bridge0: port 1(bridge_slave_0) entered blocking state
[  602.666853][ T8920] bridge0: port 1(bridge_slave_0) entered disabled state
[  602.687316][ T8920] bridge_slave_0: entered allmulticast mode
[  602.707468][ T8920] bridge_slave_0: entered promiscuous mode
[  602.742422][ T8937] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  603.230223][ T9094] netlink: 4 bytes leftover after parsing attributes in process `syz.1.608'.
[  603.350026][ T8920] bridge0: port 2(bridge_slave_1) entered blocking state
[  603.359890][ T8920] bridge0: port 2(bridge_slave_1) entered disabled state
[  603.368181][ T8920] bridge_slave_1: entered allmulticast mode
[  603.376710][ T8920] bridge_slave_1: entered promiscuous mode
[  603.793210][ T9097] loop5: detected capacity change from 0 to 1024
[  603.811789][ T9097] EXT4-fs: Ignoring removed orlov option
[  603.817681][ T9097] EXT4-fs: Ignoring removed nomblk_io_submit option
[  604.020689][ T9097] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  604.538875][ T9108] loop6: detected capacity change from 0 to 256
[  604.636988][ T9108] exFAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  604.647828][ T9108] exFAT-fs (loop6): Medium has reported failures. Some data may be lost.
[  604.729628][ T9108] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  604.841726][ T9108] input: syz1 as /devices/virtual/input/input18
[  605.815837][ T5868] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  606.442816][ T8937] team0: Port device team_slave_0 added
[  608.866858][ T8920] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  609.122015][ T8937] team0: Port device team_slave_1 added
[  609.251621][ T8920] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  609.294919][ T9123] loop6: detected capacity change from 0 to 256
[  609.336200][ T9123] exfat: Deprecated parameter 'namecase'
[  609.414519][ T9123] exfat: Deprecated parameter 'utf8'
[  609.567779][ T9127] overlayfs: failed to resolve './file1': -2
[  609.735855][ T9123] exFAT-fs (loop6): failed to load upcase table (idx : 0x0001ff53, chksum : 0xd72bb7d8, utbl_chksum : 0xe619d30d)
[  610.320876][ T8937] batman_adv: batadv0: Adding interface: batadv_slave_0
[  610.327892][ T8937] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  610.355235][ T8937] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  610.539257][ T8920] team0: Port device team_slave_0 added
[  610.765477][ T9136] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  610.796772][ T8937] batman_adv: batadv0: Adding interface: batadv_slave_1
[  610.831103][ T8937] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  610.841737][ T9139] netlink: 4 bytes leftover after parsing attributes in process `syz.6.618'.
[  610.885710][ T8937] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  610.932368][ T8920] team0: Port device team_slave_1 added
[  611.196781][ T8920] batman_adv: batadv0: Adding interface: batadv_slave_0
[  611.466247][ T8920] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  611.493517][ T8920] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  611.506811][ T8920] batman_adv: batadv0: Adding interface: batadv_slave_1
[  612.159888][ T8920] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  612.199749][ T8920] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  612.462175][ T9151] loop1: detected capacity change from 0 to 512
[  612.497497][ T9151] EXT4-fs: Ignoring removed bh option
[  612.520195][ T9151] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  612.583811][ T9146] loop5: detected capacity change from 0 to 256
[  612.670644][ T9151] EXT4-fs (loop1): 1 truncate cleaned up
[  612.677357][ T9146] FAT-fs (loop5): Directory bread(block 64) failed
[  612.684035][ T9146] FAT-fs (loop5): Directory bread(block 65) failed
[  612.690724][ T9146] FAT-fs (loop5): Directory bread(block 66) failed
[  612.697266][ T9146] FAT-fs (loop5): Directory bread(block 67) failed
[  612.703939][ T9146] FAT-fs (loop5): Directory bread(block 68) failed
[  612.710515][ T9146] FAT-fs (loop5): Directory bread(block 69) failed
[  612.717146][ T9146] FAT-fs (loop5): Directory bread(block 70) failed
[  612.723732][ T9146] FAT-fs (loop5): Directory bread(block 71) failed
[  612.730548][ T9146] FAT-fs (loop5): Directory bread(block 72) failed
[  612.737094][ T9146] FAT-fs (loop5): Directory bread(block 73) failed
[  612.777877][ T9151] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  614.048457][ T5867] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  614.478880][ T9160] loop1: detected capacity change from 0 to 256
[  614.665702][ T8937] hsr_slave_0: entered promiscuous mode
[  614.719680][ T8937] hsr_slave_1: entered promiscuous mode
[  614.751945][ T8937] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  614.759547][ T8937] Cannot create hsr debugfs directory
[  614.935266][ T9165] loop1: detected capacity change from 0 to 256
[  614.997758][ T9165] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  615.008515][ T9165] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[  615.151221][ T9165] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  615.262029][ T9165] input: syz1 as /devices/virtual/input/input19
[  615.735970][ T9166] loop5: detected capacity change from 0 to 512
[  615.826310][ T9166] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  615.921295][ T9166] EXT4-fs error (device loop5): ext4_free_branches:1020: inode #11: comm syz.5.625: invalid indirect mapped block 4294967295 (level 1)
[  615.991295][ T9166] EXT4-fs error (device loop5): ext4_free_branches:1020: inode #11: comm syz.5.625: invalid indirect mapped block 4294967295 (level 1)
[  616.053695][ T9166] EXT4-fs (loop5): 2 truncates cleaned up
[  616.087385][ T9166] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  616.431763][ T5868] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  616.970476][ T9176] overlayfs: overlapping lowerdir path
[  617.078410][ T9177] overlayfs: failed to resolve './file1': -2
[  617.885522][ T8860] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  618.009319][ T9182] netlink: 4 bytes leftover after parsing attributes in process `syz.6.628'.
[  618.083196][ T9187] netlink: 12 bytes leftover after parsing attributes in process `syz.6.628'.
[  618.097236][ T8920] hsr_slave_0: entered promiscuous mode
[  618.106857][ T8920] hsr_slave_1: entered promiscuous mode
[  618.118449][ T8920] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  618.133196][ T8920] Cannot create hsr debugfs directory
[  618.147487][ T8860] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  618.255624][ T8860] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  618.321373][ T8860] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  620.025611][   T56] block nbd0: Possible stuck request ffff888026b4e000: control (read@0,1024B). Runtime 390 seconds
[  620.036471][   T56] block nbd0: Possible stuck request ffff888026b4e1c0: control (read@1024,1024B). Runtime 390 seconds
[  620.047590][   T56] block nbd0: Possible stuck request ffff888026b4e380: control (read@2048,1024B). Runtime 390 seconds
[  620.063018][   T56] block nbd0: Possible stuck request ffff888026b4e540: control (read@3072,1024B). Runtime 390 seconds
[  621.481393][ T9221] overlayfs: overlapping lowerdir path
[  621.555442][ T1076] bridge_slave_1: left allmulticast mode
[  621.579974][ T1076] bridge_slave_1: left promiscuous mode
[  621.596187][ T1076] bridge0: port 2(bridge_slave_1) entered disabled state
[  621.680994][ T1076] bridge_slave_0: left allmulticast mode
[  621.686779][ T1076] bridge_slave_0: left promiscuous mode
[  621.720108][ T1076] bridge0: port 1(bridge_slave_0) entered disabled state
[  621.825846][ T1076] bridge_slave_1: left allmulticast mode
[  621.853220][ T1076] bridge_slave_1: left promiscuous mode
[  621.859703][ T1076] bridge0: port 2(bridge_slave_1) entered disabled state
[  622.309845][ T9229] overlayfs: failed to resolve './file1': -2
[  623.716486][ T1076] bridge_slave_0: left allmulticast mode
[  623.756504][ T1076] bridge_slave_0: left promiscuous mode
[  623.786873][ T1076] bridge0: port 1(bridge_slave_0) entered disabled state
[  625.227992][ T9251] netlink: 4 bytes leftover after parsing attributes in process `syz.1.639'.
[  625.301160][ T9252] netlink: 12 bytes leftover after parsing attributes in process `syz.1.639'.
[  626.974703][ T1076] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  626.991464][ T1076] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  627.005187][ T1076] bond0 (unregistering): Released all slaves
[  627.259868][ T1076] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  627.273504][ T1076] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  627.286257][ T1076] bond0 (unregistering): Released all slaves
[  627.310758][ T9246] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[  627.327633][ T9246] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[  627.338217][ T9246] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  627.486319][ T8860] 8021q: adding VLAN 0 to HW filter on device bond0
[  627.646547][ T1076] hsr_slave_0: left promiscuous mode
[  627.679909][ T1076] hsr_slave_1: left promiscuous mode
[  627.686338][ T1076] batman_adv: batadv0: Removing interface: batadv_slave_0
[  627.760459][ T1076] batman_adv: batadv0: Removing interface: batadv_slave_1
[  627.783185][ T1076] hsr_slave_0: left promiscuous mode
[  627.820593][ T1076] hsr_slave_1: left promiscuous mode
[  627.826921][ T1076] batman_adv: batadv0: Removing interface: batadv_slave_0
[  627.870420][ T1076] batman_adv: batadv0: Removing interface: batadv_slave_1
[  628.235057][ T1076] team0 (unregistering): Port device team_slave_1 removed
[  628.385048][ T9288] loop5: detected capacity change from 0 to 256
[  628.450543][ T1076] team0 (unregistering): Port device team_slave_0 removed
[  628.677106][ T9288] exfat: Deprecated parameter 'namecase'
[  628.696770][ T9288] exfat: Deprecated parameter 'utf8'
[  628.769206][ T9288] exFAT-fs (loop5): failed to load upcase table (idx : 0x0001ff53, chksum : 0xd72bb7d8, utbl_chksum : 0xe619d30d)
[  630.299921][ T9303] overlayfs: failed to resolve './file0': -2
[  630.639560][ T5874] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  630.648150][ T5874] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  630.656879][ T5874] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  630.670450][ T5874] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  630.679497][ T5874] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  631.075167][ T9311] overlayfs: failed to resolve './file1': -2
[  632.327770][ T9321] overlayfs: overlapping lowerdir path
[  632.689111][ T9326] netlink: 4 bytes leftover after parsing attributes in process `syz.6.651'.
[  632.702100][ T5874] Bluetooth: hci0: command tx timeout
[  632.844499][   T30] audit: type=1326 audit(1753175461.797:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9322 comm="syz.1.650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1258b8e9a9 code=0x7ffc0000
[  632.969304][ T9329] netlink: 12 bytes leftover after parsing attributes in process `syz.6.651'.
[  633.072751][ T1076] team0 (unregistering): Port device team_slave_1 removed
[  633.216054][   T30] audit: type=1326 audit(1753175461.807:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9322 comm="syz.1.650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1258b8e9a9 code=0x7ffc0000
[  633.401048][ T1076] team0 (unregistering): Port device team_slave_0 removed
[  633.908408][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  633.914942][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  634.813960][ T5874] Bluetooth: hci0: command tx timeout
[  634.868728][ T8937] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  634.983396][ T8937] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  635.324893][ T8937] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  635.479173][ T8937] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  635.546996][ T9347] loop5: detected capacity change from 0 to 256
[  635.581464][ T9347] exfat: Deprecated parameter 'namecase'
[  635.609722][ T9347] exfat: Deprecated parameter 'utf8'
[  635.664216][ T9347] exFAT-fs (loop5): failed to load upcase table (idx : 0x0001ff53, chksum : 0xd72bb7d8, utbl_chksum : 0xe619d30d)
[  636.293235][ T9308] chnl_net:caif_netlink_parms(): no params data found
[  636.862676][ T5874] Bluetooth: hci0: command tx timeout
[  637.227174][ T8937] 8021q: adding VLAN 0 to HW filter on device bond0
[  637.592397][ T9308] bridge0: port 1(bridge_slave_0) entered blocking state
[  637.638289][ T9308] bridge0: port 1(bridge_slave_0) entered disabled state
[  637.686904][ T9308] bridge_slave_0: entered allmulticast mode
[  637.719959][ T9308] bridge_slave_0: entered promiscuous mode
[  637.753626][ T9308] bridge0: port 2(bridge_slave_1) entered blocking state
[  637.792206][ T9308] bridge0: port 2(bridge_slave_1) entered disabled state
[  637.828631][ T9308] bridge_slave_1: entered allmulticast mode
[  637.868606][ T9308] bridge_slave_1: entered promiscuous mode
[  637.885766][ T9379] overlayfs: failed to resolve './file1': -2
[  638.134295][ T5881] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  638.152522][ T5881] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  638.160802][ T5881] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  638.169249][ T5881] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  638.184331][ T5881] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  638.461545][ T9394] netlink: 12 bytes leftover after parsing attributes in process `syz.5.662'.
[  638.896529][ T9308] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  638.976357][ T9308] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  638.990949][ T5881] Bluetooth: hci0: command tx timeout
[  639.059253][ T8937] 8021q: adding VLAN 0 to HW filter on device team0
[  639.304874][ T9406] overlayfs: failed to resolve './file0': -2
[  640.112228][ T9308] team0: Port device team_slave_0 added
[  640.132230][ T9308] team0: Port device team_slave_1 added
[  640.220832][ T5881] Bluetooth: hci1: command tx timeout
[  640.329236][ T6073] bridge0: port 1(bridge_slave_0) entered blocking state
[  640.336638][ T6073] bridge0: port 1(bridge_slave_0) entered forwarding state
[  640.377953][ T6073] bridge0: port 2(bridge_slave_1) entered blocking state
[  640.386077][ T6073] bridge0: port 2(bridge_slave_1) entered forwarding state
[  640.426390][ T9413] loop6: detected capacity change from 0 to 256
[  640.444055][ T9413] exfat: Deprecated parameter 'namecase'
[  640.465198][ T9413] exfat: Deprecated parameter 'utf8'
[  640.548556][ T9413] exFAT-fs (loop6): failed to load upcase table (idx : 0x0001ff53, chksum : 0xd72bb7d8, utbl_chksum : 0xe619d30d)
[  640.645616][ T9308] batman_adv: batadv0: Adding interface: batadv_slave_0
[  640.680599][ T9308] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  640.772239][ T9308] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  640.852603][ T9308] batman_adv: batadv0: Adding interface: batadv_slave_1
[  640.893602][ T9308] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  641.013591][ T9308] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  642.185428][ T9308] hsr_slave_0: entered promiscuous mode
[  642.222558][ T9308] hsr_slave_1: entered promiscuous mode
[  642.228970][ T9308] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  642.279873][ T9308] Cannot create hsr debugfs directory
[  642.300247][ T5881] Bluetooth: hci1: command tx timeout
[  642.315126][ T6052] bridge_slave_1: left allmulticast mode
[  642.332732][ T6052] bridge_slave_1: left promiscuous mode
[  642.339250][ T6052] bridge0: port 2(bridge_slave_1) entered disabled state
[  642.382636][ T6052] bridge_slave_0: left allmulticast mode
[  642.537512][ T6052] bridge_slave_0: left promiscuous mode
[  642.544942][ T6052] bridge0: port 1(bridge_slave_0) entered disabled state
[  643.874862][ T5874] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  643.884798][ T5874] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  643.893099][ T5874] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  643.902017][ T5874] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  643.910146][ T5874] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  644.145751][ T9457] netlink: 28 bytes leftover after parsing attributes in process `syz.1.675'.
[  644.328046][ T9458] loop1: detected capacity change from 0 to 512
[  644.448627][ T9458] EXT4-fs (loop1): 1 truncate cleaned up
[  644.475066][ T9458] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  644.487421][ T5874] Bluetooth: hci1: command tx timeout
[  645.436861][ T6052] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  645.453384][ T6052] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  645.465528][ T6052] bond0 (unregistering): Released all slaves
[  645.712958][ T5867] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  645.980588][ T5874] Bluetooth: hci4: command tx timeout
[  646.032140][ T6052] hsr_slave_0: left promiscuous mode
[  646.052856][ T6052] hsr_slave_1: left promiscuous mode
[  646.190395][ T6052] batman_adv: batadv0: Removing interface: batadv_slave_0
[  646.293511][ T6052] batman_adv: batadv0: Removing interface: batadv_slave_1
[  646.539961][ T5874] Bluetooth: hci1: command tx timeout
[  647.056792][ T9497] netlink: 1752 bytes leftover after parsing attributes in process `syz.5.683'.
[  647.157897][ T6052] team0 (unregistering): Port device team_slave_1 removed
[  647.257316][ T6052] team0 (unregistering): Port device team_slave_0 removed
[  648.059996][ T5874] Bluetooth: hci4: command tx timeout
[  648.150837][ T9515] loop1: detected capacity change from 0 to 256
[  648.160276][ T9515] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  648.171052][ T9515] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[  648.228285][ T9515] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  648.327987][ T9515] input: syz1 as /devices/virtual/input/input20
[  649.540307][ T9521] netlink: 12 bytes leftover after parsing attributes in process `syz.5.689'.
[  650.149920][ T5874] Bluetooth: hci4: command tx timeout
[  650.783642][   T56] block nbd0: Possible stuck request ffff888026b4e000: control (read@0,1024B). Runtime 420 seconds
[  650.794480][   T56] block nbd0: Possible stuck request ffff888026b4e1c0: control (read@1024,1024B). Runtime 420 seconds
[  650.805537][   T56] block nbd0: Possible stuck request ffff888026b4e380: control (read@2048,1024B). Runtime 420 seconds
[  650.816682][   T56] block nbd0: Possible stuck request ffff888026b4e540: control (read@3072,1024B). Runtime 420 seconds
[  651.632688][ T9535] loop5: detected capacity change from 0 to 128
[  651.658498][ T9535] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  651.674090][ T9535] ext4 filesystem being mounted at /241/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  651.774243][ T9384] chnl_net:caif_netlink_parms(): no params data found
[  651.934508][ T9545] netlink: 24032 bytes leftover after parsing attributes in process `syz.6.692'.
[  652.006684][ T9545] netlink: 104088 bytes leftover after parsing attributes in process `syz.6.692'.
[  652.026991][ T9545] netlink: 24032 bytes leftover after parsing attributes in process `syz.6.692'.
[  652.045934][ T5868] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  652.220101][ T5874] Bluetooth: hci4: command tx timeout
[  652.891210][ T9558] netlink: 1752 bytes leftover after parsing attributes in process `syz.5.697'.
[  653.294277][ T9573] loop1: detected capacity change from 0 to 256
[  653.333824][ T9573] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  653.344767][ T9573] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[  653.407090][ T9573] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  654.758315][ T9384] bridge0: port 1(bridge_slave_0) entered blocking state
[  654.806443][ T9384] bridge0: port 1(bridge_slave_0) entered disabled state
[  654.860820][ T9384] bridge_slave_0: entered allmulticast mode
[  654.900929][ T9384] bridge_slave_0: entered promiscuous mode
[  654.954235][ T9384] bridge0: port 2(bridge_slave_1) entered blocking state
[  655.039409][ T9384] bridge0: port 2(bridge_slave_1) entered disabled state
[  655.104876][ T9384] bridge_slave_1: entered allmulticast mode
[  655.157260][ T9384] bridge_slave_1: entered promiscuous mode
[  655.936364][ T9448] chnl_net:caif_netlink_parms(): no params data found
[  657.560189][ T9384] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  657.766184][ T9384] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  658.375372][ T9621] loop1: detected capacity change from 0 to 1024
[  658.389691][ T9621] EXT4-fs: Ignoring removed orlov option
[  658.395553][ T9621] EXT4-fs: Ignoring removed nomblk_io_submit option
[  658.887356][ T9623] netlink: 1752 bytes leftover after parsing attributes in process `syz.5.709'.
[  658.916236][ T9621] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  658.994441][ T9620] sch_fq: defrate 0 ignored.
[  659.252370][ T5867] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  659.295746][ T9384] team0: Port device team_slave_0 added
[  659.380892][ T9308] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  659.475644][ T9384] team0: Port device team_slave_1 added
[  660.138482][ T9637] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  660.750044][ T9308] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  661.061802][ T9448] bridge0: port 1(bridge_slave_0) entered blocking state
[  661.089082][ T9448] bridge0: port 1(bridge_slave_0) entered disabled state
[  661.107838][ T9448] bridge_slave_0: entered allmulticast mode
[  661.121352][ T9646] loop5: detected capacity change from 0 to 512
[  661.131938][ T9448] bridge_slave_0: entered promiscuous mode
[  661.151227][ T9308] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  661.179186][ T9384] batman_adv: batadv0: Adding interface: batadv_slave_0
[  661.194757][ T9646] EXT4-fs: Ignoring removed bh option
[  661.210738][ T9384] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  661.269274][ T9646] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[  661.298778][ T9384] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  661.331855][ T9646] EXT4-fs (loop5): 1 truncate cleaned up
[  661.339534][ T9646] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  661.374495][ T9384] batman_adv: batadv0: Adding interface: batadv_slave_1
[  661.393854][ T9384] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  661.509667][ T9384] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  661.653029][ T9448] bridge0: port 2(bridge_slave_1) entered blocking state
[  661.709880][ T9448] bridge0: port 2(bridge_slave_1) entered disabled state
[  661.758904][ T9448] bridge_slave_1: entered allmulticast mode
[  662.495067][ T9448] bridge_slave_1: entered promiscuous mode
[  662.515681][ T5868] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  662.521791][ T9308] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  662.585429][ T9659] loop6: detected capacity change from 0 to 128
[  663.037569][ T9384] hsr_slave_0: entered promiscuous mode
[  663.074896][ T9384] hsr_slave_1: entered promiscuous mode
[  663.091796][ T9384] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  663.112688][ T9384] Cannot create hsr debugfs directory
[  663.158129][ T9448] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  663.401471][ T9448] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  663.708746][ T9448] team0: Port device team_slave_0 added
[  663.725687][ T6052] bridge_slave_1: left allmulticast mode
[  663.749913][ T6052] bridge_slave_1: left promiscuous mode
[  663.755721][ T6052] bridge0: port 2(bridge_slave_1) entered disabled state
[  663.786560][ T6052] bridge_slave_0: left allmulticast mode
[  663.813332][ T6052] bridge_slave_0: left promiscuous mode
[  663.819189][ T6052] bridge0: port 1(bridge_slave_0) entered disabled state
[  664.090257][ T6052] bridge_slave_1: left allmulticast mode
[  664.095956][ T6052] bridge_slave_1: left promiscuous mode
[  664.101769][ T6052] bridge0: port 2(bridge_slave_1) entered disabled state
[  664.111354][ T6052] bridge_slave_0: left allmulticast mode
[  664.117050][ T6052] bridge_slave_0: left promiscuous mode
[  664.124880][ T6052] bridge0: port 1(bridge_slave_0) entered disabled state
[  664.432820][ T9683] loop1: detected capacity change from 0 to 256
[  666.020427][ T6052] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  666.037634][ T6052] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  666.068036][ T6052] bond0 (unregistering): Released all slaves
[  666.366731][ T6052] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  666.398474][ T6052] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  666.422641][ T6052] bond0 (unregistering): Released all slaves
[  666.521359][ T9448] team0: Port device team_slave_1 added
[  666.819163][ T6052] hsr_slave_0: left promiscuous mode
[  666.890536][ T6052] hsr_slave_1: left promiscuous mode
[  666.901113][ T6052] batman_adv: batadv0: Removing interface: batadv_slave_0
[  666.914909][ T6052] batman_adv: batadv0: Removing interface: batadv_slave_1
[  667.006179][ T6052] hsr_slave_0: left promiscuous mode
[  667.030122][ T6052] hsr_slave_1: left promiscuous mode
[  667.229975][   T10] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  667.304595][ T6052] batman_adv: batadv0: Removing interface: batadv_slave_0
[  667.321131][ T6052] batman_adv: batadv0: Removing interface: batadv_slave_1
[  668.359956][   T10] usb 6-1: Using ep0 maxpacket: 32
[  669.318679][   T10] usb 6-1: unable to get BOS descriptor or descriptor too short
[  669.334171][   T10] usb 6-1: config 4 has an invalid interface number: 154 but max is 0
[  669.342893][   T10] usb 6-1: config 4 has no interface number 0
[  669.349685][   T10] usb 6-1: config 4 interface 154 has no altsetting 0
[  669.840011][   T10] usb 6-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=90.05
[  669.849131][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  669.857749][   T10] usb 6-1: Product: syz
[  669.862444][   T10] usb 6-1: Manufacturer: syz
[  669.867064][   T10] usb 6-1: SerialNumber: syz
[  669.926603][ T9718] netlink: 'syz.6.724': attribute type 2 has an invalid length.
