last executing test programs:

3m8.14033758s ago: executing program 3 (id=15):
ioctl$SG_SET_FORCE_PACK_ID(0xffffffffffffffff, 0x227b, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="180500000000c800000000004b64ffec850000007d000000850000002a00000095"], &(0x7f00000001c0)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xa}, 0x2a)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x2, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "87ee8ac6c46dad33", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', '#\x00'}, 0x28)
sendmsg$inet(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000240)="6e37cff5b582e082d58cb23d", 0xc}], 0x1}, 0x0)

3m6.877733286s ago: executing program 3 (id=17):
syz_mount_image$ext4(&(0x7f0000000bc0)='ext4\x00', &(0x7f0000000240)='./file1\x00', 0x4000, &(0x7f0000000000), 0x2, 0xbb8, &(0x7f00000017c0)="$eJzs3M1rXFUbAPDn3kymaZv3nfTlRawbIyItiNOkkmKLYCsVNy4E3QoN6aSETD9IIjVpFhP9B0RdC24EtSgu7LobRbdutN0qLoQisVEQ0cidjyQ2mTS1M70x/f3gzD3nnpl5nmcuM/cemJkA7luD2U0asT8iTiURpeb+NCKK9V5fRK1xv6XF+bFfF+fHklhefumnJJKIuLk4P9Z6rqS53dsc9EXE188m8b831sednp2bHK1WK1PN8aGZsxcOTc/OPTFxdvRM5Uzl3PCRp0YOjxwZOjrSsVp/++74lV8eef6H2u8f/nH557ffT+J49Dfn1tbRKYMxuPKarFWIiNFOB8tJT7OetXUmhds8KO1yUgAAtJWuuYZ7IErRE6sXb6X4/JtckwMAAAA6YrknYhkAAADY4RLrfwAAANjhWt8DuLk4P9Zq+X4j4d66cSIiBhr1LzVbY6YQtfq2L3ojYs/NJNb+rDVpPOyuDUbE99ePfpK16NLvkDdTW4iIBzc6/km9/oH6r7jX159GxFAH4g/eMv431X+8A/Hzrh+A+9PVE40T2frzX7py/RMbnP8KG5y7/om8z3+t67+lddd/q/X3tLn+e3GLMS598O7FdnNZ/U9fee7jVsviZ9u7KuoO3FiIeKiwUf3JSv1Jm/pPbTFG6c+LlXZzede//F7Egdi4/pZk8/8nOjQ+Ua0MNW43jLHw1chH7eLnXX92/Pe0qb/1/0/tjv+FLcZ45eTJT9ftvL7a3bz+9Mdi8nK9V2zueW10ZmZqOKKYvLB+/+HNc2ndp/UcWf0HH938/b9R/dlnQq35OmRrgYXmNhu/fkvMZy5f+qxdPq31X57H/3Sb47+2/i8L64//m1uM8dgXbx1sN7d2/Zu1LH5rLQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALWlE9EeSllf6aVouR+yNiP/HnrR6fnrm8fHzr547nc1FDERvOj5RrQxFRKkxTrLxcL2/Oj58y/jJiNgXEe+UdtfH5bHz1dN5Fw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCKvRHRH0lajog0IpZKaVou550VAAAA0HEDeScAAAAAdJ31PwAAAOx81v8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB02b6Hr15LIqJ2bHe9ZYrNud5cMwO6Lc07ASA3PXknAOSmkHcCQG7ucI3vcgF2oOQ2831tZ3Z1PBcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtq8D+69eSyKidmx3vWWKzbneXDMDui3NOwEgNz2bTRbuXR7AvectDvcva3wguc183+p9an+f2dW1nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYfvrrLUnLEVFs7iuXI/4TEQPRm4xPVCtDEfHfiPi21LsrGw/nnDMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACdNz07NzlarVamsk4azc7KHp3VTtJ4xWrbJR+du+wUY1uksU07eX8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQh+nZucnRarUyNZ13JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDepmfnJker1cpUFzt51wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQH7+CgAA//9gfgp0")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x15)
unshare(0x40400)
mq_notify(0xffffffffffffffff, &(0x7f0000000000)={0x110c230000, 0x3, 0x2})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
open_tree(0xffffffffffffffff, 0x0, 0x81000)
syz_emit_vhci(&(0x7f0000000440)=ANY=[@ANYBLOB="02c8307500710001000202"], 0x7a)
unshare(0x26020480)
openat$dir(0xffffffffffffff9c, 0x0, 0x414301, 0x0)

3m2.734064062s ago: executing program 3 (id=23):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r1, 0x220c)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r2, 0x3)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r3, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r4, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r5, 0x7)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r6, 0x0)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
listen(r7, 0x0)
r8 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$DCCPDIAG_GETSOCK(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c00000012000301000000000000000000009db7000000000000010004000000000000000000000000000000000000000000000000000000691d0f76e77044d1eb94e56239e4"], 0x4c}, 0x1, 0x0, 0x0, 0x20000000}, 0x800)
read(r8, &(0x7f0000000340)=""/209, 0xd1)

3m0.450754661s ago: executing program 3 (id=28):
socket$key(0xf, 0x3, 0x2)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_mount_image$nilfs2(&(0x7f0000000000), &(0x7f0000000f00)='./file1\x00', 0x208800, &(0x7f0000003100)=ANY=[], 0x2, 0xf04, &(0x7f0000000f40)="$eJzs3U9sHNUZAPA3a6/txCZeAwUDJaTQikDBDkmkprcgUI+IS++gkNAIQ1FDD0T8MT0gKiGKhDhVHKi4UCqlSK0EqlShntqeWvXWE+qFSlUqBfXQRkpc2X5vvX72sOuxPbv2/n7St2/fvNn5vslazsx49m0AhlZj5fHkydkihHc/fefRl58qfru87K72GkdWHovYa4UQmh39Itve53HBtSsvndmsLcLxlcfUD49dbr92MoSwGI6Ez0IrfDS/8OWH7z1y9OPXJ2556+Izr+zS7rfl+wEAAPvRpT8v/P2+f/7pgZmrlw6fDuPt5en4vBX7k/G4/1g8UE7Hy42wvl90RKexbL2RGI1svZFsvdEsz2hJvma2nWbJemNd8o10LNtsPwEAAGAvSue1rVA05tb1G425udXz/mWfT48Vc8+dXzh3oU+FAgAAAJX959WVm26FEEIIIUSt0RyAGoQQQgxTLE33+woEAAAAMGzy+cI2WNzZmbraW2v1lv/yw43NXw87oO6ff/n3Vv4PXvMbBwCA6vbr0WTar3QcneYxyOcRHMlet9Xj/0a2ndEt1lk2r+C65cXgvk1l9ef/roOqrP6tvo/9UlZ/Ph/moCqrP5+nc1CV1T9ecx1VldU/UXMdVZXVf6DmOqoqq/9gzXVUVVb/ZM11VFVW/1TNdVRVVv8NNddRVVn9h2quo6qy+vfKbbVl9bdqrqOqsvpnaq6jqrL6b6y5jqrK6r+p5jqqKqv/5prr6Jc7Y5v+HQ5n453nz/k53V45xwMAAIBh9z/z/wkhhBAbYuU+iAGoQ4j9HcUA1CC+Ktp/7xuAWoQQ249X+3r1AQAAABgE6XMB6QPoS1EaH+kyPho/S7QyPrG2Qhpvdnn9WJfx8S7jAAAAQAi/e+PcbW8Xa5/z3+58eB3zRl0PFeYxyie622r+7c57tt38e2XeMgAAAIZL8b3Prt//6PsvzFy9dPh0x9nv9Xi+m+YBHY3XBj6J/XRfwFTWL9I59On1eRol6+XXB24o297j29xRAAAAGGLp/L0VisZcx3l3KzQac3Nr5+OzoVmcO79w9ljsp+9n+eN0c3x5+UM11w0AAAD0bu18f/Pz//Q9vrNhrJh77vzCuQur/an28maj87rA9NryovO6QCtbfrxk+YnYT9/f+YPpAyvL5878cOGpnd55AAAAGBIXXrz4zJMLC2d/5IknnnjSftLv30wAAMBO++KLd5o/PjH1+9XP/6/Nf5c+/38k9ltxbr+/xBXSfQLpcwAbPq//xPo802XrPb9+vVa23kiM8azuiY7tLDuQvW6mLF9r/XbGSvJNZvmmsnz5PAWj2fop36FseT4/YVpvOluez8M4muUosvx3BwAAACg3/8Kzz89fePHig+efffLps0+ffe7E8VPfPXXq2EPfeWh+5b7++c67+wEAAIC9aO2m335XAgAAAAAAAAAAAAAAAAAAAMOrjq8T6/c+AgAAwLD796shhEUhhKgcS+P9r0EIIYQQQog9Eyvf7V5/3ka/rz8AAAAAw+falZfOhDARQlhuN7FY7Gi+9tZaq831K6t5Uzv14N9mliOtdvnhkXWvP7ij1TDsrsWfu9RusMM///LvrfwfvLaz+SfSk55//2WXjE9Xy3vv/C9nO/PfPtpj/nz/H6+W/2iW/97QW/6l97P8T1TLf1+W/2CP+Tfs//PV8t8f88/G/tF7es2//v0fj23ajwM95v92tv9PhV7zZ/vf6jFh5oGYHwCG0X69ASAdJaTj6MnYT/sbDzfDSPa6rR7/N7LtjG678vXbTcdBt8Z+Ol6ayvImW61/MtveDRXrzOV1Daqy+nfqfdxtZfU3a66jqrL6x2quo6qy+sdrrqOqsvonaq6jqrL6ez0P7bey+vfKdeWy+idrrqOqsvqnaq6jqrL6t/r/eL+U1X+o5jqqKqt/uuY6qiqrv+JltdqV1T9Tcx1VldV/Y811VFVW/00111FVWf0311xHv9wR27Lz4XT+OR3HUr+V9cc3+bfcr9cWAAAAYK/519DO/xevdPS9DiGEEELs1ZgY9GOJZFe2P7rL2xd1x3+XVvW7DiHE7sXSUt1XHBgku/tpZgAGld//w837P9y8/8PN+89XSffwF1k/GekyPtplvNllfCwbz39ex7uM35Rtdyld14xu7jL+tS7jh7qM39plfLbL+G1dxm/vMn5Hl3EAAACGwy2xdX4IAAAA+9fLv/rkzd/c+8SVmauXDp8OYxvmnT8W++Pxb+tvxH4+733SjH/z/0ns/yK2f4jtP7L13X8CAAAAuy99T4y//wMAAMD+lb6n1Pk/AAAA7F8zsXX+DwAAAPvXjbF1/g8AAAD7WDGx+eLYpusCd8e213n9AIDB9/XY3hnbw7G9K7bfiG06Drgntt+sqT4AYOf8/Ps/PfV2sTbf/4ls/FpcntoNFlevFBSN9TP5H4jtwdh+q8d68u8D6DV/cqjHPLuVf3qb+QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/aOx8njy5GwRwrufvvPoz8be/OvysrvaaxxZeSxirxVCaLZfl0bX+r+OK1678tKZzvZ6bItwPBShaC8Pj11uZ5oMISyGI+Gz0AofzS98+eF7jxz9+PWJW966+Mwru/hPsG7/AAAAYD/6fwAAAP//ScMebw==")
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x20, 0x0, 0x0)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x26e1, 0x0)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000500)={0xffffffffffffffff, &(0x7f0000000380), &(0x7f0000000400)=""/236}, 0x20)
socket$nl_xfrm(0x10, 0x3, 0x6)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)=ANY=[])
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, 0x0, &(0x7f0000001200)='syzkaller\x00'}, 0x94)
fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)

2m54.669853638s ago: executing program 3 (id=37):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r4 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r4)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r5 = syz_clone(0x2180, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_procfs(r5, 0x0)

2m52.194044327s ago: executing program 3 (id=41):
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000940)={0x38, 0x5, 0x0, 0x4, 0x0, 0xb49, 0x6, 0x8, 0x0, 0x9}, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r2, 0x0, 0x0, 0x20008840, 0x0, 0x0)
ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc02c5625, &(0x7f0000000180)={0x8000, 0xc5fb, @value=0x3})
r3 = add_key$keyring(&(0x7f0000000300), &(0x7f00000002c0)={'syz', 0x2}, 0x0, 0x0, 0x0)
add_key$user(&(0x7f0000000280), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000580)="00fd67c6d222406b096cc34801001000647418aaf9b90732f41ec9591b532723e017c8c54d863ecd9b0df09072030025c3a03ce14a48716ba2f4127d38d2129825d9fff7065d51f973ee7ad483b1b28e4aa696cd0d0000b1e1caee2a1ffdbff2b7601618da596d1db25ba3cd0e6c352a27bcb491e01f716712f22f38ce63658951ffe9c3e755a5669dfd0aa44a04dfd4e3df02b0bfd0781bc9607466d4fd536faac836", 0xa3, r3)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), 0x0, 0x0, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, 0x0, &(0x7f00000000c0)=""/83, 0x53, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)={0x48, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x0, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x0, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP_TO={0x0, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x0, 0x2, 0x1, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}}}, @IPSET_ATTR_SIZE={0x0, 0x17, 0x1, 0x0, 0x6}, @IPSET_ATTR_MARKMASK={0x0, 0xb, 0x1, 0x0, 0x5}, @IPSET_ATTR_MARK={0x0, 0xa, 0x1, 0x0, 0x2}, @IPSET_ATTR_PORT={0x0, 0x4, 0x1, 0x0, 0x4e27}, @IPSET_ATTR_IP_TO={0x0, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x0, 0x2, 0x1, 0x0, @remote}}, @IPSET_ATTR_LINENO={0x0, 0x9, 0x1, 0x0, 0x5}, @IPSET_ATTR_MARK={0x0, 0xa, 0x1, 0x0, 0x7fffffff}, @IPSET_ATTR_BUCKETSIZE={0x0, 0x15, 0x9}]}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'bitmap:ip,mac\x00'}]}, 0x48}, 0x1, 0x0, 0x0, 0x8000}, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x7, 0x6, 0x5, 0x0, 0x0, {0x1, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004080}, 0x48810)

2m35.784618472s ago: executing program 32 (id=41):
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000940)={0x38, 0x5, 0x0, 0x4, 0x0, 0xb49, 0x6, 0x8, 0x0, 0x9}, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r2, 0x0, 0x0, 0x20008840, 0x0, 0x0)
ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc02c5625, &(0x7f0000000180)={0x8000, 0xc5fb, @value=0x3})
r3 = add_key$keyring(&(0x7f0000000300), &(0x7f00000002c0)={'syz', 0x2}, 0x0, 0x0, 0x0)
add_key$user(&(0x7f0000000280), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000580)="00fd67c6d222406b096cc34801001000647418aaf9b90732f41ec9591b532723e017c8c54d863ecd9b0df09072030025c3a03ce14a48716ba2f4127d38d2129825d9fff7065d51f973ee7ad483b1b28e4aa696cd0d0000b1e1caee2a1ffdbff2b7601618da596d1db25ba3cd0e6c352a27bcb491e01f716712f22f38ce63658951ffe9c3e755a5669dfd0aa44a04dfd4e3df02b0bfd0781bc9607466d4fd536faac836", 0xa3, r3)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), 0x0, 0x0, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, 0x0, &(0x7f00000000c0)=""/83, 0x53, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)={0x48, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x0, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x0, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP_TO={0x0, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x0, 0x2, 0x1, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}}}, @IPSET_ATTR_SIZE={0x0, 0x17, 0x1, 0x0, 0x6}, @IPSET_ATTR_MARKMASK={0x0, 0xb, 0x1, 0x0, 0x5}, @IPSET_ATTR_MARK={0x0, 0xa, 0x1, 0x0, 0x2}, @IPSET_ATTR_PORT={0x0, 0x4, 0x1, 0x0, 0x4e27}, @IPSET_ATTR_IP_TO={0x0, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x0, 0x2, 0x1, 0x0, @remote}}, @IPSET_ATTR_LINENO={0x0, 0x9, 0x1, 0x0, 0x5}, @IPSET_ATTR_MARK={0x0, 0xa, 0x1, 0x0, 0x7fffffff}, @IPSET_ATTR_BUCKETSIZE={0x0, 0x15, 0x9}]}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'bitmap:ip,mac\x00'}]}, 0x48}, 0x1, 0x0, 0x0, 0x8000}, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x7, 0x6, 0x5, 0x0, 0x0, {0x1, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004080}, 0x48810)

2m25.317483067s ago: executing program 1 (id=85):
modify_ldt$write(0x1, &(0x7f0000000040)={0x270}, 0x10)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
read(r0, &(0x7f0000000080)=""/1, 0x1)
shutdown(r0, 0x1)
r1 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x6, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000640), r2)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000000)={'wpan0\x00'})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[], 0x54}}, 0x0)
sendmsg$NL802154_CMD_NEW_SEC_DEV(0xffffffffffffffff, 0x0, 0x20040)
r3 = fsmount(r1, 0x1, 0x0)
r4 = openat$cgroup_subtree(r3, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000300)=ANY=[@ANYBLOB='-cpu'], 0x5)
read$FUSE(r0, 0x0, 0x0)
fsopen(&(0x7f00000009c0)='9p\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r5, &(0x7f00000000c0)={0x90000005})
connect$unix(r5, &(0x7f0000000140)=@file={0x0, './file0\x00'}, 0x6e)
close(0x3)

