last executing test programs:

20m31.756816736s ago: executing program 32 (id=10):
userfaultfd(0x180802)
epoll_create1(0x0)
syz_clone3(&(0x7f0000000080)={0x901400, &(0x7f0000000040), 0x0, 0x0, {0xa}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r1 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1})
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1600000004"], 0x50)
io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
ftruncate(r2, 0x2000009)
sendfile(r0, r2, 0x0, 0x7ffff004)

20m1.97051705s ago: executing program 33 (id=88):
prctl$PR_GET_THP_DISABLE(0x2a)
syz_read_part_table(0x5d3, &(0x7f0000000600)="$eJzs1L1LZFcUAPDzxp11NBtG0oWkWNgh1YYtttDCgYQwDjZRQhJSpE5IYQrBwkJG0NroP5AQPyDYSHpLE4ugoKQQS5kulcbGIrzw5t3BSRcwRJTfr7gf5977zsV7nOBBq0S1mobDvfbNoqmOplm5UKtHZFlELEfEX5Uy+jQiPtttTU0/n/3wk08rEbUi2nr3j95qls7m6Tu/pPlMOR8qmtGIq92xoxenh42t9NHYr5RZ5i62673A1xtppTZw66H/+K/AQ7XX/LW+sjr/dG2xWUy7r2M0egU9vjlZlNoXqbB6dZVHdfBsnuedO+ePKPL3C7LbOJnYOc5nLvNSZ+BfgUdor/gZXJ1vF91Zv7puPn7vp4VXL986P+isp9e/Tv1tAVbv4bYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBjtjcS9ZVOJSI+iIiR7uuv3m+9813r243xzcnO528/6+/br5R9LSKy2+NP7py/mWUrq/PttcXmN8vtpW7jZGLnOJ+5/D77F4f/vGt27lv/mYv3P2svdX8YSYGFVy+z84POetpwPVAPtf/9lgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAQ9Kamn5eTeMvoxLxpBznw2WfpbWfU5+nwPTwUPz420dXu2NHL04PG1uz27/3d9+8ERFzF9v1f2Ya6w9q/cGziCIj9+jvAAAA///IFWaw")

17m44.959802181s ago: executing program 34 (id=513):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb010018000400000000000c00"/32], 0x0, 0x2b, 0x0, 0x1}, 0x28)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300))
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
socket$inet6_udplite(0xa, 0x2, 0x88)
pipe2(&(0x7f0000000040), 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f00000001c0)=[@in6={0xa, 0x4a21, 0xdec, @private2, 0x6}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000200)={0x0, 0x800, "69a2c521bb4fdf5d1c5e64724bab22cfb072ea626356e0a1c4738d19c16c3690b61a3e5dd116583260fa790bfcfed72da69ff7eb9512733c81ee584ea9668546ef072bae75b095316bd50ae7d8db30cd9bd7897fcd780fe489ac9168c06fa7b7e4f0a798828dff4de510cf7dc76f7cb9b2a74d2385377069d7598da6e2969f18bfe03a9bce3a9b353109a60530be457b026dad169666fd8fe7452405fcee24e9912cc78dec917233e65efd68b5b8561680d599700dc966402eb5bacaf9f9483dc765919b235b380592be297c1175474db4605bfe73f4e83ba43f11c9224aab29436fc0c170fd2074fe55df35731030ce40de55c6a88fc4dbcf3c73a51ee36b07dc1a769fb60cb6e4118a18ecf87fe4671a319928816639a72d1d15b8511d64fc4f21fccb864ba7bcd42b05a99441221fcc03ae2fb2083d9f7d0d4d26627e861f9a5be96c5636ac4131f258290fe52da28b447e6e8393f016b4f8b17ef1afa579976541adfb8351e4ccbef67db12ed4ada30d4e59f403ca4b3b2fd50334103407c867995dd34499396eecd56eb5cd80ca3c1835e65f3d64f0a9fbb3e9bc23e6d78aeab1effdc1855fbbf8ef77bf567693dea2c594b1fd4800b05da2678a89f908956fe3384087a9d248ae2798504db49c65caa0a9551727eb7933c2017d2268bf72abe62fecc8ddbe56534a978915478118b985ecd13b466e487f2d7c79cff4aeef8ea12a9adf6da7f7156e235404c2b85d8e59a35c89cd7c6e0934796dc4357740491ebaefd71142b393479e7eb8466f573b33b763862fa7821113c396410bc6f9fb7cb57dec36563d84deca70d6ab756e2a7e8c0aba262e5ca0ba6b94c4f7974450663abd63f10c74196afc29137f56ec82c8a503db24165759d8b7eae8be8ac7e26b1f704c352a46b53bd1010b3ddaa7bf532e7046811b27c63a7ed43b1470d167c6ab96f46ecfc5b4e28cc5ecf181ae13697f670da50e0b4c60b0e6660e5b83863b4722b04b2e1180db69d70643acafe393696fb1f1812cd554092fef66747ca0666fe4f14c59f41f38f2c0c39d6a2c20c27d96e957c4047a594685aeffd8addf46727d446e2dcd45e7e335d0e5758388ffaff401209c5cb1e0681d9d418a1eef297dff948f5f3b978645eeb512ead89c4792aed813b681c45c69e92ae289de18fca3b584fa2dfc614787d3c60f4ba44ec1244442c70593b02afdaedcde888fe5c93599c19f37b8758db3ea782c12c8dd79e7a0f60a1f2a89d1bc1a8d0fcf77e84d4ff0aa98f8415d026df90d078b8e76111d28adebb33893db9e50882bd836912ba9641d88b20d80f0496302dd9fb550d64a3e860b22c87732d33c6a6689e6f0c06503b9f271cc02ca12debb13b268d2e02f4aedfc875ee6830f7a0b0d0b14494166ae09ea5f6d014409d7afbaa28cb286c5ad48e2f654a808f516a79b2755de0fc03e1b4913bdf3f1189dfb41dd7a7374f76fc6441f8a6fad726c2fd87be567c040379ed4684a844a30b5d23aa755bf987f9426800892fd99036856758596bfcb345a8b97690acb5be67f30abfa436404cddffcf242ac2adec157c775feda46795b04b2eabe1b02d37f0171943b16e88826bf663e0d41edeefa7720f06c5be79868bfb238bdb27128507560fd670aaba0b0d520511a0a552099ae04d300860a2b8f0a5e042838175e4c74fbfd9a03b41e36648a4ce453c8eb840e5a9922f01b8a93ad3093803b32745ce7bbc1520baf95c34028cf49cba4bab4fa9c46db94d4f1507b8018433c99b7851ab8e5b4cb6778b2ad2f241226a77f1944eb208c0a535d1dba1b18a8aa3634cee208284a3bbe5e76cde329555f1ea3d87eab56c563b5ba96a8bbf4569f65d88578b0dc885e78d130f1281f003e9e8e79201b46b748bb2e7c71e1807527cbf05ac705c1a2a5593c621eb2509be46312e0957e0859da8ad681124d29bf88940d13923d3df987d9f56e5d244e4670fb6af11c43fbb22b406688bb4ec679a5c732ddb08a0bc809a2794641d369ba810fdb127a57eadb7f064e5534d04d4d7c52ddf35fbd4f784f472f6fd1d16498d862140c2952838d7fcdeab7f703c20559e07bd6fd3b6d620069032b8ab74fbd090def8feaf78a393b59ff866ed92110a6ce11b3c20127d551a6f11afe673450d71838070d46901c45f611dccf35e2329216f1e21c228bd5dde09d9ca4c53de120dd0a703948910f3afb246230bf55f65729308194925dbf9743e50584a543523d2274539086bcf0d29fdf7f39dc878c0182a86629dbbed369cf81dbc554d7d41d30c00701622d1680b4197a7d67c50e8ed67bafdcd65b83cc4e824648576db32e36067a426ab8226148192d0c318d99cbbb2b1fc357eb5071c4c0faaf3c5759773ecb9a34250fa187d5d6d4d2d83d7386ddf65a4225522e4084d42d512713fa785a1334bbd5bc29bec9a33422bc90809aace1167dbd8e9a7607f4a91d351003f248dbf3f6eda8c84998d2c3dec275022f325d64f0e75e95e4db0ad5a6bff42c66c767c0b89501aee07d35fb78038f6c673565ad030ae093d1632d75671b1a36fa7e9b003db6447bf168744bcc374579149439f12cfa9b9dbed0bf658aff09219b11de2b1edb6ef293899461869ce87fecf5a78f0b763b87574a518caf5defae34819bed524968c926c7ec3bf7defc810b52ffa20f2aad68d5df2be75ea7bd242c32affa5b339cbf3987e52b023cad0c1907bb7f2a1ff3179a32780b552c31cb375a344c3b0a0e330ca04031db2fb17f24689992a0f5c7b5fac337f587237421d698bd8cd94b7f2cb81606e67b7ae69c8e856ea671f8ce4303b43701587102017b049efe5a7870badadc8faff8e4afb5ca25258b7e01b5b16bc3df1396477df7120b44d7bbdac3de"}, &(0x7f0000000100)=0x808)
r1 = timerfd_create(0x8, 0x0)
timerfd_settime(r1, 0x3, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = syz_clone(0x20300000, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4(r2, 0x0, 0x80000000, 0x0)

16m37.811897472s ago: executing program 35 (id=645):
syz_clone(0x2000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000002c0)='children\x00')
read$alg(r0, &(0x7f0000000580)=""/4096, 0x1000)

16m24.582622334s ago: executing program 36 (id=675):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="380000000314230c2abd7000ff05df250900020073797a310000000008004100727865001400330073797a5f74756e"], 0x38}, 0x1, 0x0, 0x0, 0x48845}, 0x4000)

16m21.786621109s ago: executing program 37 (id=688):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000017c0)=ANY=[@ANYBLOB="b702000002000000bfa300000000000007030000007effff7a0af0ff3f00000079a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000050404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf27fb6d2c643db7e2d5fb4b0936cdf827fb43a431ca711fcd0cdfa146ed3d09a6175037958e27126e225b7937f02008b5e5a076d83923dd29c034055b67dafe6c8dc525d78c07f34e4d5b3185b310efcfa89147a09000000f110026e6d2ef831ab7ea0c34f17e3ad6eecbb6220fd8d4b470e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b0a341a2d7cbdb9cd38bdb2ca8e050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c214733a18c8b6619f28d9961b626c57c2691208173656d60a17e3c184b751c51160fbcbbdb5b1e7be6148ba532e60a0ac346dfebd31a08060000000200000000000000334d83239dd27080e71113610e10d858e8327ef0420f0000cac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e957bc73ddc4eabba08ab1e1ad828267d4eadd3964663e885340133f7130856f756436303767d2e24f29e5dad9796edb697a6ea0182babc190ae2ebf8aad34732181feb215139f15ea7e8cb0bae7c34d5ac5e7c805210600000000000000c3dec04b25dfc17975238345d4f71ab158c36657b7218baa0700f781c0a99bd50499ccc421a8223fe5308e4e65ee93e107000000f8ddeff70132a4d0175b989b8eccf707882042e716df9b57b290c661d4e85031086197bcc5cb0e221a0c34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b12000000000000000030711c599e1c72ffa11ed8be1a6830d7507005154c46bd3ca96318c570f0721fc7aa2a5836ba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf70a9d1cdac944779dc08a705414888700a30e2366c6a06b3367a389ca39059787790017b0689a173db9c24db65c1e00015c1d093dabec3d18fd0699ff3304000000323e9c7080397bc49d70c060d57bc88fbe3bbaa058b040362ab926150363fb099408885afc2bf9a46a076b7babfcddeff8c35030669ea69f5e4be1b8e0d6697e97186f9ae97d5670dba6623243643db9dec75070cd9ab0fda6b069ef6d2857ca3e4effcf7462710d133d541da86e0477e4a6cc999dc21c3ef408e69578e7c9f274d7fafc8d757d33dfa35aa2000034837d365e63845f3c1092f8dde8af3904ea7e764dde8725d2b4a0f873339c4cadecc13219ba7518aa4f7db34ead13484742067ab743c1d82a5687f2ed690000000000000000000000000000000000000000000099d4fa0000000000003f0ecdc7c82e72919c91d2039afe17e95edeeeba72205beff7771bcb293747b88486cacee403000000a2919a4bff2ed893f2c814679fa69fc7e0cf761f918725704a01c56009a9f748e5aaf30a10b98c409b1870c1f75e26b45264e3d3f8e0048e55ae289ce2ad779ce71d4dc30cbb2cc4289d2f884d66cddc76eb7f601110ff39053c262279f4ef00fbdb8c328615a9ec84f27a9f3938ae736138b8c1ec220c1540bf3d162dc1c27fa30f0dc60b9f257db5d1c7ed2e152cb2cf06f8edb30177fead735a952ffce676a93110904d5ee2abdab2ef3ff84c4d61443f73552195c7ccfbf9f03c44432eaa3b7501d4239354da8de21eada75d3a3afb2c76ff0700007981699b6c0f0e946766f57544ff52cef0dd811bec4e3c0a30f2d7d19d26d2503a3ea376721b8eded3bc475958dd498ee2b2d6146e33fc0de1dc2e0516ac565ddb1d4ae89e6712824a85eb9ee0a3b68c9e209756623adf685dd715d68ed11e4b4d5502f5924948f8f98c615cac3666c58f785c3f758be352a71871d5c081197d37980e4f4e26b5476f9e0407ff7098b7174bef66fa03a99b5c0c20b378065fac4ef9ac2d0d804b9400000060e5d3f1749f6aecf69ba83a71caa9bdddc679f1b826f54b6563a4be1fd82b73c8c2bc65f63982b951fb058fd3c7b6341c4580376b6c16bd96d2da66059de81abfa1acc9f889555eeeb88b6ae5882ad341032c73f1285e21fff5a1d138e061b1dc7bbda199b5fab8e0719e9cd69b4fdc08000be6a3a73afdf328132e1d4f21065716be0c53a23940d07188b015fa341dbc92231c8b5e5717eac184f46c9f61b69f55cd9b31bcf821052429a1f250e8b734be0605a15f25923d599544b319319ff0a32621019347df460a098119a6f47eb1bac4794680f3037f250e96f61cb20d46d7a009cbc6ec74c19a93cc7c7138b28c95270116181fd5f553573c48104d2ad0e10d3663488e664401413f22f0d76d2162635365258af61ae1f46f4a7862f302d91e3f7c2781f602220522e84602a939a8d5e4137ae31ccd397404dc72e06715a6503d4d865182803ee6725da7293b23daeebefd6fce7411c9624a7e8d5ba5a13e1c32adc4f3274497c6882a72475e4280a4d9a47c003c6ed3071330c58145be813a10788a720a6b5a498ca2b42496c479a0a71e2f6f9bad8c84bc6be20281bde0b348cf2c60530000000000000004b023e4954c9eb6cd70627f5c03edd4f5ce48b8a874c852064dd0efafc3df20ec8faf3d194db76127f88f1b4fa1b71ab964fdd2474471da76373e65e9a8bf844bdfdd348bc7d00c4c7e7afe8a1f8cde79b7a6c5aafe954b8b310900000c14b37c23f9f614576b689436fef2f27f8b1e756e00262e22bca49c43fd73e7e99b2fa44a8c1d8e80311895f0b99c2cf2735ad6c5fabf082e0df0f8ba7e24272165f2f5b28230c02b53d44b57e96bbb96b5e1f165c87e7ad68a3600b3d357fa9a7d53c281d88ebb175a4dbb82130e6870982947913110f091d21760d985afd3163f2e6880682432f9b3b97d57a9f980edfa1116a3d04d58872a07d6a7e12db6e3080000000000003e71943fe2c1c65a3cf36b955c56b55bfd3ecf0af694c71a03f27b6c15b1ba971de1cb9c7e6a000000000000001478b2a78f9abfefce4448303ef54c71199317413f98dca8ff3d0bda50f6c0af58dbd6c031b1a5a7512c5896514adfa17d31429c68db50a93d88199defd3b462426ff9293a28a544a6a9e2279b55daa1b3c6b14c4ec6d164e902ce4913843d65d841973468729ea12bf6d3499036dbb66718b3497855c3baa6cc07c0fa388ec9df0617c1a28ef5a595ee267a76175b8a057e6efaf4fefe46def451f2858fe71a53e77b1a44e98843bb3a40102da3703dfb9f61bdcea2fb810b32d52e2157a150a63ea6135d1cf6f864c2e68884d7245bc5f61dc5a114d10ffb22e76678bbfc1e3865d17d128306d1b81884a934cb00000000000000000098a4526e6485987dbc63bff7590eb388afaba43d811996333eef7e9f472bee293f0c40d434cbd52325296e22802475edb5c590ad208bac683a8b2d4c9d2d57ff846ae8c422e0b28546671f11d8157bb762c91f3fbcca8e21589c92446ae65d408c0637ffcc2d44d715ce003dd1e12b085e186d069a55c2e96efbe5024d61a56a36d988c0f51a973a1471bab551bd6beae7dbf58530136c238e545b28211a92000000001501ae7d7cc75007e8ff56e6d8d72af0fcd540a9d4e293690c5e697b3a1480e46df5371bca1cfb28a57c1b3c956ec81397e81fbf870a67385fea04220423f52ad8178b9fd04bdc7e5fee4bd52db9966addf4877204047be633792118efdb6b88023e80da74fdf723c7f000000009f13c7e851dfc91ec01219af568825de0cedd55a92eafe9edd98a8529d64cbaa0b9f89f391b2db7369e934085e486b946a4558c68e195af1a6e6e878609f9ed7406dc9c93a5d5cc76e037d66abe4fe54f18b4c969814c7f2094ebe736ef0f0cd65b90942f2e8de44f6fd69a94ca27bb6d92e2282d4a0b0ee3abe30d877579aed9b54f460247890aed19ef12e45097631548d8639fb2b6eb9b41c7e89ee7223cdeae1b2d02cf664df99e4a661feecb63953a4d86f3060372861ac184824b7a4fd1c605128f1307f2bba91b9fbfe2884639073c1d51e42feeb5312b23b8e1e468aa31ea8e7597f5eb6ad1897a04afc8369ebec808165218b625a64a237ed01636880f70f0ed"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x4b}, 0x48)
unshare(0x4a000200)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
ioctl$TUNSETLINK(r1, 0x400454cd, 0x301)
write$tun(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000500)="7c00330700000000000800008100", 0x0, 0x469, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

16m15.051792086s ago: executing program 38 (id=700):
set_mempolicy(0x6, &(0x7f00000003c0)=0x8000000000000001, 0xe0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
unshare(0x4a000200)

16m7.018610064s ago: executing program 39 (id=713):
r0 = socket$nl_route(0x10, 0x3, 0x0)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0f000000040000000400000002"], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
unshare(0x20000800)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[], 0x48)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={r1, 0x9e, &(0x7f0000000140)}, 0x5)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r0, 0x8983, &(0x7f00000000c0)={0x0, 'macvlan1\x00', {0x3}, 0x6})
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = syz_clone(0x41000100, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'macvlan1\x00', <r5=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="280000001300010600000000e4fedbdf25000000", @ANYRES32=r5, @ANYBLOB="242400002019000008001300", @ANYRES32=r4], 0x28}, 0x1, 0x0, 0x0, 0xc0008c1}, 0x20048000)

11m20.166537103s ago: executing program 40 (id=2041):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010000004"], 0x48)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3000001, 0x11, r0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[], 0x48)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
sendmsg$sock(r1, &(0x7f00000108c0)={0x0, 0x0, 0x0}, 0x80)
mount$fuse(0x0, 0x0, 0x0, 0x404, &(0x7f0000002140)=ANY=[])
read$FUSE(0xffffffffffffffff, 0x0, 0x0)

6m47.97251524s ago: executing program 2 (id=4150):
r0 = syz_usb_connect(0x0, 0x0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)

6m47.317835508s ago: executing program 2 (id=4153):
syz_emit_ethernet(0xbe, &(0x7f00000007c0)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaabb88fb450000b0000000041011907864010101ac1e000100004e20009c90780100000000000000bdb8f55dd35fa782f8feb7ac12080de2ff8a3fc6f24fefaeb21dc30a783173a307e1f1a94a61fca666f982fc264581888c29d5916bbaf31c37082ee0fcff63afac478cbc5e7112b599235703ed03535c4878337652621f3f6e20f6bff2698850a739f8b0c1afe0b6bcb5bd4d88ac3f052e8a63f87110bf857853530b285b9248b8359c0c2403987c7a879038"], 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x16, 0x0, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
r2 = socket(0x1, 0x803, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080))
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="7fff0000000000002800128009000100766c616e000000001800028006000100340200000c0002001f0000001e00000008000500", @ANYRES32=r3], 0x50}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
socket(0x1, 0x803, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=ANY=[@ANYBLOB="500000001000210400000000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="adffa888e16000002800128009000100766c616e00000000180002800c0002000e0000000a000000060001000001000008000500", @ANYRES32], 0x50}}, 0x2)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'veth1_to_hsr\x00', <r6=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r6}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)

6m46.988800361s ago: executing program 2 (id=4156):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0x8, 0x100})
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x20400)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000340)={0xda2, 0x8166, 0x7})
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000340)={0x8, 0x8169, 0x6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000280)={0x40, 0x403, 0xc})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000040)={0x49, 0x1, 0x4})
dup(r1)
close_range(r0, 0xffffffffffffffff, 0x0)

6m46.788753968s ago: executing program 2 (id=4159):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
umount2(&(0x7f0000000140)='./file0\x00', 0x0)

6m46.615936006s ago: executing program 2 (id=4160):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdc01, {0x0, 0x0, 0x0, r2, {0x0, 0xd}, {0xffff, 0xb}, {0xffff, 0xffe0}}}, 0x24}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890)

6m46.407868686s ago: executing program 2 (id=4161):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x400000000a882, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x28011, r1, 0x0)
preadv2(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0xffe00}], 0x5, 0x101dff, 0x0, 0x1f)

6m45.924840368s ago: executing program 41 (id=4161):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x400000000a882, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x28011, r1, 0x0)
preadv2(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0xffe00}], 0x5, 0x101dff, 0x0, 0x1f)

3m44.704451356s ago: executing program 3 (id=4788):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x3, 0x8, @loopback, 0xfffffffe}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x3c)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_128={{0x303}, "71601cb794b787dd", "561594d873ac3ce2000400", 'rK>>', "ee64a70000000288"}, 0x28)
sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)=[@ip_tos_int={{0x14, 0x11a, 0x1, 0x8}}], 0x18}, 0x0)

3m44.531300314s ago: executing program 3 (id=4789):
syz_emit_ethernet(0xbe, &(0x7f00000007c0)=ANY=[@ANYBLOB], 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x16, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00'})
r0 = socket(0x1, 0x803, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080))
socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x1, 0x803, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=ANY=[@ANYBLOB="500000001000210400000000fedbdf2500000000", @ANYBLOB="adffa888e16000002800128009000100766c616e00000000180002800c0002000e0000000a000000060001000001000008000500", @ANYRES32=r3], 0x50}}, 0x2)

3m41.919985288s ago: executing program 3 (id=4793):
listen(0xffffffffffffffff, 0xfffffff8)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, 0x0)
r1 = syz_open_procfs(0x0, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
preadv(r1, &(0x7f0000000740)=[{&(0x7f0000000200)=""/6, 0x6}], 0x1, 0x400, 0x101)

3m41.655065749s ago: executing program 3 (id=4794):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4000000}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000c80)='./file1\x00', 0x210000, &(0x7f0000000180), 0xfa, 0x5a5, &(0x7f0000001600)="$eJzs3U9rVFcbAPDnTiZRo+9r5BV520URXNRinZikfywUtKtSWqnQ7u2QjEEycSQzEZMK1UXddFOkUEqF0g/QfZfSL9BPIbSCFAntohRS7uROnCQziUkmzuj8fnD1nDn3eu7juefMOXNnuAH0rePpH7mIlyLi6yTicFNZPrLC4yv7LT2+OZluSSwvf/JHEkn2WmP/JPv7YJb5f0T88mXEqdzGeqsLizPFcrk0l+VHa7PXRqsLi6evzBanS9Olq+MTE2ffnBh/5+23Ohbraxf/+u7j+x+c/erE0rc/PTxyN4nzcSgra45jF241Z44X/8lSg3F+3Y5jHaislyTb2fnA3p0H2zOQ9fPBSMeAwzGQ9XrgxfdFRCwDfSrR/6FPNeYBjbV9h9bBz41H760sgOqxDzXHn1/5bCT219dGw0vJmpVRut4d6UD9aR0//37vbrrF5p9DrF81W0UDu3LrdkScyec3jv9JNv7t3Jn6h8ebW19Hv73/QDfdT+c/r7ea/+VW5z/RYv5zsEXf3Ymt+3/uYQeqaSud/73bcv67OnSNDGS5/9TnfIPJ5Svl0pmI+G9EnIzBfWl+7f2c/WtyZ5ceLLerv3n+l25p/Y25YHYeD/P71h4zVawVI2Jot7GnHt2OeDnfKv5ktf2TFu2/7lbXpo6V7r3Srmzr+PfW8o8Rr7Zs/yd3tJLN70+O1q+H0cZVsdGfd4792q7+bseftv/w5vGPJM33a6vbr+OH/X+X2pWl8Q/v4PofSj6tpxud4EaxVpsbixhKPtr4+viTYxv5xv5p/CdPrMS/drKS2/T6Txdfnz1l/HeO3mm7ay+0/9S22n/7iQcffv59u/qfbvx7o546mb2SjX+tZdfKVuf1v93+xwEAAAAAAEAPykXEoUhyhdV0LlcorHy/42gM58qVau3U5cr81amo/1Z2JAZzjTvdh5u+DzGWfR+2kR9fl5+IiCMR8c3AgXq+MFkpT3U7eAAAAAAAAAAAAAAAAAAAAOgRB9v8/j/120C3zw7Yc/UHG+zr9lkA3bDlI/878aQnoCdt2f+BF5b+D/1L/4f+tb7/d+TJwsBzwfs/9C/9H/qX/g/9S/8HAAAAAAAAAAAAAAAAAAAAAAAAAACAjrp44UK6LS89vjmZ5qeuL8zPVK6fnipVZwqz85OFycrctcJ0pTJdLhUmK7Nb/XvlSuXa2HjM3xitlaq10erC4qXZyvzV2qUrs8Xp0qXS4DOJCgAAAAAAAAAAAAAAAAAAAJ4v1YXFmWK5XJpbTeSzkrmNRU+TGNrd4TtLpBXuXRXn4tlE0bXEuazNdnR4vlei2JvE+wM9cRq7SdzOmnd7Rz37sQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2vk3AAD//w99H+4=")
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000280), 0x8, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
timerfd_settime(0xffffffffffffffff, 0x3, &(0x7f0000000000)={{0x77359400}, {0x0, 0x3938700}}, 0x0)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000002180)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r3, 0x40086602, &(0x7f0000000000))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0xd, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB], &(0x7f0000000480)='GPL\x00', 0x2, 0x0, 0x0, 0x41000}, 0x94)
mremap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4000, 0x0, &(0x7f0000001000/0x4000)=nil)
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={<r5=>0xffffffffffffffff})
getsockopt$sock_buf(r5, 0x1, 0x4a, 0xffffffffffffffff, 0x0)
r6 = ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r6)

3m41.653748032s ago: executing program 5 (id=4795):
socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x2000c890}, 0xc8d3)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8)
syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff)
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
socket$unix(0x1, 0x1, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x0, @null, @bpq0, 0x0, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000140)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, 0x3, [@bcast, @default, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x40)
socket$unix(0x1, 0x2, 0x0)

3m39.350853214s ago: executing program 5 (id=4798):
r0 = syz_usb_connect$hid(0x1, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="1201000000000008700cb6f000000000000109022400010000000009040000010300020009"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000400)={0x2c, &(0x7f0000000280)={0x0, 0x21, 0x7, {0x7, 0x0, "3d7da32915"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

3m38.584338404s ago: executing program 3 (id=4802):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x3, 0x8, @loopback, 0xfffffffe}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x3c)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_128={{0x303}, "71601cb794b787dd", "561594d873ac3ce2000400", 'rK>>', "ee64a70000000288"}, 0x28)
sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)=[@ip_tos_int={{0x14, 0x11a, 0x1, 0x8}}], 0x18}, 0x0)

3m38.146507615s ago: executing program 3 (id=4807):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=ANY=[@ANYBLOB="6c00000010001fff109e00008000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000003f0000440012800b00010067656e6576650000340002800500030003000000060005004e20000005000400ab000000050009000100000005000a0001000000050009000100000008000a00", @ANYRES32=r3], 0x6c}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="300000001c000104000000000000000002000000", @ANYRES32=r3, @ANYBLOB="000014000a000100aaaaaaaeaaaa000008000f00010000003e11859a3351e595fc6522303ecd2fe0412ad5804dc9e8bde88de007f9ab798191cb7644fdb058e834a9b9d0"], 0x30}, 0x1, 0x0, 0x0, 0x20000}, 0x0)