[  669.960021][ T9718] netlink: 164 bytes leftover after parsing attributes in process `syz.6.724'.
[  669.979424][ T9720] netlink: 'syz.6.724': attribute type 2 has an invalid length.
[  669.993636][   T10] appletouch 6-1:4.154: Could not find int-in endpoint
[  670.010388][   T10] appletouch 6-1:4.154: probe with driver appletouch failed with error -5
[  670.040794][   T10] usbhid 6-1:4.154: couldn't find an input interrupt endpoint
[  670.058954][ T9720] netlink: 164 bytes leftover after parsing attributes in process `syz.6.724'.
[  670.086801][   T10] usb 6-1: USB disconnect, device number 7
[  670.128958][ T6052] team0 (unregistering): Port device team_slave_1 removed
[  670.184134][ T6052] team0 (unregistering): Port device team_slave_0 removed
[  670.797329][ T9731] Driver unsupported XDP return value 0 on prog  (id 313) dev N/A, expect packet loss!
[  671.075301][ T6052] team0 (unregistering): Port device team_slave_1 removed
[  671.147986][ T6052] team0 (unregistering): Port device team_slave_0 removed
[  672.014674][ T9448] batman_adv: batadv0: Adding interface: batadv_slave_0
[  672.037775][ T9448] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  672.110817][ T9448] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  672.160606][ T9722] netlink: 60 bytes leftover after parsing attributes in process `syz.1.725'.
[  672.194897][ T9448] batman_adv: batadv0: Adding interface: batadv_slave_1
[  672.220021][ T9448] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  672.319578][ T9448] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  672.849474][ T9448] hsr_slave_0: entered promiscuous mode
[  672.878860][ T9448] hsr_slave_1: entered promiscuous mode
[  672.908522][ T9448] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  672.960253][ T9448] Cannot create hsr debugfs directory
[  673.373248][ T9384] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  673.498619][ T9384] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  673.540098][ T9765] netlink: 'syz.5.733': attribute type 13 has an invalid length.
[  673.619907][ T9384] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  673.659626][ T9384] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  673.784933][ T9308] 8021q: adding VLAN 0 to HW filter on device bond0
[  673.927727][ T9771] loop6: detected capacity change from 0 to 1024
[  673.935300][ T9771] EXT4-fs: Ignoring removed orlov option
[  673.941054][ T9771] EXT4-fs: Ignoring removed nomblk_io_submit option
[  674.002434][ T9771] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  674.158762][ T9777] netlink: 4 bytes leftover after parsing attributes in process `syz.1.736'.
[  674.263666][ T9778] netlink: 12 bytes leftover after parsing attributes in process `syz.1.736'.
[  674.307180][ T9768] sch_fq: defrate 0 ignored.
[  674.371641][ T9308] 8021q: adding VLAN 0 to HW filter on device team0
[  674.472675][ T7460] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  674.783144][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  674.790378][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  675.313393][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  675.320674][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  675.457255][ T9805] overlayfs: failed to resolve './file1': -2
[  675.512447][ T9796] netlink: 'syz.6.740': attribute type 29 has an invalid length.
[  675.523114][ T9800] netlink: 'syz.6.740': attribute type 29 has an invalid length.
[  676.698057][ T9384] 8021q: adding VLAN 0 to HW filter on device bond0
[  676.873044][ T9384] 8021q: adding VLAN 0 to HW filter on device team0
[  676.976180][ T6052] bridge0: port 1(bridge_slave_0) entered blocking state
[  676.983431][ T6052] bridge0: port 1(bridge_slave_0) entered forwarding state
[  677.076237][ T8927] bridge0: port 2(bridge_slave_1) entered blocking state
[  677.083468][ T8927] bridge0: port 2(bridge_slave_1) entered forwarding state
[  677.162560][ T9830] netlink: 4 bytes leftover after parsing attributes in process `syz.5.747'.
[  677.201743][ T9830] netlink: 12 bytes leftover after parsing attributes in process `syz.5.747'.
[  677.356579][ T9448] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  677.456905][ T9448] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  677.591457][ T9448] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  677.672276][ T9384] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  677.766465][ T9448] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  678.214934][ T9854] loop6: detected capacity change from 0 to 128
[  679.331027][ T9308] 8021q: adding VLAN 0 to HW filter on device batadv0
[  680.066324][ T9448] 8021q: adding VLAN 0 to HW filter on device bond0
[  680.275235][ T9448] 8021q: adding VLAN 0 to HW filter on device team0
[  680.436467][ T9874] loop5: detected capacity change from 0 to 1024
[  680.480526][ T8927] bridge0: port 1(bridge_slave_0) entered blocking state
[  680.487720][ T8927] bridge0: port 1(bridge_slave_0) entered forwarding state
[  680.521421][ T9874] EXT4-fs: Ignoring removed orlov option
[  680.527163][ T9874] EXT4-fs: Ignoring removed nomblk_io_submit option
[  680.613947][ T8927] bridge0: port 2(bridge_slave_1) entered blocking state
[  680.621210][ T8927] bridge0: port 2(bridge_slave_1) entered forwarding state
[  680.778908][ T9448] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  680.815629][ T9448] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  680.934350][ T9874] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  680.969962][ T9883] netlink: 'syz.6.757': attribute type 29 has an invalid length.
[  681.005932][ T9885] netlink: 'syz.6.757': attribute type 29 has an invalid length.
[  681.121486][ T9886] netlink: 'syz.6.757': attribute type 29 has an invalid length.
[  681.165361][ T5868] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  681.179167][ T9887] netlink: 'syz.6.757': attribute type 29 has an invalid length.
[  681.268805][   T56] block nbd0: Possible stuck request ffff888026b4e000: control (read@0,1024B). Runtime 450 seconds
[  681.279979][   T56] block nbd0: Possible stuck request ffff888026b4e1c0: control (read@1024,1024B). Runtime 450 seconds
[  681.291319][   T56] block nbd0: Possible stuck request ffff888026b4e380: control (read@2048,1024B). Runtime 450 seconds
[  681.302694][   T56] block nbd0: Possible stuck request ffff888026b4e540: control (read@3072,1024B). Runtime 450 seconds
[  681.311781][ T9384] 8021q: adding VLAN 0 to HW filter on device batadv0
[  682.049907][ T9308] veth0_vlan: entered promiscuous mode
[  682.116219][ T9448] 8021q: adding VLAN 0 to HW filter on device batadv0
[  682.149599][ T9308] veth1_vlan: entered promiscuous mode
[  682.297818][ T9308] veth0_macvtap: entered promiscuous mode
[  682.428725][ T9921] loop1: detected capacity change from 0 to 256
[  682.479938][ T9921] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  682.490719][ T9921] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[  682.563155][ T9921] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  682.688443][ T9921] input: syz1 as /devices/virtual/input/input22
[  683.343412][ T9308] veth1_macvtap: entered promiscuous mode
[  684.055052][ T9308] batman_adv: batadv0: Interface activated: batadv_slave_0
[  684.269660][ T9308] batman_adv: batadv0: Interface activated: batadv_slave_1
[  684.371897][ T9308] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  684.469986][ T9308] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  684.509204][ T9308] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  684.551282][ T9308] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  685.229316][ T9384] veth0_vlan: entered promiscuous mode
[  685.297987][ T9384] veth1_vlan: entered promiscuous mode
[  685.496814][ T9384] veth0_macvtap: entered promiscuous mode
[  685.656800][ T9384] veth1_macvtap: entered promiscuous mode
[  685.726625][ T6052] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  685.759150][ T6052] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  685.768082][ T9951] netlink: 4 bytes leftover after parsing attributes in process `syz.1.770'.
[  685.888232][ T9384] batman_adv: batadv0: Interface activated: batadv_slave_0
[  685.914892][ T9384] batman_adv: batadv0: Interface activated: batadv_slave_1
[  685.976777][ T9384] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  686.009984][ T9384] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  686.022137][ T9384] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  686.173254][ T9384] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  686.192888][ T1107] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  686.209811][ T1107] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  686.554370][ T9448] veth0_vlan: entered promiscuous mode
[  686.770358][ T9448] veth1_vlan: entered promiscuous mode
[  686.804469][ T8927] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  686.820958][ T8927] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  687.023684][ T1107] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  687.070808][ T1107] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  687.107192][ T9448] veth0_macvtap: entered promiscuous mode
[  687.216492][ T9448] veth1_macvtap: entered promiscuous mode
[  687.222390][   T10] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  687.277257][ T9971] netlink: 'syz.1.774': attribute type 29 has an invalid length.
[  687.323051][ T9974] netlink: 'syz.1.774': attribute type 29 has an invalid length.
[  687.403276][ T9971] netlink: 'syz.1.774': attribute type 29 has an invalid length.
[  687.447706][ T9448] batman_adv: batadv0: Interface activated: batadv_slave_0
[  687.507896][   T10] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  687.519981][ T9971] netlink: 'syz.1.774': attribute type 29 has an invalid length.
[  687.554820][ T9448] batman_adv: batadv0: Interface activated: batadv_slave_1
[  687.559816][   T10] usb 9-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00
[  687.613154][   T10] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  687.642082][   T10] usb 9-1: config 0 descriptor??
[  687.672419][ T9448] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  687.720532][ T9448] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  687.770468][ T9448] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  687.786211][ T9448] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  688.297626][ T9999] blktrace: Concurrent blktraces are not allowed on loop8
[  688.793245][T10004] netlink: 4 bytes leftover after parsing attributes in process `syz.5.780'.
[  689.091682][T10009] loop6: detected capacity change from 0 to 256
[  689.112468][T10009] exFAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  689.123312][T10009] exFAT-fs (loop6): Medium has reported failures. Some data may be lost.
[  689.230417][T10009] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  689.466788][T10010] input: syz1 as /devices/virtual/input/input23
[  690.208402][T10015] netlink: 'syz.5.782': attribute type 39 has an invalid length.
[  690.497701][   T10] usbhid 9-1:0.0: can't add hid device: -71
[  690.522349][   T10] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  690.627463][   T10] usb 9-1: USB disconnect, device number 2
[  692.196428][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  692.492400][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  692.528033][T10023] syzkaller0: entered promiscuous mode
[  692.535573][T10023] syzkaller0: entered allmulticast mode
[  692.665144][ T1090] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  692.705186][ T1090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  693.526846][T10046] netlink: 4 bytes leftover after parsing attributes in process `syz.1.793'.
[  693.837348][T10055] loop7: detected capacity change from 0 to 1024
[  693.850999][T10055] EXT4-fs: Ignoring removed orlov option
[  693.875742][T10055] EXT4-fs: Ignoring removed nomblk_io_submit option
[  693.977929][T10055] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  694.236034][ T9384] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  695.348475][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  695.355337][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  696.517442][T10082] netlink: 4 bytes leftover after parsing attributes in process `syz.9.222'.
[  696.995182][T10091] loop8: detected capacity change from 0 to 1024
[  697.374646][ T6072] hfsplus: b-tree write err: -5, ino 4
[  698.535487][T10111] netlink: 7 bytes leftover after parsing attributes in process `syz.7.815'.
[  698.665267][T10114] netlink: 4 bytes leftover after parsing attributes in process `syz.8.816'.
[  698.695881][T10116] overlayfs: overlapping lowerdir path
[  699.617132][T10109] loop9: detected capacity change from 0 to 32768
[  699.797872][T10109] (syz.9.814,10109,0):ocfs2_get_truncate_log_info:6193 ERROR: status = -117
[  699.831222][T10109] (syz.9.814,10109,1):ocfs2_truncate_log_init:6363 ERROR: status = -117
[  699.854841][T10109] (syz.9.814,10109,1):ocfs2_mount_volume:1770 ERROR: status = -117
[  699.914250][T10109] (syz.9.814,10109,1):ocfs2_fill_super:1177 ERROR: status = -117
[  700.917652][T10134] loop6: detected capacity change from 0 to 1024
[  701.010478][T10134] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  701.577401][T10139] 9pnet_fd: Insufficient options for proto=fd
[  701.989600][T10132] loop9: detected capacity change from 0 to 32768
[  702.038712][T10132] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop9 (7:9) scanned by syz.9.821 (10132)
[  702.178665][ T7460] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  702.239968][T10132] BTRFS info (device loop9): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  702.270322][T10132] BTRFS info (device loop9): using sha256 (sha256-x86_64) checksum algorithm
[  702.279158][T10132] BTRFS info (device loop9): using free-space-tree
[  702.955378][ T9448] BTRFS info (device loop9): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  705.322406][T10184] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  705.490829][T10193] loop5: detected capacity change from 0 to 256
[  705.640343][T10193] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  705.651589][T10193] exFAT-fs (loop5): Medium has reported failures. Some data may be lost.
[  705.740278][  T972] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  705.849809][T10193] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  706.248911][  T972] usb 2-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  706.311926][  T972] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  706.638735][  T972] usb 2-1: config 0 descriptor??
[  706.789171][T10175] loop6: detected capacity change from 0 to 32768
[  707.278567][T10200] loop9: detected capacity change from 0 to 128
[  709.081520][T10203] ptrace attach of "./syz-executor exec"[9384] was attempted by "./syz-executor exec"[10203]
[  709.901379][  T972] usb 2-1: Cannot set autoneg
[  709.906582][  T972] MOSCHIP usb-ethernet driver 2-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  709.924533][  T972] usb 2-1: USB disconnect, device number 5
[  711.097926][T10222] loop9: detected capacity change from 0 to 64
[  711.168465][T10223] netlink: 4 bytes leftover after parsing attributes in process `syz.1.845'.
[  711.419223][   T56] block nbd0: Possible stuck request ffff888026b4e000: control (read@0,1024B). Runtime 480 seconds
[  711.431422][   T56] block nbd0: Possible stuck request ffff888026b4e1c0: control (read@1024,1024B). Runtime 480 seconds
[  711.442495][   T56] block nbd0: Possible stuck request ffff888026b4e380: control (read@2048,1024B). Runtime 480 seconds
[  711.453534][   T56] block nbd0: Possible stuck request ffff888026b4e540: control (read@3072,1024B). Runtime 480 seconds
[  711.611249][T10225] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  715.221258][T10246] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  715.457395][T10258] loop9: detected capacity change from 0 to 256
[  715.570831][T10258] exFAT-fs (loop9): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  715.581737][T10258] exFAT-fs (loop9): Medium has reported failures. Some data may be lost.
[  715.704982][T10258] exFAT-fs (loop9): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  717.455887][T10271] loop8: detected capacity change from 0 to 128
[  719.462621][T10269] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  720.025191][T10284] netlink: 4 bytes leftover after parsing attributes in process `syz.5.859'.
[  721.318320][T10285] loop8: detected capacity change from 0 to 1024
[  721.422113][T10285] EXT4-fs: Ignoring removed orlov option
[  721.427824][T10285] EXT4-fs: Ignoring removed nomblk_io_submit option
[  721.592089][T10285] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  721.776460][T10301] 9pnet_fd: Insufficient options for proto=fd
[  722.165320][T10302] loop5: detected capacity change from 0 to 32768
[  722.738999][T10313] loop1: detected capacity change from 0 to 128
[  722.791405][T10302] bcachefs (loop5): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names
[  722.791445][T10302]   allowing incompatible features above 0.0: (unknown version)
[  722.791468][T10302]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  722.831859][T10302] bcachefs (loop5): Using encoding defined by superblock: utf8-12.1.0
[  722.840129][T10302] bcachefs (loop5): initializing new filesystem
[  722.855334][T10302] bcachefs (loop5): going read-write
[  722.932164][ T9308] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  722.960271][T10302] bcachefs (loop5): marking superblocks
[  722.983967][T10302] bcachefs (loop5): initializing freespace
[  722.996395][T10302] bcachefs (loop5): done initializing freespace
[  723.006482][T10302] bcachefs (loop5): reading snapshots table
[  723.012503][T10302] bcachefs (loop5): reading snapshots done
[  723.122196][T10302] bcachefs (loop5): done starting filesystem
[  723.343184][T10325] syz.1.865: attempt to access beyond end of device
[  723.343184][T10325] loop1: rw=2049, sector=145, nr_sectors = 16 limit=128
[  723.467498][T10325] syz.1.865: attempt to access beyond end of device
[  723.467498][T10325] loop1: rw=2049, sector=169, nr_sectors = 8 limit=128
[  723.791817][T10325] syz.1.865: attempt to access beyond end of device
[  723.791817][T10325] loop1: rw=2049, sector=185, nr_sectors = 8 limit=128
[  724.150127][T10325] syz.1.865: attempt to access beyond end of device
[  724.150127][T10325] loop1: rw=2049, sector=201, nr_sectors = 8 limit=128
[  724.242907][T10325] syz.1.865: attempt to access beyond end of device
[  724.242907][T10325] loop1: rw=2049, sector=217, nr_sectors = 8 limit=128
[  724.303166][T10325] syz.1.865: attempt to access beyond end of device
[  724.303166][T10325] loop1: rw=2049, sector=233, nr_sectors = 8 limit=128
[  724.920672][T10302] syz.5.864 (10302) used greatest stack depth: 19624 bytes left
[  725.012774][T10325] syz.1.865: attempt to access beyond end of device
[  725.012774][T10325] loop1: rw=2049, sector=249, nr_sectors = 8 limit=128
[  725.221024][ T5874] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  725.331057][ T5874] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  725.463257][ T5874] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  725.472622][ T5874] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  725.481595][ T5874] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  726.850743][T10346] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  727.366194][T10351] loop9: detected capacity change from 0 to 128
[  727.624435][T10331] Bluetooth: hci5: command tx timeout
[  728.632140][ T5868] bcachefs (loop5): shutting down
[  728.637434][ T5868] bcachefs (loop5): going read-only
[  728.644214][ T5868] bcachefs (loop5): finished waiting for writes to stop
[  728.771208][ T5868] bcachefs (loop5): flushing journal and stopping allocators, journal seq 7
[  728.950746][ T5868] bcachefs (loop5): flushing journal and stopping allocators complete, journal seq 7
[  729.000327][T10357] netlink: 4 bytes leftover after parsing attributes in process `syz.8.875'.
[  729.062492][ T5868] bcachefs (loop5): clean shutdown complete, journal seq 8
[  729.099717][ T5868] bcachefs (loop5): marking filesystem clean
[  729.779885][T10331] Bluetooth: hci5: command tx timeout
[  729.816191][T10365] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  729.927333][ T5868] bcachefs (loop5): shutdown complete
[  730.619080][   T12] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  730.665338][T10378] loop6: detected capacity change from 0 to 64
[  730.731056][T10378] hfs: request for non-existent node 131072 in B*Tree
[  730.738163][T10378] hfs: request for non-existent node 131072 in B*Tree
[  731.137352][T10381] overlayfs: overlapping lowerdir path
[  732.193170][T10331] Bluetooth: hci5: command tx timeout
[  733.203473][   T12] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  733.981938][T10395] loop6: detected capacity change from 0 to 1764
[  733.997188][T10395] iso9660: Unknown parameter 'de'
[  734.373039][T10331] Bluetooth: hci5: command tx timeout
[  735.016453][   T12] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  735.120989][ T6009] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  735.305313][ T6009] usb 7-1: Using ep0 maxpacket: 8
[  735.324140][ T6009] usb 7-1: unable to get BOS descriptor or descriptor too short
[  735.363353][ T6009] usb 7-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[  735.363752][   T12] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  735.399844][ T6009] usb 7-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  735.408886][ T6009] usb 7-1: config 1 has no interface number 1
[  735.444578][ T6009] usb 7-1: config 1 interface 2 altsetting 129 has 0 endpoint descriptors, different from the interface descriptor's value: 9
[  735.746597][ T6009] usb 7-1: config 1 interface 2 has no altsetting 0
[  735.762298][ T6009] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  735.779826][ T6009] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  735.787855][ T6009] usb 7-1: Product: syz
[  735.799358][ T6009] usb 7-1: Manufacturer: syz
[  735.805445][ T6009] usb 7-1: SerialNumber: syz
[  736.933064][ T6009] usb 7-1: can't set config #1, error -71
[  736.986939][ T6009] usb 7-1: USB disconnect, device number 2
[  737.035386][T10339] chnl_net:caif_netlink_parms(): no params data found
[  737.746729][T10424] netlink: 'syz.6.891': attribute type 2 has an invalid length.
[  738.012364][T10424] netlink: 164 bytes leftover after parsing attributes in process `syz.6.891'.
[  738.246646][T10427] loop9: detected capacity change from 0 to 128
[  739.030558][T10435] netlink: 4 bytes leftover after parsing attributes in process `syz.8.894'.
[  739.686123][   T12] bridge_slave_1: left allmulticast mode
[  740.361933][   T12] bridge_slave_1: left promiscuous mode
[  740.531200][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  740.981900][   T12] bridge_slave_0: left allmulticast mode
[  741.017455][   T12] bridge_slave_0: left promiscuous mode
[  741.035776][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  741.350678][T10454] loop9: detected capacity change from 0 to 256
[  741.389262][T10454] exFAT-fs (loop9): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  741.400161][T10454] exFAT-fs (loop9): Medium has reported failures. Some data may be lost.
