last executing test programs:

31.972953862s ago: executing program 4 (id=94):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0x10, &(0x7f0000000240)=ANY=[@ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500a51cec5e2d137c85000005000000bf91000000000000b702e300000000008500000084000000b70000000001000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x5384b9927ce1a186, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000100)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16, @ANYBLOB="0200ffffffff00000000370000000e0001006e657464657673698b000000030002006e657464657673696d300000080073"], 0x64}, 0x1, 0x0, 0x0, 0x8000}, 0x40000000)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

29.093080607s ago: executing program 4 (id=97):
socket$packet(0x11, 0x2, 0x300)
creat(0x0, 0x11c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x700}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18)
socket$tipc(0x1e, 0x2, 0x0)
socket$tipc(0x1e, 0x2, 0x0)
clock_getres(0x3, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
read$FUSE(r4, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
geteuid()

23.571279222s ago: executing program 1 (id=105):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x8031, 0xffffffffffffffff, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x18c)
openat(0xffffffffffffff9c, 0x0, 0x351142, 0x1cd)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x19})
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000b22000/0x2000)=nil, 0x2000, 0x19)
sendto$inet6(0xffffffffffffffff, &(0x7f0000847fff), 0x0, 0x0, 0x0, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000010000/0x1000)=nil, 0x1000}, 0x5})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
close(r0)

20.23145076s ago: executing program 4 (id=110):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
getpid()
mmap(&(0x7f00003d6000/0x4000)=nil, 0x4000, 0xb635773f05ebbee9, 0x100010, 0xffffffffffffffff, 0x963ac000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000004c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mremap(&(0x7f00009d1000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f00002a0000/0x4000)=nil)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x0)
shmctl$SHM_STAT(0x0, 0xd, 0x0)
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="040e0c003920"], 0xf)
r5 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_RTOINFO(r5, 0x84, 0x0, &(0x7f0000000800)={0x0, 0x3, 0x2, 0x8}, 0x10)

18.692815009s ago: executing program 3 (id=113):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
sendmmsg(r3, &(0x7f0000002940)=[{{0x0, 0x4a, &(0x7f0000000100)=[{&(0x7f00000001c0)}], 0x1}}], 0x1, 0x0)
ioctl$FS_IOC_GETFSLABEL(r3, 0x800452d2, &(0x7f0000000100))
r4 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.numa_stat\x00', 0x26e1, 0x0)
r6 = socket$kcm(0x10, 0x7, 0x0)
sendmsg$kcm(r6, 0x0, 0x0)
close(0xffffffffffffffff)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0)

17.295982759s ago: executing program 3 (id=115):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0xffffff}, 0x10)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x21, 0x0, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
unlink(&(0x7f0000000140)='./file0\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0)
fcntl$setstatus(r4, 0x4, 0x42000)
dup3(0xffffffffffffffff, r4, 0x0)
sendmsg$NFNL_MSG_CTHELPER_GET(0xffffffffffffffff, 0x0, 0xc010)
connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e24, 0x4, @loopback}, 0x1c)
bind$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x10, 0x0, 0x0, 0xfffffffffffffffd}, 0xc)
write(r0, &(0x7f0000000000)="240000001a005f0214f9f407000904001f0000000000000a000000000800040001000000", 0x24)

17.172589425s ago: executing program 4 (id=116):
openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x2042, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @dynset={{0xb}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_DYNSET_FLAGS={0x8, 0x9, 0x1, 0x0, 0x3}]}}}]}]}], {0x14}}, 0x74}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mount$overlay(0x0, 0x0, 0x0, 0x0, 0x0)