3m37.784029806s ago: executing program 42 (id=4807):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=ANY=[@ANYBLOB="6c00000010001fff109e00008000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000003f0000440012800b00010067656e6576650000340002800500030003000000060005004e20000005000400ab000000050009000100000005000a0001000000050009000100000008000a00", @ANYRES32=r3], 0x6c}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="300000001c000104000000000000000002000000", @ANYRES32=r3, @ANYBLOB="000014000a000100aaaaaaaeaaaa000008000f00010000003e11859a3351e595fc6522303ecd2fe0412ad5804dc9e8bde88de007f9ab798191cb7644fdb058e834a9b9d0"], 0x30}, 0x1, 0x0, 0x0, 0x20000}, 0x0)

3m36.01618414s ago: executing program 5 (id=4817):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c6261636b67726f756e645f67633d6f6e2c6e6f757365725f78617474722c6e6f71756f74612c64697361626c655f726f6c6c5f666f72776172642c67635f6d657267652c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c646973636172645f756e69743d73656374696f6e2c636865636b706f696e743d64697361626c652c6e6f696e6c696e655f64656e7472792c00ec6da92d1c80a6c720380e3c2c55bf27596d2776ce408c4bb19b149757508e1c7e919c6c2047023baa412d14fa75c8cac6e5f103e13ea52708af0a7c5da8af4ecb6612"], 0x2, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
shmget$private(0x0, 0x2000, 0x800, &(0x7f0000ffd000/0x2000)=nil)
madvise(&(0x7f00001c1000/0x3000)=nil, 0x3000, 0x9)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r1, 0x0, 0x0)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, 0x0, 0x0)
sendto$inet(r1, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r2, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x4, 0x2}, 0xe)
setsockopt$bt_BT_RCVMTU(r2, 0x112, 0xd, 0x0, 0x0)
r3 = open(&(0x7f0000000580)='./bus\x00', 0x84242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r3, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x2, 0x5, 0x7, 0x3, 0x3, {0x400000080001, 0xff, 0x20ff, 0x8, 0xe, 0xd615, 0x9, 0x3, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x5, 0x2000001}}}}, 0xa0)
sendfile(r3, r3, &(0x7f0000000080), 0x7f03)
syz_open_dev$evdev(0x0, 0xfffffffffffffff9, 0x100)

3m30.325933878s ago: executing program 5 (id=4823):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000080)=0x61)
mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r0, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r0, 0x5008, 0x0)
r1 = syz_io_uring_setup(0x231, &(0x7f0000000180)={0x0, 0xdd68, 0x10100}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0})
io_uring_enter(r1, 0x7a98, 0x0, 0x0, 0x0, 0x0)
r4 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
timer_create(0x2, &(0x7f00000000c0)={0x0, 0x12, 0x0, @tid=r4}, &(0x7f00000001c0)=<r5=>0x0)
r6 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r7 = fcntl$dupfd(r6, 0x0, r6)
write$sndseq(r7, &(0x7f0000000180)=[{0x0, 0x47, 0x0, 0x0, @tick, {0x40, 0xff}, {0x10, 0x9}, @queue={0xee, {0x7, 0xc9a}}}, {0x0, 0x0, 0x0, 0x0, @tick=0x46f, {}, {0x80, 0x1}, @connect={{0x40, 0x7}, {0x80, 0xf6}}}], 0x38)
ioctl$SG_GET_PACK_ID(r7, 0x227c, &(0x7f0000000140))
timer_settime(r5, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0186405, &(0x7f0000000200)={0x9, 0x9, {r4}, {0xee01}, 0x8, 0x3})

3m26.59860589s ago: executing program 5 (id=4828):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = syz_io_uring_setup(0x95, &(0x7f0000000140)={0x0, 0x201, 0x0, 0x0, 0x3}, &(0x7f0000000240)=<r4=>0x0, &(0x7f0000000100))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
io_uring_enter(r3, 0x4536, 0x6aaf, 0x0, 0x0, 0x0)

3m25.585666098s ago: executing program 5 (id=4829):
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r0 = socket(0x400000000010, 0x3, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x4000)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x1f, 0x15, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x8}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x20000002}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0xa8}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
close(0x4)
unshare(0x6a040000)
r4 = socket(0x10, 0x3, 0xc0)
ioctl$sock_netrom_SIOCADDRT(r4, 0x61d1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
setsockopt$MRT_ADD_MFC(0xffffffffffffffff, 0x0, 0xcc, 0x0, 0x0)
r5 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r5, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
setsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x23, &(0x7f00000001c0)={@broadcast, @broadcast}, 0x8)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="300000001000010025bd7000f99cdf2500000000", @ANYRES32=0x0, @ANYBLOB="158804000300040008001b000000000008000d0002000000"], 0x30}, 0x1, 0x0, 0x0, 0x46801}, 0x24048080)
setsockopt$MRT_ADD_MFC_PROXY(r5, 0x0, 0xd2, &(0x7f0000000200)={@empty=0x1f, @multicast2=0xe000031f, 0x4, "ff00000058b274e6d845167fefe428970548fc3c7b00000000000000fcff00", 0xb2, 0x1ff, 0x6, 0x6}, 0x3c)
r7 = socket(0x1e, 0x4, 0x0)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000340)={'filter\x00', 0x4}, 0x68)
setsockopt$packet_tx_ring(r7, 0x10f, 0x87, 0x0, 0x0)

3m8.78615081s ago: executing program 43 (id=4829):
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r0 = socket(0x400000000010, 0x3, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x4000)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x1f, 0x15, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x8}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x20000002}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0xa8}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
close(0x4)
unshare(0x6a040000)
r4 = socket(0x10, 0x3, 0xc0)
ioctl$sock_netrom_SIOCADDRT(r4, 0x61d1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
setsockopt$MRT_ADD_MFC(0xffffffffffffffff, 0x0, 0xcc, 0x0, 0x0)
r5 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r5, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
setsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x23, &(0x7f00000001c0)={@broadcast, @broadcast}, 0x8)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="300000001000010025bd7000f99cdf2500000000", @ANYRES32=0x0, @ANYBLOB="158804000300040008001b000000000008000d0002000000"], 0x30}, 0x1, 0x0, 0x0, 0x46801}, 0x24048080)
setsockopt$MRT_ADD_MFC_PROXY(r5, 0x0, 0xd2, &(0x7f0000000200)={@empty=0x1f, @multicast2=0xe000031f, 0x4, "ff00000058b274e6d845167fefe428970548fc3c7b00000000000000fcff00", 0xb2, 0x1ff, 0x6, 0x6}, 0x3c)
r7 = socket(0x1e, 0x4, 0x0)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000340)={'filter\x00', 0x4}, 0x68)
setsockopt$packet_tx_ring(r7, 0x10f, 0x87, 0x0, 0x0)

1m17.236187097s ago: executing program 8 (id=5142):
prlimit64(0x0, 0xe, &(0x7f0000000480)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setpriority(0x0, r0, 0x5)
socket$inet6(0xa, 0x2, 0x3a)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_open_dev$vim2m(&(0x7f0000000080), 0x3fe, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f0000000040)={0x80000001, 0x1, 0x4})
ioctl$vim2m_VIDIOC_STREAMOFF(r3, 0x40045612, &(0x7f0000000240)=0x1)
ioctl$vim2m_VIDIOC_ENUM_FMT(r3, 0xc0405602, &(0x7f0000000380)={0x3ff, 0x1, 0x0, "eef1b7de005bd152f35ed734fc000000000000000000000000000000004000", 0x43353039})
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r4, 0x1, 0x3c, 0x0, 0x0)
sendto$inet(r4, 0x0, 0x0, 0xc806, 0x0, 0x0)
sendto$inet(r4, &(0x7f0000000100), 0x0, 0x4004084, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)

1m16.014218478s ago: executing program 8 (id=5144):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
sendmmsg$inet6(r0, 0x0, 0x0, 0x400c404)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0)
r2 = openat$cgroup_type(r1, &(0x7f0000000240), 0x2, 0x0)
write$cgroup_type(r2, &(0x7f0000000280), 0x9)
r3 = openat$cgroup_procs(r1, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0)
write$cgroup_pid(r3, 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r5, 0x400448cb, 0x0)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r6, &(0x7f0000000100)={0x1f, 0x4, @none, 0x0, 0x1}, 0xe)
getsockopt$bt_BT_RCVMTU(r6, 0x112, 0xf, 0x0, 0x0)
epoll_create1(0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x2, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f0000003ac0))
r7 = openat$cgroup_ro(r4, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r7, &(0x7f0000000200)=0x1, 0x12)

1m15.124490521s ago: executing program 8 (id=5146):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=ANY=[@ANYBLOB="6c00000010001fff109e00008000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000003f0000440012800b00010067656e6576650000340002800500030003000000060005004e20000005000400ab000000050009000100000005000a0001000000050009000100000008000a00", @ANYRES32=r3], 0x6c}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r4 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r4)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r5, @ANYBLOB="01"], 0x3c}}, 0x0)

1m14.637543173s ago: executing program 8 (id=5148):
socket$inet6_udp(0xa, 0x2, 0x0)
socket(0x2, 0x2, 0x1)
openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket(0x10, 0x803, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
socket$inet_udp(0x2, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0xf)
socket$packet(0x11, 0xa, 0x300)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$kcm(0x10, 0x2, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
socket(0x10, 0x803, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r0}, &(0x7f0000000840), &(0x7f0000000880)=r1}, 0x20)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r3=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000040)={r1, r3, 0x25, 0x2, @val=@netfilter={0x3, 0x1, 0x0, 0x1}}, 0x20)
syz_emit_ethernet(0x6a, &(0x7f00000004c0)={@link_local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x34}, @val={@void, {0x8100, 0x2, 0x1}}, {@mpls_mc={0x8848, {[], @ipv4=@gre={{0x5, 0x4, 0x0, 0x8, 0x58, 0x64, 0x0, 0x86, 0x2f, 0x0, @broadcast, @multicast2}, {{0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x880b, 0x0, 0x3}, {0x1}, {0x1}, {0x8, 0x88be, 0x1, {{0xd, 0x1, 0x7f, 0x0, 0x1, 0x1, 0x7, 0xc}, 0x1, {0x40}}}, {0x8, 0x22eb, 0x1, {{0x0, 0x2, 0x2, 0x0, 0x0, 0x2, 0x6, 0x1}, 0x2, {0x3, 0x3, 0x3, 0x5, 0x1, 0x1, 0x2, 0x1, 0x1}}}, {0x8, 0x6558, 0x2}}}}}}}, 0x0)

1m11.943987487s ago: executing program 8 (id=5151):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000000c0)='./bus\x00')
chdir(&(0x7f00000000c0)='./bus\x00')
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x80, 0x141)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0xc002, &(0x7f00000000c0), 0x1, 0x4b4, &(0x7f0000000780)="$eJzs3E9sFNUfAPDvbHdpgR8/KiIKoi6isdHYQkHh4AWjiQdMjHjQY9MWghRqaE2EECmJwaMh8W48evXgVb0ZTyZe8WhiSIjhAnhaM7sz7e52t//Y7oL7+SRL35t9s+99982bfTNvlwD6Vjn9J4n4X0TcjIidtWxjgXLtz707Vybv37kyGQuVyqm/k2q5u2k+k++3PcuMFCIKXyRNL1gzd+nyuYmZmemLWX5s/vwnY3OXLr969vzEmekz0xfGjx8/euTwsdfHX1t/UC3qS+O6u+/z2f173/noxruTxXz7UPa3Po5OKUe5VVOqXux0ZT22oy6dFHvYENZlICLS7ipVx//OGAidB/2iUqlUBts/vVBpdm3ZFuCRlUSvWwD0Rv5Bn17/5o8uTT0eCrdP1C6A0rjvZY/aM8UoZGVKTde3nTQUER8u/PNN+ohNug8BAFDvpxP5TLB5/leIPXXl/p+toQxHxGMRsSsiHo+I3RHxRES17JMR8VTT65cjorJC/eWm/PL5T+HWAwW4inT+90a2ttU4/8tnfzE8kOV2ROQT5ulD2XsyEqXB02dnpg+vUMfPb/3+VbvnynXzv/SR1p/PBbN23Co23aCbmpif2HDATW5fi9hXbI4/KUYkiysBSUTsjYh963jd4br02Ze/27+YKTWWWz3+qkrLdbQOLFVUvo14qdb/C9HQ/0s1JiuvT44Nxcz0obH0KDjUso5ff7v+Xrv6V43/hz+bd3n72I+nHjTsRWn/b6s7/iNfv12KfziJSBbXa+fWX8f1P75se02ztuP/asM+6fG/Jfmgmt6SbftsYn7+4uGILcnJ5dvHl/bN83n5NP6Rg63H/65sn/SdeDoi0oP4mYh4NiKey9p+ICKej4iDK8T/y5svfLzx+DdXGv9Uy/NfQ/8vrdfPncwTl9aaGDh34Ob9NiePtfX/0WpqJNvS+vyXNJwi1trADryFAAAA8NArRPW7/4XRxXShMDpauwe0O7YVZmbn5l85PfvphanabwSGo1TI73TV7geXkvz+53BdfrwpfyS7b/z1wNZqfnRydmaq18FDn9teHfPJsvGf+mug160DNp2f/ED/Wm3877nRpYYAXefzH/pX3fhfaFNkwTdl4L+p9ed/qevtALqv1fi/uoF9gEdLxViGvmb8Q/8qxvuL6UJPWwJ0m89/6Etr/xX/RhKVwdZPDcXywjG0Oc3Y2qKuniTSmVVPat+6kb3y/02hbZkorPY6xYZjbDCWlxmInvTFmT0dP/gr2XflO93U71cep/l0fRPeqO6ehwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADbLvwEAAP//cdfX0w==")
mount$overlay(0x0, 0x0, 0x0, 0x8, 0x0)
getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000)

1m9.751032331s ago: executing program 8 (id=5159):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(r0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008a}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/udp\x00')
read$FUSE(r3, &(0x7f00000061c0)={0x2020}, 0x2020)

54.360925644s ago: executing program 44 (id=5159):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(r0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008a}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/udp\x00')
read$FUSE(r3, &(0x7f00000061c0)={0x2020}, 0x2020)

21.036464414s ago: executing program 4 (id=5302):
prlimit64(0x0, 0xe, &(0x7f0000000480)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setpriority(0x0, r0, 0x5)
socket$inet6(0xa, 0x2, 0x3a)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_open_dev$vim2m(&(0x7f0000000080), 0x3fe, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f0000000040)={0x80000001, 0x1, 0x4})
ioctl$vim2m_VIDIOC_STREAMOFF(r3, 0x40045612, &(0x7f0000000240)=0x1)
ioctl$vim2m_VIDIOC_ENUM_FMT(r3, 0xc0405602, &(0x7f0000000380)={0x3ff, 0x1, 0x0, "eef1b7de005bd152f35ed734fc000000000000000000000000000000004000", 0x43353039})
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r4, 0x1, 0x3c, 0x0, 0x0)
sendto$inet(r4, 0x0, 0x0, 0xc806, 0x0, 0x0)
sendto$inet(r4, &(0x7f0000000100), 0x0, 0x4004084, 0x0, 0x0)

19.733319183s ago: executing program 4 (id=5306):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000540), 0xffffffffffffffff)
r2 = gettid()
sched_getattr(r2, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000600)={'wpan3\x00', <r3=>0x0})
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000640)='ns/mnt\x00')
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r0, &(0x7f0000000740)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x38, r1, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@NL802154_ATTR_PID={0x8, 0x1c, r2}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_NETNS_FD={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0xc0}, 0x8c0)

19.439661411s ago: executing program 4 (id=5308):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000140)={0x9, 0x1fc, 0x9})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0xfa, 0x100})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000240)={0x2, 0x5, 0x40003})
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x20400)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000340)={0xda2, 0x8166, 0x7})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000004c0)={0x200, 0x1fb, 0x9})
r5 = syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000340)={0x8, 0x8169, 0x6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000280)={0x40, 0x403, 0xc})
dup(r2)
close_range(r0, 0xffffffffffffffff, 0x0)

19.022129991s ago: executing program 4 (id=5310):
socket$inet6_sctp(0xa, 0x1e2f0b614224e8f8, 0x84)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB], 0x7c}}, 0x4)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
setrlimit(0x8, &(0x7f0000000080))
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000000)
r0 = openat$vim2m(0xffffff9c, &(0x7f0000000b00), 0x2, 0x0)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc0f8565c, &(0x7f0000000000)={0x0, 0xbd5, 0x2, {0x2, @raw_data="f91fd2868ba3d9189024fc40809db9e19479c0b5fce2c721330d5771dbf9dbfa9e2ad24622489141b4803cfeb0b70909e75715a13fada32fef53473eb9ce014fbe3929ea41fdeb0ff177dfb9d3227f213a6451b667d35b03b25618d20cea1f072990b86d463a0de7513744a2bb3bf4fb6049e30f7c533837beba9566c9fd8721c48fad424a5fb17bc1419fb85e5e7dce382ba5a1ce182b419becd67c18f0ba055b8d72225df5a5e7917f8a87a52b8c2516745c462e944b0c22a7e71ecf492a0ef916598abba0e732"}})
ioctl$TUNSETSTEERINGEBPF(0xffffffffffffffff, 0x800454e0, 0x0)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/diskstats\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x106f)

17.923935971s ago: executing program 4 (id=5316):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = openat$ppp(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000300)={0xa, 0x3, 0x8, @loopback, 0xfffffffe}, 0x1c)
r2 = getpgrp(0xffffffffffffffff)
sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
semop(0x0, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000540), 0x3c)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_128={{0x303}, "71601cb794b787dd", "561594d873ac3ce2000400", 'rK>>', "ee64a70000000288"}, 0x28)
sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)=[@ip_tos_int={{0x14, 0x11a, 0x1, 0x8}}], 0x18}, 0x0)

15.814610938s ago: executing program 4 (id=5319):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
bind$can_raw(r0, &(0x7f0000000000), 0x10)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})

14.613095382s ago: executing program 0 (id=5327):
socket$inet6_sctp(0xa, 0x1e2f0b614224e8f8, 0x84)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB], 0x7c}}, 0x4)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
setrlimit(0x8, &(0x7f0000000080))
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000000)
r0 = openat$vim2m(0xffffff9c, &(0x7f0000000b00), 0x2, 0x0)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc0f8565c, &(0x7f0000000000)={0x0, 0xbd5, 0x2, {0x2, @raw_data="f91fd2868ba3d9189024fc40809db9e19479c0b5fce2c721330d5771dbf9dbfa9e2ad24622489141b4803cfeb0b70909e75715a13fada32fef53473eb9ce014fbe3929ea41fdeb0ff177dfb9d3227f213a6451b667d35b03b25618d20cea1f072990b86d463a0de7513744a2bb3bf4fb6049e30f7c533837beba9566c9fd8721c48fad424a5fb17bc1419fb85e5e7dce382ba5a1ce182b419becd67c18f0ba055b8d72225df5a5e7917f8a87a52b8c2516745c462e944b0c22a7e71ecf492a0ef916598abba0e732"}})
ioctl$TUNSETSTEERINGEBPF(0xffffffffffffffff, 0x800454e0, 0x0)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/diskstats\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x106f)

14.611840823s ago: executing program 1 (id=5328):
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000000c0)={{0xffffffffffffffff, <r0=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)='%pI4   \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000100)={r0}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x10, &(0x7f00000005c0)=@framed={{}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x54}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

14.074548905s ago: executing program 1 (id=5329):
syz_emit_ethernet(0xbe, &(0x7f00000007c0)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaabb88fb450000b0000000041011907864010101ac1e000100004e20009c90780100000000000000bdb8f55dd35fa782f8feb7ac12080de2ff8a3fc6f24fefaeb21dc30a783173a307e1f1a94a61fca666f982fc264581888c29d5916bbaf31c37082ee0fcff63afac478cbc5e7112b599235703ed03535c4878337652621f3f6e20f6bff2698850a739f8b0c1afe0b6bcb5bd4d88ac3f052e8a63f87110bf857853530b285b9248b8359c0c2403987c7a879038"], 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x16, 0x0, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00'})
r2 = socket(0x1, 0x803, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080))
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="7fff0000000000002800128009000100766c616e000000001800028006000100340200000c0002001f0000001e00", @ANYRES32=r3], 0x50}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
socket(0x1, 0x803, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=ANY=[@ANYBLOB="500000001000210400000000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="adffa888e16000002800128009000100766c616e00000000180002800c0002000e0000000a000000060001000001000008000500", @ANYRES32], 0x50}}, 0x2)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'veth1_to_hsr\x00', <r6=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r6}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)

13.980543083s ago: executing program 6 (id=5197):
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0xffffffffffffffcf)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x15, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
syz_mount_image$udf(&(0x7f0000000040), &(0x7f0000000480)='./file0\x00', 0x201800a, &(0x7f0000000600)=ANY=[@ANYRES32=0x0, @ANYBLOB="2f93edc77863113d68e33456dfe3c025878b46bc73df14f991a8f7a341a10f44c05fc1c37ad71b0239a18733e7436f3b54758b4ce59af971d50e53c14277216c0bba6ad052fa7a6d77f0b19c8b2381abc46dfa7e4bc6c37bbab3f908f48d7e280000457c5d503502300a69dc517cc0bc8ffa95d19ae4c120c512eceffbf3fc154e4ba08f2497b14e95cfdef19a2c44e453a0cfffbf23e5bf1e872ee040a582eda3d84714e82dde4c02836c5f66775f4df1bdcfbc28eb5ced2b332944d3ab2b9efe3cbb2111fe00000000000007000000000000009a9806dfda05ded85abecf8ff53f90b92fe6ecf8e7590fc47713eda26e0f0100023baaf2bee27029d124e712acca24ddc3f67cdc22e1b9c6cfc724a6f43505a958995505a92ad815bbf46a90bda3e64161f02f1c57fc913e78298dd4c5097fd37297508a99d91ea1de524ba62d5b386c32357aac522ffda551af6704c1a5cc7800c31b73df6916532e20a89df39e21239db55bd7e20f8a00c056f3b34b842abfd95ebcfa1eeee17ad811a4989bc0ff5d4010ad569fd1858c5e728b43769f185e8ab525c16025cd100000002d07741d537a759230293ee6885653ef1441faf18fd75857339aa5ac134f4ff77968eb142f32fed0bfb746a220e09f5cde9a944daf07ee41ee6691e0e2d41ee5ab5d9466216e1c725fd4b9a9cd64c2bb2cb64487be59e62dcf5b4327d8f27f0c03db1fa1c68821a31633f5bb575ad18dea46fd4737f1b135c7c9bf"], 0xfe, 0x4b1, &(0x7f0000001d00)="$eJzs201sVNUbx/HfM3c6TIf+/5YXCxgCTTSxgkBfsEBqYnix0YQXLVQj8SWVTrHSdkinKCUgLNWdC5Yu3bpwZdwaEpfGhcEYFibIxs2sxB3m3LlvM5TOjG1nKP1+CJx7zzx3OOc8c+ecM5kRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQjrx6uLfPWt0KAADQTCdPj/QOMP8DALCmnGH/DwAAsJaYPP0u054LJTvhn5dlj0/OXLo8emx44cvaTaaUPD/e/c329Q/sf2nwwMGwXPz65bZNp06fOdx9tDB9cTZfLObHu0dnJs8VxvN1P8NSr6+2yx+A7ukLl8YnJord/XsHKh6+3Hlv3fquzqHB945mwtjRY8PDpxMx6bb//L8/5FEr/Iw8vSDTx99/ayclpbT0sajx2llp7X4ndvmdGD027HdkanJsZs49aKkgKlU5JplwjJqQiyVJSa5dllmePVubPP0g05F9JTslyQvHYbf/wXBd7WmFtNu6SurRKsjZY2ydPH0g0619nXojGFc//xnpaqsbhxWXDu7/gpXsTf/9wN1P7m3z+Fvdr89MFBKxlgruqNU+PzTTY/7elJWnU/4dX7IR7Wx1c9Bk7fI0LVPmq0/8dYX8delTQwd27DyUXGFsqfE8LnZvcHPVMye3BUsHS7k/y98v1Cdrnv6U6f5vWf+8J5wDpBsPFrvwj6Y0DyvNPE3J9M+1klnVvtRL7O8jq33uX9n2t2ePFi7Oz06e/2huwcdz2cMfFudmx84t/HB57+ola2rtY6ulGtuS5ay84/v801J0XbAH+F/5LG7NN1fj10JPVRlKvn7qOa57F9vAOsq1yczTXZkm3t9anmeUa3hs1gKX/2GZiqWfLcx0kP90+SyR/5fj8ctaZRnxc/v/8uda4Vpi29nNj6pfify7Nrn8vyPTkb+3Bp9plPPvVcW6uC6Z3r25PYhLZVxcOuxO+RknJqfyvS72gUwbfwpj5cfmgthNcWyfiy3K9MWtytj1QezmOLbfxd6W6c6vC8c+HccOuNh5l6873WFszsXuCGK74ti95wpT47WG1eW/X6a3r79mYZ8fmf/E/X+jqow8lPPFj5cr/52JuhtBXs8G+U/XyP+XMs3/tT3stz/24ctqg/9vnH+3Vv7uZmVsuKHcGMf21dutVnP53yDTvVduR30O+hacxhlK5v+ZdGUZjWuL8r8hUdcZtCvT4FisRcX5KxfGpqbysxxwwAEH0UGr35nQDG7+H3Gz+qBn4TommP87ymfxiun+Z/H8P1RVRlo0/29M1A0Fq5a2tJSdm77YtkXKFuev7JmcHjufP5+fGdg/2Nt/aH/vwMG2TLi4i4/qHrsngcv/bpmu/fhLtI+pXP8tvP7PVZWRFuV/U7JPFeuauodiTXL575Bp8O7taL+52Po/3P/3PFtZRvdfi/K/OVHXGbSro8GxAAAAAAAAAAAAAAAAAIDVJGeenpPp8siLFv6GqJ7v/41XlZHl//5X+YfJNb7/1ZWoG2/S7xoaGmgAAAAAAAAAAIAmScnT1zI9r5JddxUd0olkiSfavwEAAP//G6xIAA==")
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f00000002c0)=@file={0x1, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x6e)

13.580069709s ago: executing program 6 (id=5330):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = openat$ppp(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000300)={0xa, 0x3, 0x8, @loopback, 0xfffffffe}, 0x1c)
r2 = getpgrp(0xffffffffffffffff)
sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
semop(0x0, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000540), 0x3c)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_128={{0x303}, "71601cb794b787dd", "561594d873ac3ce2000400", 'rK>>', "ee64a70000000288"}, 0x28)
sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)=[@ip_tos_int={{0x14, 0x11a, 0x1, 0x8}}], 0x18}, 0x0)

13.275158458s ago: executing program 0 (id=5331):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}}}, 0x24}}, 0x20040084)
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001300)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0xfff1, 0xa}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x20, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x4}]}}, @TCA_BPF_CLASSID={0x8, 0x3, {0x4, 0xd}}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8849}, 0x20004804)

12.15319935s ago: executing program 1 (id=5332):
bpf$MAP_CREATE(0x0, &(0x7f0000000fc0)=@base={0x7, 0x4, 0x18, 0xa042, 0x0, 0xffffffffffffffff, 0xfffffffb}, 0x50)

11.356066919s ago: executing program 6 (id=5333):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c6261636b67726f756e645f67633d6f6e2c6e6f757365725f78617474722c6e6f71756f74612c64697361626c655f726f6c6c5f666f72776172642c67635f6d657267652c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c646973636172645f756e69743d73656374696f6e2c636865636b706f696e743d64697361626c652c6e6f696e6c696e655f64656e7472792c00ec6da92d1c80a6c720380e3c2c55bf27596d2776ce408c4bb19b149757508e1c7e919c6c2047023baa412d14fa75c8cac6e5f103e13ea52708af0a7c5da8af4ecb6612"], 0x2, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
shmget$private(0x0, 0x2000, 0x800, &(0x7f0000ffd000/0x2000)=nil)
madvise(&(0x7f00001c1000/0x3000)=nil, 0x3000, 0x9)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, 0x0, 0x0)
sendto$inet(r1, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r2, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x4, 0x2}, 0xe)
setsockopt$bt_BT_RCVMTU(r2, 0x112, 0xd, 0x0, 0x0)
r3 = open(&(0x7f0000000580)='./bus\x00', 0x84242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r3, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x2, 0x5, 0x7, 0x3, 0x3, {0x400000080001, 0xff, 0x20ff, 0x8, 0xe, 0xd615, 0x9, 0x3, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x5, 0x2000001}}}}, 0xa0)
sendfile(r3, r3, &(0x7f0000000080), 0x7f03)
syz_open_dev$evdev(0x0, 0xfffffffffffffff9, 0x100)
prlimit64(0x0, 0xe, &(0x7f00000004c0)={0x7, 0x800000000000008a}, 0x0)

11.328687278s ago: executing program 7 (id=5334):
ioctl$sock_TIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x48000)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="d80000001b00010000000000fdfffffffc000000000000000000000000000000200100000000000000000000000000004e240000000000010000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000ffffffffffffff7ffcffffffffffffff04000000000000000000000000000000fdffffffffffffff00000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000006fcffff00000000000003000000000000000000000000000c0008"], 0xd8}}, 0x20008004)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'bond0\x00', <r1=>0x0})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'gretap0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="400d0000000000003000128008000100687372002400028008000200", @ANYRES32=r2, @ANYBLOB='\b\x00', @ANYRES32=r1], 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x8000)