2m22.464020854s ago: executing program 1 (id=89):
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000bc0)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x4000, &(0x7f0000000000), 0x2, 0xbb8, &(0x7f00000017c0)="$eJzs3M1rXFUbAPDn3kymaZv3nfTlRawbIyItiNOkkmKLYCsVNy4E3QoN6aSETD9IIjVpFhP9B0RdC24EtSgu7LobRbdutN0qLoQisVEQ0cidjyQ2mTS1M70x/f3gzD3nnpl5nmcuM/cemJkA7luD2U0asT8iTiURpeb+NCKK9V5fRK1xv6XF+bFfF+fHklhefumnJJKIuLk4P9Z6rqS53dsc9EXE188m8b831sednp2bHK1WK1PN8aGZsxcOTc/OPTFxdvRM5Uzl3PCRp0YOjxwZOjrSsVp/++74lV8eef6H2u8f/nH557ffT+J49Dfn1tbRKYMxuPKarFWIiNFOB8tJT7OetXUmhds8KO1yUgAAtJWuuYZ7IErRE6sXb6X4/JtckwMAAAA6YrknYhkAAADY4RLrfwAAANjhWt8DuLk4P9Zq+X4j4d66cSIiBhr1LzVbY6YQtfq2L3ojYs/NJNb+rDVpPOyuDUbE99ePfpK16NLvkDdTW4iIBzc6/km9/oH6r7jX159GxFAH4g/eMv431X+8A/Hzrh+A+9PVE40T2frzX7py/RMbnP8KG5y7/om8z3+t67+lddd/q/X3tLn+e3GLMS598O7FdnNZ/U9fee7jVsviZ9u7KuoO3FiIeKiwUf3JSv1Jm/pPbTFG6c+LlXZzede//F7Egdi4/pZk8/8nOjQ+Ua0MNW43jLHw1chH7eLnXX92/Pe0qb/1/0/tjv+FLcZ45eTJT9ftvL7a3bz+9Mdi8nK9V2zueW10ZmZqOKKYvLB+/+HNc2ndp/UcWf0HH938/b9R/dlnQq35OmRrgYXmNhu/fkvMZy5f+qxdPq31X57H/3Sb47+2/i8L64//m1uM8dgXbx1sN7d2/Zu1LH5rLQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALWlE9EeSllf6aVouR+yNiP/HnrR6fnrm8fHzr547nc1FDERvOj5RrQxFRKkxTrLxcL2/Oj58y/jJiNgXEe+UdtfH5bHz1dN5Fw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCKvRHRH0lajog0IpZKaVou550VAAAA0HEDeScAAAAAdJ31PwAAAOx81v8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB02b6Hr15LIqJ2bHe9ZYrNud5cMwO6Lc07ASA3PXknAOSmkHcCQG7ucI3vcgF2oOQ2831tZ3Z1PBcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtq8D+69eSyKidmx3vWWKzbneXDMDui3NOwEgNz2bTRbuXR7AvectDvcva3wguc183+p9an+f2dW1nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYfvrrLUnLEVFs7iuXI/4TEQPRm4xPVCtDEfHfiPi21LsrGw/nnDMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACdNz07NzlarVamsk4azc7KHp3VTtJ4xWrbJR+du+wUY1uksU07eX8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQh+nZucnRarUyNZ13JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDepmfnJker1cpUFzt51wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQH7+CgAA//9gfgp0")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_TRANSFER(0xffffffffffffffff, 0xc02064cc, &(0x7f00000001c0)={0x0, 0x0, 0x1, 0x55})
r4 = syz_open_dev$vim2m(&(0x7f0000000140), 0x3, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f00000000c0)={0x5, 0x1, 0x1})

2m18.381876182s ago: executing program 1 (id=93):
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa06}, 0x94)
sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x20040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r1, 0x28, 0x2, &(0x7f0000000040)=0x3, 0x8)
syz_clone(0x2001100, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x5, 0x10, &(0x7f0000000180)=@framed={{0x18, 0x8}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xffff8000}, {}, {0x7, 0x0, 0xb, 0x9}}, @printk]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

2m14.814674957s ago: executing program 1 (id=98):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{}, 0x0, &(0x7f0000000280)='%pS    \x00'}, 0x20)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='f2fs_get_victim\x00', r0}, 0x18)
readv(0xffffffffffffffff, 0x0, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000580)='\x00', 0x89901)
fchdir(r4)
close(r4)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x8100, &(0x7f0000001dc0)={0xf, 0x86, 0x100000}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sched_switch\x00'}, 0x10)

2m11.558155056s ago: executing program 1 (id=103):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0xfffc, 0x1008b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0xf, 0x4, 0x4, 0xe02}, 0x50)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bond0\x00', <r4=>0x0})
setsockopt$packet_int(r3, 0x107, 0x14, &(0x7f0000000180)=0x2, 0x4)
setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000000)=0x3da, 0x4)
sendto$packet(r3, &(0x7f00000000c0)="3f03fe7f0302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r4, 0x1, 0x0, 0x6, @multicast}, 0x14)

2m8.707135966s ago: executing program 1 (id=107):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, 0x0)
bind$can_raw(0xffffffffffffffff, &(0x7f0000000000), 0x10)
setsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, &(0x7f00000000c0), 0xf00)
sendmsg$nl_route_sched(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, {0xb, 0x6}, {0xffff, 0xfff9}, {0x1}}}, 0x24}}, 0x4)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
r2 = syz_open_dev$MSR(&(0x7f0000000000), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socket(0x10, 0x3, 0x0)
r3 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="e000000010000c0927bd7000ffdbdf256a6974746572656e74726f70795f726e67000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000200000000000000000000097333c54fd2f5e8d6883ed2be179a9feaafae6e3e96000473eb24e04e784aabbab198f03f35e1826dc27d1664a691645724e92c6"], 0xe0}}, 0x0)
sendmsg$nl_crypto(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="f0000000120003"], 0xf0}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = openat$pfkey(0xffffffffffffff9c, 0x0, 0x2000, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r5, 0xc018937c, &(0x7f0000000100)={{0x1, 0x1, 0x18, r3, {0x2}}, './file0\x00'})
sendmsg$nl_generic(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYRESDEC=r4], 0x14}, 0x1, 0x0, 0x0, 0x440d7}, 0x8000000)

1m55.041030531s ago: executing program 5 (id=125):
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
bind(0xffffffffffffffff, &(0x7f00000002c0)=@ax25={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x4}, [@null, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @null, @null, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default]}, 0x80)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x4, 0x1000085}, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0x2)
read$msr(r0, &(0x7f0000019680)=""/102384, 0x18ff0)
openat(0xffffffffffffff9c, 0x0, 0x2040, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x48)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f00000000c0)='./file0\x00')
r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x100)
getdents(r1, &(0x7f0000000100)=""/173, 0xad)
dup(0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0x4c}, 0x50)
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)

1m52.113196639s ago: executing program 33 (id=107):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, 0x0)
bind$can_raw(0xffffffffffffffff, &(0x7f0000000000), 0x10)
setsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, &(0x7f00000000c0), 0xf00)
sendmsg$nl_route_sched(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, {0xb, 0x6}, {0xffff, 0xfff9}, {0x1}}}, 0x24}}, 0x4)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
r2 = syz_open_dev$MSR(&(0x7f0000000000), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socket(0x10, 0x3, 0x0)
r3 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="e000000010000c0927bd7000ffdbdf256a6974746572656e74726f70795f726e67000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000200000000000000000000097333c54fd2f5e8d6883ed2be179a9feaafae6e3e96000473eb24e04e784aabbab198f03f35e1826dc27d1664a691645724e92c6"], 0xe0}}, 0x0)
sendmsg$nl_crypto(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="f0000000120003"], 0xf0}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = openat$pfkey(0xffffffffffffff9c, 0x0, 0x2000, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r5, 0xc018937c, &(0x7f0000000100)={{0x1, 0x1, 0x18, r3, {0x2}}, './file0\x00'})
sendmsg$nl_generic(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYRESDEC=r4], 0x14}, 0x1, 0x0, 0x0, 0x440d7}, 0x8000000)

1m51.084494188s ago: executing program 5 (id=132):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x2}, 0x0)
syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000280)='./bus\x00', 0x4000, &(0x7f0000000500)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c004845160000000000", @ANYRES64, @ANYRES32, @ANYRESHEX, @ANYRESDEC], 0x1, 0x2cb, &(0x7f0000000ac0)="$eJzs3U9LW1kYx/GfJmNiHE0Ww8AMDHOY2cxsgpN5ATNhUBgmMMUaabsoXOtNG3KbyL3BEik1m9JtX4d02V2h7RtwU7rpvjspFLpxUXqL9yaaaJLGkD9avx+Q8yTPeXKO5ihPLiTuX3t8t1Tw0gWrqum40bRU14GUOowaphrjdBDPqFVdv899ePPT1es3/svmcksrxixnV//MGGMWfn5+7/6TX15W59aeLjyLaS91c/995u3ezN4P+59W7xQ9U/RMuVI1llmvVKrWumObjaJXShtzxbEtzzbFsme7bfmCU9ncrBmrvDGf2HRtzzNWuWZKds1UK6bq1ox12yqWTTqdNvMJXW7RPubkd1dWrGzXtB8Z6o4wcrOd7nTdbL1zMr87hj0BAIBzpnf/H/b63fv/3Fo4nqX///7L/b9E/z8i9bZbXfr/b8e4IYyc62atROP3tx39PwAAAAAAAAAAAAAAAAAAAAAAF8GB7yd9308ejo27gtsxSXFJfiN/VNDP28pxYbQ+/37LV9fnP/TXhLaLIWt5415cch5t5bfy4RjmswUV5cjWopL6GJyHhjBe/je3tGgCKb1wdhr1O1v5iGLN+qZUp/qpqBQ+QHv9N0q0rp9RUt91Xj9jOtXP6LdfW+rTSurVLVXkaCM418f1D/4w5p//cyfqZ4N5AAAAAAB8DdLmyKnX70E+mBDX6XxY33J9wPf9nV7XB068vo7qR64lAgAAAAAwFl5tu2Q5ju0OEMQkDVYuDbxor8D3paE+4EBBRJNcvVvwt6RzsI1xBXE1z5gZpPydznRE/T7mRCVN/MdyhmDSf5kAAAAADJtX2z7+Bz/9ev1wRLsBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBy6vfzwJrzT6WaiZ6f9nckMvZvEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADhHPgcAAP//ps0YVA==")
fchmodat(0xffffffffffffff9c, 0x0, 0xfffffffb)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0)
read$msr(r0, &(0x7f0000048040)=""/102392, 0x18ff8)
tkill(0x0, 0xb)
futex(0x0, 0xc, 0x1, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quo'])
r1 = socket$netlink(0x10, 0x3, 0x14)
writev(r1, &(0x7f0000000040)=[{&(0x7f0000000200)="580000001414192340834b80040d8c560a0677bc45ff810500000000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010002081000418e00000004fcff", 0x58}], 0x1)
ioctl$RTC_WKALM_SET(0xffffffffffffffff, 0x4028700f, &(0x7f0000000000)={0x1, 0x1, {0x14, 0x3d, 0x11, 0x800000c, 0x1, 0xe7e, 0x5, 0x40, 0x1}})
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x10, 0xffffffffffffffff, 0x0)
socket$inet6(0xa, 0x200000000003, 0x87)
syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaabb8d90b64abb86dd6000000000302b00fc010000000000000000000000000001fe8000000000000000000000000000aa87000000000000003b02020000070000fe80000000000000000000000000002100000000001090780200000000000000"], 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, 0x0)

1m47.771517126s ago: executing program 5 (id=134):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
close(0xffffffffffffffff)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0xa4242, 0x0)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r4, 0x7a8, &(0x7f0000000100)={{@local}, @hyper, 0x9, 0xffffffffffffff83, 0x5, 0x3, 0x7, 0x3, 0x5})
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000002c0)=ANY=[], 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a000007"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20008040)

1m44.669001343s ago: executing program 5 (id=139):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi0\x00', 0x8080, 0x0)
syz_emit_ethernet(0x5e, &(0x7f0000000500)={@remote, @local, @val={@void, {0x8100, 0x0, 0x1, 0x1}}, {@llc={0x4, {@llc={0xbc, 0x0, "d3", "789c2222584e025ac76cc58949d62fdb20693d84327f438ad03e4853d2aad5879c3d465076e6692dc3462f0c6fb55b543566db8db2d09d3fd4a176436b04edadcc2251d87dc01143f4"}}}}}, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x400}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x2)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)
r2 = add_key(&(0x7f0000000240)='dns_resolver\x00', 0x0, 0x0, 0x0, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x35, 0x88)
bind$rds(0xffffffffffffffff, 0x0, 0x0)
keyctl$chown(0x4, r2, 0xffffffffffffffff, 0xee00)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, &(0x7f0000000580)="17", 0xfdef, 0x10008095, 0x0, 0x0)

1m42.002917125s ago: executing program 5 (id=142):
socket$nl_route(0x10, 0x3, 0x0)
socket$packet(0x11, 0x2, 0x300)
io_uring_register$IORING_REGISTER_CLONE_BUFFERS(0xffffffffffffffff, 0x1e, 0x0, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sysvipc/shm\x00', 0x0, 0x0)
read$FUSE(r1, &(0x7f0000002480)={0x2020}, 0x2020)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, 0x0)
read$msr(0xffffffffffffffff, 0x0, 0x0)
r2 = msgget(0x0, 0x40)
msgctl$MSG_INFO(r2, 0xc, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0)

1m40.105306963s ago: executing program 5 (id=146):
r0 = socket(0xa, 0x3, 0xff)
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@bridge_dellink={0x34, 0x13, 0x5, 0x2000, 0x25dfdbfd, {0x7, 0x0, 0x0, r2, 0x5000, 0x1952}, [@IFLA_AF_SPEC={0x14, 0x1a, 0x0, 0x1, [@AF_INET={0x10, 0x4, 0x0, 0x1, {0xc, 0x6, 0x0, 0x1, [{0x8, 0x1b, 0x0, 0x0, 0x1}]}}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e1f, 0x9, @mcast2, 0x9}, 0x1c)
io_setup(0x101, &(0x7f0000000340)=<r3=>0x0)
r4 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000380), 0x121682, 0x0)
write$proc_mixer(r4, 0x0, 0x0)
syz_mount_image$erofs(&(0x7f0000000040), &(0x7f0000000400)='./file2\x00', 0x8, &(0x7f0000000000)=ANY=[], 0x1, 0x1ce, &(0x7f0000000800)="$eJzslc+q00AUxr+Z1KQVn8CNCy94XZgmqYqbC3XjyoXgn+JCsNi0VFMrbRa2IOITuHfnwscQ6taHkCqIguhGXY/MnyRjaYTW1iw8P+jJN5npmTNn4AsIgvhv+fD+51L8OPpUB3ACB/DM+89OsYZb69/Vvz15c/VK5/mdV2+9pd/4PZu38f41AIvLDlIzFkIIe/7APG+A5/omOM4a3QGDb/RdcNwyOgbDbaPvW3os1/t+f5jE/r1x0pMikCGUIZKhtVrf12cMPas+Zs1PZ/MH3SSJJ3sU6zu3+JLXVweOrPrs+/Khqw2s/oXgCI1ugeG60ZfgZb3RLbHOf7JW5Hf+eH4Xf3nsjwCKN/19dtaVW231d4D9k7vfs3CgRHajldezc4HazhIKD6j6OCXidVvfX17qUz3eLE+7ZMrdMI/pfO6f4iXDGcuftJW8UB+LZjp61JzO5ueGo+4gHsQPo6h1MTgfBBeipjIiHddboMrfUP50vMjfKFvrMhePu2k6CXXMx5GO6xyXK//jODyNY3Is3dRdyfsdQLYpMz+unlIdOqXFEwRBVMgpMOXJypczYb4m+YQQ0bWK6yQIgiAIgiAIgiAIYnt+BQAA//9We18t")
openat$binfmt_register(0xffffff9c, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
io_submit(r3, 0x1, &(0x7f00000008c0)=[&(0x7f0000000580)={0x0, 0x0, 0x0, 0x1, 0x8, r0, 0x0, 0x300, 0x0, 0x0, 0x2}])

1m24.955171243s ago: executing program 34 (id=146):
r0 = socket(0xa, 0x3, 0xff)
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@bridge_dellink={0x34, 0x13, 0x5, 0x2000, 0x25dfdbfd, {0x7, 0x0, 0x0, r2, 0x5000, 0x1952}, [@IFLA_AF_SPEC={0x14, 0x1a, 0x0, 0x1, [@AF_INET={0x10, 0x4, 0x0, 0x1, {0xc, 0x6, 0x0, 0x1, [{0x8, 0x1b, 0x0, 0x0, 0x1}]}}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e1f, 0x9, @mcast2, 0x9}, 0x1c)
io_setup(0x101, &(0x7f0000000340)=<r3=>0x0)
r4 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000380), 0x121682, 0x0)
write$proc_mixer(r4, 0x0, 0x0)
syz_mount_image$erofs(&(0x7f0000000040), &(0x7f0000000400)='./file2\x00', 0x8, &(0x7f0000000000)=ANY=[], 0x1, 0x1ce, &(0x7f0000000800)="$eJzslc+q00AUxr+Z1KQVn8CNCy94XZgmqYqbC3XjyoXgn+JCsNi0VFMrbRa2IOITuHfnwscQ6taHkCqIguhGXY/MnyRjaYTW1iw8P+jJN5npmTNn4AsIgvhv+fD+51L8OPpUB3ACB/DM+89OsYZb69/Vvz15c/VK5/mdV2+9pd/4PZu38f41AIvLDlIzFkIIe/7APG+A5/omOM4a3QGDb/RdcNwyOgbDbaPvW3os1/t+f5jE/r1x0pMikCGUIZKhtVrf12cMPas+Zs1PZ/MH3SSJJ3sU6zu3+JLXVweOrPrs+/Khqw2s/oXgCI1ugeG60ZfgZb3RLbHOf7JW5Hf+eH4Xf3nsjwCKN/19dtaVW231d4D9k7vfs3CgRHajldezc4HazhIKD6j6OCXidVvfX17qUz3eLE+7ZMrdMI/pfO6f4iXDGcuftJW8UB+LZjp61JzO5ueGo+4gHsQPo6h1MTgfBBeipjIiHddboMrfUP50vMjfKFvrMhePu2k6CXXMx5GO6xyXK//jODyNY3Is3dRdyfsdQLYpMz+unlIdOqXFEwRBVMgpMOXJypczYb4m+YQQ0bWK6yQIgiAIgiAIgiAIYnt+BQAA//9We18t")
openat$binfmt_register(0xffffff9c, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
io_submit(r3, 0x1, &(0x7f00000008c0)=[&(0x7f0000000580)={0x0, 0x0, 0x0, 0x1, 0x8, r0, 0x0, 0x300, 0x0, 0x0, 0x2}])