[  741.455356][T10454] exFAT-fs (loop9): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  741.593740][T10454] input: syz1 as /devices/virtual/input/input26
[  742.240174][T10288] block nbd0: Possible stuck request ffff888026b4e000: control (read@0,1024B). Runtime 510 seconds
[  742.250994][T10288] block nbd0: Possible stuck request ffff888026b4e1c0: control (read@1024,1024B). Runtime 510 seconds
[  742.268478][T10288] block nbd0: Possible stuck request ffff888026b4e380: control (read@2048,1024B). Runtime 510 seconds
[  742.282230][T10288] block nbd0: Possible stuck request ffff888026b4e540: control (read@3072,1024B). Runtime 510 seconds
[  745.239167][T10483] loop9: detected capacity change from 0 to 1024
[  745.255207][T10483] EXT4-fs: Ignoring removed orlov option
[  745.262612][T10483] EXT4-fs: Ignoring removed nomblk_io_submit option
[  745.444361][T10483] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  745.822090][ T5874] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  745.831892][ T5874] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  745.844926][ T5874] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  745.856397][ T5874] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  745.871520][ T5874] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  746.005884][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  746.050209][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  746.082944][   T12] bond0 (unregistering): Released all slaves
[  746.214293][T10498] netlink: 'syz.1.906': attribute type 2 has an invalid length.
[  746.235137][T10498] netlink: 164 bytes leftover after parsing attributes in process `syz.1.906'.
[  746.311076][T10339] bridge0: port 1(bridge_slave_0) entered blocking state
[  746.328293][T10339] bridge0: port 1(bridge_slave_0) entered disabled state
[  746.340912][T10339] bridge_slave_0: entered allmulticast mode
[  746.364152][T10339] bridge_slave_0: entered promiscuous mode
[  746.437616][T10482] sch_fq: defrate 0 ignored.
[  746.661924][ T9448] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  747.355730][T10514] loop8: detected capacity change from 0 to 128
[  748.033651][   T55] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  748.049798][T10331] Bluetooth: hci1: command tx timeout
[  748.150194][T10339] bridge0: port 2(bridge_slave_1) entered blocking state
[  748.195238][T10339] bridge0: port 2(bridge_slave_1) entered disabled state
[  748.259151][T10339] bridge_slave_1: entered allmulticast mode
[  748.282047][   T55] usb 2-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36
[  748.301911][T10339] bridge_slave_1: entered promiscuous mode
[  748.329937][   T55] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  748.395431][   T55] usb 2-1: config 0 descriptor??
[  748.728522][   T55] kaweth 2-1:0.0: Firmware present in device.
[  748.738837][T10339] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  748.804471][T10339] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  748.879891][   T55] kaweth 2-1:0.0: Statistics collection: 0
[  748.906377][   T55] kaweth 2-1:0.0: Multicast filter limit: 0
[  748.937825][   T55] kaweth 2-1:0.0: MTU: 0
[  748.965300][   T55] kaweth 2-1:0.0: Read MAC address 00:00:00:00:00:00
[  749.082997][   T55] kaweth 2-1:0.0: probe with driver kaweth failed with error -5
[  749.170245][   T55] usb 2-1: USB disconnect, device number 6
[  749.600104][T10523] loop9: detected capacity change from 0 to 128
[  749.614321][T10523] FAT-fs (loop9): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  749.685369][T10523] FAT-fs (loop9): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  750.059858][T10331] Bluetooth: hci1: command tx timeout
[  750.283187][   T12] hsr_slave_0: left promiscuous mode
[  751.550831][   T12] hsr_slave_1: left promiscuous mode
[  751.604051][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  751.611525][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  751.654676][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  751.667239][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  751.709314][   T12] veth1_macvtap: left promiscuous mode
[  751.714988][   T12] veth0_macvtap: left promiscuous mode
[  751.720783][   T12] veth1_vlan: left promiscuous mode
[  751.726234][   T12] veth0_vlan: left promiscuous mode
[  751.749215][T10534] netlink: 4 bytes leftover after parsing attributes in process `syz.9.918'.
[  752.142921][ T5874] Bluetooth: hci1: command tx timeout
[  752.195758][   T12] team0 (unregistering): Port device team_slave_1 removed
[  752.238046][   T12] team0 (unregistering): Port device team_slave_0 removed
[  752.861975][T10339] team0: Port device team_slave_0 added
[  752.922072][T10339] team0: Port device team_slave_1 added
[  752.978338][T10544] netlink: 'syz.6.920': attribute type 2 has an invalid length.
[  753.059871][T10544] netlink: 164 bytes leftover after parsing attributes in process `syz.6.920'.
[  754.183300][T10555] loop1: detected capacity change from 0 to 1024
[  754.201744][T10555] EXT4-fs: Ignoring removed orlov option
[  754.207644][T10555] EXT4-fs: Ignoring removed nomblk_io_submit option
[  754.230280][ T5874] Bluetooth: hci0: command 0x0406 tx timeout
[  754.236468][ T5874] Bluetooth: hci1: command tx timeout
[  754.327476][T10555] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  754.407773][T10339] batman_adv: batadv0: Adding interface: batadv_slave_0
[  754.515543][T10339] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  754.591737][T10339] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  754.669073][T10553] sch_fq: defrate 0 ignored.
[  754.676628][T10339] batman_adv: batadv0: Adding interface: batadv_slave_1
[  754.822399][T10339] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  754.854639][T10339] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  754.950866][ T5867] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  755.168855][T10581] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  755.842225][T10595] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  756.711449][T10601] loop6: detected capacity change from 0 to 512
[  756.785730][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  756.796636][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  756.909499][T10601] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  757.027892][T10339] hsr_slave_0: entered promiscuous mode
[  757.076196][T10339] hsr_slave_1: entered promiscuous mode
[  757.144174][T10339] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  757.219469][T10339] Cannot create hsr debugfs directory
[  757.405094][T10487] chnl_net:caif_netlink_parms(): no params data found
[  757.945860][ T7460] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  758.675063][T10620] loop1: detected capacity change from 0 to 1024
[  758.705717][T10620] EXT4-fs: Ignoring removed orlov option
[  758.764125][T10620] EXT4-fs: Ignoring removed nomblk_io_submit option
[  758.850718][T10620] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  759.082869][T10487] bridge0: port 1(bridge_slave_0) entered blocking state
[  759.115464][T10487] bridge0: port 1(bridge_slave_0) entered disabled state
[  759.150595][T10487] bridge_slave_0: entered allmulticast mode
[  759.179250][T10487] bridge_slave_0: entered promiscuous mode
[  759.361092][ T5867] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  759.441275][T10487] bridge0: port 2(bridge_slave_1) entered blocking state
[  759.473699][T10487] bridge0: port 2(bridge_slave_1) entered disabled state
[  759.570063][T10487] bridge_slave_1: entered allmulticast mode
[  759.603173][T10487] bridge_slave_1: entered promiscuous mode
[  760.241175][T10487] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  760.326289][T10643] netlink: 'syz.6.937': attribute type 2 has an invalid length.
[  760.377551][T10643] netlink: 164 bytes leftover after parsing attributes in process `syz.6.937'.
[  761.606238][T10649] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  761.733499][T10487] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  762.272138][T10655] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  763.235453][T10487] team0: Port device team_slave_0 added
[  763.331872][T10675] netlink: 48 bytes leftover after parsing attributes in process `syz.9.942'.
[  763.412184][T10677] loop6: detected capacity change from 0 to 1024
[  763.430868][T10677] EXT4-fs: Ignoring removed orlov option
[  763.446370][T10677] EXT4-fs: Ignoring removed nomblk_io_submit option
[  763.503601][T10677] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  763.621625][ T7460] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  763.736973][T10487] team0: Port device team_slave_1 added
[  765.355683][T10687] overlayfs: overlapping lowerdir path
[  766.730502][T10487] batman_adv: batadv0: Adding interface: batadv_slave_0
[  766.748683][T10487] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  766.810358][T10487] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  766.827234][T10487] batman_adv: batadv0: Adding interface: batadv_slave_1
[  766.835129][T10487] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  766.917094][T10487] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  769.075811][T10699] loop1: detected capacity change from 0 to 131072
[  769.099953][T10556] Bluetooth: hci4: command 0x0406 tx timeout
[  769.118807][T10699] F2FS-fs (loop1): Test dummy encryption mode enabled
[  769.131321][T10699] F2FS-fs (loop1): invalid crc value
[  769.267740][T10696] syzkaller0: entered promiscuous mode
[  769.273483][T10699] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  769.282475][T10696] syzkaller0: entered allmulticast mode
[  769.326715][T10698] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni"
[  769.787900][T10487] hsr_slave_0: entered promiscuous mode
[  769.835877][T10487] hsr_slave_1: entered promiscuous mode
[  769.850769][T10487] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  769.858350][T10487] Cannot create hsr debugfs directory
[  772.783439][T10288] block nbd0: Possible stuck request ffff888026b4e000: control (read@0,1024B). Runtime 540 seconds
[  772.795648][T10288] block nbd0: Possible stuck request ffff888026b4e1c0: control (read@1024,1024B). Runtime 540 seconds
[  772.808068][T10288] block nbd0: Possible stuck request ffff888026b4e380: control (read@2048,1024B). Runtime 540 seconds
[  772.819259][T10288] block nbd0: Possible stuck request ffff888026b4e540: control (read@3072,1024B). Runtime 540 seconds
[  774.851789][T10741] loop8: detected capacity change from 0 to 1024
[  774.869878][T10741] EXT4-fs: Ignoring removed orlov option
[  774.875759][T10741] EXT4-fs: Ignoring removed nomblk_io_submit option
[  775.201157][T10741] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  775.605186][T10739] sch_fq: defrate 0 ignored.
[  775.816114][ T9308] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  776.528664][T10339] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  776.809929][T10339] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  776.924341][T10339] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  777.074518][T10339] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  779.152119][T10767] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  779.950217][T10811] syzkaller0: entered promiscuous mode
[  779.970548][T10811] syzkaller0: entered allmulticast mode
[  782.060619][T10842] overlayfs: overlapping lowerdir path
[  783.201567][T10556] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  783.219645][T10556] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  783.228126][T10556] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  783.245157][T10556] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  783.253305][T10556] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  784.470350][T10830] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  784.484233][T10839] tipc: Resetting bearer <eth:syzkaller0>
[  784.676569][T10829] tipc: Disabling bearer <eth:syzkaller0>
[  785.060343][T10867] binder: 10866:10867 ioctl 4018620d 0 returned -22
[  785.339914][T10331] Bluetooth: hci3: command tx timeout
[  786.300800][T10885] qrtr: Invalid version 212
[  786.342405][T10885] netlink: 52 bytes leftover after parsing attributes in process `syz.1.977'.
[  787.421662][T10331] Bluetooth: hci3: command tx timeout
[  787.734507][T10487] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  787.807268][T10487] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  787.851370][T10897] overlayfs: failed to resolve './file1': -2
[  787.916877][T10900] netlink: 16 bytes leftover after parsing attributes in process `syz.9.982'.
[  787.953857][T10487] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  788.167577][T10487] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  788.225170][T10905] loop9: detected capacity change from 0 to 1024
[  788.247067][T10905] EXT4-fs: Ignoring removed orlov option
[  788.260358][T10905] EXT4-fs: Ignoring removed nomblk_io_submit option
[  788.323477][T10905] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  788.436303][ T9448] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  788.825689][T10848] chnl_net:caif_netlink_parms(): no params data found
[  788.926025][ T6054] bridge_slave_1: left allmulticast mode
[  788.952152][ T6054] bridge_slave_1: left promiscuous mode
[  788.975745][ T6054] bridge0: port 2(bridge_slave_1) entered disabled state
[  789.296403][T10931] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[  789.501642][T10932] loop1: detected capacity change from 0 to 128
[  789.562464][T10331] Bluetooth: hci3: command tx timeout
[  789.591707][ T6054] bridge_slave_0: left allmulticast mode
[  789.926017][ T6054] bridge_slave_0: left promiscuous mode
[  790.097074][ T6054] bridge0: port 1(bridge_slave_0) entered disabled state
[  791.593346][T10331] Bluetooth: hci3: command tx timeout
[  791.988380][T10956] overlayfs: failed to resolve './file0': -2
[  792.490393][ T6054] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  792.542186][ T6054] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  792.626518][ T6054] bond0 (unregistering): Released all slaves
[  793.023682][T10957] loop6: detected capacity change from 0 to 32768
[  793.069466][T10977] netlink: 'syz.9.1001': attribute type 2 has an invalid length.
[  793.093063][T10977] netlink: 164 bytes leftover after parsing attributes in process `syz.9.1001'.
[  793.104339][T10957] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.995 (10957)
[  793.145312][T10979] netlink: 'syz.9.1001': attribute type 2 has an invalid length.
[  793.164744][T10979] netlink: 164 bytes leftover after parsing attributes in process `syz.9.1001'.
[  793.180244][T10957] BTRFS info (device loop6): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  793.195262][ T6054] hsr_slave_0: left promiscuous mode
[  793.209897][T10957] BTRFS info (device loop6): using crc32c (crc32c-x86_64) checksum algorithm
[  793.219958][T10957] BTRFS info (device loop6): using free-space-tree
[  793.226516][ T6054] hsr_slave_1: left promiscuous mode
[  793.250747][ T6054] batman_adv: batadv0: Removing interface: batadv_slave_0
[  793.278899][ T6054] batman_adv: batadv0: Removing interface: batadv_slave_1
[  793.467375][   T30] audit: type=1800 audit(1753175622.427:44): pid=10957 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.995" name="file1" dev="loop6" ino=260 res=0 errno=0
[  793.503917][T10957] BTRFS error (device loop6): balance: invalid convert data profile raid1c4
[  793.649028][ T7460] BTRFS info (device loop6): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  794.110698][T11004] loop8: detected capacity change from 0 to 128
[  794.830619][ T6054] team0 (unregistering): Port device team_slave_1 removed
[  794.891457][ T6054] team0 (unregistering): Port device team_slave_0 removed
[  795.307301][T11010] loop6: detected capacity change from 0 to 1024
[  795.348090][T11010] EXT4-fs: Ignoring removed orlov option
[  795.400394][T11010] EXT4-fs: Ignoring removed nomblk_io_submit option
[  795.452353][T11010] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  795.696557][ T7460] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  798.120055][T11040] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  798.480022][T10848] bridge0: port 1(bridge_slave_0) entered blocking state
[  798.532706][T10848] bridge0: port 1(bridge_slave_0) entered disabled state
[  798.580385][T10848] bridge_slave_0: entered allmulticast mode
[  798.652607][T11044] loop6: detected capacity change from 0 to 128
[  798.659123][T10848] bridge_slave_0: entered promiscuous mode
[  798.722662][T10848] bridge0: port 2(bridge_slave_1) entered blocking state
[  798.785806][T10848] bridge0: port 2(bridge_slave_1) entered disabled state
[  798.799905][T10848] bridge_slave_1: entered allmulticast mode
[  798.826859][T10848] bridge_slave_1: entered promiscuous mode
[  798.877160][T11047] syz.6.1014: attempt to access beyond end of device
[  798.877160][T11047] loop6: rw=2049, sector=145, nr_sectors = 16 limit=128
[  798.985242][T11047] syz.6.1014: attempt to access beyond end of device
[  798.985242][T11047] loop6: rw=2049, sector=169, nr_sectors = 8 limit=128
[  799.053153][T11047] syz.6.1014: attempt to access beyond end of device
[  799.053153][T11047] loop6: rw=2049, sector=185, nr_sectors = 8 limit=128
[  799.063734][T10848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  799.118209][T11047] syz.6.1014: attempt to access beyond end of device
[  799.118209][T11047] loop6: rw=2049, sector=201, nr_sectors = 8 limit=128
[  799.199364][T10848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  799.206065][T11047] syz.6.1014: attempt to access beyond end of device
[  799.206065][T11047] loop6: rw=2049, sector=217, nr_sectors = 8 limit=128
[  799.350095][T11047] syz.6.1014: attempt to access beyond end of device
[  799.350095][T11047] loop6: rw=2049, sector=233, nr_sectors = 8 limit=128
[  799.374309][T11047] syz.6.1014: attempt to access beyond end of device
[  799.374309][T11047] loop6: rw=2049, sector=249, nr_sectors = 8 limit=128
[  799.409251][T11047] syz.6.1014: attempt to access beyond end of device
[  799.409251][T11047] loop6: rw=2049, sector=265, nr_sectors = 8 limit=128
[  799.498454][T11047] syz.6.1014: attempt to access beyond end of device
[  799.498454][T11047] loop6: rw=2049, sector=281, nr_sectors = 8 limit=128
[  799.606364][T11047] syz.6.1014: attempt to access beyond end of device
[  799.606364][T11047] loop6: rw=2049, sector=297, nr_sectors = 8 limit=128
[  800.412882][T10848] team0: Port device team_slave_0 added
[  800.695654][T11072] input: syz1 as /devices/virtual/input/input27
[  801.623187][T10848] team0: Port device team_slave_1 added
[  802.732415][T11083] loop9: detected capacity change from 0 to 128
[  802.741854][T11083] EXT4-fs: Ignoring removed nomblk_io_submit option
[  802.748480][T11083] EXT4-fs: Ignoring removed nomblk_io_submit option
[  802.756567][T11083] EXT4-fs (loop9): Test dummy encryption mode enabled
[  803.723135][T11083] EXT4-fs (loop9): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  803.738587][T11083] ext4 filesystem being mounted at /57/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  804.089243][T10288] block nbd0: Possible stuck request ffff888026b4e000: control (read@0,1024B). Runtime 570 seconds
[  804.100069][T10288] block nbd0: Possible stuck request ffff888026b4e1c0: control (read@1024,1024B). Runtime 570 seconds
[  804.111101][T10288] block nbd0: Possible stuck request ffff888026b4e380: control (read@2048,1024B). Runtime 570 seconds
[  804.122154][T10288] block nbd0: Possible stuck request ffff888026b4e540: control (read@3072,1024B). Runtime 570 seconds
[  805.654016][ T9448] EXT4-fs (loop9): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  806.083706][T10848] batman_adv: batadv0: Adding interface: batadv_slave_0
[  806.101786][T10848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  806.242267][T10848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  806.307364][T10848] batman_adv: batadv0: Adding interface: batadv_slave_1
[  806.365828][T10848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  806.468448][T10848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  806.794235][T10556] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  806.826418][T10556] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  806.836132][T10556] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  806.854523][T10556] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  806.876662][T10848] hsr_slave_0: entered promiscuous mode
[  806.882528][T10556] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  806.963431][T10848] hsr_slave_1: entered promiscuous mode
[  806.972267][T10848] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  806.980012][T10848] Cannot create hsr debugfs directory
[  807.262075][T11115] loop8: detected capacity change from 0 to 256
[  807.358198][T11115] exFAT-fs (loop8): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  807.368994][T11115] exFAT-fs (loop8): Medium has reported failures. Some data may be lost.
[  807.528457][T11115] exFAT-fs (loop8): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  807.626575][T11115] input: syz1 as /devices/virtual/input/input28
[  809.360351][T10556] Bluetooth: hci5: command tx timeout
[  810.892740][T11139] loop6: detected capacity change from 0 to 128
[  810.911504][T11139] EXT4-fs: Ignoring removed nomblk_io_submit option
[  810.918276][T11139] EXT4-fs: Ignoring removed nomblk_io_submit option
[  811.227494][T11139] EXT4-fs (loop6): Test dummy encryption mode enabled
[  811.490036][T10556] Bluetooth: hci5: command tx timeout
[  812.369616][T11145] loop8: detected capacity change from 0 to 1024
[  812.389582][T11145] EXT4-fs: Ignoring removed orlov option
[  812.395605][T11145] EXT4-fs: Ignoring removed nomblk_io_submit option
[  812.707088][T11139] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  812.743110][T11139] ext4 filesystem being mounted at /207/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  812.771509][T11145] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  813.500057][T10556] Bluetooth: hci5: command tx timeout
[  814.073601][ T7460] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  814.151084][T11144] sch_fq: defrate 0 ignored.
[  814.351251][ T9308] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  815.186730][T11165] loop8: detected capacity change from 0 to 64
[  815.589799][T10556] Bluetooth: hci5: command tx timeout
[  818.236692][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  818.249273][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  818.524723][T11189] loop1: detected capacity change from 0 to 1024
[  819.519076][T11107] chnl_net:caif_netlink_parms(): no params data found
[  819.629365][T11202] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1054'.
[  819.681301][T11204] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1054'.
[  819.819245][   T78] bridge_slave_1: left allmulticast mode
[  819.838518][   T78] bridge_slave_1: left promiscuous mode
[  819.859181][   T78] bridge0: port 2(bridge_slave_1) entered disabled state
[  819.889519][   T78] bridge_slave_0: left allmulticast mode
[  819.916222][   T78] bridge_slave_0: left promiscuous mode
[  819.951638][   T78] bridge0: port 1(bridge_slave_0) entered disabled state
[  820.881621][   T78] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  820.954633][   T78] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  820.989163][   T78] bond0 (unregistering): Released all slaves
[  821.345336][T11107] bridge0: port 1(bridge_slave_0) entered blocking state
[  821.373576][T11107] bridge0: port 1(bridge_slave_0) entered disabled state
[  821.420649][T11107] bridge_slave_0: entered allmulticast mode
[  821.449218][T11107] bridge_slave_0: entered promiscuous mode
[  821.493475][T11107] bridge0: port 2(bridge_slave_1) entered blocking state
[  821.541284][T11107] bridge0: port 2(bridge_slave_1) entered disabled state
[  821.573511][T11107] bridge_slave_1: entered allmulticast mode
[  821.852526][T11107] bridge_slave_1: entered promiscuous mode
[  823.466559][   T78] hsr_slave_0: left promiscuous mode
[  823.501130][   T78] hsr_slave_1: left promiscuous mode
[  823.507247][   T78] batman_adv: batadv0: Removing interface: batadv_slave_0
[  823.518054][   T78] batman_adv: batadv0: Removing interface: batadv_slave_1
[  824.889021][   T78] team0 (unregistering): Port device team_slave_1 removed
[  825.285739][   T78] team0 (unregistering): Port device team_slave_0 removed
[  825.409328][T11253] loop8: detected capacity change from 0 to 1024
[  825.418018][T11253] EXT4-fs: Ignoring removed orlov option
[  825.423755][T11253] EXT4-fs: Ignoring removed nomblk_io_submit option
[  825.483715][T11253] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  825.830375][T11240] loop9: detected capacity change from 0 to 32768
[  825.879066][T11240] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  825.903670][T11240] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  825.970740][T11107] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  825.995970][T11107] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  826.051898][T11249] sch_fq: defrate 0 ignored.
