last executing test programs:

10m5.511213477s ago: executing program 1 (id=269):
r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0)
ioctl$BTRFS_IOC_SYNC(r0, 0x9408, 0x0)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
r1 = socket(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$wireguard(&(0x7f00000003c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'})
socket$packet(0x11, 0x3, 0x300)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x6, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000fcffffff00000000000000008500000036000000180100006420002500000000002020207b1af8ff00"], &(0x7f0000000300)='syzkaller\x00', 0x80000001, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x20}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x5, 0x14, 0x0, &(0x7f0000000140)="259a00f271a76d1708fff74588a80a3888a82f15", 0x0, 0xd11, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0b000000070000000f0000000900000005"], 0x50)
bpf$MAP_LOOKUP_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000001840), 0xfffffff7, r3}, 0x38)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, &(0x7f0000000000))
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(r1, 0x0, 0x2000400c)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$bt_sco_SCO_OPTIONS(r4, 0x11, 0x1, &(0x7f00000000c0)=""/161, &(0x7f0000000180)=0xa1)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000240)={'batadv_slave_0\x00'})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3)

10m3.27911798s ago: executing program 1 (id=276):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
ioctl$SOUND_MIXER_READ_RECSRC(0xffffffffffffffff, 0x80044dff, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x32, 0x0, 0x0)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00')
read$FUSE(r3, &(0x7f0000000280)={0x2020}, 0x2020)

10m0.34519583s ago: executing program 1 (id=283):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001280)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="110200000000000000000100000030000180060005004e21000014000400000000000000000000000000000000010800060001000000060001000a0000009bc8a3d0e8da39b17993ff43ad778013978839ed10c4d05be78a46f2db36edeef6a3a781c46a9fce73d48e6bf738c89ef2ae19dc8b0a1f95c5883fa8d6bbb319f3907e0ae3dd2264386fbe7c683de00a16ca4e829acbba52c7473a8723bcc1cbe786f7e7db0886506cfd7f6305aa7481c9c916cd31e3c10a70d3ec1182eb95ad3e5fcfb8cc36ecfed1604887e0b4e8bb255556670bb276d5e61cc51ec7"], 0x44}}, 0x0)

9m59.771041976s ago: executing program 1 (id=288):
r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0)
ioctl$BTRFS_IOC_SYNC(r0, 0x9408, 0x0)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
r1 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r2=>0x0})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x5, 0xf, 0x0, &(0x7f0000000140)="259a00f271a76d1708fff74588a80a", 0x0, 0xd11, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[], 0x50)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000400)=@newqdisc={0x44, 0x24, 0x3fe3aa0262d8c583, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xf}, {0xffff, 0xffff}, {0xfff1}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xa117}, @TCA_FQ_PIE_BYTEMODE={0x8, 0xb, 0x1}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c)

9m58.820327885s ago: executing program 1 (id=292):
r0 = socket$caif_seqpacket(0x25, 0x5, 0x0)
recvmsg(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x100)

9m58.693719446s ago: executing program 1 (id=295):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
r4 = syz_open_dev$sg(0x0, 0x0, 0x8002)
ioctl$SG_IO(r4, 0x2285, 0x0)
r5 = fcntl$dupfd(r4, 0x0, r4)
write$sndseq(r5, 0x0, 0x0)
read$FUSE(r5, 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x1c}}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000080)={'ip6gre0\x00', &(0x7f0000000100)={'syztnl1\x00', 0x0, 0x29, 0x1, 0x3, 0x6, 0x6, @loopback, @local, 0x8, 0x7827, 0x3, 0x3}})
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r7, 0x0, 0x33, &(0x7f0000000000)=0x80020000, 0x4)
close_range(r3, 0xffffffffffffffff, 0x0)

9m43.069828347s ago: executing program 32 (id=295):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
r4 = syz_open_dev$sg(0x0, 0x0, 0x8002)
ioctl$SG_IO(r4, 0x2285, 0x0)
r5 = fcntl$dupfd(r4, 0x0, r4)
write$sndseq(r5, 0x0, 0x0)
read$FUSE(r5, 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x1c}}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000080)={'ip6gre0\x00', &(0x7f0000000100)={'syztnl1\x00', 0x0, 0x29, 0x1, 0x3, 0x6, 0x6, @loopback, @local, 0x8, 0x7827, 0x3, 0x3}})
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r7, 0x0, 0x33, &(0x7f0000000000)=0x80020000, 0x4)
close_range(r3, 0xffffffffffffffff, 0x0)

12.655429783s ago: executing program 2 (id=2217):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
syz_read_part_table(0x1063, &(0x7f0000002100)="$eJzsz7FNBDEQhtHfO2fkq2LbICQgJARRDotECVRASAt0QBe0QAOLsJYWgOC9yPInzWjCnzov45Tk8qmeM5JsSe57kkpl/nxbk7f3m5akv3yOVKtcnWYZydqORyUtud36/tA+9mX2dn2e8aIfo5bHtX6W193rrx8MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/QVwAAAP//V1IMsA==")
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x104, 0xfffffbfc, 0xf, 0xc, '\x00\x00\x00`\x00\x00\x00>$\x00\x00\x00\x00\x00\x00\x00\b\x00'})
r1 = syz_open_pts(r0, 0x0)
r2 = dup3(r1, r0, 0x0)
read$char_usb(r2, &(0x7f0000000380)=""/4096, 0x1000)

12.207968399s ago: executing program 2 (id=2221):
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_update={'update ', 'default', 0x20, 'user:', '\x84rusted:'}, 0x1d, 0xfffffffffffffffd)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x8800, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x34, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4010}, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x14)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000180)=0xe)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x0)
close(0x3)
r3 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$VIDIOC_S_INPUT(r3, 0xc0045627, 0x0)
bind$alg(r0, 0x0, 0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/profiling', 0xa0642, 0x0)
write$tcp_mem(r4, &(0x7f0000000280)={0x11, 0x2d, 0x0, 0x3a, 0xfffffffffffffffe, 0x2c}, 0x48)
bind$inet6(r4, &(0x7f00000001c0)={0xa, 0x4e21, 0x6, @local, 0x4}, 0x1c)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), 0x0, 0x0, 0xfffffffffffffffe)

11.234340542s ago: executing program 2 (id=2223):
timer_create(0x1, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sched_setattr(0x0, 0x0, 0x0)

8.827921036s ago: executing program 4 (id=2232):
r0 = shmget$private(0x0, 0x4000, 0x10, &(0x7f0000ffc000/0x4000)=nil)
shmctl$SHM_UNLOCK(r0, 0xc)

8.74577579s ago: executing program 4 (id=2233):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000a40)='memory.swap.current\x00', 0x275a, 0x0)
r0 = socket(0xa, 0x3, 0xff)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x6, @mcast2, 0x200001}, 0x1c)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000540)='net/dev\x00')
readv(r4, &(0x7f0000001400)=[{0x0}], 0x1)
ioctl$UI_BEGIN_FF_ERASE(r4, 0xc00c55ca, &(0x7f0000000000)={0xc, 0x7, 0xffffffff})
socket$inet_udp(0x2, 0x2, 0x0)
r5 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r5, 0x89f0, &(0x7f0000000040)={'bridge0\x00', &(0x7f0000000180)=@ethtool_regs={0x4, 0x0, 0xa, "0000e54def10a13d4683"}})

7.784500602s ago: executing program 5 (id=2237):
socket(0x1, 0x5, 0x0)
epoll_create1(0x0)
pipe(&(0x7f0000000380)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, 0x0, 0x0)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000140)=@ipv4_newroute={0x24, 0x1a, 0x1, 0x80000000, 0x25dfdbfb, {0xa, 0x0, 0x80, 0x0, 0xff, 0x0, 0xfe}, [@RTA_SRC={0x8, 0x2, @private=0xa010102}]}, 0x24}}, 0x20000050)
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r1, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10)
sendto$inet(r1, &(0x7f0000000200)="e1", 0xfea8, 0x0, 0x0, 0x0)
splice(r1, 0x0, r0, 0x0, 0xfea8, 0xa)

7.73341334s ago: executing program 4 (id=2238):
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000002bc0)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'bridge0\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = dup(r1)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c)
sendmsg$inet6(r1, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0xb, @loopback, 0x4}, 0x1c, &(0x7f0000000100)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x48043)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0xce20, 0x6, @empty, 0x2d}}, 0x7, 0x1, 0xf06, 0x3, 0xb4, 0x7f, 0x9}, 0x9c)

7.683839709s ago: executing program 2 (id=2239):
syz_mount_image$f2fs(&(0x7f0000001080), &(0x7f0000000000)='./file1\x00', 0x2800000, &(0x7f0000000380)=ANY=[], 0x2, 0x5515, &(0x7f0000001300)="$eJzs3EtvG9UXAPDjpGnTx7//CLFg15EqpESqrTpNKtgFaMVDpIoKLFiBYzuWW9sTxY4TsmLBErHgmyCQWLHkM7BgzQ6xALFDAnlmAg0PqSh+0Ob3k8Zn7vX1mXOtqtKZiRzAmbWU/PxjKa7GxYiYj4grEdl5qTgyG3l4LiKuRcTcI0epmP994nxEXIqIq6Pkec5S8danN4bX139446evvrlw7vJnX347u10Ds/Z8RHR38/ODbh7TVh4fFPO1YTuL3bVhEfM3ug+LcZrHg+Z2luGgdryulsVbrXx9urvfH8WdTq0+iq32Tja/28sv2B+2jvNkH3hQ28vGjeZ2Ftv9NIuto7yuw6P8/7aj/iDP0yjyfZClj8HgOObzzcNmvp/dh1ms9wbFfJ43bTQPR3FYxOJyUU87jayO7dN80/9tb7Z7+4fJsLnXb6e9ZL1SfaFSvV2u7qWN5qC5Vq51G7fXkuVWZ7SsPGjWuhutNG11mpV62l1Jllv1erlaTZbvNLfbtV5SrVZuVW6W11eKsxvJq/feSTqNZHkUX2739gftTj/ZSfeS/BMrlyPixZXkejV5a3Mr2bp/9+7m1tvv3Xn33kubr79SLPpLWcny6s3V1XL1Znm1ujLB/S/GxPefrFZuPfb+PyqKHuP+4VRKsy4A4Mmj/wdmYXL9/979iMn3/6H/H4tZ9///qv+ddv9/BvYPp6L/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4s75b+Py17GQpH18u5v9XTD1TjEsRMRcRv/6N+Th/Iud8kWfhH9Yv/KmGr0uRZRhd40JxXIqIjeL45f+T/hYAAADg6fXFh9c+ybv1/GVp1gUxTflNm7kr748p32JELCx9P6Zsc6OXZ8eULPv3fS4Ox5Qtu4G1OKZk+S23c+PK9ljmT4TFR0IpD3NTLQcAAJiKk53AdLsQAAAApunjWRfAbJTi+FHm8bPg7C/v/3ggePHECAAAAHgClWZdAAAAADBxWf/v9/8AAADg6Zb//h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv7FzP7eJA1EcgJ8NXtj/aLX3bWVvUMaWsMc9riggTVBADqSFNEAN5JYSIojwOAQiDpE8tpXo+yQzjGV+PCN8mBlpAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC6dFetFzf/f121zdnt28lzNwAAAMAl22q9qN/MUv9zc/5rc+pH0y8iooyIS2P3UXw4yxw1OdXz9den11cvariNqBMO3zFpjk8R8bs5Hr53/SsAAADA+7VZruZptJ5eZkMXRJ/SpE355U+mvCIiqtl9prTykPczU1j9/x7Hv0xp9QTWt0xhacptnCvtVerH/ThrNz1pitSUFz92LHLaeYUAAEB+o7Om31EIAAAAffo7dAEMo4inpczjUuAkNc3y3sezHgAAAPAGFUMXAAAAAHSuHv/3tP/f3v5/AAAAMIy0/x8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABd2lbrxWa5mrfN2e3byXM3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI/szzsKhEAYhMHe9Z3J3P+w0qCpqUkVCB9/YzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG9+95f/E1PjTDL32lh6HknWTo2tU2Pv3Dj6w/j6NQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcLE/NykQwkAQRmvG/53k/oeVAj2DCO9B4EuaXgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAL/rdJ+cTU6O3Ocm/sfR5JFk7amwdNfYuNI4ujLd/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMXO/bzGUcUBAH8zs7O1VXGNsoeIKHjQi91ua2tv4kEJHvwThJBua+zWH20OthQxF2+Scy+iRxFBibf+DzknkEu85bCHCJ6VmZ3JTn6A66+ZTfL5wJv33WGY932zEPKd9xIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA0ensSJ9mhM47j4tzm3sOlrN861Gcer23PZy2LozqTPhlerH6Ius0lAgAAwNmRlPV9CGEnXV/I+riT1/9peU1W83/79Dgu6/nDdX/Zl7V/1n75eff5/YE643Gym95cHg4uHU2l9f/NcrY985dXtPInn797SfIvJH5v9blRmj/P6OuNjXfaeXiujmwBgH/iYtkXQfn7UNb3m0wMgDOjVSm8y/o/6TSbEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAdRqvhyTKOQgjzrUmc2dp7uHRc/3hte75s1x49WgtfTu6Z3SINIdxcHg4u1Tqb2Xbv/oPbi8Ph4G79wUshhKZGf6uY/u0Pprg4hEaej+A/CuLiy56VfE5G0OAPJQAATqW0aFldv5OuL2TnorkQ/vjuYP3/aiUOU9b/ux9e26yOVa3/+7XNcPb1Vu582rt3/8Hry3cWbw1uDT5+43L/zf6V61evXu/l70p63pgAAADw77SLVq3/47mj6/8XKnGYsv7/7Jv+F9WxEvX/sSaLfk1nAgAAcLY9+/Lvv0XHnI/a7fD54srK3f74uP/58vjYQKp/27miVev/ZK7prAAAAIA6jFajA+v/NypxmHL9/6nvX/ixes8khHC+WP+/uPTJ8EZ905lpdfw5cdNzBAAAoFnni1Zd/0/z/f/x/paHOITw2ivjuPg3gFPV/8m7X/1QXN4Jh/b/X6l3mjMn7o6fR953Q2h1m84IAACA0+yJomXF/q/p+sJHP114v23/PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDd/gwAAP///ls9vA==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f00000014c0)={0x28, 0x0, 0x2711, @local}, 0x10)
connect$vsock_stream(r2, &(0x7f0000000040)={0x28, 0x0, 0x2711, @hyper}, 0x10)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183b41, 0x52)
ioctl$FS_IOC_RESVSP(r3, 0x40305828, &(0x7f0000000040)={0x0, 0x2, 0xb, 0x800808})

7.367573642s ago: executing program 3 (id=2240):
add_key$keyring(&(0x7f0000000500), 0x0, 0x0, 0x0, 0xffffffffffffffff)
syz_open_dev$vbi(0x0, 0x1, 0x2)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000021c0), 0x181000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
kexec_load(0xff0f, 0x0, 0x0, 0x0)
setrlimit(0x7, &(0x7f0000000140)={0x4, 0x100})
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f0000000c40)={{0x80, 0x4}, 'port0\x00', 0x0, 0x100c40, 0x5, 0x0, 0x4, 0x40, 0xfffffc01, 0x0, 0x1, 0x25})
close(r0)
syz_emit_ethernet(0x0, 0x0, 0x0)
setreuid(0xee01, 0xee01)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000440)=ANY=[@ANYBLOB="b7000000fdffffffbfa30000000000000703000020feffff720af0fff8ffffff71a4f0ff000000000f040000000000001d4002000000000065040000000000000f030000000000001d440000000000007a0a00fe000000000f00000000000000b5000000000000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b1100886475923906f88b53987ad0c33d39000d06a59ff616236fd9aa58f0177184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10076443d64360f56e24e6d2105bd901128c7e0ec82770c8204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee7dfcb59b854e9d5a17f48a7382f1b3fa4526650ea6cef13d000000225d85ae49cee383f936ad657b303ab841dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d355d84ce97bb0c6b4a595e487efbb2d71cde2c1070bc6980fe78683ac5c0c31032599ddd71063be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d96c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)

6.686532056s ago: executing program 5 (id=2241):
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000800)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x0}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6(0xa, 0x80003, 0x5)
r3 = fsopen(&(0x7f0000001340)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
fsmount(r3, 0x0, 0x80)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000001c00), 0x12)
futex(0x0, 0x8, 0x2, 0x0, 0x0, 0x0)

6.340193495s ago: executing program 3 (id=2242):
r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r0, 0x0, 0x0)
r6 = openat$cgroup_subtree(r5, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_subtree(r6, &(0x7f0000000180)=ANY=[@ANYBLOB='-pids'], 0x6)

4.917224544s ago: executing program 0 (id=2246):
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_update={'update ', 'default', 0x20, 'user:', '\x84rusted:'}, 0x1d, 0xfffffffffffffffd)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x34, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4010}, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0x14)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000180)=0xe)
ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0)
close(0x3)
r3 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$VIDIOC_S_INPUT(r3, 0xc0045627, 0x0)
bind$alg(r0, 0x0, 0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/profiling', 0xa0642, 0x0)
write$tcp_mem(r4, &(0x7f0000000280)={0x11, 0x2d, 0x0, 0x3a, 0xfffffffffffffffe, 0x2c}, 0x48)
bind$inet6(r4, &(0x7f00000001c0)={0xa, 0x4e21, 0x6, @local, 0x4}, 0x1c)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), 0x0, 0x0, 0xfffffffffffffffe)

4.598273267s ago: executing program 3 (id=2247):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x1000000)
io_uring_setup(0xf08, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000000)={&(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f000000c000/0x1000)=nil, &(0x7f000001f000/0x1000)=nil, &(0x7f0000015000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f000000c000/0x4000)=nil, &(0x7f000001d000/0x3000)=nil, &(0x7f0000012000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0}, 0x68)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000001c0)={'wlan0\x00', &(0x7f0000000080)=@ethtool_gstrings={0x1b, 0x1}})

4.332127172s ago: executing program 0 (id=2248):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000a40)='memory.swap.current\x00', 0x275a, 0x0)
r0 = socket(0xa, 0x3, 0xff)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x6, @mcast2, 0x200001}, 0x1c)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000540)='net/dev\x00')
readv(r4, &(0x7f0000001400)=[{0x0}], 0x1)
ioctl$UI_BEGIN_FF_ERASE(r4, 0xc00c55ca, &(0x7f0000000000)={0xc, 0x7, 0xffffffff})
socket$inet_udp(0x2, 0x2, 0x0)
r5 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r5, 0x89f0, &(0x7f0000000040)={'bridge0\x00', &(0x7f0000000180)=@ethtool_regs={0x4, 0x0, 0xa, "0000e54def10a13d4683"}})

3.33236323s ago: executing program 0 (id=2249):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0xfffffffd, @local, 0x2}, 0x1c)
listen(r0, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000080)={@ipv4={'\x00', '\xff\xff', @local}, 0x100300, 0x1, 0x2, 0xb, 0x4002, 0x85}, 0x20)
syz_emit_ethernet(0x56, &(0x7f0000000040)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x20, 0x6, 0x0, @dev={0xfe, 0x80, '\x00', 0x2e}, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x8, 0x2, 0x11, 0x0, 0x2, {[@timestamp={0x8, 0xa, 0x9fcf2c8a, 0x37}]}}}}}}}}, 0x0)

3.255743063s ago: executing program 0 (id=2250):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000000)={0x0, r0}, 0x8)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000280)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f00000001c0)='dctcp', 0x5)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x40000, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0x3, 0xfff3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x6, 0x6b7, 0x80, 0x0, 0x1, 0x91b1}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000400}, 0x24000000)
sendto$inet(r1, &(0x7f0000000900)="2e552f5d9fd8b0d9627c4980f0d1ea2bf8f617a682acd2841acd878bd68344d4f50f83b0c51fa9135a01c95d4a068ec8b12d01010000a44c4505ba9a36f2cf4cc5e8308126d0a2c3b9d24e57c5011376b6263e2a1258eec1eb72bedea3eb5ccf73eb081b4c6d5faa998d7b795c057dd757d14200a8a6dbb3e59df96b77d16753ac4b32b94ffe6b5ee304d0428eb18056657c8c5c71c632be66cb26fe5c9abec7591ef3cb9b2a1133e9fa9bf0de6c378bed7b51cb8a07c343aabfda193349b91a5dc81a658cb61fbbfa51ef95abe03381ee2cb8d41da19ea8b96ec68ce17cf57da60f1d04acaf34a643db8d2d5ad2991f306b42744347a0c9e1fe2136b2b3da49032d3a57df1e236222cf6d6fe396aff8e5fe7fff5baa88789b783c12045e2c904a5d118369fdddc3e6e2f24bdbb26df92ac9bf4751c897a87c0223888e36ad14ba6e4d879ff464cac6f13a3a543e067d922e99c50f2fc6391e9c1c82b7195005eafdbb3374200c134cbd0f11739e8c19dd07140686242fea48caf3a1a93b86f35d77f258a2c9ce24cf321068551a584262d7a74a344e428c77c8af755e72904b0ca8a0bb359fb0", 0xffffff5d, 0x12, 0x0, 0x0)
recvfrom$inet(r1, &(0x7f0000000080), 0xffffffffffffffa9, 0xc9100120, 0x0, 0x1500)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000000900010073797a300000000058000000030a01030000000000000000050000000900010073797a300000000009000300d0054fc1cb8feed643b381ec5b73797a300000000008000a40000000031c0004800800024000000012080001400000000008000240637bd6a808000540000000001400"], 0xa0}}, 0x0)

2.940637966s ago: executing program 0 (id=2251):
socket(0x1, 0x5, 0x0)
epoll_create1(0x0)
pipe(&(0x7f0000000380)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, 0x0, 0x0)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000140)=@ipv4_newroute={0x24, 0x1a, 0x1, 0x80000000, 0x25dfdbfb, {0xa, 0x0, 0x80, 0x0, 0xff, 0x0, 0xfe}, [@RTA_SRC={0x8, 0x2, @private=0xa010102}]}, 0x24}}, 0x20000050)
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r1, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10)
sendto$inet(r1, &(0x7f0000000200)="e1", 0xfea8, 0x0, 0x0, 0x0)
splice(r1, 0x0, r0, 0x0, 0xfea8, 0xa)

2.895934984s ago: executing program 5 (id=2252):
bpf$MAP_CREATE(0x0, &(0x7f0000000700)=@base={0xc, 0x4, 0x4, 0x9}, 0x48)
kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='net/ip_mr_cache\x00')
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
ptrace$peek(0x7, 0x0, &(0x7f0000000280))
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket(0x10, 0x3, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000006d40)=[{{&(0x7f0000000100)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000180)=[{&(0x7f0000000140)='j', 0x1}], 0x1}}, {{&(0x7f0000000840)={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000002a00)=[{&(0x7f0000000880)='*', 0x1}], 0x1}}], 0x2, 0x48000)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800e80010000d0428bd7000fcdbff2500008000", @ANYRES32=r1, @ANYBLOB="1000000000000000280012800b00010062726964676500001800028005001900840000000c"], 0x48}}, 0x4084)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
sendmmsg(r1, &(0x7f0000000000), 0x4000000000001f2, 0x0)

2.349969105s ago: executing program 2 (id=2253):
close(0x3)
syz_open_dev$tty1(0xc, 0x4, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x81, &(0x7f0000000080)=""/4076, &(0x7f00000010c0)=0xfec)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001280)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="110200000000000000000100000030000180060005004e21000014000400000000000000000000000000000000010800060001000000060001000a0000009bc8a3d0e8da39b17993ff43ad778013978839ed10c4d05be78a46f2db36edeef6a3a781c46a9fce73d48e6bf738c89ef2ae19dc8b0a1f95c5883fa8d6bbb319f3907e0ae3dd2264386fbe7c683de00a16ca4e829acbba52c7473a8723bcc1cbe786f7e7db0886506cfd7f6305aa7481c9c916cd31e3c10a70d3ec1182eb95ad3e5fcfb8cc36ecfed1604887e0b4e8bb255556670bb276d5e61cc51ec7"], 0x44}}, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
mount(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x40078, 0x0)
r5 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r5, &(0x7f0000000000)={0x1, 0x5}, 0x2)
write$USERIO_CMD_REGISTER(r5, &(0x7f00000000c0), 0x2)
syz_emit_vhci(&(0x7f0000000340)=ANY=[@ANYBLOB="043e1f0a00"], 0x22)