10.869516745s ago: executing program 1 (id=5335):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0), 0x4)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r0, &(0x7f00000030c0)=[{{0x0, 0x0, &(0x7f0000000880)=[{0x0}], 0x1}}], 0x1, 0x4)
shutdown(r0, 0x1)

10.460778663s ago: executing program 0 (id=5336):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x90)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

10.426202188s ago: executing program 1 (id=5337):
socket$inet6(0xa, 0x3, 0x3c)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a0000070800023ff90000020900010073797a31000000002c000000030a010100000000000000000a00000709000100"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x4000810)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0x15, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
ioctl$int_out(r1, 0x0, &(0x7f0000000040))
openat$6lowpan_control(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, 0x0, 0x1c3902, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFC_CMD_LLC_SET_PARAMS(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001fc0)={0x0}, 0x1, 0x0, 0x0, 0x24000045}, 0x5081)
sendfile(r3, r3, 0x0, 0x200900)
syz_extract_tcp_res(&(0x7f0000000580)={<r4=>0x41424344}, 0x8147, 0x200)
syz_extract_tcp_res(&(0x7f00000005c0)={<r5=>0x41424344}, 0xff, 0x1)
syz_emit_ethernet(0x54, &(0x7f0000000600)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x18, 0x46, 0x64, 0x0, 0x55, 0x6, 0x0, @dev={0xac, 0x14, 0x14, 0x44}, @initdev={0xac, 0x1e, 0x0, 0x0}}, {{0x4e21, 0x4e22, r4, r5, 0x0, 0x0, 0x7, 0x10, 0xfffd, 0x0, 0x4, {[@exp_smc={0xfe, 0x6}]}}, {"a9584fad2efd778020b2854d8d74836df7d1639e4774"}}}}}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0x64, 0x30, 0xb, 0x0, 0x0, {}, [{0x50, 0x1, [@m_ct={0x4c, 0x1, 0x0, 0x0, {{0x7}, {0x24, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ACTION={0x6, 0x3, 0x9}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0)

10.160526173s ago: executing program 0 (id=5338):
write$tun(0xffffffffffffffff, &(0x7f00000006c0)={@val={0x0, 0x86dd}, @val={0xc5dd52d410861fde, 0x0, 0x12}, @mpls={[], @ipv6=@generic={0x3, 0x6, "b9e7a9", 0x0, 0x0, 0x1, @private2={0xfc, 0x2, '\x00', 0x1}, @mcast2}}}, 0x36)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000004c80)=[{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000940)="1beb41ea4ea9ca354f167d9eaee7dc35eca218b865688d79fe31cbe00d190c853bfe6a22bd7dec0023aa0e038d07000040e37e00f7dd3afafdbc70e1b5928033df5e82fd76f31e8b29a0f05c2cef56f56cd0330dc984004f220b7dcb23a05d530df65691cf6a3cceb7a97c673856f552ded9530b52fe6d1e662090d2802233ec1adca9eaab9dd6f04b2717ed1552cf46dc28cd3fbf1ec1eaedd80d1da838a00a1e229ce16d2c1a411be06f715e8b6aa7552800d5282e4e0bf3eaf55a60da25", 0xbf}, {&(0x7f0000000a40)="a768e2d00ec5757e8f5f433f84c63a269953b038d5817617556310f9ee538468ee62c0d68b6b9fe9ade83c789bd66faf569fc7fbddfc2f6e4275c1df15f3a83eaa316135a25fe4533b1ca0ef0e263cab2f2549bb9e6b5695cbd3dfb61276f7bdee6ed41c81fab79a89034ceb07d274f93dbc4f59593d761520ba31b64e0a2ab5e78fb3667f84e7e29131ec5d39d6eb916df6133993516eaf9ae557d97dc044a88fb00065cb052a6cce15", 0xaa}, {&(0x7f0000000b00)="2112f3980a4c0902dcb1918da23fb18a9d89c4f0793b7c45b722417a6401d606e033776833d550074c2b667b4e127ea79880d00aeee8d16ca6f011603c22355681cd2e9d0d8a2fea2e9b525389d2e7b95aa129fef95245bffd1ccc58bb9ca56a50cd0b4da05e78cc4aef1e9157a66caefb0ba968710bfbc7baabaa3b06bf6e5fe4fe8ebcbc81a4dbda4b1b65ea2d852cda4881d7ceda7dcbef58471a951ca1851b50dd9276e0ab06fa0e23d023766294c911bff4e6d33acdd316322f4d5a1a4eb5ae51e511f2923f3318d83b9b438b20e0560a4834edb911911c7b557e37e94f6f0a2f1d291ae3049df23212a4b50eeb9c9a0901e8804d", 0xf7}], 0x3, &(0x7f0000000340)=[@assoc={0x18, 0x117, 0x4, 0x7}], 0x18, 0x4004090}, {0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000540)="d21e61c0af08368aedabcf6e445f1ca30a2f37d1f6d14042afeb21e49b0da7fd9f0940cf59647c14b7e6f19ac068f3a0920aed0a27cdd22c711855b5fb9f81ba75787a21c891067a458e010b16fa7d60083beff49c0ad28591", 0x59}, {&(0x7f0000000c00)="11bc0436f24447912dce9afd07fe935ecc6bd5eda7c7802f23cc14c83af658aba7129a55512896099992c8d02253e12016902434d12855df0a9b30e55e8f6259b106445aab46f952998eb7f8da0bad476b3c282f94edbd9aec43c836f227ecbc81a2e8dffb14b537cab2cd95a1351f3cdc2b6343f3521eb5638b256c10f93d4465c51329e7aed07efa4bdabe7b511b77df3e3cba7eac72df9b66860cf3b41a664167c6975937e78a75aa6ca347638a9eb31c60880c389de6a8919a67", 0xbc}, {&(0x7f0000000cc0)="a659d6cd13b743c3883fa66b26998868e129449c58fe04d445f9c63392ec1473c4e34a11a18e0fa2c3ff1fefe4200a23a2befe7c334b021bbad3522f8f3f36083d885cb29fa1829ff0caa3eb06fcfa1cc00d19092f9d6d93590fd4671bce11ec7b2f3912c5fe0804a2647a4de1f6d804e2da914136a7a4b169f152ec6af9204c3465d58e410029e4f28574ebfef1ac2fc1d17d5133793c9e9fbe4889c2a1427cb84332f6d4dad0f47d084b27c6c5afe46d605c7c33fa61fee2bdf78c16167904fab9a81bbb8a0ee73a56e9a67549a2701def6cc0224db8d147e08f15ec7d6f38efb1ad1253", 0xe5}], 0x3, 0x0, 0x0, 0x1}, {0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000e40)="c4ae7c0462b7d5d0f701a4979574ff8a5d74bf45c9e878972a42062f9b70e92f76ed2c49e2e8a043016efca580e1e24cbf53ef2fdb0d3810e8359c20b3938b1cb8574e51adc3cac209dd1c3b0fa44d9ca5ffbccfd95395", 0x57}, {&(0x7f0000000ec0)="9af11ddfb8ceb516a838dd3cedbe8ce91e02bfabade423d9a4d0ec122b7037a6bffa4c8dff825b4bb6af22c579faf7cd32f8fa2c632ee236967cf01e81fd58fa7de7dc69417ed5b34378c0cecc6e594591c035a1492419209e9b5aff174a1d1462bd1e5a8b80fbb1ce5c906a977485c7ae6af8991a8adedcede4e0eef2d587cf0504acfc212433c76b69460a6bd59788eff72bb7a32bdadca740aa47e60fc2210d5d4a9547afe26196f225cc9ddde32a2df9cccd74a4ba07a2ce22171a60f564119ed5d9dac59d865c6e1547e2c472e9bd574b1250286c316bd8bcc28407ca", 0xdf}, {&(0x7f0000000fc0)="26166583e37c8b7d00ab5146a77c416387ef936b5c5d71546721b5fe2369b8b7009262933b2d3280235aff09fc6b0d14ad0d2336b4f21ed53375838ff7f6c567b372b0124a5f1bc6ca1eef4cfdfe8e97b9cadc99cc2a870d680138b4bfe181d8181ce0e924e85ef677049d765a870450b00b1adda0d57413a2acb1d18236df1ea69ffd649198fe0b3bc101341dc23159730ef95cea61efc0cfb62cfef01920dd16c9d37367c185c0b2346dcd9e", 0xad}], 0x3, 0x0, 0x0, 0x84090}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x538833554ef99d02}], 0x4, 0x4004000)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

10.130328689s ago: executing program 7 (id=5339):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000b80)={&(0x7f0000000c80)=ANY=[@ANYBLOB="5c0000000201010200000000000000000a0008000c00198008000100030000003c0001802c00018014000300ff010000000000000000000000000001140004"], 0x5c}, 0x1, 0x0, 0x0, 0x20000000}, 0x14)

8.357978003s ago: executing program 9 (id=5341):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$inet(0x2, 0x3, 0x4)
setsockopt$inet_opts(r3, 0x0, 0x4, &(0x7f0000000400)="8907040400", 0x5)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000000c0)='xfrm0\x00', 0x10)
connect$inet(r3, &(0x7f0000000080)={0x2, 0x4e20, @private=0xa010100}, 0x10)
sendmmsg$inet(r3, &(0x7f0000000f40)=[{{&(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10, 0x0}}], 0x68000, 0x0)

5.908047814s ago: executing program 7 (id=5342):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_HEADER(r0, 0x0, 0x8010)

5.700921876s ago: executing program 6 (id=5343):
socket$inet6_sctp(0xa, 0x1e2f0b614224e8f8, 0x84)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB], 0x7c}}, 0x4)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
setrlimit(0x8, &(0x7f0000000080))
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000000)
r0 = openat$vim2m(0xffffff9c, &(0x7f0000000b00), 0x2, 0x0)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc0f8565c, &(0x7f0000000000)={0x0, 0xbd5, 0x2, {0x2, @raw_data="f91fd2868ba3d9189024fc40809db9e19479c0b5fce2c721330d5771dbf9dbfa9e2ad24622489141b4803cfeb0b70909e75715a13fada32fef53473eb9ce014fbe3929ea41fdeb0ff177dfb9d3227f213a6451b667d35b03b25618d20cea1f072990b86d463a0de7513744a2bb3bf4fb6049e30f7c533837beba9566c9fd8721c48fad424a5fb17bc1419fb85e5e7dce382ba5a1ce182b419becd67c18f0ba055b8d72225df5a5e7917f8a87a52b8c2516745c462e944b0c22a7e71ecf492a0ef916598abba0e732"}})
ioctl$TUNSETSTEERINGEBPF(0xffffffffffffffff, 0x800454e0, 0x0)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/diskstats\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x106f)

5.04755899s ago: executing program 7 (id=5344):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000002200)=""/260, 0x104}, {&(0x7f0000000600)=""/245, 0xf5}, {&(0x7f0000004340)=""/4070, 0xfe6}, {&(0x7f00000009c0)=""/219, 0xdb}, {&(0x7f0000000500)=""/235, 0xeb}, {&(0x7f0000001f00)=""/203, 0xcb}, {&(0x7f0000000240)=""/166, 0xa6}, {&(0x7f0000000300)=""/205, 0xcd}, {&(0x7f00000000c0)=""/26, 0x1a}, {&(0x7f00000007c0)=""/158, 0x9e}, {&(0x7f0000000140)=""/95, 0x5f}, {&(0x7f0000000440)=""/53, 0x35}, {&(0x7f0000000700)=""/135, 0x87}], 0xd}, 0x40002100)

4.799400559s ago: executing program 9 (id=5345):
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0xffffffffffffffcf)
syz_mount_image$udf(&(0x7f0000000040), &(0x7f0000000480)='./file0\x00', 0x201800a, &(0x7f0000000600)=ANY=[@ANYRES32=0x0, @ANYBLOB="2f93edc77863113d68e33456dfe3c025878b46bc73df14f991a8f7a341a10f44c05fc1c37ad71b0239a18733e7436f3b54758b4ce59af971d50e53c14277216c0bba6ad052fa7a6d77f0b19c8b2381abc46dfa7e4bc6c37bbab3f908f48d7e280000457c5d503502300a69dc517cc0bc8ffa95d19ae4c120c512eceffbf3fc154e4ba08f2497b14e95cfdef19a2c44e453a0cfffbf23e5bf1e872ee040a582eda3d84714e82dde4c02836c5f66775f4df1bdcfbc28eb5ced2b332944d3ab2b9efe3cbb2111fe00000000000007000000000000009a9806dfda05ded85abecf8ff53f90b92fe6ecf8e7590fc47713eda26e0f0100023baaf2bee27029d124e712acca24ddc3f67cdc22e1b9c6cfc724a6f43505a958995505a92ad815bbf46a90bda3e64161f02f1c57fc913e78298dd4c5097fd37297508a99d91ea1de524ba62d5b386c32357aac522ffda551af6704c1a5cc7800c31b73df6916532e20a89df39e21239db55bd7e20f8a00c056f3b34b842abfd95ebcfa1eeee17ad811a4989bc0ff5d4010ad569fd1858c5e728b43769f185e8ab525c16025cd100000002d07741d537a759230293ee6885653ef1441faf18fd75857339aa5ac134f4ff77968eb142f32fed0bfb746a220e09f5cde9a944daf07ee41ee6691e0e2d41ee5ab5d9466216e1c725fd4b9a9cd64c2bb2cb64487be59e62dcf5b4327d8f27f0c03db1fa1c68821a31633f5bb575ad18dea46fd4737f1b135c7c9bf"], 0xfe, 0x4b1, &(0x7f0000001d00)="$eJzs201sVNUbx/HfM3c6TIf+/5YXCxgCTTSxgkBfsEBqYnix0YQXLVQj8SWVTrHSdkinKCUgLNWdC5Yu3bpwZdwaEpfGhcEYFibIxs2sxB3m3LlvM5TOjG1nKP1+CJx7zzx3OOc8c+ecM5kRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQjrx6uLfPWt0KAADQTCdPj/QOMP8DALCmnGH/DwAAsJaYPP0u054LJTvhn5dlj0/OXLo8emx44cvaTaaUPD/e/c329Q/sf2nwwMGwXPz65bZNp06fOdx9tDB9cTZfLObHu0dnJs8VxvN1P8NSr6+2yx+A7ukLl8YnJord/XsHKh6+3Hlv3fquzqHB945mwtjRY8PDpxMx6bb//L8/5FEr/Iw8vSDTx99/ayclpbT0sajx2llp7X4ndvmdGD027HdkanJsZs49aKkgKlU5JplwjJqQiyVJSa5dllmePVubPP0g05F9JTslyQvHYbf/wXBd7WmFtNu6SurRKsjZY2ydPH0g0619nXojGFc//xnpaqsbhxWXDu7/gpXsTf/9wN1P7m3z+Fvdr89MFBKxlgruqNU+PzTTY/7elJWnU/4dX7IR7Wx1c9Bk7fI0LVPmq0/8dYX8delTQwd27DyUXGFsqfE8LnZvcHPVMye3BUsHS7k/y98v1Cdrnv6U6f5vWf+8J5wDpBsPFrvwj6Y0DyvNPE3J9M+1klnVvtRL7O8jq33uX9n2t2ePFi7Oz06e/2huwcdz2cMfFudmx84t/HB57+ola2rtY6ulGtuS5ay84/v801J0XbAH+F/5LG7NN1fj10JPVRlKvn7qOa57F9vAOsq1yczTXZkm3t9anmeUa3hs1gKX/2GZiqWfLcx0kP90+SyR/5fj8ctaZRnxc/v/8uda4Vpi29nNj6pfify7Nrn8vyPTkb+3Bp9plPPvVcW6uC6Z3r25PYhLZVxcOuxO+RknJqfyvS72gUwbfwpj5cfmgthNcWyfiy3K9MWtytj1QezmOLbfxd6W6c6vC8c+HccOuNh5l6873WFszsXuCGK74ti95wpT47WG1eW/X6a3r79mYZ8fmf/E/X+jqow8lPPFj5cr/52JuhtBXs8G+U/XyP+XMs3/tT3stz/24ctqg/9vnH+3Vv7uZmVsuKHcGMf21dutVnP53yDTvVduR30O+hacxhlK5v+ZdGUZjWuL8r8hUdcZtCvT4FisRcX5KxfGpqbysxxwwAEH0UGr35nQDG7+H3Gz+qBn4TommP87ymfxiun+Z/H8P1RVRlo0/29M1A0Fq5a2tJSdm77YtkXKFuev7JmcHjufP5+fGdg/2Nt/aH/vwMG2TLi4i4/qHrsngcv/bpmu/fhLtI+pXP8tvP7PVZWRFuV/U7JPFeuauodiTXL575Bp8O7taL+52Po/3P/3PFtZRvdfi/K/OVHXGbSro8GxAAAAAAAAAAAAAAAAAIDVJGeenpPp8siLFv6GqJ7v/41XlZHl//5X+YfJNb7/1ZWoG2/S7xoaGmgAAAAAAAAAAIAmScnT1zI9r5JddxUd0olkiSfavwEAAP//G6xIAA==")
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f00000002c0)=@file={0x1, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x6e)

3.561091481s ago: executing program 6 (id=5346):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = openat$ppp(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000300)={0xa, 0x3, 0x8, @loopback, 0xfffffffe}, 0x1c)
r2 = getpgrp(0xffffffffffffffff)
sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
semop(0x0, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000540), 0x3c)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_128={{0x303}, "71601cb794b787dd", "561594d873ac3ce2000400", 'rK>>', "ee64a70000000288"}, 0x28)
sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)=[@ip_tos_int={{0x14, 0x11a, 0x1, 0x8}}], 0x18}, 0x0)

3.426918361s ago: executing program 9 (id=5347):
bpf$MAP_CREATE(0x0, 0x0, 0x0)

3.176088919s ago: executing program 9 (id=5348):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="fc0000001900010029bd7000fbdbdf25ff010000060000800000000000000001fe8000000000000000000000000000bb000000000000000002", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000004000000000000000000000000000000000000000000000000000000000000000200000000000000fdffffffffffffff000000000000000000000000000000000500000000000000000000000020000000000000000000000000000000000000010002000000000044000500fe800000000000000000000000000044000004d42b0000000a000000e00000010000000000000000000000000000000004"], 0xfc}, 0x1, 0x0, 0x0, 0x24008040}, 0x0)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), r2)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={0x0}}, 0x0)
sendto$packet(r1, &(0x7f0000000400), 0x0, 0x40880, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000300)=0x14)
sendmmsg$inet(r0, &(0x7f0000004d00), 0x7fffffffffffd33, 0x20000890)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000008300), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, 0x0)
syz_fuse_handle_req(r3, &(0x7f00000021c0), 0x2000, &(0x7f00000041c0)={&(0x7f0000000080)={0x50, 0x0, 0x0, {0x7, 0x29, 0x7, 0x12510421, 0x0, 0xc, 0x1, 0x56, 0x0, 0x0, 0x2}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000280)=[@in={0x2, 0x4e21, @loopback}], 0x10)
sendmsg$inet_sctp(r4, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000000)="fd", 0x1}], 0x1, 0x0, 0x0, 0x804c044}, 0x881)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MTU={0x8, 0x4, 0x44}, @IFLA_GROUP={0x8}]}, 0x30}}, 0xc000)
r6 = dup(r4)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x106, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r6, &(0x7f0000000180)={0x4, 0xffffff95, 0xfa00, {0xffffffffffffffff, 0x4}}, 0x29fdf)

1.493676853s ago: executing program 6 (id=5349):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)=',8Zz', 0x4)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x3, 0x16, &(0x7f0000000280)=ANY=[@ANYBLOB="7912b8000000000061138c0000000000bf2000000000000015000000080063033d030100000000009500003a000000006916000000000000bf6700000000000066060500fcff03006706000002000000760300000ee60060bf050000000000003c6500bf000000006507f9ff01000000070700004cdfffff1e75040000000000bf54000000000000070400000400f9ffad43010000000000d5000000000000000500000000000000950000000000000032410000000000000054bb12dc8c27df8ecfc7bdd2d17f2f1754558f22dd399703d6c4f6f3be0b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf7a13ba1fcf1111ce4fc0d742a81762bab8395fa64810b5b40d893ea8fe0ffffff7f1b546cad3f1d5af65706fd4f68795cce6cf16ab689b555202da2e0ec2871a51445dc8da39e5b0ab71ca9b901627b562ed84b026002d4519af619e3cca4d69e0dee080006774a8f3e691700ec88158f02001b0000c81c8b297dff0445a13d0045fb3cda32a673a6bb55d8c80800dce431e56723888fb126a1403d2b63f16fb2ad9bc117aba7cbebe174aba210d739a018f9bbec63222d20cedbc4d03723f1c932b3a6aa57f1ad2e99e0e67a993716d20000009f0f53acbb40b401e3738270b3156268784f2af9e4bcf8b07a10d6735154be1602f9dd1d7d4301e00000000000460bcc5989ec85e3cbcb6bcfaf0000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d0861cd64722cf74686ebfbe2562671cd47840f81d2a8f8f9be3bcd19dc6840aa7afaab43176e65ec1118d50d1e827f3472f4445d253887a5ad103649afa17690884f800031e03a651bb96589a7eab049b1bd47287cd31cc43ea0ffb567b40407d000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000700)={&(0x7f00000004c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000017000000540006803c00040067636d286165732900000000000000000000000000000000000000000000000014000000e3de3d7b4cd07ec3ee777de774fc7987cca41989140003"], 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x4008014)

884.346ms ago: executing program 0 (id=5350):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x90)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0x0, 0x0, &(0x7f0000000000), 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

776.75656ms ago: executing program 7 (id=5351):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2400000001040102000000c9fd0000000000000008000340000104000500010001"], 0x24}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x1, 0x4, 0x101, 0x0, 0x0, {0x1, 0x0, 0x400}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x60000081}, 0x800)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0)
close(r1)

635.176131ms ago: executing program 45 (id=5319):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
bind$can_raw(r0, &(0x7f0000000000), 0x10)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})

584.29411ms ago: executing program 9 (id=5353):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f00000000c0), 0x4)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r0, &(0x7f00000030c0)=[{{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000b00)}], 0x1}}], 0x1, 0x4)
shutdown(r0, 0x1)

205.247096ms ago: executing program 0 (id=5354):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe2(&(0x7f0000000040)={<r5=>0xffffffffffffffff}, 0x0)
pipe2$9p(&(0x7f0000000180)={0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
tee(r5, r6, 0x4e, 0x0)
write$binfmt_script(r6, &(0x7f0000000800)={'#! ', './file0'}, 0xb)

175.125054ms ago: executing program 7 (id=5355):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c6261636b67726f756e645f67633d6f6e2c6e6f757365725f78617474722c6e6f71756f74612c64697361626c655f726f6c6c5f666f72776172642c67635f6d657267652c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c646973636172645f756e69743d73656374696f6e2c636865636b706f696e743d64697361626c652c6e6f696e6c696e655f64656e7472792c00ec6da92d1c80a6c720380e3c2c55bf27596d2776ce408c4bb19b149757508e1c7e919c6c2047023baa412d14fa75c8cac6e5f103e13ea52708af0a7c5da8af4ecb6612"], 0x2, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
shmget$private(0x0, 0x2000, 0x800, &(0x7f0000ffd000/0x2000)=nil)
madvise(&(0x7f00001c1000/0x3000)=nil, 0x3000, 0x9)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, 0x0, 0x0)
sendto$inet(r1, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r2, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x4, 0x2}, 0xe)
setsockopt$bt_BT_RCVMTU(r2, 0x112, 0xd, 0x0, 0x0)
r3 = open(&(0x7f0000000580)='./bus\x00', 0x84242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r3, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x2, 0x5, 0x7, 0x3, 0x3, {0x400000080001, 0xff, 0x20ff, 0x8, 0xe, 0xd615, 0x9, 0x3, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x5, 0x2000001}}}}, 0xa0)
sendfile(r3, r3, &(0x7f0000000080), 0x7f03)
syz_open_dev$evdev(0x0, 0xfffffffffffffff9, 0x100)
prlimit64(0x0, 0xe, &(0x7f00000004c0)={0x7, 0x800000000000008a}, 0x0)

174.248978ms ago: executing program 1 (id=5356):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_HEADER(r0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x8010)

0s ago: executing program 9 (id=5357):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuset.memory_pressure\x00', 0x26e1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x4, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x41100, 0x70, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000480)=[r0, r0, 0xffffffffffffffff, r0, r0], 0x0, 0x10, 0x9}, 0x94)
r1 = socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={0xffffffffffffffff, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r2=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0xd0, 0x24, 0xf0b, 0x70bd2e, 0x0, {0x0, 0x0, 0x12, r2, {0x0, 0x7}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0xa0, 0x2, {{0x3, 0x0, 0x3, 0xe, 0x2, 0xff}, [@TCA_NETEM_LOSS={0x74}, @TCA_NETEM_CORR={0x10, 0x1, {0x3, 0x5}}]}}}]}, 0xd0}}, 0x4000010)

kernel console output (not intermixed with test programs):