[  826.183593][T11248] syzkaller0: entered promiscuous mode
[  826.189112][T11248] syzkaller0: entered allmulticast mode
[  826.224557][ T9308] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  826.232588][T11240] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 1ms
[  826.304772][ T9200] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  826.324467][ T9200] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  826.444626][T11269] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1069'.
[  826.500634][T11271] netlink: 24 bytes leftover after parsing attributes in process `syz.8.1069'.
[  826.508656][T11107] team0: Port device team_slave_0 added
[  826.528000][T11107] team0: Port device team_slave_1 added
[  826.616856][ T9200] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 292ms
[  826.650678][ T9200] gfs2: fsid=syz:syz.0: jid=0: Done
[  826.664427][T11240] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  826.757039][T11107] batman_adv: batadv0: Adding interface: batadv_slave_0
[  826.775732][T11107] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  826.808691][T11107] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  826.857356][T11107] batman_adv: batadv0: Adding interface: batadv_slave_1
[  826.919381][T11107] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  827.075719][T11107] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  829.802558][T11107] hsr_slave_0: entered promiscuous mode
[  829.818654][T11107] hsr_slave_1: entered promiscuous mode
[  829.852246][T11107] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  829.870309][T11107] Cannot create hsr debugfs directory
[  829.886728][T10848] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  829.939044][T10848] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  830.404308][T11305] loop8: detected capacity change from 0 to 128
[  831.416738][T10848] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  832.122744][T11308] loop9: detected capacity change from 0 to 1024
[  832.159427][T11308] EXT4-fs: Ignoring removed orlov option
[  832.189129][T11308] EXT4-fs: Ignoring removed nomblk_io_submit option
[  832.248584][T10848] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  832.330234][T11308] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  832.564723][T11314] loop1: detected capacity change from 0 to 1024
[  832.572317][T11314] EXT4-fs: Ignoring removed orlov option
[  832.578006][T11314] EXT4-fs: Ignoring removed nomblk_io_submit option
[  832.627160][T11314] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  832.686754][T11303] sch_fq: defrate 0 ignored.
[  832.783030][ T9448] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  833.173009][T11324] input: syz1 as /devices/virtual/input/input29
[  833.469521][ T5867] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  834.945636][T10288] block nbd0: Possible stuck request ffff888026b4e000: control (read@0,1024B). Runtime 600 seconds
[  834.957278][T10288] block nbd0: Possible stuck request ffff888026b4e1c0: control (read@1024,1024B). Runtime 600 seconds
[  834.969598][T10288] block nbd0: Possible stuck request ffff888026b4e380: control (read@2048,1024B). Runtime 600 seconds
[  835.039343][T10848] 8021q: adding VLAN 0 to HW filter on device bond0
[  835.089939][T10288] block nbd0: Possible stuck request ffff888026b4e540: control (read@3072,1024B). Runtime 600 seconds
[  835.282051][T10848] 8021q: adding VLAN 0 to HW filter on device team0
[  835.355460][ T6072] bridge0: port 1(bridge_slave_0) entered blocking state
[  835.362756][ T6072] bridge0: port 1(bridge_slave_0) entered forwarding state
[  835.482799][ T6072] bridge0: port 2(bridge_slave_1) entered blocking state
[  835.490113][ T6072] bridge0: port 2(bridge_slave_1) entered forwarding state
[  836.213218][T11107] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  836.276764][T11107] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  836.344954][T11107] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  836.403050][T11107] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  836.916713][T11107] 8021q: adding VLAN 0 to HW filter on device bond0
[  837.007159][T11107] 8021q: adding VLAN 0 to HW filter on device team0
[  837.081825][ T6045] bridge0: port 1(bridge_slave_0) entered blocking state
[  837.089045][ T6045] bridge0: port 1(bridge_slave_0) entered forwarding state
[  837.615744][ T1107] bridge0: port 2(bridge_slave_1) entered blocking state
[  837.622986][ T1107] bridge0: port 2(bridge_slave_1) entered forwarding state
[  837.689216][T10848] 8021q: adding VLAN 0 to HW filter on device batadv0
[  838.416740][T10848] veth0_vlan: entered promiscuous mode
[  838.506380][T10848] veth1_vlan: entered promiscuous mode
[  838.666980][T10848] veth0_macvtap: entered promiscuous mode
[  838.781471][T10848] veth1_macvtap: entered promiscuous mode
[  838.917080][T10848] batman_adv: batadv0: Interface activated: batadv_slave_0
[  839.199325][T10848] batman_adv: batadv0: Interface activated: batadv_slave_1
[  839.398131][T11382] loop6: detected capacity change from 0 to 128
[  839.424969][T11382] EXT4-fs: Ignoring removed nomblk_io_submit option
[  839.432058][T11382] EXT4-fs: Ignoring removed nomblk_io_submit option
[  839.517794][T11382] EXT4-fs (loop6): Test dummy encryption mode enabled
[  839.812933][T11382] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  839.840535][T11382] ext4 filesystem being mounted at /218/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  840.061107][T10848] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  840.080980][T10848] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  840.090030][T10848] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  840.098789][T10848] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  840.245754][T11107] 8021q: adding VLAN 0 to HW filter on device batadv0
[  840.515732][   T78] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  840.551663][   T78] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  840.702894][T11107] veth0_vlan: entered promiscuous mode
[  840.743540][ T6052] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  840.776891][T11107] veth1_vlan: entered promiscuous mode
[  840.800968][ T6052] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  840.899101][T11107] veth0_macvtap: entered promiscuous mode
[  840.941457][T11107] veth1_macvtap: entered promiscuous mode
[  841.025072][T11107] batman_adv: batadv0: Interface activated: batadv_slave_0
[  841.092050][T11107] batman_adv: batadv0: Interface activated: batadv_slave_1
[  841.169234][T11107] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  841.185226][T11391] loop3: detected capacity change from 0 to 16
[  841.224071][T11107] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  841.226509][T11391] erofs (device loop3): mounted with root inode @ nid 36.
[  841.279089][T11107] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  841.312788][T11107] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  842.027118][T11306] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  842.115478][T11306] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  842.323653][T11403] overlayfs: overlapping lowerdir path
[  842.968465][   T78] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  842.976696][   T78] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  843.994388][T11424] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  844.215480][T11423] loop2: detected capacity change from 0 to 2048
[  844.408075][T11423] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  846.300287][T11456] overlayfs: overlapping lowerdir path
[  847.146510][T11463] raw_sendmsg: syz.2.1117 forgot to set AF_INET. Fix it!
[  847.196253][T11462] loop8: detected capacity change from 0 to 128
[  847.309855][T11462] UDF-fs: error (device loop8): udf_read_tagged: read failed, block=256, location=256
[  847.409507][T11462] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  847.882625][T11468] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  848.304621][T11473] loop8: detected capacity change from 0 to 128
[  849.295808][T11488] loop9: detected capacity change from 0 to 256
[  849.574823][T11488] FAT-fs (loop9): Directory bread(block 64) failed
[  849.609775][T11488] FAT-fs (loop9): Directory bread(block 65) failed
[  849.634959][T11491] syzkaller0: entered promiscuous mode
[  849.648567][T11488] FAT-fs (loop9): Directory bread(block 66) failed
[  849.686133][T11488] FAT-fs (loop9): Directory bread(block 67) failed
[  849.688717][T11491] syzkaller0: entered allmulticast mode
[  849.724027][T11488] FAT-fs (loop9): Directory bread(block 68) failed
[  849.759810][T11488] FAT-fs (loop9): Directory bread(block 69) failed
[  849.770071][T11488] FAT-fs (loop9): Directory bread(block 70) failed
[  849.830370][T11488] FAT-fs (loop9): Directory bread(block 71) failed
[  849.837048][T11488] FAT-fs (loop9): Directory bread(block 72) failed
[  849.904300][T11488] FAT-fs (loop9): Directory bread(block 73) failed
[  850.349812][   T30] audit: type=1800 audit(1753175679.287:45): pid=11488 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.1125" name="file1" dev="loop9" ino=1048651 res=0 errno=0
[  850.583214][T11488] bio_check_eod: 1 callbacks suppressed
[  850.583238][T11488] syz.9.1125: attempt to access beyond end of device
[  850.583238][T11488] loop9: rw=0, sector=1192, nr_sectors = 4 limit=256
[  851.650671][T11515] netlink: 1624 bytes leftover after parsing attributes in process `syz.2.1132'.
[  852.584345][T11525] sch_fq: defrate 0 ignored.
[  852.601567][T11525] loop9: detected capacity change from 0 to 1024
[  852.609036][T11525] EXT4-fs: Ignoring removed orlov option
[  852.614739][T11525] EXT4-fs: Ignoring removed nomblk_io_submit option
[  852.634448][T11524] loop1: detected capacity change from 0 to 128
[  852.801683][T11525] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  853.209617][ T9448] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  853.569256][ T7460] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  853.731291][T11539] loop1: detected capacity change from 0 to 1024
[  853.785061][T11539] EXT4-fs: Ignoring removed orlov option
[  853.845329][T11539] EXT4-fs: Ignoring removed nomblk_io_submit option
[  853.933561][T11539] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  854.031394][T11546] loop9: detected capacity change from 0 to 512
[  854.056826][T11513] loop8: detected capacity change from 0 to 32768
[  854.102843][T11546] EXT4-fs: Ignoring removed bh option
[  854.136207][T11513] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.1131 (11513)
[  854.177357][T11546] EXT4-fs (loop9): mounting ext3 file system using the ext4 subsystem
[  854.244106][T11546] EXT4-fs (loop9): 1 truncate cleaned up
[  854.272474][T11513] BTRFS info (device loop8): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  854.304601][T11546] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  854.360501][T10331] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  854.378269][T10331] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  854.386355][T10331] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  854.394885][T10331] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  854.412810][T10331] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  854.440685][T11513] BTRFS info (device loop8): using blake2b (blake2b-256-generic) checksum algorithm
[  854.455733][ T5867] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  854.500539][T11513] BTRFS info (device loop8): using free-space-tree
[  854.556596][T11513] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR
[  854.590445][T11513] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR
[  854.663129][T11513] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR
[  854.752543][T11513] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR
[  854.810315][T11513] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR
[  855.035918][T11513] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[  855.054081][T11560] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  855.136572][T11513] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[  855.295222][T11513] BTRFS error (device loop8): open_ctree failed: -12
[  855.455632][ T9448] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  856.364203][T11586] netlink: 1624 bytes leftover after parsing attributes in process `syz.1.1146'.
[  856.464361][T10331] Bluetooth: hci1: command tx timeout
[  856.913379][T11602] loop3: detected capacity change from 0 to 1024
[  856.921301][T11602] EXT4-fs: Ignoring removed orlov option
[  856.926986][T11602] EXT4-fs: Ignoring removed nomblk_io_submit option
[  856.971513][T11602] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  857.416717][T11595] sch_fq: defrate 0 ignored.
[  857.644312][T10848] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  857.765343][T11614] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  858.539868][T10331] Bluetooth: hci1: command tx timeout
[  858.623743][ T6052] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  858.796438][T11552] chnl_net:caif_netlink_parms(): no params data found
[  858.912651][T11634] loop3: detected capacity change from 0 to 256
[  859.002968][T11634] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  860.103483][ T6052] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  860.565200][T11655] netlink: 1624 bytes leftover after parsing attributes in process `syz.9.1163'.
[  860.600849][ T6052] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  860.620070][T10331] Bluetooth: hci1: command tx timeout
[  860.862647][T11658] loop2: detected capacity change from 0 to 32768
[  861.117840][T11658] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  861.117881][T11658]   allowing incompatible features above 0.0: (unknown version)
[  861.117898][T11658]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  861.162592][T11658] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0
[  861.172305][T11658] bcachefs (loop2): initializing new filesystem
[  861.185583][T11658] bcachefs (loop2): going read-write
[  861.274919][T11658] bcachefs (loop2): marking superblocks
[  861.288531][T11658] bcachefs (loop2): initializing freespace
[  861.298430][T11658] bcachefs (loop2): done initializing freespace
[  861.307999][T11658] bcachefs (loop2): reading snapshots table
[  861.314014][T11658] bcachefs (loop2): reading snapshots done
[  861.712291][T11552] bridge0: port 1(bridge_slave_0) entered blocking state
[  861.730473][T11658] bcachefs (loop2): done starting filesystem
[  861.741145][T11552] bridge0: port 1(bridge_slave_0) entered disabled state
[  861.748386][T11552] bridge_slave_0: entered allmulticast mode
[  861.842153][T11552] bridge_slave_0: entered promiscuous mode
[  862.700350][T10556] Bluetooth: hci1: command tx timeout
[  863.016597][ T6052] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  863.108174][T11678] loop9: detected capacity change from 0 to 1024
[  863.131714][T11107] bcachefs (loop2): shutting down
[  863.136774][T11107] bcachefs (loop2): going read-only
[  863.171280][T11552] bridge0: port 2(bridge_slave_1) entered blocking state
[  863.178473][T11552] bridge0: port 2(bridge_slave_1) entered disabled state
[  863.185977][T11107] bcachefs (loop2): finished waiting for writes to stop
[  863.232627][T11107] bcachefs (loop2): flushing journal and stopping allocators, journal seq 5
[  863.282234][T11552] bridge_slave_1: entered allmulticast mode
[  863.327572][T11552] bridge_slave_1: entered promiscuous mode
[  863.362811][T11682] ==================================================================
[  863.370915][T11682] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x90b/0xa10
[  863.378603][T11682] Read of size 2 at addr ffff888058ef6a18 by task syz.9.1166/11682
[  863.386523][T11682] 
[  863.388863][T11682] CPU: 0 UID: 0 PID: 11682 Comm: syz.9.1166 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  863.388913][T11682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  863.388937][T11682] Call Trace:
[  863.388949][T11682]  <TASK>
[  863.388963][T11682]  dump_stack_lvl+0x116/0x1f0
[  863.389006][T11682]  print_report+0xcd/0x610
[  863.389062][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  863.389111][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  863.389159][T11682]  ? __phys_addr+0xe8/0x180
[  863.389213][T11682]  ? hfsplus_uni2asc+0x90b/0xa10
[  863.389268][T11682]  kasan_report+0xe0/0x110
[  863.389327][T11682]  ? hfsplus_uni2asc+0x90b/0xa10
[  863.389389][T11682]  hfsplus_uni2asc+0x90b/0xa10
[  863.389452][T11682]  hfsplus_listxattr+0x6f6/0xe30
[  863.389522][T11682]  ? __pfx_hfsplus_listxattr+0x10/0x10
[  863.389584][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  863.389640][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  863.389695][T11682]  ? mntput+0x10/0x90
[  863.389743][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  863.389791][T11682]  ? terminate_walk+0x31c/0x680
[  863.389878][T11682]  ? __pfx_hfsplus_listxattr+0x10/0x10
[  863.389943][T11682]  vfs_listxattr+0xba/0x140
[  863.389996][T11682]  listxattr+0x102/0x1a0
[  863.390046][T11682]  path_listxattrat+0x151/0x370
[  863.390117][T11682]  ? __pfx_path_listxattrat+0x10/0x10
[  863.390170][T11682]  ? xfd_validate_state+0x61/0x180
[  863.390242][T11682]  do_syscall_64+0xcd/0x4c0
[  863.390285][T11682]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  863.390325][T11682] RIP: 0033:0x7fadec18e9a9
[  863.390354][T11682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  863.390393][T11682] RSP: 002b:00007fade9fd5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3
[  863.390429][T11682] RAX: ffffffffffffffda RBX: 00007fadec3b6080 RCX: 00007fadec18e9a9
[  863.390456][T11682] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000
[  863.390481][T11682] RBP: 00007fadec210d69 R08: 0000000000000000 R09: 0000000000000000
[  863.390506][T11682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  863.390531][T11682] R13: 0000000000000001 R14: 00007fadec3b6080 R15: 00007ffdc7b28e08
[  863.390571][T11682]  </TASK>
[  863.390584][T11682] 
[  863.614350][T11682] Allocated by task 11682:
[  863.618777][T11682]  kasan_save_stack+0x33/0x60
[  863.623498][T11682]  kasan_save_track+0x14/0x30
[  863.628216][T11682]  __kasan_kmalloc+0xaa/0xb0
[  863.632845][T11682]  __kmalloc_noprof+0x223/0x510
[  863.637738][T11682]  hfsplus_find_init+0x95/0x1f0
[  863.642634][T11682]  hfsplus_listxattr+0x46b/0xe30
[  863.647621][T11682]  vfs_listxattr+0xba/0x140
[  863.652165][T11682]  listxattr+0x102/0x1a0
[  863.656450][T11682]  path_listxattrat+0x151/0x370
[  863.661345][T11682]  do_syscall_64+0xcd/0x4c0
[  863.665879][T11682]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  863.671801][T11682] 
[  863.674138][T11682] The buggy address belongs to the object at ffff888058ef6800
[  863.674138][T11682]  which belongs to the cache kmalloc-1k of size 1024
[  863.688222][T11682] The buggy address is located 0 bytes to the right of
[  863.688222][T11682]  allocated 536-byte region [ffff888058ef6800, ffff888058ef6a18)
[  863.702741][T11682] 
[  863.705074][T11682] The buggy address belongs to the physical page:
[  863.711497][T11682] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x58ef0
[  863.720279][T11682] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  863.728798][T11682] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  863.736800][T11682] page_type: f5(slab)
[  863.740807][T11682] raw: 00fff00000000040 ffff88801b841dc0 0000000000000000 dead000000000001
[  863.749418][T11682] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  863.758028][T11682] head: 00fff00000000040 ffff88801b841dc0 0000000000000000 dead000000000001
[  863.766727][T11682] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  863.775425][T11682] head: 00fff00000000003 ffffea000163bc01 00000000ffffffff 00000000ffffffff
[  863.784120][T11682] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  863.792804][T11682] page dumped because: kasan: bad access detected
[  863.799229][T11682] page_owner tracks the page as allocated
[  863.804952][T11682] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 15, tgid 15 (ksoftirqd/0), ts 214101605408, free_ts 213869683974
[  863.824012][T11682]  post_alloc_hook+0x1c0/0x230
[  863.828818][T11682]  get_page_from_freelist+0x1321/0x3890
[  863.834407][T11682]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  863.840343][T11682]  alloc_pages_mpol+0x1fb/0x550
[  863.845236][T11682]  new_slab+0x23b/0x330
[  863.849420][T11682]  ___slab_alloc+0xd9c/0x1940
[  863.854127][T11682]  __slab_alloc.constprop.0+0x56/0xb0
[  863.859538][T11682]  __kmalloc_noprof+0x2f2/0x510
[  863.864428][T11682]  ieee802_11_parse_elems_full+0x1db/0x3770
[  863.870379][T11682]  ieee80211_inform_bss+0x10b/0x1140
[  863.875713][T11682]  cfg80211_inform_single_bss_data+0x8ea/0x1df0
[  863.881988][T11682]  cfg80211_inform_bss_data+0x224/0x3bc0
[  863.887653][T11682]  cfg80211_inform_bss_frame_data+0x26f/0x750
[  863.893753][T11682]  ieee80211_bss_info_update+0x310/0xab0
[  863.899433][T11682]  ieee80211_scan_rx+0x4cf/0xb30
[  863.904419][T11682]  ieee80211_rx_list+0x1bdb/0x2980
[  863.909588][T11682] page last free pid 6138 tgid 6138 stack trace:
[  863.915926][T11682]  __free_frozen_pages+0x7fe/0x1180
[  863.921159][T11682]  __put_partials+0x16d/0x1c0
[  863.925874][T11682]  qlist_free_all+0x4d/0x120
[  863.930502][T11682]  kasan_quarantine_reduce+0x195/0x1e0
[  863.935999][T11682]  __kasan_slab_alloc+0x69/0x90
[  863.940895][T11682]  kmem_cache_alloc_noprof+0x1cb/0x3b0
[  863.946395][T11682]  __kernfs_new_node+0xd2/0x8e0
[  863.951291][T11682]  kernfs_new_node+0x13c/0x1e0
[  863.956081][T11682]  __kernfs_create_file+0x53/0x350
[  863.961228][T11682]  sysfs_add_file_mode_ns+0x207/0x3c0