12.285792915s ago: executing program 0 (id=282):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000001380)='./file1\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="636865636b706f696e743d64697361626c652c6261636b67726f756e645f67633d73796e632c61636c2c616c6c6f635f6d6f64653d72657573652c696e6c696e655f78617474722c6e6f666c7573685f6d657267652c6d6f64653d6c66732c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c6167655f657874656e745f63616368652c646973636172642c6e6f696e6c696e655f64656e7472792c008bfb3c1e4b1b12ae77c937da8858"], 0x1, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
r0 = open(&(0x7f0000000440)='./file1\x00', 0x84242, 0x1df2a23c5997fa7f)
write$FUSE_CREATE_OPEN(r0, 0x0, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xfffffffffffffdf9)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f00000000c0)={0xc})
sendfile(r0, r0, &(0x7f0000000080), 0x7f03)

10.770947141s ago: executing program 0 (id=283):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x200000000000011, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$packet(0x11, 0x2, 0x300)
syz_emit_ethernet(0x32, &(0x7f0000000080)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @random="13d9887cfd24", @val={@val={0x88a8, 0x5, 0x1, 0x3}, {0x8100, 0x5}}, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0xe, @remote, @multicast2, @broadcast, @multicast2}}}}, 0x0)
recvmmsg(r5, &(0x7f0000000480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=""/11, 0x17}}], 0x400000000000179, 0x10022, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r6=>0x0})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000480)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', <r8=>0x0})
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=@RTM_NEWMDB={0x38, 0x54, 0x1e5, 0x0, 0x0, {0x7, r6}, [@MDBA_SET_ENTRY={0x20, 0x1, {r8, 0x0, 0x1, 0x2, {@in6_addr=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x86dd}}}]}, 0x38}, 0x1, 0x0, 0x0, 0xc0c5}, 0x20044050)

9.024600169s ago: executing program 2 (id=285):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
mkdirat(r3, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r4 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r6 = fanotify_init(0xf00, 0x0)
fanotify_mark(r6, 0x1, 0x5000003a, r5, 0x0)
mkdirat(r4, &(0x7f0000000440)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', 0x0)
r7 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
renameat2(r7, &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', r7, &(0x7f00000002c0)='./file0\x00', 0x2)

7.912363212s ago: executing program 2 (id=286):
socket$inet6_mptcp(0xa, 0x1, 0x106)
epoll_create1(0x0)
openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0), 0x4002, 0x0)
pipe(0x0)
close(0xffffffffffffffff)
mount(0x0, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='hfs\x00', 0x8000, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10)
sendmmsg$inet(r0, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000340)="b9cd14c222ee", 0x4b}], 0x1}}], 0x1, 0x20008000)
socket$tipc(0x1e, 0x2, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
socket(0xa, 0x3, 0xff)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$inet_tcp_TLS_TX(r0, 0x6, 0x1, &(0x7f0000000140)=@gcm_128={{0x304}, "60000100", "9de66ebc3914c06f0f109088d190e700", "000e3102", "f8dde5bf3eba23db"}, 0x28)
newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x1000)

7.698415686s ago: executing program 2 (id=287):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000018bbdecde39739fcd1df176dde746ec834120600000000003b814e50a959736d6572462abc30ef5b65c70f73ecea54b5e5bea9836c319f653557e79a002208ce996dda659bd5ba0f4ce5c2080002223dc60000000000000044cd0a1e3686873600000000005493b4b81d5b9fa9b40fe4d76afc3a989c6d60044e89eb96e44d01a1034e3797ffa86870b82939f41ffa0f3d726f085663c29cbdc4c766a7eb77cc36160191acf5ae7469c82ab4145b595b987d75912a0fcd1c061835294cc0c618aba204f8adaa20c80108d356cd88cc86177056b06e7068c40f807d9e539f8f5b64a8ee0725aa8d00000000007cb6020d90ea79b8027cf75964dd86c2ed2b5e75779677aa8c76b848dd03dab190b5f02ec52830a17b01eaae1c3df076000000000000000000000000000083a48a6b926c668b9b90195018ea3619f9d80a0b894e212178e1a19909d764666264fa29e2c055fd7f8e77c2acfb75f0a8d41692f4542a575ee42ed94a0014fba44985cca9df12fe93bfaccf0122a6e7e593613ac0181701b125cc6799c43aa4ff708dc4a00a6decad26f0378072a571da000000b1e6bdf03fd56697e348b5b494f6fddb9f56142a47a40ef81690a7eca421bd0ad198afa58ce69d61c29deaa93c0efea0df04f20020ee84075b4e1a2ad43d1be1138de4668e7b6137545708790c501f1ed7f6a571d500000000000000"], 0x25, 0x5586, &(0x7f00000079c0)="$eJzs3EtvG2UXAOAzTtP71y9CLNh1pAopkWqrTi+CFQVacRGtKi4LVuDYruXW9kSx44SsumCJWPBPEEisWPIbWMASdogFiB0SyDMTaNoGSuM4avs80vjMHL8+874jK9KZiRzAU2sh/e2XJE7FsYiYi4iTSeT7SblF3Im4XIx9LiJOR0Tlri0p838lDkfE8Yg4NSle1EzKtz47Oz5z8ec3f/362yOHTnz+1XcHunDgQD0fEf3VYn+jX8SsU8RbZb4x7uaxf2FcxtUdNfpZkd9or+QVNhrb4xp5PN8pxmer68NJvNlrNCex072Z51cHxQmH4852nckH0luNtfy41V7JY3eY5bGzVZx3c6v427Y1HBV1WmW9j/LyMRptxyLf3mwX61m9ncfmYFTmi7pZq705ieMylqeLZtZr5fNYecSL/Bh4qztY30zH7bVhNxukF2v1F2r1S9X6WtZqj9oXqo1+69KFdLHTmwyrjtqN/uVOlnV67Voz6y+li51ms1qvp4tX2ivdxiCt12vna+eqF5fKvbPpa9ffS3utdHESX+kO1kfd3jC9ma2lxSeW0uXa+ReX0jP19J1rN9Ibb1+9eu3Gux9cef/6y9feeLUcdN+00sXlc8vL1fq56nJ96Sla/8flpP/D+pMHp3/4fm+XDQq7fMEA2N19/X/c2/+H/h+Yur30//3b5fH+9P/xMP1/TLP/n7RU+v9/738rB9D/zof+fx/XD3vyaP3/4anPAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAmftx/ovX852F4vhEmf9fmXqmPE4iohIRfzzAXBzeUXOurDO/y/j5e+bwTRJ5hck5jpTb8Yi4XG6//3+/rwIAAAA8ub68c/rTolsvXhYOekLMUnHTpnLywynVSyJifuGnKVWrTF6enVKx/Pt9KDanVC2/gXV0SsWKW26HplXtocztCEfvCkkRKjOdDgAAMBM7O4HZdiEAAADM0if/+O5LM5sHM5bE9qPM7WfB+X/e//1A8NiO9wAAAIDHUHLQEwAAAAD2Xd7/+/0/AAAAeLIVv/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf7JzP7lpA1EcgJ8Nhv5VUdV9r9IdHKNH6LLLwgF6CY5Ar9ALcAYiZZEjRBBhT5CcgBSJMU7Q90m2M+Po5xlg88bSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXbqpVrN/f77/PTdnuztPntkAAAAAx2yq1az+Y9K0P6b+z6nra2oXEVFGxLHafRCjVuYg5VQn/r96Mob/EXXCvn+cjg8R8SMd91+6/hQAAADgeq0Xy2lTrTentARw2++ouJBm0ab89DNTXhER1eQuU1q5P33LFFb/vofxO1NavYD1LlNYs+Q2PH5vlOshbYPW5XEm8/pLrFtlN88FAAD61K4ETlQhAAAAXIFffQ+AS3he2heH0+E947i5pBeC71stAAAA4A0q+h4AAAAA0Lm6/n9N+/8V9v8DAACA7Jr9/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjSplrN1ovl9NT9+Qtztrvz5JsRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLA/7ygQAmEQBnvXdyZz/8NKg4bGJlUgfPyNwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxf68pEAIBEEUzBn/O+n7H1YS9AwiREDDo4paNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxb799EZRhgEAf3anu1DUWKtpYtVgwkEvUhYEuRqjaTz4EUyassXqIgo9CGnEXryZnrkYPRpjoqm3fgfONOGCNw491MSTh5r5V2bbFRqUmUJ/v+Td99nZ4f23E9Jn3lkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABKm+/Gq+0iTtKXiTwuj93eWp5P641ddWp99c50WtK4VfO4nwCvVd8cn2puIAAAABweSZnfR8TdztpsWrcnsvy/U56T5vw/PJfHZT6/O+/f2Fo+Wnw0Xeb/v/9276WdjiaSrJ+00YXFQf/U3qGMPaYpHnjPP/SMsWzls3svSfaFtD9ceXGzk61n67tbt97vZuGROkYLADyKk2VdBOXfQ2nda3JgABwaY5XEu8z/k4lmxwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQh82VeKaMWxExPXY/Tm1sLc+Pqr9ZvTO9XpRzN2+uVttMm+hExMLioH+qxrkcXOVqXv9sbjDoX7l6re7geESM+OjG/v55Ugz/X8/pRsTQkRMvj2jn4330taudPUFxeUa9aziezu+hJ7eGjrT2LPh727kmLoC6gnbx/TyOLsZr/96Hg/La+/9brvm/IwAAnnqdoqSZ6N3O2mx6rDUZsf3jcP7/RiWOobx/+0Z+JH+/Xsn/731y7na1r2r+36tpfk+CmaVLX8xcvXb9rcVLcxf7F/ufv326907vzPmzZ8/PZPdKZhai7Y4JAAAA/0G3KNX8vz25d///WCWOB+z/51vCef7/5fe9r6t9JfL/ke5v+jU9EgAAgMOouxO98Ppff7ZGnNHqduOruaWlK738def96fy11uE+oiNFqeb/yWTTowIAAADqsLnSGtr/v1CJ4wH7/9Xn/5/96ZVfqm0mETEecTki+ifnLw8u1DedA62OHypnHXWbnikAAABNGS9Kdf+/kz3/39555KEdEW+eiPi7+A1/7DP/Tz749udqX9Xn/8/UOsuDpz2Vr0dWT0WMTTU9IgAAAJ5mR4uSJvt/dNZmP/312Eddz/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1O2fAAAA//+FVSwP")
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$MRT_FLUSH(0xffffffffffffffff, 0x0, 0xd4, 0x0, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
syz_open_procfs(0x0, &(0x7f0000000400)='net/arp\x00')
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x1400, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x4008, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file1\x00', 0x131402, 0x20)
socket(0x28, 0x2, 0x4)

6.121859436s ago: executing program 2 (id=288):
socket$inet_sctp(0x2, 0x5, 0x84)
socket$nl_xfrm(0x10, 0x3, 0x6)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
openat$khugepaged_scan(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x2, 0x4, 0x0, 0x9}, 0x50)
socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0)
r0 = add_key$user(&(0x7f0000000180), &(0x7f0000000000)={'syz', 0x0}, &(0x7f00000005c0), 0x0, 0xfffffffffffffffe)
keyctl$set_timeout(0xf, r0, 0x7fffffffffff)
gettid()
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x3)
sched_setaffinity(0x0, 0xfffffd10, &(0x7f0000000200)=0x2000000000006)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000004c00)=""/102392, 0x18ff8)
close(0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xfffffffffffffe9d)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'syz_tun\x00'})
r2 = socket(0x10, 0x803, 0x0)
write(r2, &(0x7f0000000300)="fc0000004a000700ab092500090007000aab80ff0200000000003693210001001c0000000000000000ff000000000000008656aaa79bb94b46fe00000007ec020800008c0100036c6c256f1a272f2e117c22ebc205214000000080008934d07326ade01720e6cd5ed6e4e9bfcd772c74fb32c56ce1f0f156272f5b00000005defd5a32e3082038f4f8b29d3e2a73325c6d167c7594978f7bc711fdf3d92c8334b2ccd243f295ed94e0ad91bd073457d43d3f0000000000000000000000000073bfe35951f2d728a1e09c8dcd13323236b0fbe7c61b1bf53cdec0961355f00ca63ff6c90da1dc9f8f594d033472cb97e3b5f3395aa0a4a82775cf8def", 0xfc)

5.896240321s ago: executing program 4 (id=289):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x9)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
r3 = openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, 0x0)
mmap(&(0x7f0000fed000/0x12000)=nil, 0x12000, 0x2, 0x11, 0xffffffffffffffff, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x317, 0x1, 0x34, 0x9}, 0x9c)

5.571722487s ago: executing program 0 (id=290):
fsopen(0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @vbi={0xfffffff2, 0x3, 0x5b3e, 0x32315659, [0x2, 0x9], [0x2, 0x6], 0xbf2509255031d7fa}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sys_enter\x00'}, 0x18)
r0 = socket$kcm(0xa, 0x5, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000000)={r0})
r1 = socket$inet(0xa, 0x801, 0x84)
listen(r1, 0x8)
setsockopt$SO_TIMESTAMP(r1, 0x1, 0x1d, 0x0, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioperm(0x2, 0x7, 0x13)
mq_timedreceive(0xffffffffffffffff, &(0x7f0000000700)=""/200, 0xc8, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
shmat(0x0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
r3 = syz_open_procfs(0x0, &(0x7f00000005c0)='smaps_rollup\x00')
lseek(r3, 0x2000, 0x0)

4.779677883s ago: executing program 4 (id=291):
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x80)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r5=>0x0})
sendmsg$BATADV_CMD_GET_DAT_CACHE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="050300000000000000000700000008000300", @ANYRES32=r5], 0x1c}}, 0x20000000)
read$msr(0xffffffffffffffff, 0x0, 0x0)

3.335853381s ago: executing program 4 (id=292):
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xcb754000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_clone(0x2001100, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/input/devices\x00', 0x0, 0x0)
r3 = getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=<r5=>0x0)
kcmp(r3, r5, 0x0, 0xffffffffffffffff, r4)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='fusectl\x00', 0x400, 0x0)
mount$bpf(0x0, &(0x7f00000082c0)='./file0\x00', 0x0, 0xa40020, 0x0)

2.814029771s ago: executing program 0 (id=293):
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)={0x14, 0x15, 0x301, 0x0, 0x1000000, {0xc}}, 0x14}, 0x1, 0x0, 0x0, 0x1000c001}, 0x4000000)
syz_open_dev$tty1(0xc, 0x4, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
read$msr(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$adsp1(0xffffffffffffff9c, 0x0, 0x1a1201, 0x0)
prctl$PR_MCE_KILL(0x23, 0x52368b9646fd642e, 0x7fffffffeffe)
r3 = openat$dsp1(0xffffffffffffff9c, 0x0, 0x2801, 0x0)
read$dsp(r3, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r2, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r4, 0x0)

1.834841365s ago: executing program 4 (id=294):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x1)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000000300)=""/102392, 0x18ff8)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x8, 0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x14)
r1 = syz_open_dev$vim2m(&(0x7f0000000380), 0x7f, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c000000100001002abd70020400000100000100", @ANYRES32=0x0, @ANYBLOB="80210000404c00001400030076657468310000000000000000000000080004000e040000"], 0x3c}}, 0x800)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000dc020078000000000000000000000000ff02000000000000e26ea7250000000100000000000000000a"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="650100001b"], 0x188}}, 0x0)

1.708882545s ago: executing program 2 (id=295):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
ioctl$RTC_AIE_ON(0xffffffffffffffff, 0x7001)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = open(&(0x7f0000000000)='./file0\x00', 0x80140, 0x0)
read$msr(0xffffffffffffffff, 0x0, 0x0)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
r5 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r5, 0x40045532, &(0x7f0000000000)=0x7)
syz_open_dev$sndpcmp(&(0x7f0000000b00), 0x0, 0x0)
syz_open_dev$sndpcmp(&(0x7f00000000c0), 0x0, 0x0)
fcntl$setlease(r3, 0x400, 0x1)
close_range(r3, 0xffffffffffffffff, 0x0)

357.167317ms ago: executing program 2 (id=296):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r0, 0x0, 0x21, &(0x7f0000000180)=0xffffd209, 0x4)
mlock2(&(0x7f0000009000/0x4000)=nil, 0x4000, 0x0)
setrlimit(0x40000000000008, &(0x7f0000000000)={0x4848, 0xfffffffffffff006})
capset(0x0, &(0x7f0000000080)={0x0, 0x7ff, 0x0, 0x0, 0x9})
socket$inet6_tcp(0xa, 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r1}, 0x10)
move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0)

354.669261ms ago: executing program 0 (id=297):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c000000100001002abd70020400000100000100", @ANYRES32=0x0, @ANYBLOB="80210000404c000014000300766574683100"/27], 0x3c}}, 0x800)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000dc020078000000000000000000000000ff02000000000000e26ea7250000000100000000000000000a"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="650100001b"], 0x188}}, 0x0)