16.996880219s ago: executing program 1 (id=118):
signalfd(0xffffffffffffffff, &(0x7f0000000080)={[0x9]}, 0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
getsockopt$inet6_mreq(r1, 0x29, 0x6, 0x0, &(0x7f0000000780))
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x0, 0x10001, 0x8})
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000080)='./file1\x00')
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@newlink={0x5c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x40294}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GENEVE_REMOTE6={0x14, 0x7, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}}}, @IFLA_IFNAME={0x14, 0x3, 'geneve1\x00'}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4090}, 0x22000010)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000002c0)={0x24, &(0x7f0000000380)={0x40, 0x22, 0x8e, {0x8e, 0x9, "425fb6a1c40991e5f660e9e891aa45b9e31d4c261f758304e745b1be466b3939473ac02f07b0b6df0894d747a700611f5f3b939e855b9e936941e8722ffebbccc77807a60a6091047a8f8baa1f337b239ab53ce7fae4c8e713a85a67fa51a457b5112a17049b04b218b251724d330957720a8251b3ab5163f1c09f2b5948c8d47a55d1e9fb70d8983dc7db3f"}}, &(0x7f00000000c0)={0x0, 0x3, 0x2b, @string={0x2b, 0x3, "dd79672d401533d38c51a7b402986abd34fab5a7b69919bf67e0c11b1f91aee71125b5043fc4304101"}}, &(0x7f0000000100)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0xc, "5b9ac070"}]}}, &(0x7f0000000180)={0x0, 0x21, 0x9, {0x9, 0x21, 0x1, 0x60, 0x1, {0x22, 0x636}}}}, &(0x7f0000000680)={0x2c, &(0x7f0000000440)={0x20, 0x16, 0x30, "ab2ae461a7288b3412ea7362c82c4bf66351fe20ec5d248f6de81fc37c9ec1117f166e6e743ab83b2ef808c03f0d40e2"}, &(0x7f0000000480)={0x0, 0xa, 0x1, 0x7}, &(0x7f00000004c0)={0x0, 0x8, 0x1, 0x2}, &(0x7f0000000500)={0x20, 0x1, 0xd1, "1dd49d0b00d8b0c95ccd412ce9e7d28c2558ee66c0e71b85cb9504648e33296f65a2cd66876a43f1a727cc4238e8219b8446611631ea8193ed225285f73c32dd1bb50b5f224dc5b19ebe23ee4407eec7c05cdceed975112564a84dc5480d726a45bc5978bd18f182783635e914abdeb66dfe03c0b389eba9c388b8d3f6ee45a884e56fb736940c559fb811eda6c40904fd7c9c75d3c84a6e1b6d4496c49acf3c0c4169d0ce6aa744419666614b7543d1644de60b715f7b08bcb50f35f24eba3e67753b09e536a983682893a3ee724c2bb4"}, &(0x7f0000000600)={0x20, 0x3, 0x1, 0x50}})
write(0xffffffffffffffff, 0x0, 0x0)

14.45901035s ago: executing program 3 (id=119):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_io_uring_setup(0x112, 0x0, &(0x7f0000000340)=<r4=>0x0, 0x0)
r5 = fsopen(&(0x7f0000000040)='9p\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000540)='\xd0\x9e^\xa0\xee\xd5\x17T\xb1GI\x90\xe2Q1\xb0\x8f\xe1\xa8\x95\xa0\xcd\fL\xf1<e\a\xa5\x8f\xab\x00\x00\x00\x00\x03dhS\x97nZ\xf8\xc6\x1f\xd3K\xfa\xc8\x8d#\xce)\x9bg-D#g\x16\xf4\xd9\x00\x00\x00\x00\x00eA\x9f\xc3\x11\x18\xe6\xc5\x95\x9e!^\x97\b\x14\xc5\xad\t\f\xdeg\x8d\x16wW\xf6\xacE\xa3\xc8\xe7\xec\xd6\xbd\x1c+\n\xc7Q( \xba\xff\x17N\x1fB\x91\x15\x83\xec(B4/#W\xc5\x05\x9d\xd6\x02\x8cU!a\xdc|6\xdc\xee$\xb5\x1deC\xfb\xa2\xaa\xe0#\xcb\xde;sA\xad\xa6\xb6Y\xa3\xf7\xc3\x93\xd4\xb6\x95\x02\xd8*\xa8\xd2\x94\xa3\x89\xa9\xa0\xc5\xc9=\xa5^', &(0x7f0000000240)='sockfs\x00', 0x0)
syz_open_dev$usbfs(&(0x7f0000000140), 0x77, 0x3501)
syz_io_uring_submit(r4, 0x0, &(0x7f00000002c0)=@IORING_OP_SEND={0x1a, 0x40, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10})
io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r6=>0xffffffffffffffff}, './file0\x00'})
prlimit64(0x0, 0xe, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$UI_ABS_SETUP(r6, 0x401c5504, &(0x7f00000000c0)={0xe38d, {0x0, 0x2, 0x1, 0x80000001, 0x8, 0x1ff000}})
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x20, r8, 0x6a98047402e98331, 0x70bd2e, 0x0, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x2804c040}, 0x4886)