1.940076644s ago: executing program 0 (id=2254):
syz_mount_image$f2fs(&(0x7f0000001080), &(0x7f0000000000)='./file1\x00', 0x2800000, &(0x7f0000000380)=ANY=[], 0x2, 0x5515, &(0x7f0000001300)="$eJzs3EtvG9UXAPDjpGnTx7//CLFg15EqpESqrTpNKtgFaMVDpIoKLFiBYzuWW9sTxY4TsmLBErHgmyCQWLHkM7BgzQ6xALFDAnlmAg0PqSh+0Ob3k8Zn7vX1mXOtqtKZiRzAmbWU/PxjKa7GxYiYj4grEdl5qTgyG3l4LiKuRcTcI0epmP994nxEXIqIq6Pkec5S8danN4bX139446evvrlw7vJnX347u10Ds/Z8RHR38/ODbh7TVh4fFPO1YTuL3bVhEfM3ug+LcZrHg+Z2luGgdryulsVbrXx9urvfH8WdTq0+iq32Tja/28sv2B+2jvNkH3hQ28vGjeZ2Ftv9NIuto7yuw6P8/7aj/iDP0yjyfZClj8HgOObzzcNmvp/dh1ms9wbFfJ43bTQPR3FYxOJyUU87jayO7dN80/9tb7Z7+4fJsLnXb6e9ZL1SfaFSvV2u7qWN5qC5Vq51G7fXkuVWZ7SsPGjWuhutNG11mpV62l1Jllv1erlaTZbvNLfbtV5SrVZuVW6W11eKsxvJq/feSTqNZHkUX2739gftTj/ZSfeS/BMrlyPixZXkejV5a3Mr2bp/9+7m1tvv3Xn33kubr79SLPpLWcny6s3V1XL1Znm1ujLB/S/GxPefrFZuPfb+PyqKHuP+4VRKsy4A4Mmj/wdmYXL9/979iMn3/6H/H4tZ9///qv+ddv9/BvYPp6L/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4s75b+Py17GQpH18u5v9XTD1TjEsRMRcRv/6N+Th/Iud8kWfhH9Yv/KmGr0uRZRhd40JxXIqIjeL45f+T/hYAAADg6fXFh9c+ybv1/GVp1gUxTflNm7kr748p32JELCx9P6Zsc6OXZ8eULPv3fS4Ox5Qtu4G1OKZk+S23c+PK9ljmT4TFR0IpD3NTLQcAAJiKk53AdLsQAAAApunjWRfAbJTi+FHm8bPg7C/v/3ggePHECAAAAHgClWZdAAAAADBxWf/v9/8AAADg6Zb//h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv7FzP7eJA1EcgJ8NXtj/aLX3bWVvUMaWsMc9riggTVBADqSFNEAN5JYSIojwOAQiDpE8tpXo+yQzjGV+PCN8mBlpAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC6dFetFzf/f121zdnt28lzNwAAAMAl22q9qN/MUv9zc/5rc+pH0y8iooyIS2P3UXw4yxw1OdXz9den11cvariNqBMO3zFpjk8R8bs5Hr53/SsAAADA+7VZruZptJ5eZkMXRJ/SpE355U+mvCIiqtl9prTykPczU1j9/x7Hv0xp9QTWt0xhacptnCvtVerH/ThrNz1pitSUFz92LHLaeYUAAEB+o7Om31EIAAAAffo7dAEMo4inpczjUuAkNc3y3sezHgAAAPAGFUMXAAAAAHSuHv/3tP/f3v5/AAAAMIy0/x8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABd2lbrxWa5mrfN2e3byXM3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI/szzsKhEAYhMHe9Z3J3P+w0qCpqUkVCB9/YzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG9+95f/E1PjTDL32lh6HknWTo2tU2Pv3Dj6w/j6NQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcLE/NykQwkAQRmvG/53k/oeVAj2DCO9B4EuaXgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAL/rdJ+cTU6O3Ocm/sfR5JFk7amwdNfYuNI4ujLd/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMXO/bzGUcUBAH8zs7O1VXGNsoeIKHjQi91ua2tv4kEJHvwThJBua+zWH20OthQxF2+Scy+iRxFBibf+DzknkEu85bCHCJ6VmZ3JTn6A66+ZTfL5wJv33WGY932zEPKd9xIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA0ensSJ9mhM47j4tzm3sOlrN861Gcer23PZy2LozqTPhlerH6Ius0lAgAAwNmRlPV9CGEnXV/I+riT1/9peU1W83/79Dgu6/nDdX/Zl7V/1n75eff5/YE643Gym95cHg4uHU2l9f/NcrY985dXtPInn797SfIvJH5v9blRmj/P6OuNjXfaeXiujmwBgH/iYtkXQfn7UNb3m0wMgDOjVSm8y/o/6TSbEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAdRqvhyTKOQgjzrUmc2dp7uHRc/3hte75s1x49WgtfTu6Z3SINIdxcHg4u1Tqb2Xbv/oPbi8Ph4G79wUshhKZGf6uY/u0Pprg4hEaej+A/CuLiy56VfE5G0OAPJQAATqW0aFldv5OuL2TnorkQ/vjuYP3/aiUOU9b/ux9e26yOVa3/+7XNcPb1Vu582rt3/8Hry3cWbw1uDT5+43L/zf6V61evXu/l70p63pgAAADw77SLVq3/47mj6/8XKnGYsv7/7Jv+F9WxEvX/sSaLfk1nAgAAcLY9+/Lvv0XHnI/a7fD54srK3f74uP/58vjYQKp/27miVev/ZK7prAAAAIA6jFajA+v/NypxmHL9/6nvX/ixes8khHC+WP+/uPTJ8EZ905lpdfw5cdNzBAAAoFnni1Zd/0/z/f/x/paHOITw2ivjuPg3gFPV/8m7X/1QXN4Jh/b/X6l3mjMn7o6fR953Q2h1m84IAACA0+yJomXF/q/p+sJHP114v23/PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDd/gwAAP///ls9vA==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f00000014c0)={0x28, 0x0, 0x2711, @local}, 0x10)
connect$vsock_stream(r2, &(0x7f0000000040)={0x28, 0x0, 0x2711, @hyper}, 0x10)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183b41, 0x52)
ioctl$FS_IOC_RESVSP(r3, 0x40305828, &(0x7f0000000040)={0x0, 0x2, 0xb, 0x800808})
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x183b41, 0x52)

1.569889506s ago: executing program 3 (id=2255):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_kvm_add_vcpu$x86(0x0, &(0x7f00000000c0)={0x0, 0x0})
syz_kvm_add_vcpu$x86(0x0, 0x0)
timer_create(0x1, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, 0x0, 0x0, 0x2000c045, &(0x7f0000000100)={0x2, 0x4e20, @empty}, 0x10)
recvfrom(r1, &(0x7f00000012c0)=""/4095, 0xfff, 0x102, 0x0, 0x0)
sendto(r1, &(0x7f00000007c0)='`', 0x1, 0x8001, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="240000002500090122bd7000fcffffff5c000000080003004700000008006b8095eaeab79c61a1a929327a19a708a83baa2befbe51bd28a3ede4d07d07273bbcc4c07ff61b4d81b086ad45e924fa0871d3a4d43a21"], 0x24}, 0x1, 0x0, 0x0, 0x449d7}, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x36900, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r5 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x109040, 0x0)
ioctl$COMEDI_CMD(r5, 0x80506409, &(0x7f0000000180)={0x1, 0x30000, 0x80, 0xd, 0x10, 0x4, 0x2, 0x2000000, 0x20, 0x20, 0x1, 0x2000000, &(0x7f0000000600)=[0x7], 0x1, 0x0})

1.555940379s ago: executing program 5 (id=2256):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000004700))
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000000)={'team0\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10104}, [@IFLA_IFNAME={0x14, 0x3, 'vlan0\x00'}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x3c}}, 0x0)

1.400782675s ago: executing program 2 (id=2257):
r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r0, 0x0, 0x0)
r6 = openat$cgroup_subtree(r5, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_subtree(r6, &(0x7f0000000180)=ANY=[@ANYBLOB='-pids'], 0x6)

1.247836s ago: executing program 4 (id=2258):
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_update={'update ', 'default', 0x20, 'user:', '\x84rusted:'}, 0x1d, 0xfffffffffffffffd)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x34, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4010}, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0x14)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000180)=0xe)
ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0)
close(0x3)
r3 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$VIDIOC_S_INPUT(r3, 0xc0045627, 0x0)
bind$alg(r0, 0x0, 0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/profiling', 0xa0642, 0x0)
write$tcp_mem(r4, &(0x7f0000000280)={0x11, 0x2d, 0x0, 0x3a, 0xfffffffffffffffe, 0x2c}, 0x48)
bind$inet6(r4, &(0x7f00000001c0)={0xa, 0x4e21, 0x6, @local, 0x4}, 0x1c)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), 0x0, 0x0, 0xfffffffffffffffe)

500.146856ms ago: executing program 4 (id=2259):
r0 = socket$kcm(0x2, 0x3, 0x84)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000200)=ANY=[@ANYRES32=0x0, @ANYRES32, @ANYBLOB="3600000004000000", @ANYRES32, @ANYBLOB, @ANYRES32, @ANYBLOB="4127c8ea4676499f24990eae48bf2a06b17800cc53d8974beff307002d6608057aceff0341982ff61c3aa3611fffb07962a8c547186b883c2027126eba94cd100f2dea4856fbc57f18bf44e29f84dbfa49e27de88e08f08bcf642a09d81a06", @ANYRES64=0x0], 0x20)
close(0x3)
socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f00000001c0)="39000000140081ae0000dc676f97daf01e2357f9ffffffffffffff0521018701546fabca1b4e8a06a6580e88370200c54c1960b89c40ebb373", 0x39}], 0x1}, 0x0)
close(r0)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_buf(r1, 0x0, 0x8008000000010, &(0x7f00000002c0)="17000000020001000003d68c5ee17688a2003208020300ecff3f0200000300000a000000009afc5ad9485bbb6a880000d6c8db0000dba67e060180000a0000f10607bdff59100ac45761407a681f1fb700674f19b44e09f9315033bf79ac2dff06997ec3aed65d4258ff1601150039010000007f0000ea000000000000000009ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e000339cd2d0006d419499ff380a852557e10000000000000000001f58bf0bbf60d9627d71322fc67289d4a8d52c6b99eaac13596aa6e7f430b757de1b9a67d00914d0b56f3a19075e6f72398872a451196aefaa01d30fc30bb85f2912cac634d73ce52c9388dab2be3c9c882aa2a2070d68abb6a2ab1500"/302, 0x12e)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000000)={'team0\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="7c0000001000fbf425bd7000f759de2500000000", @ANYRES32=0x0, @ANYBLOB="13280011212c00001f01001a00010001", @ANYRES32=r3, @ANYBLOB="5400128009000100766c616e00000000440002800600010004000000340004800c00010001800000020000000c000100db110000090000000c00010008000000020000000c0001008bab00000800000004000380"], 0x7c}, 0x1, 0x0, 0x0, 0x1}, 0x20004800)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@newqdisc={0x28, 0x10, 0x1, 0x709d25, 0x25dfdbfc, {0x6, 0x0, 0x8100, r3, {0x1, 0x10}, {0xfff1, 0xd}, {0x10, 0x7}}, [@TCA_STAB={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x400c800}, 0x4)
syz_emit_ethernet(0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000002aaaaaaaaaaaa08004500006000000000002f9078640101000000000024806558000000000000000010000800000086dd"], 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="240000001a00010029bd700000000006001c004e2400"/35], 0x24}}, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000020a010200000000000000000a0000060900010073797a310000000008000240000000018c000000020a010100000000000000000000000369000600e62807258a6d38caf4cb1d7a776a7a05e57912414e63207c5e61d47bb4016b21bd5593b033b0968722f2f0f4818a1a13fbb43e79d0ae674d071c0164df9d3701cc15211300766b6ebe326ada9e49cca5c2a07460e46e35eabfb48a4cd2cd83790d7e705b010000000900010073797a31000000001c000000090a030000000000000000000a00000208000c4004"], 0xf8}, 0x1, 0x0, 0x0, 0x2000c814}, 0x4000)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a30000000004000ffff0900010073797a30000000000900020073797a3100000000140003800800014000000000"], 0x138}, 0x1, 0x0, 0x0, 0x20040855}, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
connect$inet(r1, &(0x7f0000000080)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x3a}}, 0x10)
shutdown(r1, 0x1)

459.973923ms ago: executing program 5 (id=2260):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x38}, 0x1, 0x0, 0x0, 0x24040804}, 0x4008000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xc36e5000)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000300), r1)
sendmsg$MPTCP_PM_CMD_GET_ADDR(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000340)={0x14, r3, 0xffffffffffffffff, 0x70bd2a, 0x25dfdbf8, {0x3, 0x0, 0x14}}, 0x14}, 0x1, 0x0, 0x0, 0x4005c}, 0x400c084)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000000)=0x922, 0x12)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_NEW(r4, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000540)={0x70, 0x0, 0x9, 0x305, 0x0, 0x0, {}, [@NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x4}}, @NFCTH_TUPLE={0x3c, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @remote}}}]}, @NFCTH_PRIV_DATA_LEN={0x8}]}, 0x70}}, 0x0)
socket$igmp(0x2, 0x3, 0x2)
ioctl$SNDCTL_SYNTH_INFO(0xffffffffffffffff, 0xc08c5102, &(0x7f0000000840)={"b30ab7af0277d7e2de35ec2548bd108b751ebaab0d5281885e41e5fe4353", 0x0, 0x3, 0x1, 0x5a, 0x2, 0x101, 0xcd, 0x9, [0x9, 0x1, 0xc5b, 0x1, 0x8, 0x3, 0x7, 0x80000001, 0x0, 0x7, 0x8, 0x100, 0x3, 0x7, 0x0, 0x9, 0x81, 0x4, 0x5]})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r5, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)=ANY=[@ANYBLOB="58010000", @ANYRES16=r6, @ANYBLOB="01002cbd7000fcdbdf2501000000060006004e2300000800050001000000200108801c011380f400098070000080060001000a00000014000200fc0200000000000000000000000000010500030002000000060001000a00000014000200000000000000000000000000000000010500030001000000060001000a0000001400020000000000000000000000ffff0a010102050003000200000028000080060001000a00000014000200fe8000000000000000000000000000bb050003000200000034000080060001000200000008000200ac1414bb05000300020000000600010002000000080002000a01010005000300020000001c000080060001000223000008000200ac1414aa0500030003000000040000800400008024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b392214000200776731"], 0x158}, 0x1, 0x0, 0x0, 0x44001}, 0x4c020)

441.867146ms ago: executing program 3 (id=2261):
pipe(0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x100, 0x50, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000180)={r0, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f00000002c0)='./cgroup/cgroup.procs\x00', &(0x7f0000000300)=[0x0], 0x0, 0x0, 0x20e6}}, 0x40)

277.514183ms ago: executing program 4 (id=2262):
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000800)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x0}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6(0xa, 0x80003, 0x5)
r3 = fsopen(&(0x7f0000001340)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
fsmount(r3, 0x0, 0x80)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000001c00), 0x12)
futex(0x0, 0x8, 0x2, 0x0, 0x0, 0x0)

160.198743ms ago: executing program 3 (id=2263):
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x400, @empty, 0x100001}, 0x1c)
listen(r1, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e22, @local}, 0x10)
r3 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r3, &(0x7f0000000280)=[{&(0x7f00000005c0)="580000001400192340834b80040d8c560a06ffffff7f00004e220000000058000b480400945f64009400050038925a01000000800000008004000000ff0109000000fff5dd0000000800030006010000418e01400004fcff", 0x58}], 0x1)

0s ago: executing program 5 (id=2264):
socket(0x1, 0x5, 0x0)
epoll_create1(0x0)
pipe(&(0x7f0000000380)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, 0x0, 0x0)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000140)=@ipv4_newroute={0x24, 0x1a, 0x1, 0x80000000, 0x25dfdbfb, {0xa, 0x0, 0x80, 0x0, 0xff, 0x0, 0xfe}, [@RTA_SRC={0x8, 0x2, @private=0xa010102}]}, 0x24}}, 0x20000050)
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r1, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10)
sendto$inet(r1, &(0x7f0000000200)="e1", 0xfea8, 0x0, 0x0, 0x0)
splice(r1, 0x0, r0, 0x0, 0xfea8, 0xa)

kernel console output (not intermixed with test programs):