319.991705ms ago: executing program 4 (id=298):
getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x3d, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = syz_io_uring_setup(0xa4, &(0x7f0000000100)={0x0, 0x200089bb, 0x400, 0x5, 0x1c3}, &(0x7f0000000240)=<r2=>0x0, &(0x7f0000000440)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x40, 0x2007, @fd=r0, 0xc000000, &(0x7f0000000000)=[{0x0}], 0x1, 0x1e})
syz_io_uring_setup(0x497, &(0x7f0000000000)={0x0, 0xf62c, 0x800, 0x3, 0x37d}, 0x0, 0x0)
io_uring_enter(r1, 0x32dc, 0x4, 0x40, 0x0, 0x0)

23.151726ms ago: executing program 0 (id=299):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x40001e0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xc, 0x0, 0x0)
setsockopt$RDS_RECVERR(0xffffffffffffffff, 0x114, 0x1d, &(0x7f0000000480)=0x1, 0x4)
io_uring_setup(0xf08, 0x0)
r3 = socket$unix(0x1, 0x5, 0x0)
io_setup(0x6, &(0x7f0000004680)=<r4=>0x0)
r5 = eventfd2(0x7ff, 0x801)
io_submit(r4, 0x2, &(0x7f0000000400)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x499, r3, 0x0, 0x0, 0x62, 0x0, 0x1, r5}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x6, r3, &(0x7f0000000180)="f6", 0x1, 0x7fffffffffffffff}])
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x0)