14.271970392s ago: executing program 4 (id=121):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
syz_mount_image$nilfs2(&(0x7f0000000ec0), &(0x7f0000000f00)='./file0\x00', 0x0, &(0x7f0000000f40)=ANY=[@ANYBLOB="00d77fbe9e57a434f929f74bee0c10f9cecfc3ead3b77b247312d0ad8ba2674f257f47c684e0aec5cb3009a5028bd4f70eef4b274a5c38fec4079e5f43b598a9e97e460422eae305e57ae786347345f1de885fa6957858a8b0377854b8190607303abd6aee330a8caac51797b7a15b53acc98e0d526b12f36eb277aead8d55f85523364369522d5f49efa95367a99d00d2c3049e41e7d9ffffffd7a5af9bb021ff2474356bb2c975e3e8f87f1064a983db4d47057c94053fbf53a474536fe59f83bfc1843bd6449160b0c4842dbbeef31ac9bd265bf70f693c8c0c0b783b82271433a5d3d3bcd4c7f801004830262a3c414bfbe76d431c2001567510239dd2f2bbc049000000000000000000000092675a0b4430360148a763030694149b66a254a61956fb1b6bcd6cfc49f4f84694e73ed9c4b4d6b47fc89f36d8e5fd41d863a5bdb87562aa6e346b0b210786e0ae945cf920870ccd9657e2d7639d2d2bc46706950fc40406f22ac773d5043bddfe88faba3a973a67a0a8c64c95ba285267c76a7a31636f1e09ea085c771b3aae335b25fcb6b11358349c0f04abad13df1d0a2f732b059707f13b539692c4fc930ccae68178bd95cfea76185a8146ff55219ed65edb3f89f2fd4112fa45eaaee3ad02b5f2ff9c85453a6af8f4a408bc729aec69f33404b61ad21da92b8c813ca3de184e899a596543ca6d9be9f93840870ccda17746cd6461ad770ab337102b891bcd84c1596a60db767d62f38f12b17636d1478ccb6dc3bf80474432a6123cdaf8a02bc6ac95c722c79aae41084a61bdc51f288b399f989893d302e48efd6bde23391c1867f9ae6c744f28ebe7027e1bc4e07a606691ccb47fe3ef3aa065b459734209ebacefaab29152ff79d6ed6b9bc9c638eab2c1a712053b50b19f6d1211483da44776df821c1f071af464fbc301e8282fd80dd61a80920b738a1c99fb4352a73c9e411b038d31ccf463a2d7edc5c339744e0f5052f275809bdba24f2a82b9f49101ed541031052095536b30"], 0x1, 