[  863.966645][T11682]  internal_create_group+0x578/0xf30
[  863.971978][T11682]  internal_create_groups+0x9d/0x150
[  863.977314][T11682]  device_add+0xf30/0x1a70
[  863.981769][T11682]  netdev_register_kobject+0x182/0x3a0
[  863.987266][T11682]  register_netdevice+0x13dc/0x2270
[  863.992497][T11682]  register_netdev+0x34/0x50
[  863.997119][T11682] 
[  863.999452][T11682] Memory state around the buggy address:
[  864.005094][T11682]  ffff888058ef6900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  864.013181][T11682]  ffff888058ef6980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  864.021265][T11682] >ffff888058ef6a00: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[  864.029340][T11682]                             ^
[  864.034210][T11682]  ffff888058ef6a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  864.042293][T11682]  ffff888058ef6b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  864.050374][T11682] ==================================================================
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  864.331233][T11686] loop8: detected capacity change from 0 to 1024
[  864.670386][T11682] Disabling lock debugging due to kernel taint
[  864.735146][T11682] ==================================================================
[  864.743262][T11682] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x90b/0xa10
[  864.750944][T11682] Read of size 2 at addr ffff888058ef6a1a by task syz.9.1166/11682
[  864.758855][T11682] 
[  864.761203][T11682] CPU: 0 UID: 0 PID: 11682 Comm: syz.9.1166 Tainted: G    B               6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  864.761261][T11682] Tainted: [B]=BAD_PAGE
[  864.761275][T11682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  864.761298][T11682] Call Trace:
[  864.761310][T11682]  <TASK>
[  864.761324][T11682]  dump_stack_lvl+0x116/0x1f0
[  864.761366][T11682]  print_report+0xcd/0x610
[  864.761421][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  864.761469][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  864.761515][T11682]  ? __phys_addr+0xe8/0x180
[  864.761562][T11682]  ? hfsplus_uni2asc+0x90b/0xa10
[  864.761615][T11682]  kasan_report+0xe0/0x110
[  864.761671][T11682]  ? hfsplus_uni2asc+0x90b/0xa10
[  864.761732][T11682]  hfsplus_uni2asc+0x90b/0xa10
[  864.761792][T11682]  hfsplus_listxattr+0x6f6/0xe30
[  864.761856][T11682]  ? __pfx_hfsplus_listxattr+0x10/0x10
[  864.761916][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  864.761968][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  864.762021][T11682]  ? mntput+0x10/0x90
[  864.762069][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  864.762114][T11682]  ? terminate_walk+0x31c/0x680
[  864.762199][T11682]  ? __pfx_hfsplus_listxattr+0x10/0x10
[  864.762263][T11682]  vfs_listxattr+0xba/0x140
[  864.762313][T11682]  listxattr+0x102/0x1a0
[  864.762363][T11682]  path_listxattrat+0x151/0x370
[  864.762416][T11682]  ? __pfx_path_listxattrat+0x10/0x10
[  864.762467][T11682]  ? xfd_validate_state+0x61/0x180
[  864.762530][T11682]  do_syscall_64+0xcd/0x4c0
[  864.762572][T11682]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  864.762611][T11682] RIP: 0033:0x7fadec18e9a9
[  864.762639][T11682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  864.762677][T11682] RSP: 002b:00007fade9fd5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3
[  864.762713][T11682] RAX: ffffffffffffffda RBX: 00007fadec3b6080 RCX: 00007fadec18e9a9
[  864.762740][T11682] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000
[  864.762764][T11682] RBP: 00007fadec210d69 R08: 0000000000000000 R09: 0000000000000000
[  864.762788][T11682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  864.762812][T11682] R13: 0000000000000001 R14: 00007fadec3b6080 R15: 00007ffdc7b28e08
[  864.762850][T11682]  </TASK>
[  864.762863][T11682] 
[  864.992317][T11682] Allocated by task 11682:
[  864.996758][T11682]  kasan_save_stack+0x33/0x60
[  865.001480][T11682]  kasan_save_track+0x14/0x30
[  865.006199][T11682]  __kasan_kmalloc+0xaa/0xb0
[  865.010825][T11682]  __kmalloc_noprof+0x223/0x510
[  865.015714][T11682]  hfsplus_find_init+0x95/0x1f0
[  865.020606][T11682]  hfsplus_listxattr+0x46b/0xe30
[  865.025592][T11682]  vfs_listxattr+0xba/0x140
[  865.030132][T11682]  listxattr+0x102/0x1a0
[  865.034417][T11682]  path_listxattrat+0x151/0x370
[  865.039309][T11682]  do_syscall_64+0xcd/0x4c0
[  865.043843][T11682]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  865.049764][T11682] 
[  865.052094][T11682] The buggy address belongs to the object at ffff888058ef6800
[  865.052094][T11682]  which belongs to the cache kmalloc-1k of size 1024
[  865.066173][T11682] The buggy address is located 2 bytes to the right of
[  865.066173][T11682]  allocated 536-byte region [ffff888058ef6800, ffff888058ef6a18)
[  865.080699][T11682] 
[  865.083032][T11682] The buggy address belongs to the physical page:
[  865.089454][T11682] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x58ef0
[  865.098237][T11682] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  865.106758][T11682] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  865.114326][T11682] page_type: f5(slab)
[  865.118333][T11682] raw: 00fff00000000040 ffff88801b841dc0 ffffea0000a08200 dead000000000002
[  865.126944][T11682] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  865.135566][T11682] head: 00fff00000000040 ffff88801b841dc0 ffffea0000a08200 dead000000000002
[  865.144263][T11682] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  865.152953][T11682] head: 00fff00000000003 ffffea000163bc01 00000000ffffffff 00000000ffffffff
[  865.161643][T11682] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  865.170321][T11682] page dumped because: kasan: bad access detected
[  865.176734][T11682] page_owner tracks the page as allocated
[  865.182453][T11682] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 15, tgid 15 (ksoftirqd/0), ts 214101605408, free_ts 213869683974
[  865.201502][T11682]  post_alloc_hook+0x1c0/0x230
[  865.206293][T11682]  get_page_from_freelist+0x1321/0x3890
[  865.211865][T11682]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  865.217788][T11682]  alloc_pages_mpol+0x1fb/0x550
[  865.222677][T11682]  new_slab+0x23b/0x330
[  865.226849][T11682]  ___slab_alloc+0xd9c/0x1940
[  865.231543][T11682]  __slab_alloc.constprop.0+0x56/0xb0
[  865.236934][T11682]  __kmalloc_noprof+0x2f2/0x510
[  865.241811][T11682]  ieee802_11_parse_elems_full+0x1db/0x3770
[  865.247743][T11682]  ieee80211_inform_bss+0x10b/0x1140
[  865.253061][T11682]  cfg80211_inform_single_bss_data+0x8ea/0x1df0
[  865.259326][T11682]  cfg80211_inform_bss_data+0x224/0x3bc0
[  865.264980][T11682]  cfg80211_inform_bss_frame_data+0x26f/0x750
[  865.271073][T11682]  ieee80211_bss_info_update+0x310/0xab0
[  865.276742][T11682]  ieee80211_scan_rx+0x4cf/0xb30
[  865.281710][T11682]  ieee80211_rx_list+0x1bdb/0x2980
[  865.286858][T11682] page last free pid 6138 tgid 6138 stack trace:
[  865.293185][T11682]  __free_frozen_pages+0x7fe/0x1180
[  865.298403][T11682]  __put_partials+0x16d/0x1c0
[  865.303104][T11682]  qlist_free_all+0x4d/0x120
[  865.307716][T11682]  kasan_quarantine_reduce+0x195/0x1e0
[  865.313208][T11682]  __kasan_slab_alloc+0x69/0x90
[  865.318087][T11682]  kmem_cache_alloc_noprof+0x1cb/0x3b0
[  865.323574][T11682]  __kernfs_new_node+0xd2/0x8e0
[  865.328459][T11682]  kernfs_new_node+0x13c/0x1e0
[  865.333235][T11682]  __kernfs_create_file+0x53/0x350
[  865.338369][T11682]  sysfs_add_file_mode_ns+0x207/0x3c0
[  865.343776][T11682]  internal_create_group+0x578/0xf30
[  865.349098][T11682]  internal_create_groups+0x9d/0x150
[  865.354421][T11682]  device_add+0xf30/0x1a70
[  865.358883][T11682]  netdev_register_kobject+0x182/0x3a0
[  865.364373][T11682]  register_netdevice+0x13dc/0x2270
[  865.369606][T11682]  register_netdev+0x34/0x50
[  865.374224][T11682] 
[  865.376548][T11682] Memory state around the buggy address:
[  865.382192][T11682]  ffff888058ef6900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  865.390272][T11682]  ffff888058ef6980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  865.398340][T11682] >ffff888058ef6a00: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[  865.406404][T11682]                             ^
[  865.411260][T11682]  ffff888058ef6a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  865.419330][T11682]  ffff888058ef6b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  865.427395][T11682] ==================================================================
[  865.469722][T11686] workqueue: Failed to create a rescuer kthread for wq "ext4-rsv-conversion": -EINTR
[  865.469795][T11686] EXT4-fs: failed to create workqueue
[  865.519725][T11686] EXT4-fs (loop8): mount failed
[  865.597048][T10288] block nbd0: Possible stuck request ffff888026b4e000: control (read@0,1024B). Runtime 630 seconds
[  865.608582][T10288] block nbd0: Possible stuck request ffff888026b4e1c0: control (read@1024,1024B). Runtime 630 seconds
[  865.619613][T10288] block nbd0: Possible stuck request ffff888026b4e380: control (read@2048,1024B). Runtime 630 seconds
[  865.632973][T10288] block nbd0: Possible stuck request ffff888026b4e540: control (read@3072,1024B). Runtime 630 seconds
[  865.644924][T11682] ==================================================================
[  865.653012][T11682] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x90b/0xa10
[  865.660697][T11682] Read of size 2 at addr ffff888058ef6a1c by task syz.9.1166/11682
[  865.668605][T11682] 
[  865.670942][T11682] CPU: 0 UID: 0 PID: 11682 Comm: syz.9.1166 Tainted: G    B               6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  865.670996][T11682] Tainted: [B]=BAD_PAGE
[  865.671009][T11682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  865.671031][T11682] Call Trace:
[  865.671042][T11682]  <TASK>
[  865.671055][T11682]  dump_stack_lvl+0x116/0x1f0
[  865.671097][T11682]  print_report+0xcd/0x610
[  865.671153][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  865.671202][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  865.671250][T11682]  ? __phys_addr+0xe8/0x180
[  865.671299][T11682]  ? hfsplus_uni2asc+0x90b/0xa10
[  865.671354][T11682]  kasan_report+0xe0/0x110
[  865.671413][T11682]  ? hfsplus_uni2asc+0x90b/0xa10
[  865.671479][T11682]  hfsplus_uni2asc+0x90b/0xa10
[  865.671541][T11682]  hfsplus_listxattr+0x6f6/0xe30
[  865.671611][T11682]  ? __pfx_hfsplus_listxattr+0x10/0x10
[  865.671673][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  865.671727][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  865.671780][T11682]  ? mntput+0x10/0x90
[  865.671827][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  865.671879][T11682]  ? terminate_walk+0x31c/0x680
[  865.671961][T11682]  ? __pfx_hfsplus_listxattr+0x10/0x10
[  865.672027][T11682]  vfs_listxattr+0xba/0x140
[  865.672081][T11682]  listxattr+0x102/0x1a0
[  865.672133][T11682]  path_listxattrat+0x151/0x370
[  865.672187][T11682]  ? __pfx_path_listxattrat+0x10/0x10
[  865.672241][T11682]  ? xfd_validate_state+0x61/0x180
[  865.672305][T11682]  do_syscall_64+0xcd/0x4c0
[  865.672345][T11682]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  865.672381][T11682] RIP: 0033:0x7fadec18e9a9
[  865.672408][T11682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  865.672448][T11682] RSP: 002b:00007fade9fd5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3
[  865.672482][T11682] RAX: ffffffffffffffda RBX: 00007fadec3b6080 RCX: 00007fadec18e9a9
[  865.672506][T11682] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000
[  865.672529][T11682] RBP: 00007fadec210d69 R08: 0000000000000000 R09: 0000000000000000
[  865.672551][T11682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  865.672573][T11682] R13: 0000000000000001 R14: 00007fadec3b6080 R15: 00007ffdc7b28e08
[  865.672607][T11682]  </TASK>
[  865.672619][T11682] 
[  865.901756][T11682] Allocated by task 11682:
[  865.906176][T11682]  kasan_save_stack+0x33/0x60
[  865.910885][T11682]  kasan_save_track+0x14/0x30
[  865.915588][T11682]  __kasan_kmalloc+0xaa/0xb0
[  865.920204][T11682]  __kmalloc_noprof+0x223/0x510
[  865.925080][T11682]  hfsplus_find_init+0x95/0x1f0
[  865.929957][T11682]  hfsplus_listxattr+0x46b/0xe30
[  865.934928][T11682]  vfs_listxattr+0xba/0x140
[  865.939458][T11682]  listxattr+0x102/0x1a0
[  865.943724][T11682]  path_listxattrat+0x151/0x370
[  865.948600][T11682]  do_syscall_64+0xcd/0x4c0
[  865.953120][T11682]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  865.959026][T11682] 
[  865.961351][T11682] The buggy address belongs to the object at ffff888058ef6800
[  865.961351][T11682]  which belongs to the cache kmalloc-1k of size 1024
[  865.975417][T11682] The buggy address is located 4 bytes to the right of
[  865.975417][T11682]  allocated 536-byte region [ffff888058ef6800, ffff888058ef6a18)
[  865.989932][T11682] 
[  865.992261][T11682] The buggy address belongs to the physical page:
[  865.998669][T11682] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x58ef0
[  866.007440][T11682] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  866.015953][T11682] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  866.023529][T11682] page_type: f5(slab)
[  866.027527][T11682] raw: 00fff00000000040 ffff88801b841dc0 ffffea0000a08200 dead000000000002
[  866.036125][T11682] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  866.044724][T11682] head: 00fff00000000040 ffff88801b841dc0 ffffea0000a08200 dead000000000002
[  866.053496][T11682] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  866.062183][T11682] head: 00fff00000000003 ffffea000163bc01 00000000ffffffff 00000000ffffffff
[  866.070871][T11682] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  866.079543][T11682] page dumped because: kasan: bad access detected
[  866.085959][T11682] page_owner tracks the page as allocated
[  866.091674][T11682] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 15, tgid 15 (ksoftirqd/0), ts 214101605408, free_ts 213869683974
[  866.110719][T11682]  post_alloc_hook+0x1c0/0x230
[  866.115507][T11682]  get_page_from_freelist+0x1321/0x3890
[  866.121082][T11682]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  866.127001][T11682]  alloc_pages_mpol+0x1fb/0x550
[  866.131884][T11682]  new_slab+0x23b/0x330
[  866.136056][T11682]  ___slab_alloc+0xd9c/0x1940
[  866.140749][T11682]  __slab_alloc.constprop.0+0x56/0xb0
[  866.146143][T11682]  __kmalloc_noprof+0x2f2/0x510
[  866.151025][T11682]  ieee802_11_parse_elems_full+0x1db/0x3770
[  866.156954][T11682]  ieee80211_inform_bss+0x10b/0x1140
[  866.162273][T11682]  cfg80211_inform_single_bss_data+0x8ea/0x1df0
[  866.168537][T11682]  cfg80211_inform_bss_data+0x224/0x3bc0
[  866.174192][T11682]  cfg80211_inform_bss_frame_data+0x26f/0x750
[  866.180279][T11682]  ieee80211_bss_info_update+0x310/0xab0
[  866.185944][T11682]  ieee80211_scan_rx+0x4cf/0xb30
[  866.190916][T11682]  ieee80211_rx_list+0x1bdb/0x2980
[  866.196064][T11682] page last free pid 6138 tgid 6138 stack trace:
[  866.202392][T11682]  __free_frozen_pages+0x7fe/0x1180
[  866.207610][T11682]  __put_partials+0x16d/0x1c0
[  866.212309][T11682]  qlist_free_all+0x4d/0x120
[  866.216920][T11682]  kasan_quarantine_reduce+0x195/0x1e0
[  866.222405][T11682]  __kasan_slab_alloc+0x69/0x90
[  866.227286][T11682]  kmem_cache_alloc_noprof+0x1cb/0x3b0
[  866.232773][T11682]  __kernfs_new_node+0xd2/0x8e0
[  866.237656][T11682]  kernfs_new_node+0x13c/0x1e0
[  866.242432][T11682]  __kernfs_create_file+0x53/0x350
[  866.247563][T11682]  sysfs_add_file_mode_ns+0x207/0x3c0
[  866.252964][T11682]  internal_create_group+0x578/0xf30
[  866.258282][T11682]  internal_create_groups+0x9d/0x150
[  866.263600][T11682]  device_add+0xf30/0x1a70
[  866.268037][T11682]  netdev_register_kobject+0x182/0x3a0
[  866.273521][T11682]  register_netdevice+0x13dc/0x2270
[  866.278738][T11682]  register_netdev+0x34/0x50
[  866.283346][T11682] 
[  866.285674][T11682] Memory state around the buggy address:
[  866.291316][T11682]  ffff888058ef6900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  866.299387][T11682]  ffff888058ef6980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  866.307458][T11682] >ffff888058ef6a00: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[  866.315523][T11682]                             ^
[  866.320375][T11682]  ffff888058ef6a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  866.328445][T11682]  ffff888058ef6b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  866.336510][T11682] ==================================================================
[  866.347095][T11682] ==================================================================
[  866.355180][T11682] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x90b/0xa10
[  866.362869][T11682] Read of size 2 at addr ffff888058ef6a1e by task syz.9.1166/11682
[  866.370781][T11682] 
[  866.373117][T11682] CPU: 0 UID: 0 PID: 11682 Comm: syz.9.1166 Tainted: G    B               6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  866.373168][T11682] Tainted: [B]=BAD_PAGE
[  866.373180][T11682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  866.373205][T11682] Call Trace:
[  866.373216][T11682]  <TASK>
[  866.373228][T11682]  dump_stack_lvl+0x116/0x1f0
[  866.373267][T11682]  print_report+0xcd/0x610
[  866.373318][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  866.373360][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  866.373402][T11682]  ? __phys_addr+0xe8/0x180
[  866.373445][T11682]  ? hfsplus_uni2asc+0x90b/0xa10
[  866.373493][T11682]  kasan_report+0xe0/0x110
[  866.373545][T11682]  ? hfsplus_uni2asc+0x90b/0xa10
[  866.373599][T11682]  hfsplus_uni2asc+0x90b/0xa10
[  866.373654][T11682]  hfsplus_listxattr+0x6f6/0xe30
[  866.373714][T11682]  ? __pfx_hfsplus_listxattr+0x10/0x10
[  866.373768][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  866.373816][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  866.373863][T11682]  ? mntput+0x10/0x90
[  866.373905][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  866.373947][T11682]  ? terminate_walk+0x31c/0x680
[  866.374019][T11682]  ? __pfx_hfsplus_listxattr+0x10/0x10
[  866.374076][T11682]  vfs_listxattr+0xba/0x140
[  866.374122][T11682]  listxattr+0x102/0x1a0
[  866.374167][T11682]  path_listxattrat+0x151/0x370
[  866.374218][T11682]  ? __pfx_path_listxattrat+0x10/0x10
[  866.374264][T11682]  ? xfd_validate_state+0x61/0x180
[  866.374321][T11682]  do_syscall_64+0xcd/0x4c0
[  866.374360][T11682]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  866.374395][T11682] RIP: 0033:0x7fadec18e9a9
[  866.374420][T11682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  866.374455][T11682] RSP: 002b:00007fade9fd5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3
[  866.374486][T11682] RAX: ffffffffffffffda RBX: 00007fadec3b6080 RCX: 00007fadec18e9a9
[  866.374509][T11682] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000
[  866.374532][T11682] RBP: 00007fadec210d69 R08: 0000000000000000 R09: 0000000000000000
[  866.374553][T11682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  866.374575][T11682] R13: 0000000000000001 R14: 00007fadec3b6080 R15: 00007ffdc7b28e08
[  866.374609][T11682]  </TASK>
[  866.374620][T11682] 
[  866.603765][T11682] Allocated by task 11682:
[  866.608189][T11682]  kasan_save_stack+0x33/0x60
[  866.612898][T11682]  kasan_save_track+0x14/0x30
[  866.617600][T11682]  __kasan_kmalloc+0xaa/0xb0
[  866.622214][T11682]  __kmalloc_noprof+0x223/0x510
[  866.627089][T11682]  hfsplus_find_init+0x95/0x1f0
[  866.631966][T11682]  hfsplus_listxattr+0x46b/0xe30
[  866.636937][T11682]  vfs_listxattr+0xba/0x140
[  866.641465][T11682]  listxattr+0x102/0x1a0
[  866.645730][T11682]  path_listxattrat+0x151/0x370
[  866.650607][T11682]  do_syscall_64+0xcd/0x4c0
[  866.655128][T11682]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  866.661039][T11682] 
[  866.663360][T11682] The buggy address belongs to the object at ffff888058ef6800
[  866.663360][T11682]  which belongs to the cache kmalloc-1k of size 1024
[  866.677427][T11682] The buggy address is located 6 bytes to the right of
[  866.677427][T11682]  allocated 536-byte region [ffff888058ef6800, ffff888058ef6a18)
[  866.691932][T11682] 
[  866.694256][T11682] The buggy address belongs to the physical page:
[  866.700667][T11682] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x58ef0
[  866.709435][T11682] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  866.717942][T11682] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  866.725500][T11682] page_type: f5(slab)
[  866.729493][T11682] raw: 00fff00000000040 ffff88801b841dc0 ffffea0000a08200 dead000000000002
[  866.738093][T11682] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  866.746693][T11682] head: 00fff00000000040 ffff88801b841dc0 ffffea0000a08200 dead000000000002
[  866.755380][T11682] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  866.764066][T11682] head: 00fff00000000003 ffffea000163bc01 00000000ffffffff 00000000ffffffff
[  866.772751][T11682] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  866.781423][T11682] page dumped because: kasan: bad access detected
[  866.787833][T11682] page_owner tracks the page as allocated
[  866.793544][T11682] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 15, tgid 15 (ksoftirqd/0), ts 214101605408, free_ts 213869683974
[  866.812588][T11682]  post_alloc_hook+0x1c0/0x230
[  866.817377][T11682]  get_page_from_freelist+0x1321/0x3890
[  866.822950][T11682]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  866.828871][T11682]  alloc_pages_mpol+0x1fb/0x550
[  866.833755][T11682]  new_slab+0x23b/0x330
[  866.837927][T11682]  ___slab_alloc+0xd9c/0x1940
[  866.842620][T11682]  __slab_alloc.constprop.0+0x56/0xb0
[  866.848010][T11682]  __kmalloc_noprof+0x2f2/0x510