9: detected capacity change from 0 to 4096
[ 1080.273007][T21854] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1080.334684][T21854] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1080.405686][T21854] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1080.561058][ T5942] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[ 1080.774035][ T5942] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1080.816934][ T5942] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1080.856707][ T5942] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1080.892386][ T5942] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1080.938907][T21854] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1080.946078][ T5942] usb 4-1: SerialNumber: syz
[ 1080.977044][T22277] ip6_vti0: entered promiscuous mode
[ 1081.013629][T22277] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4668'.
[ 1081.192291][T21854] 8021q: adding VLAN 0 to HW filter on device team0
[ 1081.236745][ T5942] usb 4-1: 0:2 : does not exist
[ 1081.246812][ T1102] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1081.253967][ T1102] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1081.291099][ T5942] usb 4-1: unit 5 not found!
[ 1081.350065][ T5952] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1081.357226][ T5952] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1081.361400][ T5942] usb 4-1: USB disconnect, device number 13
[ 1081.427506][T22287] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4669'.
[ 1081.485128][T22286] overlayfs: missing 'lowerdir'
[ 1081.510321][T22282] vlan2: entered promiscuous mode
[ 1081.519864][T22282] vlan2: entered allmulticast mode
[ 1081.537551][T22282] hsr_slave_1: entered allmulticast mode
[ 1081.801604][  T791] usb 8-1: new low-speed USB device number 8 using dummy_hcd
[ 1081.975930][  T791] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1082.050970][  T791] usb 8-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1082.059967][  T791] usb 8-1: New USB device found, idVendor=0c70, idProduct=f0b6, bcdDevice= 0.00
[ 1082.120924][  T791] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1082.173243][  T791] usb 8-1: config 0 descriptor??
[ 1082.734539][T21854] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1082.906642][T21854] veth0_vlan: entered promiscuous mode
[ 1082.959079][T21854] veth1_vlan: entered promiscuous mode
[ 1083.053807][T21854] veth0_macvtap: entered promiscuous mode
[ 1083.068264][T22311] loop0: detected capacity change from 0 to 32768
[ 1083.089308][T21854] veth1_macvtap: entered promiscuous mode
[ 1083.168133][T21854] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1083.203030][T22336] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4678'.
[ 1083.214574][T21854] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1083.268872][   T66] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1083.288375][   T66] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1083.345951][   T66] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1083.375185][   T66] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1085.210707][T22305] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[ 1085.231028][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[ 1085.239063][    C1] lec:lec_tx_timeout: lec0
[ 1085.243678][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1085.917657][T19181] usb 8-1: USB disconnect, device number 8
[ 1086.032317][ T1151] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1086.040192][ T1151] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1086.113245][T22357] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1086.121197][T22362] loop3: detected capacity change from 0 to 164
[ 1086.180722][T22361] overlayfs: missing 'lowerdir'
[ 1086.485048][T22357] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1087.455632][T22364] ip6_vti0: entered promiscuous mode
[ 1087.512023][T22364] netlink: 8 bytes leftover after parsing attributes in process `syz.9.4682'.
[ 1087.573496][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1087.581408][T22371] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4687'.
[ 1087.672673][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1088.892481][T22419] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1089.137445][T22425] syzkaller0: entered promiscuous mode
[ 1089.170156][T22425] syzkaller0: entered allmulticast mode
[ 1090.051683][T22453] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4702'.
[ 1090.146583][T22460] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4703'.
[ 1090.250411][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[ 1090.258485][    C1] lec:lec_tx_timeout: lec0
[ 1090.263499][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1090.327238][T22464] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4704'.
[ 1090.969247][T22477] binder: 22463:22477 ioctl 0 200000000040 returned -22
[ 1091.309738][T22395] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[ 1091.677041][ T5832] Bluetooth: hci4: command 0x0406 tx timeout
[ 1091.927260][T22509] ip6_vti0: entered promiscuous mode
[ 1091.975721][T22509] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4711'.
[ 1092.113955][T22512] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1095.270456][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[ 1095.278524][    C1] lec:lec_tx_timeout: lec0
[ 1095.290476][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1096.885879][T22542] netlink: 4 bytes leftover after parsing attributes in process `syz.9.4717'.
[ 1096.908675][T22543] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4716'.
[ 1097.330758][T22559] syzkaller0: entered promiscuous mode
[ 1097.336274][T22559] syzkaller0: entered allmulticast mode
[ 1100.300420][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[ 1100.308510][    C1] lec:lec_tx_timeout: lec0
[ 1100.313329][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1100.707873][T22567] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[ 1100.972272][T22606] loop3: detected capacity change from 0 to 1024
[ 1101.163447][T22606] hfsplus: xattr search failed
[ 1102.015702][T22623] netlink: 4 bytes leftover after parsing attributes in process `syz.9.4735'.
[ 1102.077686][T22626] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4734'.
[ 1102.227953][T22632] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4736'.
[ 1105.320418][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[ 1105.328428][    C1] lec:lec_tx_timeout: lec0
[ 1105.340475][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1108.171365][T22649] syzkaller0: entered promiscuous mode
[ 1108.231746][T22649] syzkaller0: entered allmulticast mode
[ 1108.431247][T22666] netlink: 20 bytes leftover after parsing attributes in process `syz.5.4728'.
[ 1109.202094][ T9817] udevd[9817]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[ 1109.232613][   T31] audit: type=1107 audit(1769958502.901:152): pid=22676 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='OŸ'
[ 1110.350584][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[ 1110.358624][    C1] lec:lec_tx_timeout: lec0
[ 1110.363359][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1110.564407][T22707] netlink: 4 bytes leftover after parsing attributes in process `syz.9.4750'.
[ 1110.637842][T22710] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4752'.
[ 1110.811080][ T8618] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[ 1110.980442][ T8618] usb 6-1: Using ep0 maxpacket: 32
[ 1111.044494][ T8618] usb 6-1: config 0 has an invalid interface number: 184 but max is 0
[ 1111.060453][ T8618] usb 6-1: config 0 has no interface number 0
[ 1111.066568][ T8618] usb 6-1: config 0 interface 184 has no altsetting 0
[ 1111.119386][ T8618] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1111.164140][ T8618] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1111.201031][ T8618] usb 6-1: Product: syz
[ 1111.212530][ T8618] usb 6-1: Manufacturer: syz
[ 1111.239384][ T8618] usb 6-1: SerialNumber: syz
[ 1111.261724][ T8618] usb 6-1: config 0 descriptor??
[ 1111.296167][ T8618] smsc75xx v1.0.0
[ 1111.490522][ T5970] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[ 1111.687024][ T5970] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1111.750695][ T5970] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1113.873438][ T5970] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1113.955337][ T5970] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1114.170462][ T5970] usb 2-1: SerialNumber: syz
[ 1114.203401][ T8618] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -71
[ 1114.265404][ T8618] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1114.299887][ T8618] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[ 1114.337898][ T5970] usb 2-1: can't set config #1, error -71
[ 1114.355501][ T8618] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[ 1114.403820][ T8618] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[ 1114.421395][ T5970] usb 2-1: USB disconnect, device number 13
[ 1114.460203][ T8618] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[ 1114.500726][ T8618] smsc75xx 6-1:0.184: probe with driver smsc75xx failed with error -71
[ 1114.583451][ T8618] usb 6-1: USB disconnect, device number 10
[ 1115.370457][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[ 1115.378500][    C1] lec:lec_tx_timeout: lec0
[ 1115.390504][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1117.428866][T22771] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1117.522669][T22771] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1117.551066][T22778] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4769'.
[ 1117.734856][T22774] ip6_vti0: entered promiscuous mode
[ 1117.763775][T22774] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4770'.
[ 1117.974190][T22788] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4772'.
[ 1118.274672][T22796] netlink: 'syz.0.4776': attribute type 1 has an invalid length.
[ 1118.416208][T22799] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4776'.
[ 1118.657658][T22798] bond1: (slave geneve2): making interface the new active one
[ 1118.711600][T22798] bond1: (slave geneve2): Enslaving as an active interface with an up link
[ 1118.753049][T22799] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1118.788113][   T12] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[ 1118.830490][   T12] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[ 1118.840492][  T791] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[ 1118.900493][   T12] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[ 1118.909316][   T12] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[ 1120.674873][  T791] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1120.698975][  T791] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1120.870695][  T791] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1120.879775][  T791] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1120.908982][  T791] usb 6-1: SerialNumber: syz
[ 1121.060951][T22817] loop0: detected capacity change from 0 to 1024
[ 1121.192145][T22821] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4783'.
[ 1121.237974][T22819] syzkaller0: entered promiscuous mode
[ 1121.277148][T22819] syzkaller0: entered allmulticast mode
[ 1121.397326][  T791] usb 6-1: 0:2 : does not exist
[ 1121.410707][  T791] usb 6-1: unit 5 not found!
[ 1121.506593][  T791] usb 6-1: USB disconnect, device number 11
[ 1121.590399][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 6200 ms
[ 1121.598473][    C1] lec:lec_tx_timeout: lec0
[ 1121.603566][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1121.643500][ T9817] udevd[9817]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1121.677357][ T1151] hfsplus: b-tree write err: -5, ino 3
[ 1121.678435][T22831] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4784'.
[ 1121.844611][T22834] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4785'.
[ 1122.307180][T22841] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[ 1122.394762][T22843] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4789'.
[ 1124.170600][T22815] Bluetooth: hci6: command 0x0419 tx timeout
[ 1124.755262][T22825] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[ 1125.443309][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[ 1125.734857][T22862] loop3: detected capacity change from 0 to 1024
[ 1125.988194][T22862] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1127.244024][T22872] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4797'.
[ 1127.350408][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5750 ms
[ 1127.358484][    C1] lec:lec_tx_timeout: lec0
[ 1127.363535][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1127.900854][ T5970] usb 6-1: new low-speed USB device number 12 using dummy_hcd
[ 1128.085816][ T5970] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1128.130503][ T5970] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1128.174341][ T8618] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[ 1128.206197][ T5970] usb 6-1: New USB device found, idVendor=0c70, idProduct=f0b6, bcdDevice= 0.00
[ 1128.269395][T13575] EXT4-fs error (device loop3): ext4_ext_check_inode:523: inode #13: comm syz-executor: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0)
[ 1128.290930][ T5970] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1128.327514][ T5970] usb 6-1: config 0 descriptor??
[ 1128.333885][T22884] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4801'.
[ 1128.345107][ T5970] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[ 1128.363684][T13575] EXT4-fs error (device loop3): ext4_ext_check_inode:523: inode #13: comm syz-executor: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0)
[ 1128.384713][ T8618] usb 2-1: device descriptor read/64, error -71
[ 1128.562130][T13575] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1128.640650][ T8618] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[ 1128.780736][ T8618] usb 2-1: device descriptor read/64, error -71
[ 1128.901007][ T8618] usb usb2-port1: attempt power cycle
[ 1129.258407][ T8618] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[ 1129.291311][ T8618] usb 2-1: device descriptor read/8, error -71
[ 1129.365998][T22913] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1129.464941][ T5832] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1129.475402][ T5832] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1129.484202][ T5832] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1129.493277][ T5832] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1129.504485][ T5832] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1129.550505][ T8618] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[ 1129.581545][ T8618] usb 2-1: device descriptor read/8, error -71
[ 1129.710741][ T8618] usb usb2-port1: unable to enumerate USB device
[ 1130.680815][   T66] bridge_slave_1: left allmulticast mode
[ 1130.687570][   T66] bridge_slave_1: left promiscuous mode
[ 1130.711441][   T66] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1130.733196][   T66] bridge_slave_0: left allmulticast mode
[ 1130.743206][ T8618] usb 6-1: USB disconnect, device number 12
[ 1130.750117][   T66] bridge_slave_0: left promiscuous mode
[ 1130.760472][   T66] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1131.251794][T22932] loop5: detected capacity change from 0 to 40427
[ 1131.330188][T22932] F2FS-fs (loop5): invalid crc value
[ 1131.449877][T22932] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[ 1131.466157][T22932] F2FS-fs (loop5): Start checkpoint disabled!
[ 1132.054233][T22927] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[ 1132.058385][T22932] F2FS-fs (loop5): f2fs_disable_checkpoint() finish, err:0
[ 1132.161075][T22900] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[ 1132.192103][T22932] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[ 1132.370402][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[ 1132.378433][    C1] lec:lec_tx_timeout: lec0
[ 1132.390528][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1133.086382][T22938] syz.5.4817: attempt to access beyond end of device
[ 1133.086382][T22938] loop5: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[ 1133.102713][T22938] syz.5.4817: attempt to access beyond end of device
[ 1133.102713][T22938] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1133.118923][T22938] syz.5.4817: attempt to access beyond end of device
[ 1133.118923][T22938] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1133.138838][T22938] syz.5.4817: attempt to access beyond end of device
[ 1133.138838][T22938] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1133.155942][T22938] syz.5.4817: attempt to access beyond end of device
[ 1133.155942][T22938] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1133.175421][T22938] syz.5.4817: attempt to access beyond end of device
[ 1133.175421][T22938] loop5: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[ 1133.194881][T22938] syz.5.4817: attempt to access beyond end of device
[ 1133.194881][T22938] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1133.219899][T22938] syz.5.4817: attempt to access beyond end of device
[ 1133.219899][T22938] loop5: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[ 1133.327253][   T31] audit: type=1800 audit(1769958526.741:153): pid=22938 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.4817" name="bus" dev="loop5" ino=10 res=0 errno=0
[ 1133.524964][T22938] syz.5.4817: attempt to access beyond end of device
[ 1133.524964][T22938] loop5: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[ 1136.135104][   T66] bond1 (unregistering): (slave ip6gretap1): Releasing active interface
[ 1138.230396][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5840 ms
[ 1138.238432][    C1] lec:lec_tx_timeout: lec0
[ 1138.684454][T14893] kworker/u8:13: attempt to access beyond end of device
[ 1138.684454][T14893] loop5: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[ 1138.729446][T22952] netlink: 16 bytes leftover after parsing attributes in process `syz.7.4819'.
[ 1138.775556][T14893] CPU: 1 UID: 0 PID: 14893 Comm: kworker/u8:13 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1138.775619][T14893] Tainted: [L]=SOFTLOCKUP
[ 1138.775633][T14893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 1138.775659][T14893] Workqueue: writeback wb_workfn (flush-7:5)
[ 1138.775727][T14893] Call Trace:
[ 1138.775739][T14893]  <TASK>
[ 1138.775752][T14893]  dump_stack_lvl+0x100/0x190
[ 1138.775802][T14893]  f2fs_handle_critical_error+0x5d7/0x970
[ 1138.775866][T14893]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1138.775912][T14893]  ? f2fs_build_fault_attr+0x53/0x1f0
[ 1138.775976][T14893]  f2fs_write_end_io+0xc24/0xf00
[ 1138.776042][T14893]  ? __pfx_f2fs_write_end_io+0x10/0x10
[ 1138.776111][T14893]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1138.776167][T14893]  ? __pfx_f2fs_write_end_io+0x10/0x10
[ 1138.776228][T14893]  bio_endio+0x755/0x8b0
[ 1138.776291][T14893]  submit_bio_noacct+0x1b7/0x1e80
[ 1138.776346][T14893]  __submit_merged_bio+0x331/0x6f0
[ 1138.776415][T14893]  __submit_merged_write_cond+0x31a/0x3f0
[ 1138.776491][T14893]  f2fs_write_cache_pages+0x21c8/0x2720
[ 1138.776559][T14893]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[ 1138.776611][T14893]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1138.776659][T14893]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1138.776704][T14893]  ? do_raw_spin_lock+0x128/0x260
[ 1138.776746][T14893]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1138.776793][T14893]  ? nr_blockdev_pages+0xde/0x120
[ 1138.776834][T14893]  ? nr_blockdev_pages+0xde/0x120
[ 1138.776874][T14893]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1138.776925][T14893]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1138.776971][T14893]  ? do_raw_spin_unlock+0x145/0x1e0
[ 1138.777027][T14893]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1138.777074][T14893]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1138.777119][T14893]  ? f2fs_available_free_memory+0x279/0xa60
[ 1138.777241][T14893]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1138.777295][T14893]  f2fs_write_data_pages+0x5a7/0x1060
[ 1138.777335][T14893]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1138.777394][T14893]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1138.777455][T14893]  ? __lock_acquire+0x4a5/0x2630
[ 1138.777513][T14893]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1138.777559][T14893]  do_writepages+0x278/0x600
[ 1138.777621][T14893]  ? __pfx_do_writepages+0x10/0x10
[ 1138.777674][T14893]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1138.777727][T14893]  __writeback_single_inode+0x164/0x13c0
[ 1138.777780][T14893]  ? find_held_lock+0x2b/0x80
[ 1138.777830][T14893]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1138.777879][T14893]  ? __pfx___writeback_single_inode+0x10/0x10
[ 1138.777934][T14893]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1138.777979][T14893]  ? do_raw_spin_unlock+0x145/0x1e0
[ 1138.778022][T14893]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1138.778075][T14893]  writeback_sb_inodes+0x72e/0x1b90
[ 1138.778153][T14893]  ? __pfx_writeback_sb_inodes+0x10/0x10
[ 1138.778209][T14893]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1138.778267][T14893]  ? widen_string+0xdb/0x2f0
[ 1138.778326][T14893]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1138.778433][T14893]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1138.778478][T14893]  ? rcu_is_watching+0x12/0xc0
[ 1138.778526][T14893]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1138.778572][T14893]  ? queue_io+0x286/0x4f0
[ 1138.778632][T14893]  wb_writeback+0x1bc/0xab0
[ 1138.778697][T14893]  ? __pfx_wb_writeback+0x10/0x10
[ 1138.778749][T14893]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1138.778807][T14893]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1138.778853][T14893]  ? mark_held_locks+0x40/0x70
[ 1138.778921][T14893]  wb_workfn+0x143/0xbb0
[ 1138.778984][T14893]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1138.779031][T14893]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 1138.779083][T14893]  ? __pfx_wb_workfn+0x10/0x10
[ 1138.779143][T14893]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1138.779195][T14893]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1138.779243][T14893]  ? process_one_work+0x80b/0x1840
[ 1138.779285][T14893]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1138.779331][T14893]  ? rcu_is_watching+0x12/0xc0
[ 1138.779390][T14893]  process_one_work+0x9c2/0x1840
[ 1138.779451][T14893]  ? __pfx_process_one_work+0x10/0x10
[ 1138.779494][T14893]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1138.779552][T14893]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1138.779604][T14893]  ? assign_work+0x19c/0x250
[ 1138.779647][T14893]  worker_thread+0x5da/0xe40
[ 1138.779708][T14893]  ? kthread+0x17d/0x730
[ 1138.779741][T14893]  ? __pfx_worker_thread+0x10/0x10
[ 1138.779779][T14893]  kthread+0x3b3/0x730
[ 1138.779818][T14893]  ? __pfx_kthread+0x10/0x10
[ 1138.779852][T14893]  ? ret_from_fork+0x79/0xaf0
[ 1138.779891][T14893]  ? ret_from_fork+0x79/0xaf0
[ 1138.779930][T14893]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1138.779976][T14893]  ? rcu_is_watching+0x12/0xc0
[ 1138.780023][T14893]  ? __pfx_kthread+0x10/0x10
[ 1138.780063][T14893]  ret_from_fork+0x754/0xaf0
[ 1138.780106][T14893]  ? __pfx_ret_from_fork+0x10/0x10
[ 1138.780151][T14893]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1138.780198][T14893]  ? __switch_to+0x7b9/0x10c0
[ 1138.780249][T14893]  ? __pfx_kthread+0x10/0x10
[ 1138.780290][T14893]  ret_from_fork_asm+0x1a/0x30
[ 1138.780375][T14893]  </TASK>
[ 1139.322141][T22959] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4827'.
[ 1139.377843][   T66] gretap0 (unregistering): left promiscuous mode
[ 1139.408483][T14893] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[ 1139.520461][T19181] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[ 1139.680575][T19181] usb 2-1: Using ep0 maxpacket: 32
[ 1139.686316][   T66] bond0 (unregistering): left promiscuous mode
[ 1139.697295][T19181] usb 2-1: config 0 has an invalid interface number: 184 but max is 0
[ 1139.708905][   T66] bond_slave_0: left promiscuous mode
[ 1139.730594][T19181] usb 2-1: config 0 has no interface number 0
[ 1139.747258][   T66] bond_slave_1: left promiscuous mode
[ 1139.756727][T19181] usb 2-1: config 0 interface 184 has no altsetting 0
[ 1139.791921][   T66] mac80211_hwsim hwsim31 wlan1: left promiscuous mode
[ 1139.807165][T19181] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1139.848803][T19181] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1139.861151][ T5952] smc: removing ib device syz1
[ 1139.876422][T19181] usb 2-1: Product: syz
[ 1139.879202][   T66] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1139.893376][T19181] usb 2-1: Manufacturer: syz
[ 1139.903242][   T66] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1139.907169][T19181] usb 2-1: SerialNumber: syz
[ 1139.929111][T19181] usb 2-1: config 0 descriptor??
[ 1139.930964][   T66] bond0 (unregistering): (slave wlan1): Releasing backup interface
[ 1139.955460][   T66] bond0 (unregistering): Released all slaves
[ 1139.956140][T19181] smsc75xx v1.0.0
[ 1140.152565][   T66] bond1 (unregistering): Released all slaves
[ 1140.355677][   T66] bond2 (unregistering): Released all slaves
[ 1140.583537][T19181] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[ 1140.595738][T19181] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1141.003530][   T66] bond3 (unregistering): Released all slaves
[ 1141.085413][   T66] bond4 (unregistering): Released all slaves
[ 1141.250040][   T66] team0: Port device macvlan2 removed
[ 1141.268691][   T66] bond5 (unregistering): Released all slaves
[ 1141.292301][   T66] bond6 (unregistering): Released all slaves
[ 1141.450664][   T66] team0: Port device macvlan3 removed
[ 1141.464549][   T66] bond7 (unregistering): Released all slaves
[ 1141.562077][   T66] team0: Port device macvlan4 removed
[ 1141.575535][   T66] bond8 (unregistering): Released all slaves
[ 1141.619651][T22952] bond0: entered promiscuous mode
[ 1141.633678][T22952] bond_slave_0: entered promiscuous mode
[ 1141.649768][T22952] bond_slave_1: entered promiscuous mode
[ 1141.666386][T22952] gretap0: entered promiscuous mode
[ 1141.685675][T22952] debugfs: 'hsr1' already exists in 'hsr'
[ 1141.693584][T22952] Cannot create hsr debugfs directory
[ 1141.699941][T22952] hsr1: entered promiscuous mode
[ 1141.987665][T22980] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1142.163998][T22992] md: invalid raid superblock magic on ram0
[ 1142.175577][T22992] md: ram0 does not have a valid v0.0 superblock, not importing!
[ 1142.193687][T22992] md: md_import_device returned -22
[ 1142.877282][T19181] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -32
[ 1143.004004][T22997] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[ 1143.126210][T19181] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -32
[ 1143.235835][T19181] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -32
[ 1143.271584][T19181] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -32
[ 1143.375829][T19181] usb 2-1: USB disconnect, device number 18
[ 1148.940937][ T5849] usb 10-1: new high-speed USB device number 15 using dummy_hcd
[ 1149.137396][ T5849] usb 10-1: Using ep0 maxpacket: 8
[ 1149.155295][ T5849] usb 10-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[ 1149.175627][ T5849] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1149.213806][ T5849] usb 10-1: Product: syz
[ 1149.235562][ T5849] usb 10-1: Manufacturer: syz
[ 1149.261869][ T5849] usb 10-1: SerialNumber: syz
[ 1149.265701][T22917] chnl_net:caif_netlink_parms(): no params data found
[ 1149.483208][ T5849] usb 10-1: config 0 descriptor??
[ 1149.733057][ T5849] usb 10-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[ 1150.196173][T22917] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1150.220501][T22917] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1150.227694][T22917] bridge_slave_0: entered allmulticast mode
[ 1150.262456][T22917] bridge_slave_0: entered promiscuous mode
[ 1150.282536][T22917] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1150.308668][T22917] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1150.320553][T22917] bridge_slave_1: entered allmulticast mode
[ 1150.364414][T22917] bridge_slave_1: entered promiscuous mode
[ 1151.332843][T22917] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1151.361558][ T5849] dvb_usb_rtl28xxu 10-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[ 1151.421281][ T5849] usb 10-1: USB disconnect, device number 15
[ 1151.428787][T22917] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1151.659468][T23071] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4842'.
[ 1151.717843][T22917] team0: Port device team_slave_0 added
[ 1151.755302][T22917] team0: Port device team_slave_1 added
[ 1151.843649][T23074] netlink: 12 bytes leftover after parsing attributes in process `syz.7.4846'.
[ 1152.177261][T22917] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1152.220704][T22917] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1152.331856][T22917] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1152.343748][T23067] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[ 1152.400573][T22917] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1152.407523][T22917] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1152.528808][T22917] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1153.792202][T22917] hsr_slave_0: entered promiscuous mode
[ 1153.807959][T22917] hsr_slave_1: entered promiscuous mode
[ 1153.846831][T22917] debugfs: 'hsr0' already exists in 'hsr'
[ 1153.856539][T22917] Cannot create hsr debugfs directory
[ 1153.864392][   T66] tipc: Left network mode
[ 1156.212644][T23106] binder: 23073:23106 ioctl 0 200000000040 returned -22
[ 1157.900982][T23102] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR
[ 1158.244021][T23122] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4858'.
[ 1158.352756][T23126] netlink: 8 bytes leftover after parsing attributes in process `syz.9.4859'.
[ 1158.742529][ T5838] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1158.754178][ T5838] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1158.762100][ T5838] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1158.784179][ T5838] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1158.793689][ T5838] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1159.675341][T23145] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[ 1160.032953][T23157] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1160.374233][T23169] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4871'.
[ 1160.698171][   T66] hsr_slave_0: left promiscuous mode
[ 1162.389694][ T5838] Bluetooth: hci5: command tx timeout
[ 1162.889403][T23168] loop9: detected capacity change from 0 to 32768
[ 1162.972841][T23168] XFS (loop9): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[ 1163.042166][T23168] XFS (loop9): Ending clean mount
[ 1163.078754][T23168] XFS (loop9): Quotacheck needed: Please wait.
[ 1163.196496][T23168] XFS (loop9): Quotacheck: Done.