.175035][ T4201]  hci_le_meta_evt+0xd59/0x3c90
[  343.179928][ T4201]  ? mark_lock+0x94/0x320
[  343.184278][ T4201]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  343.190287][ T4201]  ? lock_chain_count+0x20/0x20
[  343.195228][ T4201]  ? hci_remote_host_features_evt+0x280/0x280
[  343.202032][ T4201]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  343.207971][ T4201]  ? lockdep_hardirqs_on+0x94/0x140
[  343.213271][ T4201]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  343.218923][ T4201]  ? hci_event_packet+0x38a/0x1370
[  343.224052][ T4201]  hci_event_packet+0xe48/0x1370
[  343.229130][ T4201]  ? rcu_lock_release+0x20/0x20
[  343.234001][ T4201]  hci_rx_work+0x255/0xa10
[  343.238652][ T4201]  process_one_work+0x85f/0x1010
[  343.243730][ T4201]  ? worker_detach_from_pool+0x240/0x240
[  343.249392][ T4201]  ? lockdep_hardirqs_off+0x70/0x100
[  343.254697][ T4201]  ? _raw_spin_lock_irq+0xb7/0xf0
[  343.259875][ T4201]  ? _raw_spin_lock_irqsave+0x100/0x100
[  343.265901][ T4201]  ? wq_worker_running+0x97/0x170
[  343.270958][ T4201]  worker_thread+0xaa6/0x1290
[  343.275664][ T4201]  ? lockdep_hardirqs_on+0x94/0x140
[  343.280873][ T4201]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  343.286784][ T4201]  kthread+0x436/0x520
[  343.290895][ T4201]  ? rcu_lock_release+0x20/0x20
[  343.295781][ T4201]  ? kthread_blkcg+0xd0/0xd0
[  343.300568][ T4201]  ret_from_fork+0x1f/0x30
[  343.305238][ T4201]  </TASK>
[  343.411128][ T4201] kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  343.425086][ T4201] Bluetooth: hci2: failed to register connection device
[  343.646376][ T7227] MPTCP: kernel_bind error, err=-98
[  343.649373][ T4201] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0'
[  343.665582][ T4201] CPU: 1 PID: 4201 Comm: kworker/u5:7 Not tainted syzkaller #0
[  343.673163][ T4201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  343.683450][ T4201] Workqueue: hci2 hci_rx_work
[  343.688157][ T4201] Call Trace:
[  343.691628][ T4201]  <TASK>
[  343.694582][ T4201]  dump_stack_lvl+0x188/0x250
[  343.699289][ T4201]  ? show_regs_print_info+0x20/0x20
[  343.704752][ T4201]  ? load_image+0x400/0x400
[  343.709297][ T4201]  sysfs_create_dir_ns+0x26a/0x290
[  343.714461][ T4201]  ? sysfs_warn_dup+0xa0/0xa0
[  343.719153][ T4201]  ? process_one_work+0x85f/0x1010
[  343.724281][ T4201]  ? do_raw_spin_unlock+0x11d/0x230
[  343.729492][ T4201]  kobject_add_internal+0x6e0/0xd90
[  343.734711][ T4201]  kobject_add+0x160/0x230
[  343.739246][ T4201]  ? kobject_init+0x1d0/0x1d0
[  343.743949][ T4201]  ? klist_children_get+0x50/0x50
[  343.749122][ T4201]  ? get_device_parent+0x121/0x3f0
[  343.754251][ T4201]  device_add+0x483/0xfb0
[  343.758655][ T4201]  hci_conn_add_sysfs+0xd1/0x1e0
[  343.763729][ T4201]  le_conn_complete_evt+0xc48/0x15c0
[  343.769084][ T4201]  ? cs_le_create_conn+0x5e0/0x5e0
[  343.774255][ T4201]  ? __mutex_trylock_common+0x155/0x260
[  343.779841][ T4201]  hci_le_meta_evt+0xd59/0x3c90
[  343.784724][ T4201]  ? hci_event_packet+0x37b/0x1370
[  343.789871][ T4201]  ? __lock_acquire+0x7d10/0x7d10
[  343.794932][ T4201]  ? hci_remote_host_features_evt+0x280/0x280
[  343.801121][ T4201]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  343.807001][ T4201]  ? mark_lock+0x94/0x320
[  343.811462][ T4201]  ? mutex_unlock+0x10/0x10
[  343.816182][ T4201]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  343.822305][ T4201]  ? lock_chain_count+0x20/0x20
[  343.827189][ T4201]  ? __rwlock_init+0x140/0x140
[  343.831987][ T4201]  hci_event_packet+0xe48/0x1370
[  343.837163][ T4201]  ? lockdep_hardirqs_on+0x94/0x140
[  343.842408][ T4201]  ? rcu_lock_release+0x20/0x20
[  343.847553][ T4201]  ? hci_send_to_monitor+0x9c/0x4a0
[  343.852881][ T4201]  hci_rx_work+0x255/0xa10
[  343.857581][ T4201]  process_one_work+0x85f/0x1010
[  343.862668][ T4201]  ? worker_detach_from_pool+0x240/0x240
[  343.868341][ T4201]  ? lockdep_hardirqs_off+0x70/0x100
[  343.873664][ T4201]  ? _raw_spin_lock_irq+0xb7/0xf0
[  343.878722][ T4201]  ? _raw_spin_lock_irqsave+0x100/0x100
[  343.884284][ T4201]  ? wq_worker_running+0x97/0x170
[  343.889329][ T4201]  worker_thread+0xaa6/0x1290
[  343.894170][ T4201]  ? lockdep_hardirqs_on+0x94/0x140
[  343.899404][ T4201]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  343.905724][ T4201]  kthread+0x436/0x520
[  343.909836][ T4201]  ? rcu_lock_release+0x20/0x20
[  343.914959][ T4201]  ? kthread_blkcg+0xd0/0xd0
[  343.919569][ T4201]  ret_from_fork+0x1f/0x30
[  343.924021][ T4201]  </TASK>
[  343.930256][ T4201] kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  343.944071][ T4201] Bluetooth: hci2: failed to register connection device
[  344.686830][ T7241] netlink: set zone limit has 8 unknown bytes
[  345.500796][ T4276] Bluetooth: hci2: command 0x2016 tx timeout
[  346.888095][ T7267] MPTCP: kernel_bind error, err=-98
[  346.890351][ T4201] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci5/hci5:0'
[  346.906667][ T4201] CPU: 1 PID: 4201 Comm: kworker/u5:7 Not tainted syzkaller #0
[  346.914299][ T4201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  346.924378][ T4201] Workqueue: hci5 hci_rx_work
[  346.929096][ T4201] Call Trace:
[  346.932453][ T4201]  <TASK>
[  346.935396][ T4201]  dump_stack_lvl+0x188/0x250
[  346.940096][ T4201]  ? show_regs_print_info+0x20/0x20
[  346.945423][ T4201]  ? load_image+0x400/0x400
[  346.949960][ T4201]  sysfs_create_dir_ns+0x26a/0x290
[  346.955086][ T4201]  ? sysfs_warn_dup+0xa0/0xa0
[  346.959774][ T4201]  ? process_one_work+0x85f/0x1010
[  346.965084][ T4201]  ? do_raw_spin_unlock+0x11d/0x230
[  346.970311][ T4201]  kobject_add_internal+0x6e0/0xd90
[  346.975662][ T4201]  kobject_add+0x160/0x230
[  346.980226][ T4201]  ? kobject_init+0x1d0/0x1d0
[  346.985010][ T4201]  ? klist_children_get+0x50/0x50
[  346.990084][ T4201]  ? get_device_parent+0x121/0x3f0
[  346.995233][ T4201]  device_add+0x483/0xfb0
[  346.999604][ T4201]  hci_conn_add_sysfs+0xd1/0x1e0
[  347.004827][ T4201]  le_conn_complete_evt+0xc48/0x15c0
[  347.010244][ T4201]  ? cs_le_create_conn+0x5e0/0x5e0
[  347.015382][ T4201]  ? __mutex_trylock_common+0x155/0x260
[  347.021130][ T4201]  hci_le_meta_evt+0xd59/0x3c90
[  347.026109][ T4201]  ? hci_event_packet+0x37b/0x1370
[  347.031450][ T4201]  ? __lock_acquire+0x7d10/0x7d10
[  347.036619][ T4201]  ? hci_remote_host_features_evt+0x280/0x280
[  347.042893][ T4201]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  347.048602][ T4201]  ? mark_lock+0x94/0x320
[  347.052957][ T4201]  ? mutex_unlock+0x10/0x10
[  347.057476][ T4201]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  347.063646][ T4201]  ? lock_chain_count+0x20/0x20
[  347.068497][ T4201]  ? __rwlock_init+0x140/0x140
[  347.073362][ T4201]  hci_event_packet+0xe48/0x1370
[  347.078333][ T4201]  ? lockdep_hardirqs_on+0x94/0x140
[  347.083548][ T4201]  ? rcu_lock_release+0x20/0x20
[  347.088394][ T4201]  ? hci_send_to_monitor+0x9c/0x4a0
[  347.093590][ T4201]  hci_rx_work+0x255/0xa10
[  347.098020][ T4201]  process_one_work+0x85f/0x1010
[  347.102992][ T4201]  ? worker_detach_from_pool+0x240/0x240
[  347.108690][ T4201]  ? lockdep_hardirqs_off+0x70/0x100
[  347.114103][ T4201]  ? _raw_spin_lock_irq+0xb7/0xf0
[  347.119179][ T4201]  ? _raw_spin_lock_irqsave+0x100/0x100
[  347.124771][ T4201]  ? wq_worker_running+0x97/0x170
[  347.130104][ T4201]  worker_thread+0xaa6/0x1290
[  347.134792][ T4201]  ? lockdep_hardirqs_on+0x94/0x140
[  347.141246][ T4201]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  347.147252][ T4201]  kthread+0x436/0x520
[  347.151337][ T4201]  ? rcu_lock_release+0x20/0x20
[  347.156299][ T4201]  ? kthread_blkcg+0xd0/0xd0
[  347.161022][ T4201]  ret_from_fork+0x1f/0x30
[  347.165566][ T4201]  </TASK>
[  347.179941][ T4201] kobject_add_internal failed for hci5:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  347.193369][ T4201] Bluetooth: hci5: failed to register connection device
[  347.704732][ T4227] Bluetooth: hci2: command 0x2016 tx timeout
[  347.795897][ T7273] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  347.860411][ T7273] netlink: 'syz.0.831': attribute type 10 has an invalid length.
[  347.878668][ T7273] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  347.916800][ T7273] netlink: 12 bytes leftover after parsing attributes in process `syz.0.831'.
[  349.549976][ T4227] Bluetooth: hci5: command 0x2016 tx timeout
[  353.740674][ T4276] Bluetooth: hci0: command 0x2016 tx timeout
[  356.794731][ T7384] MPTCP: kernel_bind error, err=-98
[  356.798171][ T4200] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci5/hci5:0'
[  356.813986][ T4200] CPU: 1 PID: 4200 Comm: kworker/u5:6 Not tainted syzkaller #0
[  356.821932][ T4200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  356.832793][ T4200] Workqueue: hci5 hci_rx_work
[  356.838543][ T4200] Call Trace:
[  356.842727][ T4200]  <TASK>
[  356.845984][ T4200]  dump_stack_lvl+0x188/0x250
[  356.850787][ T4200]  ? show_regs_print_info+0x20/0x20
[  356.856414][ T4200]  ? load_image+0x400/0x400
[  356.863293][ T4200]  sysfs_create_dir_ns+0x26a/0x290
[  356.868797][ T4200]  ? sysfs_warn_dup+0xa0/0xa0
[  356.873597][ T4200]  ? process_one_work+0x85f/0x1010
[  356.878861][ T4200]  ? do_raw_spin_unlock+0x11d/0x230
[  356.884362][ T4200]  kobject_add_internal+0x6e0/0xd90
[  356.889598][ T4200]  kobject_add+0x160/0x230
[  356.894039][ T4200]  ? kobject_init+0x1d0/0x1d0
[  356.898899][ T4200]  ? klist_children_get+0x50/0x50
[  356.903934][ T4200]  ? get_device_parent+0x121/0x3f0
[  356.909225][ T4200]  device_add+0x483/0xfb0
[  356.913574][ T4200]  hci_conn_add_sysfs+0xd1/0x1e0
[  356.918697][ T4200]  le_conn_complete_evt+0xc48/0x15c0
[  356.924001][ T4200]  ? cs_le_create_conn+0x5e0/0x5e0
[  356.929126][ T4200]  ? preempt_schedule_common+0xa5/0xd0
[  356.935064][ T4200]  ? preempt_schedule+0xbc/0xd0
[  356.940105][ T4200]  ? schedule_preempt_disabled+0x20/0x20
[  356.945777][ T4200]  ? __mutex_trylock_common+0x155/0x260
[  356.951373][ T4200]  hci_le_meta_evt+0xd59/0x3c90
[  356.956390][ T4200]  ? hci_event_packet+0x37b/0x1370
[  356.961908][ T4200]  ? __lock_acquire+0x7d10/0x7d10
[  356.967234][ T4200]  ? hci_remote_host_features_evt+0x280/0x280
[  356.973508][ T4200]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  356.979214][ T4200]  ? mark_lock+0x94/0x320
[  356.983560][ T4200]  ? mutex_unlock+0x10/0x10
[  356.988085][ T4200]  ? mark_lock+0x94/0x320
[  356.992425][ T4200]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  356.998623][ T4200]  hci_event_packet+0xe48/0x1370
[  357.004000][ T4200]  ? rcu_lock_release+0x20/0x20
[  357.009722][ T4200]  hci_rx_work+0x255/0xa10
[  357.014631][ T4200]  process_one_work+0x85f/0x1010
[  357.019841][ T4200]  ? worker_detach_from_pool+0x240/0x240
[  357.026014][ T4200]  ? lockdep_hardirqs_off+0x70/0x100
[  357.031786][ T4200]  ? _raw_spin_lock_irq+0xb7/0xf0
[  357.037307][ T4200]  ? _raw_spin_lock_irqsave+0x100/0x100
[  357.042982][ T4200]  ? wq_worker_running+0x97/0x170
[  357.048341][ T4200]  worker_thread+0xaa6/0x1290
[  357.053168][ T4200]  kthread+0x436/0x520
[  357.057251][ T4200]  ? rcu_lock_release+0x20/0x20
[  357.062209][ T4200]  ? kthread_blkcg+0xd0/0xd0
[  357.067060][ T4200]  ret_from_fork+0x1f/0x30
[  357.071600][ T4200]  </TASK>
[  357.080603][ T4200] kobject_add_internal failed for hci5:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  357.101878][ T4200] Bluetooth: hci5: failed to register connection device
[  359.191162][   T13] Bluetooth: hci5: command 0x2016 tx timeout
[  359.204654][ T7418] netlink: set zone limit has 8 unknown bytes
[  361.081651][ T7434] overlayfs: missing 'workdir'
[  361.914950][ T7442] MPTCP: kernel_bind error, err=-98
[  361.952549][ T4201] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci5/hci5:0'
[  361.970202][ T4201] CPU: 1 PID: 4201 Comm: kworker/u5:7 Not tainted syzkaller #0
[  361.977883][ T4201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  361.988299][ T4201] Workqueue: hci5 hci_rx_work
[  361.993124][ T4201] Call Trace:
[  361.996742][ T4201]  <TASK>
[  361.999709][ T4201]  dump_stack_lvl+0x188/0x250
[  362.004648][ T4201]  ? lockdep_hardirqs_on+0x94/0x140
[  362.009890][ T4201]  ? show_regs_print_info+0x20/0x20
[  362.015743][ T4201]  ? dump_stack+0x5/0x20
[  362.020020][ T4201]  ? dump_stack_lvl+0x6/0x250
[  362.024793][ T4201]  sysfs_create_dir_ns+0x26a/0x290
[  362.030409][ T4201]  ? sysfs_warn_dup+0xa0/0xa0
[  362.035117][ T4201]  ? preempt_schedule_thunk+0x16/0x18
[  362.040609][ T4201]  kobject_add_internal+0x6e0/0xd90
[  362.045828][ T4201]  kobject_add+0x160/0x230
[  362.050334][ T4201]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  362.056166][ T4201]  ? kobject_init+0x1d0/0x1d0
[  362.060873][ T4201]  ? get_device_parent+0x121/0x3f0
[  362.065990][ T4201]  ? get_device_parent+0x3ca/0x3f0
[  362.071524][ T4201]  device_add+0x483/0xfb0
[  362.075908][ T4201]  hci_conn_add_sysfs+0xd1/0x1e0
[  362.080957][ T4201]  le_conn_complete_evt+0xc48/0x15c0
[  362.086270][ T4201]  ? lock_chain_count+0x20/0x20
[  362.091222][ T4201]  ? cs_le_create_conn+0x5e0/0x5e0
[  362.096340][ T4201]  ? lockdep_hardirqs_on+0x94/0x140
[  362.101550][ T4201]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  362.107226][ T4201]  hci_le_meta_evt+0xd59/0x3c90
[  362.112375][ T4201]  ? hci_event_packet+0x37b/0x1370
[  362.117707][ T4201]  ? __lock_acquire+0x7d10/0x7d10
[  362.123168][ T4201]  ? hci_remote_host_features_evt+0x280/0x280
[  362.129361][ T4201]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  362.135197][ T4201]  ? mark_lock+0x94/0x320
[  362.139547][ T4201]  ? mutex_unlock+0x10/0x10
[  362.144141][ T4201]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  362.150218][ T4201]  ? lock_chain_count+0x20/0x20
[  362.155255][ T4201]  ? __rwlock_init+0x140/0x140
[  362.160221][ T4201]  hci_event_packet+0xe48/0x1370
[  362.165374][ T4201]  ? lockdep_hardirqs_on+0x94/0x140
[  362.171047][ T4201]  ? rcu_lock_release+0x20/0x20
[  362.175949][ T4201]  ? hci_send_to_monitor+0x9c/0x4a0
[  362.181183][ T4201]  hci_rx_work+0x255/0xa10
[  362.185649][ T4201]  process_one_work+0x85f/0x1010
[  362.190800][ T4201]  ? worker_detach_from_pool+0x240/0x240
[  362.196530][ T4201]  ? lockdep_hardirqs_off+0x70/0x100
[  362.201918][ T4201]  ? _raw_spin_lock_irq+0xb7/0xf0
[  362.207043][ T4201]  ? _raw_spin_lock_irqsave+0x100/0x100
[  362.212604][ T4201]  ? wq_worker_running+0x97/0x170
[  362.217767][ T4201]  worker_thread+0xaa6/0x1290
[  362.222507][ T4201]  ? lockdep_hardirqs_on+0x94/0x140
[  362.227920][ T4201]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  362.233942][ T4201]  kthread+0x436/0x520
[  362.238077][ T4201]  ? rcu_lock_release+0x20/0x20
[  362.243580][ T4201]  ? kthread_blkcg+0xd0/0xd0
[  362.248199][ T4201]  ret_from_fork+0x1f/0x30
[  362.253303][ T4201]  </TASK>
[  362.262990][ T4201] kobject_add_internal failed for hci5:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  362.277124][ T4201] Bluetooth: hci5: failed to register connection device
[  364.712690][ T4187] Bluetooth: hci5: command 0x2016 tx timeout
[  365.866191][ T7477] netlink: set zone limit has 8 unknown bytes
[  366.583430][ T7485] netlink: 92 bytes leftover after parsing attributes in process `syz.2.892'.
[  369.391300][ T7529] netlink: set zone limit has 8 unknown bytes
[  370.119651][ T7535] netlink: 92 bytes leftover after parsing attributes in process `syz.4.908'.
[  372.428173][ T7566] tipc: Started in network mode
[  372.433986][ T7566] tipc: Node identity ff020000000000000000000000000001, cluster identity 4711
[  372.454620][ T7566] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  374.398037][ T7587] netlink: 92 bytes leftover after parsing attributes in process `syz.2.923'.
[  375.455085][ T7608] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  375.498563][ T7608] batman_adv: batadv0: Removing interface: batadv_slave_0
[  375.528276][ T7608] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  375.593383][ T7608] batman_adv: batadv0: Removing interface: batadv_slave_1
[  376.980733][ T7632] netlink: 92 bytes leftover after parsing attributes in process `syz.2.937'.
[  378.381665][ T7638] rdma_rxe: rxe_register_device failed with error -23
[  378.389837][ T7638] rdma_rxe: failed to add team_slave_0
[  379.191928][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  379.198328][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  380.290928][ T7668] overlayfs: missing 'lowerdir'
[  380.346391][ T7671] netlink: 92 bytes leftover after parsing attributes in process `syz.2.949'.
[  383.564312][ T7711] netlink: 92 bytes leftover after parsing attributes in process `syz.3.961'.
[  383.773831][ T7711] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  385.939999][ T7742] netlink: set zone limit has 8 unknown bytes
[  386.498575][ T7751] netlink: 92 bytes leftover after parsing attributes in process `syz.4.974'.
[  389.893559][ T7782] netlink: set zone limit has 8 unknown bytes
[  390.090045][ T7789] fuse: Bad value for 'fd'
[  390.302189][ T7798] netlink: 92 bytes leftover after parsing attributes in process `syz.4.988'.
[  395.271921][ T7843] netlink: 92 bytes leftover after parsing attributes in process `syz.5.1002'.
[  396.241747][ T7860] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1006'.
[  397.565593][ T7883] netlink: 92 bytes leftover after parsing attributes in process `syz.5.1014'.
[  400.828072][ T7914] netlink: 'syz.5.1021': attribute type 3 has an invalid length.
[  401.995582][ T7925] netlink: 92 bytes leftover after parsing attributes in process `syz.0.1025'.
[  402.083321][ T4201] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:0'
[  402.093732][ T4201] CPU: 0 PID: 4201 Comm: kworker/u5:7 Not tainted syzkaller #0
[  402.101485][ T4201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  402.111844][ T4201] Workqueue: hci4 hci_rx_work
[  402.116776][ T4201] Call Trace:
[  402.120089][ T4201]  <TASK>
[  402.123053][ T4201]  dump_stack_lvl+0x188/0x250
[  402.127851][ T4201]  ? show_regs_print_info+0x20/0x20
[  402.133167][ T4201]  ? load_image+0x400/0x400
[  402.137711][ T4201]  sysfs_create_dir_ns+0x26a/0x290
[  402.142850][ T4201]  ? sysfs_warn_dup+0xa0/0xa0
[  402.147546][ T4201]  ? process_one_work+0x85f/0x1010
[  402.152774][ T4201]  ? do_raw_spin_unlock+0x11d/0x230
[  402.158022][ T4201]  kobject_add_internal+0x6e0/0xd90
[  402.163348][ T4201]  kobject_add+0x160/0x230
[  402.167795][ T4201]  ? kobject_init+0x1d0/0x1d0
[  402.172540][ T4201]  ? klist_children_get+0x50/0x50
[  402.177954][ T4201]  ? get_device_parent+0x121/0x3f0
[  402.183136][ T4201]  device_add+0x483/0xfb0
[  402.187498][ T4201]  hci_conn_add_sysfs+0xd1/0x1e0
[  402.192540][ T4201]  le_conn_complete_evt+0xc48/0x15c0
[  402.197839][ T4201]  ? cs_le_create_conn+0x5e0/0x5e0
[  402.203162][ T4201]  ? __mutex_trylock_common+0x155/0x260
[  402.208716][ T4201]  hci_le_meta_evt+0xd59/0x3c90
[  402.213572][ T4201]  ? hci_event_packet+0x37b/0x1370
[  402.218736][ T4201]  ? __lock_acquire+0x7d10/0x7d10
[  402.223757][ T4201]  ? hci_remote_host_features_evt+0x280/0x280
[  402.229828][ T4201]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  402.235453][ T4201]  ? mark_lock+0x94/0x320
[  402.239956][ T4201]  ? mutex_unlock+0x10/0x10
[  402.244587][ T4201]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  402.250714][ T4201]  ? lock_chain_count+0x20/0x20
[  402.255566][ T4201]  ? __rwlock_init+0x140/0x140
[  402.260407][ T4201]  hci_event_packet+0xe48/0x1370
[  402.265508][ T4201]  ? lockdep_hardirqs_on+0x94/0x140
[  402.270702][ T4201]  ? rcu_lock_release+0x20/0x20
[  402.275576][ T4201]  ? hci_send_to_monitor+0x9c/0x4a0
[  402.280770][ T4201]  hci_rx_work+0x255/0xa10
[  402.285195][ T4201]  process_one_work+0x85f/0x1010
[  402.290325][ T4201]  ? worker_detach_from_pool+0x240/0x240
[  402.296211][ T4201]  ? lockdep_hardirqs_off+0x70/0x100
[  402.301582][ T4201]  ? _raw_spin_lock_irq+0xb7/0xf0
[  402.306605][ T4201]  ? _raw_spin_lock_irqsave+0x100/0x100
[  402.312362][ T4201]  ? wq_worker_running+0x97/0x170
[  402.317503][ T4201]  worker_thread+0xaa6/0x1290
[  402.322203][ T4201]  ? lockdep_hardirqs_on+0x94/0x140
[  402.327416][ T4201]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  402.333545][ T4201]  kthread+0x436/0x520
[  402.337736][ T4201]  ? rcu_lock_release+0x20/0x20
[  402.342714][ T4201]  ? kthread_blkcg+0xd0/0xd0
[  402.347299][ T4201]  ret_from_fork+0x1f/0x30
[  402.351766][ T4201]  </TASK>
[  402.555473][ T4201] kobject_add_internal failed for hci4:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  402.555653][ T4201] Bluetooth: hci4: failed to register connection device
[  403.460315][ T7940] 8021q: adding VLAN 0 to HW filter on device bond1
[  403.473094][ T7940] device wlan0 entered promiscuous mode
[  403.482066][ T7940] bond1: (slave wlan0): Enslaving as an active interface with an up link
[  403.493923][ T4293] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[  404.620928][   T13] Bluetooth: hci4: command 0x2016 tx timeout
[  405.320166][ T7960] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1034'.
[  408.887486][ T8007] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1043'.
[  411.133552][ T8030] MPTCP: kernel_bind error, err=-98
[  411.135377][ T4201] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:0'
[  411.220899][ T4201] CPU: 1 PID: 4201 Comm: kworker/u5:7 Not tainted syzkaller #0
[  411.229027][ T4201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  411.239497][ T4201] Workqueue: hci4 hci_rx_work
[  411.244274][ T4201] Call Trace:
[  411.247575][ T4201]  <TASK>
[  411.250521][ T4201]  dump_stack_lvl+0x188/0x250
[  411.255326][ T4201]  ? show_regs_print_info+0x20/0x20
[  411.260612][ T4201]  ? load_image+0x400/0x400
[  411.265200][ T4201]  sysfs_create_dir_ns+0x26a/0x290
[  411.270509][ T4201]  ? sysfs_warn_dup+0xa0/0xa0
[  411.275353][ T4201]  ? process_one_work+0x85f/0x1010
[  411.281052][ T4201]  ? do_raw_spin_unlock+0x11d/0x230
[  411.286379][ T4201]  kobject_add_internal+0x6e0/0xd90
[  411.292231][ T4201]  kobject_add+0x160/0x230
[  411.297658][ T4201]  ? kobject_init+0x1d0/0x1d0
[  411.302829][ T4201]  ? klist_children_get+0x50/0x50
[  411.307998][ T4201]  ? get_device_parent+0x121/0x3f0
[  411.313482][ T4201]  device_add+0x483/0xfb0
[  411.318079][ T4201]  hci_conn_add_sysfs+0xd1/0x1e0
[  411.323203][ T4201]  le_conn_complete_evt+0xc48/0x15c0
[  411.328528][ T4201]  ? cs_le_create_conn+0x5e0/0x5e0
[  411.334055][ T4201]  ? __mutex_trylock_common+0x155/0x260
[  411.340049][ T4201]  hci_le_meta_evt+0xd59/0x3c90
[  411.344928][ T4201]  ? hci_event_packet+0x37b/0x1370
[  411.350228][ T4201]  ? __lock_acquire+0x7d10/0x7d10
[  411.355589][ T4201]  ? hci_remote_host_features_evt+0x280/0x280
[  411.361883][ T4201]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  411.367614][ T4201]  ? mark_lock+0x94/0x320
[  411.371962][ T4201]  ? mutex_unlock+0x10/0x10
[  411.376767][ T4201]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  411.382850][ T4201]  ? lock_chain_count+0x20/0x20
[  411.388364][ T4201]  ? __rwlock_init+0x140/0x140
[  411.393487][ T4201]  hci_event_packet+0xe48/0x1370
[  411.398633][ T4201]  ? lockdep_hardirqs_on+0x94/0x140
[  411.403862][ T4201]  ? rcu_lock_release+0x20/0x20
[  411.408742][ T4201]  ? hci_send_to_monitor+0x9c/0x4a0
[  411.413966][ T4201]  hci_rx_work+0x255/0xa10
[  411.418410][ T4201]  process_one_work+0x85f/0x1010
[  411.423606][ T4201]  ? worker_detach_from_pool+0x240/0x240
[  411.429226][ T4201]  ? lockdep_hardirqs_off+0x70/0x100
[  411.434892][ T4201]  ? _raw_spin_lock_irq+0xb7/0xf0
[  411.440467][ T4201]  ? _raw_spin_lock_irqsave+0x100/0x100
[  411.446177][ T4201]  ? wq_worker_running+0x97/0x170
[  411.451203][ T4201]  worker_thread+0xaa6/0x1290
[  411.456086][ T4201]  ? lockdep_hardirqs_on+0x94/0x140
[  411.461663][ T4201]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  411.467770][ T4201]  kthread+0x436/0x520
[  411.472111][ T4201]  ? rcu_lock_release+0x20/0x20
[  411.477320][ T4201]  ? kthread_blkcg+0xd0/0xd0
[  411.482241][ T4201]  ret_from_fork+0x1f/0x30
[  411.487046][ T4201]  </TASK>