0s ago: executing program 4 (id=300):
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
bind(0xffffffffffffffff, &(0x7f00000002c0)=@ax25={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x4}, [@null, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @null, @null, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default]}, 0x80)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x4, 0x1000085}, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0x2)
read$msr(r0, &(0x7f0000019680)=""/102384, 0x18ff0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x48)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f00000000c0)='./file0\x00')
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8)
r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x100)
getdents(r1, &(0x7f0000000100)=""/173, 0xad)
dup(0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0x4c}, 0x50)
ioctl$BTRFS_IOC_SCRUB_CANCEL(0xffffffffffffffff, 0x941c, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.188' (ED25519) to the list of known hosts.
[   83.601675][ T5807] cgroup: Unknown subsys name 'net'
[   83.719502][ T5807] cgroup: Unknown subsys name 'cpuset'
[   83.728642][ T5807] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   85.278474][ T5807] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   88.234468][ T5826] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   88.242832][ T5828] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   88.251067][ T5828] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   88.260147][ T5829] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   88.267899][ T5829] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   88.276013][ T5829] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   88.283551][ T5829] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   88.290883][ T5829] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   88.344920][ T5836] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   88.353591][ T5836] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   88.355568][ T5835] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   88.360793][ T5836] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   88.368210][ T5835] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   88.378721][ T5141] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   88.388964][ T5836] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   88.396773][ T5141] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   88.405075][ T5835] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   88.418810][ T5835] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   88.421169][   T52] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   88.433221][ T5835] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   88.440659][ T5835] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   88.456712][ T5839] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   88.465460][ T5835] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   88.470518][ T5839] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   88.473049][ T5835] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   88.480978][ T5839] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   88.487359][ T5835] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   88.503596][ T5141] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   88.521846][ T5828] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   88.530374][ T5828] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   89.180319][ T5840] chnl_net:caif_netlink_parms(): no params data found
[   89.388860][ T5832] chnl_net:caif_netlink_parms(): no params data found
[   89.525892][ T5822] chnl_net:caif_netlink_parms(): no params data found
[   89.557748][ T5837] chnl_net:caif_netlink_parms(): no params data found
[   89.723912][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.731181][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state
[   89.738447][ T5840] bridge_slave_0: entered allmulticast mode
[   89.746311][ T5840] bridge_slave_0: entered promiscuous mode
[   89.795005][ T5831] chnl_net:caif_netlink_parms(): no params data found
[   89.819475][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.827060][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state
[   89.834293][ T5840] bridge_slave_1: entered allmulticast mode
[   89.841798][ T5840] bridge_slave_1: entered promiscuous mode
[   89.855839][ T5827] chnl_net:caif_netlink_parms(): no params data found
[   89.938929][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.946175][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state
[   89.953661][ T5832] bridge_slave_0: entered allmulticast mode
[   89.961157][ T5832] bridge_slave_0: entered promiscuous mode
[   89.969480][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.976691][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state
[   89.983853][ T5832] bridge_slave_1: entered allmulticast mode
[   89.991427][ T5832] bridge_slave_1: entered promiscuous mode
[   90.081968][ T5822] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.089174][ T5822] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.096947][ T5822] bridge_slave_0: entered allmulticast mode
[   90.104434][ T5822] bridge_slave_0: entered promiscuous mode
[   90.112737][ T5822] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.119814][ T5822] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.127398][ T5822] bridge_slave_1: entered allmulticast mode
[   90.135111][ T5822] bridge_slave_1: entered promiscuous mode
[   90.145237][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   90.232453][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   90.264726][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   90.316554][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.323882][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.331212][ T5837] bridge_slave_0: entered allmulticast mode
[   90.338642][ T5837] bridge_slave_0: entered promiscuous mode
[   90.354932][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   90.380412][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.387567][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.394872][ T5831] bridge_slave_0: entered allmulticast mode
[   90.402412][ T5831] bridge_slave_0: entered promiscuous mode
[   90.412723][ T5822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   90.435345][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.443095][ T5828] Bluetooth: hci0: command tx timeout
[   90.443132][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.455913][ T5837] bridge_slave_1: entered allmulticast mode
[   90.463384][ T5837] bridge_slave_1: entered promiscuous mode
[   90.503844][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.511243][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.518621][ T5831] bridge_slave_1: entered allmulticast mode
[   90.525094][ T5829] Bluetooth: hci5: command tx timeout
[   90.526696][ T5831] bridge_slave_1: entered promiscuous mode
[   90.530964][ T5828] Bluetooth: hci2: command tx timeout
[   90.542035][ T5829] Bluetooth: hci1: command tx timeout
[   90.562234][ T5822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   90.573804][ T5840] team0: Port device team_slave_0 added
[   90.601790][ T5829] Bluetooth: hci3: command tx timeout
[   90.607561][ T5828] Bluetooth: hci4: command tx timeout
[   90.644736][ T5832] team0: Port device team_slave_0 added
[   90.681919][ T5840] team0: Port device team_slave_1 added
[   90.689604][ T5822] team0: Port device team_slave_0 added
[   90.700296][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   90.713020][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   90.723798][ T5832] team0: Port device team_slave_1 added
[   90.729853][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.737222][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.744789][ T5827] bridge_slave_0: entered allmulticast mode
[   90.752357][ T5827] bridge_slave_0: entered promiscuous mode
[   90.763035][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   90.787488][ T5822] team0: Port device team_slave_1 added
[   90.835206][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.842551][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.849678][ T5827] bridge_slave_1: entered allmulticast mode
[   90.857725][ T5827] bridge_slave_1: entered promiscuous mode
[   90.867929][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   90.919856][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0
[   90.927351][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   90.953615][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   90.994370][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0
[   91.001611][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   91.028559][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   91.055476][ T5837] team0: Port device team_slave_0 added
[   91.062755][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1
[   91.069687][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   91.095685][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   91.135006][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1
[   91.142094][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   91.168227][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   91.179048][ T1550] cfg80211: failed to load regulatory.db
[   91.188252][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_0
[   91.195308][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   91.221490][ T5822] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   91.234607][ T5837] team0: Port device team_slave_1 added
[   91.258202][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   91.270422][ T5831] team0: Port device team_slave_0 added
[   91.279072][ T5831] team0: Port device team_slave_1 added
[   91.317027][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_1
[   91.324027][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   91.350448][ T5822] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   91.411873][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   91.438758][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0
[   91.447051][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   91.473367][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   91.493159][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0
[   91.500080][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   91.526080][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   91.582304][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1
[   91.589280][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   91.615377][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   91.628043][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1
[   91.635362][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   91.661523][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   91.679139][ T5832] hsr_slave_0: entered promiscuous mode
[   91.686170][ T5832] hsr_slave_1: entered promiscuous mode
[   91.712388][ T5840] hsr_slave_0: entered promiscuous mode
[   91.718860][ T5840] hsr_slave_1: entered promiscuous mode
[   91.725394][ T5840] debugfs: 'hsr0' already exists in 'hsr'
[   91.731222][ T5840] Cannot create hsr debugfs directory
[   91.786584][ T5822] hsr_slave_0: entered promiscuous mode
[   91.793173][ T5822] hsr_slave_1: entered promiscuous mode
[   91.799360][ T5822] debugfs: 'hsr0' already exists in 'hsr'
[   91.805430][ T5822] Cannot create hsr debugfs directory
[   91.813005][ T5827] team0: Port device team_slave_0 added
[   91.821739][ T5827] team0: Port device team_slave_1 added
[   91.918880][ T5831] hsr_slave_0: entered promiscuous mode
[   91.925813][ T5831] hsr_slave_1: entered promiscuous mode
[   91.932133][ T5831] debugfs: 'hsr0' already exists in 'hsr'
[   91.937851][ T5831] Cannot create hsr debugfs directory
[   91.987401][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0
[   91.994768][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   92.021261][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   92.083373][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1
[   92.090335][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   92.116310][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   92.147860][ T5837] hsr_slave_0: entered promiscuous mode
[   92.154398][ T5837] hsr_slave_1: entered promiscuous mode
[   92.160524][ T5837] debugfs: 'hsr0' already exists in 'hsr'
[   92.166276][ T5837] Cannot create hsr debugfs directory
[   92.469108][ T5827] hsr_slave_0: entered promiscuous mode
[   92.476230][ T5827] hsr_slave_1: entered promiscuous mode
[   92.483355][ T5827] debugfs: 'hsr0' already exists in 'hsr'
[   92.489073][ T5827] Cannot create hsr debugfs directory
[   92.521285][ T5828] Bluetooth: hci0: command tx timeout
[   92.601168][ T5828] Bluetooth: hci2: command tx timeout
[   92.606608][ T5828] Bluetooth: hci1: command tx timeout
[   92.612230][ T5829] Bluetooth: hci5: command tx timeout
[   92.681858][ T5829] Bluetooth: hci3: command tx timeout
[   92.687634][ T5828] Bluetooth: hci4: command tx timeout
[   92.880138][ T5832] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   92.898935][ T5832] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   92.910170][ T5832] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   92.928230][ T5832] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   92.997174][ T5840] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   93.009221][ T5840] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   93.019963][ T5840] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   93.033458][ T5840] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   93.119335][ T5837] netdevsim netdevsim5 netdevsim0: renamed from eth0
[   93.132943][ T5837] netdevsim netdevsim5 netdevsim1: renamed from eth1
[   93.146073][ T5837] netdevsim netdevsim5 netdevsim2: renamed from eth2
[   93.163242][ T5837] netdevsim netdevsim5 netdevsim3: renamed from eth3
[   93.274726][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0
[   93.282961][ T5831] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   93.294284][ T5831] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   93.322113][ T5831] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   93.333463][ T5831] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   93.397144][ T5832] 8021q: adding VLAN 0 to HW filter on device team0
[   93.462697][ T1144] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.469926][ T1144] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.491651][ T5822] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   93.503217][ T5822] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   93.517880][ T5822] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   93.529751][ T5822] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   93.543347][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.550446][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.602317][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0
[   93.687016][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0
[   93.694570][ T5827] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   93.709358][ T5827] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   93.736531][ T5827] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   93.748288][ T5827] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   93.763102][ T5840] 8021q: adding VLAN 0 to HW filter on device team0
[   93.809474][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.816619][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.826756][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.833878][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.858007][ T5837] 8021q: adding VLAN 0 to HW filter on device team0
[   93.925771][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.932948][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.974506][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.981665][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   94.110241][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0
[   94.210610][ T5831] 8021q: adding VLAN 0 to HW filter on device team0
[   94.238026][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0
[   94.258348][ T5822] 8021q: adding VLAN 0 to HW filter on device bond0
[   94.298400][ T1144] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.305602][ T1144] bridge0: port 1(bridge_slave_0) entered forwarding state
[   94.349890][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.357099][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   94.404799][ T5822] 8021q: adding VLAN 0 to HW filter on device team0
[   94.503065][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0
[   94.516772][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.523951][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   94.565514][ T1144] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.572665][ T1144] bridge0: port 2(bridge_slave_1) entered forwarding state
[   94.599889][ T5832] veth0_vlan: entered promiscuous mode
[   94.608390][ T5828] Bluetooth: hci0: command tx timeout
[   94.633138][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0
[   94.667850][ T5832] veth1_vlan: entered promiscuous mode
[   94.679512][ T5827] 8021q: adding VLAN 0 to HW filter on device team0
[   94.682539][ T5828] Bluetooth: hci1: command tx timeout
[   94.686579][ T5829] Bluetooth: hci5: command tx timeout
[   94.691654][ T5835] Bluetooth: hci2: command tx timeout
[   94.756388][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0
[   94.763529][ T5829] Bluetooth: hci4: command tx timeout
[   94.763581][ T5829] Bluetooth: hci3: command tx timeout
[   94.812864][ T1144] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.820035][ T1144] bridge0: port 1(bridge_slave_0) entered forwarding state
[   94.873384][ T1144] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.880536][ T1144] bridge0: port 2(bridge_slave_1) entered forwarding state
[   94.962761][ T5832] veth0_macvtap: entered promiscuous mode
[   95.009506][ T5832] veth1_macvtap: entered promiscuous mode
[   95.096260][ T5840] veth0_vlan: entered promiscuous mode
[   95.150179][ T5827] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   95.183506][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0
[   95.210028][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0
[   95.241843][ T5840] veth1_vlan: entered promiscuous mode
[   95.267739][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1
[   95.328902][   T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.405361][   T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.420995][   T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.429712][   T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.473079][ T5840] veth0_macvtap: entered promiscuous mode
[   95.560869][ T5840] veth1_macvtap: entered promiscuous mode
[   95.634210][ T5822] 8021q: adding VLAN 0 to HW filter on device batadv0
[   95.644890][ T5837] veth0_vlan: entered promiscuous mode
[   95.712847][ T5837] veth1_vlan: entered promiscuous mode
[   95.777530][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0
[   95.800276][ T2989] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.809418][ T2989] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.820717][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0
[   95.839541][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1
[   95.874706][   T36] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.875320][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.888438][   T36] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.900654][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.921806][   T36] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.964542][ T5822] veth0_vlan: entered promiscuous mode
[   95.974623][   T36] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   96.016726][ T5832] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   96.059075][ T5822] veth1_vlan: entered promiscuous mode
[   96.068733][ T5837] veth0_macvtap: entered promiscuous mode
[   96.164903][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.172635][ T5822] veth0_macvtap: entered promiscuous mode
[   96.187201][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.208377][ T5827] veth0_vlan: entered promiscuous mode
[   96.225575][ T5827] veth1_vlan: entered promiscuous mode
[   96.262490][ T5827] veth0_macvtap: entered promiscuous mode
[   96.274157][ T5827] veth1_macvtap: entered promiscuous mode
[   96.300790][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0
[   96.318591][ T5837] veth1_macvtap: entered promiscuous mode
[   96.346187][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0
[   96.359012][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1
[   96.434847][ T5831] veth0_vlan: entered promiscuous mode
[   96.440601][ T2989] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   96.701194][ T5828] Bluetooth: hci0: command tx timeout
[   96.761446][ T5828] Bluetooth: hci1: command tx timeout
[   96.767457][ T5828] Bluetooth: hci2: command tx timeout
[   96.775488][ T5828] Bluetooth: hci5: command tx timeout
[   96.841194][ T5829] Bluetooth: hci3: command tx timeout
[   96.846830][ T5828] Bluetooth: hci4: command tx timeout
[   96.999459][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1
[   97.042487][ T5831] veth1_vlan: entered promiscuous mode
[   97.051763][ T2989] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   97.111960][ T5822] veth1_macvtap: entered promiscuous mode
[   97.129691][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.138665][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.171902][ T2989] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   97.206739][ T5971] warning: `syz.3.7' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   97.235585][ T2989] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   97.245244][ T2989] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   97.304621][ T2989] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   97.322259][ T2989] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   97.332901][ T5972] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7'.
[   97.370659][ T2989] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   97.384938][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.411088][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.417560][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_0
[   97.466909][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_1
[   97.491269][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.499105][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.668299][ T5831] veth0_macvtap: entered promiscuous mode
[   97.730535][ T2989] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.762226][ T2989] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.760033][ T5831] veth1_macvtap: entered promiscuous mode
[   98.810593][ T5969] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.518846][ T5969] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.541175][   T50] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   99.561185][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   99.563039][    T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!!
[   99.655864][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0
[  100.625070][   T50] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.691202][   T78] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.749511][   T78] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.774329][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1