[  866.852890][T11682]  ieee802_11_parse_elems_full+0x1db/0x3770
[  866.858822][T11682]  ieee80211_inform_bss+0x10b/0x1140
[  866.864141][T11682]  cfg80211_inform_single_bss_data+0x8ea/0x1df0
[  866.870410][T11682]  cfg80211_inform_bss_data+0x224/0x3bc0
[  866.876064][T11682]  cfg80211_inform_bss_frame_data+0x26f/0x750
[  866.882152][T11682]  ieee80211_bss_info_update+0x310/0xab0
[  866.887819][T11682]  ieee80211_scan_rx+0x4cf/0xb30
[  866.892790][T11682]  ieee80211_rx_list+0x1bdb/0x2980
[  866.897940][T11682] page last free pid 6138 tgid 6138 stack trace:
[  866.904269][T11682]  __free_frozen_pages+0x7fe/0x1180
[  866.909489][T11682]  __put_partials+0x16d/0x1c0
[  866.914195][T11682]  qlist_free_all+0x4d/0x120
[  866.918815][T11682]  kasan_quarantine_reduce+0x195/0x1e0
[  866.924306][T11682]  __kasan_slab_alloc+0x69/0x90
[  866.929201][T11682]  kmem_cache_alloc_noprof+0x1cb/0x3b0
[  866.934686][T11682]  __kernfs_new_node+0xd2/0x8e0
[  866.939568][T11682]  kernfs_new_node+0x13c/0x1e0
[  866.944341][T11682]  __kernfs_create_file+0x53/0x350
[  866.949475][T11682]  sysfs_add_file_mode_ns+0x207/0x3c0
[  866.954874][T11682]  internal_create_group+0x578/0xf30
[  866.960201][T11682]  internal_create_groups+0x9d/0x150
[  866.965520][T11682]  device_add+0xf30/0x1a70
[  866.969958][T11682]  netdev_register_kobject+0x182/0x3a0
[  866.975442][T11682]  register_netdevice+0x13dc/0x2270
[  866.980662][T11682]  register_netdev+0x34/0x50
[  866.985273][T11682] 
[  866.987593][T11682] Memory state around the buggy address:
[  866.993229][T11682]  ffff888058ef6900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  867.001301][T11682]  ffff888058ef6980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  867.009372][T11682] >ffff888058ef6a00: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[  867.017437][T11682]                             ^
[  867.022292][T11682]  ffff888058ef6a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  867.030367][T11682]  ffff888058ef6b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  867.038432][T11682] ==================================================================
[  867.051976][T11682] ==================================================================
[  867.060078][T11682] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x90b/0xa10
[  867.067756][T11682] Read of size 2 at addr ffff888058ef6a20 by task syz.9.1166/11682
[  867.075657][T11682] 
[  867.077991][T11682] CPU: 0 UID: 0 PID: 11682 Comm: syz.9.1166 Tainted: G    B               6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  867.078043][T11682] Tainted: [B]=BAD_PAGE
[  867.078056][T11682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  867.078078][T11682] Call Trace:
[  867.078089][T11682]  <TASK>
[  867.078102][T11682]  dump_stack_lvl+0x116/0x1f0
[  867.078140][T11682]  print_report+0xcd/0x610
[  867.078191][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  867.078236][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  867.078279][T11682]  ? __phys_addr+0xe8/0x180
[  867.078323][T11682]  ? hfsplus_uni2asc+0x90b/0xa10
[  867.078373][T11682]  kasan_report+0xe0/0x110
[  867.078427][T11682]  ? hfsplus_uni2asc+0x90b/0xa10
[  867.078486][T11682]  hfsplus_uni2asc+0x90b/0xa10
[  867.078543][T11682]  hfsplus_listxattr+0x6f6/0xe30
[  867.078606][T11682]  ? __pfx_hfsplus_listxattr+0x10/0x10
[  867.078663][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  867.078712][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  867.078760][T11682]  ? mntput+0x10/0x90
[  867.078803][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  867.078846][T11682]  ? terminate_walk+0x31c/0x680
[  867.078920][T11682]  ? __pfx_hfsplus_listxattr+0x10/0x10
[  867.078979][T11682]  vfs_listxattr+0xba/0x140
[  867.079026][T11682]  listxattr+0x102/0x1a0
[  867.079072][T11682]  path_listxattrat+0x151/0x370
[  867.079120][T11682]  ? __pfx_path_listxattrat+0x10/0x10
[  867.079168][T11682]  ? xfd_validate_state+0x61/0x180
[  867.079227][T11682]  do_syscall_64+0xcd/0x4c0
[  867.079269][T11682]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  867.079304][T11682] RIP: 0033:0x7fadec18e9a9
[  867.079330][T11682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  867.079365][T11682] RSP: 002b:00007fade9fd5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3
[  867.079398][T11682] RAX: ffffffffffffffda RBX: 00007fadec3b6080 RCX: 00007fadec18e9a9
[  867.079421][T11682] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000
[  867.079443][T11682] RBP: 00007fadec210d69 R08: 0000000000000000 R09: 0000000000000000
[  867.079471][T11682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  867.079493][T11682] R13: 0000000000000001 R14: 00007fadec3b6080 R15: 00007ffdc7b28e08
[  867.079528][T11682]  </TASK>
[  867.079540][T11682] 
[  867.308739][T11682] Allocated by task 11682:
[  867.313167][T11682]  kasan_save_stack+0x33/0x60
[  867.317878][T11682]  kasan_save_track+0x14/0x30
[  867.322584][T11682]  __kasan_kmalloc+0xaa/0xb0
[  867.327207][T11682]  __kmalloc_noprof+0x223/0x510
[  867.332087][T11682]  hfsplus_find_init+0x95/0x1f0
[  867.336965][T11682]  hfsplus_listxattr+0x46b/0xe30
[  867.341941][T11682]  vfs_listxattr+0xba/0x140
[  867.346471][T11682]  listxattr+0x102/0x1a0
[  867.350741][T11682]  path_listxattrat+0x151/0x370
[  867.355623][T11682]  do_syscall_64+0xcd/0x4c0
[  867.360145][T11682]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  867.366057][T11682] 
[  867.368380][T11682] The buggy address belongs to the object at ffff888058ef6800
[  867.368380][T11682]  which belongs to the cache kmalloc-1k of size 1024
[  867.382457][T11682] The buggy address is located 8 bytes to the right of
[  867.382457][T11682]  allocated 536-byte region [ffff888058ef6800, ffff888058ef6a18)
[  867.396972][T11682] 
[  867.399327][T11682] The buggy address belongs to the physical page:
[  867.405739][T11682] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x58ef0
[  867.414516][T11682] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  867.423030][T11682] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  867.430596][T11682] page_type: f5(slab)
[  867.434597][T11682] raw: 00fff00000000040 ffff88801b841dc0 ffffea0000a08200 dead000000000002
[  867.443200][T11682] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  867.451801][T11682] head: 00fff00000000040 ffff88801b841dc0 ffffea0000a08200 dead000000000002
[  867.460488][T11682] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  867.469172][T11682] head: 00fff00000000003 ffffea000163bc01 00000000ffffffff 00000000ffffffff
[  867.477859][T11682] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  867.486533][T11682] page dumped because: kasan: bad access detected
[  867.492947][T11682] page_owner tracks the page as allocated
[  867.498659][T11682] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 15, tgid 15 (ksoftirqd/0), ts 214101605408, free_ts 213869683974
[  867.517703][T11682]  post_alloc_hook+0x1c0/0x230
[  867.522497][T11682]  get_page_from_freelist+0x1321/0x3890
[  867.528074][T11682]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  867.533996][T11682]  alloc_pages_mpol+0x1fb/0x550
[  867.538879][T11682]  new_slab+0x23b/0x330
[  867.543052][T11682]  ___slab_alloc+0xd9c/0x1940
[  867.547745][T11682]  __slab_alloc.constprop.0+0x56/0xb0
[  867.553140][T11682]  __kmalloc_noprof+0x2f2/0x510
[  867.558024][T11682]  ieee802_11_parse_elems_full+0x1db/0x3770
[  867.563974][T11682]  ieee80211_inform_bss+0x10b/0x1140
[  867.569292][T11682]  cfg80211_inform_single_bss_data+0x8ea/0x1df0
[  867.575556][T11682]  cfg80211_inform_bss_data+0x224/0x3bc0
[  867.581209][T11682]  cfg80211_inform_bss_frame_data+0x26f/0x750
[  867.587303][T11682]  ieee80211_bss_info_update+0x310/0xab0
[  867.592972][T11682]  ieee80211_scan_rx+0x4cf/0xb30
[  867.597939][T11682]  ieee80211_rx_list+0x1bdb/0x2980
[  867.603088][T11682] page last free pid 6138 tgid 6138 stack trace:
[  867.609418][T11682]  __free_frozen_pages+0x7fe/0x1180
[  867.614638][T11682]  __put_partials+0x16d/0x1c0
[  867.619339][T11682]  qlist_free_all+0x4d/0x120
[  867.623954][T11682]  kasan_quarantine_reduce+0x195/0x1e0
[  867.629446][T11682]  __kasan_slab_alloc+0x69/0x90
[  867.634329][T11682]  kmem_cache_alloc_noprof+0x1cb/0x3b0
[  867.639816][T11682]  __kernfs_new_node+0xd2/0x8e0
[  867.644698][T11682]  kernfs_new_node+0x13c/0x1e0
[  867.649475][T11682]  __kernfs_create_file+0x53/0x350
[  867.654611][T11682]  sysfs_add_file_mode_ns+0x207/0x3c0
[  867.660012][T11682]  internal_create_group+0x578/0xf30
[  867.665333][T11682]  internal_create_groups+0x9d/0x150
[  867.670655][T11682]  device_add+0xf30/0x1a70
[  867.675094][T11682]  netdev_register_kobject+0x182/0x3a0
[  867.680602][T11682]  register_netdevice+0x13dc/0x2270
[  867.685825][T11682]  register_netdev+0x34/0x50
[  867.690440][T11682] 
[  867.692764][T11682] Memory state around the buggy address:
[  867.698394][T11682]  ffff888058ef6900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  867.706468][T11682]  ffff888058ef6980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  867.714538][T11682] >ffff888058ef6a00: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[  867.722604][T11682]                                ^
[  867.727716][T11682]  ffff888058ef6a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  867.735787][T11682]  ffff888058ef6b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  867.743852][T11682] ==================================================================
[  867.772751][T11682] ==================================================================
[  867.780835][T11682] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x90b/0xa10
[  867.788513][T11682] Read of size 2 at addr ffff888058ef6a22 by task syz.9.1166/11682
[  867.796428][T11682] 
[  867.798779][T11682] CPU: 0 UID: 0 PID: 11682 Comm: syz.9.1166 Tainted: G    B               6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  867.798837][T11682] Tainted: [B]=BAD_PAGE
[  867.798851][T11682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  867.798875][T11682] Call Trace:
[  867.798886][T11682]  <TASK>
[  867.798899][T11682]  dump_stack_lvl+0x116/0x1f0
[  867.798941][T11682]  print_report+0xcd/0x610
[  867.798997][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  867.799044][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  867.799091][T11682]  ? __phys_addr+0xe8/0x180
[  867.799139][T11682]  ? hfsplus_uni2asc+0x90b/0xa10
[  867.799193][T11682]  kasan_report+0xe0/0x110
[  867.799250][T11682]  ? hfsplus_uni2asc+0x90b/0xa10
[  867.799311][T11682]  hfsplus_uni2asc+0x90b/0xa10
[  867.799372][T11682]  hfsplus_listxattr+0x6f6/0xe30
[  867.799446][T11682]  ? __pfx_hfsplus_listxattr+0x10/0x10
[  867.799508][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  867.799560][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  867.799612][T11682]  ? mntput+0x10/0x90
[  867.799658][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  867.799707][T11682]  ? terminate_walk+0x31c/0x680
[  867.799786][T11682]  ? __pfx_hfsplus_listxattr+0x10/0x10
[  867.799851][T11682]  vfs_listxattr+0xba/0x140
[  867.799902][T11682]  listxattr+0x102/0x1a0
[  867.799952][T11682]  path_listxattrat+0x151/0x370
[  867.800006][T11682]  ? __pfx_path_listxattrat+0x10/0x10
[  867.800057][T11682]  ? xfd_validate_state+0x61/0x180
[  867.800121][T11682]  do_syscall_64+0xcd/0x4c0
[  867.800164][T11682]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  867.800203][T11682] RIP: 0033:0x7fadec18e9a9
[  867.800231][T11682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  867.800270][T11682] RSP: 002b:00007fade9fd5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3
[  867.800306][T11682] RAX: ffffffffffffffda RBX: 00007fadec3b6080 RCX: 00007fadec18e9a9
[  867.800333][T11682] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000
[  867.800357][T11682] RBP: 00007fadec210d69 R08: 0000000000000000 R09: 0000000000000000
[  867.800381][T11682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  867.800404][T11682] R13: 0000000000000001 R14: 00007fadec3b6080 R15: 00007ffdc7b28e08
[  867.800448][T11682]  </TASK>
[  867.800460][T11682] 
[  868.029756][T11682] Allocated by task 11682:
[  868.034184][T11682]  kasan_save_stack+0x33/0x60
[  868.038894][T11682]  kasan_save_track+0x14/0x30
[  868.043600][T11682]  __kasan_kmalloc+0xaa/0xb0
[  868.048216][T11682]  __kmalloc_noprof+0x223/0x510
[  868.053095][T11682]  hfsplus_find_init+0x95/0x1f0
[  868.057973][T11682]  hfsplus_listxattr+0x46b/0xe30
[  868.062946][T11682]  vfs_listxattr+0xba/0x140
[  868.067475][T11682]  listxattr+0x102/0x1a0
[  868.071741][T11682]  path_listxattrat+0x151/0x370
[  868.076618][T11682]  do_syscall_64+0xcd/0x4c0
[  868.081140][T11682]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  868.087049][T11682] 
[  868.089372][T11682] The buggy address belongs to the object at ffff888058ef6800
[  868.089372][T11682]  which belongs to the cache kmalloc-1k of size 1024
[  868.103441][T11682] The buggy address is located 10 bytes to the right of
[  868.103441][T11682]  allocated 536-byte region [ffff888058ef6800, ffff888058ef6a18)
[  868.118035][T11682] 
[  868.120359][T11682] The buggy address belongs to the physical page:
[  868.126766][T11682] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x58ef0
[  868.135539][T11682] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  868.144050][T11682] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  868.151604][T11682] page_type: f5(slab)
[  868.155598][T11682] raw: 00fff00000000040 ffff88801b841dc0 ffffea0000a08200 dead000000000002
[  868.164195][T11682] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  868.172795][T11682] head: 00fff00000000040 ffff88801b841dc0 ffffea0000a08200 dead000000000002
[  868.181483][T11682] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  868.190168][T11682] head: 00fff00000000003 ffffea000163bc01 00000000ffffffff 00000000ffffffff
[  868.198854][T11682] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  868.207530][T11682] page dumped because: kasan: bad access detected
[  868.213943][T11682] page_owner tracks the page as allocated
[  868.219656][T11682] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 15, tgid 15 (ksoftirqd/0), ts 214101605408, free_ts 213869683974
[  868.238707][T11682]  post_alloc_hook+0x1c0/0x230
[  868.243498][T11682]  get_page_from_freelist+0x1321/0x3890
[  868.249072][T11682]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  868.254992][T11682]  alloc_pages_mpol+0x1fb/0x550
[  868.259875][T11682]  new_slab+0x23b/0x330
[  868.264045][T11682]  ___slab_alloc+0xd9c/0x1940
[  868.268738][T11682]  __slab_alloc.constprop.0+0x56/0xb0
[  868.274130][T11682]  __kmalloc_noprof+0x2f2/0x510
[  868.279005][T11682]  ieee802_11_parse_elems_full+0x1db/0x3770
[  868.284940][T11682]  ieee80211_inform_bss+0x10b/0x1140
[  868.290262][T11682]  cfg80211_inform_single_bss_data+0x8ea/0x1df0
[  868.296523][T11682]  cfg80211_inform_bss_data+0x224/0x3bc0
[  868.302177][T11682]  cfg80211_inform_bss_frame_data+0x26f/0x750
[  868.308266][T11682]  ieee80211_bss_info_update+0x310/0xab0
[  868.313931][T11682]  ieee80211_scan_rx+0x4cf/0xb30
[  868.318898][T11682]  ieee80211_rx_list+0x1bdb/0x2980
[  868.324046][T11682] page last free pid 6138 tgid 6138 stack trace:
[  868.330375][T11682]  __free_frozen_pages+0x7fe/0x1180
[  868.335596][T11682]  __put_partials+0x16d/0x1c0
[  868.340300][T11682]  qlist_free_all+0x4d/0x120
[  868.344914][T11682]  kasan_quarantine_reduce+0x195/0x1e0
[  868.350404][T11682]  __kasan_slab_alloc+0x69/0x90
[  868.355290][T11682]  kmem_cache_alloc_noprof+0x1cb/0x3b0
[  868.360775][T11682]  __kernfs_new_node+0xd2/0x8e0
[  868.365658][T11682]  kernfs_new_node+0x13c/0x1e0
[  868.370438][T11682]  __kernfs_create_file+0x53/0x350
[  868.375573][T11682]  sysfs_add_file_mode_ns+0x207/0x3c0
[  868.380975][T11682]  internal_create_group+0x578/0xf30
[  868.386294][T11682]  internal_create_groups+0x9d/0x150
[  868.391614][T11682]  device_add+0xf30/0x1a70
[  868.396052][T11682]  netdev_register_kobject+0x182/0x3a0
[  868.401534][T11682]  register_netdevice+0x13dc/0x2270
[  868.406755][T11682]  register_netdev+0x34/0x50
[  868.411365][T11682] 
[  868.413688][T11682] Memory state around the buggy address:
[  868.419319][T11682]  ffff888058ef6900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  868.427390][T11682]  ffff888058ef6980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  868.435466][T11682] >ffff888058ef6a00: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[  868.443531][T11682]                                ^
[  868.448643][T11682]  ffff888058ef6a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  868.456711][T11682]  ffff888058ef6b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  868.464775][T11682] ==================================================================
[  868.493984][T11682] ==================================================================
[  868.502069][T11682] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x90b/0xa10
[  868.509745][T11682] Read of size 2 at addr ffff888058ef6a24 by task syz.9.1166/11682
[  868.517657][T11682] 
[  868.519997][T11682] CPU: 1 UID: 0 PID: 11682 Comm: syz.9.1166 Tainted: G    B               6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  868.520054][T11682] Tainted: [B]=BAD_PAGE
[  868.520068][T11682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  868.520092][T11682] Call Trace:
[  868.520103][T11682]  <TASK>
[  868.520116][T11682]  dump_stack_lvl+0x116/0x1f0
[  868.520156][T11682]  print_report+0xcd/0x610
[  868.520215][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  868.520262][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  868.520307][T11682]  ? __phys_addr+0xe8/0x180
[  868.520353][T11682]  ? hfsplus_uni2asc+0x90b/0xa10
[  868.520406][T11682]  kasan_report+0xe0/0x110
[  868.520461][T11682]  ? hfsplus_uni2asc+0x90b/0xa10
[  868.520520][T11682]  hfsplus_uni2asc+0x90b/0xa10
[  868.520584][T11682]  hfsplus_listxattr+0x6f6/0xe30
[  868.520650][T11682]  ? __pfx_hfsplus_listxattr+0x10/0x10
[  868.520712][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  868.520764][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  868.520815][T11682]  ? mntput+0x10/0x90
[  868.520860][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  868.520906][T11682]  ? terminate_walk+0x31c/0x680
[  868.520985][T11682]  ? __pfx_hfsplus_listxattr+0x10/0x10
[  868.521047][T11682]  vfs_listxattr+0xba/0x140
[  868.521098][T11682]  listxattr+0x102/0x1a0
[  868.521146][T11682]  path_listxattrat+0x151/0x370
[  868.521201][T11682]  ? __pfx_path_listxattrat+0x10/0x10
[  868.521251][T11682]  ? xfd_validate_state+0x61/0x180
[  868.521313][T11682]  do_syscall_64+0xcd/0x4c0
[  868.521354][T11682]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  868.521392][T11682] RIP: 0033:0x7fadec18e9a9
[  868.521420][T11682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  868.521458][T11682] RSP: 002b:00007fade9fd5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3
[  868.521493][T11682] RAX: ffffffffffffffda RBX: 00007fadec3b6080 RCX: 00007fadec18e9a9
[  868.521519][T11682] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000
[  868.521543][T11682] RBP: 00007fadec210d69 R08: 0000000000000000 R09: 0000000000000000
[  868.521567][T11682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  868.521590][T11682] R13: 0000000000000001 R14: 00007fadec3b6080 R15: 00007ffdc7b28e08
[  868.521626][T11682]  </TASK>
[  868.521639][T11682] 
[  868.750828][T11682] Allocated by task 11682:
[  868.755249][T11682]  kasan_save_stack+0x33/0x60
[  868.759957][T11682]  kasan_save_track+0x14/0x30
[  868.764660][T11682]  __kasan_kmalloc+0xaa/0xb0
[  868.769272][T11682]  __kmalloc_noprof+0x223/0x510
[  868.774148][T11682]  hfsplus_find_init+0x95/0x1f0
[  868.779030][T11682]  hfsplus_listxattr+0x46b/0xe30
[  868.784001][T11682]  vfs_listxattr+0xba/0x140
[  868.788528][T11682]  listxattr+0x102/0x1a0
[  868.792793][T11682]  path_listxattrat+0x151/0x370
[  868.797669][T11682]  do_syscall_64+0xcd/0x4c0
[  868.802198][T11682]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  868.808108][T11682] 
[  868.810436][T11682] The buggy address belongs to the object at ffff888058ef6800
[  868.810436][T11682]  which belongs to the cache kmalloc-1k of size 1024
[  868.824500][T11682] The buggy address is located 12 bytes to the right of
[  868.824500][T11682]  allocated 536-byte region [ffff888058ef6800, ffff888058ef6a18)
[  868.839092][T11682] 
[  868.841414][T11682] The buggy address belongs to the physical page:
[  868.847825][T11682] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x58ef0
[  868.856597][T11682] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  868.865104][T11682] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  868.872659][T11682] page_type: f5(slab)
[  868.876653][T11682] raw: 00fff00000000040 ffff88801b841dc0 ffffea0000a08200 dead000000000002
[  868.885250][T11682] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  868.893847][T11682] head: 00fff00000000040 ffff88801b841dc0 ffffea0000a08200 dead000000000002
[  868.902533][T11682] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  868.911222][T11682] head: 00fff00000000003 ffffea000163bc01 00000000ffffffff 00000000ffffffff
[  868.919906][T11682] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  868.928575][T11682] page dumped because: kasan: bad access detected
[  868.934987][T11682] page_owner tracks the page as allocated
[  868.940697][T11682] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 15, tgid 15 (ksoftirqd/0), ts 214101605408, free_ts 213869683974
[  868.959740][T11682]  post_alloc_hook+0x1c0/0x230
[  868.964532][T11682]  get_page_from_freelist+0x1321/0x3890
[  868.970115][T11682]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  868.976037][T11682]  alloc_pages_mpol+0x1fb/0x550