[  411.494902][ T4201] kobject_add_internal failed for hci4:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  411.510804][ T4201] Bluetooth: hci4: failed to register connection device
[  413.580850][ T7699] Bluetooth: hci4: command 0x2016 tx timeout
[  416.942311][ T8082] netlink: 'syz.0.1066': attribute type 3 has an invalid length.
[  421.537216][ T8124] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1079'.
[  425.678054][ T8164] MPTCP: kernel_bind error, err=-98
[  425.680771][ T4201] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:0'
[  425.697059][ T4201] CPU: 1 PID: 4201 Comm: kworker/u5:7 Not tainted syzkaller #0
[  425.704738][ T4201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  425.715087][ T4201] Workqueue: hci4 hci_rx_work
[  425.719895][ T4201] Call Trace:
[  425.723266][ T4201]  <TASK>
[  425.726291][ T4201]  dump_stack_lvl+0x188/0x250
[  425.731162][ T4201]  ? show_regs_print_info+0x20/0x20
[  425.736382][ T4201]  ? load_image+0x400/0x400
[  425.741113][ T4201]  sysfs_create_dir_ns+0x26a/0x290
[  425.746241][ T4201]  ? sysfs_warn_dup+0xa0/0xa0
[  425.751007][ T4201]  ? process_one_work+0x85f/0x1010
[  425.756237][ T4201]  ? do_raw_spin_unlock+0x11d/0x230
[  425.761481][ T4201]  kobject_add_internal+0x6e0/0xd90
[  425.767097][ T4201]  kobject_add+0x160/0x230
[  425.771626][ T4201]  ? kobject_init+0x1d0/0x1d0
[  425.776320][ T4201]  ? klist_children_get+0x50/0x50
[  425.781589][ T4201]  ? get_device_parent+0x121/0x3f0
[  425.786996][ T4201]  device_add+0x483/0xfb0
[  425.791604][ T4201]  hci_conn_add_sysfs+0xd1/0x1e0
[  425.796567][ T4201]  le_conn_complete_evt+0xc48/0x15c0
[  425.802013][ T4201]  ? cs_le_create_conn+0x5e0/0x5e0
[  425.807248][ T4201]  ? __mutex_trylock_common+0x155/0x260
[  425.812931][ T4201]  hci_le_meta_evt+0xd59/0x3c90
[  425.817975][ T4201]  ? hci_event_packet+0x37b/0x1370
[  425.823391][ T4201]  ? __lock_acquire+0x7d10/0x7d10
[  425.828860][ T4201]  ? hci_remote_host_features_evt+0x280/0x280
[  425.835259][ T4201]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  425.841454][ T4201]  ? mark_lock+0x94/0x320
[  425.846159][ T4201]  ? mutex_unlock+0x10/0x10
[  425.851572][ T4201]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  425.857978][ T4201]  ? lock_chain_count+0x20/0x20
[  425.863479][ T4201]  ? __rwlock_init+0x140/0x140
[  425.868369][ T4201]  hci_event_packet+0xe48/0x1370
[  425.873599][ T4201]  ? lockdep_hardirqs_on+0x94/0x140
[  425.879043][ T4201]  ? rcu_lock_release+0x20/0x20
[  425.884124][ T4201]  ? hci_send_to_monitor+0x9c/0x4a0
[  425.889943][ T4201]  hci_rx_work+0x255/0xa10
[  425.894680][ T4201]  process_one_work+0x85f/0x1010
[  425.900058][ T4201]  ? worker_detach_from_pool+0x240/0x240
[  425.905822][ T4201]  ? lockdep_hardirqs_off+0x70/0x100
[  425.911251][ T4201]  ? _raw_spin_lock_irq+0xb7/0xf0
[  425.916309][ T4201]  ? _raw_spin_lock_irqsave+0x100/0x100
[  425.921899][ T4201]  ? wq_worker_running+0x97/0x170
[  425.927051][ T4201]  worker_thread+0xaa6/0x1290
[  425.931810][ T4201]  ? lockdep_hardirqs_on+0x94/0x140
[  425.937050][ T4201]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  425.943077][ T4201]  kthread+0x436/0x520
[  425.947257][ T4201]  ? rcu_lock_release+0x20/0x20
[  425.952225][ T4201]  ? kthread_blkcg+0xd0/0xd0
[  425.956851][ T4201]  ret_from_fork+0x1f/0x30
[  425.961414][ T4201]  </TASK>
[  426.037653][ T4201] kobject_add_internal failed for hci4:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  426.051493][ T4201] Bluetooth: hci4: failed to register connection device
[  426.157483][ T8174] fuse: Unknown parameter '00000000000000000000'
[  426.294580][ T8180] fuse: Bad value for 'fd'
[  427.553405][ T8201] netlink: 'syz.0.1107': attribute type 12 has an invalid length.
[  428.060581][ T4487] Bluetooth: hci4: command 0x2016 tx timeout
[  428.181247][ T8207] fuse: Bad value for 'fd'
[  428.867072][ T8211] MPTCP: kernel_bind error, err=-98
[  428.881289][ T4201] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0'
[  428.897497][ T4201] CPU: 0 PID: 4201 Comm: kworker/u5:7 Not tainted syzkaller #0
[  428.905312][ T4201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  428.915971][ T4201] Workqueue: hci3 hci_rx_work
[  428.920687][ T4201] Call Trace:
[  428.924065][ T4201]  <TASK>
[  428.927079][ T4201]  dump_stack_lvl+0x188/0x250
[  428.932115][ T4201]  ? show_regs_print_info+0x20/0x20
[  428.937520][ T4201]  ? load_image+0x400/0x400
[  428.942282][ T4201]  sysfs_create_dir_ns+0x26a/0x290
[  428.947552][ T4201]  ? sysfs_warn_dup+0xa0/0xa0
[  428.952538][ T4201]  ? process_one_work+0x85f/0x1010
[  428.958074][ T4201]  ? do_raw_spin_unlock+0x11d/0x230
[  428.963483][ T4201]  kobject_add_internal+0x6e0/0xd90
[  428.968728][ T4201]  kobject_add+0x160/0x230
[  428.973195][ T4201]  ? kobject_init+0x1d0/0x1d0
[  428.977914][ T4201]  ? klist_children_get+0x50/0x50
[  428.982980][ T4201]  ? get_device_parent+0x121/0x3f0
[  428.988130][ T4201]  device_add+0x483/0xfb0
[  428.992506][ T4201]  hci_conn_add_sysfs+0xd1/0x1e0
[  428.997571][ T4201]  le_conn_complete_evt+0xc48/0x15c0
[  429.003082][ T4201]  ? cs_le_create_conn+0x5e0/0x5e0
[  429.008949][ T4201]  ? __mutex_trylock_common+0x155/0x260
[  429.014676][ T4201]  hci_le_meta_evt+0xd59/0x3c90
[  429.019667][ T4201]  ? hci_event_packet+0x37b/0x1370
[  429.025034][ T4201]  ? __lock_acquire+0x7d10/0x7d10
[  429.030115][ T4201]  ? hci_remote_host_features_evt+0x280/0x280
[  429.036316][ T4201]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  429.041993][ T4201]  ? mark_lock+0x94/0x320
[  429.046591][ T4201]  ? mutex_unlock+0x10/0x10
[  429.051302][ T4201]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  429.057692][ T4201]  ? lock_chain_count+0x20/0x20
[  429.062717][ T4201]  ? __rwlock_init+0x140/0x140
[  429.067549][ T4201]  hci_event_packet+0xe48/0x1370
[  429.072517][ T4201]  ? lockdep_hardirqs_on+0x94/0x140
[  429.077838][ T4201]  ? rcu_lock_release+0x20/0x20
[  429.083001][ T4201]  ? hci_send_to_monitor+0x9c/0x4a0
[  429.088229][ T4201]  hci_rx_work+0x255/0xa10
[  429.092722][ T4201]  process_one_work+0x85f/0x1010
[  429.097751][ T4201]  ? worker_detach_from_pool+0x240/0x240
[  429.103590][ T4201]  ? lockdep_hardirqs_off+0x70/0x100
[  429.108912][ T4201]  ? _raw_spin_lock_irq+0xb7/0xf0
[  429.114239][ T4201]  ? _raw_spin_lock_irqsave+0x100/0x100
[  429.120003][ T4201]  ? wq_worker_running+0x97/0x170
[  429.125070][ T4201]  worker_thread+0xaa6/0x1290
[  429.130144][ T4201]  ? lockdep_hardirqs_on+0x94/0x140
[  429.135797][ T4201]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  429.141728][ T4201]  kthread+0x436/0x520
[  429.145825][ T4201]  ? rcu_lock_release+0x20/0x20
[  429.150742][ T4201]  ? kthread_blkcg+0xd0/0xd0
[  429.155352][ T4201]  ret_from_fork+0x1f/0x30
[  429.159820][ T4201]  </TASK>
[  429.168065][ T4201] kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  429.182180][ T4201] Bluetooth: hci3: failed to register connection device
[  429.852767][ T8232] netlink: 'syz.2.1116': attribute type 2 has an invalid length.
[  431.261011][ T4278] Bluetooth: hci3: command 0x2016 tx timeout
[  431.765173][ T8260] MPTCP: kernel_bind error, err=-98
[  431.791175][ T4200] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0'
[  431.806588][ T4200] CPU: 1 PID: 4200 Comm: kworker/u5:6 Not tainted syzkaller #0
[  431.814353][ T4200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  431.824824][ T4200] Workqueue: hci2 hci_rx_work
[  431.829630][ T4200] Call Trace:
[  431.833087][ T4200]  <TASK>
[  431.836024][ T4200]  dump_stack_lvl+0x188/0x250
[  431.840708][ T4200]  ? show_regs_print_info+0x20/0x20
[  431.845928][ T4200]  ? load_image+0x400/0x400
[  431.850471][ T4200]  sysfs_create_dir_ns+0x26a/0x290
[  431.855596][ T4200]  ? sysfs_warn_dup+0xa0/0xa0
[  431.860285][ T4200]  ? process_one_work+0x85f/0x1010
[  431.865449][ T4200]  ? do_raw_spin_unlock+0x11d/0x230
[  431.870693][ T4200]  kobject_add_internal+0x6e0/0xd90
[  431.875943][ T4200]  kobject_add+0x160/0x230
[  431.880418][ T4200]  ? kobject_init+0x1d0/0x1d0
[  431.885200][ T4200]  ? klist_children_get+0x50/0x50
[  431.890439][ T4200]  ? get_device_parent+0x121/0x3f0
[  431.895554][ T4200]  device_add+0x483/0xfb0
[  431.899907][ T4200]  hci_conn_add_sysfs+0xd1/0x1e0
[  431.904863][ T4200]  le_conn_complete_evt+0xc48/0x15c0
[  431.910260][ T4200]  ? cs_le_create_conn+0x5e0/0x5e0
[  431.915391][ T4200]  ? __mutex_trylock_common+0x155/0x260
[  431.921132][ T4200]  hci_le_meta_evt+0xd59/0x3c90
[  431.926785][ T4200]  ? hci_event_packet+0x37b/0x1370
[  431.932058][ T4200]  ? __lock_acquire+0x7d10/0x7d10
[  431.937189][ T4200]  ? hci_remote_host_features_evt+0x280/0x280
[  431.943284][ T4200]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  431.949003][ T4200]  ? mark_lock+0x94/0x320
[  431.953369][ T4200]  ? mutex_unlock+0x10/0x10
[  431.957914][ T4200]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  431.964006][ T4200]  ? lock_chain_count+0x20/0x20
[  431.968901][ T4200]  ? __rwlock_init+0x140/0x140
[  431.973706][ T4200]  hci_event_packet+0xe48/0x1370
[  431.978766][ T4200]  ? lockdep_hardirqs_on+0x94/0x140
[  431.984103][ T4200]  ? rcu_lock_release+0x20/0x20
[  431.989081][ T4200]  ? hci_send_to_monitor+0x9c/0x4a0
[  431.994334][ T4200]  hci_rx_work+0x255/0xa10
[  431.998974][ T4200]  process_one_work+0x85f/0x1010
[  432.004103][ T4200]  ? worker_detach_from_pool+0x240/0x240
[  432.009864][ T4200]  ? lockdep_hardirqs_off+0x70/0x100
[  432.015274][ T4200]  ? _raw_spin_lock_irq+0xb7/0xf0
[  432.020339][ T4200]  ? _raw_spin_lock_irqsave+0x100/0x100
[  432.025948][ T4200]  ? wq_worker_running+0x97/0x170
[  432.031092][ T4200]  worker_thread+0xaa6/0x1290
[  432.036036][ T4200]  kthread+0x436/0x520
[  432.040122][ T4200]  ? rcu_lock_release+0x20/0x20
[  432.045034][ T4200]  ? kthread_blkcg+0xd0/0xd0
[  432.049646][ T4200]  ret_from_fork+0x1f/0x30
[  432.054093][ T4200]  </TASK>
[  432.080997][ T4200] kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  432.094831][ T4200] Bluetooth: hci2: failed to register connection device
[  434.392310][ T4278] Bluetooth: hci2: command 0x2016 tx timeout
[  436.272266][ T8309] MPTCP: kernel_bind error, err=-98
[  436.274552][ T4200] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0'
[  436.291513][ T4200] CPU: 1 PID: 4200 Comm: kworker/u5:6 Not tainted syzkaller #0
[  436.299755][ T4200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  436.309942][ T4200] Workqueue: hci3 hci_rx_work
[  436.314747][ T4200] Call Trace:
[  436.318335][ T4200]  <TASK>
[  436.321291][ T4200]  dump_stack_lvl+0x188/0x250
[  436.326083][ T4200]  ? show_regs_print_info+0x20/0x20
[  436.331647][ T4200]  ? load_image+0x400/0x400
[  436.336436][ T4200]  sysfs_create_dir_ns+0x26a/0x290
[  436.341882][ T4200]  ? sysfs_warn_dup+0xa0/0xa0
[  436.346644][ T4200]  ? process_one_work+0x85f/0x1010
[  436.352411][ T4200]  ? do_raw_spin_unlock+0x11d/0x230
[  436.358987][ T4200]  kobject_add_internal+0x6e0/0xd90
[  436.364590][ T4200]  kobject_add+0x160/0x230
[  436.369300][ T4200]  ? kobject_init+0x1d0/0x1d0
[  436.374262][ T4200]  ? klist_children_get+0x50/0x50
[  436.379518][ T4200]  ? get_device_parent+0x121/0x3f0
[  436.384678][ T4200]  device_add+0x483/0xfb0
[  436.389198][ T4200]  hci_conn_add_sysfs+0xd1/0x1e0
[  436.394322][ T4200]  le_conn_complete_evt+0xc48/0x15c0
[  436.399664][ T4200]  ? cs_le_create_conn+0x5e0/0x5e0
[  436.404826][ T4200]  ? __mutex_trylock_common+0x155/0x260
[  436.410408][ T4200]  hci_le_meta_evt+0xd59/0x3c90
[  436.415360][ T4200]  ? hci_event_packet+0x37b/0x1370
[  436.420665][ T4200]  ? __lock_acquire+0x7d10/0x7d10
[  436.425717][ T4200]  ? hci_remote_host_features_evt+0x280/0x280
[  436.432243][ T4200]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  436.438015][ T4200]  ? mark_lock+0x94/0x320
[  436.442545][ T4200]  ? mutex_unlock+0x10/0x10
[  436.447076][ T4200]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  436.453155][ T4200]  ? lock_chain_count+0x20/0x20
[  436.458023][ T4200]  ? __rwlock_init+0x140/0x140
[  436.462799][ T4200]  hci_event_packet+0xe48/0x1370
[  436.467741][ T4200]  ? lockdep_hardirqs_on+0x94/0x140
[  436.472960][ T4200]  ? rcu_lock_release+0x20/0x20
[  436.477822][ T4200]  ? hci_send_to_monitor+0x9c/0x4a0
[  436.483041][ T4200]  hci_rx_work+0x255/0xa10
[  436.487490][ T4200]  process_one_work+0x85f/0x1010
[  436.492550][ T4200]  ? worker_detach_from_pool+0x240/0x240
[  436.498293][ T4200]  ? lockdep_hardirqs_off+0x70/0x100
[  436.503604][ T4200]  ? _raw_spin_lock_irq+0xb7/0xf0
[  436.508900][ T4200]  ? _raw_spin_lock_irqsave+0x100/0x100
[  436.514731][ T4200]  ? wq_worker_running+0x97/0x170
[  436.519782][ T4200]  worker_thread+0xaa6/0x1290
[  436.524506][ T4200]  kthread+0x436/0x520
[  436.528581][ T4200]  ? rcu_lock_release+0x20/0x20
[  436.533442][ T4200]  ? kthread_blkcg+0xd0/0xd0
[  436.538036][ T4200]  ret_from_fork+0x1f/0x30
[  436.542561][ T4200]  </TASK>
[  436.602745][ T4200] kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  436.618361][ T4200] Bluetooth: hci3: failed to register connection device
[  438.700688][ T4487] Bluetooth: hci3: command 0x2016 tx timeout
[  440.249692][ T8356] MPTCP: kernel_bind error, err=-98
[  440.256909][ T4200] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci5/hci5:0'
[  440.272422][ T4200] CPU: 1 PID: 4200 Comm: kworker/u5:6 Not tainted syzkaller #0
[  440.280110][ T4200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  440.290641][ T4200] Workqueue: hci5 hci_rx_work
[  440.295452][ T4200] Call Trace:
[  440.298909][ T4200]  <TASK>
[  440.301925][ T4200]  dump_stack_lvl+0x188/0x250
[  440.306696][ T4200]  ? show_regs_print_info+0x20/0x20
[  440.312089][ T4200]  ? load_image+0x400/0x400
[  440.317059][ T4200]  sysfs_create_dir_ns+0x26a/0x290
[  440.322275][ T4200]  ? sysfs_warn_dup+0xa0/0xa0
[  440.327081][ T4200]  ? process_one_work+0x85f/0x1010
[  440.332228][ T4200]  ? do_raw_spin_unlock+0x11d/0x230
[  440.337520][ T4200]  kobject_add_internal+0x6e0/0xd90
[  440.342998][ T4200]  kobject_add+0x160/0x230
[  440.347645][ T4200]  ? kobject_init+0x1d0/0x1d0
[  440.352517][ T4200]  ? klist_children_get+0x50/0x50
[  440.357546][ T4200]  ? get_device_parent+0x121/0x3f0
[  440.362909][ T4200]  device_add+0x483/0xfb0
[  440.367385][ T4200]  hci_conn_add_sysfs+0xd1/0x1e0
[  440.372337][ T4200]  le_conn_complete_evt+0xc48/0x15c0
[  440.377643][ T4200]  ? cs_le_create_conn+0x5e0/0x5e0
[  440.382872][ T4200]  ? __mutex_trylock_common+0x155/0x260
[  440.388423][ T4200]  hci_le_meta_evt+0xd59/0x3c90
[  440.393495][ T4200]  ? hci_event_packet+0x37b/0x1370
[  440.398641][ T4200]  ? __lock_acquire+0x7d10/0x7d10
[  440.403764][ T4200]  ? hci_remote_host_features_evt+0x280/0x280
[  440.410286][ T4200]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  440.416494][ T4200]  ? mark_lock+0x94/0x320
[  440.420832][ T4200]  ? mutex_unlock+0x10/0x10
[  440.425342][ T4200]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  440.431341][ T4200]  ? lock_chain_count+0x20/0x20
[  440.436328][ T4200]  ? __rwlock_init+0x140/0x140
[  440.441182][ T4200]  hci_event_packet+0xe48/0x1370
[  440.446217][ T4200]  ? lockdep_hardirqs_on+0x94/0x140
[  440.451606][ T4200]  ? rcu_lock_release+0x20/0x20
[  440.456642][ T4200]  ? hci_send_to_monitor+0x9c/0x4a0
[  440.461942][ T4200]  hci_rx_work+0x255/0xa10
[  440.463986][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  440.466486][ T4200]  process_one_work+0x85f/0x1010
[  440.472843][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  440.477762][ T4200]  ? worker_detach_from_pool+0x240/0x240
[  440.477796][ T4200]  ? lockdep_hardirqs_off+0x70/0x100
[  440.477819][ T4200]  ? _raw_spin_lock_irq+0xb7/0xf0
[  440.477834][ T4200]  ? _raw_spin_lock_irqsave+0x100/0x100
[  440.477851][ T4200]  ? wq_worker_running+0x97/0x170
[  440.511350][ T4200]  worker_thread+0xaa6/0x1290
[  440.516060][ T4200]  kthread+0x436/0x520
[  440.520137][ T4200]  ? rcu_lock_release+0x20/0x20
[  440.524999][ T4200]  ? kthread_blkcg+0xd0/0xd0
[  440.529615][ T4200]  ret_from_fork+0x1f/0x30
[  440.534148][ T4200]  </TASK>
[  440.539749][ T4200] kobject_add_internal failed for hci5:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  440.557872][ T4200] Bluetooth: hci5: failed to register connection device
[  441.988954][ T8381] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1163'.
[  442.722195][ T4487] Bluetooth: hci5: command 0x2016 tx timeout
[  442.874334][ T8381] syz.0.1163 (8381) used greatest stack depth: 20944 bytes left
[  444.996980][ T8411] netlink: set zone limit has 8 unknown bytes
[  447.620157][ T8444] netlink: 92 bytes leftover after parsing attributes in process `syz.4.1182'.
[  452.167085][ T8485] netlink: 92 bytes leftover after parsing attributes in process `syz.4.1195'.
[  452.384722][ T8487] xt_hashlimit: size too large, truncated to 1048576
[  455.040396][ T8515] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1204'.
[  455.205127][ T8521] netlink: 92 bytes leftover after parsing attributes in process `syz.0.1206'.
[  455.917498][ T8532] MPTCP: kernel_bind error, err=-98
[  455.928560][ T4200] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0'
[  455.944671][ T4200] CPU: 1 PID: 4200 Comm: kworker/u5:6 Not tainted syzkaller #0
[  455.952322][ T4200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  455.962760][ T4200] Workqueue: hci2 hci_rx_work
[  455.967657][ T4200] Call Trace:
[  455.970970][ T4200]  <TASK>
[  455.974084][ T4200]  dump_stack_lvl+0x188/0x250
[  455.978784][ T4200]  ? show_regs_print_info+0x20/0x20
[  455.984023][ T4200]  ? load_image+0x400/0x400
[  455.988572][ T4200]  sysfs_create_dir_ns+0x26a/0x290
[  455.993729][ T4200]  ? sysfs_warn_dup+0xa0/0xa0
[  455.998754][ T4200]  ? process_one_work+0x85f/0x1010
[  456.004027][ T4200]  ? do_raw_spin_unlock+0x11d/0x230
[  456.009269][ T4200]  kobject_add_internal+0x6e0/0xd90
[  456.014590][ T4200]  kobject_add+0x160/0x230
[  456.019033][ T4200]  ? kobject_init+0x1d0/0x1d0
[  456.023733][ T4200]  ? klist_children_get+0x50/0x50
[  456.028785][ T4200]  ? get_device_parent+0x121/0x3f0
[  456.033924][ T4200]  device_add+0x483/0xfb0
[  456.038291][ T4200]  hci_conn_add_sysfs+0xd1/0x1e0
[  456.043350][ T4200]  le_conn_complete_evt+0xc48/0x15c0
[  456.048764][ T4200]  ? __switch_to_asm+0x34/0x60
[  456.053720][ T4200]  ? cs_le_create_conn+0x5e0/0x5e0
[  456.058870][ T4200]  hci_le_meta_evt+0xd59/0x3c90
[  456.063746][ T4200]  ? mark_lock+0x94/0x320
[  456.068122][ T4200]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  456.074150][ T4200]  ? lock_chain_count+0x20/0x20
[  456.079116][ T4200]  ? hci_remote_host_features_evt+0x280/0x280
[  456.085303][ T4200]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  456.090970][ T4200]  ? lockdep_hardirqs_on+0x94/0x140
[  456.096193][ T4200]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  456.101843][ T4200]  ? hci_event_packet+0x38a/0x1370
[  456.107062][ T4200]  hci_event_packet+0xe48/0x1370
[  456.112035][ T4200]  ? rcu_lock_release+0x20/0x20
[  456.117041][ T4200]  ? hci_send_to_monitor+0x9c/0x4a0
[  456.122697][ T4200]  hci_rx_work+0x255/0xa10
[  456.127166][ T4200]  process_one_work+0x85f/0x1010
[  456.132151][ T4200]  ? worker_detach_from_pool+0x240/0x240
[  456.137804][ T4200]  ? lockdep_hardirqs_off+0x70/0x100
[  456.143565][ T4200]  ? _raw_spin_lock_irq+0xb7/0xf0
[  456.148820][ T4200]  ? _raw_spin_lock_irqsave+0x100/0x100
[  456.154789][ T4200]  ? wq_worker_running+0x97/0x170
[  456.160002][ T4200]  worker_thread+0xaa6/0x1290
[  456.165068][ T4200]  kthread+0x436/0x520
[  456.169243][ T4200]  ? rcu_lock_release+0x20/0x20
[  456.174433][ T4200]  ? kthread_blkcg+0xd0/0xd0
[  456.179144][ T4200]  ret_from_fork+0x1f/0x30
[  456.183684][ T4200]  </TASK>
[  456.239868][ T4200] kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  456.344279][ T4200] Bluetooth: hci2: failed to register connection device
[  457.977741][ T8556] netlink: 92 bytes leftover after parsing attributes in process `syz.5.1217'.
[  458.410745][ T4276] Bluetooth: hci2: command 0x2016 tx timeout
[  459.522394][ T8580] MPTCP: kernel_bind error, err=-98
[  459.530858][ T4200] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0'
[  459.597714][ T4200] CPU: 0 PID: 4200 Comm: kworker/u5:6 Not tainted syzkaller #0
[  459.605293][ T4200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  459.615468][ T4200] Workqueue: hci2 hci_rx_work
[  459.620275][ T4200] Call Trace:
[  459.623650][ T4200]  <TASK>
[  459.626593][ T4200]  dump_stack_lvl+0x188/0x250
[  459.631289][ T4200]  ? show_regs_print_info+0x20/0x20
[  459.636499][ T4200]  ? load_image+0x400/0x400
[  459.641016][ T4200]  sysfs_create_dir_ns+0x26a/0x290
[  459.646161][ T4200]  ? sysfs_warn_dup+0xa0/0xa0
[  459.650926][ T4200]  ? process_one_work+0x85f/0x1010
[  459.656132][ T4200]  ? do_raw_spin_unlock+0x11d/0x230
[  459.661506][ T4200]  kobject_add_internal+0x6e0/0xd90
[  459.667326][ T4200]  kobject_add+0x160/0x230
[  459.671746][ T4200]  ? kobject_init+0x1d0/0x1d0
[  459.676444][ T4200]  ? klist_children_get+0x50/0x50
[  459.681531][ T4200]  ? get_device_parent+0x121/0x3f0
[  459.687277][ T4200]  device_add+0x483/0xfb0
[  459.691619][ T4200]  hci_conn_add_sysfs+0xd1/0x1e0
[  459.696657][ T4200]  le_conn_complete_evt+0xc48/0x15c0
[  459.701984][ T4200]  ? cs_le_create_conn+0x5e0/0x5e0
[  459.707368][ T4200]  ? __mutex_trylock_common+0x155/0x260
[  459.713098][ T4200]  hci_le_meta_evt+0xd59/0x3c90
[  459.718101][ T4200]  ? hci_event_packet+0x37b/0x1370
[  459.723443][ T4200]  ? __lock_acquire+0x7d10/0x7d10
[  459.728654][ T4200]  ? hci_remote_host_features_evt+0x280/0x280
[  459.734950][ T4200]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  459.740614][ T4200]  ? mark_lock+0x94/0x320
[  459.745341][ T4200]  ? mutex_unlock+0x10/0x10
[  459.750628][ T4200]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  459.757100][ T4200]  ? lock_chain_count+0x20/0x20
[  459.762082][ T4200]  ? __rwlock_init+0x140/0x140
[  459.767151][ T4200]  hci_event_packet+0xe48/0x1370
[  459.772120][ T4200]  ? lockdep_hardirqs_on+0x94/0x140
[  459.777439][ T4200]  ? rcu_lock_release+0x20/0x20
[  459.782309][ T4200]  ? hci_send_to_monitor+0x9c/0x4a0
[  459.787513][ T4200]  hci_rx_work+0x255/0xa10
[  459.792058][ T4200]  process_one_work+0x85f/0x1010
[  459.797294][ T4200]  ? worker_detach_from_pool+0x240/0x240
[  459.803061][ T4200]  ? lockdep_hardirqs_off+0x70/0x100
[  459.808643][ T4200]  ? _raw_spin_lock_irq+0xb7/0xf0
[  459.813793][ T4200]  ? _raw_spin_lock_irqsave+0x100/0x100
[  459.819347][ T4200]  ? wq_worker_running+0x97/0x170
[  459.824378][ T4200]  worker_thread+0xaa6/0x1290
[  459.829108][ T4200]  kthread+0x436/0x520
[  459.833296][ T4200]  ? rcu_lock_release+0x20/0x20
[  459.838162][ T4200]  ? kthread_blkcg+0xd0/0xd0
[  459.842786][ T4200]  ret_from_fork+0x1f/0x30
[  459.847435][ T4200]  </TASK>
[  459.927187][ T4200] kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  459.940880][ T4200] Bluetooth: hci2: failed to register connection device
[  460.476321][ T8597] netlink: 92 bytes leftover after parsing attributes in process `syz.0.1230'.
[  461.445570][ T8613] autofs4:pid:8613:autofs_fill_super: called with bogus options
[  461.991023][ T4278] Bluetooth: hci2: command 0x2016 tx timeout
[  463.280990][ T8629] MPTCP: kernel_bind error, err=-98
[  463.290295][ T4200] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0'
[  463.308845][ T4200] CPU: 0 PID: 4200 Comm: kworker/u5:6 Not tainted syzkaller #0
[  463.316549][ T4200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  463.326639][ T4200] Workqueue: hci0 hci_rx_work
[  463.331572][ T4200] Call Trace:
[  463.334898][ T4200]  <TASK>
[  463.337836][ T4200]  dump_stack_lvl+0x188/0x250
[  463.342548][ T4200]  ? show_regs_print_info+0x20/0x20
[  463.347870][ T4200]  ? load_image+0x400/0x400
[  463.352387][ T4200]  sysfs_create_dir_ns+0x26a/0x290
[  463.357508][ T4200]  ? sysfs_warn_dup+0xa0/0xa0
[  463.362205][ T4200]  ? preempt_schedule_thunk+0x16/0x18
[  463.367623][ T4200]  kobject_add_internal+0x6e0/0xd90
[  463.372933][ T4200]  kobject_add+0x160/0x230
[  463.377358][ T4200]  ? kobject_init+0x1d0/0x1d0
[  463.382084][ T4200]  ? klist_children_get+0x50/0x50
[  463.387155][ T4200]  ? get_device_parent+0x121/0x3f0