[  102.041407][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  102.091172][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  102.649557][ T5989] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  102.733232][ T5989] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  102.786982][ T5989] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  103.847846][ T6014] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  105.501327][ T5989] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  105.709162][ T6024] loop3: detected capacity change from 0 to 4096
[  107.552789][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.594672][ T6024] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  107.615232][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.931147][ T5828] Bluetooth: Wrong link type (-71)
[  109.482402][   T78] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.490252][   T78] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.513341][ T5832] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  109.541298][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  109.570718][ T6049] netlink: 165 bytes leftover after parsing attributes in process `syz.1.22'.
[  109.571836][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  109.588266][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  109.932790][   T78] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.467791][   T78] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.570201][ T2989] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.603594][ T2989] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.990706][ T6064] netlink: 4 bytes leftover after parsing attributes in process `syz.2.25'.
[  111.118714][ T6065] netlink: 32 bytes leftover after parsing attributes in process `syz.2.25'.
[  111.306219][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  111.444150][ T6066] Bluetooth: MGMT ver 1.23
[  116.065647][ T6077] loop3: detected capacity change from 0 to 4096
[  117.266768][   T30] audit: type=1804 audit(1761696692.228:2): pid=6104 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.33" name="/newroot/2/file0" dev="tmpfs" ino=28 res=1 errno=0
[  117.538287][ T6103] uprobe: syz.4.33:6103 failed to unregister, leaking uprobe
[  117.586756][ T6108] Bluetooth: hci0: invalid length 0, exp 2 for type 18
[  117.610416][ T6111] capability: warning: `syz.1.35' uses deprecated v2 capabilities in a way that may be insecure
[  117.742999][ T6113] loop1: detected capacity change from 0 to 2048
[  118.392273][ T6113] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  118.455804][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  118.457005][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  118.615288][ T6110] netlink: 'syz.0.36': attribute type 1 has an invalid length.
[  118.615537][ T6110] netlink: 224 bytes leftover after parsing attributes in process `syz.0.36'.
[  119.277497][ T6097] tty tty2: ldisc open failed (-12), clearing slot 1
[  119.898090][ T6127] loop4: detected capacity change from 0 to 256
[  119.969549][ T6115] loop5: detected capacity change from 0 to 2048
[  120.129933][ T6127] FAT-fs (loop4): Directory bread(block 64) failed
[  120.220092][ T6127] FAT-fs (loop4): Directory bread(block 65) failed
[  120.404545][ T6127] FAT-fs (loop4): Directory bread(block 66) failed
[  121.097667][ T6127] FAT-fs (loop4): Directory bread(block 67) failed
[  121.107072][ T6127] FAT-fs (loop4): Directory bread(block 68) failed
[  121.127204][ T6115] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  121.127741][ T6127] FAT-fs (loop4): Directory bread(block 69) failed
[  121.345092][ T6148] netlink: 36 bytes leftover after parsing attributes in process `syz.3.41'.
[  121.376575][ T6127] FAT-fs (loop4): Directory bread(block 70) failed
[  121.410578][ T6127] FAT-fs (loop4): Directory bread(block 71) failed
[  121.515394][ T6127] FAT-fs (loop4): Directory bread(block 72) failed
[  121.527391][ T6127] FAT-fs (loop4): Directory bread(block 73) failed
[  121.752408][ T6146] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  123.220164][ T6153] process 'syz.1.55' launched './file0' with NULL argv: empty string added
[  123.889584][ T5837] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  126.068673][ T6173] overlayfs: failed to resolve './file0': -2
[  126.838769][ T6169] loop0: detected capacity change from 0 to 1024
[  126.883218][ T6177] Zero length message leads to an empty skb
[  127.743519][ T6175] libceph: resolve '400' (ret=-3): failed
[  127.906513][ T6169] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  131.015582][ T6199] Bluetooth: hci0: invalid length 0, exp 2 for type 16
[  131.019967][ T5822] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  132.126338][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  133.145188][ T6212] loop5: detected capacity change from 0 to 1024
[  134.424324][ T6214] loop0: detected capacity change from 0 to 2048
[  134.455094][ T6214] NILFS (loop0): invalid segment: Magic number mismatch
[  134.462244][ T6214] NILFS (loop0): trying rollback from an earlier position
[  134.491107][ T6214] NILFS (loop0): recovery complete
[  134.499522][ T6225] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  135.203149][ T6229] syz.5.58: attempt to access beyond end of device
[  135.203149][ T6229] loop5: rw=0, sector=5778, nr_sectors = 2 limit=1024
[  135.217734][ T6229] Buffer I/O error on dev loop5, logical block 2889, async page read
[  135.229395][ T6229] syz.5.58: attempt to access beyond end of device
[  135.229395][ T6229] loop5: rw=0, sector=5778, nr_sectors = 2 limit=1024
[  135.243234][ T6229] Buffer I/O error on dev loop5, logical block 2889, async page read
[  135.377129][   T30] audit: type=1800 audit(1761696710.428:3): pid=6229 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.58" name="file1" dev="loop5" ino=20 res=0 errno=0
[  137.250351][ T6236] loop4: detected capacity change from 0 to 512
[  137.697027][ T6236] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  137.934806][ T6236] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  138.291655][    T9] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  138.326981][ T6236] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  138.779711][ T6236] EXT4-fs (loop4): 1 truncate cleaned up
[  138.806417][ T6236] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  138.819875][    T9] usb 2-1: device descriptor read/64, error -71
[  139.093764][ T6252] loop2: detected capacity change from 0 to 1024
[  139.101144][    T9] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  139.301004][    T9] usb 2-1: device descriptor read/64, error -71
[  139.481099][    T9] usb usb2-port1: attempt power cycle
[  140.231235][    T9] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  141.159263][    T9] usb 2-1: device descriptor read/8, error -71
[  141.246315][ T6267] genirq: Flags mismatch irq 4. 00200000 (pcl812) vs. 00200080 (ttyS0)
[  143.992388][ T5831] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  144.114385][ T6283] loop5: detected capacity change from 0 to 1024
[  144.384760][ T5829] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  144.400294][ T5829] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  144.410029][ T5829] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  144.419848][ T5829] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  144.427759][ T5829] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  145.748946][ T6299] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  145.775358][ T6299] CIFS: Unable to determine destination address
[  146.274685][ T6300] binder: 6298:6300 unknown command 0
[  146.619174][ T6300] binder: 6298:6300 ioctl c0306201 200000000080 returned -22
[  146.663382][ T6305] binder: BINDER_SET_CONTEXT_MGR already set
[  146.676885][ T6305] binder: 6298:6305 ioctl 4018620d 200000000040 returned -16
[  146.921791][ T5828] Bluetooth: hci6: command tx timeout
[  148.119922][ T6322] usb usb8: usbfs: process 6322 (syz.2.84) did not claim interface 0 before use
[  149.061615][ T5828] Bluetooth: hci6: command tx timeout
[  149.561514][   T78] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  150.903696][ T6336] loop1: detected capacity change from 0 to 4096
[  151.082728][ T5828] Bluetooth: hci6: command tx timeout
[  151.095528][ T6336] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  151.147218][   T78] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  153.445081][ T5828] Bluetooth: hci6: command tx timeout
[  154.608269][ T5840] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  155.903606][   T78] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  156.325476][   T78] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  157.993004][ T1550] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  158.993250][ T1550] usb 5-1: Using ep0 maxpacket: 16
[  160.152411][ T6396] loop2: detected capacity change from 0 to 256
[  160.914781][ T6277] chnl_net:caif_netlink_parms(): no params data found
[  161.849332][ T6407] loop0: detected capacity change from 0 to 32768
[  161.956533][ T6407] gfs2: fsid=syz:syz: Trying to join cluster "lock_dlm", "syz:syz"
[  161.965077][ T6407] dlm: no local IP address has been set
[  161.970720][ T6407] dlm: cannot start dlm midcomms -107
[  161.976231][ T6407] gfs2: fsid=syz:syz: dlm_new_lockspace error -107
[  161.977086][ T1550] usb 5-1: unable to get BOS descriptor or descriptor too short
[  162.135218][ T1550] usb 5-1: unable to read config index 0 descriptor/start: -71
[  162.166221][ T1550] usb 5-1: can't read configurations, error -71
[  164.385288][   T78] bridge_slave_1: left allmulticast mode
[  164.417925][   T78] bridge_slave_1: left promiscuous mode
[  164.462565][   T78] bridge0: port 2(bridge_slave_1) entered disabled state
[  164.712975][ T6426] netlink: 4 bytes leftover after parsing attributes in process `syz.1.107'.
[  164.723970][   T78] bridge_slave_0: left allmulticast mode
[  164.729619][   T78] bridge_slave_0: left promiscuous mode
[  165.509195][ T6434] loop2: detected capacity change from 0 to 128
[  165.797785][ T6434] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  165.806500][ T6434] FAT-fs (loop2): Filesystem has been set read-only
[  166.791666][   T30] audit: type=1800 audit(1761696740.968:4): pid=6434 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.109" name="file2" dev="loop2" ino=1048610 res=0 errno=0
[  166.831157][ T6435] netlink: 16 bytes leftover after parsing attributes in process `syz.1.107'.
[  166.875181][   T78] bridge0: port 1(bridge_slave_0) entered disabled state
[  170.140767][ T6462] loop0: detected capacity change from 0 to 128
[  170.179946][ T6462] =======================================================
[  170.179946][ T6462] WARNING: The mand mount option has been deprecated and
[  170.179946][ T6462]          and is ignored by this kernel. Remove the mand
[  170.179946][ T6462]          option from the mount to silence this warning.
[  170.179946][ T6462] =======================================================
[  170.385765][ T6462] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256
[  170.446103][ T6462] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  172.711029][   T30] audit: type=1800 audit(1761696747.208:5): pid=6479 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.116" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  172.822037][ T6476] loop0: detected capacity change from 0 to 4096
[  173.334811][ T6476] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  173.934425][ T5828] Bluetooth: Wrong link type (-71)
[  173.947223][ T5828] Bluetooth: hci0: link tx timeout
[  173.952964][ T5828] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
[  174.513213][ T5822] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  174.837001][   T78] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  175.632112][   T78] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  176.042591][ T5829] Bluetooth: hci0: command 0x0406 tx timeout
[  177.048549][   T78] bond0 (unregistering): Released all slaves
[  178.342980][ T6518] loop4: detected capacity change from 0 to 512
[  178.630858][ T6518] EXT4-fs error (device loop4): ext4_orphan_get:1392: inode #15: comm syz.4.124: inode has both inline data and extents flags
[  179.624076][ T6518] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.124: couldn't read orphan inode 15 (err -117)
[  179.751716][ T6530] loop2: detected capacity change from 0 to 128
[  179.786521][ T6530] qnx4: no qnx4 filesystem (no root dir).
[  179.929954][ T6518] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  180.484584][   T30] audit: type=1804 audit(1761696755.598:6): pid=6533 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.124" name="/newroot/21/file0/bus" dev="loop4" ino=18 res=1 errno=0
[  180.607038][ T6533] Invalid ELF header magic: != ELF
[  181.086534][   T30] audit: type=1800 audit(1761696755.598:7): pid=6533 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.124" name="bus" dev="loop4" ino=18 res=0 errno=0
[  181.160540][ T5831] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  181.618403][ T6536] loop0: detected capacity change from 0 to 65536
[  181.638391][ T6542] loop5: detected capacity change from 0 to 128
[  181.706399][ T6536] XFS (loop0): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  181.722001][ T6542] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  181.753102][ T6536] XFS (loop0): Ending clean mount
[  181.760199][ T6536] XFS (loop0): Quotacheck needed: Please wait.
[  181.779031][ T6542] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  182.742733][ T6277] bridge0: port 1(bridge_slave_0) entered blocking state
[  182.760173][ T6277] bridge0: port 1(bridge_slave_0) entered disabled state
[  182.890976][ T6554] netlink: 72 bytes leftover after parsing attributes in process `syz.5.132'.
[  183.018742][ T6536] XFS (loop0): Quotacheck: Done.
[  183.281662][ T6277] bridge_slave_0: entered allmulticast mode
[  183.392184][ T6277] bridge_slave_0: entered promiscuous mode
[  183.954833][ T6560] netlink: 165 bytes leftover after parsing attributes in process `syz.2.133'.
[  184.381809][ T6557] loop4: detected capacity change from 0 to 65536
[  184.427821][ T6277] bridge0: port 2(bridge_slave_1) entered blocking state
[  184.445498][ T6230] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  184.492907][ T6277] bridge0: port 2(bridge_slave_1) entered disabled state
[  184.494007][ T6557] XFS (loop4): Mounting V5 Filesystem 6653b971-41ab-480a-bd7b-5ff79b9409b5
[  184.562309][ T6277] bridge_slave_1: entered allmulticast mode
[  184.570249][ T6277] bridge_slave_1: entered promiscuous mode
[  184.582706][ T6557] XFS (loop4): Ending clean mount
[  185.411824][ T5831] XFS (loop4): Unmounting Filesystem 6653b971-41ab-480a-bd7b-5ff79b9409b5
[  188.394990][ T5822] XFS (loop0): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  188.843941][ T5829] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  188.858326][ T5829] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  188.878622][ T5829] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  188.907987][ T5829] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  188.939399][ T5829] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  190.569546][ T6277] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  191.091476][ T5829] Bluetooth: hci2: command tx timeout
[  191.921198][   T78] hsr_slave_0: left promiscuous mode
[  191.942435][   T78] hsr_slave_1: left promiscuous mode
[  191.954543][   T78] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  192.030555][   T78] batman_adv: batadv0: Removing interface: batadv_slave_0
[  192.110288][   T78] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  192.128962][   T78] batman_adv: batadv0: Removing interface: batadv_slave_1
[  192.280875][ T6630] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  192.472304][   T78] veth1_macvtap: left promiscuous mode
[  192.478059][   T78] veth0_macvtap: left promiscuous mode
[  192.491174][   T78] veth1_vlan: left promiscuous mode
[  192.496564][   T78] veth0_vlan: left promiscuous mode
[  192.556278][ T6633] loop5: detected capacity change from 0 to 16
[  192.588885][ T6633] erofs: Unknown parameter '
[  192.588885][ T6633] '
[  193.726977][ T5829] Bluetooth: hci2: command tx timeout
[  193.737087][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  194.925650][ T6652] loop0: detected capacity change from 0 to 1024
[  195.080413][   T30] audit: type=1800 audit(1761696770.248:8): pid=6652 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.151" name="file1" dev="loop0" ino=20 res=0 errno=0
[  195.851170][ T5829] Bluetooth: hci2: command tx timeout
[  197.292783][ T6670] random: crng reseeded on system resumption
[  198.046665][ T5829] Bluetooth: hci2: command tx timeout
[  198.149607][ T6673] loop0: detected capacity change from 0 to 8
[  198.197899][ T6673] SQUASHFS error: zlib decompression failed, data probably corrupt
[  198.238798][ T6673] SQUASHFS error: Failed to read block 0x9b: -5
[  198.269523][ T6673] SQUASHFS error: Unable to read metadata cache entry [99]
[  198.297445][ T6673] SQUASHFS error: Unable to read inode 0x127
[  198.613881][    T9] IPVS: starting estimator thread 0...
[  198.891073][ T6676] IPVS: using max 33 ests per chain, 79200 per kthread
[  201.742903][ T6699] loop0: detected capacity change from 0 to 64
[  201.785551][ T5828] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  201.813702][ T5828] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  201.823064][ T5828] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  201.984317][ T5828] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  201.993029][ T5828] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  203.204844][   T78] team0 (unregistering): Port device team_slave_1 removed
[  203.328167][ T6709] netlink: 165 bytes leftover after parsing attributes in process `syz.4.165'.
[  204.041993][ T5828] Bluetooth: hci5: command tx timeout
[  204.434523][   T78] team0 (unregistering): Port device team_slave_0 removed
[  206.121297][ T5828] Bluetooth: hci5: command tx timeout
[  208.231297][ T5828] Bluetooth: hci5: command tx timeout
[  209.158641][ T6277] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  210.281709][ T5826] Bluetooth: hci5: command tx timeout
[  210.533520][ T6761] loop0: detected capacity change from 0 to 1024
[  210.560880][ T6761] EXT4-fs: Ignoring removed orlov option
[  210.567404][ T6761] EXT4-fs: Ignoring removed nomblk_io_submit option
[  210.875501][ T5839] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  210.884200][ T5839] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  210.892352][ T5839] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  210.902510][ T6761] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  210.916145][ T5839] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  210.944140][ T5839] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  211.001728][ T5826] Bluetooth: hci0: command 0x0406 tx timeout
[  211.008552][ T5826] Bluetooth: hci1: command 0x0406 tx timeout
[  211.015369][ T5839] Bluetooth: hci4: command 0x0406 tx timeout
[  211.031375][   T52] Bluetooth: hci3: command 0x0406 tx timeout
[  213.087288][ T5141] Bluetooth: hci7: command tx timeout
[  213.402894][ T5822] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  215.173114][ T5141] Bluetooth: hci7: command tx timeout
[  217.241015][ T5141] Bluetooth: hci7: command tx timeout
[  217.387245][ T6590] chnl_net:caif_netlink_parms(): no params data found
[  219.321112][ T5141] Bluetooth: hci7: command tx timeout
[  221.491336][ T6842] loop2: detected capacity change from 0 to 64
[  221.587440][ T6843] overlayfs: missing 'lowerdir'
[  222.271658][ T6842] hfs: unable to locate alternate MDB
[  222.277256][ T6842] hfs: continuing without an alternate MDB
[  222.558684][ T6701] chnl_net:caif_netlink_parms(): no params data found
[  223.574228][ T6858] loop4: detected capacity change from 0 to 128
[  223.871699][ T6858] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  223.932016][ T6862] binder: BINDER_SET_CONTEXT_MGR already set
[  223.987611][ T6862] binder: 6861:6862 ioctl 4018620d 200000000040 returned -16
[  224.054121][ T6858] ext4 filesystem being mounted at /40/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  224.261320][ T6868] netlink: 165 bytes leftover after parsing attributes in process `syz.2.196'.
[  225.677888][ T5831] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  225.854002][   T78] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  227.275693][ T6590] bridge0: port 1(bridge_slave_0) entered blocking state
[  227.323188][ T6590] bridge0: port 1(bridge_slave_0) entered disabled state
[  227.513795][ T6590] bridge_slave_0: entered allmulticast mode
[  227.900929][ T6590] bridge_slave_0: entered promiscuous mode
[  227.925898][ T6590] bridge0: port 2(bridge_slave_1) entered blocking state
[  227.958018][ T6590] bridge0: port 2(bridge_slave_1) entered disabled state
[  228.029637][ T6590] bridge_slave_1: entered allmulticast mode
[  228.031427][ T6888] loop4: detected capacity change from 0 to 4096
[  228.061670][ T6590] bridge_slave_1: entered promiscuous mode
[  228.320163][ T6892] loop0: detected capacity change from 0 to 16
[  228.365002][ T6892] erofs (device loop0): mounted with root inode @ nid 36.
[  229.071740][   T78] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  230.073730][   T30] audit: type=1800 audit(1761696805.188:9): pid=6900 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.204" name="file1" dev="loop0" ino=86 res=0 errno=0
[  230.211483][ T6590] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  230.382497][   T78] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  231.590299][   T78] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  231.862587][ T6590] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  232.477051][ T6927] trusted_key: encrypted_key: insufficient parameters specified
[  233.254361][ T6765] chnl_net:caif_netlink_parms(): no params data found
[  234.102374][ T6935] loop0: detected capacity change from 0 to 40427
[  234.147437][ T6935] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  234.155369][ T6935] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  234.182670][ T6935] F2FS-fs (loop0): invalid crc value
[  234.552636][ T6935] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  234.592583][ T6935] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  234.601343][ T6935] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  235.017359][ T6947] loop4: detected capacity change from 0 to 512
[  235.051886][ T6947] EXT4-fs: Ignoring removed mblk_io_submit option
[  235.281259][ T6947] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  235.344018][ T6947] EXT4-fs (loop4): 1 truncate cleaned up
[  235.367841][ T6947] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  236.550293][ T6701] bridge0: port 1(bridge_slave_0) entered blocking state
[  236.571323][ T6701] bridge0: port 1(bridge_slave_0) entered disabled state
[  236.593643][ T6701] bridge_slave_0: entered allmulticast mode
[  236.611805][ T6701] bridge_slave_0: entered promiscuous mode
[  236.632506][ T6701] bridge0: port 2(bridge_slave_1) entered blocking state
[  236.639696][ T6701] bridge0: port 2(bridge_slave_1) entered disabled state
[  236.651542][ T6701] bridge_slave_1: entered allmulticast mode
[  236.659433][ T6701] bridge_slave_1: entered promiscuous mode
[  236.683369][ T6590] team0: Port device team_slave_0 added