[ 1163.370810][T18921] XFS (loop9): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[ 1163.460285][   T66] team0 (unregistering): Port device team_slave_1 removed
[ 1163.518095][   T66] team0 (unregistering): Port device team_slave_0 removed
[ 1163.679972][T23201] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4878'.
[ 1163.924327][T23207] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1165.257973][ T5838] Bluetooth: hci5: command tx timeout
[ 1165.279927][T23205] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[ 1165.609422][T23230] netlink: 20 bytes leftover after parsing attributes in process `syz.7.4887'.
[ 1166.176290][ T9764] udevd[9764]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[ 1166.235623][ T9817] udevd[9817]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[ 1166.776805][T23250] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1167.281671][ T5832] Bluetooth: hci5: command tx timeout
[ 1167.335673][   T66] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1169.147565][ T5832] Bluetooth: hci3: command 0x0406 tx timeout
[ 1169.315803][T23137] chnl_net:caif_netlink_parms(): no params data found
[ 1169.350489][ T5838] Bluetooth: hci5: command tx timeout
[ 1169.374444][T23268] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4893'.
[ 1169.587211][   T66] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1169.993432][T23289] netlink: 'syz.7.4899': attribute type 1 has an invalid length.
[ 1170.042857][   T66] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1170.158751][T23292] netlink: 28 bytes leftover after parsing attributes in process `syz.7.4899'.
[ 1170.265872][T23295] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4900'.
[ 1170.351451][T23291] bond1: (slave geneve2): making interface the new active one
[ 1170.379435][T23291] bond1: (slave geneve2): Enslaving as an active interface with an up link
[ 1170.605987][   T66] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1170.710708][ T5952] netdevsim netdevsim7 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[ 1170.740824][T22917] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1170.764827][T22917] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1170.778522][T22917] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1170.819185][T22917] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1170.932005][T23137] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1170.960590][T23137] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1170.967791][T23137] bridge_slave_0: entered allmulticast mode
[ 1171.765888][T23137] bridge_slave_0: entered promiscuous mode
[ 1171.792395][T23137] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1171.814004][T23137] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1171.831420][T23137] bridge_slave_1: entered allmulticast mode
[ 1171.839405][T23137] bridge_slave_1: entered promiscuous mode
[ 1171.881702][ T5952] netdevsim netdevsim7 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[ 1172.024765][ T5952] netdevsim netdevsim7 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[ 1172.061984][ T5952] netdevsim netdevsim7 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[ 1172.118902][T23137] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1172.147592][T23137] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1172.154671][T23325] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1172.284823][T23137] team0: Port device team_slave_0 added
[ 1172.306649][T23137] team0: Port device team_slave_1 added
[ 1172.372560][T23331] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[ 1172.481420][   T66] bridge_slave_1: left allmulticast mode
[ 1172.495257][   T66] bridge_slave_1: left promiscuous mode
[ 1172.509687][   T66] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1172.532382][   T66] bridge_slave_0: left allmulticast mode
[ 1172.543688][   T66] bridge_slave_0: left promiscuous mode
[ 1172.555548][   T66] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1172.655121][T23311] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[ 1175.253807][   T66] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1175.328253][   T66] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1175.358916][T23382] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1175.377815][   T66] bond0 (unregistering): Released all slaves
[ 1175.406824][T23137] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1175.422693][T23137] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1175.470119][T23137] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1175.486611][T23345] netlink: 8 bytes leftover after parsing attributes in process `syz.9.4908'.
[ 1175.569200][T23137] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1175.590620][T23137] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1175.663063][T23137] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1176.176721][T23401] io-wq is not configured for unbound workers
[ 1176.918448][T23400] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[ 1177.092274][T23137] hsr_slave_0: entered promiscuous mode
[ 1177.112466][T23137] hsr_slave_1: entered promiscuous mode
[ 1177.120967][T23137] debugfs: 'hsr0' already exists in 'hsr'
[ 1177.126954][T23137] Cannot create hsr debugfs directory
[ 1177.533909][   T66] hsr_slave_0: left promiscuous mode
[ 1177.562173][   T66] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1177.569587][   T66] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1179.061810][   T66] veth1_macvtap: left promiscuous mode
[ 1179.067386][   T66] veth0_macvtap: left promiscuous mode
[ 1179.096971][   T66] veth1_vlan: left promiscuous mode
[ 1179.120774][   T66] veth0_vlan: left promiscuous mode
[ 1182.710781][ T5849] usb 8-1: new low-speed USB device number 9 using dummy_hcd
[ 1182.914203][ T5849] usb 8-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1182.960462][ T5849] usb 8-1: New USB device found, idVendor=0c70, idProduct=f0b6, bcdDevice= 0.00
[ 1182.969883][ T5849] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1183.031711][ T5849] usb 8-1: config 0 descriptor??
[ 1183.046638][ T5849] usbhid 8-1:0.0: couldn't find an input interrupt endpoint
[ 1183.390728][T18983] lec:lec_start_xmit: lec0:No lecd attached
[ 1183.702273][   T66] team0 (unregistering): Port device team_slave_1 removed
[ 1183.730566][ T8618] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[ 1183.792251][   T66] team0 (unregistering): Port device team_slave_0 removed
[ 1183.901403][ T8618] usb 2-1: Using ep0 maxpacket: 32
[ 1183.921970][ T8618] usb 2-1: config 0 has an invalid interface number: 184 but max is 0
[ 1183.943911][ T8618] usb 2-1: config 0 has no interface number 0
[ 1183.950028][ T8618] usb 2-1: config 0 interface 184 has no altsetting 0
[ 1183.966583][ T8618] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1183.983191][ T8618] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1183.993160][ T8618] usb 2-1: Product: syz
[ 1184.008444][ T8618] usb 2-1: Manufacturer: syz
[ 1184.017974][ T8618] usb 2-1: SerialNumber: syz
[ 1184.042288][ T8618] usb 2-1: config 0 descriptor??
[ 1184.060946][ T8618] smsc75xx v1.0.0
[ 1184.528638][T23477] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4930'.
[ 1184.684171][ T8618] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[ 1184.718889][ T8618] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1184.782536][T22917] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1184.997640][T22917] 8021q: adding VLAN 0 to HW filter on device team0
[ 1185.173581][T23486] syzkaller1: entered promiscuous mode
[ 1185.188690][T23486] syzkaller1: entered allmulticast mode
[ 1185.479782][T15694] usb 8-1: USB disconnect, device number 9
[ 1185.535971][ T1102] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1185.543175][ T1102] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1185.797519][T14893] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1185.804734][T14893] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1185.958292][ T8618] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32
[ 1186.021210][ T8618] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -32
[ 1186.068801][ T8618] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -32
[ 1186.103375][ T8618] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -32
[ 1186.418776][T23137] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1186.468349][T23137] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1186.499568][T23503] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[ 1186.511710][T23137] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1186.554918][T23137] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1186.680425][T15694] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[ 1186.930868][T15694] usb 1-1: too many endpoints for config 0 interface 0 altsetting 254: 253, using maximum allowed: 30
[ 1186.960711][T15694] usb 1-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1186.985497][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[ 1187.028330][ T8618] usb 2-1: USB disconnect, device number 19
[ 1187.151935][T15694] usb 1-1: config 0 interface 0 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1187.175934][T15694] usb 1-1: config 0 interface 0 has no altsetting 0
[ 1187.187962][T15694] usb 1-1: New USB device found, idVendor=044e, idProduct=120c, bcdDevice= 0.00
[ 1187.199849][T15694] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1187.225585][T23536] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4940'.
[ 1188.045390][T15694] usb 1-1: config 0 descriptor??
[ 1188.135319][T22917] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1188.256188][T23547] netlink: 'syz.7.4942': attribute type 1 has an invalid length.
[ 1188.427205][T23553] netlink: 28 bytes leftover after parsing attributes in process `syz.7.4942'.
[ 1188.574698][T23556] netlink: 48 bytes leftover after parsing attributes in process `syz.1.4943'.
[ 1188.599463][T23137] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1188.715353][T23137] 8021q: adding VLAN 0 to HW filter on device team0
[ 1188.740522][T15694] usbhid 1-1:0.0: can't add hid device: -71
[ 1188.746536][T15694] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1188.788046][T14893] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1188.795238][T14893] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1188.810826][T15694] usb 1-1: USB disconnect, device number 17
[ 1188.882427][T14893] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1188.889638][T14893] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1189.033443][T23566] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4946'.
[ 1189.190392][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5800 ms
[ 1189.198429][    C1] lec:lec_tx_timeout: lec0
[ 1189.204061][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1189.286405][T23573] loop7: detected capacity change from 0 to 128
[ 1189.365417][T23573] UDF-fs: error (device loop7): udf_read_tagged: read failed, block=256, location=256
[ 1190.167305][T23566] hsr_slave_1 (unregistering): left promiscuous mode
[ 1190.234386][T23575] netlink: 8 bytes leftover after parsing attributes in process `syz.9.4944'.
[ 1190.602392][T23275] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1190.613507][T23275] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1190.616446][T23584] syzkaller1: entered promiscuous mode
[ 1190.626540][T23275] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1190.626704][T23584] syzkaller1: entered allmulticast mode
[ 1190.655654][T23275] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1190.670986][T23275] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1192.863427][T23610] loop9: detected capacity change from 0 to 1024
[ 1192.870653][T23610] EXT4-fs: Ignoring removed mblk_io_submit option
[ 1192.877075][T23610] EXT4-fs: Ignoring removed orlov option
[ 1192.883516][T23275] Bluetooth: hci6: command tx timeout
[ 1192.897018][T23610] EXT4-fs (loop9): Test dummy encryption mode enabled
[ 1192.904272][T23610] EXT4-fs (loop9): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[ 1192.915354][T23610] EXT4-fs (loop9): ext4_check_descriptors: Checksum for group 0 failed (12914!=20869)
[ 1192.925252][T23610] EXT4-fs (loop9): can't mount with data=, fs mounted w/o journal
[ 1192.972996][T23596] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[ 1193.150501][ T8618] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[ 1193.530880][T23137] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1193.584918][ T8618] usb 1-1: Using ep0 maxpacket: 32
[ 1193.611906][T23621] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[ 1193.628901][ T8618] usb 1-1: config 0 has an invalid interface number: 184 but max is 0
[ 1193.650979][ T8618] usb 1-1: config 0 has no interface number 0
[ 1193.657109][ T8618] usb 1-1: config 0 interface 184 has no altsetting 0
[ 1193.670958][T15694] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[ 1193.713481][ T8618] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1193.737905][ T8618] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1193.753987][ T8618] usb 1-1: Product: syz
[ 1193.761609][ T8618] usb 1-1: Manufacturer: syz
[ 1193.766221][ T8618] usb 1-1: SerialNumber: syz
[ 1193.789734][ T8618] usb 1-1: config 0 descriptor??
[ 1193.816809][ T8618] smsc75xx v1.0.0
[ 1193.830454][T15694] usb 2-1: Using ep0 maxpacket: 32
[ 1193.844095][T15694] usb 2-1: config index 0 descriptor too short (expected 156, got 27)
[ 1193.872858][T15694] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[ 1193.937490][T15694] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[ 1193.991100][T15694] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[ 1194.034973][T15694] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1194.073498][T15694] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[ 1194.120649][T15694] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[ 1194.153649][ T8618] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -71
[ 1194.170423][T15694] usb 2-1: Product: syz
[ 1194.174600][T15694] usb 2-1: Manufacturer: syz
[ 1194.179211][T15694] usb 2-1: SerialNumber: syz
[ 1194.200481][ T8618] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -71
[ 1194.210390][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[ 1194.218395][    C1] lec:lec_tx_timeout: lec0
[ 1194.243634][T15694] usb 2-1: config 0 descriptor??
[ 1194.322403][T23634] netlink: 'syz.0.4955': attribute type 1 has an invalid length.
[ 1194.343125][T15694] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[ 1194.377851][ T8618] usb 1-1: USB disconnect, device number 18
[ 1194.420203][T15694] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[ 1194.494068][T23636] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4955'.
[ 1194.591878][T23636] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1194.594477][T15694] usb 2-1: USB disconnect, device number 20
[ 1194.613895][T15694] ldusb 2-1:0.0: LD USB Device #0 now disconnected
[ 1194.771214][T23641] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4956'.
[ 1194.820728][T23592] chnl_net:caif_netlink_parms(): no params data found
[ 1194.955778][T23275] Bluetooth: hci6: command tx timeout
[ 1195.012597][T23137] veth0_vlan: entered promiscuous mode
[ 1195.053331][T23137] veth1_vlan: entered promiscuous mode
[ 1196.008012][T23137] veth0_macvtap: entered promiscuous mode
[ 1196.160441][T23592] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1196.167595][T23592] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1196.230597][T23592] bridge_slave_0: entered allmulticast mode
[ 1196.259084][T23592] bridge_slave_0: entered promiscuous mode
[ 1196.283531][T23592] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1196.300482][T23592] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1196.307680][T23592] bridge_slave_1: entered allmulticast mode
[ 1196.342761][T23592] bridge_slave_1: entered promiscuous mode
[ 1196.366132][T23137] veth1_macvtap: entered promiscuous mode
[ 1196.492512][   T66] bridge_slave_1: left allmulticast mode
[ 1196.498193][   T66] bridge_slave_1: left promiscuous mode
[ 1196.520668][   T66] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1196.564481][   T66] bridge_slave_0: left allmulticast mode
[ 1196.570134][   T66] bridge_slave_0: left promiscuous mode
[ 1196.608709][   T66] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1198.441946][T23275] Bluetooth: hci6: command tx timeout
[ 1199.259510][   T66] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1199.291860][   T66] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1199.307368][   T66] bond0 (unregistering): Released all slaves
[ 1199.337415][T23592] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1199.366801][T23592] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1199.377821][T23664] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1199.430631][T15694] usb 10-1: new high-speed USB device number 16 using dummy_hcd
[ 1199.445927][T23664] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1199.551107][T23672] ip6_vti0: entered promiscuous mode
[ 1199.575375][T23672] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4960'.
[ 1199.593480][T15694] usb 10-1: Using ep0 maxpacket: 32
[ 1199.632707][T15694] usb 10-1: config 0 has an invalid interface number: 184 but max is 0
[ 1199.661771][T15694] usb 10-1: config 0 has no interface number 0
[ 1199.667970][T15694] usb 10-1: config 0 interface 184 has no altsetting 0
[ 1199.686587][T15694] usb 10-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1199.723389][T15694] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1199.751035][T15694] usb 10-1: Product: syz
[ 1199.765522][T15694] usb 10-1: Manufacturer: syz
[ 1199.775646][T15694] usb 10-1: SerialNumber: syz
[ 1199.781168][   T66] hsr_slave_0: left promiscuous mode
[ 1199.800624][T15694] usb 10-1: config 0 descriptor??
[ 1199.812020][   T66] hsr_slave_1: left promiscuous mode
[ 1199.822067][T15694] smsc75xx v1.0.0
[ 1199.823473][   T66] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1199.842864][T23699] netlink: 48 bytes leftover after parsing attributes in process `syz.1.4967'.
[ 1199.854189][   T66] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1199.952171][ T8618] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[ 1200.470479][ T5838] Bluetooth: hci6: command tx timeout
[ 1200.543809][T15694] smsc75xx 10-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[ 1200.712048][ T8618] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1200.958892][T15694] smsc75xx 10-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1200.971744][ T8618] usb 1-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[ 1200.983838][ T8618] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1200.992554][ T8618] usb 1-1: Product: syz
[ 1200.997117][ T8618] usb 1-1: Manufacturer: syz
[ 1201.001908][ T8618] usb 1-1: SerialNumber: syz
[ 1201.022537][ T8618] usb 1-1: config 0 descriptor??
[ 1201.042166][ T8618] usb 1-1: ucan: probing device on interface #0
[ 1201.049073][ T8618] usb 1-1: ucan: invalid EP count (0)
[ 1201.071359][ T8618] usb 1-1: ucan: probe failed; try to update the device firmware
[ 1201.302373][   T66] team0 (unregistering): Port device team_slave_1 removed
[ 1201.403999][   T66] team0 (unregistering): Port device team_slave_0 removed
[ 1201.846574][T23137] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1201.856575][T23592] team0: Port device team_slave_0 added
[ 1201.893779][T23137] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1201.916118][T23592] team0: Port device team_slave_1 added
[ 1201.977972][T15694] smsc75xx 10-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32
[ 1202.004549][T15694] smsc75xx 10-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -32
[ 1202.016919][T23592] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1202.032446][T15694] smsc75xx 10-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -32
[ 1202.045408][T15694] smsc75xx 10-1:0.184: probe with driver smsc75xx failed with error -32
[ 1202.051538][T23592] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1202.112021][T23592] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1202.142737][ T1151] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1202.152048][T23735] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4969'.
[ 1202.161681][ T1151] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1202.184510][ T1151] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1202.210051][ T1151] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1202.241320][T23592] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1202.258646][T23592] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1202.323645][T23592] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1202.723715][T23740] loop7: detected capacity change from 0 to 40427
[ 1202.734672][T23740] F2FS-fs (loop7): invalid crc value
[ 1202.849558][ T5849] usb 1-1: USB disconnect, device number 19
[ 1202.853693][T23740] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[ 1202.869810][T23740] F2FS-fs (loop7): Start checkpoint disabled!
[ 1202.889363][T23740] F2FS-fs (loop7): f2fs_disable_checkpoint() finish, err:0
[ 1202.897241][T23740] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e6
[ 1203.028330][   T31] audit: type=1800 audit(1769958596.661:154): pid=23751 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.4970" name="bus" dev="loop7" ino=10 res=0 errno=0
[ 1203.288033][ T5970] usb 10-1: USB disconnect, device number 16
[ 1203.318846][T23592] hsr_slave_0: entered promiscuous mode
[ 1203.332147][T23592] hsr_slave_1: entered promiscuous mode
[ 1203.338695][T23592] debugfs: 'hsr0' already exists in 'hsr'
[ 1203.347580][T23592] Cannot create hsr debugfs directory
[ 1203.463738][ T1151] kworker/u8:7: attempt to access beyond end of device
[ 1203.463738][ T1151] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1203.527226][ T1151] CPU: 1 UID: 0 PID: 1151 Comm: kworker/u8:7 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1203.527282][ T1151] Tainted: [L]=SOFTLOCKUP
[ 1203.527295][ T1151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 1203.527320][ T1151] Workqueue: writeback wb_workfn (flush-7:7)
[ 1203.527385][ T1151] Call Trace:
[ 1203.527397][ T1151]  <TASK>
[ 1203.527410][ T1151]  dump_stack_lvl+0x100/0x190
[ 1203.527459][ T1151]  f2fs_handle_critical_error+0x5d7/0x970
[ 1203.527523][ T1151]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1203.527570][ T1151]  ? f2fs_build_fault_attr+0x53/0x1f0
[ 1203.527637][ T1151]  f2fs_write_end_io+0xc24/0xf00
[ 1203.527703][ T1151]  ? __pfx_f2fs_write_end_io+0x10/0x10
[ 1203.527770][ T1151]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1203.527825][ T1151]  ? __pfx_f2fs_write_end_io+0x10/0x10
[ 1203.527886][ T1151]  bio_endio+0x755/0x8b0
[ 1203.527947][ T1151]  submit_bio_noacct+0x1b7/0x1e80
[ 1203.528002][ T1151]  __submit_merged_bio+0x331/0x6f0
[ 1203.528068][ T1151]  __submit_merged_write_cond+0x31a/0x3f0
[ 1203.528144][ T1151]  f2fs_write_cache_pages+0x21c8/0x2720
[ 1203.528215][ T1151]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[ 1203.528262][ T1151]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1203.528309][ T1151]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1203.528355][ T1151]  ? do_raw_spin_lock+0x128/0x260
[ 1203.528395][ T1151]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1203.528442][ T1151]  ? nr_blockdev_pages+0xde/0x120
[ 1203.528482][ T1151]  ? nr_blockdev_pages+0xde/0x120
[ 1203.528520][ T1151]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1203.528570][ T1151]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1203.528619][ T1151]  ? do_raw_spin_unlock+0x145/0x1e0
[ 1203.528673][ T1151]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1203.528720][ T1151]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1203.528764][ T1151]  ? f2fs_available_free_memory+0x279/0xa60
[ 1203.528886][ T1151]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1203.528939][ T1151]  f2fs_write_data_pages+0x5a7/0x1060
[ 1203.528979][ T1151]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1203.529037][ T1151]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1203.529097][ T1151]  ? __lock_acquire+0x4a5/0x2630
[ 1203.529155][ T1151]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1203.529199][ T1151]  do_writepages+0x278/0x600
[ 1203.529255][ T1151]  ? __pfx_do_writepages+0x10/0x10
[ 1203.529306][ T1151]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1203.529358][ T1151]  __writeback_single_inode+0x164/0x13c0
[ 1203.529413][ T1151]  ? find_held_lock+0x2b/0x80
[ 1203.529463][ T1151]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1203.529511][ T1151]  ? __pfx___writeback_single_inode+0x10/0x10
[ 1203.529566][ T1151]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1203.529611][ T1151]  ? do_raw_spin_unlock+0x145/0x1e0
[ 1203.529658][ T1151]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1203.529710][ T1151]  writeback_sb_inodes+0x72e/0x1b90
[ 1203.529783][ T1151]  ? do_raw_spin_lock+0x128/0x260
[ 1203.529824][ T1151]  ? __pfx_writeback_sb_inodes+0x10/0x10
[ 1203.529876][ T1151]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1203.529921][ T1151]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1203.529966][ T1151]  ? widen_string+0xdb/0x2f0
[ 1203.530023][ T1151]  ? debug_object_activate+0x331/0x490
[ 1203.530132][ T1151]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1203.530177][ T1151]  ? rcu_is_watching+0x12/0xc0
[ 1203.530224][ T1151]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1203.530269][ T1151]  ? queue_io+0x286/0x4f0
[ 1203.530320][ T1151]  wb_writeback+0x1bc/0xab0
[ 1203.530386][ T1151]  ? __pfx_wb_writeback+0x10/0x10
[ 1203.530437][ T1151]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1203.530496][ T1151]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1203.530541][ T1151]  ? mark_held_locks+0x40/0x70
[ 1203.530609][ T1151]  wb_workfn+0x143/0xbb0
[ 1203.530674][ T1151]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1203.530719][ T1151]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 1203.530767][ T1151]  ? __pfx_wb_workfn+0x10/0x10
[ 1203.530828][ T1151]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1203.530879][ T1151]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1203.530928][ T1151]  ? process_one_work+0x80b/0x1840
[ 1203.530969][ T1151]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1203.531014][ T1151]  ? rcu_is_watching+0x12/0xc0
[ 1203.531068][ T1151]  process_one_work+0x9c2/0x1840
[ 1203.531130][ T1151]  ? __pfx_process_one_work+0x10/0x10
[ 1203.531172][ T1151]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1203.531228][ T1151]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1203.531274][ T1151]  ? assign_work+0x19c/0x250
[ 1203.531316][ T1151]  worker_thread+0x5da/0xe40
[ 1203.531371][ T1151]  ? __pfx_worker_thread+0x10/0x10
[ 1203.531415][ T1151]  ? kthread+0x17d/0x730
[ 1203.531449][ T1151]  ? __pfx_worker_thread+0x10/0x10
[ 1203.531488][ T1151]  kthread+0x3b3/0x730
[ 1203.531526][ T1151]  ? __pfx_kthread+0x10/0x10
[ 1203.531559][ T1151]  ? ret_from_fork+0x79/0xaf0
[ 1203.531598][ T1151]  ? ret_from_fork+0x79/0xaf0
[ 1203.531643][ T1151]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1203.531689][ T1151]  ? rcu_is_watching+0x12/0xc0
[ 1203.531736][ T1151]  ? __pfx_kthread+0x10/0x10
[ 1203.531776][ T1151]  ret_from_fork+0x754/0xaf0
[ 1203.531818][ T1151]  ? __pfx_ret_from_fork+0x10/0x10
[ 1203.531863][ T1151]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1203.531909][ T1151]  ? __switch_to+0x7b9/0x10c0
[ 1203.531959][ T1151]  ? __pfx_kthread+0x10/0x10
[ 1203.531999][ T1151]  ret_from_fork_asm+0x1a/0x30
[ 1203.532083][ T1151]  </TASK>
[ 1203.609149][ T1151] F2FS-fs (loop7): Stopped filesystem due to reason: 3
[ 1206.161802][   T66] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1206.196275][   T66] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1206.951445][   T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1207.065001][   T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1207.318065][T23784] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4979'.
[ 1207.889384][   T31] audit: type=1107 audit(1769958601.551:155): pid=23787 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='OŸ'
[ 1209.087817][T23810] netlink: 4 bytes leftover after parsing attributes in process `syz.8.4982'.
[ 1209.345926][T23810] hsr_slave_1 (unregistering): left promiscuous mode
[ 1209.684903][T23592] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1209.737579][T23592] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1209.784544][T23592] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1209.876022][T23592] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1209.921506][ T5970] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[ 1210.130493][ T5970] usb 8-1: Using ep0 maxpacket: 32
[ 1210.163650][ T5970] usb 8-1: config 0 has an invalid interface number: 184 but max is 0
[ 1210.203538][ T5970] usb 8-1: config 0 has no interface number 0
[ 1210.230062][ T5970] usb 8-1: config 0 interface 184 has no altsetting 0
[ 1210.347542][ T5970] usb 8-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1210.489569][ T5970] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1210.621232][ T5970] usb 8-1: Product: syz
[ 1210.625439][ T5970] usb 8-1: Manufacturer: syz
[ 1212.496270][ T5970] usb 8-1: SerialNumber: syz
[ 1212.532610][ T5970] usb 8-1: config 0 descriptor??
[ 1212.561886][ T5970] smsc75xx v1.0.0
[ 1212.678854][T23592] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1212.784541][T23592] 8021q: adding VLAN 0 to HW filter on device team0
[ 1212.822249][ T5970] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -71
[ 1212.862162][T14893] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1212.869305][T14893] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1212.893094][ T5970] smsc75xx 8-1:0.184: probe with driver smsc75xx failed with error -71
[ 1212.955073][T14893] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1212.962237][T14893] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1212.994083][ T5970] usb 8-1: USB disconnect, device number 10
[ 1213.033462][T23851] netlink: 8 bytes leftover after parsing attributes in process `syz.9.4977'.
[ 1213.089266][T23853] netlink: 'syz.7.4990': attribute type 8 has an invalid length.
[ 1213.130487][T23853] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4990'.
[ 1213.716083][T23864] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4991'.
[ 1214.760558][ T5970] usb 10-1: new high-speed USB device number 17 using dummy_hcd
[ 1214.939637][T23592] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1214.953156][ T5970] usb 10-1: too many endpoints for config 0 interface 0 altsetting 254: 253, using maximum allowed: 30
[ 1214.981256][ T5970] usb 10-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1215.030738][ T5849] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[ 1215.212857][ T5849] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1215.242839][ T5849] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1215.280479][ T5970] usb 10-1: config 0 interface 0 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1215.341962][ T5849] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1215.378944][ T5849] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1215.427230][ T5849] usb 1-1: SerialNumber: syz