[  868.980919][T11682]  new_slab+0x23b/0x330
[  868.985090][T11682]  ___slab_alloc+0xd9c/0x1940
[  868.989782][T11682]  __slab_alloc.constprop.0+0x56/0xb0
[  868.995175][T11682]  __kmalloc_noprof+0x2f2/0x510
[  869.000053][T11682]  ieee802_11_parse_elems_full+0x1db/0x3770
[  869.005985][T11682]  ieee80211_inform_bss+0x10b/0x1140
[  869.011303][T11682]  cfg80211_inform_single_bss_data+0x8ea/0x1df0
[  869.017564][T11682]  cfg80211_inform_bss_data+0x224/0x3bc0
[  869.023218][T11682]  cfg80211_inform_bss_frame_data+0x26f/0x750
[  869.029307][T11682]  ieee80211_bss_info_update+0x310/0xab0
[  869.034979][T11682]  ieee80211_scan_rx+0x4cf/0xb30
[  869.039953][T11682]  ieee80211_rx_list+0x1bdb/0x2980
[  869.045103][T11682] page last free pid 6138 tgid 6138 stack trace:
[  869.051439][T11682]  __free_frozen_pages+0x7fe/0x1180
[  869.056660][T11682]  __put_partials+0x16d/0x1c0
[  869.061359][T11682]  qlist_free_all+0x4d/0x120
[  869.065973][T11682]  kasan_quarantine_reduce+0x195/0x1e0
[  869.071460][T11682]  __kasan_slab_alloc+0x69/0x90
[  869.076343][T11682]  kmem_cache_alloc_noprof+0x1cb/0x3b0
[  869.081828][T11682]  __kernfs_new_node+0xd2/0x8e0
[  869.086709][T11682]  kernfs_new_node+0x13c/0x1e0
[  869.091485][T11682]  __kernfs_create_file+0x53/0x350
[  869.096619][T11682]  sysfs_add_file_mode_ns+0x207/0x3c0
[  869.102019][T11682]  internal_create_group+0x578/0xf30
[  869.107340][T11682]  internal_create_groups+0x9d/0x150
[  869.112662][T11682]  device_add+0xf30/0x1a70
[  869.117100][T11682]  netdev_register_kobject+0x182/0x3a0
[  869.122582][T11682]  register_netdevice+0x13dc/0x2270
[  869.127799][T11682]  register_netdev+0x34/0x50
[  869.132407][T11682] 
[  869.134731][T11682] Memory state around the buggy address:
[  869.140362][T11682]  ffff888058ef6900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  869.148441][T11682]  ffff888058ef6980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  869.156514][T11682] >ffff888058ef6a00: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[  869.164579][T11682]                                ^
[  869.169694][T11682]  ffff888058ef6a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  869.177763][T11682]  ffff888058ef6b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  869.185826][T11682] ==================================================================
[  869.244228][ T5213] udevd[5213]: worker [5928] /devices/virtual/block/nbd0 timeout; kill it
[  869.256164][ T5213] udevd[5213]: seq 12027 '/devices/virtual/block/nbd0' killed
[  869.287781][T11682] ==================================================================
[  869.295897][T11682] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x90b/0xa10
[  869.303584][T11682] Read of size 2 at addr ffff888058ef6a26 by task syz.9.1166/11682
[  869.311501][T11682] 
[  869.313845][T11682] CPU: 0 UID: 0 PID: 11682 Comm: syz.9.1166 Tainted: G    B               6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  869.313896][T11682] Tainted: [B]=BAD_PAGE
[  869.313909][T11682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  869.313930][T11682] Call Trace:
[  869.313941][T11682]  <TASK>
[  869.313952][T11682]  dump_stack_lvl+0x116/0x1f0
[  869.313992][T11682]  print_report+0xcd/0x610
[  869.314042][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  869.314086][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  869.314128][T11682]  ? __phys_addr+0xe8/0x180
[  869.314171][T11682]  ? hfsplus_uni2asc+0x90b/0xa10
[  869.314222][T11682]  kasan_report+0xe0/0x110
[  869.314273][T11682]  ? hfsplus_uni2asc+0x90b/0xa10
[  869.314327][T11682]  hfsplus_uni2asc+0x90b/0xa10
[  869.314385][T11682]  hfsplus_listxattr+0x6f6/0xe30
[  869.314450][T11682]  ? __pfx_hfsplus_listxattr+0x10/0x10
[  869.314509][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  869.314561][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  869.314612][T11682]  ? mntput+0x10/0x90
[  869.314657][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  869.314702][T11682]  ? terminate_walk+0x31c/0x680
[  869.314780][T11682]  ? __pfx_hfsplus_listxattr+0x10/0x10
[  869.314842][T11682]  vfs_listxattr+0xba/0x140
[  869.314892][T11682]  listxattr+0x102/0x1a0
[  869.314941][T11682]  path_listxattrat+0x151/0x370
[  869.314992][T11682]  ? __pfx_path_listxattrat+0x10/0x10
[  869.315042][T11682]  ? xfd_validate_state+0x61/0x180
[  869.315105][T11682]  do_syscall_64+0xcd/0x4c0
[  869.315147][T11682]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  869.315189][T11682] RIP: 0033:0x7fadec18e9a9
[  869.315218][T11682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  869.315256][T11682] RSP: 002b:00007fade9fd5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3
[  869.315291][T11682] RAX: ffffffffffffffda RBX: 00007fadec3b6080 RCX: 00007fadec18e9a9
[  869.315317][T11682] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000
[  869.315342][T11682] RBP: 00007fadec210d69 R08: 0000000000000000 R09: 0000000000000000
[  869.315366][T11682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  869.315389][T11682] R13: 0000000000000001 R14: 00007fadec3b6080 R15: 00007ffdc7b28e08
[  869.315425][T11682]  </TASK>
[  869.315437][T11682] 
[  869.544682][T11682] Allocated by task 11682:
[  869.549102][T11682]  kasan_save_stack+0x33/0x60
[  869.553815][T11682]  kasan_save_track+0x14/0x30
[  869.558520][T11682]  __kasan_kmalloc+0xaa/0xb0
[  869.563139][T11682]  __kmalloc_noprof+0x223/0x510
[  869.568022][T11682]  hfsplus_find_init+0x95/0x1f0
[  869.572906][T11682]  hfsplus_listxattr+0x46b/0xe30
[  869.577881][T11682]  vfs_listxattr+0xba/0x140
[  869.582413][T11682]  listxattr+0x102/0x1a0
[  869.586679][T11682]  path_listxattrat+0x151/0x370
[  869.591560][T11682]  do_syscall_64+0xcd/0x4c0
[  869.596081][T11682]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  869.601991][T11682] 
[  869.604315][T11682] The buggy address belongs to the object at ffff888058ef6800
[  869.604315][T11682]  which belongs to the cache kmalloc-1k of size 1024
[  869.618382][T11682] The buggy address is located 14 bytes to the right of
[  869.618382][T11682]  allocated 536-byte region [ffff888058ef6800, ffff888058ef6a18)
[  869.632976][T11682] 
[  869.635325][T11682] The buggy address belongs to the physical page:
[  869.641735][T11682] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x58ef0
[  869.650508][T11682] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  869.659019][T11682] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  869.666577][T11682] page_type: f5(slab)
[  869.670577][T11682] raw: 00fff00000000040 ffff88801b841dc0 ffffea0000a08200 dead000000000002
[  869.679185][T11682] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  869.687785][T11682] head: 00fff00000000040 ffff88801b841dc0 ffffea0000a08200 dead000000000002
[  869.696470][T11682] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  869.705157][T11682] head: 00fff00000000003 ffffea000163bc01 00000000ffffffff 00000000ffffffff
[  869.713847][T11682] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  869.722523][T11682] page dumped because: kasan: bad access detected
[  869.728934][T11682] page_owner tracks the page as allocated
[  869.734650][T11682] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 15, tgid 15 (ksoftirqd/0), ts 214101605408, free_ts 213869683974
[  869.753695][T11682]  post_alloc_hook+0x1c0/0x230
[  869.758490][T11682]  get_page_from_freelist+0x1321/0x3890
[  869.764063][T11682]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  869.769991][T11682]  alloc_pages_mpol+0x1fb/0x550
[  869.774888][T11682]  new_slab+0x23b/0x330
[  869.779063][T11682]  ___slab_alloc+0xd9c/0x1940
[  869.783758][T11682]  __slab_alloc.constprop.0+0x56/0xb0
[  869.789190][T11682]  __kmalloc_noprof+0x2f2/0x510
[  869.794066][T11682]  ieee802_11_parse_elems_full+0x1db/0x3770
[  869.800004][T11682]  ieee80211_inform_bss+0x10b/0x1140
[  869.805325][T11682]  cfg80211_inform_single_bss_data+0x8ea/0x1df0
[  869.811589][T11682]  cfg80211_inform_bss_data+0x224/0x3bc0
[  869.817241][T11682]  cfg80211_inform_bss_frame_data+0x26f/0x750
[  869.823328][T11682]  ieee80211_bss_info_update+0x310/0xab0
[  869.828994][T11682]  ieee80211_scan_rx+0x4cf/0xb30
[  869.833963][T11682]  ieee80211_rx_list+0x1bdb/0x2980
[  869.839111][T11682] page last free pid 6138 tgid 6138 stack trace:
[  869.845440][T11682]  __free_frozen_pages+0x7fe/0x1180
[  869.850661][T11682]  __put_partials+0x16d/0x1c0
[  869.855358][T11682]  qlist_free_all+0x4d/0x120
[  869.859969][T11682]  kasan_quarantine_reduce+0x195/0x1e0
[  869.865465][T11682]  __kasan_slab_alloc+0x69/0x90
[  869.870354][T11682]  kmem_cache_alloc_noprof+0x1cb/0x3b0
[  869.875842][T11682]  __kernfs_new_node+0xd2/0x8e0
[  869.880728][T11682]  kernfs_new_node+0x13c/0x1e0
[  869.885508][T11682]  __kernfs_create_file+0x53/0x350
[  869.890642][T11682]  sysfs_add_file_mode_ns+0x207/0x3c0
[  869.896042][T11682]  internal_create_group+0x578/0xf30
[  869.901362][T11682]  internal_create_groups+0x9d/0x150
[  869.906683][T11682]  device_add+0xf30/0x1a70
[  869.911122][T11682]  netdev_register_kobject+0x182/0x3a0
[  869.916608][T11682]  register_netdevice+0x13dc/0x2270
[  869.921828][T11682]  register_netdev+0x34/0x50
[  869.926440][T11682] 
[  869.928763][T11682] Memory state around the buggy address:
[  869.934399][T11682]  ffff888058ef6900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  869.942471][T11682]  ffff888058ef6980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  869.950544][T11682] >ffff888058ef6a00: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[  869.958607][T11682]                                ^
[  869.963719][T11682]  ffff888058ef6a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  869.971789][T11682]  ffff888058ef6b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  869.979863][T11682] ==================================================================
[  870.023128][T11682] ==================================================================
[  870.031247][T11682] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x90b/0xa10
[  870.038940][T11682] Read of size 2 at addr ffff888058ef6a28 by task syz.9.1166/11682
[  870.046855][T11682] 
[  870.049193][T11682] CPU: 1 UID: 0 PID: 11682 Comm: syz.9.1166 Tainted: G    B               6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  870.049245][T11682] Tainted: [B]=BAD_PAGE
[  870.049257][T11682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  870.049278][T11682] Call Trace:
[  870.049290][T11682]  <TASK>
[  870.049302][T11682]  dump_stack_lvl+0x116/0x1f0
[  870.049341][T11682]  print_report+0xcd/0x610
[  870.049392][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  870.049439][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  870.049482][T11682]  ? __phys_addr+0xe8/0x180
[  870.049525][T11682]  ? hfsplus_uni2asc+0x90b/0xa10
[  870.049574][T11682]  kasan_report+0xe0/0x110
[  870.049626][T11682]  ? hfsplus_uni2asc+0x90b/0xa10
[  870.049683][T11682]  hfsplus_uni2asc+0x90b/0xa10
[  870.049740][T11682]  hfsplus_listxattr+0x6f6/0xe30
[  870.049802][T11682]  ? __pfx_hfsplus_listxattr+0x10/0x10
[  870.049857][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  870.049905][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  870.049953][T11682]  ? mntput+0x10/0x90
[  870.049995][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  870.050038][T11682]  ? terminate_walk+0x31c/0x680
[  870.050126][T11682]  ? __pfx_hfsplus_listxattr+0x10/0x10
[  870.050185][T11682]  vfs_listxattr+0xba/0x140
[  870.050232][T11682]  listxattr+0x102/0x1a0
[  870.050276][T11682]  path_listxattrat+0x151/0x370
[  870.050325][T11682]  ? __pfx_path_listxattrat+0x10/0x10
[  870.050372][T11682]  ? xfd_validate_state+0x61/0x180
[  870.050432][T11682]  do_syscall_64+0xcd/0x4c0
[  870.050472][T11682]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  870.050507][T11682] RIP: 0033:0x7fadec18e9a9
[  870.050533][T11682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  870.050567][T11682] RSP: 002b:00007fade9fd5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3
[  870.050599][T11682] RAX: ffffffffffffffda RBX: 00007fadec3b6080 RCX: 00007fadec18e9a9
[  870.050624][T11682] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000
[  870.050645][T11682] RBP: 00007fadec210d69 R08: 0000000000000000 R09: 0000000000000000
[  870.050667][T11682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  870.050689][T11682] R13: 0000000000000001 R14: 00007fadec3b6080 R15: 00007ffdc7b28e08
[  870.050723][T11682]  </TASK>
[  870.050734][T11682] 
[  870.279856][T11682] Allocated by task 11682:
[  870.284285][T11682]  kasan_save_stack+0x33/0x60
[  870.288992][T11682]  kasan_save_track+0x14/0x30
[  870.293714][T11682]  __kasan_kmalloc+0xaa/0xb0
[  870.298334][T11682]  __kmalloc_noprof+0x223/0x510
[  870.303213][T11682]  hfsplus_find_init+0x95/0x1f0
[  870.308092][T11682]  hfsplus_listxattr+0x46b/0xe30
[  870.313065][T11682]  vfs_listxattr+0xba/0x140
[  870.317593][T11682]  listxattr+0x102/0x1a0
[  870.321859][T11682]  path_listxattrat+0x151/0x370
[  870.326734][T11682]  do_syscall_64+0xcd/0x4c0
[  870.331258][T11682]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  870.337170][T11682] 
[  870.339493][T11682] The buggy address belongs to the object at ffff888058ef6800
[  870.339493][T11682]  which belongs to the cache kmalloc-1k of size 1024
[  870.353570][T11682] The buggy address is located 16 bytes to the right of
[  870.353570][T11682]  allocated 536-byte region [ffff888058ef6800, ffff888058ef6a18)
[  870.368172][T11682] 
[  870.370503][T11682] The buggy address belongs to the physical page:
[  870.376913][T11682] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x58ef0
[  870.385691][T11682] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  870.394216][T11682] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  870.401773][T11682] page_type: f5(slab)
[  870.405766][T11682] raw: 00fff00000000040 ffff88801b841dc0 ffffea0000a08200 dead000000000002
[  870.414363][T11682] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  870.422966][T11682] head: 00fff00000000040 ffff88801b841dc0 ffffea0000a08200 dead000000000002
[  870.431653][T11682] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  870.440361][T11682] head: 00fff00000000003 ffffea000163bc01 00000000ffffffff 00000000ffffffff
[  870.449052][T11682] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  870.457729][T11682] page dumped because: kasan: bad access detected
[  870.464145][T11682] page_owner tracks the page as allocated
[  870.469859][T11682] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 15, tgid 15 (ksoftirqd/0), ts 214101605408, free_ts 213869683974
[  870.488910][T11682]  post_alloc_hook+0x1c0/0x230
[  870.493704][T11682]  get_page_from_freelist+0x1321/0x3890
[  870.499282][T11682]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  870.505205][T11682]  alloc_pages_mpol+0x1fb/0x550
[  870.510107][T11682]  new_slab+0x23b/0x330
[  870.514280][T11682]  ___slab_alloc+0xd9c/0x1940
[  870.518972][T11682]  __slab_alloc.constprop.0+0x56/0xb0
[  870.524366][T11682]  __kmalloc_noprof+0x2f2/0x510
[  870.529246][T11682]  ieee802_11_parse_elems_full+0x1db/0x3770
[  870.535181][T11682]  ieee80211_inform_bss+0x10b/0x1140
[  870.540502][T11682]  cfg80211_inform_single_bss_data+0x8ea/0x1df0
[  870.546764][T11682]  cfg80211_inform_bss_data+0x224/0x3bc0
[  870.552415][T11682]  cfg80211_inform_bss_frame_data+0x26f/0x750
[  870.558509][T11682]  ieee80211_bss_info_update+0x310/0xab0
[  870.564174][T11682]  ieee80211_scan_rx+0x4cf/0xb30
[  870.569173][T11682]  ieee80211_rx_list+0x1bdb/0x2980
[  870.574347][T11682] page last free pid 6138 tgid 6138 stack trace:
[  870.580680][T11682]  __free_frozen_pages+0x7fe/0x1180
[  870.585909][T11682]  __put_partials+0x16d/0x1c0
[  870.590615][T11682]  qlist_free_all+0x4d/0x120
[  870.595234][T11682]  kasan_quarantine_reduce+0x195/0x1e0
[  870.600719][T11682]  __kasan_slab_alloc+0x69/0x90
[  870.605600][T11682]  kmem_cache_alloc_noprof+0x1cb/0x3b0
[  870.611088][T11682]  __kernfs_new_node+0xd2/0x8e0
[  870.615971][T11682]  kernfs_new_node+0x13c/0x1e0
[  870.620746][T11682]  __kernfs_create_file+0x53/0x350
[  870.625879][T11682]  sysfs_add_file_mode_ns+0x207/0x3c0
[  870.631285][T11682]  internal_create_group+0x578/0xf30
[  870.636609][T11682]  internal_create_groups+0x9d/0x150
[  870.641926][T11682]  device_add+0xf30/0x1a70
[  870.646365][T11682]  netdev_register_kobject+0x182/0x3a0
[  870.651848][T11682]  register_netdevice+0x13dc/0x2270
[  870.657068][T11682]  register_netdev+0x34/0x50
[  870.661676][T11682] 
[  870.663998][T11682] Memory state around the buggy address:
[  870.669631][T11682]  ffff888058ef6900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  870.677702][T11682]  ffff888058ef6980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  870.685774][T11682] >ffff888058ef6a00: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[  870.693844][T11682]                                   ^
[  870.699219][T11682]  ffff888058ef6a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  870.707294][T11682]  ffff888058ef6b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  870.715364][T11682] ==================================================================
[  870.767336][T11682] ==================================================================
[  870.775466][T11682] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x90b/0xa10
[  870.783157][T11682] Read of size 2 at addr ffff888058ef6a2a by task syz.9.1166/11682
[  870.791075][T11682] 
[  870.793429][T11682] CPU: 0 UID: 0 PID: 11682 Comm: syz.9.1166 Tainted: G    B               6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  870.793495][T11682] Tainted: [B]=BAD_PAGE
[  870.793509][T11682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  870.793535][T11682] Call Trace:
[  870.793546][T11682]  <TASK>
[  870.793560][T11682]  dump_stack_lvl+0x116/0x1f0
[  870.793606][T11682]  print_report+0xcd/0x610
[  870.793661][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  870.793710][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  870.793756][T11682]  ? __phys_addr+0xe8/0x180
[  870.793805][T11682]  ? hfsplus_uni2asc+0x90b/0xa10
[  870.793859][T11682]  kasan_report+0xe0/0x110
[  870.793918][T11682]  ? hfsplus_uni2asc+0x90b/0xa10
[  870.793980][T11682]  hfsplus_uni2asc+0x90b/0xa10
[  870.794043][T11682]  hfsplus_listxattr+0x6f6/0xe30
[  870.794113][T11682]  ? __pfx_hfsplus_listxattr+0x10/0x10
[  870.794174][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  870.794227][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  870.794279][T11682]  ? mntput+0x10/0x90
[  870.794326][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  870.794373][T11682]  ? terminate_walk+0x31c/0x680
[  870.794462][T11682]  ? __pfx_hfsplus_listxattr+0x10/0x10
[  870.794529][T11682]  vfs_listxattr+0xba/0x140
[  870.794582][T11682]  listxattr+0x102/0x1a0
[  870.794634][T11682]  path_listxattrat+0x151/0x370
[  870.794688][T11682]  ? __pfx_path_listxattrat+0x10/0x10
[  870.794742][T11682]  ? xfd_validate_state+0x61/0x180
[  870.794808][T11682]  do_syscall_64+0xcd/0x4c0
[  870.794851][T11682]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  870.794891][T11682] RIP: 0033:0x7fadec18e9a9
[  870.794920][T11682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  870.794959][T11682] RSP: 002b:00007fade9fd5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3
[  870.794996][T11682] RAX: ffffffffffffffda RBX: 00007fadec3b6080 RCX: 00007fadec18e9a9
[  870.795024][T11682] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000
[  870.795050][T11682] RBP: 00007fadec210d69 R08: 0000000000000000 R09: 0000000000000000
[  870.795075][T11682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  870.795100][T11682] R13: 0000000000000001 R14: 00007fadec3b6080 R15: 00007ffdc7b28e08
[  870.795139][T11682]  </TASK>
[  870.795151][T11682] 
[  870.818009][T11107] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 10
[  870.821227][T11682] Allocated by task 11682:
[  870.821247][T11682]  kasan_save_stack+0x33/0x60
[  871.043118][T11682]  kasan_save_track+0x14/0x30
[  871.047843][T11682]  __kasan_kmalloc+0xaa/0xb0
[  871.052493][T11682]  __kmalloc_noprof+0x223/0x510
[  871.057376][T11682]  hfsplus_find_init+0x95/0x1f0
[  871.062260][T11682]  hfsplus_listxattr+0x46b/0xe30
[  871.067234][T11682]  vfs_listxattr+0xba/0x140
[  871.071770][T11682]  listxattr+0x102/0x1a0
[  871.076043][T11682]  path_listxattrat+0x151/0x370
[  871.080922][T11682]  do_syscall_64+0xcd/0x4c0
[  871.085446][T11682]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  871.091358][T11682] 
[  871.093682][T11682] The buggy address belongs to the object at ffff888058ef6800
[  871.093682][T11682]  which belongs to the cache kmalloc-1k of size 1024
[  871.107749][T11682] The buggy address is located 18 bytes to the right of
[  871.107749][T11682]  allocated 536-byte region [ffff888058ef6800, ffff888058ef6a18)
[  871.122347][T11682] 
[  871.124674][T11682] The buggy address belongs to the physical page:
[  871.131084][T11682] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x58ef0
[  871.139858][T11682] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  871.148371][T11682] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  871.155927][T11682] page_type: f5(slab)
[  871.159922][T11682] raw: 00fff00000000040 ffff88801b841dc0 ffffea0000a08200 dead000000000002
[  871.168523][T11682] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  871.177127][T11682] head: 00fff00000000040 ffff88801b841dc0 ffffea0000a08200 dead000000000002
[  871.185814][T11682] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  871.194505][T11682] head: 00fff00000000003 ffffea000163bc01 00000000ffffffff 00000000ffffffff
[  871.203196][T11682] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  871.211872][T11682] page dumped because: kasan: bad access detected