[  236.756129][   T30] audit: type=1326 audit(1761696811.928:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6967 comm="syz.2.217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd28038efc9 code=0x7ffc0000
[  236.823449][   T30] audit: type=1326 audit(1761696811.928:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6967 comm="syz.2.217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd28038efc9 code=0x7ffc0000
[  236.862855][ T6590] team0: Port device team_slave_1 added
[  236.908458][ T6701] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  236.929170][   T30] audit: type=1326 audit(1761696811.928:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6967 comm="syz.2.217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7fd28038efc9 code=0x7ffc0000
[  236.953158][   T30] audit: type=1326 audit(1761696811.928:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6967 comm="syz.2.217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd28038efc9 code=0x7ffc0000
[  236.975983][   T30] audit: type=1326 audit(1761696811.928:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6967 comm="syz.2.217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd28038efc9 code=0x7ffc0000
[  237.005720][   T30] audit: type=1326 audit(1761696811.928:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6967 comm="syz.2.217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd28038efc9 code=0x7ffc0000
[  237.028497][   T30] audit: type=1326 audit(1761696811.928:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6967 comm="syz.2.217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd28038efc9 code=0x7ffc0000
[  237.052271][   T30] audit: type=1326 audit(1761696811.928:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6967 comm="syz.2.217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd28038efc9 code=0x7ffc0000
[  237.091994][ T6701] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  237.118427][   T30] audit: type=1326 audit(1761696811.928:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6967 comm="syz.2.217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fd28038efc9 code=0x7ffc0000
[  237.125396][ T5831] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  237.143063][   T30] audit: type=1326 audit(1761696811.928:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6967 comm="syz.2.217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd28038efc9 code=0x7ffc0000
[  237.933100][ T6973] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  238.041844][ T6590] batman_adv: batadv0: Adding interface: batadv_slave_0
[  238.129533][ T6981] netlink: 165 bytes leftover after parsing attributes in process `syz.0.215'.
[  238.130832][ T6590] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  238.191018][ T6590] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  238.222660][ T6590] batman_adv: batadv0: Adding interface: batadv_slave_1
[  238.229641][ T6590] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  238.307871][ T6590] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  238.444083][ T6765] bridge0: port 1(bridge_slave_0) entered blocking state
[  238.489690][ T6765] bridge0: port 1(bridge_slave_0) entered disabled state
[  238.525296][ T6765] bridge_slave_0: entered allmulticast mode
[  238.595480][ T6765] bridge_slave_0: entered promiscuous mode
[  239.290999][ T6701] team0: Port device team_slave_0 added
[  241.582269][ T6765] bridge0: port 2(bridge_slave_1) entered blocking state
[  241.589449][ T6765] bridge0: port 2(bridge_slave_1) entered disabled state
[  241.598291][ T6765] bridge_slave_1: entered allmulticast mode
[  241.613026][ T6765] bridge_slave_1: entered promiscuous mode
[  241.700499][ T6701] team0: Port device team_slave_1 added
[  242.412076][   T78] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  243.567962][ T6765] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  243.630973][ T7018] loop4: detected capacity change from 0 to 40427
[  243.672469][ T7018] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  243.680208][ T7018] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  243.698945][ T7018] F2FS-fs (loop4): invalid crc value
[  243.884050][ T7018] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  244.194460][ T7018] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  244.201709][ T7018] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  244.301743][ T5829] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  244.319770][ T5829] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  244.334156][ T5829] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  244.374049][ T5829] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  244.397527][ T5829] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  244.614963][ T7033] netlink: 165 bytes leftover after parsing attributes in process `syz.2.231'.
[  244.956471][   T78] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  246.046099][ T6701] batman_adv: batadv0: Adding interface: batadv_slave_0
[  246.095251][ T6701] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  246.580735][ T6701] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  246.693001][ T7046] loop2: detected capacity change from 0 to 128
[  246.791325][ T5141] Bluetooth: hci4: command tx timeout
[  246.800101][ T7046] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[  246.808414][ T7046] FAT-fs (loop2): Filesystem has been set read-only
[  247.579321][ T6701] batman_adv: batadv0: Adding interface: batadv_slave_1
[  247.602518][ T6701] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  247.602686][   T30] kauditd_printk_skb: 25 callbacks suppressed
[  247.602701][   T30] audit: type=1800 audit(1761696821.958:45): pid=7046 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.234" name="file2" dev="loop2" ino=1048614 res=0 errno=0
[  247.769727][ T6701] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  248.029288][ T6765] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  249.219546][ T5141] Bluetooth: hci4: command tx timeout
[  249.336338][ T6765] team0: Port device team_slave_0 added
[  249.556608][   T78] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  249.736200][ T6765] team0: Port device team_slave_1 added
[  249.913041][   T78] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  249.946862][ T6765] batman_adv: batadv0: Adding interface: batadv_slave_0
[  249.961117][ T6765] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  250.014268][ T6765] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  250.046372][ T6765] batman_adv: batadv0: Adding interface: batadv_slave_1
[  250.066093][ T6765] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  250.143464][ T6765] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  251.424435][ T5141] Bluetooth: hci4: command tx timeout
[  251.481064][ T7087] xt_l2tp: unknown flags: 17
[  253.166272][ T7098] netlink: 165 bytes leftover after parsing attributes in process `syz.4.244'.
[  253.171247][ T6701] hsr_slave_0: entered promiscuous mode
[  253.492871][ T5141] Bluetooth: hci4: command tx timeout
[  253.619925][ T6701] hsr_slave_1: entered promiscuous mode
[  253.781269][ T6765] hsr_slave_0: entered promiscuous mode
[  253.811546][ T6765] hsr_slave_1: entered promiscuous mode
[  253.817914][ T6765] debugfs: 'hsr0' already exists in 'hsr'
[  253.918128][ T6765] Cannot create hsr debugfs directory
[  254.075083][ T7105] loop0: detected capacity change from 0 to 1024
[  254.094629][ T7105] EXT4-fs: Ignoring removed bh option
[  254.100110][ T7105] EXT4-fs: Ignoring removed nobh option
[  254.106301][ T7105] EXT4-fs: Ignoring removed bh option
[  254.413738][ T7105] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  255.192869][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  255.655968][ T7117] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4193: comm syz.0.246: Allocating blocks 497-513 which overlap fs metadata
[  255.774644][ T7117] EXT4-fs (loop0): pa ffff888054709740: logic 256, phys. 385, len 8
[  255.783055][ T7117] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 1
[  256.325968][ T5822] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  256.559427][ T7120] loop4: detected capacity change from 0 to 32768
[  256.590459][ T7120] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.248 (7120)
[  256.610480][ T7120] BTRFS info (device loop4): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  256.622951][ T7120] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm
[  256.631541][ T7120] BTRFS warning (device loop4): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  256.743328][ T7120] BTRFS info (device loop4): rebuilding free space tree
[  256.770497][ T7120] BTRFS info (device loop4): disabling free space tree
[  256.777519][ T7120] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  256.787352][ T7120] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  256.805619][ T7120] BTRFS info (device loop4): enabling ssd optimizations
[  256.812760][ T7120] BTRFS info (device loop4): turning on async discard
[  256.820787][ T7120] BTRFS info (device loop4): enabling disk space caching
[  256.827857][ T7120] BTRFS info (device loop4): force clearing of disk cache
[  256.834988][ T7120] BTRFS info (device loop4): use zstd compression, level 3
[  256.955612][ T7138] loop0: detected capacity change from 0 to 764
[  257.030403][ T7138] rock: directory entry would overflow storage
[  257.214838][ T7138] rock: sig=0x4654, size=5, remaining=4
[  258.000095][ T5831] BTRFS info (device loop4): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  258.190590][ T7144] ISOFS: unable to read i-node block
[  258.283931][   T78] bridge_slave_1: left allmulticast mode
[  258.312759][   T78] bridge_slave_1: left promiscuous mode
[  258.318520][   T78] bridge0: port 2(bridge_slave_1) entered disabled state
[  258.650820][   T78] bridge_slave_0: left allmulticast mode
[  258.731025][   T78] bridge_slave_0: left promiscuous mode
[  258.787614][   T78] bridge0: port 1(bridge_slave_0) entered disabled state
[  259.152726][   T78] bridge_slave_1: left allmulticast mode
[  259.205868][   T78] bridge_slave_1: left promiscuous mode
[  259.221302][   T78] bridge0: port 2(bridge_slave_1) entered disabled state
[  259.611315][   T78] bridge_slave_0: left allmulticast mode
[  259.617000][   T78] bridge_slave_0: left promiscuous mode
[  259.654384][   T78] bridge0: port 1(bridge_slave_0) entered disabled state
[  259.859715][   T78] bridge_slave_1: left allmulticast mode
[  259.900945][   T78] bridge_slave_1: left promiscuous mode
[  259.906717][   T78] bridge0: port 2(bridge_slave_1) entered disabled state
[  260.011173][   T78] bridge_slave_0: left allmulticast mode
[  260.017402][ T5829] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  260.032592][ T5829] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  260.040723][ T5829] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  260.051029][    T9] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  260.059526][ T5829] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  260.073486][ T5829] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  260.078392][   T78] bridge_slave_0: left promiscuous mode
[  260.108773][ T7173] loop4: detected capacity change from 0 to 64
[  260.117747][ T7173] minix: Unknown parameter '017777777777777777777770x0000000000000000(�;������7t��	���ǐ�	�lS��
[  260.117747][ T7173] DM��Jp�0�_��ʨ?(����`/�O����ؾsE�!Ѣ��ϟ�s�oAI�HU�w�~��J���!�!��3d`���ʒ���z�uʷ��'
[  260.147557][   T78] bridge0: port 1(bridge_slave_0) entered disabled state
[  260.231667][    T9] usb 3-1: Using ep0 maxpacket: 8
[  260.371088][    T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 7
[  260.461052][    T9] usb 3-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  260.683740][    T9] usb 3-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  260.800963][    T9] usb 3-1: Product: syz
[  260.805161][    T9] usb 3-1: Manufacturer: syz
[  260.822840][    T9] usb 3-1: SerialNumber: syz
[  261.196946][    T9] usb 3-1: palm_os_3_probe - error -110 getting connection information
[  261.207271][    T9] visor 3-1:1.0: probe with driver visor failed with error -110
[  261.299167][ T7160] loop0: detected capacity change from 0 to 40427
[  261.337351][    T9] usb 3-1: USB disconnect, device number 2
[  261.386795][ T7160] F2FS-fs (loop0): invalid crc value
[  261.487187][ T7181] netlink: 165 bytes leftover after parsing attributes in process `syz.4.255'.
[  261.578949][ T7160] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  261.604068][ T7160] F2FS-fs (loop0): Start checkpoint disabled!
[  261.626057][ T7160] F2FS-fs (loop0): f2fs_disable_checkpoint() finish, err:0
[  261.637882][ T7160] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  261.662054][   T30] audit: type=1800 audit(1761696836.828:46): pid=7160 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.252" name="file1" dev="loop0" ino=10 res=0 errno=0
[  262.406008][ T5829] Bluetooth: hci2: command tx timeout
[  262.460136][   T78] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  262.478015][   T78] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  262.490189][   T78] bond0 (unregistering): Released all slaves
[  263.499939][   T78] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  263.525018][ T5955] kworker/u8:7: attempt to access beyond end of device
[  263.525018][ T5955] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  263.549759][ T5955] CPU: 0 UID: 0 PID: 5955 Comm: kworker/u8:7 Not tainted syzkaller #0 PREEMPT(full) 
[  263.549791][ T5955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  263.549812][ T5955] Workqueue: writeback wb_workfn (flush-7:0)
[  263.549850][ T5955] Call Trace:
[  263.549860][ T5955]  <TASK>
[  263.549870][ T5955]  dump_stack_lvl+0x189/0x250
[  263.549914][ T5955]  ? __pfx_dump_stack_lvl+0x10/0x10
[  263.549950][ T5955]  ? __pfx_queue_work_on+0x10/0x10
[  263.549978][ T5955]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  263.550010][ T5955]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  263.550059][ T5955]  f2fs_handle_critical_error+0x37c/0x540
[  263.550108][ T5955]  f2fs_write_end_io+0x886/0xb60
[  263.550161][ T5955]  __submit_merged_bio+0x27a/0x6a0
[  263.550209][ T5955]  __submit_merged_write_cond+0x255/0x530
[  263.550257][ T5955]  f2fs_write_data_pages+0x261d/0x3000
[  263.550332][ T5955]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  263.550378][ T5955]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  263.550457][ T5955]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  263.550497][ T5955]  ? srso_alias_return_thunk+0x5/0xfbef5
[  263.550534][ T5955]  ? look_up_lock_class+0x74/0x170
[  263.550583][ T5955]  ? trace_f2fs_writepages+0x7f/0x200
[  263.550623][ T5955]  ? f2fs_write_node_pages+0x478/0x6e0
[  263.550684][ T5955]  ? rcu_is_watching+0x15/0xb0
[  263.550717][ T5955]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  263.550744][ T5955]  do_writepages+0x32e/0x550
[  263.550783][ T5955]  ? srso_alias_return_thunk+0x5/0xfbef5
[  263.550811][ T5955]  ? reacquire_held_locks+0x127/0x1d0
[  263.550839][ T5955]  ? writeback_sb_inodes+0x384/0x1010
[  263.550887][ T5955]  __writeback_single_inode+0x145/0xff0
[  263.550926][ T5955]  ? srso_alias_return_thunk+0x5/0xfbef5
[  263.550954][ T5955]  ? do_raw_spin_unlock+0x122/0x240
[  263.550996][ T5955]  writeback_sb_inodes+0x6c7/0x1010
[  263.551031][ T5955]  ? lockdep_hardirqs_on+0x9c/0x150
[  263.551071][ T5955]  ? srso_alias_return_thunk+0x5/0xfbef5
[  263.551126][ T5955]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  263.551221][ T5955]  ? srso_alias_return_thunk+0x5/0xfbef5
[  263.551249][ T5955]  ? rcu_is_watching+0x15/0xb0
[  263.551277][ T5955]  ? srso_alias_return_thunk+0x5/0xfbef5
[  263.551318][ T5955]  wb_writeback+0x43b/0xaf0
[  263.551365][ T5955]  ? queue_io+0x301/0x590
[  263.551405][ T5955]  ? __pfx_wb_writeback+0x10/0x10
[  263.551454][ T5955]  ? _raw_spin_unlock_irq+0x23/0x50
[  263.551493][ T5955]  wb_workfn+0x409/0xef0
[  263.551553][ T5955]  ? __pfx_wb_workfn+0x10/0x10
[  263.551591][ T5955]  ? srso_alias_return_thunk+0x5/0xfbef5
[  263.551619][ T5955]  ? __lock_acquire+0xab9/0xd20
[  263.551661][ T5955]  ? srso_alias_return_thunk+0x5/0xfbef5
[  263.551695][ T5955]  ? srso_alias_return_thunk+0x5/0xfbef5
[  263.551730][ T5955]  ? _raw_spin_unlock_irq+0x23/0x50
[  263.551759][ T5955]  ? process_scheduled_works+0x9ef/0x17b0
[  263.551787][ T5955]  ? process_scheduled_works+0x9ef/0x17b0
[  263.551818][ T5955]  process_scheduled_works+0xae1/0x17b0
[  263.551891][ T5955]  ? __pfx_process_scheduled_works+0x10/0x10
[  263.551931][ T5955]  ? srso_alias_return_thunk+0x5/0xfbef5
[  263.551974][ T5955]  worker_thread+0x8a0/0xda0
[  263.552044][ T5955]  kthread+0x711/0x8a0
[  263.552085][ T5955]  ? __pfx_worker_thread+0x10/0x10
[  263.552113][ T5955]  ? __pfx_kthread+0x10/0x10
[  263.552145][ T5955]  ? srso_alias_return_thunk+0x5/0xfbef5
[  263.552180][ T5955]  ? _raw_spin_unlock_irq+0x23/0x50
[  263.552208][ T5955]  ? srso_alias_return_thunk+0x5/0xfbef5
[  263.552237][ T5955]  ? lockdep_hardirqs_on+0x9c/0x150
[  263.552267][ T5955]  ? __pfx_kthread+0x10/0x10
[  263.552305][ T5955]  ret_from_fork+0x4bc/0x870
[  263.552337][ T5955]  ? __pfx_ret_from_fork+0x10/0x10
[  263.552377][ T5955]  ? __switch_to_asm+0x39/0x70
[  263.552397][ T5955]  ? __switch_to_asm+0x33/0x70
[  263.552417][ T5955]  ? __pfx_kthread+0x10/0x10
[  263.552455][ T5955]  ret_from_fork_asm+0x1a/0x30
[  263.552511][ T5955]  </TASK>
[  263.922263][ T7199] loop2: detected capacity change from 0 to 1024
[  264.604735][ T5829] Bluetooth: hci2: command tx timeout
[  264.617236][ T5955] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  264.657585][   T78] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  264.668572][   T78] bond0 (unregistering): Released all slaves
[  265.204698][ T5955] hfsplus: b-tree write err: -5, ino 4
[  265.669766][   T78] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  265.695207][   T78] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  265.707413][   T78] bond0 (unregistering): Released all slaves
[  266.921443][ T5141] Bluetooth: hci1: command 0x0406 tx timeout
[  266.951451][ T5829] Bluetooth: hci2: command tx timeout
[  267.006775][ T7218] loop4: detected capacity change from 0 to 512
[  267.092384][ T7218] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  267.191293][ T7218] EXT4-fs error (device loop4): ext4_orphan_get:1392: inode #15: comm syz.4.264: iget: bad i_size value: 38620345925642
[  267.264617][ T7218] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.264: couldn't read orphan inode 15 (err -117)
[  267.303472][ T7218] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  269.077101][ T5829] Bluetooth: hci2: command tx timeout
[  269.265283][ T6555] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm kworker/u8:13: bg 0: block 5: invalid block bitmap
[  269.311751][ T7021] chnl_net:caif_netlink_parms(): no params data found
[  269.328969][ T6555] EXT4-fs (loop4): Delayed block allocation failed for inode 19 at logical offset 3 with max blocks 65 with error 28
[  269.357789][ T6555] EXT4-fs (loop4): This should not happen!! Data will be lost
[  269.357789][ T6555] 
[  269.378409][ T6555] EXT4-fs (loop4): Total free blocks count 0
[  269.398753][ T6555] EXT4-fs (loop4): Free/Dirty block details
[  269.617925][ T6555] EXT4-fs (loop4): free_blocks=0
[  269.991614][ T6555] EXT4-fs (loop4): dirty_blocks=65
[  270.005905][ T6555] EXT4-fs (loop4): Block reservation details
[  270.025042][ T6555] EXT4-fs (loop4): i_reserved_data_blocks=65
[  270.083206][ T5831] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  270.308021][ T7246] loop4: detected capacity change from 0 to 64
[  271.709708][ T7252] loop2: detected capacity change from 0 to 40427
[  271.770210][ T7252] F2FS-fs (loop2): invalid crc value
[  271.889273][ T7252] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  271.910706][ T7252] F2FS-fs (loop2): Start checkpoint disabled!
[  271.920528][ T7252] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0
[  271.928141][ T7252] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  271.981135][   T30] audit: type=1800 audit(1761696847.118:47): pid=7252 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.270" name="file1" dev="loop2" ino=10 res=0 errno=0
[  272.893680][ T7264] capability: warning: `syz.4.271' uses 32-bit capabilities (legacy support in use)
[  273.034314][ T2989] kworker/u8:6: attempt to access beyond end of device
[  273.034314][ T2989] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  273.083379][ T2989] CPU: 0 UID: 0 PID: 2989 Comm: kworker/u8:6 Not tainted syzkaller #0 PREEMPT(full) 
[  273.083410][ T2989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  273.083426][ T2989] Workqueue: writeback wb_workfn (flush-7:2)
[  273.083464][ T2989] Call Trace:
[  273.083473][ T2989]  <TASK>
[  273.083491][ T2989]  dump_stack_lvl+0x189/0x250
[  273.083533][ T2989]  ? __pfx_dump_stack_lvl+0x10/0x10
[  273.083568][ T2989]  ? __pfx_queue_work_on+0x10/0x10
[  273.083595][ T2989]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  273.083627][ T2989]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  273.083672][ T2989]  f2fs_handle_critical_error+0x37c/0x540
[  273.083719][ T2989]  f2fs_write_end_io+0x886/0xb60
[  273.083765][ T2989]  __submit_merged_bio+0x27a/0x6a0
[  273.083810][ T2989]  __submit_merged_write_cond+0x255/0x530
[  273.083856][ T2989]  f2fs_write_data_pages+0x261d/0x3000
[  273.083920][ T2989]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  273.083942][ T2989]  ? __local_bh_enable_ip+0x12d/0x1c0
[  273.083985][ T2989]  ? srso_alias_return_thunk+0x5/0xfbef5
[  273.084014][ T2989]  ? cfg80211_inform_single_bss_data+0x13da/0x1ac0
[  273.084077][ T2989]  ? srso_alias_return_thunk+0x5/0xfbef5
[  273.084105][ T2989]  ? __lock_acquire+0xab9/0xd20
[  273.084137][ T2989]  ? srso_alias_return_thunk+0x5/0xfbef5
[  273.084189][ T2989]  ? srso_alias_return_thunk+0x5/0xfbef5
[  273.084221][ T2989]  ? unwind_next_frame+0xa5/0x2390
[  273.084270][ T2989]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  273.084295][ T2989]  do_writepages+0x32e/0x550
[  273.084333][ T2989]  ? srso_alias_return_thunk+0x5/0xfbef5
[  273.084361][ T2989]  ? reacquire_held_locks+0x127/0x1d0
[  273.084389][ T2989]  ? writeback_sb_inodes+0x384/0x1010
[  273.084436][ T2989]  __writeback_single_inode+0x145/0xff0
[  273.084472][ T2989]  ? srso_alias_return_thunk+0x5/0xfbef5
[  273.084504][ T2989]  ? do_raw_spin_unlock+0x122/0x240
[  273.084545][ T2989]  writeback_sb_inodes+0x6c7/0x1010
[  273.084583][ T2989]  ? __lock_acquire+0xab9/0xd20
[  273.084633][ T2989]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  273.084717][ T2989]  ? srso_alias_return_thunk+0x5/0xfbef5
[  273.084745][ T2989]  ? rcu_is_watching+0x15/0xb0
[  273.084774][ T2989]  ? srso_alias_return_thunk+0x5/0xfbef5
[  273.084813][ T2989]  wb_writeback+0x43b/0xaf0
[  273.084858][ T2989]  ? queue_io+0x301/0x590
[  273.084897][ T2989]  ? __pfx_wb_writeback+0x10/0x10
[  273.084943][ T2989]  ? _raw_spin_unlock_irq+0x23/0x50
[  273.084979][ T2989]  wb_workfn+0x409/0xef0
[  273.085027][ T2989]  ? __pfx_wb_workfn+0x10/0x10
[  273.085061][ T2989]  ? srso_alias_return_thunk+0x5/0xfbef5
[  273.085089][ T2989]  ? __lock_acquire+0xab9/0xd20
[  273.085126][ T2989]  ? srso_alias_return_thunk+0x5/0xfbef5
[  273.085158][ T2989]  ? srso_alias_return_thunk+0x5/0xfbef5
[  273.085191][ T2989]  ? _raw_spin_unlock_irq+0x23/0x50
[  273.085219][ T2989]  ? process_scheduled_works+0x9ef/0x17b0
[  273.085245][ T2989]  ? process_scheduled_works+0x9ef/0x17b0
[  273.085274][ T2989]  process_scheduled_works+0xae1/0x17b0