[ 1215.683692][ T5849] usb 1-1: 0:2 : does not exist
[ 1215.740395][ T5970] usb 10-1: config 0 interface 0 has no altsetting 0
[ 1215.747219][ T5970] usb 10-1: New USB device found, idVendor=044e, idProduct=120c, bcdDevice= 0.00
[ 1215.780388][ T5970] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1215.807606][ T5970] usb 10-1: config 0 descriptor??
[ 1215.865920][ T5849] usb 1-1: USB disconnect, device number 20
[ 1216.095008][T23440] udevd[23440]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1216.435861][ T5970] usbhid 10-1:0.0: can't add hid device: -71
[ 1216.606557][T23911] loop7: detected capacity change from 0 to 22
[ 1216.619842][T23911] MTD: Attempt to mount non-MTD device "/dev/loop7"
[ 1216.642499][T23911] romfs: bad initial checksum on dev loop7.
[ 1216.775467][T23911] loop7: detected capacity change from 0 to 1024
[ 1216.782588][T23911] EXT4-fs: Ignoring removed oldalloc option
[ 1216.856981][T23911] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[ 1216.871438][T23911] EXT4-fs (loop7): can't mount with both data=journal and delalloc
[ 1216.909551][T23592] veth0_vlan: entered promiscuous mode
[ 1217.462734][ T5970] usbhid 10-1:0.0: probe with driver usbhid failed with error -71
[ 1217.691354][ T5970] usb 10-1: USB disconnect, device number 17
[ 1218.253202][T23592] veth1_vlan: entered promiscuous mode
[ 1218.457611][T23592] veth0_macvtap: entered promiscuous mode
[ 1218.521995][T23592] veth1_macvtap: entered promiscuous mode
[ 1218.674247][T23592] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1218.700971][ T5941] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[ 1218.735525][T23592] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1218.921536][ T5941] usb 2-1: Using ep0 maxpacket: 32
[ 1218.996199][ T5941] usb 2-1: config 0 has an invalid interface number: 184 but max is 0
[ 1219.145126][ T5941] usb 2-1: config 0 has no interface number 0
[ 1219.238136][ T5941] usb 2-1: config 0 interface 184 has no altsetting 0
[ 1219.332970][ T5941] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1219.360443][ T5941] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1219.386233][ T5941] usb 2-1: Product: syz
[ 1219.400402][ T5941] usb 2-1: Manufacturer: syz
[ 1219.413676][ T5941] usb 2-1: SerialNumber: syz
[ 1219.445235][ T5941] usb 2-1: config 0 descriptor??
[ 1219.474339][ T5941] smsc75xx v1.0.0
[ 1220.161002][T23946] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5006'.
[ 1220.204932][ T5941] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[ 1220.275453][ T5941] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1220.584387][ T6755] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1220.595984][ T6755] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1220.605172][ T6755] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1220.703685][ T1151] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1221.193963][T23968] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5011'.
[ 1221.279545][ T5941] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32
[ 1221.291208][ T5941] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -32
[ 1221.314851][ T5941] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -32
[ 1221.324916][ T5941] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -32
[ 1221.456292][   T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1221.470034][   T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1221.846072][   T37] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1221.940462][   T37] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1222.160428][ T5849] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[ 1222.314198][ T5849] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1222.360425][ T5913] usb 8-1: new high-speed USB device number 11 using dummy_hcd
[ 1222.370456][ T5849] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1222.416725][T14565] usb 2-1: USB disconnect, device number 21
[ 1222.427870][ T5849] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1222.451196][T23983] loop9: detected capacity change from 0 to 40427
[ 1222.478539][T23983] F2FS-fs (loop9): invalid crc value
[ 1222.500032][ T5849] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1222.550966][ T5849] usb 1-1: SerialNumber: syz
[ 1222.570609][ T5913] usb 8-1: too many endpoints for config 0 interface 0 altsetting 254: 253, using maximum allowed: 30
[ 1222.599101][ T5913] usb 8-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1222.649571][T23983] F2FS-fs (loop9): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[ 1222.661534][T23983] F2FS-fs (loop9): Start checkpoint disabled!
[ 1222.669713][ T5913] usb 8-1: config 0 interface 0 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1222.669794][ T5913] usb 8-1: config 0 interface 0 has no altsetting 0
[ 1222.669843][ T5913] usb 8-1: New USB device found, idVendor=044e, idProduct=120c, bcdDevice= 0.00
[ 1222.669884][ T5913] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1222.706592][ T5913] usb 8-1: config 0 descriptor??
[ 1222.728935][T23983] F2FS-fs (loop9): f2fs_disable_checkpoint() finish, err:0
[ 1222.738210][T23983] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e6
[ 1222.991964][ T5849] usb 1-1: 0:2 : does not exist
[ 1223.184207][ T5849] usb 1-1: USB disconnect, device number 21
[ 1223.334914][T23998] udevd[23998]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1223.585140][ T5913] usbhid 8-1:0.0: can't add hid device: -71
[ 1223.700020][ T5913] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[ 1223.739303][T24013] netlink: 20 bytes leftover after parsing attributes in process `syz.8.5019'.
[ 1224.060595][ T5913] usb 8-1: USB disconnect, device number 11
[ 1224.582369][T24019] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5021'.
[ 1224.582527][T24021] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5022'.
[ 1225.033866][T23998] udevd[23998]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[ 1225.118838][T24021] hsr_slave_1 (unregistering): left promiscuous mode
[ 1229.276892][T23913] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[ 1229.446916][T23913] usb 9-1: Using ep0 maxpacket: 32
[ 1229.476775][T23913] usb 9-1: config 0 has an invalid interface number: 184 but max is 0
[ 1229.518489][T23913] usb 9-1: config 0 has no interface number 0
[ 1229.538025][T23913] usb 9-1: config 0 interface 184 has no altsetting 0
[ 1229.571352][T23913] usb 9-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1229.606228][T23913] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1229.628424][T23913] usb 9-1: Product: syz
[ 1229.638638][T23913] usb 9-1: Manufacturer: syz
[ 1229.648237][T23913] usb 9-1: SerialNumber: syz
[ 1229.680088][T23913] usb 9-1: config 0 descriptor??
[ 1229.696561][T23913] smsc75xx v1.0.0
[ 1229.855825][T15694] usb 8-1: new low-speed USB device number 12 using dummy_hcd
[ 1230.187521][T15694] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1230.265880][T15694] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1230.340430][T15694] usb 8-1: New USB device found, idVendor=0c70, idProduct=f0b6, bcdDevice= 0.00
[ 1230.410498][T15694] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1230.464225][T23913] smsc75xx 9-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[ 1230.477686][T15694] usb 8-1: config 0 descriptor??
[ 1230.510269][T23913] smsc75xx 9-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1231.245098][T15694] usbhid 8-1:0.0: can't add hid device: -71
[ 1231.367721][T24083] fuse: Bad value for 'fd'
[ 1231.370627][T15694] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[ 1231.413014][T24085] IPVS: length: 218 != 24
[ 1231.420236][T15694] usb 8-1: USB disconnect, device number 12
[ 1231.450313][T24085] syz_tun: entered allmulticast mode
[ 1231.478649][T24081] syz_tun: left allmulticast mode
[ 1231.509892][T23913] smsc75xx 9-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32
[ 1231.548828][T23913] smsc75xx 9-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -32
[ 1231.568800][T23913] smsc75xx 9-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -32
[ 1231.617042][T23913] smsc75xx 9-1:0.184: probe with driver smsc75xx failed with error -32
[ 1231.808929][T24091] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5038'.
[ 1232.259858][T24103] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[ 1233.417722][ T5913] usb 9-1: USB disconnect, device number 2
[ 1234.679025][T23998] udevd[23998]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[ 1235.811638][T24124] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5044'.
[ 1236.275188][T24139] netlink: 68 bytes leftover after parsing attributes in process `syz.8.5048'.
[ 1238.799602][T24161] loop4: detected capacity change from 0 to 128
[ 1238.870811][T24161] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[ 1239.295029][T24168] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5057'.
[ 1241.366546][T24182] vlan2: entered allmulticast mode
[ 1241.371853][T24182] bond0: entered allmulticast mode
[ 1241.377143][T24182] bond_slave_0: entered allmulticast mode
[ 1241.383482][T24182] bond_slave_1: entered allmulticast mode
[ 1241.465626][T24182] netlink: 14 bytes leftover after parsing attributes in process `syz.8.5059'.
[ 1241.783955][T24182] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1241.795057][T24190] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5061'.
[ 1241.868968][T24182] bond_slave_0: left allmulticast mode
[ 1241.923390][T24182] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1241.961256][T24182] bond_slave_1: left allmulticast mode
[ 1242.013682][T24182] bond0 (unregistering): Released all slaves
[ 1242.526721][T24210] syzkaller0: entered promiscuous mode
[ 1242.587735][T24210] syzkaller0: entered allmulticast mode
[ 1245.390448][  T792] usb 9-1: new low-speed USB device number 3 using dummy_hcd
[ 1245.598572][  T792] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1245.643862][  T792] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1245.690416][  T792] usb 9-1: New USB device found, idVendor=0c70, idProduct=f0b6, bcdDevice= 0.00
[ 1245.734513][  T792] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1245.785750][  T792] usb 9-1: config 0 descriptor??
[ 1246.300657][  T792] usbhid 9-1:0.0: can't add hid device: -71
[ 1246.306845][  T792] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[ 1246.362819][T24248] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[ 1246.391684][  T792] usb 9-1: USB disconnect, device number 3
[ 1246.629011][T24252] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci6/hci6:200/input14
[ 1247.183916][T24264] netlink: 'syz.4.5082': attribute type 1 has an invalid length.
[ 1247.355235][T24272] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5082'.
[ 1248.561003][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[ 1248.592594][ T1296] lec:lec_start_xmit: lec0:No lecd attached
[ 1249.462928][T24296] loop4: detected capacity change from 0 to 128
[ 1249.470968][T24296] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[ 1249.592260][T24292] syzkaller0: entered promiscuous mode
[ 1249.597835][T24292] syzkaller0: entered allmulticast mode
[ 1250.651780][  T792] usb 5-1: new low-speed USB device number 3 using dummy_hcd
[ 1250.835467][  T792] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1250.897778][  T792] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1250.968909][  T792] usb 5-1: New USB device found, idVendor=0c70, idProduct=f0b6, bcdDevice= 0.00
[ 1250.988222][T24319] loop8: detected capacity change from 0 to 32768
[ 1251.005979][T24319] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.5095 (24319)
[ 1251.032237][T24319] BTRFS info (device loop8): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[ 1251.042450][T24319] BTRFS info (device loop8): using crc32c (crc32c-lib) checksum algorithm
[ 1251.051089][T24319] BTRFS warning (device loop8): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[ 1251.069429][  T792] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1251.177887][  T792] usb 5-1: config 0 descriptor??
[ 1251.260616][T24319] BTRFS info (device loop8): rebuilding free space tree
[ 1251.340737][T24319] BTRFS info (device loop8): disabling free space tree
[ 1251.347644][T24319] BTRFS info (device loop8): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[ 1251.357446][T24319] BTRFS info (device loop8): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[ 1251.432236][T24319] BTRFS info (device loop8): enabling ssd optimizations
[ 1251.439212][T24319] BTRFS info (device loop8): turning on async discard
[ 1251.446298][T24319] BTRFS info (device loop8): enabling disk space caching
[ 1251.453462][T24319] BTRFS info (device loop8): force clearing of disk cache
[ 1251.460616][T24319] BTRFS info (device loop8): use zstd compression, level 3
[ 1251.645642][  T792] usbhid 5-1:0.0: can't add hid device: -71
[ 1251.905999][  T792] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1252.494377][T23137] BTRFS info (device loop8): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[ 1252.513859][T15694] IPVS: starting estimator thread 0...
[ 1252.541651][  T792] usb 5-1: USB disconnect, device number 3
[ 1252.711509][T24356] IPVS: using max 23 ests per chain, 55200 per kthread
[ 1253.445965][T24365] netlink: 12 bytes leftover after parsing attributes in process `syz.7.5102'.
[ 1254.150728][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5560 ms
[ 1254.158925][    C1] lec:lec_tx_timeout: lec0
[ 1254.163701][    C1] lec:lec_start_xmit: lec0:No lecd attached
[ 1254.191724][T24382] netlink: 4 bytes leftover after parsing attributes in process `syz.9.5109'.
[ 1255.522537][T24398] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[ 1256.016683][T24408] netlink: 'syz.9.5115': attribute type 1 has an invalid length.
[ 1256.151298][T24406] loop8: detected capacity change from 0 to 40427
[ 1256.172373][T24406] F2FS-fs (loop8): invalid crc value
[ 1256.273734][T24406] F2FS-fs (loop8): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[ 1256.287673][T24406] F2FS-fs (loop8): Start checkpoint disabled!
[ 1256.305351][T24406] F2FS-fs (loop8): f2fs_disable_checkpoint() finish, err:0
[ 1256.313200][T24406] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e6
[ 1256.348140][T24414] netlink: 28 bytes leftover after parsing attributes in process `syz.9.5115'.
[ 1256.459833][   T31] audit: type=1800 audit(1769958650.121:156): pid=24419 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.5114" name="bus" dev="loop8" ino=10 res=0 errno=0
[ 1256.537889][T24419] syz.8.5114: attempt to access beyond end of device
[ 1256.537889][T24419] loop8: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[ 1256.563539][T24419] syz.8.5114: attempt to access beyond end of device
[ 1256.563539][T24419] loop8: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1256.582194][T24419] syz.8.5114: attempt to access beyond end of device
[ 1256.582194][T24419] loop8: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1256.599749][T24419] syz.8.5114: attempt to access beyond end of device
[ 1256.599749][T24419] loop8: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1256.622430][T24419] syz.8.5114: attempt to access beyond end of device
[ 1256.622430][T24419] loop8: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1256.652022][T24419] syz.8.5114: attempt to access beyond end of device
[ 1256.652022][T24419] loop8: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[ 1256.796908][T24419] syz.8.5114: attempt to access beyond end of device
[ 1256.796908][T24419] loop8: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1257.378101][ T1095] kworker/u8:5: attempt to access beyond end of device
[ 1257.378101][ T1095] loop8: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[ 1257.514072][T23913] usb 10-1: new low-speed USB device number 18 using dummy_hcd
[ 1257.679364][ T1095] CPU: 1 UID: 0 PID: 1095 Comm: kworker/u8:5 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1257.679429][ T1095] Tainted: [L]=SOFTLOCKUP
[ 1257.679443][ T1095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 1257.679469][ T1095] Workqueue: writeback wb_workfn (flush-7:8)
[ 1257.679536][ T1095] Call Trace:
[ 1257.679548][ T1095]  <TASK>
[ 1257.679562][ T1095]  dump_stack_lvl+0x100/0x190
[ 1257.679612][ T1095]  f2fs_handle_critical_error+0x5d7/0x970
[ 1257.679697][ T1095]  f2fs_write_end_io+0xc24/0xf00
[ 1257.679764][ T1095]  ? __pfx_f2fs_write_end_io+0x10/0x10
[ 1257.679832][ T1095]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1257.679889][ T1095]  ? __pfx_f2fs_write_end_io+0x10/0x10
[ 1257.679952][ T1095]  bio_endio+0x755/0x8b0
[ 1257.680016][ T1095]  submit_bio_noacct+0x1b7/0x1e80
[ 1257.680072][ T1095]  __submit_merged_bio+0x331/0x6f0
[ 1257.680141][ T1095]  __submit_merged_write_cond+0x31a/0x3f0
[ 1257.680217][ T1095]  f2fs_write_cache_pages+0x21c8/0x2720
[ 1257.680284][ T1095]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[ 1257.680332][ T1095]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1257.680381][ T1095]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1257.680426][ T1095]  ? do_raw_spin_lock+0x128/0x260
[ 1257.680468][ T1095]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1257.680516][ T1095]  ? nr_blockdev_pages+0xde/0x120
[ 1257.680557][ T1095]  ? nr_blockdev_pages+0xde/0x120
[ 1257.680596][ T1095]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1257.680651][ T1095]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1257.680696][ T1095]  ? do_raw_spin_unlock+0x145/0x1e0
[ 1257.680752][ T1095]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1257.680799][ T1095]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1257.680845][ T1095]  ? f2fs_available_free_memory+0x279/0xa60
[ 1257.680969][ T1095]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1257.681026][ T1095]  f2fs_write_data_pages+0x5a7/0x1060
[ 1257.681065][ T1095]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1257.681125][ T1095]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1257.681185][ T1095]  ? __lock_acquire+0x4a5/0x2630
[ 1257.681243][ T1095]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1257.681289][ T1095]  do_writepages+0x278/0x600
[ 1257.681346][ T1095]  ? __pfx_do_writepages+0x10/0x10
[ 1257.681406][ T1095]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1257.681461][ T1095]  __writeback_single_inode+0x164/0x13c0
[ 1257.681515][ T1095]  ? find_held_lock+0x2b/0x80
[ 1257.681565][ T1095]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1257.681615][ T1095]  ? __pfx___writeback_single_inode+0x10/0x10
[ 1257.681674][ T1095]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1257.681720][ T1095]  ? do_raw_spin_unlock+0x145/0x1e0
[ 1257.681763][ T1095]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1257.681816][ T1095]  writeback_sb_inodes+0x72e/0x1b90
[ 1257.681890][ T1095]  ? do_raw_spin_lock+0x128/0x260
[ 1257.681932][ T1095]  ? __pfx_writeback_sb_inodes+0x10/0x10
[ 1257.681987][ T1095]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1257.682033][ T1095]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1257.682079][ T1095]  ? widen_string+0xdb/0x2f0
[ 1257.682137][ T1095]  ? debug_object_activate+0x331/0x490
[ 1257.682247][ T1095]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1257.682293][ T1095]  ? rcu_is_watching+0x12/0xc0
[ 1257.682340][ T1095]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1257.682385][ T1095]  ? queue_io+0x286/0x4f0
[ 1257.682437][ T1095]  wb_writeback+0x1bc/0xab0
[ 1257.682501][ T1095]  ? __pfx_wb_writeback+0x10/0x10
[ 1257.682553][ T1095]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1257.682611][ T1095]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1257.682667][ T1095]  ? mark_held_locks+0x40/0x70
[ 1257.682736][ T1095]  wb_workfn+0x143/0xbb0
[ 1257.682795][ T1095]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1257.682841][ T1095]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 1257.682888][ T1095]  ? __pfx_wb_workfn+0x10/0x10
[ 1257.682948][ T1095]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1257.682999][ T1095]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1257.683047][ T1095]  ? process_one_work+0x80b/0x1840
[ 1257.683088][ T1095]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1257.683134][ T1095]  ? rcu_is_watching+0x12/0xc0
[ 1257.683188][ T1095]  process_one_work+0x9c2/0x1840
[ 1257.683250][ T1095]  ? __pfx_process_one_work+0x10/0x10
[ 1257.683292][ T1095]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1257.683349][ T1095]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1257.683395][ T1095]  ? assign_work+0x19c/0x250
[ 1257.683476][ T1095]  worker_thread+0x5da/0xe40
[ 1257.683537][ T1095]  ? kthread+0x17d/0x730
[ 1257.683570][ T1095]  ? __pfx_worker_thread+0x10/0x10
[ 1257.683608][ T1095]  kthread+0x3b3/0x730
[ 1257.683659][ T1095]  ? __pfx_kthread+0x10/0x10
[ 1257.683692][ T1095]  ? ret_from_fork+0x79/0xaf0
[ 1257.683732][ T1095]  ? ret_from_fork+0x79/0xaf0
[ 1257.683771][ T1095]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1257.683816][ T1095]  ? rcu_is_watching+0x12/0xc0
[ 1257.683864][ T1095]  ? __pfx_kthread+0x10/0x10
[ 1257.683904][ T1095]  ret_from_fork+0x754/0xaf0
[ 1257.683947][ T1095]  ? __pfx_ret_from_fork+0x10/0x10
[ 1257.683991][ T1095]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1257.684037][ T1095]  ? __switch_to+0x7b9/0x10c0
[ 1257.684087][ T1095]  ? __pfx_kthread+0x10/0x10
[ 1257.684127][ T1095]  ret_from_fork_asm+0x1a/0x30
[ 1257.684211][ T1095]  </TASK>
[ 1258.743537][ T1095] F2FS-fs (loop8): Stopped filesystem due to reason: 3
[ 1258.882625][T23913] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1258.945140][T23913] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1258.977585][T23913] usb 10-1: New USB device found, idVendor=0c70, idProduct=f0b6, bcdDevice= 0.00
[ 1259.012407][T23913] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1259.044548][T23913] usb 10-1: config 0 descriptor??
[ 1259.191105][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5030 ms
[ 1259.199301][    C1] lec:lec_tx_timeout: lec0
[ 1261.710069][T23913] usbhid 10-1:0.0: can't add hid device: -71
[ 1261.760869][T23913] usbhid 10-1:0.0: probe with driver usbhid failed with error -71
[ 1261.870586][T23913] usb 10-1: USB disconnect, device number 18
[ 1262.752072][T24470] netlink: 'syz.8.5131': attribute type 1 has an invalid length.
[ 1262.930637][T14565] usb 10-1: new high-speed USB device number 19 using dummy_hcd
[ 1262.965602][T24475] netlink: 28 bytes leftover after parsing attributes in process `syz.8.5131'.
[ 1263.258986][T21788] IPVS: starting estimator thread 0...
[ 1263.300792][T14565] usb 10-1: Using ep0 maxpacket: 32
[ 1263.307467][T24474] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1263.322974][T14565] usb 10-1: config 0 has an invalid interface number: 188 but max is 0
[ 1263.378411][T14565] usb 10-1: config 0 has no interface number 0
[ 1263.410461][T24482] IPVS: using max 24 ests per chain, 57600 per kthread
[ 1263.418875][T14565] usb 10-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[ 1263.483949][T14565] usb 10-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[ 1263.527670][T14565] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1263.570692][T14565] usb 10-1: Product: syz
[ 1263.591150][T14565] usb 10-1: Manufacturer: syz
[ 1263.608752][T14565] usb 10-1: SerialNumber: syz
[ 1263.653748][T14565] usb 10-1: config 0 descriptor??
[ 1263.680856][T24466] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[ 1263.840046][T24474] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1263.921813][T24488] netlink: 12 bytes leftover after parsing attributes in process `syz.8.5134'.
[ 1263.931390][T24466] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[ 1264.424682][T24494] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[ 1264.442721][T24480] ip6_vti0: entered promiscuous mode
[ 1264.449285][T24480] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5133'.
[ 1266.803682][T14565] asix 10-1:0.188 (unnamed net_device) (uninitialized): Failed to write reg index 0x0012: -71
[ 1267.180651][T14565] asix 10-1:0.188: probe with driver asix failed with error -71
[ 1267.400857][T14565] usb 10-1: USB disconnect, device number 19
[ 1269.380495][T23275] Bluetooth: hci6: command 0x0405 tx timeout
[ 1271.152664][   T31] audit: type=1326 audit(1769958664.741:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24528 comm="syz.4.5143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5aa899aeb9 code=0x7ffc0000
[ 1271.608584][   T31] audit: type=1326 audit(1769958664.771:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24528 comm="syz.4.5143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f5aa8994cd7 code=0x7ffc0000
[ 1271.730573][   T31] audit: type=1326 audit(1769958664.771:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24528 comm="syz.4.5143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5aa893c2d9 code=0x7ffc0000
[ 1271.839135][T24538] netlink: 'syz.8.5146': attribute type 1 has an invalid length.
[ 1271.848688][   T31] audit: type=1326 audit(1769958664.771:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24528 comm="syz.4.5143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f5aa8994cd7 code=0x7ffc0000
[ 1271.921934][T24538] netlink: 28 bytes leftover after parsing attributes in process `syz.8.5146'.
[ 1271.949875][   T31] audit: type=1326 audit(1769958664.781:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24528 comm="syz.4.5143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5aa893c2d9 code=0x7ffc0000
[ 1272.019944][   T31] audit: type=1326 audit(1769958664.781:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24528 comm="syz.4.5143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f5aa8994cd7 code=0x7ffc0000
[ 1272.044502][   T31] audit: type=1326 audit(1769958664.781:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24528 comm="syz.4.5143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5aa893c2d9 code=0x7ffc0000
[ 1272.090447][   T31] audit: type=1326 audit(1769958664.791:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24528 comm="syz.4.5143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f5aa899aeb9 code=0x7ffc0000
[ 1272.184657][   T31] audit: type=1326 audit(1769958664.791:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24528 comm="syz.4.5143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f5aa8994cd7 code=0x7ffc0000
[ 1274.237585][   T31] audit: type=1326 audit(1769958664.801:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24528 comm="syz.4.5143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5aa893c2d9 code=0x7ffc0000
[ 1274.518499][T24549] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:34 to non-existent VLAN 2560
[ 1274.903082][T24557] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5150'.
[ 1275.154083][T24562] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1275.397888][T24562] loop8: detected capacity change from 0 to 512
[ 1276.335995][T24562] EXT4-fs error (device loop8): ext4_validate_block_bitmap:440: comm syz.8.5151: bg 0: block 393: padding at end of block bitmap is not set
[ 1276.440868][T24580] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5154'.
[ 1276.465041][T24562] EXT4-fs error (device loop8) in ext4_mb_clear_bb:6689: Corrupt filesystem
[ 1276.524281][T24562] EXT4-fs (loop8): 2 truncates cleaned up
[ 1276.531943][T24584] ip_vti0: entered promiscuous mode
[ 1276.577464][T24562] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1276.601912][T24584] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5155'.
[ 1276.680593][T24586] netlink: 'syz.1.5156': attribute type 10 has an invalid length.
[ 1278.411886][T24601] netlink: 'syz.9.5160': attribute type 1 has an invalid length.
[ 1278.474321][T24601] netlink: 28 bytes leftover after parsing attributes in process `syz.9.5160'.
[ 1282.847440][T24635] netlink: 8 bytes leftover after parsing attributes in process `syz.9.5166'.
[ 1284.534624][   T31] kauditd_printk_skb: 57 callbacks suppressed
[ 1284.534676][   T31] audit: type=1326 audit(1769958678.201:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24658 comm="syz.0.5175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f900bf94cd7 code=0x7ffc0000
[ 1284.755059][T14565] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[ 1284.767303][   T31] audit: type=1326 audit(1769958678.201:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24658 comm="syz.0.5175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f900bf3c2d9 code=0x7ffc0000
[ 1284.853292][   T31] audit: type=1326 audit(1769958678.231:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24658 comm="syz.0.5175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f900bf94cd7 code=0x7ffc0000
[ 1285.067236][T14565] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1285.130049][   T31] audit: type=1326 audit(1769958678.241:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24658 comm="syz.0.5175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f900bf3c2d9 code=0x7ffc0000
[ 1285.153486][   T31] audit: type=1326 audit(1769958678.241:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24658 comm="syz.0.5175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f900bf9aeb9 code=0x7ffc0000
[ 1285.194255][T14565] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1285.205842][   T31] audit: type=1326 audit(1769958678.331:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24658 comm="syz.0.5175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f900bf94cd7 code=0x7ffc0000
[ 1285.237153][T14565] usb 5-1: config 1 interface 0 altsetting 0 has an invalid endpoint descriptor of length 6, skipping
[ 1285.945816][   T31] audit: type=1326 audit(1769958678.331:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24658 comm="syz.0.5175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f900bf3c2d9 code=0x7ffc0000
[ 1285.968724][   T31] audit: type=1326 audit(1769958678.391:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24658 comm="syz.0.5175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f900bf94cd7 code=0x7ffc0000
[ 1286.024972][T14565] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1286.038023][   T31] audit: type=1326 audit(1769958678.391:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24658 comm="syz.0.5175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f900bf3c2d9 code=0x7ffc0000
[ 1286.124734][T14565] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1286.155036][T14565] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1286.160485][   T31] audit: type=1326 audit(1769958678.401:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24658 comm="syz.0.5175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f900bf94cd7 code=0x7ffc0000
[ 1286.183990][T14565] usb 5-1: SerialNumber: syz
[ 1286.454030][T14565] usb 5-1: 0:2 : does not exist
[ 1286.472379][T14565] usb 5-1: unit 5 not found!
[ 1286.475013][T24679] netlink: 12 bytes leftover after parsing attributes in process `syz.7.5180'.
[ 1286.555978][T14565] usb 5-1: USB disconnect, device number 4
[ 1286.668772][T23998] udevd[23998]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1287.741640][T24686] binder: 24678:24686 ioctl 0 200000000040 returned -22
[ 1287.987166][T24686] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[ 1288.420103][T24696] netlink: 8 bytes leftover after parsing attributes in process `syz.9.5182'.