[  871.218285][T11682] page_owner tracks the page as allocated
[  871.223998][T11682] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 15, tgid 15 (ksoftirqd/0), ts 214101605408, free_ts 213869683974
[  871.243047][T11682]  post_alloc_hook+0x1c0/0x230
[  871.247837][T11682]  get_page_from_freelist+0x1321/0x3890
[  871.253412][T11682]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  871.259341][T11682]  alloc_pages_mpol+0x1fb/0x550
[  871.264222][T11682]  new_slab+0x23b/0x330
[  871.268396][T11682]  ___slab_alloc+0xd9c/0x1940
[  871.273094][T11682]  __slab_alloc.constprop.0+0x56/0xb0
[  871.278489][T11682]  __kmalloc_noprof+0x2f2/0x510
[  871.283364][T11682]  ieee802_11_parse_elems_full+0x1db/0x3770
[  871.289321][T11682]  ieee80211_inform_bss+0x10b/0x1140
[  871.294641][T11682]  cfg80211_inform_single_bss_data+0x8ea/0x1df0
[  871.300904][T11682]  cfg80211_inform_bss_data+0x224/0x3bc0
[  871.306559][T11682]  cfg80211_inform_bss_frame_data+0x26f/0x750
[  871.312650][T11682]  ieee80211_bss_info_update+0x310/0xab0
[  871.318318][T11682]  ieee80211_scan_rx+0x4cf/0xb30
[  871.323286][T11682]  ieee80211_rx_list+0x1bdb/0x2980
[  871.328437][T11682] page last free pid 6138 tgid 6138 stack trace:
[  871.334767][T11682]  __free_frozen_pages+0x7fe/0x1180
[  871.339990][T11682]  __put_partials+0x16d/0x1c0
[  871.344688][T11682]  qlist_free_all+0x4d/0x120
[  871.349302][T11682]  kasan_quarantine_reduce+0x195/0x1e0
[  871.354789][T11682]  __kasan_slab_alloc+0x69/0x90
[  871.359668][T11682]  kmem_cache_alloc_noprof+0x1cb/0x3b0
[  871.365161][T11682]  __kernfs_new_node+0xd2/0x8e0
[  871.370046][T11682]  kernfs_new_node+0x13c/0x1e0
[  871.374841][T11682]  __kernfs_create_file+0x53/0x350
[  871.379976][T11682]  sysfs_add_file_mode_ns+0x207/0x3c0
[  871.385377][T11682]  internal_create_group+0x578/0xf30
[  871.390697][T11682]  internal_create_groups+0x9d/0x150
[  871.396015][T11682]  device_add+0xf30/0x1a70
[  871.400463][T11682]  netdev_register_kobject+0x182/0x3a0
[  871.405956][T11682]  register_netdevice+0x13dc/0x2270
[  871.411197][T11682]  register_netdev+0x34/0x50
[  871.415815][T11682] 
[  871.418138][T11682] Memory state around the buggy address:
[  871.423771][T11682]  ffff888058ef6900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  871.431847][T11682]  ffff888058ef6980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  871.439921][T11682] >ffff888058ef6a00: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[  871.447986][T11682]                                   ^
[  871.453365][T11682]  ffff888058ef6a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  871.461443][T11682]  ffff888058ef6b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  871.469508][T11682] ==================================================================
[  871.503792][T11107] bcachefs (loop2): clean shutdown complete, journal seq 11
[  871.540477][T11682] ==================================================================
[  871.548584][T11682] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x90b/0xa10
[  871.556271][T11682] Read of size 2 at addr ffff888058ef6a2c by task syz.9.1166/11682
[  871.564188][T11682] 
[  871.566529][T11682] CPU: 0 UID: 0 PID: 11682 Comm: syz.9.1166 Tainted: G    B               6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  871.566582][T11682] Tainted: [B]=BAD_PAGE
[  871.566597][T11682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  871.566618][T11682] Call Trace:
[  871.566629][T11682]  <TASK>
[  871.566641][T11682]  dump_stack_lvl+0x116/0x1f0
[  871.566681][T11682]  print_report+0xcd/0x610
[  871.566731][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  871.566774][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  871.566816][T11682]  ? __phys_addr+0xe8/0x180
[  871.566859][T11682]  ? hfsplus_uni2asc+0x90b/0xa10
[  871.566908][T11682]  kasan_report+0xe0/0x110
[  871.566959][T11682]  ? hfsplus_uni2asc+0x90b/0xa10
[  871.567014][T11682]  hfsplus_uni2asc+0x90b/0xa10
[  871.567069][T11682]  hfsplus_listxattr+0x6f6/0xe30
[  871.567130][T11682]  ? __pfx_hfsplus_listxattr+0x10/0x10
[  871.567191][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  871.567238][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  871.567285][T11682]  ? mntput+0x10/0x90
[  871.567327][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  871.567369][T11682]  ? terminate_walk+0x31c/0x680
[  871.567442][T11682]  ? __pfx_hfsplus_listxattr+0x10/0x10
[  871.567499][T11682]  vfs_listxattr+0xba/0x140
[  871.567545][T11682]  listxattr+0x102/0x1a0
[  871.567590][T11682]  path_listxattrat+0x151/0x370
[  871.567638][T11682]  ? __pfx_path_listxattrat+0x10/0x10
[  871.567684][T11682]  ? xfd_validate_state+0x61/0x180
[  871.567744][T11682]  do_syscall_64+0xcd/0x4c0
[  871.567786][T11682]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  871.567821][T11682] RIP: 0033:0x7fadec18e9a9
[  871.567846][T11682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  871.567881][T11682] RSP: 002b:00007fade9fd5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3
[  871.567913][T11682] RAX: ffffffffffffffda RBX: 00007fadec3b6080 RCX: 00007fadec18e9a9
[  871.567937][T11682] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000
[  871.567959][T11682] RBP: 00007fadec210d69 R08: 0000000000000000 R09: 0000000000000000
[  871.567981][T11682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  871.568002][T11682] R13: 0000000000000001 R14: 00007fadec3b6080 R15: 00007ffdc7b28e08
[  871.568036][T11682]  </TASK>
[  871.568051][T11682] 
[  871.797166][T11682] Allocated by task 11682:
[  871.801590][T11682]  kasan_save_stack+0x33/0x60
[  871.806299][T11682]  kasan_save_track+0x14/0x30
[  871.811002][T11682]  __kasan_kmalloc+0xaa/0xb0
[  871.815621][T11682]  __kmalloc_noprof+0x223/0x510
[  871.820507][T11682]  hfsplus_find_init+0x95/0x1f0
[  871.825390][T11682]  hfsplus_listxattr+0x46b/0xe30
[  871.830368][T11682]  vfs_listxattr+0xba/0x140
[  871.834898][T11682]  listxattr+0x102/0x1a0
[  871.839165][T11682]  path_listxattrat+0x151/0x370
[  871.844047][T11682]  do_syscall_64+0xcd/0x4c0
[  871.848572][T11682]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  871.854482][T11682] 
[  871.856830][T11682] The buggy address belongs to the object at ffff888058ef6800
[  871.856830][T11682]  which belongs to the cache kmalloc-1k of size 1024
[  871.870895][T11682] The buggy address is located 20 bytes to the right of
[  871.870895][T11682]  allocated 536-byte region [ffff888058ef6800, ffff888058ef6a18)
[  871.885490][T11682] 
[  871.887813][T11682] The buggy address belongs to the physical page:
[  871.894224][T11682] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x58ef0
[  871.902994][T11682] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  871.911507][T11682] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  871.919062][T11682] page_type: f5(slab)
[  871.923058][T11682] raw: 00fff00000000040 ffff88801b841dc0 ffffea0000a08200 dead000000000002
[  871.931658][T11682] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  871.940258][T11682] head: 00fff00000000040 ffff88801b841dc0 ffffea0000a08200 dead000000000002
[  871.948941][T11682] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  871.957627][T11682] head: 00fff00000000003 ffffea000163bc01 00000000ffffffff 00000000ffffffff
[  871.966343][T11682] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  871.975019][T11682] page dumped because: kasan: bad access detected
[  871.981437][T11682] page_owner tracks the page as allocated
[  871.987153][T11682] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 15, tgid 15 (ksoftirqd/0), ts 214101605408, free_ts 213869683974
[  872.006214][T11682]  post_alloc_hook+0x1c0/0x230
[  872.011007][T11682]  get_page_from_freelist+0x1321/0x3890
[  872.016579][T11682]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  872.022501][T11682]  alloc_pages_mpol+0x1fb/0x550
[  872.027384][T11682]  new_slab+0x23b/0x330
[  872.031558][T11682]  ___slab_alloc+0xd9c/0x1940
[  872.036263][T11682]  __slab_alloc.constprop.0+0x56/0xb0
[  872.041653][T11682]  __kmalloc_noprof+0x2f2/0x510
[  872.046527][T11682]  ieee802_11_parse_elems_full+0x1db/0x3770
[  872.052459][T11682]  ieee80211_inform_bss+0x10b/0x1140
[  872.057776][T11682]  cfg80211_inform_single_bss_data+0x8ea/0x1df0
[  872.064038][T11682]  cfg80211_inform_bss_data+0x224/0x3bc0
[  872.069692][T11682]  cfg80211_inform_bss_frame_data+0x26f/0x750
[  872.075781][T11682]  ieee80211_bss_info_update+0x310/0xab0
[  872.081444][T11682]  ieee80211_scan_rx+0x4cf/0xb30
[  872.086413][T11682]  ieee80211_rx_list+0x1bdb/0x2980
[  872.091560][T11682] page last free pid 6138 tgid 6138 stack trace:
[  872.097885][T11682]  __free_frozen_pages+0x7fe/0x1180
[  872.103105][T11682]  __put_partials+0x16d/0x1c0
[  872.107803][T11682]  qlist_free_all+0x4d/0x120
[  872.112419][T11682]  kasan_quarantine_reduce+0x195/0x1e0
[  872.117904][T11682]  __kasan_slab_alloc+0x69/0x90
[  872.122785][T11682]  kmem_cache_alloc_noprof+0x1cb/0x3b0
[  872.128279][T11682]  __kernfs_new_node+0xd2/0x8e0
[  872.133163][T11682]  kernfs_new_node+0x13c/0x1e0
[  872.137942][T11682]  __kernfs_create_file+0x53/0x350
[  872.143074][T11682]  sysfs_add_file_mode_ns+0x207/0x3c0
[  872.148474][T11682]  internal_create_group+0x578/0xf30
[  872.153790][T11682]  internal_create_groups+0x9d/0x150
[  872.159108][T11682]  device_add+0xf30/0x1a70
[  872.163549][T11682]  netdev_register_kobject+0x182/0x3a0
[  872.169031][T11682]  register_netdevice+0x13dc/0x2270
[  872.174250][T11682]  register_netdev+0x34/0x50
[  872.178860][T11682] 
[  872.181193][T11682] Memory state around the buggy address:
[  872.186824][T11682]  ffff888058ef6900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  872.194896][T11682]  ffff888058ef6980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  872.202965][T11682] >ffff888058ef6a00: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[  872.211029][T11682]                                   ^
[  872.216402][T11682]  ffff888058ef6a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  872.224474][T11682]  ffff888058ef6b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  872.232541][T11682] ==================================================================
[  872.241208][T11107] bcachefs (loop2): marking filesystem clean
[  872.272135][T11682] ==================================================================
[  872.280224][T11682] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x90b/0xa10
[  872.287906][T11682] Read of size 2 at addr ffff888058ef6a2e by task syz.9.1166/11682
[  872.295818][T11682] 
[  872.298167][T11682] CPU: 1 UID: 0 PID: 11682 Comm: syz.9.1166 Tainted: G    B               6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  872.298224][T11682] Tainted: [B]=BAD_PAGE
[  872.298238][T11682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  872.298262][T11682] Call Trace:
[  872.298274][T11682]  <TASK>
[  872.298287][T11682]  dump_stack_lvl+0x116/0x1f0
[  872.298329][T11682]  print_report+0xcd/0x610
[  872.298385][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  872.298438][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  872.298485][T11682]  ? __phys_addr+0xe8/0x180
[  872.298533][T11682]  ? hfsplus_uni2asc+0x90b/0xa10
[  872.298587][T11682]  kasan_report+0xe0/0x110
[  872.298644][T11682]  ? hfsplus_uni2asc+0x90b/0xa10
[  872.298704][T11682]  hfsplus_uni2asc+0x90b/0xa10
[  872.298765][T11682]  hfsplus_listxattr+0x6f6/0xe30
[  872.298833][T11682]  ? __pfx_hfsplus_listxattr+0x10/0x10
[  872.298894][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  872.298947][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  872.298999][T11682]  ? mntput+0x10/0x90
[  872.299045][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  872.299094][T11682]  ? terminate_walk+0x31c/0x680
[  872.299167][T11682]  ? __pfx_hfsplus_listxattr+0x10/0x10
[  872.299226][T11682]  vfs_listxattr+0xba/0x140
[  872.299273][T11682]  listxattr+0x102/0x1a0
[  872.299318][T11682]  path_listxattrat+0x151/0x370
[  872.299366][T11682]  ? __pfx_path_listxattrat+0x10/0x10
[  872.299412][T11682]  ? xfd_validate_state+0x61/0x180
[  872.299474][T11682]  do_syscall_64+0xcd/0x4c0
[  872.299514][T11682]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  872.299549][T11682] RIP: 0033:0x7fadec18e9a9
[  872.299575][T11682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  872.299610][T11682] RSP: 002b:00007fade9fd5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3
[  872.299642][T11682] RAX: ffffffffffffffda RBX: 00007fadec3b6080 RCX: 00007fadec18e9a9
[  872.299666][T11682] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000
[  872.299691][T11682] RBP: 00007fadec210d69 R08: 0000000000000000 R09: 0000000000000000
[  872.299713][T11682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  872.299735][T11682] R13: 0000000000000001 R14: 00007fadec3b6080 R15: 00007ffdc7b28e08
[  872.299769][T11682]  </TASK>
[  872.299781][T11682] 
[  872.528912][T11682] Allocated by task 11682:
[  872.533336][T11682]  kasan_save_stack+0x33/0x60
[  872.538046][T11682]  kasan_save_track+0x14/0x30
[  872.542752][T11682]  __kasan_kmalloc+0xaa/0xb0
[  872.547374][T11682]  __kmalloc_noprof+0x223/0x510
[  872.552299][T11682]  hfsplus_find_init+0x95/0x1f0
[  872.557204][T11682]  hfsplus_listxattr+0x46b/0xe30
[  872.562177][T11682]  vfs_listxattr+0xba/0x140
[  872.566707][T11682]  listxattr+0x102/0x1a0
[  872.570972][T11682]  path_listxattrat+0x151/0x370
[  872.575849][T11682]  do_syscall_64+0xcd/0x4c0
[  872.580371][T11682]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  872.586281][T11682] 
[  872.588604][T11682] The buggy address belongs to the object at ffff888058ef6800
[  872.588604][T11682]  which belongs to the cache kmalloc-1k of size 1024
[  872.602668][T11682] The buggy address is located 22 bytes to the right of
[  872.602668][T11682]  allocated 536-byte region [ffff888058ef6800, ffff888058ef6a18)
[  872.617257][T11682] 
[  872.619580][T11682] The buggy address belongs to the physical page:
[  872.625988][T11682] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x58ef0
[  872.634762][T11682] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  872.643280][T11682] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  872.650837][T11682] page_type: f5(slab)
[  872.654831][T11682] raw: 00fff00000000040 ffff88801b841dc0 ffffea0000a08200 dead000000000002
[  872.663427][T11682] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  872.672028][T11682] head: 00fff00000000040 ffff88801b841dc0 ffffea0000a08200 dead000000000002
[  872.680715][T11682] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  872.689402][T11682] head: 00fff00000000003 ffffea000163bc01 00000000ffffffff 00000000ffffffff
[  872.698087][T11682] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  872.706764][T11682] page dumped because: kasan: bad access detected
[  872.713185][T11682] page_owner tracks the page as allocated
[  872.718901][T11682] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 15, tgid 15 (ksoftirqd/0), ts 214101605408, free_ts 213869683974
[  872.737944][T11682]  post_alloc_hook+0x1c0/0x230
[  872.742734][T11682]  get_page_from_freelist+0x1321/0x3890
[  872.748308][T11682]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  872.754228][T11682]  alloc_pages_mpol+0x1fb/0x550
[  872.759110][T11682]  new_slab+0x23b/0x330
[  872.763285][T11682]  ___slab_alloc+0xd9c/0x1940
[  872.767977][T11682]  __slab_alloc.constprop.0+0x56/0xb0
[  872.773370][T11682]  __kmalloc_noprof+0x2f2/0x510
[  872.778244][T11682]  ieee802_11_parse_elems_full+0x1db/0x3770
[  872.784176][T11682]  ieee80211_inform_bss+0x10b/0x1140
[  872.789495][T11682]  cfg80211_inform_single_bss_data+0x8ea/0x1df0
[  872.795757][T11682]  cfg80211_inform_bss_data+0x224/0x3bc0
[  872.801411][T11682]  cfg80211_inform_bss_frame_data+0x26f/0x750
[  872.807500][T11682]  ieee80211_bss_info_update+0x310/0xab0
[  872.813165][T11682]  ieee80211_scan_rx+0x4cf/0xb30
[  872.818137][T11682]  ieee80211_rx_list+0x1bdb/0x2980
[  872.823286][T11682] page last free pid 6138 tgid 6138 stack trace:
[  872.829614][T11682]  __free_frozen_pages+0x7fe/0x1180
[  872.834833][T11682]  __put_partials+0x16d/0x1c0
[  872.839535][T11682]  qlist_free_all+0x4d/0x120
[  872.844157][T11682]  kasan_quarantine_reduce+0x195/0x1e0
[  872.849644][T11682]  __kasan_slab_alloc+0x69/0x90
[  872.854525][T11682]  kmem_cache_alloc_noprof+0x1cb/0x3b0
[  872.860009][T11682]  __kernfs_new_node+0xd2/0x8e0
[  872.864889][T11682]  kernfs_new_node+0x13c/0x1e0
[  872.869666][T11682]  __kernfs_create_file+0x53/0x350
[  872.874804][T11682]  sysfs_add_file_mode_ns+0x207/0x3c0
[  872.880212][T11682]  internal_create_group+0x578/0xf30
[  872.885530][T11682]  internal_create_groups+0x9d/0x150
[  872.890848][T11682]  device_add+0xf30/0x1a70
[  872.895287][T11682]  netdev_register_kobject+0x182/0x3a0
[  872.900769][T11682]  register_netdevice+0x13dc/0x2270
[  872.905985][T11682]  register_netdev+0x34/0x50
[  872.910593][T11682] 
[  872.912916][T11682] Memory state around the buggy address:
[  872.918548][T11682]  ffff888058ef6900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  872.926617][T11682]  ffff888058ef6980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  872.934685][T11682] >ffff888058ef6a00: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[  872.942751][T11682]                                   ^
[  872.948123][T11682]  ffff888058ef6a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  872.956198][T11682]  ffff888058ef6b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  872.964263][T11682] ==================================================================
[  873.014855][T11682] ==================================================================
[  873.022944][T11682] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x90b/0xa10
[  873.030624][T11682] Read of size 2 at addr ffff888058ef6a30 by task syz.9.1166/11682
[  873.038536][T11682] 
[  873.040883][T11682] CPU: 1 UID: 0 PID: 11682 Comm: syz.9.1166 Tainted: G    B               6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  873.040940][T11682] Tainted: [B]=BAD_PAGE
[  873.040954][T11682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  873.040978][T11682] Call Trace:
[  873.040989][T11682]  <TASK>
[  873.041002][T11682]  dump_stack_lvl+0x116/0x1f0
[  873.041043][T11682]  print_report+0xcd/0x610
[  873.041098][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  873.041145][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  873.041196][T11682]  ? __phys_addr+0xe8/0x180
[  873.041243][T11682]  ? hfsplus_uni2asc+0x90b/0xa10
[  873.041297][T11682]  kasan_report+0xe0/0x110
[  873.041353][T11682]  ? hfsplus_uni2asc+0x90b/0xa10
[  873.041412][T11682]  hfsplus_uni2asc+0x90b/0xa10
[  873.041473][T11682]  hfsplus_listxattr+0x6f6/0xe30
[  873.041539][T11682]  ? __pfx_hfsplus_listxattr+0x10/0x10
[  873.041600][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  873.041652][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  873.041704][T11682]  ? mntput+0x10/0x90
[  873.041751][T11682]  ? srso_alias_return_thunk+0x5/0xfbef5
[  873.041797][T11682]  ? terminate_walk+0x31c/0x680
[  873.041876][T11682]  ? __pfx_hfsplus_listxattr+0x10/0x10
[  873.041939][T11682]  vfs_listxattr+0xba/0x140
[  873.041990][T11682]  listxattr+0x102/0x1a0
[  873.042039][T11682]  path_listxattrat+0x151/0x370
[  873.042091][T11682]  ? __pfx_path_listxattrat+0x10/0x10
[  873.042142][T11682]  ? xfd_validate_state+0x61/0x180
[  873.042211][T11682]  do_syscall_64+0xcd/0x4c0
[  873.042254][T11682]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  873.042292][T11682] RIP: 0033:0x7fadec18e9a9
[  873.042320][T11682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  873.042358][T11682] RSP: 002b:00007fade9fd5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3
[  873.042392][T11682] RAX: ffffffffffffffda RBX: 00007fadec3b6080 RCX: 00007fadec18e9a9
[  873.042421][T11682] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000
[  873.042445][T11682] RBP: 00007fadec210d69 R08: 0000000000000000 R09: 0000000000000000
[  873.042470][T11682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  873.042494][T11682] R13: 0000000000000001 R14: 00007fadec3b6080 R15: 00007ffdc7b28e08
[  873.042531][T11682]  </TASK>
[  873.042544][T11682] 
[  873.271804][T11682] Allocated by task 11682:
[  873.276220][T11682]  kasan_save_stack+0x33/0x60
[  873.280928][T11682]  kasan_save_track+0x14/0x30
[  873.285632][T11682]  __kasan_kmalloc+0xaa/0xb0
[  873.290249][T11682]  __kmalloc_noprof+0x223/0x510
[  873.295126][T11682]  hfsplus_find_init+0x95/0x1f0
[  873.300004][T11682]  hfsplus_listxattr+0x46b/0xe30
[  873.304977][T11682]  vfs_listxattr+0xba/0x140
[  873.309504][T11682]  listxattr+0x102/0x1a0
[  873.313770][T11682]  path_listxattrat+0x151/0x370
[  873.318647][T11682]  do_syscall_64+0xcd/0x4c0
[  873.323167][T11682]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  873.329077][T11682] 
[  873.331403][T11682] The buggy address belongs to the object at ffff888058ef6800
[  873.331403][T11682]  which belongs to the cache kmalloc-1k of size 1024
[  873.345469][T11682] The buggy address is located 24 bytes to the right of
[  873.345469][T11682]  allocated 536-byte region [ffff888058ef6800, ffff888058ef6a18)
[  873.360066][T11682] 
[  873.362399][T11682] The buggy address belongs to the physical page:
[  873.368811][T11682] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x58ef0
[  873.377580][T11682] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  873.386089][T11682] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  873.393649][T11682] page_type: f5(slab)
[  873.397642][T11682] raw: 00fff00000000040 ffff88801b841dc0 ffffea0000a08200 dead000000000002
[  873.406242][T11682] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000