[  273.085337][ T2989]  ? __pfx_process_scheduled_works+0x10/0x10
[  273.085373][ T2989]  ? srso_alias_return_thunk+0x5/0xfbef5
[  273.085412][ T2989]  worker_thread+0x8a0/0xda0
[  273.085472][ T2989]  kthread+0x711/0x8a0
[  273.085515][ T2989]  ? __pfx_worker_thread+0x10/0x10
[  273.085543][ T2989]  ? __pfx_kthread+0x10/0x10
[  273.085574][ T2989]  ? srso_alias_return_thunk+0x5/0xfbef5
[  273.085607][ T2989]  ? _raw_spin_unlock_irq+0x23/0x50
[  273.085635][ T2989]  ? srso_alias_return_thunk+0x5/0xfbef5
[  273.085663][ T2989]  ? lockdep_hardirqs_on+0x9c/0x150
[  273.085693][ T2989]  ? __pfx_kthread+0x10/0x10
[  273.085729][ T2989]  ret_from_fork+0x4bc/0x870
[  273.085759][ T2989]  ? __pfx_ret_from_fork+0x10/0x10
[  273.085794][ T2989]  ? __switch_to_asm+0x39/0x70
[  273.085814][ T2989]  ? __switch_to_asm+0x33/0x70
[  273.085834][ T2989]  ? __pfx_kthread+0x10/0x10
[  273.085870][ T2989]  ret_from_fork_asm+0x1a/0x30
[  273.085913][ T2989]  </TASK>
[  273.085923][ T2989] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  273.311395][ T7271] loop0: detected capacity change from 0 to 16
[  273.577802][ T7271] erofs (device loop0): mounted with root inode @ nid 36.
[  274.497334][ T5141] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  274.498546][ T7271] netlink: 'syz.0.273': attribute type 15 has an invalid length.
[  274.536588][ T5141] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  274.606845][ T5141] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  274.621191][ T5141] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  274.640231][ T5141] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  276.653436][ T7299] loop2: detected capacity change from 0 to 128
[  276.912147][ T7021] bridge0: port 1(bridge_slave_0) entered blocking state
[  276.919374][ T7021] bridge0: port 1(bridge_slave_0) entered disabled state
[  277.643749][ T5141] Bluetooth: hci5: command tx timeout
[  277.662372][ T7021] bridge_slave_0: entered allmulticast mode
[  277.727534][ T7021] bridge_slave_0: entered promiscuous mode
[  278.901148][ T7021] bridge0: port 2(bridge_slave_1) entered blocking state
[  278.908317][ T7021] bridge0: port 2(bridge_slave_1) entered disabled state
[  278.966423][ T7021] bridge_slave_1: entered allmulticast mode
[  279.014128][ T7021] bridge_slave_1: entered promiscuous mode
[  279.770945][ T5141] Bluetooth: hci5: command tx timeout
[  279.942124][ T7169] chnl_net:caif_netlink_parms(): no params data found
[  280.164042][ T7325] overlayfs: missing 'lowerdir'
[  280.244387][ T7328] loop2: detected capacity change from 0 to 8
[  280.267813][   T78] hsr_slave_0: left promiscuous mode
[  280.520269][ T7330] loop0: detected capacity change from 0 to 40427
[  280.549079][   T78] hsr_slave_1: left promiscuous mode
[  280.561256][ T7330] F2FS-fs (loop0): invalid crc value
[  280.627363][ T7330] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  280.637037][ T7330] F2FS-fs (loop0): Start checkpoint disabled!
[  280.644806][ T7330] F2FS-fs (loop0): f2fs_disable_checkpoint() finish, err:0
[  280.652407][ T7330] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  280.664554][   T30] audit: type=1800 audit(1761696855.838:48): pid=7330 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.282" name="file1" dev="loop0" ino=10 res=0 errno=0
[  280.686253][   T78] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  280.858073][ T7328] SQUASHFS error: lzo decompression failed, data probably corrupt
[  280.873959][   T78] batman_adv: batadv0: Removing interface: batadv_slave_0
[  280.882179][ T7328] SQUASHFS error: Failed to read block 0x91: -5
[  280.888415][ T7328] SQUASHFS error: Unable to read metadata cache entry [8f]
[  280.896862][   T78] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  280.904391][ T7328] SQUASHFS error: Unable to read inode 0x11f
[  280.905632][   T78] batman_adv: batadv0: Removing interface: batadv_slave_1
[  281.443250][   T50] kworker/u8:3: attempt to access beyond end of device
[  281.443250][   T50] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  281.472260][   T50] CPU: 0 UID: 0 PID: 50 Comm: kworker/u8:3 Not tainted syzkaller #0 PREEMPT(full) 
[  281.472290][   T50] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  281.472306][   T50] Workqueue: writeback wb_workfn (flush-7:0)
[  281.472345][   T50] Call Trace:
[  281.472354][   T50]  <TASK>
[  281.472364][   T50]  dump_stack_lvl+0x189/0x250
[  281.472407][   T50]  ? __pfx_dump_stack_lvl+0x10/0x10
[  281.472443][   T50]  ? __pfx_queue_work_on+0x10/0x10
[  281.472471][   T50]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  281.472504][   T50]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  281.472553][   T50]  f2fs_handle_critical_error+0x37c/0x540
[  281.472602][   T50]  f2fs_write_end_io+0x886/0xb60
[  281.472654][   T50]  __submit_merged_bio+0x27a/0x6a0
[  281.472702][   T50]  __submit_merged_write_cond+0x255/0x530
[  281.472750][   T50]  f2fs_write_data_pages+0x261d/0x3000
[  281.472824][   T50]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  281.472870][   T50]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  281.472951][   T50]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  281.472989][   T50]  ? srso_alias_return_thunk+0x5/0xfbef5
[  281.473018][   T50]  ? look_up_lock_class+0x74/0x170
[  281.473066][   T50]  ? trace_f2fs_writepages+0x7f/0x200
[  281.473106][   T50]  ? f2fs_write_node_pages+0x478/0x6e0
[  281.473151][   T50]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  281.473195][   T50]  ? __lock_acquire+0xab9/0xd20
[  281.473231][   T50]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  281.473265][   T50]  do_writepages+0x32e/0x550
[  281.473305][   T50]  ? srso_alias_return_thunk+0x5/0xfbef5
[  281.473333][   T50]  ? reacquire_held_locks+0x127/0x1d0
[  281.473362][   T50]  ? writeback_sb_inodes+0x384/0x1010
[  281.473412][   T50]  __writeback_single_inode+0x145/0xff0
[  281.473448][   T50]  ? srso_alias_return_thunk+0x5/0xfbef5
[  281.473476][   T50]  ? do_raw_spin_unlock+0x122/0x240
[  281.473519][   T50]  writeback_sb_inodes+0x6c7/0x1010
[  281.473566][   T50]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  281.473622][   T50]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  281.473719][   T50]  ? srso_alias_return_thunk+0x5/0xfbef5
[  281.473747][   T50]  ? rcu_is_watching+0x15/0xb0
[  281.473777][   T50]  ? srso_alias_return_thunk+0x5/0xfbef5
[  281.473818][   T50]  wb_writeback+0x43b/0xaf0
[  281.473867][   T50]  ? queue_io+0x301/0x590
[  281.473909][   T50]  ? __pfx_wb_writeback+0x10/0x10
[  281.473958][   T50]  ? _raw_spin_unlock_irq+0x23/0x50
[  281.473996][   T50]  wb_workfn+0x409/0xef0
[  281.474049][   T50]  ? __pfx_wb_workfn+0x10/0x10
[  281.474086][   T50]  ? srso_alias_return_thunk+0x5/0xfbef5
[  281.474114][   T50]  ? __lock_acquire+0xab9/0xd20
[  281.474156][   T50]  ? srso_alias_return_thunk+0x5/0xfbef5
[  281.474189][   T50]  ? srso_alias_return_thunk+0x5/0xfbef5
[  281.474223][   T50]  ? _raw_spin_unlock_irq+0x23/0x50
[  281.474258][   T50]  ? process_scheduled_works+0x9ef/0x17b0
[  281.474284][   T50]  ? process_scheduled_works+0x9ef/0x17b0
[  281.474315][   T50]  process_scheduled_works+0xae1/0x17b0
[  281.474388][   T50]  ? __pfx_process_scheduled_works+0x10/0x10
[  281.474428][   T50]  ? srso_alias_return_thunk+0x5/0xfbef5
[  281.474469][   T50]  worker_thread+0x8a0/0xda0
[  281.474538][   T50]  kthread+0x711/0x8a0
[  281.474578][   T50]  ? __pfx_worker_thread+0x10/0x10
[  281.474606][   T50]  ? __pfx_kthread+0x10/0x10
[  281.474637][   T50]  ? srso_alias_return_thunk+0x5/0xfbef5
[  281.474672][   T50]  ? _raw_spin_unlock_irq+0x23/0x50
[  281.474700][   T50]  ? srso_alias_return_thunk+0x5/0xfbef5
[  281.474728][   T50]  ? lockdep_hardirqs_on+0x9c/0x150
[  281.474758][   T50]  ? __pfx_kthread+0x10/0x10
[  281.474795][   T50]  ret_from_fork+0x4bc/0x870
[  281.474827][   T50]  ? __pfx_ret_from_fork+0x10/0x10
[  281.474866][   T50]  ? __switch_to_asm+0x39/0x70
[  281.474887][   T50]  ? __switch_to_asm+0x33/0x70
[  281.474907][   T50]  ? __pfx_kthread+0x10/0x10
[  281.474944][   T50]  ret_from_fork_asm+0x1a/0x30
[  281.474993][   T50]  </TASK>
[  281.475003][   T50] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  281.811046][ T5141] Bluetooth: hci5: command tx timeout
[  281.841247][   T78] hsr_slave_0: left promiscuous mode
[  281.890946][   T78] hsr_slave_1: left promiscuous mode
[  281.900073][   T78] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  281.912512][   T78] batman_adv: batadv0: Removing interface: batadv_slave_0
[  281.920741][   T78] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  281.933193][   T78] batman_adv: batadv0: Removing interface: batadv_slave_1
[  281.968069][   T78] veth1_macvtap: left promiscuous mode
[  281.974806][   T78] veth0_macvtap: left promiscuous mode
[  281.980395][   T78] veth1_vlan: left promiscuous mode
[  281.985775][   T78] veth0_vlan: left promiscuous mode
[  281.993522][   T78] veth1_macvtap: left promiscuous mode
[  281.999099][   T78] veth0_macvtap: left promiscuous mode
[  282.026137][   T78] veth1_vlan: left promiscuous mode
[  282.041202][   T78] veth0_vlan: left promiscuous mode
[  283.948771][ T5141] Bluetooth: hci5: command tx timeout
[  284.068486][   T78] team0 (unregistering): Port device team_slave_1 removed
[  284.108142][   T78] team0 (unregistering): Port device team_slave_0 removed
[  284.881462][ T7354] loop2: detected capacity change from 0 to 40427
[  284.897780][ T7354] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  284.905576][ T7354] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  284.922750][ T7354] F2FS-fs (loop2): invalid crc value
[  285.015211][ T7354] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  285.028791][ T7354] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  285.035887][ T7354] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  285.287213][   T78] team0 (unregistering): Port device team_slave_1 removed
[  285.328695][   T78] team0 (unregistering): Port device team_slave_0 removed
[  286.256676][ T7021] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  287.447248][ T7021] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  287.701300][   T30] audit: type=1800 audit(1761696862.858:49): pid=7367 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.290" name="SYSV798dd814" dev="hugetlbfs" ino=0 res=0 errno=0
[  288.146525][ T7021] team0: Port device team_slave_0 added
[  288.719977][ T7021] team0: Port device team_slave_1 added
[  289.061965][ T7378] netlink: 180 bytes leftover after parsing attributes in process `syz.2.288'.
[  289.362384][ T7169] bridge0: port 1(bridge_slave_0) entered blocking state
[  289.374419][ T7169] bridge0: port 1(bridge_slave_0) entered disabled state
[  289.582098][ T7169] bridge_slave_0: entered allmulticast mode
[  289.592900][ T7169] bridge_slave_0: entered promiscuous mode
[  290.449999][ T7169] bridge0: port 2(bridge_slave_1) entered blocking state
[  290.471587][ T7169] bridge0: port 2(bridge_slave_1) entered disabled state
[  290.509467][ T7169] bridge_slave_1: entered allmulticast mode
[  290.811154][ T7169] bridge_slave_1: entered promiscuous mode
[  291.041205][ T7389] netlink: 165 bytes leftover after parsing attributes in process `syz.4.294'.
[  292.034935][ T7407] netlink: 165 bytes leftover after parsing attributes in process `syz.0.297'.
[  292.104607][ T7021] batman_adv: batadv0: Adding interface: batadv_slave_0
[  292.139311][ T7021] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  292.215898][ T7021] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  292.277429][ T7021] batman_adv: batadv0: Adding interface: batadv_slave_1
[  292.297214][ T7021] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  292.324257][ T7021] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  292.514649][ T7169] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  293.199672][ T7417] ==================================================================
[  293.207777][ T7417] BUG: KASAN: slab-use-after-free in radix_tree_next_chunk+0x385/0xb60
[  293.216027][ T7417] Read of size 8 at addr ffff8880229a7750 by task syz.4.300/7417
[  293.223739][ T7417] 
[  293.226058][ T7417] CPU: 1 UID: 0 PID: 7417 Comm: syz.4.300 Not tainted syzkaller #0 PREEMPT(full) 
[  293.226087][ T7417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  293.226102][ T7417] Call Trace:
[  293.226111][ T7417]  <TASK>
[  293.226121][ T7417]  dump_stack_lvl+0x189/0x250
[  293.226159][ T7417]  ? srso_alias_return_thunk+0x5/0xfbef5
[  293.226190][ T7417]  ? srso_alias_return_thunk+0x5/0xfbef5
[  293.226219][ T7417]  ? __kasan_check_byte+0x12/0x40
[  293.226244][ T7417]  ? __pfx_dump_stack_lvl+0x10/0x10
[  293.226284][ T7417]  ? srso_alias_return_thunk+0x5/0xfbef5
[  293.226314][ T7417]  ? rcu_is_watching+0x15/0xb0
[  293.226343][ T7417]  ? srso_alias_return_thunk+0x5/0xfbef5
[  293.226372][ T7417]  ? lock_release+0x4b/0x3e0
[  293.226399][ T7417]  ? __virt_addr_valid+0x1c8/0x5c0
[  293.226435][ T7417]  ? srso_alias_return_thunk+0x5/0xfbef5
[  293.226464][ T7417]  ? __virt_addr_valid+0x4a5/0x5c0
[  293.226500][ T7417]  print_report+0xca/0x240
[  293.226532][ T7417]  ? radix_tree_next_chunk+0x385/0xb60
[  293.226560][ T7417]  kasan_report+0x118/0x150
[  293.226585][ T7417]  ? radix_tree_next_chunk+0x385/0xb60
[  293.226619][ T7417]  radix_tree_next_chunk+0x385/0xb60
[  293.226655][ T7417]  idr_get_next+0x17a/0x340
[  293.226691][ T7417]  ? __pfx_idr_get_next+0x10/0x10
[  293.226732][ T7417]  afs_dynroot_readdir+0x520/0x9a0
[  293.226772][ T7417]  ? __pfx_afs_dynroot_readdir+0x10/0x10
[  293.226810][ T7417]  ? srso_alias_return_thunk+0x5/0xfbef5
[  293.226839][ T7417]  ? down_read_killable+0x1d1/0x350
[  293.226878][ T7417]  ? srso_alias_return_thunk+0x5/0xfbef5
[  293.226910][ T7417]  iterate_dir+0x399/0x570
[  293.226947][ T7417]  __se_sys_getdents+0xe4/0x250
[  293.226983][ T7417]  ? __pfx___se_sys_getdents+0x10/0x10
[  293.227017][ T7417]  ? __pfx_filldir+0x10/0x10
[  293.227057][ T7417]  ? do_syscall_64+0xbe/0xfa0
[  293.227094][ T7417]  do_syscall_64+0xfa/0xfa0
[  293.227127][ T7417]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  293.227151][ T7417]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  293.227181][ T7417]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  293.227205][ T7417] RIP: 0033:0x7fe29338efc9
[  293.227226][ T7417] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  293.227246][ T7417] RSP: 002b:00007fe294198038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[  293.227277][ T7417] RAX: ffffffffffffffda RBX: 00007fe2935e6180 RCX: 00007fe29338efc9
[  293.227297][ T7417] RDX: 00000000000000ad RSI: 0000200000000100 RDI: 0000000000000004
[  293.227313][ T7417] RBP: 00007fe293411f91 R08: 0000000000000000 R09: 0000000000000000
[  293.227332][ T7417] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  293.227348][ T7417] R13: 00007fe2935e6218 R14: 00007fe2935e6180 R15: 00007ffd5a54b928
[  293.227378][ T7417]  </TASK>
[  293.227387][ T7417] 
[  293.499624][ T7417] Allocated by task 7417:
[  293.503927][ T7417]  kasan_save_track+0x3e/0x80
[  293.508593][ T7417]  __kasan_slab_alloc+0x6c/0x80
[  293.513431][ T7417]  kmem_cache_alloc_noprof+0x367/0x6e0
[  293.518876][ T7417]  radix_tree_node_alloc+0x7e/0x3a0
[  293.524055][ T7417]  idr_get_free+0x2b3/0xa70
[  293.528535][ T7417]  idr_alloc_u32+0x159/0x2d0
[  293.533108][ T7417]  idr_alloc_cyclic+0x9b/0x1b0
[  293.537852][ T7417]  afs_lookup_cell+0xf61/0x1860
[  293.542691][ T7417]  afs_dynroot_lookup+0x27a/0x8c0
[  293.547701][ T7417]  path_openat+0x1101/0x3830
[  293.552277][ T7417]  do_filp_open+0x1fa/0x410
[  293.556760][ T7417]  do_sys_openat2+0x121/0x1c0
[  293.561416][ T7417]  __x64_sys_open+0x11e/0x150
[  293.566076][ T7417]  do_syscall_64+0xfa/0xfa0
[  293.570561][ T7417]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  293.576440][ T7417] 
[  293.578739][ T7417] Freed by task 7419:
[  293.582709][ T7417]  kasan_save_track+0x3e/0x80
[  293.587370][ T7417]  __kasan_save_free_info+0x46/0x50
[  293.592550][ T7417]  __kasan_slab_free+0x5c/0x80
[  293.597301][ T7417]  kmem_cache_free+0x19b/0x690
[  293.602052][ T7417]  rcu_core+0xcab/0x1770
[  293.606272][ T7417]  handle_softirqs+0x286/0x870
[  293.611013][ T7417]  __irq_exit_rcu+0xca/0x1f0
[  293.615583][ T7417]  irq_exit_rcu+0x9/0x30
[  293.619800][ T7417]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  293.625413][ T7417]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  293.631387][ T7417] 
[  293.633687][ T7417] Last potentially related work creation:
[  293.639373][ T7417]  kasan_save_stack+0x3e/0x60
[  293.644060][ T7417]  kasan_record_aux_stack+0xbd/0xd0
[  293.649243][ T7417]  call_rcu+0x157/0x9c0
[  293.653382][ T7417]  delete_node+0x1b6/0xa50
[  293.657775][ T7417]  radix_tree_delete_item+0x2b6/0x400
[  293.663126][ T7417]  afs_cell_destroy+0x16f/0x2c0
[  293.667962][ T7417]  rcu_core+0xcab/0x1770
[  293.672182][ T7417]  handle_softirqs+0x286/0x870
[  293.676922][ T7417]  __irq_exit_rcu+0xca/0x1f0
[  293.681491][ T7417]  irq_exit_rcu+0x9/0x30
[  293.685717][ T7417]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  293.691329][ T7417]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  293.697288][ T7417] 
[  293.699584][ T7417] The buggy address belongs to the object at ffff8880229a7700
[  293.699584][ T7417]  which belongs to the cache radix_tree_node of size 576
[  293.713957][ T7417] The buggy address is located 80 bytes inside of
[  293.713957][ T7417]  freed 576-byte region [ffff8880229a7700, ffff8880229a7940)
[  293.727645][ T7417] 
[  293.729952][ T7417] The buggy address belongs to the physical page:
[  293.736334][ T7417] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x229a4
[  293.745072][ T7417] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  293.753547][ T7417] memcg:ffff8880550a0001
[  293.757778][ T7417] ksm flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  293.765644][ T7417] page_type: f5(slab)
[  293.769603][ T7417] raw: 00fff00000000040 ffff88801a070000 ffffea000093f500 dead000000000003
[  293.778163][ T7417] raw: 0000000000000000 0000000080170017 00000000f5000000 ffff8880550a0001
[  293.786728][ T7417] head: 00fff00000000040 ffff88801a070000 ffffea000093f500 dead000000000003
[  293.795379][ T7417] head: 0000000000000000 0000000080170017 00000000f5000000 ffff8880550a0001
[  293.804026][ T7417] head: 00fff00000000002 ffffea00008a6901 00000000ffffffff 00000000ffffffff
[  293.812700][ T7417] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  293.821342][ T7417] page dumped because: kasan: bad access detected
[  293.827728][ T7417] page_owner tracks the page as allocated
[  293.833421][ T7417] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0x52810(GFP_NOWAIT|__GFP_RECLAIMABLE|__GFP_NORETRY|__GFP_COMP), pid 5827, tgid 5827 (syz-executor), ts 92740076725, free_ts 0
[  293.852412][ T7417]  post_alloc_hook+0x240/0x2a0
[  293.857163][ T7417]  get_page_from_freelist+0x2365/0x2440
[  293.862688][ T7417]  __alloc_frozen_pages_noprof+0x181/0x370
[  293.868472][ T7417]  alloc_pages_mpol+0x232/0x4a0
[  293.873304][ T7417]  allocate_slab+0x96/0x350
[  293.877793][ T7417]  ___slab_alloc+0xe94/0x18a0
[  293.882449][ T7417]  __slab_alloc+0x65/0x100
[  293.886843][ T7417]  kmem_cache_alloc_lru_noprof+0x3ef/0x6d0
[  293.892656][ T7417]  xas_create+0x116b/0x1b90
[  293.897144][ T7417]  xas_store+0x95/0x1880
[  293.901366][ T7417]  __xa_store+0xe9/0x210
[  293.905592][ T7417]  ref_tracker_dir_debugfs+0x1c4/0x270
[  293.911028][ T7417]  alloc_netdev_mqs+0x272/0x11b0
[  293.915946][ T7417]  rtnl_create_link+0x31f/0xd10
[  293.920775][ T7417]  rtnl_newlink_create+0x25c/0xb00
[  293.925862][ T7417]  rtnl_newlink+0x16e4/0x1c80
[  293.930528][ T7417] page_owner free stack trace missing
[  293.935865][ T7417] 
[  293.938166][ T7417] Memory state around the buggy address:
[  293.943770][ T7417]  ffff8880229a7600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  293.951808][ T7417]  ffff8880229a7680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  293.959866][ T7417] >ffff8880229a7700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  293.967899][ T7417]                                                  ^
[  293.974544][ T7417]  ffff8880229a7780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  293.982579][ T7417]  ffff8880229a7800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  293.990633][ T7417] ==================================================================
[  294.193690][ T7417] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  294.200915][ T7417] CPU: 1 UID: 0 PID: 7417 Comm: syz.4.300 Not tainted syzkaller #0 PREEMPT(full) 
[  294.210101][ T7417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  294.220147][ T7417] Call Trace:
[  294.223417][ T7417]  <TASK>
[  294.226334][ T7417]  dump_stack_lvl+0x99/0x250
[  294.230929][ T7417]  ? __asan_memcpy+0x40/0x70
[  294.235518][ T7417]  ? __pfx_dump_stack_lvl+0x10/0x10
[  294.240713][ T7417]  ? __pfx__printk+0x10/0x10
[  294.245296][ T7417]  ? srso_alias_return_thunk+0x5/0xfbef5
[  294.250925][ T7417]  vpanic+0x237/0x6d0
[  294.254915][ T7417]  ? __pfx_vpanic+0x10/0x10
[  294.259418][ T7417]  ? preempt_schedule_common+0x83/0xd0
[  294.264872][ T7417]  ? srso_alias_return_thunk+0x5/0xfbef5
[  294.270503][ T7417]  ? preempt_schedule+0xae/0xc0
[  294.275349][ T7417]  panic+0xb9/0xc0
[  294.279069][ T7417]  ? __pfx_panic+0x10/0x10
[  294.283545][ T7417]  ? srso_alias_return_thunk+0x5/0xfbef5
[  294.289176][ T7417]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  294.295518][ T7417]  ? radix_tree_next_chunk+0x385/0xb60
[  294.300976][ T7417]  check_panic_on_warn+0x89/0xb0
[  294.305924][ T7417]  ? radix_tree_next_chunk+0x385/0xb60
[  294.311374][ T7417]  end_report+0x78/0x160
[  294.315604][ T7417]  kasan_report+0x129/0x150
[  294.320096][ T7417]  ? radix_tree_next_chunk+0x385/0xb60
[  294.325554][ T7417]  radix_tree_next_chunk+0x385/0xb60
[  294.330837][ T7417]  idr_get_next+0x17a/0x340
[  294.335342][ T7417]  ? __pfx_idr_get_next+0x10/0x10
[  294.340370][ T7417]  afs_dynroot_readdir+0x520/0x9a0
[  294.345493][ T7417]  ? __pfx_afs_dynroot_readdir+0x10/0x10
[  294.351147][ T7417]  ? srso_alias_return_thunk+0x5/0xfbef5
[  294.356777][ T7417]  ? down_read_killable+0x1d1/0x350
[  294.361975][ T7417]  ? srso_alias_return_thunk+0x5/0xfbef5
[  294.367608][ T7417]  iterate_dir+0x399/0x570
[  294.372027][ T7417]  __se_sys_getdents+0xe4/0x250
[  294.376879][ T7417]  ? __pfx___se_sys_getdents+0x10/0x10
[  294.382332][ T7417]  ? __pfx_filldir+0x10/0x10
[  294.386927][ T7417]  ? do_syscall_64+0xbe/0xfa0
[  294.391610][ T7417]  do_syscall_64+0xfa/0xfa0
[  294.396115][ T7417]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  294.402175][ T7417]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  294.407816][ T7417]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  294.413695][ T7417] RIP: 0033:0x7fe29338efc9
[  294.418098][ T7417] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  294.437691][ T7417] RSP: 002b:00007fe294198038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[  294.446108][ T7417] RAX: ffffffffffffffda RBX: 00007fe2935e6180 RCX: 00007fe29338efc9
[  294.454070][ T7417] RDX: 00000000000000ad RSI: 0000200000000100 RDI: 0000000000000004
[  294.462032][ T7417] RBP: 00007fe293411f91 R08: 0000000000000000 R09: 0000000000000000
[  294.470021][ T7417] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  294.477982][ T7417] R13: 00007fe2935e6218 R14: 00007fe2935e6180 R15: 00007ffd5a54b928
[  294.485953][ T7417]  </TASK>
[  294.489167][ T7417] Kernel Offset: disabled
[  294.493494][ T7417] Rebooting in 86400 seconds..