[ 1289.534856][T24711] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5184'.
[ 1289.701793][T24715] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5183'.
[ 1290.538162][T24741] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5191'.
[ 1291.382684][T23275] Bluetooth: hci5: command 0x0406 tx timeout
[ 1292.462915][T23998] udevd[23998]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[ 1293.689420][T23137] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1295.926234][T24778] netlink: 12 bytes leftover after parsing attributes in process `syz.9.5200'.
[ 1296.918386][T23275] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1297.001551][T23275] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1297.114429][T23275] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1297.385038][T24779] binder: 24774:24779 ioctl 0 200000000040 returned -22
[ 1297.473793][T23275] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1297.720747][T23275] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1297.892555][T24779] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR
[ 1299.103208][T24803] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5206'.
[ 1299.200932][T24803] netem: incorrect gi model size
[ 1299.213321][T24803] netem: change failed
[ 1299.490552][   T31] kauditd_printk_skb: 24 callbacks suppressed
[ 1299.490580][   T31] audit: type=1326 audit(1769958693.151:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24811 comm="syz.4.5208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5aa899aeb9 code=0x7ffc0000
[ 1299.541241][   T31] audit: type=1326 audit(1769958693.151:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24811 comm="syz.4.5208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5aa899aeb9 code=0x7ffc0000
[ 1299.574584][   T37] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1299.830471][T23275] Bluetooth: hci0: command tx timeout
[ 1299.839221][T24826] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[ 1300.464174][   T37] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1300.677102][T24826] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[ 1301.108467][   T37] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1301.301996][T24856] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5201'.
[ 1301.450482][T21788] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[ 1301.541662][   T37] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1301.910844][T23275] Bluetooth: hci0: command tx timeout
[ 1302.019658][T21788] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1302.060581][T14565] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[ 1303.281250][T21788] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1303.294018][T21788] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1303.303305][T21788] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1303.311758][T21788] usb 1-1: SerialNumber: syz
[ 1303.440348][T14565] usb 2-1: Using ep0 maxpacket: 32
[ 1303.459027][T14565] usb 2-1: config 0 has an invalid interface number: 184 but max is 0
[ 1303.488612][T14565] usb 2-1: config 0 has no interface number 0
[ 1303.496657][T14565] usb 2-1: config 0 interface 184 has no altsetting 0
[ 1303.533982][T14565] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1303.546587][T21788] usb 1-1: 0:2 : does not exist
[ 1303.569849][T21788] usb 1-1: unit 5 not found!
[ 1303.579576][T14565] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1303.612862][T14565] usb 2-1: Product: syz
[ 1303.624890][T14565] usb 2-1: Manufacturer: syz
[ 1303.629502][T14565] usb 2-1: SerialNumber: syz
[ 1303.676926][T24784] chnl_net:caif_netlink_parms(): no params data found
[ 1303.684129][T21788] usb 1-1: USB disconnect, device number 22
[ 1303.729173][T14565] usb 2-1: config 0 descriptor??
[ 1303.752223][T14565] smsc75xx v1.0.0
[ 1303.771211][T24893] netlink: 8 bytes leftover after parsing attributes in process `syz.9.5225'.
[ 1303.819457][T23998] udevd[23998]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1303.991751][ T5838] Bluetooth: hci0: command tx timeout
[ 1304.153688][   T37] bridge_slave_1: left allmulticast mode
[ 1304.176148][   T37] bridge_slave_1: left promiscuous mode
[ 1304.221087][   T37] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1304.446154][   T37] bridge_slave_0: left allmulticast mode
[ 1304.530068][   T37] bridge_slave_0: left promiscuous mode
[ 1304.676005][   T37] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1304.937317][T14565] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[ 1305.050334][T14565] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1305.508205][T14565] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32
[ 1305.561984][T14565] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -32
[ 1305.602569][T14565] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[ 1305.625294][T14565] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -32
[ 1305.673286][T14565] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -32
[ 1306.073160][ T5838] Bluetooth: hci0: command tx timeout
[ 1306.334664][   T37] bond0 (unregistering): Released all slaves
[ 1306.418846][T24943] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5231'.
[ 1306.487581][ T5942] usb 2-1: USB disconnect, device number 22
[ 1306.651774][T24784] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1306.658942][T24784] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1307.638672][T24784] bridge_slave_0: entered allmulticast mode
[ 1307.660653][T24784] bridge_slave_0: entered promiscuous mode
[ 1307.943125][T24784] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1307.969162][T24784] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1308.030634][T24784] bridge_slave_1: entered allmulticast mode
[ 1308.038816][T24784] bridge_slave_1: entered promiscuous mode
[ 1309.524004][T24784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1309.587629][T24784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1309.690408][T21788] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[ 1309.791494][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[ 1309.824277][ T1296] lec:lec_start_xmit: lec0:No lecd attached
[ 1310.610574][T21788] usb 8-1: Using ep0 maxpacket: 32
[ 1310.640841][T21788] usb 8-1: config 0 has an invalid interface number: 184 but max is 0
[ 1310.649313][T21788] usb 8-1: config 0 has no interface number 0
[ 1310.656308][T21788] usb 8-1: config 0 interface 184 has no altsetting 0
[ 1310.666666][T21788] usb 8-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1310.677520][T21788] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1310.713004][T21788] usb 8-1: Product: syz
[ 1310.774516][T21788] usb 8-1: Manufacturer: syz
[ 1310.790185][T21788] usb 8-1: SerialNumber: syz
[ 1310.803292][   T37] hsr_slave_0: left promiscuous mode
[ 1310.813673][T21788] usb 8-1: config 0 descriptor??
[ 1310.834950][   T37] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1310.842249][T21788] smsc75xx v1.0.0
[ 1310.886487][   T37] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1310.925628][   T37] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1310.961112][   T37] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1311.214052][T25034] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5253'.
[ 1311.228096][   T37] veth1_macvtap: left promiscuous mode
[ 1311.269179][   T37] veth0_macvtap: left promiscuous mode
[ 1311.310264][   T37] veth1_vlan: left promiscuous mode
[ 1311.341540][   T37] veth0_vlan: left promiscuous mode
[ 1311.570823][T25048] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5253'.
[ 1311.979958][T21788] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[ 1312.013930][T21788] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1312.437995][T21788] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32
[ 1312.477854][T21788] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -32
[ 1312.497445][T21788] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[ 1312.512760][T21788] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -32
[ 1312.534567][T21788] smsc75xx 8-1:0.184: probe with driver smsc75xx failed with error -32
[ 1313.553262][ T5913] usb 8-1: USB disconnect, device number 13
[ 1315.190320][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5360 ms
[ 1315.198440][    C1] lec:lec_tx_timeout: lec0
[ 1315.591003][   T37] team0 (unregistering): Port device team_slave_1 removed
[ 1315.798390][   T37] team0 (unregistering): Port device team_slave_0 removed
[ 1316.384751][T24784] team0: Port device team_slave_0 added
[ 1316.456529][T24784] team0: Port device team_slave_1 added
[ 1316.637998][T24784] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1316.680429][T24784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1316.768540][T24784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1316.849191][T24784] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1316.891468][T24784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1317.017609][T24784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1318.748958][T24784] hsr_slave_0: entered promiscuous mode
[ 1318.799616][T24784] hsr_slave_1: entered promiscuous mode
[ 1318.874821][T24784] debugfs: 'hsr0' already exists in 'hsr'
[ 1318.882989][T24784] Cannot create hsr debugfs directory
[ 1318.959828][ T5838] Bluetooth: hci0: command 0x0405 tx timeout
[ 1319.033845][   T37] IPVS: stop unused estimator thread 0...
[ 1319.090408][ T5913] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[ 1319.261301][ T5913] usb 1-1: Using ep0 maxpacket: 32
[ 1319.294208][ T5913] usb 1-1: config 0 has an invalid interface number: 184 but max is 0
[ 1319.318213][ T5913] usb 1-1: config 0 has no interface number 0
[ 1319.333815][ T5913] usb 1-1: config 0 interface 184 has no altsetting 0
[ 1319.362504][ T5913] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1319.386315][T25153] binder: BINDER_SET_CONTEXT_MGR already set
[ 1319.397615][ T5913] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1319.417925][T25153] binder: 25147:25153 ioctl 4018620d 200000000040 returned -16
[ 1319.451417][T25152] netlink: 'syz.4.5275': attribute type 39 has an invalid length.
[ 1319.462720][ T5913] usb 1-1: Product: syz
[ 1319.466895][ T5913] usb 1-1: Manufacturer: syz
[ 1319.480945][ T5913] usb 1-1: SerialNumber: syz
[ 1319.506018][ T5913] usb 1-1: config 0 descriptor??
[ 1319.530236][ T5913] smsc75xx v1.0.0
[ 1319.754633][ T5913] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[ 1319.783136][ T5913] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -22
[ 1320.737358][T25164] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5277'.
[ 1320.979458][T25167] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5277'.
[ 1321.817814][T25181] netlink: 60 bytes leftover after parsing attributes in process `syz.7.5282'.
[ 1321.890982][T25182] netlink: 60 bytes leftover after parsing attributes in process `syz.7.5282'.
[ 1321.994292][ T5913] usb 1-1: USB disconnect, device number 23
[ 1322.022694][T25186] netlink: 60 bytes leftover after parsing attributes in process `syz.7.5282'.
[ 1322.548512][T24784] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1322.735414][T24784] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1324.029252][T25216] binder: BINDER_SET_CONTEXT_MGR already set
[ 1324.068949][T25216] binder: 25209:25216 ioctl 4018620d 200000000040 returned -16
[ 1324.082049][T24784] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1324.144301][T24784] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1324.270898][T25236] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5290'.
[ 1324.511674][T25238] syzkaller0: entered promiscuous mode
[ 1324.544990][T25238] syzkaller0: entered allmulticast mode
[ 1324.820106][T25247] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5293'.
[ 1325.008464][T25251] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5293'.
[ 1325.180254][T24784] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1325.210375][T15694] usb 10-1: new high-speed USB device number 20 using dummy_hcd
[ 1325.266924][T24784] 8021q: adding VLAN 0 to HW filter on device team0
[ 1325.327352][ T6754] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1325.334627][ T6754] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1325.420928][T15694] usb 10-1: Using ep0 maxpacket: 32
[ 1325.428806][T15694] usb 10-1: config 0 has an invalid interface number: 184 but max is 0
[ 1325.446665][T15694] usb 10-1: config 0 has no interface number 0
[ 1325.455705][T15694] usb 10-1: config 0 interface 184 has no altsetting 0
[ 1325.467930][T15694] usb 10-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1325.504179][T15694] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1325.539098][T15694] usb 10-1: Product: syz
[ 1325.556700][T15694] usb 10-1: Manufacturer: syz
[ 1325.580590][T15694] usb 10-1: SerialNumber: syz
[ 1325.608709][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1325.609393][T15694] usb 10-1: config 0 descriptor??
[ 1325.615911][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1325.674402][T15694] smsc75xx v1.0.0
[ 1325.691145][T15694] smsc75xx 10-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[ 1325.766535][T15694] smsc75xx 10-1:0.184: probe with driver smsc75xx failed with error -22
[ 1326.189532][T25287] netlink: 12 bytes leftover after parsing attributes in process `syz.7.5301'.
[ 1327.562410][T24784] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1327.596342][T25315] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5307'.
[ 1327.973077][T25323] syzkaller0: entered promiscuous mode
[ 1327.991688][T15694] usb 10-1: USB disconnect, device number 20
[ 1328.008094][T25323] syzkaller0: entered allmulticast mode
[ 1328.260511][T18983] lec:lec_start_xmit: lec0:No lecd attached
[ 1328.278538][T25333] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5312'.
[ 1328.398635][T25335] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5312'.
[ 1329.113302][T24784] veth0_vlan: entered promiscuous mode
[ 1329.345755][T24784] veth1_vlan: entered promiscuous mode
[ 1329.426845][T24784] veth0_macvtap: entered promiscuous mode
[ 1330.985190][T24784] veth1_macvtap: entered promiscuous mode
[ 1331.145011][T24784] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1331.247819][T24784] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1331.390779][T25375] netlink: 'syz.9.5320': attribute type 8 has an invalid length.
[ 1331.398646][T25375] netlink: 4 bytes leftover after parsing attributes in process `syz.9.5320'.
[ 1331.517319][T15672] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1331.541850][ T1095] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1331.587082][ T1095] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1331.623844][ T1095] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1332.049499][T15672] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1332.079264][T15672] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1332.331129][ T6755] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1332.339027][ T6755] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1332.731546][T25399] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[ 1332.792883][T25396] syzkaller0: entered promiscuous mode
[ 1332.879334][T25396] syzkaller0: entered allmulticast mode
[ 1332.937105][T25403] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5329'.
[ 1333.000254][T25406] loop6: detected capacity change from 0 to 128
[ 1333.010663][T25406] UDF-fs: error (device loop6): udf_read_tagged: read failed, block=256, location=256
[ 1333.127171][T25407] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5329'.
[ 1333.270603][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[ 1333.278713][    C1] lec:lec_tx_timeout: lec0
[ 1336.057913][T25426] netlink: 'syz.7.5334': attribute type 8 has an invalid length.
[ 1336.078649][T25427] tipc: Started in network mode
[ 1336.092766][T25427] tipc: Node identity 6eb8d5b674d9, cluster identity 4711
[ 1336.130530][T25427] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1336.139055][T25426] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5334'.
[ 1336.415783][T25427] syzkaller0: entered promiscuous mode
[ 1336.422965][T25427] syzkaller0: entered allmulticast mode
[ 1336.451270][T25427] tipc: Resetting bearer <eth:syzkaller0>
[ 1336.528503][T25433] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5337'.
[ 1336.592522][T25425] tipc: Resetting bearer <eth:syzkaller0>
[ 1337.660618][T25440] binder: 25432:25440 ioctl 0 200000000040 returned -22
[ 1338.728470][T25445] loop6: detected capacity change from 0 to 40427
[ 1338.752769][T25445] F2FS-fs (loop6): invalid crc value
[ 1338.839504][T25445] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[ 1338.849269][T25445] F2FS-fs (loop6): Start checkpoint disabled!
[ 1338.858539][T25445] F2FS-fs (loop6): f2fs_disable_checkpoint() finish, err:0
[ 1338.866590][T25445] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6
[ 1338.979832][T25450] syz.6.5333: attempt to access beyond end of device
[ 1338.979832][T25450] loop6: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[ 1338.994523][   T31] audit: type=1800 audit(1769958732.641:260): pid=25450 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.5333" name="bus" dev="loop6" ino=10 res=0 errno=0
[ 1339.017733][T25450] syz.6.5333: attempt to access beyond end of device
[ 1339.017733][T25450] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1339.046831][T25450] syz.6.5333: attempt to access beyond end of device
[ 1339.046831][T25450] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1339.067105][T25450] syz.6.5333: attempt to access beyond end of device
[ 1339.067105][T25450] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1341.133657][ T6754] kworker/u8:11: attempt to access beyond end of device
[ 1341.133657][ T6754] loop6: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[ 1341.176269][ T6754] CPU: 1 UID: 0 PID: 6754 Comm: kworker/u8:11 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1341.176329][ T6754] Tainted: [L]=SOFTLOCKUP
[ 1341.176344][ T6754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 1341.176370][ T6754] Workqueue: writeback wb_workfn (flush-7:6)
[ 1341.176445][ T6754] Call Trace:
[ 1341.176457][ T6754]  <TASK>
[ 1341.176472][ T6754]  dump_stack_lvl+0x100/0x190
[ 1341.176522][ T6754]  f2fs_handle_critical_error+0x5d7/0x970
[ 1341.176586][ T6754]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1341.176633][ T6754]  ? f2fs_build_fault_attr+0x53/0x1f0
[ 1341.176696][ T6754]  f2fs_write_end_io+0xc24/0xf00
[ 1341.176765][ T6754]  ? __pfx_f2fs_write_end_io+0x10/0x10
[ 1341.176832][ T6754]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1341.176888][ T6754]  ? __pfx_f2fs_write_end_io+0x10/0x10
[ 1341.176950][ T6754]  bio_endio+0x755/0x8b0
[ 1341.177012][ T6754]  submit_bio_noacct+0x1b7/0x1e80
[ 1341.177068][ T6754]  __submit_merged_bio+0x331/0x6f0
[ 1341.177141][ T6754]  __submit_merged_write_cond+0x31a/0x3f0
[ 1341.177217][ T6754]  f2fs_write_cache_pages+0x21c8/0x2720
[ 1341.177284][ T6754]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[ 1341.177332][ T6754]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1341.177380][ T6754]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1341.177430][ T6754]  ? do_raw_spin_lock+0x128/0x260
[ 1341.177471][ T6754]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1341.177519][ T6754]  ? nr_blockdev_pages+0xde/0x120
[ 1341.177559][ T6754]  ? nr_blockdev_pages+0xde/0x120
[ 1341.177598][ T6754]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1341.177649][ T6754]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1341.177695][ T6754]  ? do_raw_spin_unlock+0x145/0x1e0
[ 1341.177751][ T6754]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1341.177799][ T6754]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1341.177845][ T6754]  ? f2fs_available_free_memory+0x279/0xa60
[ 1341.177967][ T6754]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1341.178022][ T6754]  f2fs_write_data_pages+0x5a7/0x1060
[ 1341.178062][ T6754]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1341.178121][ T6754]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1341.178182][ T6754]  ? __lock_acquire+0x4a5/0x2630
[ 1341.178240][ T6754]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1341.178286][ T6754]  do_writepages+0x278/0x600
[ 1341.178357][ T6754]  ? __pfx_do_writepages+0x10/0x10
[ 1341.178410][ T6754]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1341.178467][ T6754]  __writeback_single_inode+0x164/0x13c0
[ 1341.178522][ T6754]  ? find_held_lock+0x2b/0x80
[ 1341.178573][ T6754]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1341.178622][ T6754]  ? __pfx___writeback_single_inode+0x10/0x10
[ 1341.178677][ T6754]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1341.178723][ T6754]  ? do_raw_spin_unlock+0x145/0x1e0
[ 1341.178767][ T6754]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1341.178821][ T6754]  writeback_sb_inodes+0x72e/0x1b90
[ 1341.178895][ T6754]  ? do_raw_spin_lock+0x128/0x260
[ 1341.178937][ T6754]  ? __pfx_writeback_sb_inodes+0x10/0x10
[ 1341.178991][ T6754]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1341.179037][ T6754]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1341.179082][ T6754]  ? widen_string+0xdb/0x2f0
[ 1341.179144][ T6754]  ? debug_object_activate+0x331/0x490
[ 1341.179256][ T6754]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1341.179302][ T6754]  ? rcu_is_watching+0x12/0xc0
[ 1341.179350][ T6754]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1341.179395][ T6754]  ? queue_io+0x286/0x4f0
[ 1341.179451][ T6754]  wb_writeback+0x1bc/0xab0
[ 1341.179516][ T6754]  ? __pfx_wb_writeback+0x10/0x10
[ 1341.179567][ T6754]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1341.179627][ T6754]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1341.179673][ T6754]  ? mark_held_locks+0x40/0x70
[ 1341.179741][ T6754]  wb_workfn+0x143/0xbb0
[ 1341.179802][ T6754]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1341.179848][ T6754]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 1341.179896][ T6754]  ? __pfx_wb_workfn+0x10/0x10
[ 1341.179956][ T6754]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1341.180007][ T6754]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1341.180054][ T6754]  ? process_one_work+0x80b/0x1840
[ 1341.180097][ T6754]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1341.180143][ T6754]  ? rcu_is_watching+0x12/0xc0
[ 1341.180196][ T6754]  process_one_work+0x9c2/0x1840
[ 1341.180258][ T6754]  ? __pfx_process_one_work+0x10/0x10
[ 1341.180301][ T6754]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1341.180358][ T6754]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1341.180405][ T6754]  ? assign_work+0x19c/0x250
[ 1341.180454][ T6754]  worker_thread+0x5da/0xe40
[ 1341.180512][ T6754]  ? kthread+0x17d/0x730
[ 1341.180544][ T6754]  ? __pfx_worker_thread+0x10/0x10
[ 1341.180584][ T6754]  kthread+0x3b3/0x730
[ 1341.180624][ T6754]  ? __pfx_kthread+0x10/0x10
[ 1341.180658][ T6754]  ? ret_from_fork+0x79/0xaf0
[ 1341.180698][ T6754]  ? ret_from_fork+0x79/0xaf0
[ 1341.180738][ T6754]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1341.180783][ T6754]  ? rcu_is_watching+0x12/0xc0
[ 1341.180830][ T6754]  ? __pfx_kthread+0x10/0x10
[ 1341.180870][ T6754]  ret_from_fork+0x754/0xaf0
[ 1341.180912][ T6754]  ? __pfx_ret_from_fork+0x10/0x10
[ 1341.180957][ T6754]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1341.181002][ T6754]  ? __switch_to+0x7b9/0x10c0
[ 1341.181052][ T6754]  ? __pfx_kthread+0x10/0x10
[ 1341.181092][ T6754]  ret_from_fork_asm+0x1a/0x30
[ 1341.181176][ T6754]  </TASK>
[ 1341.801161][ T6754] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[ 1343.210098][T25463] loop9: detected capacity change from 0 to 128
[ 1343.239090][T25463] UDF-fs: error (device loop9): udf_read_tagged: read failed, block=256, location=256
[ 1345.773241][T25425] tipc: Disabling bearer <eth:syzkaller0>
[ 1345.785945][T14565] tipc: Node number set to 442619318
[ 1345.795715][T25457] netlink: 'syz.7.5344': attribute type 29 has an invalid length.
[ 1346.990629][T24255] ==================================================================
[ 1346.998744][T24255] BUG: KASAN: use-after-free in __mutex_lock+0x1861/0x1b90
[ 1347.005978][T24255] Read of size 8 at addr ffff8880a69980a8 by task khidpd_15c25886/24255
[ 1347.014319][T24255] 
[ 1347.016656][T24255] CPU: 0 UID: 0 PID: 24255 Comm: khidpd_15c25886 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1347.016719][T24255] Tainted: [L]=SOFTLOCKUP
[ 1347.016734][T24255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 1347.016759][T24255] Call Trace:
[ 1347.016773][T24255]  <TASK>
[ 1347.016787][T24255]  dump_stack_lvl+0x100/0x190
[ 1347.016838][T24255]  print_report+0x156/0x4c9
[ 1347.016893][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1347.016942][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1347.016990][T24255]  ? __phys_addr+0xe8/0x180
[ 1347.017054][T24255]  ? __mutex_lock+0x1861/0x1b90
[ 1347.017106][T24255]  kasan_report+0xdf/0x1a0
[ 1347.017150][T24255]  ? __mutex_lock+0x1861/0x1b90
[ 1347.017209][T24255]  __mutex_lock+0x1861/0x1b90
[ 1347.017259][T24255]  ? __pfx_debug_object_deactivate+0x10/0x10
[ 1347.017312][T24255]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1347.017356][T24255]  ? l2cap_unregister_user+0x71/0x240
[ 1347.017428][T24255]  ? __pfx___mutex_lock+0x10/0x10
[ 1347.017479][T24255]  ? __try_to_del_timer_sync+0x107/0x160
[ 1347.017538][T24255]  ? __try_to_del_timer_sync+0x107/0x160
[ 1347.017596][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1347.017645][T24255]  ? rcu_is_watching+0x12/0xc0
[ 1347.017699][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1347.017747][T24255]  ? lockdep_hardirqs_on+0x78/0x100
[ 1347.017798][T24255]  ? __try_to_del_timer_sync+0x107/0x160
[ 1347.017857][T24255]  ? __pfx___try_to_del_timer_sync+0x10/0x10
[ 1347.017917][T24255]  ? __timer_delete_sync+0x151/0x1c0
[ 1347.017979][T24255]  ? l2cap_unregister_user+0x71/0x240
[ 1347.018043][T24255]  l2cap_unregister_user+0x71/0x240
[ 1347.018111][T24255]  hidp_session_thread+0x459/0x680
[ 1347.018165][T24255]  ? __pfx_hidp_session_thread+0x10/0x10
[ 1347.018217][T24255]  ? __pfx_hidp_session_wake_function+0x10/0x10
[ 1347.018267][T24255]  ? __kthread_parkme+0xbb/0x230
[ 1347.018342][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1347.018391][T24255]  ? rcu_is_watching+0x12/0xc0
[ 1347.018438][T24255]  ? __pfx_hidp_session_wake_function+0x10/0x10
[ 1347.018487][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1347.018537][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1347.018585][T24255]  ? __kthread_parkme+0x18c/0x230
[ 1347.018646][T24255]  ? __pfx_hidp_session_thread+0x10/0x10
[ 1347.018703][T24255]  kthread+0x3b3/0x730
[ 1347.018741][T24255]  ? __pfx_kthread+0x10/0x10
[ 1347.018776][T24255]  ? ret_from_fork+0x79/0xaf0
[ 1347.018818][T24255]  ? ret_from_fork+0x79/0xaf0
[ 1347.018859][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1347.018907][T24255]  ? rcu_is_watching+0x12/0xc0
[ 1347.018955][T24255]  ? __pfx_kthread+0x10/0x10
[ 1347.018994][T24255]  ret_from_fork+0x754/0xaf0
[ 1347.019036][T24255]  ? __pfx_ret_from_fork+0x10/0x10
[ 1347.019081][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1347.019129][T24255]  ? __switch_to+0x7b9/0x10c0
[ 1347.019181][T24255]  ? __pfx_kthread+0x10/0x10
[ 1347.019220][T24255]  ret_from_fork_asm+0x1a/0x30
[ 1347.019295][T24255]  </TASK>
[ 1347.019309][T24255] 
[ 1347.303259][T24255] The buggy address belongs to the physical page:
[ 1347.309664][T24255] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880a699ba80 pfn:0xa6998
[ 1347.319737][T24255] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 1347.326860][T24255] raw: 00fff00000000000 ffffea00022b5408 ffff8880b84410c0 0000000000000000
[ 1347.335449][T24255] raw: ffff8880a699ba80 0000000000000000 00000000ffffffff 0000000000000000
[ 1347.344027][T24255] page dumped because: kasan: bad access detected
[ 1347.350432][T24255] page_owner tracks the page as freed
[ 1347.355792][T24255] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x40dc0(GFP_KERNEL|__GFP_ZERO|__GFP_COMP), pid 23592, tgid 23592 (syz-executor), ts 1190559090279, free_ts 1346971606581
[ 1347.374215][T24255]  post_alloc_hook+0x1e1/0x250
[ 1347.379000][T24255]  get_page_from_freelist+0xe3d/0x2e10
[ 1347.384481][T24255]  __alloc_frozen_pages_noprof+0x26c/0x2410
[ 1347.390400][T24255]  alloc_pages_mpol+0x1fb/0x550
[ 1347.395260][T24255]  ___kmalloc_large_node+0x104/0x150
[ 1347.400558][T24255]  __kmalloc_large_node_noprof+0x1c/0x70
[ 1347.406202][T24255]  __kmalloc_noprof+0x6b1/0x9c0
[ 1347.411066][T24255]  hci_alloc_dev_priv+0x1d/0x28a0
[ 1347.416114][T24255]  __vhci_create_device+0xf0/0x880
[ 1347.421256][T24255]  vhci_write+0x2c4/0x490
[ 1347.425613][T24255]  vfs_write+0x6ac/0x1070
[ 1347.429966][T24255]  ksys_write+0x12a/0x250
[ 1347.434315][T24255]  do_syscall_64+0xc9/0xf80
[ 1347.438831][T24255]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1347.444730][T24255] page last free pid 24725 tgid 24725 stack trace:
[ 1347.451224][T24255]  __free_frozen_pages+0x822/0x1130
[ 1347.456437][T24255]  hci_release_dev+0x4ef/0x630
[ 1347.461210][T24255]  bt_host_release+0x6a/0xb0
[ 1347.465821][T24255]  device_release+0xa4/0x240
[ 1347.470434][T24255]  kobject_put+0x1f7/0x640
[ 1347.474870][T24255]  put_device+0x1f/0x30
[ 1347.479048][T24255]  vhci_release+0x185/0x230
[ 1347.483575][T24255]  __fput+0x3ff/0xb40
[ 1347.487565][T24255]  task_work_run+0x150/0x240
[ 1347.492162][T24255]  do_exit+0x829/0x2a30
[ 1347.496315][T24255]  do_group_exit+0xd5/0x2a0
[ 1347.500819][T24255]  get_signal+0x1ec7/0x21e0
[ 1347.505339][T24255]  arch_do_signal_or_restart+0x91/0x7a0
[ 1347.510905][T24255]  exit_to_user_mode_loop+0x86/0x4b0
[ 1347.516194][T24255]  do_syscall_64+0x4fe/0xf80
[ 1347.520799][T24255]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1347.526702][T24255] 
[ 1347.529012][T24255] Memory state around the buggy address:
[ 1347.534633][T24255]  ffff8880a6997f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 1347.542699][T24255]  ffff8880a6998000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 1347.550763][T24255] >ffff8880a6998080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 1347.558819][T24255]                                   ^
[ 1347.564186][T24255]  ffff8880a6998100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 1347.572247][T24255]  ffff8880a6998180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 1347.580303][T24255] ==================================================================
[ 1347.591076][T24255] Disabling lock debugging due to kernel taint
[ 1347.597231][T24255] ==================================================================
[ 1347.605289][T24255] BUG: KASAN: use-after-free in do_raw_spin_lock+0x23b/0x260
[ 1347.612688][T24255] Read of size 4 at addr ffff8880a6998064 by task khidpd_15c25886/24255
[ 1347.621020][T24255] 
[ 1347.623349][T24255] CPU: 0 UID: 0 PID: 24255 Comm: khidpd_15c25886 Tainted: G    B        L      syzkaller #0 PREEMPT(full) 
[ 1347.623406][T24255] Tainted: [B]=BAD_PAGE, [L]=SOFTLOCKUP
[ 1347.623422][T24255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 1347.623444][T24255] Call Trace:
[ 1347.623456][T24255]  <TASK>
[ 1347.623470][T24255]  dump_stack_lvl+0x100/0x190
[ 1347.623515][T24255]  print_report+0x156/0x4c9
[ 1347.623564][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1347.623607][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1347.623650][T24255]  ? __phys_addr+0xe8/0x180
[ 1347.623714][T24255]  ? do_raw_spin_lock+0x23b/0x260
[ 1347.623751][T24255]  kasan_report+0xdf/0x1a0
[ 1347.623790][T24255]  ? do_raw_spin_lock+0x23b/0x260
[ 1347.623835][T24255]  do_raw_spin_lock+0x23b/0x260
[ 1347.623872][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1347.623917][T24255]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1347.623955][T24255]  ? lock_acquire+0x2c4/0x330
[ 1347.624010][T24255]  ? __mutex_lock+0x1861/0x1b90
[ 1347.624061][T24255]  _raw_spin_lock_irqsave+0x42/0x60
[ 1347.624099][T24255]  ? __mutex_lock+0xcc7/0x1b90
[ 1347.624147][T24255]  __mutex_lock+0xcc7/0x1b90
[ 1347.624191][T24255]  ? __pfx_debug_object_deactivate+0x10/0x10
[ 1347.624238][T24255]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1347.624276][T24255]  ? l2cap_unregister_user+0x71/0x240
[ 1347.624341][T24255]  ? __pfx___mutex_lock+0x10/0x10
[ 1347.624386][T24255]  ? __try_to_del_timer_sync+0x107/0x160
[ 1347.624438][T24255]  ? __try_to_del_timer_sync+0x107/0x160
[ 1347.624491][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1347.624533][T24255]  ? rcu_is_watching+0x12/0xc0
[ 1347.624578][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1347.624621][T24255]  ? lockdep_hardirqs_on+0x78/0x100
[ 1347.624666][T24255]  ? __try_to_del_timer_sync+0x107/0x160
[ 1347.624722][T24255]  ? __pfx___try_to_del_timer_sync+0x10/0x10
[ 1347.624775][T24255]  ? __timer_delete_sync+0x151/0x1c0
[ 1347.624830][T24255]  ? l2cap_unregister_user+0x71/0x240
[ 1347.624887][T24255]  l2cap_unregister_user+0x71/0x240
[ 1347.624948][T24255]  hidp_session_thread+0x459/0x680
[ 1347.624994][T24255]  ? __pfx_hidp_session_thread+0x10/0x10
[ 1347.625041][T24255]  ? __pfx_hidp_session_wake_function+0x10/0x10
[ 1347.625085][T24255]  ? __kthread_parkme+0xbb/0x230
[ 1347.625138][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1347.625181][T24255]  ? rcu_is_watching+0x12/0xc0
[ 1347.625225][T24255]  ? __pfx_hidp_session_wake_function+0x10/0x10
[ 1347.625268][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1347.625312][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1347.625356][T24255]  ? __kthread_parkme+0x18c/0x230
[ 1347.625410][T24255]  ? __pfx_hidp_session_thread+0x10/0x10
[ 1347.625454][T24255]  kthread+0x3b3/0x730
[ 1347.625489][T24255]  ? __pfx_kthread+0x10/0x10
[ 1347.625521][T24255]  ? ret_from_fork+0x79/0xaf0
[ 1347.625557][T24255]  ? ret_from_fork+0x79/0xaf0
[ 1347.625593][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1347.625636][T24255]  ? rcu_is_watching+0x12/0xc0
[ 1347.625685][T24255]  ? __pfx_kthread+0x10/0x10
[ 1347.625720][T24255]  ret_from_fork+0x754/0xaf0
[ 1347.625757][T24255]  ? __pfx_ret_from_fork+0x10/0x10
[ 1347.625797][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1347.625840][T24255]  ? __switch_to+0x7b9/0x10c0
[ 1347.625887][T24255]  ? __pfx_kthread+0x10/0x10
[ 1347.625922][T24255]  ret_from_fork_asm+0x1a/0x30
[ 1347.625988][T24255]  </TASK>
[ 1347.626001][T24255] 
[ 1347.946395][T24255] The buggy address belongs to the physical page:
[ 1347.952800][T24255] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880a699ba80 pfn:0xa6998
[ 1347.962866][T24255] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 1347.969987][T24255] raw: 00fff00000000000 ffffea00022b5408 ffff8880b84410c0 0000000000000000
[ 1347.978575][T24255] raw: ffff8880a699ba80 0000000000000000 00000000ffffffff 0000000000000000
[ 1347.987148][T24255] page dumped because: kasan: bad access detected
[ 1347.993549][T24255] page_owner tracks the page as freed
[ 1347.998902][T24255] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x40dc0(GFP_KERNEL|__GFP_ZERO|__GFP_COMP), pid 23592, tgid 23592 (syz-executor), ts 1190559090279, free_ts 1346971606581
[ 1348.017323][T24255]  post_alloc_hook+0x1e1/0x250
[ 1348.022111][T24255]  get_page_from_freelist+0xe3d/0x2e10
[ 1348.027593][T24255]  __alloc_frozen_pages_noprof+0x26c/0x2410
[ 1348.033526][T24255]  alloc_pages_mpol+0x1fb/0x550
[ 1348.038386][T24255]  ___kmalloc_large_node+0x104/0x150
[ 1348.043857][T24255]  __kmalloc_large_node_noprof+0x1c/0x70
[ 1348.049502][T24255]  __kmalloc_noprof+0x6b1/0x9c0
[ 1348.054368][T24255]  hci_alloc_dev_priv+0x1d/0x28a0
[ 1348.059414][T24255]  __vhci_create_device+0xf0/0x880
[ 1348.064554][T24255]  vhci_write+0x2c4/0x490
[ 1348.068907][T24255]  vfs_write+0x6ac/0x1070
[ 1348.073257][T24255]  ksys_write+0x12a/0x250
[ 1348.077607][T24255]  do_syscall_64+0xc9/0xf80
[ 1348.082122][T24255]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1348.088022][T24255] page last free pid 24725 tgid 24725 stack trace:
[ 1348.094513][T24255]  __free_frozen_pages+0x822/0x1130
[ 1348.099725][T24255]  hci_release_dev+0x4ef/0x630
[ 1348.104498][T24255]  bt_host_release+0x6a/0xb0
[ 1348.109108][T24255]  device_release+0xa4/0x240
[ 1348.113725][T24255]  kobject_put+0x1f7/0x640
[ 1348.118156][T24255]  put_device+0x1f/0x30
[ 1348.122333][T24255]  vhci_release+0x185/0x230
[ 1348.126857][T24255]  __fput+0x3ff/0xb40
[ 1348.130846][T24255]  task_work_run+0x150/0x240
[ 1348.135447][T24255]  do_exit+0x829/0x2a30
[ 1348.139604][T24255]  do_group_exit+0xd5/0x2a0
[ 1348.144107][T24255]  get_signal+0x1ec7/0x21e0
[ 1348.148627][T24255]  arch_do_signal_or_restart+0x91/0x7a0
[ 1348.154200][T24255]  exit_to_user_mode_loop+0x86/0x4b0
[ 1348.159491][T24255]  do_syscall_64+0x4fe/0xf80
[ 1348.164093][T24255]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1348.169991][T24255] 
[ 1348.172301][T24255] Memory state around the buggy address:
[ 1348.177923][T24255]  ffff8880a6997f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 1348.185981][T24255]  ffff8880a6997f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 1348.194042][T24255] >ffff8880a6998000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 1348.202095][T24255]                                                        ^
[ 1348.209284][T24255]  ffff8880a6998080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 1348.217341][T24255]  ffff8880a6998100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 1348.225428][T24255] ==================================================================
[ 1348.233481][T24255] ==================================================================
[ 1348.241534][T24255] BUG: KASAN: use-after-free in do_raw_spin_lock+0x248/0x260
[ 1348.248919][T24255] Read of size 8 at addr ffff8880a6998070 by task khidpd_15c25886/24255
[ 1348.257241][T24255] 
[ 1348.259576][T24255] CPU: 0 UID: 0 PID: 24255 Comm: khidpd_15c25886 Tainted: G    B        L      syzkaller #0 PREEMPT(full) 
[ 1348.259632][T24255] Tainted: [B]=BAD_PAGE, [L]=SOFTLOCKUP
[ 1348.259647][T24255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 1348.259669][T24255] Call Trace:
[ 1348.259686][T24255]  <TASK>
[ 1348.259700][T24255]  dump_stack_lvl+0x100/0x190
[ 1348.259744][T24255]  print_report+0x156/0x4c9
[ 1348.259793][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1348.259837][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1348.259879][T24255]  ? __phys_addr+0xe8/0x180
[ 1348.259937][T24255]  ? do_raw_spin_lock+0x248/0x260
[ 1348.259975][T24255]  kasan_report+0xdf/0x1a0
[ 1348.260014][T24255]  ? do_raw_spin_lock+0x248/0x260
[ 1348.260058][T24255]  do_raw_spin_lock+0x248/0x260
[ 1348.260095][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1348.260142][T24255]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1348.260180][T24255]  ? lock_acquire+0x2c4/0x330
[ 1348.260236][T24255]  ? __mutex_lock+0x1861/0x1b90
[ 1348.260289][T24255]  _raw_spin_lock_irqsave+0x42/0x60
[ 1348.260327][T24255]  ? __mutex_lock+0xcc7/0x1b90
[ 1348.260372][T24255]  __mutex_lock+0xcc7/0x1b90
[ 1348.260417][T24255]  ? __pfx_debug_object_deactivate+0x10/0x10
[ 1348.260464][T24255]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1348.260503][T24255]  ? l2cap_unregister_user+0x71/0x240
[ 1348.260566][T24255]  ? __pfx___mutex_lock+0x10/0x10
[ 1348.260611][T24255]  ? __try_to_del_timer_sync+0x107/0x160
[ 1348.260663][T24255]  ? __try_to_del_timer_sync+0x107/0x160
[ 1348.260720][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1348.260763][T24255]  ? rcu_is_watching+0x12/0xc0
[ 1348.260807][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1348.260850][T24255]  ? lockdep_hardirqs_on+0x78/0x100
[ 1348.260895][T24255]  ? __try_to_del_timer_sync+0x107/0x160
[ 1348.260947][T24255]  ? __pfx___try_to_del_timer_sync+0x10/0x10
[ 1348.261000][T24255]  ? __timer_delete_sync+0x151/0x1c0
[ 1348.261055][T24255]  ? l2cap_unregister_user+0x71/0x240
[ 1348.261113][T24255]  l2cap_unregister_user+0x71/0x240
[ 1348.261174][T24255]  hidp_session_thread+0x459/0x680
[ 1348.261221][T24255]  ? __pfx_hidp_session_thread+0x10/0x10
[ 1348.261268][T24255]  ? __pfx_hidp_session_wake_function+0x10/0x10
[ 1348.261312][T24255]  ? __kthread_parkme+0xbb/0x230
[ 1348.261362][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1348.261405][T24255]  ? rcu_is_watching+0x12/0xc0
[ 1348.261449][T24255]  ? __pfx_hidp_session_wake_function+0x10/0x10
[ 1348.261493][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1348.261537][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1348.261579][T24255]  ? __kthread_parkme+0x18c/0x230
[ 1348.261633][T24255]  ? __pfx_hidp_session_thread+0x10/0x10
[ 1348.261681][T24255]  kthread+0x3b3/0x730
[ 1348.261717][T24255]  ? __pfx_kthread+0x10/0x10
[ 1348.261749][T24255]  ? ret_from_fork+0x79/0xaf0
[ 1348.261784][T24255]  ? ret_from_fork+0x79/0xaf0
[ 1348.261821][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1348.261863][T24255]  ? rcu_is_watching+0x12/0xc0
[ 1348.261906][T24255]  ? __pfx_kthread+0x10/0x10
[ 1348.261941][T24255]  ret_from_fork+0x754/0xaf0
[ 1348.261979][T24255]  ? __pfx_ret_from_fork+0x10/0x10
[ 1348.262018][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1348.262061][T24255]  ? __switch_to+0x7b9/0x10c0
[ 1348.262107][T24255]  ? __pfx_kthread+0x10/0x10
[ 1348.262144][T24255]  ret_from_fork_asm+0x1a/0x30
[ 1348.262211][T24255]  </TASK>
[ 1348.262223][T24255] 
[ 1348.582710][T24255] The buggy address belongs to the physical page:
[ 1348.589113][T24255] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880a699ba80 pfn:0xa6998
[ 1348.599181][T24255] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 1348.606306][T24255] raw: 00fff00000000000 ffffea00022b5408 ffff8880b84410c0 0000000000000000
[ 1348.614897][T24255] raw: ffff8880a699ba80 0000000000000000 00000000ffffffff 0000000000000000
[ 1348.623474][T24255] page dumped because: kasan: bad access detected
[ 1348.629879][T24255] page_owner tracks the page as freed
[ 1348.635233][T24255] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x40dc0(GFP_KERNEL|__GFP_ZERO|__GFP_COMP), pid 23592, tgid 23592 (syz-executor), ts 1190559090279, free_ts 1346971606581
[ 1348.653662][T24255]  post_alloc_hook+0x1e1/0x250
[ 1348.658456][T24255]  get_page_from_freelist+0xe3d/0x2e10
[ 1348.663939][T24255]  __alloc_frozen_pages_noprof+0x26c/0x2410
[ 1348.669855][T24255]  alloc_pages_mpol+0x1fb/0x550
[ 1348.674711][T24255]  ___kmalloc_large_node+0x104/0x150
[ 1348.680007][T24255]  __kmalloc_large_node_noprof+0x1c/0x70
[ 1348.685650][T24255]  __kmalloc_noprof+0x6b1/0x9c0
[ 1348.690523][T24255]  hci_alloc_dev_priv+0x1d/0x28a0
[ 1348.695565][T24255]  __vhci_create_device+0xf0/0x880
[ 1348.700704][T24255]  vhci_write+0x2c4/0x490
[ 1348.705058][T24255]  vfs_write+0x6ac/0x1070
[ 1348.709414][T24255]  ksys_write+0x12a/0x250
[ 1348.713768][T24255]  do_syscall_64+0xc9/0xf80
[ 1348.718281][T24255]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1348.724195][T24255] page last free pid 24725 tgid 24725 stack trace:
[ 1348.730690][T24255]  __free_frozen_pages+0x822/0x1130
[ 1348.735906][T24255]  hci_release_dev+0x4ef/0x630
[ 1348.740684][T24255]  bt_host_release+0x6a/0xb0
[ 1348.745292][T24255]  device_release+0xa4/0x240
[ 1348.749906][T24255]  kobject_put+0x1f7/0x640
[ 1348.754345][T24255]  put_device+0x1f/0x30
[ 1348.758526][T24255]  vhci_release+0x185/0x230
[ 1348.763050][T24255]  __fput+0x3ff/0xb40
[ 1348.767039][T24255]  task_work_run+0x150/0x240
[ 1348.771634][T24255]  do_exit+0x829/0x2a30
[ 1348.775794][T24255]  do_group_exit+0xd5/0x2a0
[ 1348.780303][T24255]  get_signal+0x1ec7/0x21e0
[ 1348.784822][T24255]  arch_do_signal_or_restart+0x91/0x7a0
[ 1348.790388][T24255]  exit_to_user_mode_loop+0x86/0x4b0
[ 1348.795695][T24255]  do_syscall_64+0x4fe/0xf80
[ 1348.800297][T24255]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1348.806204][T24255] 
[ 1348.808519][T24255] Memory state around the buggy address:
[ 1348.814140][T24255]  ffff8880a6997f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 1348.822200][T24255]  ffff8880a6997f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 1348.830259][T24255] >ffff8880a6998000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 1348.838329][T24255]                                                              ^
[ 1348.846037][T24255]  ffff8880a6998080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 1348.854097][T24255]  ffff8880a6998100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 1348.862152][T24255] ==================================================================
[ 1348.870203][T24255] ==================================================================
[ 1348.878255][T24255] BUG: KASAN: use-after-free in do_raw_spin_lock+0x231/0x260
[ 1348.885653][T24255] Read of size 4 at addr ffff8880a6998068 by task khidpd_15c25886/24255
[ 1348.893979][T24255] 
[ 1348.896303][T24255] CPU: 0 UID: 0 PID: 24255 Comm: khidpd_15c25886 Tainted: G    B        L      syzkaller #0 PREEMPT(full) 
[ 1348.896358][T24255] Tainted: [B]=BAD_PAGE, [L]=SOFTLOCKUP
[ 1348.896374][T24255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 1348.896396][T24255] Call Trace:
[ 1348.896410][T24255]  <TASK>
[ 1348.896426][T24255]  dump_stack_lvl+0x100/0x190
[ 1348.896473][T24255]  print_report+0x156/0x4c9
[ 1348.896522][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1348.896565][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1348.896608][T24255]  ? __phys_addr+0xe8/0x180
[ 1348.896666][T24255]  ? do_raw_spin_lock+0x231/0x260
[ 1348.896711][T24255]  kasan_report+0xdf/0x1a0
[ 1348.896750][T24255]  ? do_raw_spin_lock+0x231/0x260
[ 1348.896794][T24255]  do_raw_spin_lock+0x231/0x260
[ 1348.896832][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1348.896876][T24255]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1348.896915][T24255]  ? lock_acquire+0x2c4/0x330
[ 1348.896970][T24255]  ? __mutex_lock+0x1861/0x1b90
[ 1348.897021][T24255]  _raw_spin_lock_irqsave+0x42/0x60
[ 1348.897059][T24255]  ? __mutex_lock+0xcc7/0x1b90
[ 1348.897105][T24255]  __mutex_lock+0xcc7/0x1b90
[ 1348.897152][T24255]  ? __pfx_debug_object_deactivate+0x10/0x10
[ 1348.897199][T24255]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1348.897238][T24255]  ? l2cap_unregister_user+0x71/0x240
[ 1348.897302][T24255]  ? __pfx___mutex_lock+0x10/0x10
[ 1348.897347][T24255]  ? __try_to_del_timer_sync+0x107/0x160
[ 1348.897400][T24255]  ? __try_to_del_timer_sync+0x107/0x160
[ 1348.897452][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1348.897495][T24255]  ? rcu_is_watching+0x12/0xc0
[ 1348.897539][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1348.897582][T24255]  ? lockdep_hardirqs_on+0x78/0x100
[ 1348.897627][T24255]  ? __try_to_del_timer_sync+0x107/0x160
[ 1348.897683][T24255]  ? __pfx___try_to_del_timer_sync+0x10/0x10
[ 1348.897737][T24255]  ? __timer_delete_sync+0x151/0x1c0
[ 1348.897792][T24255]  ? l2cap_unregister_user+0x71/0x240
[ 1348.897849][T24255]  l2cap_unregister_user+0x71/0x240
[ 1348.897911][T24255]  hidp_session_thread+0x459/0x680
[ 1348.897958][T24255]  ? __pfx_hidp_session_thread+0x10/0x10
[ 1348.898005][T24255]  ? __pfx_hidp_session_wake_function+0x10/0x10
[ 1348.898048][T24255]  ? __kthread_parkme+0xbb/0x230
[ 1348.898099][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1348.898144][T24255]  ? rcu_is_watching+0x12/0xc0
[ 1348.898188][T24255]  ? __pfx_hidp_session_wake_function+0x10/0x10
[ 1348.898232][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1348.898276][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1348.898334][T24255]  ? __kthread_parkme+0x18c/0x230
[ 1348.898389][T24255]  ? __pfx_hidp_session_thread+0x10/0x10
[ 1348.898434][T24255]  kthread+0x3b3/0x730
[ 1348.898468][T24255]  ? __pfx_kthread+0x10/0x10
[ 1348.898500][T24255]  ? ret_from_fork+0x79/0xaf0
[ 1348.898537][T24255]  ? ret_from_fork+0x79/0xaf0
[ 1348.898573][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1348.898616][T24255]  ? rcu_is_watching+0x12/0xc0
[ 1348.898660][T24255]  ? __pfx_kthread+0x10/0x10
[ 1348.898698][T24255]  ret_from_fork+0x754/0xaf0
[ 1348.898736][T24255]  ? __pfx_ret_from_fork+0x10/0x10
[ 1348.898776][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1348.898819][T24255]  ? __switch_to+0x7b9/0x10c0
[ 1348.898865][T24255]  ? __pfx_kthread+0x10/0x10
[ 1348.898900][T24255]  ret_from_fork_asm+0x1a/0x30
[ 1348.898967][T24255]  </TASK>
[ 1348.898979][T24255] 
[ 1349.219559][T24255] The buggy address belongs to the physical page:
[ 1349.225963][T24255] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880a699ba80 pfn:0xa6998
[ 1349.236028][T24255] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 1349.243148][T24255] raw: 00fff00000000000 ffffea00022b5408 ffff8880b84410c0 0000000000000000
[ 1349.251737][T24255] raw: ffff8880a699ba80 0000000000000000 00000000ffffffff 0000000000000000
[ 1349.260314][T24255] page dumped because: kasan: bad access detected
[ 1349.266723][T24255] page_owner tracks the page as freed
[ 1349.272077][T24255] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x40dc0(GFP_KERNEL|__GFP_ZERO|__GFP_COMP), pid 23592, tgid 23592 (syz-executor), ts 1190559090279, free_ts 1346971606581
[ 1349.290501][T24255]  post_alloc_hook+0x1e1/0x250
[ 1349.295285][T24255]  get_page_from_freelist+0xe3d/0x2e10
[ 1349.300768][T24255]  __alloc_frozen_pages_noprof+0x26c/0x2410
[ 1349.306687][T24255]  alloc_pages_mpol+0x1fb/0x550
[ 1349.311544][T24255]  ___kmalloc_large_node+0x104/0x150
[ 1349.316838][T24255]  __kmalloc_large_node_noprof+0x1c/0x70
[ 1349.322480][T24255]  __kmalloc_noprof+0x6b1/0x9c0
[ 1349.327345][T24255]  hci_alloc_dev_priv+0x1d/0x28a0
[ 1349.332387][T24255]  __vhci_create_device+0xf0/0x880
[ 1349.337525][T24255]  vhci_write+0x2c4/0x490
[ 1349.341877][T24255]  vfs_write+0x6ac/0x1070
[ 1349.346227][T24255]  ksys_write+0x12a/0x250
[ 1349.350575][T24255]  do_syscall_64+0xc9/0xf80
[ 1349.355091][T24255]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1349.360990][T24255] page last free pid 24725 tgid 24725 stack trace:
[ 1349.367482][T24255]  __free_frozen_pages+0x822/0x1130
[ 1349.372701][T24255]  hci_release_dev+0x4ef/0x630
[ 1349.377476][T24255]  bt_host_release+0x6a/0xb0
[ 1349.382085][T24255]  device_release+0xa4/0x240
[ 1349.386702][T24255]  kobject_put+0x1f7/0x640
[ 1349.391133][T24255]  put_device+0x1f/0x30
[ 1349.395314][T24255]  vhci_release+0x185/0x230
[ 1349.399838][T24255]  __fput+0x3ff/0xb40
[ 1349.403827][T24255]  task_work_run+0x150/0x240
[ 1349.408423][T24255]  do_exit+0x829/0x2a30
[ 1349.412579][T24255]  do_group_exit+0xd5/0x2a0
[ 1349.417081][T24255]  get_signal+0x1ec7/0x21e0
[ 1349.421602][T24255]  arch_do_signal_or_restart+0x91/0x7a0
[ 1349.427172][T24255]  exit_to_user_mode_loop+0x86/0x4b0
[ 1349.432461][T24255]  do_syscall_64+0x4fe/0xf80
[ 1349.437062][T24255]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1349.442962][T24255] 
[ 1349.445275][T24255] Memory state around the buggy address:
[ 1349.450896][T24255]  ffff8880a6997f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 1349.458957][T24255]  ffff8880a6997f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 1349.467018][T24255] >ffff8880a6998000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 1349.475073][T24255]                                                           ^
[ 1349.482521][T24255]  ffff8880a6998080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 1349.490580][T24255]  ffff8880a6998100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 1349.498632][T24255] ==================================================================
[ 1349.506686][T24255] ==================================================================
[ 1349.514742][T24255] BUG: KASAN: use-after-free in do_raw_spin_lock+0x119/0x260
[ 1349.522127][T24255] Write of size 4 at addr ffff8880a6998060 by task khidpd_15c25886/24255
[ 1349.530539][T24255] 
[ 1349.532860][T24255] CPU: 0 UID: 0 PID: 24255 Comm: khidpd_15c25886 Tainted: G    B        L      syzkaller #0 PREEMPT(full) 
[ 1349.532916][T24255] Tainted: [B]=BAD_PAGE, [L]=SOFTLOCKUP
[ 1349.532932][T24255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 1349.532954][T24255] Call Trace:
[ 1349.532968][T24255]  <TASK>
[ 1349.532984][T24255]  dump_stack_lvl+0x100/0x190
[ 1349.533029][T24255]  print_report+0x156/0x4c9
[ 1349.533078][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1349.533124][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1349.533167][T24255]  ? __phys_addr+0xe8/0x180
[ 1349.533224][T24255]  ? do_raw_spin_lock+0x119/0x260
[ 1349.533262][T24255]  kasan_report+0xdf/0x1a0
[ 1349.533301][T24255]  ? do_raw_spin_lock+0x119/0x260
[ 1349.533345][T24255]  kasan_check_range+0x10f/0x1e0
[ 1349.533390][T24255]  do_raw_spin_lock+0x119/0x260
[ 1349.533427][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1349.533472][T24255]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1349.533510][T24255]  ? lock_acquire+0x2c4/0x330
[ 1349.533565][T24255]  ? __mutex_lock+0x1861/0x1b90
[ 1349.533616][T24255]  _raw_spin_lock_irqsave+0x42/0x60
[ 1349.533654][T24255]  ? __mutex_lock+0xcc7/0x1b90
[ 1349.533705][T24255]  __mutex_lock+0xcc7/0x1b90
[ 1349.533749][T24255]  ? __pfx_debug_object_deactivate+0x10/0x10
[ 1349.533796][T24255]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1349.533835][T24255]  ? l2cap_unregister_user+0x71/0x240
[ 1349.533899][T24255]  ? __pfx___mutex_lock+0x10/0x10
[ 1349.533944][T24255]  ? __try_to_del_timer_sync+0x107/0x160
[ 1349.533996][T24255]  ? __try_to_del_timer_sync+0x107/0x160
[ 1349.534048][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1349.534091][T24255]  ? rcu_is_watching+0x12/0xc0
[ 1349.534137][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1349.534180][T24255]  ? lockdep_hardirqs_on+0x78/0x100
[ 1349.534225][T24255]  ? __try_to_del_timer_sync+0x107/0x160
[ 1349.534277][T24255]  ? __pfx___try_to_del_timer_sync+0x10/0x10
[ 1349.534330][T24255]  ? __timer_delete_sync+0x151/0x1c0
[ 1349.534385][T24255]  ? l2cap_unregister_user+0x71/0x240
[ 1349.534442][T24255]  l2cap_unregister_user+0x71/0x240
[ 1349.534503][T24255]  hidp_session_thread+0x459/0x680
[ 1349.534550][T24255]  ? __pfx_hidp_session_thread+0x10/0x10
[ 1349.534597][T24255]  ? __pfx_hidp_session_wake_function+0x10/0x10
[ 1349.534641][T24255]  ? __kthread_parkme+0xbb/0x230
[ 1349.534697][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1349.534739][T24255]  ? rcu_is_watching+0x12/0xc0
[ 1349.534783][T24255]  ? __pfx_hidp_session_wake_function+0x10/0x10
[ 1349.534826][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1349.534871][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1349.534914][T24255]  ? __kthread_parkme+0x18c/0x230
[ 1349.534967][T24255]  ? __pfx_hidp_session_thread+0x10/0x10
[ 1349.535012][T24255]  kthread+0x3b3/0x730
[ 1349.535047][T24255]  ? __pfx_kthread+0x10/0x10
[ 1349.535078][T24255]  ? ret_from_fork+0x79/0xaf0
[ 1349.535116][T24255]  ? ret_from_fork+0x79/0xaf0
[ 1349.535152][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1349.535196][T24255]  ? rcu_is_watching+0x12/0xc0
[ 1349.535239][T24255]  ? __pfx_kthread+0x10/0x10
[ 1349.535274][T24255]  ret_from_fork+0x754/0xaf0
[ 1349.535312][T24255]  ? __pfx_ret_from_fork+0x10/0x10
[ 1349.535351][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1349.535394][T24255]  ? __switch_to+0x7b9/0x10c0
[ 1349.535441][T24255]  ? __pfx_kthread+0x10/0x10
[ 1349.535476][T24255]  ret_from_fork_asm+0x1a/0x30
[ 1349.535542][T24255]  </TASK>
[ 1349.535554][T24255] 
[ 1349.860985][T24255] The buggy address belongs to the physical page:
[ 1349.867392][T24255] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880a699ba80 pfn:0xa6998
[ 1349.877465][T24255] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 1349.884588][T24255] raw: 00fff00000000000 ffffea00022b5408 ffff8880b84410c0 0000000000000000
[ 1349.893177][T24255] raw: ffff8880a699ba80 0000000000000000 00000000ffffffff 0000000000000000
[ 1349.901753][T24255] page dumped because: kasan: bad access detected
[ 1349.908154][T24255] page_owner tracks the page as freed
[ 1349.913509][T24255] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x40dc0(GFP_KERNEL|__GFP_ZERO|__GFP_COMP), pid 23592, tgid 23592 (syz-executor), ts 1190559090279, free_ts 1346971606581
[ 1349.931932][T24255]  post_alloc_hook+0x1e1/0x250
[ 1349.936718][T24255]  get_page_from_freelist+0xe3d/0x2e10
[ 1349.942197][T24255]  __alloc_frozen_pages_noprof+0x26c/0x2410
[ 1349.948112][T24255]  alloc_pages_mpol+0x1fb/0x550
[ 1349.952971][T24255]  ___kmalloc_large_node+0x104/0x150
[ 1349.958267][T24255]  __kmalloc_large_node_noprof+0x1c/0x70
[ 1349.963995][T24255]  __kmalloc_noprof+0x6b1/0x9c0
[ 1349.968859][T24255]  hci_alloc_dev_priv+0x1d/0x28a0
[ 1349.973898][T24255]  __vhci_create_device+0xf0/0x880
[ 1349.979036][T24255]  vhci_write+0x2c4/0x490
[ 1349.983405][T24255]  vfs_write+0x6ac/0x1070
[ 1349.987755][T24255]  ksys_write+0x12a/0x250
[ 1349.992105][T24255]  do_syscall_64+0xc9/0xf80
[ 1349.996624][T24255]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1350.002529][T24255] page last free pid 24725 tgid 24725 stack trace:
[ 1350.009023][T24255]  __free_frozen_pages+0x822/0x1130
[ 1350.014238][T24255]  hci_release_dev+0x4ef/0x630
[ 1350.019010][T24255]  bt_host_release+0x6a/0xb0
[ 1350.023619][T24255]  device_release+0xa4/0x240
[ 1350.028238][T24255]  kobject_put+0x1f7/0x640
[ 1350.032670][T24255]  put_device+0x1f/0x30
[ 1350.036851][T24255]  vhci_release+0x185/0x230
[ 1350.041379][T24255]  __fput+0x3ff/0xb40
[ 1350.045370][T24255]  task_work_run+0x150/0x240
[ 1350.049965][T24255]  do_exit+0x829/0x2a30
[ 1350.054121][T24255]  do_group_exit+0xd5/0x2a0
[ 1350.058627][T24255]  get_signal+0x1ec7/0x21e0
[ 1350.063149][T24255]  arch_do_signal_or_restart+0x91/0x7a0
[ 1350.068716][T24255]  exit_to_user_mode_loop+0x86/0x4b0
[ 1350.074008][T24255]  do_syscall_64+0x4fe/0xf80
[ 1350.078614][T24255]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1350.084517][T24255] 
[ 1350.086831][T24255] Memory state around the buggy address:
[ 1350.092452][T24255]  ffff8880a6997f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 1350.100512][T24255]  ffff8880a6997f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 1350.108573][T24255] >ffff8880a6998000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 1350.116627][T24255]                                                        ^
[ 1350.123814][T24255]  ffff8880a6998080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 1350.131874][T24255]  ffff8880a6998100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 1350.139930][T24255] ==================================================================
[ 1350.147983][T24255] Kernel panic - not syncing: kasan.fault=panic_on_write set ...
[ 1350.155706][T24255] CPU: 0 UID: 0 PID: 24255 Comm: khidpd_15c25886 Tainted: G    B        L      syzkaller #0 PREEMPT(full) 
[ 1350.167102][T24255] Tainted: [B]=BAD_PAGE, [L]=SOFTLOCKUP
[ 1350.172637][T24255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 1350.182696][T24255] Call Trace:
[ 1350.185970][T24255]  <TASK>
[ 1350.188908][T24255]  dump_stack_lvl+0x100/0x190
[ 1350.193604][T24255]  vpanic+0x20d/0x630
[ 1350.197595][T24255]  panic+0xd1/0xd1
[ 1350.201323][T24255]  ? __pfx_panic+0x10/0x10
[ 1350.205834][T24255]  ? end_report.part.0+0x23/0x90
[ 1350.210804][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1350.216453][T24255]  ? rcu_is_watching+0x12/0xc0
[ 1350.221235][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1350.226886][T24255]  ? lock_release+0x21e/0x2e0
[ 1350.231599][T24255]  end_report.part.0+0x68/0x90
[ 1350.236388][T24255]  kasan_report.cold+0xe/0x18
[ 1350.241087][T24255]  ? do_raw_spin_lock+0x119/0x260
[ 1350.246132][T24255]  kasan_check_range+0x10f/0x1e0
[ 1350.251087][T24255]  do_raw_spin_lock+0x119/0x260
[ 1350.255948][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1350.261597][T24255]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1350.266977][T24255]  ? lock_acquire+0x2c4/0x330
[ 1350.271687][T24255]  ? __mutex_lock+0x1861/0x1b90
[ 1350.276560][T24255]  _raw_spin_lock_irqsave+0x42/0x60
[ 1350.281767][T24255]  ? __mutex_lock+0xcc7/0x1b90
[ 1350.286552][T24255]  __mutex_lock+0xcc7/0x1b90
[ 1350.291161][T24255]  ? __pfx_debug_object_deactivate+0x10/0x10
[ 1350.297165][T24255]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1350.302550][T24255]  ? l2cap_unregister_user+0x71/0x240
[ 1350.307959][T24255]  ? __pfx___mutex_lock+0x10/0x10
[ 1350.313001][T24255]  ? __try_to_del_timer_sync+0x107/0x160
[ 1350.318657][T24255]  ? __try_to_del_timer_sync+0x107/0x160
[ 1350.324319][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1350.329970][T24255]  ? rcu_is_watching+0x12/0xc0
[ 1350.334754][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1350.340405][T24255]  ? lockdep_hardirqs_on+0x78/0x100
[ 1350.345622][T24255]  ? __try_to_del_timer_sync+0x107/0x160
[ 1350.351282][T24255]  ? __pfx___try_to_del_timer_sync+0x10/0x10
[ 1350.357287][T24255]  ? __timer_delete_sync+0x151/0x1c0
[ 1350.362599][T24255]  ? l2cap_unregister_user+0x71/0x240
[ 1350.368005][T24255]  l2cap_unregister_user+0x71/0x240
[ 1350.373237][T24255]  hidp_session_thread+0x459/0x680
[ 1350.378370][T24255]  ? __pfx_hidp_session_thread+0x10/0x10
[ 1350.384108][T24255]  ? __pfx_hidp_session_wake_function+0x10/0x10
[ 1350.390366][T24255]  ? __kthread_parkme+0xbb/0x230
[ 1350.395329][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1350.400978][T24255]  ? rcu_is_watching+0x12/0xc0
[ 1350.405758][T24255]  ? __pfx_hidp_session_wake_function+0x10/0x10
[ 1350.412013][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1350.417661][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1350.423309][T24255]  ? __kthread_parkme+0x18c/0x230
[ 1350.428362][T24255]  ? __pfx_hidp_session_thread+0x10/0x10
[ 1350.434013][T24255]  kthread+0x3b3/0x730
[ 1350.438091][T24255]  ? __pfx_kthread+0x10/0x10
[ 1350.442688][T24255]  ? ret_from_fork+0x79/0xaf0
[ 1350.447374][T24255]  ? ret_from_fork+0x79/0xaf0
[ 1350.452060][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1350.457710][T24255]  ? rcu_is_watching+0x12/0xc0
[ 1350.462489][T24255]  ? __pfx_kthread+0x10/0x10
[ 1350.467087][T24255]  ret_from_fork+0x754/0xaf0
[ 1350.471694][T24255]  ? __pfx_ret_from_fork+0x10/0x10
[ 1350.476817][T24255]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1350.482465][T24255]  ? __switch_to+0x7b9/0x10c0
[ 1350.487164][T24255]  ? __pfx_kthread+0x10/0x10
[ 1350.491762][T24255]  ret_from_fork_asm+0x1a/0x30
[ 1350.496567][T24255]  </TASK>
[ 1350.499844][T24255] Kernel Offset: disabled
[ 1350.504161][T24255] Rebooting in 86400 seconds..