[  463.392369][ T4200]  device_add+0x483/0xfb0
[  463.396727][ T4200]  hci_conn_add_sysfs+0xd1/0x1e0
[  463.401686][ T4200]  le_conn_complete_evt+0xc48/0x15c0
[  463.407024][ T4200]  ? cs_le_create_conn+0x5e0/0x5e0
[  463.412299][ T4200]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  463.418089][ T4200]  hci_le_meta_evt+0xd59/0x3c90
[  463.423092][ T4200]  ? hci_event_packet+0x37b/0x1370
[  463.428604][ T4200]  ? __lock_acquire+0x7d10/0x7d10
[  463.433674][ T4200]  ? hci_remote_host_features_evt+0x280/0x280
[  463.439757][ T4200]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  463.445539][ T4200]  ? mark_lock+0x94/0x320
[  463.449902][ T4200]  ? mutex_unlock+0x10/0x10
[  463.454702][ T4200]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  463.460806][ T4200]  ? lock_chain_count+0x20/0x20
[  463.465658][ T4200]  ? __rwlock_init+0x140/0x140
[  463.470421][ T4200]  hci_event_packet+0xe48/0x1370
[  463.475464][ T4200]  ? lockdep_hardirqs_on+0x94/0x140
[  463.480777][ T4200]  ? rcu_lock_release+0x20/0x20
[  463.485632][ T4200]  ? hci_send_to_monitor+0x9c/0x4a0
[  463.490864][ T4200]  hci_rx_work+0x255/0xa10
[  463.495310][ T4200]  process_one_work+0x85f/0x1010
[  463.500266][ T4200]  ? worker_detach_from_pool+0x240/0x240
[  463.505918][ T4200]  ? lockdep_hardirqs_off+0x70/0x100
[  463.511250][ T4200]  ? _raw_spin_lock_irq+0xb7/0xf0
[  463.516278][ T4200]  ? _raw_spin_lock_irqsave+0x100/0x100
[  463.521826][ T4200]  ? wq_worker_running+0x97/0x170
[  463.526944][ T4200]  worker_thread+0xaa6/0x1290
[  463.531662][ T4200]  kthread+0x436/0x520
[  463.535745][ T4200]  ? rcu_lock_release+0x20/0x20
[  463.540596][ T4200]  ? kthread_blkcg+0xd0/0xd0
[  463.545275][ T4200]  ret_from_fork+0x1f/0x30
[  463.549706][ T4200]  </TASK>
[  463.559989][ T4200] kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  463.574153][ T4200] Bluetooth: hci0: failed to register connection device
[  463.622866][ T8630] netlink: 92 bytes leftover after parsing attributes in process `syz.4.1242'.
[  464.123395][ T8643] overlayfs: failed to clone upperpath
[  465.661297][    T7] Bluetooth: hci0: command 0x2016 tx timeout
[  466.783730][ T8668] netlink: 92 bytes leftover after parsing attributes in process `syz.4.1254'.
[  467.365756][ T8676] MPTCP: kernel_bind error, err=-98
[  467.376385][ T4200] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:0'
[  467.391863][ T4200] CPU: 1 PID: 4200 Comm: kworker/u5:6 Not tainted syzkaller #0
[  467.399524][ T4200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  467.409694][ T4200] Workqueue: hci4 hci_rx_work
[  467.414508][ T4200] Call Trace:
[  467.418078][ T4200]  <TASK>
[  467.421118][ T4200]  dump_stack_lvl+0x188/0x250
[  467.426655][ T4200]  ? show_regs_print_info+0x20/0x20
[  467.432057][ T4200]  ? load_image+0x400/0x400
[  467.436688][ T4200]  sysfs_create_dir_ns+0x26a/0x290
[  467.441814][ T4200]  ? sysfs_warn_dup+0xa0/0xa0
[  467.446497][ T4200]  ? process_one_work+0x85f/0x1010
[  467.451656][ T4200]  ? do_raw_spin_unlock+0x11d/0x230
[  467.457059][ T4200]  kobject_add_internal+0x6e0/0xd90
[  467.462674][ T4200]  kobject_add+0x160/0x230
[  467.467424][ T4200]  ? kobject_init+0x1d0/0x1d0
[  467.472317][ T4200]  ? klist_children_get+0x50/0x50
[  467.477502][ T4200]  ? get_device_parent+0x121/0x3f0
[  467.482815][ T4200]  device_add+0x483/0xfb0
[  467.487275][ T4200]  hci_conn_add_sysfs+0xd1/0x1e0
[  467.492330][ T4200]  le_conn_complete_evt+0xc48/0x15c0
[  467.497977][ T4200]  ? cs_le_create_conn+0x5e0/0x5e0
[  467.503353][ T4200]  ? __mutex_trylock_common+0x155/0x260
[  467.508938][ T4200]  hci_le_meta_evt+0xd59/0x3c90
[  467.513948][ T4200]  ? hci_event_packet+0x37b/0x1370
[  467.519169][ T4200]  ? __lock_acquire+0x7d10/0x7d10
[  467.524412][ T4200]  ? hci_remote_host_features_evt+0x280/0x280
[  467.530499][ T4200]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  467.536254][ T4200]  ? mark_lock+0x94/0x320
[  467.540699][ T4200]  ? mutex_unlock+0x10/0x10
[  467.545248][ T4200]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  467.551355][ T4200]  ? lock_chain_count+0x20/0x20
[  467.556327][ T4200]  ? __rwlock_init+0x140/0x140
[  467.561303][ T4200]  hci_event_packet+0xe48/0x1370
[  467.566281][ T4200]  ? lockdep_hardirqs_on+0x94/0x140
[  467.571518][ T4200]  ? rcu_lock_release+0x20/0x20
[  467.576590][ T4200]  ? hci_send_to_monitor+0x9c/0x4a0
[  467.581817][ T4200]  hci_rx_work+0x255/0xa10
[  467.586447][ T4200]  process_one_work+0x85f/0x1010
[  467.591423][ T4200]  ? worker_detach_from_pool+0x240/0x240
[  467.597069][ T4200]  ? lockdep_hardirqs_off+0x70/0x100
[  467.602474][ T4200]  ? _raw_spin_lock_irq+0xb7/0xf0
[  467.607786][ T4200]  ? _raw_spin_lock_irqsave+0x100/0x100
[  467.613365][ T4200]  ? wq_worker_running+0x97/0x170
[  467.618414][ T4200]  worker_thread+0xaa6/0x1290
[  467.623314][ T4200]  kthread+0x436/0x520
[  467.627408][ T4200]  ? rcu_lock_release+0x20/0x20
[  467.632277][ T4200]  ? kthread_blkcg+0xd0/0xd0
[  467.636885][ T4200]  ret_from_fork+0x1f/0x30
[  467.641331][ T4200]  </TASK>
[  467.649754][ T4200] kobject_add_internal failed for hci4:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  467.663472][ T4200] Bluetooth: hci4: failed to register connection device
[  469.750746][ T4386] Bluetooth: hci4: command 0x2016 tx timeout
[  471.299484][ T8709] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  471.629086][ T8717] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1267'.
[  472.682311][ T8722] netlink: 'syz.3.1270': attribute type 3 has an invalid length.
[  472.801445][ T8726] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1271'.
[  474.802139][ T8757] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1279'.
[  479.855668][ T8803] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  486.749362][   T26] audit: type=1800 audit(1776199406.300:8): pid=8866 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1312" name="bus" dev="ramfs" ino=44315 res=0 errno=0
[  490.416171][ T8916] netlink: 'syz.5.1327': attribute type 2 has an invalid length.
[  490.425274][ T8916] netlink: 'syz.5.1327': attribute type 1 has an invalid length.
[  490.436029][ T8916] netlink: 'syz.5.1327': attribute type 1 has an invalid length.
[  500.796151][ T9001] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1354'.
[  502.169656][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  502.176421][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  502.216975][ T9001] 8021q: adding VLAN 0 to HW filter on device bond1
[  502.225030][ T9003] device wlan0 entered promiscuous mode
[  502.406129][ T9003] bond1: (slave wlan0): Enslaving as an active interface with an up link
[  502.427780][ T7700] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[  502.948119][ T9014] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1356'.
[  511.290205][ T9079] netlink: set zone limit has 8 unknown bytes
[  512.572588][ T9099] MPTCP: kernel_bind error, err=-98
[  512.574744][ T8677] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0'
[  512.589824][ T8677] CPU: 1 PID: 8677 Comm: kworker/u5:0 Not tainted syzkaller #0
[  512.597652][ T8677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  512.608091][ T8677] Workqueue: hci0 hci_rx_work
[  512.613096][ T8677] Call Trace:
[  512.616623][ T8677]  <TASK>
[  512.619582][ T8677]  dump_stack_lvl+0x188/0x250
[  512.624653][ T8677]  ? show_regs_print_info+0x20/0x20
[  512.630687][ T8677]  ? load_image+0x400/0x400
[  512.636322][ T8677]  sysfs_create_dir_ns+0x26a/0x290
[  512.641872][ T8677]  ? sysfs_warn_dup+0xa0/0xa0
[  512.646706][ T8677]  ? process_one_work+0x85f/0x1010
[  512.652375][ T8677]  ? do_raw_spin_unlock+0x11d/0x230
[  512.658208][ T8677]  kobject_add_internal+0x6e0/0xd90
[  512.664021][ T8677]  kobject_add+0x160/0x230
[  512.668920][ T8677]  ? kobject_init+0x1d0/0x1d0
[  512.673831][ T8677]  ? klist_children_get+0x50/0x50
[  512.679200][ T8677]  ? get_device_parent+0x121/0x3f0
[  512.684546][ T8677]  device_add+0x483/0xfb0
[  512.689198][ T8677]  hci_conn_add_sysfs+0xd1/0x1e0
[  512.694366][ T8677]  le_conn_complete_evt+0xc48/0x15c0
[  512.700217][ T8677]  ? cs_le_create_conn+0x5e0/0x5e0
[  512.705387][ T8677]  ? __mutex_trylock_common+0x155/0x260
[  512.711409][ T8677]  hci_le_meta_evt+0xd59/0x3c90
[  512.716305][ T8677]  ? hci_event_packet+0x37b/0x1370
[  512.721470][ T8677]  ? __lock_acquire+0x7d10/0x7d10
[  512.726745][ T8677]  ? hci_remote_host_features_evt+0x280/0x280
[  512.733968][ T8677]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  512.740297][ T8677]  ? mark_lock+0x94/0x320
[  512.745295][ T8677]  ? mutex_unlock+0x10/0x10
[  512.751444][ T8677]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  512.759421][ T8677]  ? lock_chain_count+0x20/0x20
[  512.765505][ T8677]  ? __rwlock_init+0x140/0x140
[  512.771349][ T8677]  hci_event_packet+0xe48/0x1370
[  512.777794][ T8677]  ? lockdep_hardirqs_on+0x94/0x140
[  512.783692][ T8677]  ? rcu_lock_release+0x20/0x20
[  512.789103][ T8677]  ? hci_send_to_monitor+0x9c/0x4a0
[  512.794623][ T8677]  hci_rx_work+0x255/0xa10
[  512.799506][ T8677]  process_one_work+0x85f/0x1010
[  512.804791][ T8677]  ? worker_detach_from_pool+0x240/0x240
[  512.810958][ T8677]  ? lockdep_hardirqs_off+0x70/0x100
[  512.816728][ T8677]  ? _raw_spin_lock_irq+0xb7/0xf0
[  512.822255][ T8677]  ? _raw_spin_lock_irqsave+0x100/0x100
[  512.828718][ T8677]  ? wq_worker_running+0x97/0x170
[  512.833978][ T8677]  worker_thread+0xaa6/0x1290
[  512.838977][ T8677]  ? lockdep_hardirqs_on+0x94/0x140
[  512.844501][ T8677]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  512.851013][ T8677]  kthread+0x436/0x520
[  512.855147][ T8677]  ? rcu_lock_release+0x20/0x20
[  512.860198][ T8677]  ? kthread_blkcg+0xd0/0xd0
[  512.864822][ T8677]  ret_from_fork+0x1f/0x30
[  512.869637][ T8677]  </TASK>
[  512.882941][ T8677] kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  512.896571][ T8677] Bluetooth: hci0: failed to register connection device
[  513.032281][ T9098] syz.4.1383 (9098) used greatest stack depth: 20208 bytes left
[  514.940567][ T7699] Bluetooth: hci0: command 0x2016 tx timeout
[  515.232724][ T9130] vcan0: tx drop: invalid sa for name 0x0000000000000003
[  515.617062][ T9140] netlink: 2028 bytes leftover after parsing attributes in process `syz.3.1393'.
[  515.631187][ T9140] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1393'.
[  517.081222][ T4325] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  520.149950][ T9202] MPTCP: kernel_bind error, err=-98
[  524.603802][ T9263] netlink: 'syz.0.1428': attribute type 2 has an invalid length.
[  524.617767][ T9263] netlink: 'syz.0.1428': attribute type 1 has an invalid length.
[  524.626486][ T9263] netlink: 'syz.0.1428': attribute type 1 has an invalid length.
[  525.778985][ T9273] overlayfs: missing 'workdir'
[  526.937053][   T26] audit: type=1326 audit(1776199446.490:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9295 comm="syz.2.1439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff629493819 code=0x7ffc0000
[  526.986502][ T9300] fuse: Bad value for 'fd'
[  526.998645][   T26] audit: type=1326 audit(1776199446.530:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9295 comm="syz.2.1439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7ff629493819 code=0x7ffc0000
[  527.056266][   T26] audit: type=1326 audit(1776199446.530:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9295 comm="syz.2.1439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff629493819 code=0x7ffc0000
[  527.080639][   T26] audit: type=1326 audit(1776199446.530:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9295 comm="syz.2.1439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7ff629493819 code=0x7ffc0000
[  527.109348][   T26] audit: type=1326 audit(1776199446.530:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9295 comm="syz.2.1439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff629493819 code=0x7ffc0000
[  527.445885][   T26] audit: type=1326 audit(1776199446.530:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9295 comm="syz.2.1439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7ff629493819 code=0x7ffc0000
[  527.509641][   T26] audit: type=1326 audit(1776199446.530:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9295 comm="syz.2.1439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff629493819 code=0x7ffc0000
[  527.533723][   T26] audit: type=1326 audit(1776199446.530:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9295 comm="syz.2.1439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7ff629493819 code=0x7ffc0000
[  527.558945][   T26] audit: type=1326 audit(1776199446.530:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9295 comm="syz.2.1439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff629493819 code=0x7ffc0000
[  527.585309][   T26] audit: type=1326 audit(1776199446.530:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9295 comm="syz.2.1439" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7ff629493819 code=0x7ffc0000
[  527.895562][ T9310] netlink: 'syz.4.1443': attribute type 10 has an invalid length.
[  529.093121][ T9310] team0 (unregistering): Port device team_slave_0 removed
[  529.172704][ T9310] team0 (unregistering): Port device team_slave_1 removed
[  533.793732][ T9383] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1467'.
[  536.813994][ T9442] netlink: 'syz.0.1478': attribute type 2 has an invalid length.
[  536.854154][ T9442] netlink: 'syz.0.1478': attribute type 1 has an invalid length.
[  536.904827][ T9442] netlink: 'syz.0.1478': attribute type 1 has an invalid length.
[  537.729948][ T9448] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1480'.
[  542.569232][ T9504] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1493'.
[  551.678824][ T9617] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1526'.
[  551.742545][ T9621] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  561.826189][ T9711] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1552'.
[  561.851586][ T9711] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  563.345891][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  563.354472][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  563.954483][ T9734] netlink: 'syz.2.1556': attribute type 2 has an invalid length.
[  563.962704][ T9734] netlink: 'syz.2.1556': attribute type 1 has an invalid length.
[  563.970702][ T9734] netlink: 'syz.2.1556': attribute type 1 has an invalid length.
[  564.727020][ T9745] netlink: 92 bytes leftover after parsing attributes in process `syz.2.1563'.
[  567.958651][ T9778] netlink: 'syz.5.1571': attribute type 2 has an invalid length.
[  567.966811][ T9778] netlink: 'syz.5.1571': attribute type 1 has an invalid length.
[  567.977835][ T9778] netlink: 'syz.5.1571': attribute type 1 has an invalid length.
[  568.638840][ T9784] netlink: 92 bytes leftover after parsing attributes in process `syz.5.1574'.
[  569.420524][ T9797] netlink: 'syz.5.1577': attribute type 2 has an invalid length.
[  569.428565][ T9797] netlink: 'syz.5.1577': attribute type 1 has an invalid length.
[  569.436998][ T9797] netlink: 'syz.5.1577': attribute type 1 has an invalid length.
[  571.067548][ T9807] MPTCP: kernel_bind error, err=-98
[  571.069803][ T4201] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci5/hci5:0'
[  571.084709][ T4201] CPU: 1 PID: 4201 Comm: kworker/u5:7 Not tainted syzkaller #0
[  571.092382][ T4201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  571.102661][ T4201] Workqueue: hci5 hci_rx_work
[  571.107394][ T4201] Call Trace:
[  571.110800][ T4201]  <TASK>
[  571.113754][ T4201]  dump_stack_lvl+0x188/0x250
[  571.118463][ T4201]  ? show_regs_print_info+0x20/0x20
[  571.123695][ T4201]  ? load_image+0x400/0x400
[  571.128257][ T4201]  sysfs_create_dir_ns+0x26a/0x290
[  571.133420][ T4201]  ? sysfs_warn_dup+0xa0/0xa0
[  571.138240][ T4201]  ? process_one_work+0x85f/0x1010
[  571.143580][ T4201]  ? do_raw_spin_unlock+0x11d/0x230
[  571.148891][ T4201]  kobject_add_internal+0x6e0/0xd90
[  571.154121][ T4201]  kobject_add+0x160/0x230
[  571.158920][ T4201]  ? kobject_init+0x1d0/0x1d0
[  571.163675][ T4201]  ? klist_children_get+0x50/0x50
[  571.168801][ T4201]  ? get_device_parent+0x121/0x3f0
[  571.173937][ T4201]  device_add+0x483/0xfb0
[  571.178386][ T4201]  hci_conn_add_sysfs+0xd1/0x1e0
[  571.183546][ T4201]  le_conn_complete_evt+0xc48/0x15c0
[  571.189055][ T4201]  ? cs_le_create_conn+0x5e0/0x5e0
[  571.194387][ T4201]  ? __mutex_trylock_common+0x155/0x260
[  571.200225][ T4201]  hci_le_meta_evt+0xd59/0x3c90
[  571.205650][ T4201]  ? hci_event_packet+0x37b/0x1370
[  571.210912][ T4201]  ? __lock_acquire+0x7d10/0x7d10
[  571.215972][ T4201]  ? hci_remote_host_features_evt+0x280/0x280
[  571.222154][ T4201]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  571.227986][ T4201]  ? mark_lock+0x94/0x320
[  571.232419][ T4201]  ? mutex_unlock+0x10/0x10
[  571.237075][ T4201]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  571.243303][ T4201]  ? lock_chain_count+0x20/0x20
[  571.248631][ T4201]  ? __rwlock_init+0x140/0x140
[  571.253576][ T4201]  hci_event_packet+0xe48/0x1370
[  571.258591][ T4201]  ? lockdep_hardirqs_on+0x94/0x140
[  571.263852][ T4201]  ? rcu_lock_release+0x20/0x20
[  571.268744][ T4201]  ? hci_send_to_monitor+0x9c/0x4a0
[  571.274061][ T4201]  hci_rx_work+0x255/0xa10
[  571.278718][ T4201]  process_one_work+0x85f/0x1010
[  571.283893][ T4201]  ? worker_detach_from_pool+0x240/0x240
[  571.290136][ T4201]  ? lockdep_hardirqs_off+0x70/0x100
[  571.295647][ T4201]  ? _raw_spin_lock_irq+0xb7/0xf0
[  571.301337][ T4201]  ? _raw_spin_lock_irqsave+0x100/0x100
[  571.306927][ T4201]  ? wq_worker_running+0x97/0x170
[  571.312079][ T4201]  worker_thread+0xaa6/0x1290
[  571.317962][ T4201]  kthread+0x436/0x520
[  571.322437][ T4201]  ? rcu_lock_release+0x20/0x20
[  571.328044][ T4201]  ? kthread_blkcg+0xd0/0xd0
[  571.333465][ T4201]  ret_from_fork+0x1f/0x30
[  571.338336][ T4201]  </TASK>
[  571.420875][ T4201] kobject_add_internal failed for hci5:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  571.434416][ T4201] Bluetooth: hci5: failed to register connection device
[  572.561929][ T9828] netlink: 'syz.3.1587': attribute type 2 has an invalid length.
[  572.570020][ T9828] netlink: 'syz.3.1587': attribute type 1 has an invalid length.
[  572.578863][ T9828] netlink: 'syz.3.1587': attribute type 1 has an invalid length.
[  573.262034][ T9830] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1588'.
[  573.281188][ T9830] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  573.510542][ T4386] Bluetooth: hci5: command 0x2016 tx timeout
[  576.530905][ T9851] MPTCP: kernel_bind error, err=-98
[  577.107736][ T4201] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:0'
[  577.122568][ T4201] CPU: 1 PID: 4201 Comm: kworker/u5:7 Not tainted syzkaller #0
[  577.130790][ T4201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  577.141305][ T4201] Workqueue: hci4 hci_rx_work
[  577.146300][ T4201] Call Trace:
[  577.149667][ T4201]  <TASK>
[  577.152655][ T4201]  dump_stack_lvl+0x188/0x250
[  577.157548][ T4201]  ? show_regs_print_info+0x20/0x20
[  577.162996][ T4201]  ? load_image+0x400/0x400
[  577.167615][ T4201]  sysfs_create_dir_ns+0x26a/0x290
[  577.172818][ T4201]  ? sysfs_warn_dup+0xa0/0xa0
[  577.177495][ T4201]  ? process_one_work+0x85f/0x1010
[  577.182817][ T4201]  ? do_raw_spin_unlock+0x11d/0x230
[  577.188015][ T4201]  kobject_add_internal+0x6e0/0xd90
[  577.193261][ T4201]  kobject_add+0x160/0x230
[  577.197700][ T4201]  ? kobject_init+0x1d0/0x1d0
[  577.202785][ T4201]  ? klist_children_get+0x50/0x50
[  577.208306][ T4201]  ? get_device_parent+0x121/0x3f0
[  577.213968][ T4201]  device_add+0x483/0xfb0
[  577.218412][ T4201]  hci_conn_add_sysfs+0xd1/0x1e0
[  577.224190][ T4201]  le_conn_complete_evt+0xc48/0x15c0
[  577.229608][ T4201]  ? cs_le_create_conn+0x5e0/0x5e0
[  577.235434][ T4201]  ? __mutex_trylock_common+0x155/0x260
[  577.241188][ T4201]  hci_le_meta_evt+0xd59/0x3c90
[  577.246690][ T4201]  ? hci_event_packet+0x37b/0x1370
[  577.252561][ T4201]  ? __lock_acquire+0x7d10/0x7d10
[  577.258052][ T4201]  ? hci_remote_host_features_evt+0x280/0x280
[  577.264445][ T4201]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  577.270319][ T4201]  ? mark_lock+0x94/0x320
[  577.274811][ T4201]  ? mutex_unlock+0x10/0x10
[  577.279577][ T4201]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  577.285724][ T4201]  ? lock_chain_count+0x20/0x20
[  577.290695][ T4201]  ? __rwlock_init+0x140/0x140
[  577.295597][ T4201]  hci_event_packet+0xe48/0x1370
[  577.300555][ T4201]  ? lockdep_hardirqs_on+0x94/0x140
[  577.305757][ T4201]  ? rcu_lock_release+0x20/0x20
[  577.310706][ T4201]  ? hci_send_to_monitor+0x9c/0x4a0
[  577.316027][ T4201]  hci_rx_work+0x255/0xa10
[  577.320463][ T4201]  process_one_work+0x85f/0x1010
[  577.325428][ T4201]  ? worker_detach_from_pool+0x240/0x240
[  577.331087][ T4201]  ? lockdep_hardirqs_off+0x70/0x100
[  577.336379][ T4201]  ? _raw_spin_lock_irq+0xb7/0xf0
[  577.342686][ T4201]  ? _raw_spin_lock_irqsave+0x100/0x100
[  577.348253][ T4201]  ? wq_worker_running+0x97/0x170
[  577.353472][ T4201]  worker_thread+0xaa6/0x1290
[  577.358369][ T4201]  kthread+0x436/0x520
[  577.362449][ T4201]  ? rcu_lock_release+0x20/0x20
[  577.367312][ T4201]  ? kthread_blkcg+0xd0/0xd0
[  577.371905][ T4201]  ret_from_fork+0x1f/0x30
[  577.376611][ T4201]  </TASK>
[  577.444766][ T4201] kobject_add_internal failed for hci4:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  577.458476][ T4201] Bluetooth: hci4: failed to register connection device
[  578.626247][ T9866] netlink: 92 bytes leftover after parsing attributes in process `syz.0.1599'.
[  579.500942][ T1108] Bluetooth: hci4: command 0x2016 tx timeout
[  579.767308][ T9888] netlink: 'syz.3.1603': attribute type 2 has an invalid length.
[  579.776037][ T9888] netlink: 'syz.3.1603': attribute type 1 has an invalid length.
[  579.785545][ T9888] netlink: 'syz.3.1603': attribute type 1 has an invalid length.
[  581.078106][ T9904] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1611'.
[  581.490859][ T9904] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  582.028660][ T9884] netlink: set zone limit has 8 unknown bytes
[  584.191149][ T9936] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1620'.
[  586.663539][ T9955] netlink: 92 bytes leftover after parsing attributes in process `syz.0.1625'.
[  586.889225][ T9960] MPTCP: kernel_bind error, err=-98
[  587.574311][ T4201] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci5/hci5:0'
[  587.589728][ T4201] CPU: 1 PID: 4201 Comm: kworker/u5:7 Not tainted syzkaller #0
[  587.597671][ T4201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  587.608543][ T4201] Workqueue: hci5 hci_rx_work
[  587.613362][ T4201] Call Trace:
[  587.616701][ T4201]  <TASK>
[  587.619648][ T4201]  dump_stack_lvl+0x188/0x250
[  587.624490][ T4201]  ? show_regs_print_info+0x20/0x20
[  587.629728][ T4201]  ? load_image+0x400/0x400
[  587.634258][ T4201]  sysfs_create_dir_ns+0x26a/0x290
[  587.639384][ T4201]  ? sysfs_warn_dup+0xa0/0xa0
[  587.644063][ T4201]  ? process_one_work+0x85f/0x1010
[  587.649456][ T4201]  ? do_raw_spin_unlock+0x11d/0x230
[  587.654710][ T4201]  kobject_add_internal+0x6e0/0xd90
[  587.660031][ T4201]  kobject_add+0x160/0x230
[  587.664468][ T4201]  ? kobject_init+0x1d0/0x1d0
[  587.669169][ T4201]  ? klist_children_get+0x50/0x50
[  587.674211][ T4201]  ? get_device_parent+0x121/0x3f0
[  587.679427][ T4201]  device_add+0x483/0xfb0
[  587.684009][ T4201]  hci_conn_add_sysfs+0xd1/0x1e0
[  587.689064][ T4201]  le_conn_complete_evt+0xc48/0x15c0
[  587.694723][ T4201]  ? cs_le_create_conn+0x5e0/0x5e0
[  587.700070][ T4201]  ? __mutex_trylock_common+0x155/0x260
[  587.705779][ T4201]  hci_le_meta_evt+0xd59/0x3c90
[  587.710865][ T4201]  ? hci_event_packet+0x37b/0x1370
[  587.716138][ T4201]  ? __lock_acquire+0x7d10/0x7d10
[  587.721895][ T4201]  ? hci_remote_host_features_evt+0x280/0x280
[  587.728185][ T4201]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  587.734438][ T4201]  ? mark_lock+0x94/0x320
[  587.740371][ T4201]  ? mutex_unlock+0x10/0x10
[  587.747292][ T4201]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  587.754877][ T4201]  ? lock_chain_count+0x20/0x20
[  587.761429][ T4201]  ? __rwlock_init+0x140/0x140
[  587.768331][ T4201]  hci_event_packet+0xe48/0x1370
[  587.774007][ T4201]  ? lockdep_hardirqs_on+0x94/0x140
[  587.780901][ T4201]  ? rcu_lock_release+0x20/0x20
[  587.786027][ T4201]  ? hci_send_to_monitor+0x9c/0x4a0
[  587.791810][ T4201]  hci_rx_work+0x255/0xa10
[  587.796731][ T4201]  process_one_work+0x85f/0x1010
[  587.802077][ T4201]  ? worker_detach_from_pool+0x240/0x240
[  587.807875][ T4201]  ? lockdep_hardirqs_off+0x70/0x100
[  587.813323][ T4201]  ? _raw_spin_lock_irq+0xb7/0xf0
[  587.818751][ T4201]  ? _raw_spin_lock_irqsave+0x100/0x100
[  587.824347][ T4201]  ? wq_worker_running+0x97/0x170
[  587.829596][ T4201]  worker_thread+0xaa6/0x1290
[  587.834359][ T4201]  kthread+0x436/0x520
[  587.838467][ T4201]  ? rcu_lock_release+0x20/0x20
[  587.843350][ T4201]  ? kthread_blkcg+0xd0/0xd0
[  587.847984][ T4201]  ret_from_fork+0x1f/0x30
[  587.852452][ T4201]  </TASK>
[  587.865926][ T4201] kobject_add_internal failed for hci5:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  587.881524][ T4201] Bluetooth: hci5: failed to register connection device
[  589.919304][ T4231] Bluetooth: hci5: command 0x2016 tx timeout
[  590.724890][T10008] netlink: 92 bytes leftover after parsing attributes in process `syz.5.1639'.
[  591.009244][T10013] MPTCP: kernel_bind error, err=-98
[  591.024627][ T8677] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0'
[  591.042439][ T8677] CPU: 1 PID: 8677 Comm: kworker/u5:0 Not tainted syzkaller #0
[  591.050135][ T8677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  591.060435][ T8677] Workqueue: hci2 hci_rx_work
[  591.065227][ T8677] Call Trace:
[  591.068520][ T8677]  <TASK>
[  591.071467][ T8677]  dump_stack_lvl+0x188/0x250
[  591.076246][ T8677]  ? show_regs_print_info+0x20/0x20
[  591.081456][ T8677]  ? load_image+0x400/0x400
[  591.086084][ T8677]  ? ret_from_fork+0x1f/0x30
[  591.090816][ T8677]  ? sysfs_create_dir_ns+0x23f/0x290
[  591.096166][ T8677]  sysfs_create_dir_ns+0x26a/0x290
[  591.102109][ T8677]  ? sysfs_warn_dup+0xa0/0xa0
[  591.106814][ T8677]  ? preempt_schedule_thunk+0x16/0x18
[  591.112304][ T8677]  kobject_add_internal+0x6e0/0xd90
[  591.117725][ T8677]  kobject_add+0x160/0x230
[  591.122149][ T8677]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  591.127907][ T8677]  ? kobject_init+0x1d0/0x1d0
[  591.132599][ T8677]  ? get_device_parent+0x121/0x3f0
[  591.137812][ T8677]  device_add+0x483/0xfb0
[  591.142157][ T8677]  hci_conn_add_sysfs+0xd1/0x1e0
[  591.147124][ T8677]  le_conn_complete_evt+0xc48/0x15c0
[  591.153027][ T8677]  ? __switch_to_asm+0x34/0x60
[  591.157947][ T8677]  ? cs_le_create_conn+0x5e0/0x5e0
[  591.163109][ T8677]  hci_le_meta_evt+0xd59/0x3c90
[  591.168002][ T8677]  ? lock_chain_count+0x20/0x20
[  591.173172][ T8677]  ? hci_remote_host_features_evt+0x280/0x280
[  591.179382][ T8677]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  591.185749][ T8677]  ? lockdep_hardirqs_on+0x94/0x140
[  591.191064][ T8677]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  591.196725][ T8677]  ? hci_event_packet+0x38a/0x1370
[  591.202982][ T8677]  ? __sanitizer_cov_trace_switch+0x5c/0xe0
[  591.209005][ T8677]  hci_event_packet+0xe48/0x1370
[  591.214035][ T8677]  ? rcu_lock_release+0x20/0x20
[  591.219052][ T8677]  ? kasan_check_range+0x84/0x290
[  591.224205][ T8677]  ? hci_send_to_monitor+0x9c/0x4a0
[  591.229609][ T8677]  hci_rx_work+0x255/0xa10
[  591.234168][ T8677]  process_one_work+0x85f/0x1010
[  591.239150][ T8677]  ? worker_detach_from_pool+0x240/0x240
[  591.244976][ T8677]  ? lockdep_hardirqs_off+0x70/0x100
[  591.251900][ T8677]  ? _raw_spin_lock_irq+0xb7/0xf0
[  591.257145][ T8677]  ? _raw_spin_lock_irqsave+0x100/0x100
[  591.262878][ T8677]  ? wq_worker_running+0x97/0x170
[  591.269285][ T8677]  worker_thread+0xaa6/0x1290
[  591.274551][ T8677]  ? lockdep_hardirqs_on+0x94/0x140
[  591.280569][ T8677]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  591.287895][ T8677]  kthread+0x436/0x520
[  591.292215][ T8677]  ? rcu_lock_release+0x20/0x20
[  591.297097][ T8677]  ? kthread_blkcg+0xd0/0xd0
[  591.301756][ T8677]  ret_from_fork+0x1f/0x30
[  591.306590][ T8677]  </TASK>
[  591.322870][ T8677] kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  591.336664][ T8677] Bluetooth: hci2: failed to register connection device
[  592.972047][T10028] netlink: set zone limit has 8 unknown bytes
[  593.473544][ T4386] Bluetooth: hci2: command 0x2016 tx timeout
[  594.381175][T10047] netlink: 92 bytes leftover after parsing attributes in process `syz.5.1652'.
[  594.785405][T10054] netlink: 'syz.2.1653': attribute type 2 has an invalid length.
[  594.794623][T10054] netlink: 'syz.2.1653': attribute type 1 has an invalid length.
[  594.803884][T10054] netlink: 'syz.2.1653': attribute type 1 has an invalid length.
[  598.821413][T10095] netlink: set zone limit has 8 unknown bytes
[  600.615392][T10101] netlink: 'syz.5.1667': attribute type 2 has an invalid length.
[  600.624126][T10101] netlink: 'syz.5.1667': attribute type 1 has an invalid length.
[  600.632749][T10101] netlink: 'syz.5.1667': attribute type 1 has an invalid length.
[  608.059651][T10177] netlink: set zone limit has 8 unknown bytes
[  609.554790][T10199] netlink: 92 bytes leftover after parsing attributes in process `syz.0.1697'.
[  617.106251][T10272] netlink: 92 bytes leftover after parsing attributes in process `syz.0.1721'.
[  620.807214][T10313] netlink: 92 bytes leftover after parsing attributes in process `syz.2.1734'.
[  621.292982][T10322] netlink: set zone limit has 8 unknown bytes
[  624.796544][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  624.803289][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  624.930038][T10361] netlink: 92 bytes leftover after parsing attributes in process `syz.0.1748'.
[  625.343556][T10365] netlink: set zone limit has 8 unknown bytes
[  630.873451][T10406] netlink: 92 bytes leftover after parsing attributes in process `syz.4.1759'.
[  631.745588][T10418] netlink: set zone limit has 8 unknown bytes
[  635.089298][T10448] netlink: 92 bytes leftover after parsing attributes in process `syz.2.1770'.
[  640.223546][T10491] netlink: 92 bytes leftover after parsing attributes in process `syz.2.1785'.
[  645.701359][T10535] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1799'.
[  645.750331][T10535] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  648.951689][T10573] netlink: 92 bytes leftover after parsing attributes in process `syz.5.1812'.
[  656.924414][T10678] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  656.934115][T10678] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  656.943406][T10678] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  656.952344][T10678] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  656.965809][T10678] netdevsim netdevsim5 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  656.975276][T10678] netdevsim netdevsim5 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  656.984640][T10678] netdevsim netdevsim5 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  656.994100][T10678] netdevsim netdevsim5 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  657.076999][T10679] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  657.086604][T10679] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  657.095408][T10679] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  657.104356][T10679] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  657.287469][T10679] netdevsim netdevsim5 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  657.296723][T10679] netdevsim netdevsim5 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  657.305701][T10679] netdevsim netdevsim5 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  657.315303][T10679] netdevsim netdevsim5 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  657.631698][T10688] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  659.967228][T10721] MPTCP: kernel_bind error, err=-98
[  660.731732][ T8677] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0'
[  660.750533][ T8677] CPU: 0 PID: 8677 Comm: kworker/u5:0 Not tainted syzkaller #0
[  660.758131][ T8677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  660.768231][ T8677] Workqueue: hci3 hci_rx_work
[  660.772939][ T8677] Call Trace:
[  660.776431][ T8677]  <TASK>
[  660.779490][ T8677]  dump_stack_lvl+0x188/0x250
[  660.784196][ T8677]  ? show_regs_print_info+0x20/0x20
[  660.789429][ T8677]  ? load_image+0x400/0x400
[  660.793983][ T8677]  sysfs_create_dir_ns+0x26a/0x290
[  660.799129][ T8677]  ? sysfs_warn_dup+0xa0/0xa0
[  660.803820][ T8677]  ? process_one_work+0x85f/0x1010
[  660.809116][ T8677]  ? do_raw_spin_unlock+0x11d/0x230
[  660.814327][ T8677]  kobject_add_internal+0x6e0/0xd90
[  660.819552][ T8677]  kobject_add+0x160/0x230
[  660.823984][ T8677]  ? kobject_init+0x1d0/0x1d0
[  660.828668][ T8677]  ? klist_children_get+0x50/0x50
[  660.833703][ T8677]  ? get_device_parent+0x121/0x3f0
[  660.838822][ T8677]  device_add+0x483/0xfb0
[  660.843167][ T8677]  hci_conn_add_sysfs+0xd1/0x1e0
[  660.848113][ T8677]  le_conn_complete_evt+0xc48/0x15c0
[  660.853510][ T8677]  ? cs_le_create_conn+0x5e0/0x5e0
[  660.858984][ T8677]  ? __mutex_trylock_common+0x155/0x260
[  660.864540][ T8677]  hci_le_meta_evt+0xd59/0x3c90
[  660.869400][ T8677]  ? mark_lock+0x94/0x320
[  660.873741][ T8677]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  660.879835][ T8677]  ? lock_chain_count+0x20/0x20
[  660.884691][ T8677]  ? hci_remote_host_features_evt+0x280/0x280
[  660.890961][ T8677]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  660.897350][ T8677]  ? lockdep_hardirqs_on+0x94/0x140
[  660.902561][ T8677]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  660.908824][ T8677]  ? hci_event_packet+0x5f1/0x1370
[  660.914045][ T8677]  hci_event_packet+0xe48/0x1370
[  660.919076][ T8677]  ? lockdep_hardirqs_on+0x94/0x140
[  660.924290][ T8677]  ? rcu_lock_release+0x20/0x20
[  660.929164][ T8677]  ? hci_send_to_monitor+0x9c/0x4a0
[  660.934381][ T8677]  hci_rx_work+0x255/0xa10
[  660.938827][ T8677]  process_one_work+0x85f/0x1010
[  660.943888][ T8677]  ? worker_detach_from_pool+0x240/0x240
[  660.949548][ T8677]  ? lockdep_hardirqs_off+0x70/0x100
[  660.955229][ T8677]  ? _raw_spin_lock_irq+0xb7/0xf0
[  660.960266][ T8677]  ? _raw_spin_lock_irqsave+0x100/0x100
[  660.965832][ T8677]  ? wq_worker_running+0x97/0x170
[  660.970947][ T8677]  worker_thread+0xaa6/0x1290
[  660.975613][ T8677]  ? lockdep_hardirqs_on+0x94/0x140
[  660.980796][ T8677]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  660.986800][ T8677]  kthread+0x436/0x520
[  660.990971][ T8677]  ? rcu_lock_release+0x20/0x20
[  660.995837][ T8677]  ? kthread_blkcg+0xd0/0xd0
[  661.000612][ T8677]  ret_from_fork+0x1f/0x30
[  661.005115][ T8677]  </TASK>
[  661.031268][ T8677] kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  661.045781][ T8677] Bluetooth: hci3: failed to register connection device
[  661.418798][T10731] netlink: set zone limit has 8 unknown bytes
[  661.984812][T10739] netlink: 92 bytes leftover after parsing attributes in process `syz.2.1864'.
[  663.110870][ T4276] Bluetooth: hci3: command 0x2016 tx timeout
[  663.247968][T10764] netlink: 'syz.3.1869': attribute type 2 has an invalid length.
[  663.256607][T10764] netlink: 'syz.3.1869': attribute type 1 has an invalid length.
[  663.265401][T10764] netlink: 'syz.3.1869': attribute type 1 has an invalid length.
[  663.731508][T10768] MPTCP: kernel_bind error, err=-98
[  664.547137][ T8677] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci5/hci5:0'
[  664.566754][ T8677] CPU: 0 PID: 8677 Comm: kworker/u5:0 Not tainted syzkaller #0
[  664.574406][ T8677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  664.584462][ T8677] Workqueue: hci5 hci_rx_work
[  664.589147][ T8677] Call Trace:
[  664.592475][ T8677]  <TASK>
[  664.595398][ T8677]  dump_stack_lvl+0x188/0x250
[  664.600289][ T8677]  ? show_regs_print_info+0x20/0x20
[  664.605695][ T8677]  ? load_image+0x400/0x400
[  664.610199][ T8677]  sysfs_create_dir_ns+0x26a/0x290
[  664.615449][ T8677]  ? sysfs_warn_dup+0xa0/0xa0
[  664.620415][ T8677]  ? process_one_work+0x85f/0x1010
[  664.626189][ T8677]  ? do_raw_spin_unlock+0x11d/0x230
[  664.631495][ T8677]  kobject_add_internal+0x6e0/0xd90
[  664.636897][ T8677]  kobject_add+0x160/0x230
[  664.641508][ T8677]  ? kobject_init+0x1d0/0x1d0
[  664.646479][ T8677]  ? klist_children_get+0x50/0x50
[  664.651508][ T8677]  ? get_device_parent+0x121/0x3f0
[  664.656708][ T8677]  device_add+0x483/0xfb0
[  664.661140][ T8677]  hci_conn_add_sysfs+0xd1/0x1e0
[  664.666072][ T8677]  le_conn_complete_evt+0xc48/0x15c0
[  664.671357][ T8677]  ? cs_le_create_conn+0x5e0/0x5e0
[  664.676464][ T8677]  ? __mutex_trylock_common+0x155/0x260
[  664.682089][ T8677]  hci_le_meta_evt+0xd59/0x3c90
[  664.686943][ T8677]  ? hci_event_packet+0x37b/0x1370
[  664.692253][ T8677]  ? __lock_acquire+0x7d10/0x7d10
[  664.697313][ T8677]  ? hci_remote_host_features_evt+0x280/0x280
[  664.703387][ T8677]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  664.709035][ T8677]  ? mark_lock+0x94/0x320
[  664.713360][ T8677]  ? mutex_unlock+0x10/0x10
[  664.718224][ T8677]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  664.724288][ T8677]  ? lock_chain_count+0x20/0x20
[  664.729154][ T8677]  ? __rwlock_init+0x140/0x140
[  664.733937][ T8677]  hci_event_packet+0xe48/0x1370
[  664.739130][ T8677]  ? lockdep_hardirqs_on+0x94/0x140
[  664.744683][ T8677]  ? rcu_lock_release+0x20/0x20
[  664.749545][ T8677]  ? hci_send_to_monitor+0x9c/0x4a0
[  664.754751][ T8677]  hci_rx_work+0x255/0xa10
[  664.759287][ T8677]  process_one_work+0x85f/0x1010
[  664.764253][ T8677]  ? worker_detach_from_pool+0x240/0x240
[  664.770082][ T8677]  ? lockdep_hardirqs_off+0x70/0x100
[  664.775578][ T8677]  ? _raw_spin_lock_irq+0xb7/0xf0
[  664.780617][ T8677]  ? _raw_spin_lock_irqsave+0x100/0x100
[  664.786236][ T8677]  ? wq_worker_running+0x97/0x170
[  664.791337][ T8677]  worker_thread+0xaa6/0x1290
[  664.796013][ T8677]  ? lockdep_hardirqs_on+0x94/0x140
[  664.801293][ T8677]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  664.807201][ T8677]  kthread+0x436/0x520
[  664.811349][ T8677]  ? rcu_lock_release+0x20/0x20
[  664.816180][ T8677]  ? kthread_blkcg+0xd0/0xd0
[  664.820754][ T8677]  ret_from_fork+0x1f/0x30
[  664.825246][ T8677]  </TASK>
[  664.832632][ T8677] kobject_add_internal failed for hci5:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  664.846304][ T8677] Bluetooth: hci5: failed to register connection device
[  665.021592][T10773] netlink: set zone limit has 8 unknown bytes
[  665.222141][T10783] netlink: 92 bytes leftover after parsing attributes in process `syz.2.1877'.
[  667.220994][ T1108] Bluetooth: hci5: command 0x2016 tx timeout
[  668.708536][T10812] MPTCP: kernel_bind error, err=-98
[  668.720961][ T8677] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:0'
[  668.736581][ T8677] CPU: 0 PID: 8677 Comm: kworker/u5:0 Not tainted syzkaller #0
[  668.744806][ T8677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  668.754899][ T8677] Workqueue: hci4 hci_rx_work
[  668.759735][ T8677] Call Trace:
[  668.763031][ T8677]  <TASK>
[  668.765972][ T8677]  dump_stack_lvl+0x188/0x250
[  668.770688][ T8677]  ? show_regs_print_info+0x20/0x20
[  668.776002][ T8677]  ? load_image+0x400/0x400
[  668.780643][ T8677]  sysfs_create_dir_ns+0x26a/0x290
[  668.785947][ T8677]  ? sysfs_warn_dup+0xa0/0xa0
[  668.790636][ T8677]  ? process_one_work+0x85f/0x1010
[  668.795771][ T8677]  ? do_raw_spin_unlock+0x11d/0x230
[  668.800992][ T8677]  kobject_add_internal+0x6e0/0xd90
[  668.806222][ T8677]  kobject_add+0x160/0x230
[  668.810674][ T8677]  ? kobject_init+0x1d0/0x1d0
[  668.815383][ T8677]  ? klist_children_get+0x50/0x50
[  668.820441][ T8677]  ? get_device_parent+0x121/0x3f0
[  668.825584][ T8677]  device_add+0x483/0xfb0
[  668.829955][ T8677]  hci_conn_add_sysfs+0xd1/0x1e0
[  668.834923][ T8677]  le_conn_complete_evt+0xc48/0x15c0
[  668.840243][ T8677]  ? cs_le_create_conn+0x5e0/0x5e0
[  668.845491][ T8677]  ? __mutex_trylock_common+0x155/0x260
[  668.851072][ T8677]  hci_le_meta_evt+0xd59/0x3c90
[  668.856112][ T8677]  ? hci_event_packet+0x37b/0x1370
[  668.861255][ T8677]  ? __lock_acquire+0x7d10/0x7d10
[  668.866316][ T8677]  ? hci_remote_host_features_evt+0x280/0x280
[  668.872408][ T8677]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  668.878067][ T8677]  ? mark_lock+0x94/0x320
[  668.882420][ T8677]  ? mutex_unlock+0x10/0x10
[  668.886951][ T8677]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  668.892969][ T8677]  ? lock_chain_count+0x20/0x20
[  668.897836][ T8677]  ? __rwlock_init+0x140/0x140
[  668.902611][ T8677]  hci_event_packet+0xe48/0x1370
[  668.907568][ T8677]  ? lockdep_hardirqs_on+0x94/0x140
[  668.912795][ T8677]  ? rcu_lock_release+0x20/0x20
[  668.918139][ T8677]  ? hci_send_to_monitor+0x9c/0x4a0
[  668.923362][ T8677]  hci_rx_work+0x255/0xa10
[  668.927812][ T8677]  process_one_work+0x85f/0x1010
[  668.932796][ T8677]  ? worker_detach_from_pool+0x240/0x240
[  668.938525][ T8677]  ? lockdep_hardirqs_off+0x70/0x100
[  668.943988][ T8677]  ? _raw_spin_lock_irq+0xb7/0xf0
[  668.949092][ T8677]  ? _raw_spin_lock_irqsave+0x100/0x100
[  668.954711][ T8677]  ? wq_worker_running+0x97/0x170
[  668.959726][ T8677]  worker_thread+0xaa6/0x1290
[  668.964402][ T8677]  ? lockdep_hardirqs_on+0x94/0x140
[  668.969596][ T8677]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  668.975688][ T8677]  kthread+0x436/0x520
[  668.979780][ T8677]  ? rcu_lock_release+0x20/0x20
[  668.984744][ T8677]  ? kthread_blkcg+0xd0/0xd0
[  668.989353][ T8677]  ret_from_fork+0x1f/0x30
[  668.994073][ T8677]  </TASK>
[  668.999425][ T8677] kobject_add_internal failed for hci4:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  669.016944][ T8677] Bluetooth: hci4: failed to register connection device
[  669.370345][T10820] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1889'.
[  669.414275][T10820] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  671.295805][T10854] netlink: 'syz.3.1898': attribute type 2 has an invalid length.
[  671.303976][T10854] netlink: 'syz.3.1898': attribute type 1 has an invalid length.
[  671.314729][T10854] netlink: 'syz.3.1898': attribute type 1 has an invalid length.
[  671.747384][T10323] Bluetooth: hci4: command 0x2016 tx timeout
[  675.466728][T10910] netlink: 'syz.4.1915': attribute type 2 has an invalid length.
[  675.475132][T10910] netlink: 'syz.4.1915': attribute type 1 has an invalid length.
[  675.483566][T10910] netlink: 'syz.4.1915': attribute type 1 has an invalid length.
[  678.450888][T10947] xt_CT: You must specify a L4 protocol and not use inversions on it
[  679.458261][T10967] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1936'.
[  681.529168][T10993] fuse: Bad value for 'fd'
[  682.933219][T11010] MPTCP: kernel_bind error, err=-98
[  682.951110][ T8677] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0'
[  682.966784][ T8677] CPU: 0 PID: 8677 Comm: kworker/u5:0 Not tainted syzkaller #0
[  682.974866][ T8677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  682.985173][ T8677] Workqueue: hci2 hci_rx_work
[  682.990068][ T8677] Call Trace:
[  682.993358][ T8677]  <TASK>
[  682.996318][ T8677]  dump_stack_lvl+0x188/0x250
[  683.001120][ T8677]  ? show_regs_print_info+0x20/0x20
[  683.006345][ T8677]  ? load_image+0x400/0x400
[  683.010874][ T8677]  sysfs_create_dir_ns+0x26a/0x290
[  683.016793][ T8677]  ? sysfs_warn_dup+0xa0/0xa0
[  683.021562][ T8677]  ? process_one_work+0x85f/0x1010
[  683.026717][ T8677]  ? do_raw_spin_unlock+0x11d/0x230
[  683.031943][ T8677]  kobject_add_internal+0x6e0/0xd90
[  683.037275][ T8677]  kobject_add+0x160/0x230
[  683.041928][ T8677]  ? kobject_init+0x1d0/0x1d0
[  683.046711][ T8677]  ? klist_children_get+0x50/0x50
[  683.051741][ T8677]  ? get_device_parent+0x121/0x3f0
[  683.057043][ T8677]  device_add+0x483/0xfb0
[  683.061614][ T8677]  hci_conn_add_sysfs+0xd1/0x1e0
[  683.066576][ T8677]  le_conn_complete_evt+0xc48/0x15c0
[  683.071868][ T8677]  ? cs_le_create_conn+0x5e0/0x5e0
[  683.076984][ T8677]  ? __mutex_trylock_common+0x155/0x260
[  683.082524][ T8677]  hci_le_meta_evt+0xd59/0x3c90
[  683.087364][ T8677]  ? hci_event_packet+0x37b/0x1370
[  683.092472][ T8677]  ? __lock_acquire+0x7d10/0x7d10
[  683.097527][ T8677]  ? hci_remote_host_features_evt+0x280/0x280
[  683.103930][ T8677]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  683.109675][ T8677]  ? mark_lock+0x94/0x320
[  683.114111][ T8677]  ? mutex_unlock+0x10/0x10
[  683.118713][ T8677]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  683.126040][ T8677]  ? lock_chain_count+0x20/0x20
[  683.131045][ T8677]  ? __rwlock_init+0x140/0x140
[  683.136025][ T8677]  hci_event_packet+0xe48/0x1370
[  683.140985][ T8677]  ? lockdep_hardirqs_on+0x94/0x140
[  683.146205][ T8677]  ? rcu_lock_release+0x20/0x20
[  683.151173][ T8677]  ? hci_send_to_monitor+0x9c/0x4a0
[  683.156640][ T8677]  hci_rx_work+0x255/0xa10
[  683.161306][ T8677]  process_one_work+0x85f/0x1010
[  683.166418][ T8677]  ? worker_detach_from_pool+0x240/0x240
[  683.172515][ T8677]  ? lockdep_hardirqs_off+0x70/0x100
[  683.177933][ T8677]  ? _raw_spin_lock_irq+0xb7/0xf0
[  683.183088][ T8677]  ? _raw_spin_lock_irqsave+0x100/0x100
[  683.188863][ T8677]  ? wq_worker_running+0x97/0x170
[  683.193926][ T8677]  worker_thread+0xaa6/0x1290
[  683.198640][ T8677]  ? lockdep_hardirqs_on+0x94/0x140
[  683.203949][ T8677]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  683.209974][ T8677]  kthread+0x436/0x520
[  683.214060][ T8677]  ? rcu_lock_release+0x20/0x20
[  683.218906][ T8677]  ? kthread_blkcg+0xd0/0xd0
[  683.223702][ T8677]  ret_from_fork+0x1f/0x30
[  683.228569][ T8677]  </TASK>
[  683.234600][ T8677] kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  683.249181][ T8677] Bluetooth: hci2: failed to register connection device
[  683.282850][T11015] overlayfs: failed to clone upperpath
[  685.270847][ T1108] Bluetooth: hci2: command 0x2016 tx timeout
[  686.232028][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  686.238570][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  687.856751][T11085] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1975'.
[  687.891424][T11085] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  690.554062][T11129] netlink: 'syz.2.1990': attribute type 1 has an invalid length.
[  690.575960][T11129] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1990'.
[  694.336607][   T26] audit: type=1326 audit(1776199613.890:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11198 comm="syz.5.2014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f461a85b819 code=0x7ffc0000
[  694.412098][   T26] audit: type=1326 audit(1776199613.910:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11198 comm="syz.5.2014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=445 compat=0 ip=0x7f461a85b819 code=0x7ffc0000
[  695.644370][   T26] audit: type=1326 audit(1776199613.910:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11198 comm="syz.5.2014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f461a85b819 code=0x7ffc0000
[  697.884011][T11235] overlayfs: missing 'lowerdir'
[  700.491208][T11286] MPTCP: kernel_bind error, err=-98
[  700.530843][ T8677] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci5/hci5:0'
[  700.546574][ T8677] CPU: 1 PID: 8677 Comm: kworker/u5:0 Not tainted syzkaller #0
[  700.554147][ T8677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  700.564510][ T8677] Workqueue: hci5 hci_rx_work
[  700.569399][ T8677] Call Trace:
[  700.572680][ T8677]  <TASK>
[  700.575698][ T8677]  dump_stack_lvl+0x188/0x250
[  700.580397][ T8677]  ? show_regs_print_info+0x20/0x20
[  700.585718][ T8677]  ? load_image+0x400/0x400
[  700.590348][ T8677]  sysfs_create_dir_ns+0x26a/0x290
[  700.595493][ T8677]  ? sysfs_warn_dup+0xa0/0xa0
[  700.600199][ T8677]  ? process_one_work+0x85f/0x1010
[  700.605458][ T8677]  ? do_raw_spin_unlock+0x11d/0x230
[  700.610910][ T8677]  kobject_add_internal+0x6e0/0xd90
[  700.616232][ T8677]  kobject_add+0x160/0x230
[  700.621014][ T8677]  ? kobject_init+0x1d0/0x1d0
[  700.625757][ T8677]  ? klist_children_get+0x50/0x50
[  700.630826][ T8677]  ? get_device_parent+0x121/0x3f0
[  700.636635][ T8677]  device_add+0x483/0xfb0
[  700.641140][ T8677]  hci_conn_add_sysfs+0xd1/0x1e0
[  700.646243][ T8677]  le_conn_complete_evt+0xc48/0x15c0
[  700.651754][ T8677]  ? cs_le_create_conn+0x5e0/0x5e0
[  700.656922][ T8677]  ? __mutex_trylock_common+0x155/0x260
[  700.662510][ T8677]  hci_le_meta_evt+0xd59/0x3c90
[  700.667509][ T8677]  ? hci_event_packet+0x37b/0x1370
[  700.672657][ T8677]  ? __lock_acquire+0x7d10/0x7d10
[  700.678178][ T8677]  ? hci_remote_host_features_evt+0x280/0x280
[  700.685060][ T8677]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  700.690740][ T8677]  ? mark_lock+0x94/0x320
[  700.695187][ T8677]  ? mutex_unlock+0x10/0x10
[  700.699720][ T8677]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  700.705829][ T8677]  ? lock_chain_count+0x20/0x20
[  700.710758][ T8677]  ? __rwlock_init+0x140/0x140
[  700.715655][ T8677]  hci_event_packet+0xe48/0x1370
[  700.720635][ T8677]  ? lockdep_hardirqs_on+0x94/0x140
[  700.725982][ T8677]  ? rcu_lock_release+0x20/0x20
[  700.730870][ T8677]  ? hci_send_to_monitor+0x9c/0x4a0
[  700.736106][ T8677]  hci_rx_work+0x255/0xa10
[  700.740568][ T8677]  process_one_work+0x85f/0x1010
[  700.745543][ T8677]  ? worker_detach_from_pool+0x240/0x240
[  700.751376][ T8677]  ? lockdep_hardirqs_off+0x70/0x100
[  700.756687][ T8677]  ? _raw_spin_lock_irq+0xb7/0xf0
[  700.761740][ T8677]  ? _raw_spin_lock_irqsave+0x100/0x100
[  700.767331][ T8677]  ? wq_worker_running+0x97/0x170
[  700.772474][ T8677]  worker_thread+0xaa6/0x1290
[  700.777461][ T8677]  ? lockdep_hardirqs_on+0x94/0x140
[  700.782720][ T8677]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  700.788651][ T8677]  kthread+0x436/0x520
[  700.792752][ T8677]  ? rcu_lock_release+0x20/0x20
[  700.797630][ T8677]  ? kthread_blkcg+0xd0/0xd0
[  700.802251][ T8677]  ret_from_fork+0x1f/0x30
[  700.806795][ T8677]  </TASK>
[  700.830462][ T8677] kobject_add_internal failed for hci5:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  700.849775][ T8677] Bluetooth: hci5: failed to register connection device
[  703.042102][T10323] Bluetooth: hci5: command 0x2016 tx timeout
[  703.221090][T11333] MPTCP: kernel_bind error, err=-98
[  703.225237][ T8677] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0'
[  703.240998][ T8677] CPU: 1 PID: 8677 Comm: kworker/u5:0 Not tainted syzkaller #0
[  703.249026][ T8677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  703.259202][ T8677] Workqueue: hci0 hci_rx_work
[  703.263907][ T8677] Call Trace:
[  703.267381][ T8677]  <TASK>
[  703.270324][ T8677]  dump_stack_lvl+0x188/0x250
[  703.275016][ T8677]  ? show_regs_print_info+0x20/0x20
[  703.280233][ T8677]  ? load_image+0x400/0x400
[  703.284765][ T8677]  sysfs_create_dir_ns+0x26a/0x290
[  703.289901][ T8677]  ? sysfs_warn_dup+0xa0/0xa0
[  703.294587][ T8677]  ? process_one_work+0x85f/0x1010
[  703.299898][ T8677]  ? do_raw_spin_unlock+0x11d/0x230
[  703.305203][ T8677]  kobject_add_internal+0x6e0/0xd90
[  703.310441][ T8677]  kobject_add+0x160/0x230
[  703.314918][ T8677]  ? kobject_init+0x1d0/0x1d0
[  703.319637][ T8677]  ? klist_children_get+0x50/0x50
[  703.324704][ T8677]  ? get_device_parent+0x121/0x3f0
[  703.329853][ T8677]  device_add+0x483/0xfb0
[  703.334221][ T8677]  hci_conn_add_sysfs+0xd1/0x1e0
[  703.339187][ T8677]  le_conn_complete_evt+0xc48/0x15c0
[  703.344512][ T8677]  ? cs_le_create_conn+0x5e0/0x5e0
[  703.349645][ T8677]  ? __mutex_trylock_common+0x155/0x260
[  703.355220][ T8677]  hci_le_meta_evt+0xd59/0x3c90
[  703.360098][ T8677]  ? hci_event_packet+0x37b/0x1370
[  703.365400][ T8677]  ? __lock_acquire+0x7d10/0x7d10
[  703.370453][ T8677]  ? hci_remote_host_features_evt+0x280/0x280
[  703.376635][ T8677]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  703.382413][ T8677]  ? mark_lock+0x94/0x320
[  703.386769][ T8677]  ? mutex_unlock+0x10/0x10
[  703.391290][ T8677]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  703.397298][ T8677]  ? lock_chain_count+0x20/0x20
[  703.402171][ T8677]  ? __rwlock_init+0x140/0x140
[  703.407155][ T8677]  hci_event_packet+0xe48/0x1370
[  703.412179][ T8677]  ? lockdep_hardirqs_on+0x94/0x140
[  703.417491][ T8677]  ? rcu_lock_release+0x20/0x20
[  703.422359][ T8677]  ? hci_send_to_monitor+0x9c/0x4a0
[  703.427592][ T8677]  hci_rx_work+0x255/0xa10
[  703.432138][ T8677]  process_one_work+0x85f/0x1010
[  703.437118][ T8677]  ? worker_detach_from_pool+0x240/0x240
[  703.443065][ T8677]  ? lockdep_hardirqs_off+0x70/0x100
[  703.448384][ T8677]  ? _raw_spin_lock_irq+0xb7/0xf0
[  703.453422][ T8677]  ? _raw_spin_lock_irqsave+0x100/0x100
[  703.458989][ T8677]  ? wq_worker_running+0x97/0x170
[  703.464273][ T8677]  worker_thread+0xaa6/0x1290
[  703.469089][ T8677]  ? lockdep_hardirqs_on+0x94/0x140
[  703.474401][ T8677]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  703.480472][ T8677]  kthread+0x436/0x520
[  703.484571][ T8677]  ? rcu_lock_release+0x20/0x20
[  703.489469][ T8677]  ? kthread_blkcg+0xd0/0xd0
[  703.494104][ T8677]  ret_from_fork+0x1f/0x30
[  703.498599][ T8677]  </TASK>
[  703.505743][ T8677] kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  703.520403][ T8677] Bluetooth: hci0: failed to register connection device
[  703.765694][T11342] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2064'.
[  703.928089][T11346] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2066'.
[  703.995119][T11346] bridge0: port 1(bridge_slave_0) entered disabled state
[  704.025233][T11346] device bridge_slave_0 left promiscuous mode
[  704.167057][T11346] bridge0: port 1(bridge_slave_0) entered disabled state
[  705.582070][T10323] Bluetooth: hci0: command 0x2016 tx timeout
[  705.753170][T11356] overlayfs: failed to clone upperpath
[  705.798404][T11356] overlayfs: failed to clone upperpath
[  706.901803][T11371] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2075'.
[  706.911671][T11371] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2075'.
[  706.991193][T11373] MPTCP: kernel_bind error, err=-98
[  706.994020][ T4201] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:0'
[  707.009871][ T4201] CPU: 0 PID: 4201 Comm: kworker/u5:7 Not tainted syzkaller #0
[  707.017520][ T4201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  707.027665][ T4201] Workqueue: hci4 hci_rx_work
[  707.032446][ T4201] Call Trace:
[  707.035724][ T4201]  <TASK>
[  707.038648][ T4201]  dump_stack_lvl+0x188/0x250
[  707.043510][ T4201]  ? show_regs_print_info+0x20/0x20
[  707.048738][ T4201]  ? load_image+0x400/0x400
[  707.053271][ T4201]  sysfs_create_dir_ns+0x26a/0x290
[  707.058409][ T4201]  ? sysfs_warn_dup+0xa0/0xa0
[  707.063084][ T4201]  ? process_one_work+0x85f/0x1010
[  707.068310][ T4201]  ? do_raw_spin_unlock+0x11d/0x230
[  707.073612][ T4201]  kobject_add_internal+0x6e0/0xd90
[  707.078916][ T4201]  kobject_add+0x160/0x230
[  707.083353][ T4201]  ? kobject_init+0x1d0/0x1d0
[  707.088055][ T4201]  ? klist_children_get+0x50/0x50
[  707.093123][ T4201]  ? get_device_parent+0x121/0x3f0
[  707.098448][ T4201]  device_add+0x483/0xfb0
[  707.102989][ T4201]  hci_conn_add_sysfs+0xd1/0x1e0
[  707.108256][ T4201]  le_conn_complete_evt+0xc48/0x15c0
[  707.113585][ T4201]  ? cs_le_create_conn+0x5e0/0x5e0
[  707.118883][ T4201]  ? __mutex_trylock_common+0x155/0x260
[  707.124462][ T4201]  hci_le_meta_evt+0xd59/0x3c90
[  707.129469][ T4201]  ? hci_event_packet+0x37b/0x1370
[  707.134810][ T4201]  ? __lock_acquire+0x7d10/0x7d10
[  707.139882][ T4201]  ? hci_remote_host_features_evt+0x280/0x280
[  707.146070][ T4201]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  707.151738][ T4201]  ? mark_lock+0x94/0x320
[  707.156260][ T4201]  ? mutex_unlock+0x10/0x10
[  707.160854][ T4201]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  707.166885][ T4201]  ? lock_chain_count+0x20/0x20
[  707.171744][ T4201]  ? __rwlock_init+0x140/0x140
[  707.176537][ T4201]  hci_event_packet+0xe48/0x1370
[  707.181693][ T4201]  ? lockdep_hardirqs_on+0x94/0x140
[  707.186916][ T4201]  ? rcu_lock_release+0x20/0x20
[  707.192161][ T4201]  ? hci_send_to_monitor+0x9c/0x4a0
[  707.197381][ T4201]  hci_rx_work+0x255/0xa10
[  707.202055][ T4201]  process_one_work+0x85f/0x1010
[  707.207127][ T4201]  ? worker_detach_from_pool+0x240/0x240
[  707.213007][ T4201]  ? lockdep_hardirqs_off+0x70/0x100
[  707.218669][ T4201]  ? _raw_spin_lock_irq+0xb7/0xf0
[  707.223895][ T4201]  ? _raw_spin_lock_irqsave+0x100/0x100
[  707.229540][ T4201]  ? wq_worker_running+0x97/0x170
[  707.234693][ T4201]  worker_thread+0xaa6/0x1290
[  707.239515][ T4201]  kthread+0x436/0x520
[  707.243797][ T4201]  ? rcu_lock_release+0x20/0x20
[  707.248655][ T4201]  ? kthread_blkcg+0xd0/0xd0
[  707.253250][ T4201]  ret_from_fork+0x1f/0x30
[  707.257704][ T4201]  </TASK>
[  707.266940][ T4201] kobject_add_internal failed for hci4:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  707.280679][ T4201] Bluetooth: hci4: failed to register connection device
[  707.897218][T11393] capability: warning: `syz.2.2080' uses 32-bit capabilities (legacy support in use)
[  709.350984][T10323] Bluetooth: hci4: command 0x2016 tx timeout
[  709.494380][T11412] overlayfs: failed to clone upperpath
[  709.516531][T11412] overlayfs: failed to clone lowerpath
[  710.278707][T11423] netlink: 'syz.3.2090': attribute type 2 has an invalid length.
[  710.287388][T11423] netlink: 'syz.3.2090': attribute type 1 has an invalid length.
[  710.295595][T11423] netlink: 'syz.3.2090': attribute type 1 has an invalid length.
[  710.724994][T11425] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2092'.
[  712.494072][T11450] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2101'.
[  712.503762][T11450] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2101'.
[  713.113724][T11464] netlink: 'syz.2.2107': attribute type 2 has an invalid length.
[  713.122001][T11464] netlink: 'syz.2.2107': attribute type 1 has an invalid length.
[  713.131097][T11464] netlink: 'syz.2.2107': attribute type 1 has an invalid length.
[  714.926512][T11486] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2115'.
[  714.938237][T11486] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  714.947210][T11486] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  714.956104][T11486] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  714.964849][T11486] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  714.984492][T11486] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2115'.
[  716.512780][T11508] netlink: 'syz.2.2121': attribute type 2 has an invalid length.
[  716.521082][T11508] netlink: 'syz.2.2121': attribute type 1 has an invalid length.
[  716.528869][T11508] netlink: 'syz.2.2121': attribute type 1 has an invalid length.
[  716.837652][T11520] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2127'.
[  716.851844][T11520] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  716.860611][T11520] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  716.869431][T11520] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  716.878288][T11520] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  716.892556][T11524] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2127'.
[  717.142533][T11532] netlink: 92 bytes leftover after parsing attributes in process `syz.3.2132'.
[  717.171152][T11532] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  717.246627][T11539] device dummy0 entered promiscuous mode
[  717.268629][T11536] device dummy0 left promiscuous mode
[  717.661295][T11550] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2139'.
[  717.761415][T11553] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2136'.
[  718.639671][T11560] netlink: 'syz.2.2141': attribute type 2 has an invalid length.
[  718.647733][T11560] netlink: 'syz.2.2141': attribute type 1 has an invalid length.
[  718.655777][T11560] netlink: 'syz.2.2141': attribute type 1 has an invalid length.
[  718.712842][T11562] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2142'.
[  718.724694][T11562] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  718.733950][T11562] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  718.742805][T11562] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  718.751814][T11562] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  718.764818][T11562] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2142'.
[  719.028211][T11569] netlink: 92 bytes leftover after parsing attributes in process `syz.0.2145'.
[  720.829110][T11605] netlink: 92 bytes leftover after parsing attributes in process `syz.2.2157'.
[  720.912204][T11606] netlink: 'syz.5.2156': attribute type 2 has an invalid length.
[  720.920054][T11606] netlink: 'syz.5.2156': attribute type 1 has an invalid length.
[  720.928020][T11606] netlink: 'syz.5.2156': attribute type 1 has an invalid length.
[  721.081694][T11610] 8021q: adding VLAN 0 to HW filter on device bond3
[  721.133026][T11610] device macvlan2 entered promiscuous mode
[  721.243189][T11610] device bond3 entered promiscuous mode
[  721.267137][T11610] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  721.317301][T11610] device bond3 left promiscuous mode
[  721.406547][T11614] MPTCP: kernel_bind error, err=-98
[  721.408984][ T4201] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0'
[  721.426574][ T4201] CPU: 0 PID: 4201 Comm: kworker/u5:7 Not tainted syzkaller #0
[  721.434264][ T4201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  721.444434][ T4201] Workqueue: hci2 hci_rx_work
[  721.449146][ T4201] Call Trace:
[  721.452460][ T4201]  <TASK>
[  721.455416][ T4201]  dump_stack_lvl+0x188/0x250
[  721.460113][ T4201]  ? show_regs_print_info+0x20/0x20
[  721.465453][ T4201]  ? load_image+0x400/0x400
[  721.470107][ T4201]  sysfs_create_dir_ns+0x26a/0x290
[  721.475341][ T4201]  ? sysfs_warn_dup+0xa0/0xa0
[  721.480060][ T4201]  ? process_one_work+0x85f/0x1010
[  721.485299][ T4201]  ? do_raw_spin_unlock+0x11d/0x230
[  721.491087][ T4201]  kobject_add_internal+0x6e0/0xd90
[  721.496329][ T4201]  kobject_add+0x160/0x230
[  721.500867][ T4201]  ? kobject_init+0x1d0/0x1d0
[  721.505679][ T4201]  ? klist_children_get+0x50/0x50
[  721.510731][ T4201]  ? get_device_parent+0x121/0x3f0
[  721.515879][ T4201]  device_add+0x483/0xfb0
[  721.520242][ T4201]  hci_conn_add_sysfs+0xd1/0x1e0
[  721.525223][ T4201]  le_conn_complete_evt+0xc48/0x15c0
[  721.530791][ T4201]  ? cs_le_create_conn+0x5e0/0x5e0
[  721.535981][ T4201]  ? __mutex_trylock_common+0x155/0x260
[  721.541576][ T4201]  hci_le_meta_evt+0xd59/0x3c90
[  721.546468][ T4201]  ? hci_event_packet+0x37b/0x1370
[  721.551626][ T4201]  ? __lock_acquire+0x7d10/0x7d10
[  721.556698][ T4201]  ? hci_remote_host_features_evt+0x280/0x280
[  721.562802][ T4201]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  721.568468][ T4201]  ? mark_lock+0x94/0x320
[  721.572920][ T4201]  ? mutex_unlock+0x10/0x10
[  721.577626][ T4201]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  721.583936][ T4201]  ? lock_chain_count+0x20/0x20
[  721.588829][ T4201]  ? __rwlock_init+0x140/0x140
[  721.593656][ T4201]  hci_event_packet+0xe48/0x1370
[  721.598645][ T4201]  ? lockdep_hardirqs_on+0x94/0x140
[  721.603953][ T4201]  ? rcu_lock_release+0x20/0x20
[  721.608892][ T4201]  ? hci_send_to_monitor+0x9c/0x4a0
[  721.614213][ T4201]  hci_rx_work+0x255/0xa10
[  721.618671][ T4201]  process_one_work+0x85f/0x1010
[  721.623822][ T4201]  ? worker_detach_from_pool+0x240/0x240
[  721.629484][ T4201]  ? lockdep_hardirqs_off+0x70/0x100
[  721.634821][ T4201]  ? _raw_spin_lock_irq+0xb7/0xf0
[  721.640056][ T4201]  ? _raw_spin_lock_irqsave+0x100/0x100
[  721.645756][ T4201]  ? wq_worker_running+0x97/0x170
[  721.650811][ T4201]  worker_thread+0xaa6/0x1290
[  721.655536][ T4201]  kthread+0x436/0x520
[  721.659725][ T4201]  ? rcu_lock_release+0x20/0x20
[  721.664692][ T4201]  ? kthread_blkcg+0xd0/0xd0
[  721.669395][ T4201]  ret_from_fork+0x1f/0x30
[  721.673936][ T4201]  </TASK>
[  721.756118][ T4201] kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  721.769765][ T4201] Bluetooth: hci2: failed to register connection device
[  723.018110][T11640] netlink: 92 bytes leftover after parsing attributes in process `syz.0.2169'.
[  723.493787][T11644] autofs4:pid:11644:autofs_fill_super: called with bogus options
[  723.841636][T10323] Bluetooth: hci2: command 0x2016 tx timeout
[  723.906967][T11659] netlink: 'syz.3.2174': attribute type 2 has an invalid length.
[  723.914943][T11659] netlink: 'syz.3.2174': attribute type 1 has an invalid length.
[  723.922949][T11659] netlink: 'syz.3.2174': attribute type 1 has an invalid length.
[  724.192977][T11668] MPTCP: kernel_bind error, err=-98
[  724.195101][ T8677] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0'
[  724.211722][ T8677] CPU: 1 PID: 8677 Comm: kworker/u5:0 Not tainted syzkaller #0
[  724.219526][ T8677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  724.230200][ T8677] Workqueue: hci0 hci_rx_work
[  724.235089][ T8677] Call Trace:
[  724.238398][ T8677]  <TASK>
[  724.241432][ T8677]  dump_stack_lvl+0x188/0x250
[  724.246138][ T8677]  ? show_regs_print_info+0x20/0x20
[  724.251370][ T8677]  ? load_image+0x400/0x400
[  724.255905][ T8677]  sysfs_create_dir_ns+0x26a/0x290
[  724.261144][ T8677]  ? sysfs_warn_dup+0xa0/0xa0
[  724.265950][ T8677]  ? process_one_work+0x85f/0x1010
[  724.271082][ T8677]  ? do_raw_spin_unlock+0x11d/0x230
[  724.276412][ T8677]  kobject_add_internal+0x6e0/0xd90
[  724.281732][ T8677]  kobject_add+0x160/0x230
[  724.286185][ T8677]  ? kobject_init+0x1d0/0x1d0
[  724.290986][ T8677]  ? klist_children_get+0x50/0x50
[  724.296043][ T8677]  ? get_device_parent+0x121/0x3f0
[  724.301192][ T8677]  device_add+0x483/0xfb0
[  724.305666][ T8677]  hci_conn_add_sysfs+0xd1/0x1e0
[  724.310732][ T8677]  le_conn_complete_evt+0xc48/0x15c0
[  724.316048][ T8677]  ? cs_le_create_conn+0x5e0/0x5e0
[  724.321239][ T8677]  ? __mutex_trylock_common+0x155/0x260
[  724.326991][ T8677]  hci_le_meta_evt+0xd59/0x3c90
[  724.331882][ T8677]  ? hci_event_packet+0x37b/0x1370
[  724.337103][ T8677]  ? __lock_acquire+0x7d10/0x7d10
[  724.342159][ T8677]  ? hci_remote_host_features_evt+0x280/0x280
[  724.348424][ T8677]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  724.354193][ T8677]  ? mark_lock+0x94/0x320
[  724.358546][ T8677]  ? mutex_unlock+0x10/0x10
[  724.363078][ T8677]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  724.369094][ T8677]  ? lock_chain_count+0x20/0x20
[  724.374078][ T8677]  ? __rwlock_init+0x140/0x140
[  724.378883][ T8677]  hci_event_packet+0xe48/0x1370
[  724.383944][ T8677]  ? lockdep_hardirqs_on+0x94/0x140
[  724.389269][ T8677]  ? rcu_lock_release+0x20/0x20
[  724.394368][ T8677]  ? hci_send_to_monitor+0x9c/0x4a0
[  724.399695][ T8677]  hci_rx_work+0x255/0xa10
[  724.404255][ T8677]  process_one_work+0x85f/0x1010
[  724.409241][ T8677]  ? worker_detach_from_pool+0x240/0x240
[  724.415071][ T8677]  ? lockdep_hardirqs_off+0x70/0x100
[  724.420388][ T8677]  ? _raw_spin_lock_irq+0xb7/0xf0
[  724.425529][ T8677]  ? _raw_spin_lock_irqsave+0x100/0x100
[  724.431104][ T8677]  ? wq_worker_running+0x97/0x170
[  724.436256][ T8677]  worker_thread+0xaa6/0x1290
[  724.440984][ T8677]  ? lockdep_hardirqs_on+0x94/0x140
[  724.446356][ T8677]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  724.452280][ T8677]  kthread+0x436/0x520
[  724.456377][ T8677]  ? rcu_lock_release+0x20/0x20
[  724.461268][ T8677]  ? kthread_blkcg+0xd0/0xd0
[  724.465882][ T8677]  ret_from_fork+0x1f/0x30
[  724.470509][ T8677]  </TASK>
[  724.483653][ T8677] kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  724.497485][ T8677] Bluetooth: hci0: failed to register connection device
[  725.467542][T11684] netlink: 'syz.5.2186': attribute type 15 has an invalid length.
[  726.540813][ T4485] Bluetooth: hci0: command 0x2016 tx timeout
[  726.837286][T11700] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2191'.
[  726.917321][T11706] autofs4:pid:11706:autofs_fill_super: called with bogus options
[  735.914664][   T26] audit: type=1326 audit(1776199655.470:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11817 comm="syz.3.2231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f510badc819 code=0x7ffc0000
[  735.973998][   T26] audit: type=1326 audit(1776199655.500:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11817 comm="syz.3.2231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f510badc819 code=0x7ffc0000
[  736.157500][   T26] audit: type=1326 audit(1776199655.500:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11817 comm="syz.3.2231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f510badc819 code=0x7ffc0000
[  736.190449][   T26] audit: type=1326 audit(1776199655.510:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11817 comm="syz.3.2231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f510badc819 code=0x7ffc0000
[  736.252796][   T26] audit: type=1326 audit(1776199655.510:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11817 comm="syz.3.2231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f510badc819 code=0x7ffc0000
[  736.861420][   T26] audit: type=1326 audit(1776199655.510:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11817 comm="syz.3.2231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f510badc819 code=0x7ffc0000
[  736.927987][   T26] audit: type=1326 audit(1776199655.520:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11817 comm="syz.3.2231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f510badc819 code=0x7ffc0000
[  737.004185][T11835] xt_hashlimit: size too large, truncated to 1048576
[  737.017345][T11832] 8021q: adding VLAN 0 to HW filter on device bond4
[  737.026002][   T26] audit: type=1326 audit(1776199655.520:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11817 comm="syz.3.2231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f510badc819 code=0x7ffc0000
[  737.090977][T11838] device macvlan2 entered promiscuous mode
[  737.133373][T11838] bond4: (slave macvlan2): Opening slave failed
[  739.663110][T11865] overlayfs: failed to clone upperpath
[  742.197447][T11890] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  742.206881][T11890] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  742.216065][T11890] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  742.225689][T11890] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  742.245405][T11890] netdevsim netdevsim5 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  742.254631][T11890] netdevsim netdevsim5 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  742.264598][T11890] netdevsim netdevsim5 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  742.273862][T11890] netdevsim netdevsim5 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  742.311304][T11892] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  742.320301][T11892] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  742.329375][T11892] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  742.338179][T11892] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  742.602541][T11892] netdevsim netdevsim5 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  742.612318][T11892] netdevsim netdevsim5 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  742.622237][T11892] netdevsim netdevsim5 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  742.632223][T11892] netdevsim netdevsim5 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  742.713014][T11895] MPTCP: kernel_bind error, err=-98
[  742.716832][ T4201] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0'
[  742.732102][ T4201] CPU: 1 PID: 4201 Comm: kworker/u5:7 Not tainted syzkaller #0
[  742.741026][ T4201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  742.751629][ T4201] Workqueue: hci2 hci_rx_work
[  742.756490][ T4201] Call Trace:
[  742.759781][ T4201]  <TASK>
[  742.762966][ T4201]  dump_stack_lvl+0x188/0x250
[  742.767646][ T4201]  ? show_regs_print_info+0x20/0x20
[  742.772947][ T4201]  ? load_image+0x400/0x400
[  742.777865][ T4201]  sysfs_create_dir_ns+0x26a/0x290
[  742.783107][ T4201]  ? sysfs_warn_dup+0xa0/0xa0
[  742.787782][ T4201]  ? process_one_work+0x85f/0x1010
[  742.793087][ T4201]  ? do_raw_spin_unlock+0x11d/0x230
[  742.798285][ T4201]  kobject_add_internal+0x6e0/0xd90
[  742.803567][ T4201]  kobject_add+0x160/0x230
[  742.808336][ T4201]  ? kobject_init+0x1d0/0x1d0
[  742.813110][ T4201]  ? klist_children_get+0x50/0x50
[  742.818241][ T4201]  ? get_device_parent+0x121/0x3f0
[  742.823365][ T4201]  device_add+0x483/0xfb0
[  742.827709][ T4201]  hci_conn_add_sysfs+0xd1/0x1e0
[  742.832654][ T4201]  le_conn_complete_evt+0xc48/0x15c0
[  742.837980][ T4201]  ? cs_le_create_conn+0x5e0/0x5e0
[  742.843214][ T4201]  ? __mutex_trylock_common+0x155/0x260
[  742.848792][ T4201]  hci_le_meta_evt+0xd59/0x3c90
[  742.853648][ T4201]  ? hci_event_packet+0x37b/0x1370
[  742.859166][ T4201]  ? __lock_acquire+0x7d10/0x7d10
[  742.864206][ T4201]  ? hci_remote_host_features_evt+0x280/0x280
[  742.870375][ T4201]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  742.876021][ T4201]  ? mark_lock+0x94/0x320
[  742.880386][ T4201]  ? mutex_unlock+0x10/0x10
[  742.884877][ T4201]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  742.890857][ T4201]  ? lock_chain_count+0x20/0x20
[  742.895811][ T4201]  ? __rwlock_init+0x140/0x140
[  742.900871][ T4201]  hci_event_packet+0xe48/0x1370
[  742.905895][ T4201]  ? lockdep_hardirqs_on+0x94/0x140
[  742.911212][ T4201]  ? rcu_lock_release+0x20/0x20
[  742.916170][ T4201]  ? hci_send_to_monitor+0x9c/0x4a0
[  742.921373][ T4201]  hci_rx_work+0x255/0xa10
[  742.925841][ T4201]  process_one_work+0x85f/0x1010
[  742.930924][ T4201]  ? worker_detach_from_pool+0x240/0x240
[  742.936559][ T4201]  ? lockdep_hardirqs_off+0x70/0x100
[  742.941952][ T4201]  ? _raw_spin_lock_irq+0xb7/0xf0
[  742.946994][ T4201]  ? _raw_spin_lock_irqsave+0x100/0x100
[  742.952627][ T4201]  ? wq_worker_running+0x97/0x170
[  742.957784][ T4201]  worker_thread+0xaa6/0x1290
[  742.962580][ T4201]  kthread+0x436/0x520
[  742.966663][ T4201]  ? rcu_lock_release+0x20/0x20
[  742.971599][ T4201]  ? kthread_blkcg+0xd0/0xd0
[  742.976377][ T4201]  ret_from_fork+0x1f/0x30
[  742.981047][ T4201]  </TASK>
[  742.986798][ T4201] kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  743.000824][ T4201] Bluetooth: hci2: failed to register connection device
[  743.196263][T11900] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  743.242481][T11900] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  743.292841][T11900] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  743.302760][T11900] device bridge_slave_0 left promiscuous mode
[  743.313448][T11900] bridge0: port 1(bridge_slave_0) entered disabled state
[  743.346239][T11900] device bridge_slave_1 left promiscuous mode
[  743.402527][T11900] bridge0: port 2(bridge_slave_1) entered disabled state
[  743.523261][T11900] bond0: (slave bond_slave_0): Releasing backup interface
[  743.566724][T11900] bond0: (slave bond_slave_1): Releasing backup interface
[  743.747531][T11900] team0: Port device team_slave_0 removed
[  743.796968][T11900] team0: Port device team_slave_1 removed
[  743.807653][T11900] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  743.816014][T11900] batman_adv: batadv0: Removing interface: batadv_slave_0
[  743.900142][T11900] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  743.971994][T11900] batman_adv: batadv0: Removing interface: batadv_slave_1
[  744.007312][T11900] device veth0_to_hsr left promiscuous mode
[  744.033392][T11900] bridge0: port 3(veth0_to_hsr) entered disabled state
[  744.269246][T11914] netlink: 92 bytes leftover after parsing attributes in process `syz.4.2259'.
[  744.467434][T11916] netlink: 'syz.5.2260': attribute type 2 has an invalid length.
[  744.476054][T11916] netlink: 'syz.5.2260': attribute type 1 has an invalid length.
[  744.484431][T11916] netlink: 'syz.5.2260': attribute type 1 has an invalid length.
[  744.791996][T11926] 
[  744.794967][T11926] ======================================================
[  744.802157][T11926] WARNING: possible circular locking dependency detected
[  744.809320][T11926] syzkaller #0 Not tainted
[  744.813860][T11926] ------------------------------------------------------
[  744.821154][T11926] syz.3.2263/11926 is trying to acquire lock:
[  744.827308][T11926] ffff88802a95a5e0 (sk_lock-AF_INET6){+.+.}-{0:0}, at: inet_sk_diag_fill+0xf5e/0x1ca0
[  744.837116][T11926] 
[  744.837116][T11926] but task is already holding lock:
[  744.844718][T11926] ffffc90001859cf0 (&h->lhash2[i].lock){+.+.}-{2:2}, at: mptcp_diag_dump+0x917/0x12b0
[  744.854534][T11926] 
[  744.854534][T11926] which lock already depends on the new lock.
[  744.854534][T11926] 
[  744.865463][T11926] 
[  744.865463][T11926] the existing dependency chain (in reverse order) is:
[  744.874522][T11926] 
[  744.874522][T11926] -> #1 (&h->lhash2[i].lock){+.+.}-{2:2}:
[  744.882543][T11926]        _raw_spin_lock+0x2a/0x40
[  744.887605][T11926]        __inet_hash+0xe3/0x960
[  744.892471][T11926]        inet_csk_listen_start+0x22f/0x320
[  744.898568][T11926]        inet_listen+0x2e1/0x590
[  744.903831][T11926]        __sys_listen+0x19d/0x220
[  744.908892][T11926]        __x64_sys_listen+0x56/0x60
[  744.914204][T11926]        do_syscall_64+0x4c/0xa0
[  744.919339][T11926]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  744.926046][T11926] 
[  744.926046][T11926] -> #0 (sk_lock-AF_INET6){+.+.}-{0:0}:
[  744.934540][T11926]        __lock_acquire+0x2c42/0x7d10
[  744.940136][T11926]        lock_acquire+0x19e/0x400
[  744.945619][T11926]        mptcp_diag_get_info+0x1f2/0x9e0
[  744.951632][T11926]        inet_sk_diag_fill+0xf5e/0x1ca0
[  744.957346][T11926]        mptcp_diag_dump+0xce6/0x12b0
[  744.962834][T11926]        __inet_diag_dump+0x1f6/0x380
[  744.968649][T11926]        netlink_dump+0x694/0xcf0
[  744.973702][T11926]        __netlink_dump_start+0x523/0x700
[  744.979615][T11926]        inet_diag_handler_cmd+0x1d3/0x2b0
[  744.985766][T11926]        sock_diag_rcv_msg+0x164/0x3e0
[  744.991270][T11926]        netlink_rcv_skb+0x1f5/0x440
[  744.996744][T11926]        sock_diag_rcv+0x26/0x40
[  745.001982][T11926]        netlink_unicast+0x774/0x920
[  745.007645][T11926]        netlink_sendmsg+0x8ba/0xbe0
[  745.013050][T11926]        sock_write_iter+0x2a6/0x3a0
[  745.018362][T11926]        do_iter_readv_writev+0x47e/0x5f0
[  745.024133][T11926]        do_iter_write+0x205/0x7b0
[  745.029476][T11926]        do_writev+0x281/0x480
[  745.034478][T11926]        do_syscall_64+0x4c/0xa0
[  745.039458][T11926]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  745.045909][T11926] 
[  745.045909][T11926] other info that might help us debug this:
[  745.045909][T11926] 
[  745.052160][ T4386] Bluetooth: hci2: command 0x2016 tx timeout
[  745.056430][T11926]  Possible unsafe locking scenario:
[  745.056430][T11926] 
[  745.056439][T11926]        CPU0                    CPU1
[  745.076070][T11926]        ----                    ----
[  745.081755][T11926]   lock(&h->lhash2[i].lock);
[  745.086637][T11926]                                lock(sk_lock-AF_INET6);
[  745.093884][T11926]                                lock(&h->lhash2[i].lock);
[  745.101671][T11926]   lock(sk_lock-AF_INET6);
[  745.106897][T11926] 
[  745.106897][T11926]  *** DEADLOCK ***
[  745.106897][T11926] 
[  745.115238][T11926] 6 locks held by syz.3.2263/11926:
[  745.120687][T11926]  #0: ffffffff8d4466e8 (sock_diag_mutex){+.+.}-{3:3}, at: sock_diag_rcv+0x17/0x40
[  745.130640][T11926]  #1: ffffffff8d4465a8 (sock_diag_table_mutex){+.+.}-{3:3}, at: sock_diag_rcv_msg+0x217/0x3e0
[  745.141219][T11926]  #2: ffff88801ffb5698 (nlk_cb_mutex-SOCK_DIAG){+.+.}-{3:3}, at: __netlink_dump_start+0x11f/0x700
[  745.152080][T11926]  #3: ffffffff8d520588 (inet_diag_table_mutex){+.+.}-{3:3}, at: __inet_diag_dump+0x181/0x380
[  745.162651][T11926]  #4: ffffffff8c31eaa0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30
[  745.172346][T11926]  #5: ffffc90001859cf0 (&h->lhash2[i].lock){+.+.}-{2:2}, at: mptcp_diag_dump+0x917/0x12b0
[  745.182920][T11926] 
[  745.182920][T11926] stack backtrace:
[  745.189312][T11926] CPU: 0 PID: 11926 Comm: syz.3.2263 Not tainted syzkaller #0
[  745.196883][T11926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  745.207359][T11926] Call Trace:
[  745.210649][T11926]  <TASK>
[  745.213590][T11926]  dump_stack_lvl+0x188/0x250
[  745.218390][T11926]  ? load_image+0x400/0x400
[  745.223009][T11926]  ? show_regs_print_info+0x20/0x20
[  745.228355][T11926]  ? print_circular_bug+0x12b/0x1a0
[  745.233873][T11926]  check_noncircular+0x296/0x330
[  745.238941][T11926]  ? add_chain_block+0x940/0x940
[  745.243982][T11926]  ? lockdep_lock+0xf1/0x1f0
[  745.248597][T11926]  ? mark_lock+0x94/0x320
[  745.253039][T11926]  __lock_acquire+0x2c42/0x7d10
[  745.258365][T11926]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  745.264518][T11926]  ? verify_lock_unused+0x140/0x140
[  745.269765][T11926]  ? lockdep_hardirqs_on_prepare+0x770/0x770
[  745.275788][T11926]  ? verify_lock_unused+0x140/0x140
[  745.281007][T11926]  ? __local_bh_enable_ip+0xd7/0x1c0
[  745.286321][T11926]  ? __local_bh_enable_ip+0x136/0x1c0
[  745.291977][T11926]  ? lockdep_hardirqs_on+0x94/0x140
[  745.297278][T11926]  ? __local_bh_enable_ip+0x136/0x1c0
[  745.303122][T11926]  ? _local_bh_enable+0xa0/0xa0
[  745.308179][T11926]  ? nla_put+0x130/0x1e0
[  745.312580][T11926]  lock_acquire+0x19e/0x400
[  745.317481][T11926]  ? inet_sk_diag_fill+0xf5e/0x1ca0
[  745.322943][T11926]  ? read_lock_is_recursive+0x10/0x10
[  745.328671][T11926]  ? rcu_lock_release+0x5/0x20
[  745.333553][T11926]  ? __lock_acquire+0x7d10/0x7d10
[  745.339064][T11926]  ? inet_sk_diag_fill+0xf5e/0x1ca0
[  745.344293][T11926]  mptcp_diag_get_info+0x1f2/0x9e0
[  745.349432][T11926]  ? inet_sk_diag_fill+0xf5e/0x1ca0
[  745.355200][T11926]  inet_sk_diag_fill+0xf5e/0x1ca0
[  745.360453][T11926]  ? inet_diag_msg_attrs_fill+0x930/0x930
[  745.366274][T11926]  ? do_raw_spin_lock+0x128/0x2f0
[  745.371338][T11926]  ? __rwlock_init+0x140/0x140
[  745.376254][T11926]  ? inet_diag_bc_sk+0x18b/0x1120
[  745.381387][T11926]  mptcp_diag_dump+0xce6/0x12b0
[  745.386669][T11926]  ? mptcp_token_join_cookie_init_state+0x460/0x460
[  745.393647][T11926]  __inet_diag_dump+0x1f6/0x380
[  745.398634][T11926]  netlink_dump+0x694/0xcf0
[  745.403634][T11926]  ? netlink_lookup+0x1d0/0x1d0
[  745.408779][T11926]  ? __inet_diag_dump_start+0x805/0x970
[  745.414442][T11926]  __netlink_dump_start+0x523/0x700
[  745.419742][T11926]  inet_diag_handler_cmd+0x1d3/0x2b0
[  745.425040][T11926]  ? rcu_lock_release+0x20/0x20
[  745.429994][T11926]  ? inet_diag_handler_get_info+0xb90/0xb90
[  745.436210][T11926]  ? inet_diag_dump_start+0x20/0x20
[  745.441529][T11926]  ? inet_diag_dump+0x50/0x50
[  745.446245][T11926]  ? rcu_lock_release+0x20/0x20
[  745.451387][T11926]  sock_diag_rcv_msg+0x164/0x3e0
[  745.456570][T11926]  netlink_rcv_skb+0x1f5/0x440
[  745.461352][T11926]  ? sock_diag_bind+0xa0/0xa0
[  745.466090][T11926]  ? netlink_ack+0xb50/0xb50
[  745.471139][T11926]  ? __lock_acquire+0x7d10/0x7d10
[  745.476285][T11926]  sock_diag_rcv+0x26/0x40
[  745.480726][T11926]  netlink_unicast+0x774/0x920
[  745.485506][T11926]  netlink_sendmsg+0x8ba/0xbe0
[  745.490983][T11926]  ? netlink_getsockopt+0x570/0x570
[  745.496938][T11926]  ? aa_sock_msg_perm+0x94/0x150
[  745.502244][T11926]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  745.507926][T11926]  ? security_socket_sendmsg+0x7c/0xa0
[  745.513687][T11926]  sock_write_iter+0x2a6/0x3a0
[  745.518740][T11926]  ? sock_read_iter+0x380/0x380
[  745.523658][T11926]  do_iter_readv_writev+0x47e/0x5f0
[  745.529230][T11926]  ? aa_path_link+0x880/0x880
[  745.534232][T11926]  ? generic_file_rw_checks+0x280/0x280
[  745.539941][T11926]  ? common_file_perm+0x171/0x1c0
[  745.545276][T11926]  ? fsnotify_perm+0x5d/0x560
[  745.550334][T11926]  ? security_file_permission+0x75/0xa0
[  745.556705][T11926]  do_iter_write+0x205/0x7b0
[  745.561432][T11926]  ? import_iovec+0x6f/0xa0
[  745.566021][T11926]  do_writev+0x281/0x480
[  745.570280][T11926]  ? do_readv+0x460/0x460
[  745.574621][T11926]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  745.580608][T11926]  ? lock_chain_count+0x20/0x20
[  745.585853][T11926]  ? vtime_user_exit+0x2c8/0x3e0
[  745.590826][T11926]  ? lockdep_hardirqs_on+0x94/0x140
[  745.596046][T11926]  do_syscall_64+0x4c/0xa0
[  745.600465][T11926]  ? clear_bhb_loop+0x30/0x80
[  745.605324][T11926]  ? clear_bhb_loop+0x30/0x80
[  745.610156][T11926]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  745.616486][T11926] RIP: 0033:0x7f510badc819
[  745.620920][T11926] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  745.640718][T11926] RSP: 002b:00007f5109d36028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  745.649278][T11926] RAX: ffffffffffffffda RBX: 00007f510bd55fa0 RCX: 00007f510badc819
[  745.657463][T11926] RDX: 0000000000000001 RSI: 0000200000000280 RDI: 0000000000000005
[  745.665624][T11926] RBP: 00007f510bb72c91 R08: 0000000000000000 R09: 0000000000000000
[  745.673884][T11926] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  745.682131][T11926] R13: 00007f510bd56038 R14: 00007f510bd55fa0 R15: 00007ffca057ac78
[  745.690133][T11926]  </TASK>
[  745.694124][T11926] BUG: sleeping function called from invalid context at net/core/sock.c:3291
[  745.703288][T11926] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 11926, name: syz.3.2263
[  745.712833][T11926] INFO: lockdep is turned off.
[  745.717701][T11926] Preemption disabled at:
[  745.717713][T11926] [<0000000000000000>] 0x0
[  745.726632][T11926] CPU: 0 PID: 11926 Comm: syz.3.2263 Not tainted syzkaller #0
[  745.734192][T11926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  745.744475][T11926] Call Trace:
[  745.747764][T11926]  <TASK>
[  745.750691][T11926]  dump_stack_lvl+0x188/0x250
[  745.755382][T11926]  ? show_regs_print_info+0x20/0x20
[  745.760773][T11926]  ? load_image+0x400/0x400
[  745.765290][T11926]  ___might_sleep+0x493/0x610
[  745.770155][T11926]  ? __might_sleep+0xf0/0xf0
[  745.774956][T11926]  ? read_lock_is_recursive+0x10/0x10
[  745.780548][T11926]  ? rcu_lock_release+0x5/0x20
[  745.785351][T11926]  __lock_sock_fast+0x2f/0xe0
[  745.790375][T11926]  ? inet_sk_diag_fill+0xf5e/0x1ca0
[  745.795893][T11926]  mptcp_diag_get_info+0x1fe/0x9e0
[  745.801669][T11926]  inet_sk_diag_fill+0xf5e/0x1ca0
[  745.806870][T11926]  ? inet_diag_msg_attrs_fill+0x930/0x930
[  745.812701][T11926]  ? do_raw_spin_lock+0x128/0x2f0
[  745.817844][T11926]  ? __rwlock_init+0x140/0x140
[  745.822757][T11926]  ? inet_diag_bc_sk+0x18b/0x1120
[  745.828277][T11926]  mptcp_diag_dump+0xce6/0x12b0
[  745.833147][T11926]  ? mptcp_token_join_cookie_init_state+0x460/0x460
[  745.839752][T11926]  __inet_diag_dump+0x1f6/0x380
[  745.844647][T11926]  netlink_dump+0x694/0xcf0
[  745.849166][T11926]  ? netlink_lookup+0x1d0/0x1d0
[  745.854303][T11926]  ? __inet_diag_dump_start+0x805/0x970
[  745.860010][T11926]  __netlink_dump_start+0x523/0x700
[  745.865243][T11926]  inet_diag_handler_cmd+0x1d3/0x2b0
[  745.870559][T11926]  ? rcu_lock_release+0x20/0x20
[  745.875506][T11926]  ? inet_diag_handler_get_info+0xb90/0xb90
[  745.881441][T11926]  ? inet_diag_dump_start+0x20/0x20
[  745.886658][T11926]  ? inet_diag_dump+0x50/0x50
[  745.891358][T11926]  ? rcu_lock_release+0x20/0x20
[  745.896236][T11926]  sock_diag_rcv_msg+0x164/0x3e0
[  745.901198][T11926]  netlink_rcv_skb+0x1f5/0x440
[  745.905980][T11926]  ? sock_diag_bind+0xa0/0xa0
[  745.910684][T11926]  ? netlink_ack+0xb50/0xb50
[  745.915368][T11926]  ? __lock_acquire+0x7d10/0x7d10
[  745.920426][T11926]  sock_diag_rcv+0x26/0x40
[  745.924941][T11926]  netlink_unicast+0x774/0x920
[  745.929814][T11926]  netlink_sendmsg+0x8ba/0xbe0
[  745.934784][T11926]  ? netlink_getsockopt+0x570/0x570
[  745.940096][T11926]  ? aa_sock_msg_perm+0x94/0x150
[  745.945073][T11926]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  745.950573][T11926]  ? security_socket_sendmsg+0x7c/0xa0
[  745.956171][T11926]  sock_write_iter+0x2a6/0x3a0
[  745.960973][T11926]  ? sock_read_iter+0x380/0x380
[  745.965878][T11926]  do_iter_readv_writev+0x47e/0x5f0
[  745.971270][T11926]  ? aa_path_link+0x880/0x880
[  745.975974][T11926]  ? generic_file_rw_checks+0x280/0x280
[  745.982026][T11926]  ? common_file_perm+0x171/0x1c0
[  745.987084][T11926]  ? fsnotify_perm+0x5d/0x560
[  745.991882][T11926]  ? security_file_permission+0x75/0xa0
[  745.997460][T11926]  do_iter_write+0x205/0x7b0
[  746.002080][T11926]  ? import_iovec+0x6f/0xa0
[  746.006702][T11926]  do_writev+0x281/0x480
[  746.011078][T11926]  ? do_readv+0x460/0x460
[  746.015446][T11926]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  746.021523][T11926]  ? lock_chain_count+0x20/0x20
[  746.026379][T11926]  ? vtime_user_exit+0x2c8/0x3e0
[  746.031320][T11926]  ? lockdep_hardirqs_on+0x94/0x140
[  746.036773][T11926]  do_syscall_64+0x4c/0xa0
[  746.041190][T11926]  ? clear_bhb_loop+0x30/0x80
[  746.045859][T11926]  ? clear_bhb_loop+0x30/0x80
[  746.050811][T11926]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  746.056794][T11926] RIP: 0033:0x7f510badc819
[  746.061193][T11926] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  746.080987][T11926] RSP: 002b:00007f5109d36028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  746.089924][T11926] RAX: ffffffffffffffda RBX: 00007f510bd55fa0 RCX: 00007f510badc819
[  746.098164][T11926] RDX: 0000000000000001 RSI: 0000200000000280 RDI: 0000000000000005
[  746.106200][T11926] RBP: 00007f510bb72c91 R08: 0000000000000000 R09: 0000000000000000
[  746.114171][T11926] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  746.122231][T11926] R13: 00007f510bd56038 R14: 00007f510bd55fa0 R15: 00007ffca057ac78
[  746.130651][T11926]  </TASK>
[  746.133787][T11926] BUG: scheduling while atomic: syz.3.2263/11926/0x00000002
[  746.141091][T11926] INFO: lockdep is turned off.
[  746.145957][T11926] Modules linked in:
[  746.149832][T11926] Preemption disabled at:
[  746.149839][T11926] [<0000000000000000>] 0x0
[  746.158588][T11926] Kernel panic - not syncing: scheduling while atomic: panic_on_warn set ...
[  746.167414][T11926] CPU: 0 PID: 11926 Comm: syz.3.2263 Tainted: G        W         syzkaller #0
[  746.176401][T11926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  746.186460][T11926] Call Trace:
[  746.189816][T11926]  <TASK>
[  746.192869][T11926]  dump_stack_lvl+0x188/0x250
[  746.197560][T11926]  ? show_regs_print_info+0x20/0x20
[  746.203063][T11926]  ? load_image+0x400/0x400
[  746.207706][T11926]  panic+0x2e5/0x810
[  746.211735][T11926]  ? bpf_jit_dump+0xd0/0xd0
[  746.216757][T11926]  ? vprintk_emit+0xf9/0x150
[  746.221362][T11926]  ? _printk+0xda/0x130
[  746.225518][T11926]  check_panic_on_warn+0x80/0xa0
[  746.230556][T11926]  __schedule_bug+0x193/0x1f0
[  746.235246][T11926]  ? raw_spin_rq_unlock_irq+0x90/0x90
[  746.240900][T11926]  ? 0xffffffffa0032000
[  746.245240][T11926]  __schedule+0x1324/0x43c0
[  746.249729][T11926]  ? trace_hardirqs_off_finish+0xca/0x1f0
[  746.255536][T11926]  ? prepare_to_wait_exclusive+0xc5/0x220
[  746.261374][T11926]  ? do_raw_spin_lock+0x128/0x2f0
[  746.266411][T11926]  ? __kthread_should_park+0xa2/0xe0
[  746.271701][T11926]  ? lock_chain_count+0x20/0x20
[  746.276655][T11926]  ? lock_release+0xb5/0x8a0
[  746.281367][T11926]  ? lockdep_hardirqs_on_prepare+0x770/0x770
[  746.287379][T11926]  ? __lock_sock+0x159/0x2b0
[  746.291979][T11926]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  746.297865][T11926]  ? release_firmware_map_entry+0x190/0x190
[  746.303842][T11926]  ? __lock_sock+0x159/0x2b0
[  746.308730][T11926]  ? __local_bh_enable_ip+0x136/0x1c0
[  746.314191][T11926]  ? _local_bh_enable+0xa0/0xa0
[  746.319172][T11926]  schedule+0x11b/0x1e0
[  746.323677][T11926]  __lock_sock+0x15e/0x2b0
[  746.328121][T11926]  ? sk_page_frag_refill+0x200/0x200
[  746.333660][T11926]  ? do_raw_spin_lock+0x128/0x2f0
[  746.338781][T11926]  ? init_wait_entry+0xd0/0xd0
[  746.343562][T11926]  ? __rwlock_init+0x140/0x140
[  746.348472][T11926]  ? rcu_lock_release+0x5/0x20
[  746.353257][T11926]  ? __lock_sock_fast+0x43/0xe0
[  746.358573][T11926]  __lock_sock_fast+0x78/0xe0
[  746.363332][T11926]  ? inet_sk_diag_fill+0xf5e/0x1ca0
[  746.368863][T11926]  mptcp_diag_get_info+0x1fe/0x9e0
[  746.374275][T11926]  inet_sk_diag_fill+0xf5e/0x1ca0
[  746.379759][T11926]  ? inet_diag_msg_attrs_fill+0x930/0x930
[  746.385576][T11926]  ? do_raw_spin_lock+0x128/0x2f0
[  746.390592][T11926]  ? __rwlock_init+0x140/0x140
[  746.395343][T11926]  ? inet_diag_bc_sk+0x18b/0x1120
[  746.400357][T11926]  mptcp_diag_dump+0xce6/0x12b0
[  746.405260][T11926]  ? mptcp_token_join_cookie_init_state+0x460/0x460
[  746.411925][T11926]  __inet_diag_dump+0x1f6/0x380
[  746.416811][T11926]  netlink_dump+0x694/0xcf0
[  746.421488][T11926]  ? netlink_lookup+0x1d0/0x1d0
[  746.426769][T11926]  ? __inet_diag_dump_start+0x805/0x970
[  746.432984][T11926]  __netlink_dump_start+0x523/0x700
[  746.438474][T11926]  inet_diag_handler_cmd+0x1d3/0x2b0
[  746.443782][T11926]  ? rcu_lock_release+0x20/0x20
[  746.448638][T11926]  ? inet_diag_handler_get_info+0xb90/0xb90
[  746.454698][T11926]  ? inet_diag_dump_start+0x20/0x20
[  746.459967][T11926]  ? inet_diag_dump+0x50/0x50
[  746.464725][T11926]  ? rcu_lock_release+0x20/0x20
[  746.469592][T11926]  sock_diag_rcv_msg+0x164/0x3e0
[  746.474635][T11926]  netlink_rcv_skb+0x1f5/0x440
[  746.479900][T11926]  ? sock_diag_bind+0xa0/0xa0
[  746.484713][T11926]  ? netlink_ack+0xb50/0xb50
[  746.489436][T11926]  ? __lock_acquire+0x7d10/0x7d10
[  746.494667][T11926]  sock_diag_rcv+0x26/0x40
[  746.499101][T11926]  netlink_unicast+0x774/0x920
[  746.504042][T11926]  netlink_sendmsg+0x8ba/0xbe0
[  746.508918][T11926]  ? netlink_getsockopt+0x570/0x570
[  746.514104][T11926]  ? aa_sock_msg_perm+0x94/0x150
[  746.519025][T11926]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  746.524293][T11926]  ? security_socket_sendmsg+0x7c/0xa0
[  746.529730][T11926]  sock_write_iter+0x2a6/0x3a0
[  746.534551][T11926]  ? sock_read_iter+0x380/0x380
[  746.539386][T11926]  do_iter_readv_writev+0x47e/0x5f0
[  746.544657][T11926]  ? aa_path_link+0x880/0x880
[  746.549412][T11926]  ? generic_file_rw_checks+0x280/0x280
[  746.555030][T11926]  ? common_file_perm+0x171/0x1c0
[  746.560056][T11926]  ? fsnotify_perm+0x5d/0x560
[  746.564722][T11926]  ? security_file_permission+0x75/0xa0
[  746.570429][T11926]  do_iter_write+0x205/0x7b0
[  746.575006][T11926]  ? import_iovec+0x6f/0xa0
[  746.579782][T11926]  do_writev+0x281/0x480
[  746.584263][T11926]  ? do_readv+0x460/0x460
[  746.589043][T11926]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  746.595377][T11926]  ? lock_chain_count+0x20/0x20
[  746.600360][T11926]  ? vtime_user_exit+0x2c8/0x3e0
[  746.605766][T11926]  ? lockdep_hardirqs_on+0x94/0x140
[  746.610970][T11926]  do_syscall_64+0x4c/0xa0
[  746.615540][T11926]  ? clear_bhb_loop+0x30/0x80
[  746.620615][T11926]  ? clear_bhb_loop+0x30/0x80
[  746.625330][T11926]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  746.631397][T11926] RIP: 0033:0x7f510badc819
[  746.635843][T11926] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  746.655758][T11926] RSP: 002b:00007f5109d36028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  746.664420][T11926] RAX: ffffffffffffffda RBX: 00007f510bd55fa0 RCX: 00007f510badc819
[  746.673028][T11926] RDX: 0000000000000001 RSI: 0000200000000280 RDI: 0000000000000005
[  746.681176][T11926] RBP: 00007f510bb72c91 R08: 0000000000000000 R09: 0000000000000000
[  746.689413][T11926] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  746.697398][T11926] R13: 00007f510bd56038 R14: 00007f510bd55fa0 R15: 00007ffca057ac78
[  746.705474][T11926]  </TASK>
[  746.708936][T11926] Kernel Offset: disabled
[  746.713278][T11926] Rebooting in 86400 seconds..