0xf01, &(0x7f0000002d40)="$eJzs3U9oHNf9APA3q3+2pVirJL9flKSx1aSpE7eVXdmH9FQHTAshhFx6T3CsxFRJTZ0eEmIs9+RCDykhl5QeUpJbwT0UmlAooVDonxx67im0l5bigiGXGqwtkt9brZ413dVImtVqPx/46unNG833O16xnjfafRuAodVY+3r69GwRwrsfv3P221dWfr267Wh7j7m1r0XsNUMIYx39IjveZ3HD7ZtvnVttV7K2CAtrX9N4eO5G+2cnQwjLYS58Eprh6PHm59dGnl388L1Pj12++Mwru3T6AAAwVK7/aemvT/7jj1+duXX9yJkw0d6ers+bsT8Zr/tPxuv7dN3fCBv7RUd0Gs/2G4nRyPYbyfYbzfKMluQby44zVrLfeJd8Ix3bNjtPAAAAGESNOMdthqIx3zHPbYZGY37+zrx/1WfT48X8axeWFi/1sVgAAACgks+vrL3oVgghhBBiiONWq9Xqdw1CCCHE7kZrut93IAAAAIBhk9YdaK8PllvOVxbYnvbRmr3lv/F0Y/Ofhx1Q9++//IOV/4OrnnEAAKhuv15NpvNK19FpHYN8HcGR7Oe2ev3fyI4zusU6y9YVHJT1BsvqzP9d96qy+rf6OPZLWf35eph7VVn9+Tqde1VZ/RM111FVWf0Haq6jqrL6D9ZcR1Vl9R+quY6qyuqfrLmOqsrqn6q5jqrK6r+n5jqqKqv/cM11VFVW/6C8rLas/mbNdVRVVv9MzXVUVVb/vTXXUVVZ/ffVXEdVZfXfX3Md/fJIbNO/w5FsvHP+nM/pBmWOBwAAAMPuP31b/++bfV/7YNhi7W/Ce6AOIYTY9Vg1twfqEEIIsUnEFcj6XofYwbi6B2oQPcSVft58AAAAAPaE9L6A9K73VpTGR7qMj3YZH+syPt5lfKLLOAAAABDCb64tPvh2sf4+/+2uh5fWjUrrL211HaN8PcKt5t/uumfbzT8o65YBAAAwXIpvfbJy/Oz7r8/cun7kTMfsdyXOd9M6oKPx3sBHsZ9eFzCV9Ys0hz6zMU+jZL/8/sA9Zcd7fpsnCgAAAEMszd+boWjMd8y7m6HRmJ9fn4/PhrFi8cLS+ZOxnz6f5Q/TYxOr279ec90AAABA79bn+5vP/9Pn+M6G8WL+tQtLi5fu9Kfa28canfcFpte3F533BZrZ9oWS7adiP31+5yvTB9e2z5/73tJLO33yAAAAMCQuvfHmd19cWjr/fd/4xje+aX/T72cmAABgp33493f+/INTU7+98/7/9fXv0vv/52K/Gdf2+0vcIb1OIL0P4K7367+wMc902X4XN+7XzPYbiTGR1X2g4zihY73B9HMzG/oj6/s2Nx5nvCTfZJZvKsuXr1Mwmu2fzu9wtj1fnzDtN51tz9dhHM1yFFn+RwMAAACUO/H6qxdPXHrjza9dePXFl8+/fP61UycXvrHw1MLC6YUTa6/rP9H56n4AAABgEK2/6LfflQAAAAAAAAAAAAAAAAAAAMDwquPjxPp9jgAAADDs/n0lhLAshBBC1Bdrn3G6B+oQQgghxODHhOuKnqPVyj9pHgAAAGB33b751rnYXt10h+ViR/O1j9YM4UDH9pVYx+8f/9njq5G233h64/2SQztaDcOu4/f/3KY77PDvv/yDlf+Dqzubv/2c17zTpOe98ue/xsYDnKmW98s/+ecTnfkfGu0xf37+z1fLfyzLfyz0lr/1fpb/hWr5n8jyH+ox/13nf7Fa/idj/tlUz2O95t/4+E/ENp3HwR7zH8/O/6XQa/7s/Js9Jsx8JeYHgGHU6HcBuyRdJaTr6MnYT+cbLzdD/uqHrV7/N7LjjG678o3HTddBD8R+ul6ayvImW61/MjvePRXrzA3Kq0rK6t+px3G3ldU/VnMdVZXVP15zHVWV1T9Rcx1VldV/oOY6qiqrv9d5aL+V1T8o95XL6p+suY6qyuqfqrmOqsrq3+r/4/1SVv/hmuuoqqz+6ZrrqKqs/oq31WpXVv9MzXVUVVb/vTXXUVVZ/ffVXEdVZfXff/emQbkk2pKHY1s2H07zz+k4lvrNrD+xyb/lfr23AAAAAIPmX9b/E0IIIYQQQggh9n20Wv2+A0E/7e67mQHYqzz/DzeP/3Dz+A83jz//S3oNf5H1k5Eu46Ndxse6jI9n4/nv60SX8fuy47aiNH5/l/H/6zJ+uMv4A13GZ7uMP9hl/KEu4w93GQcAAGA4/H9szQ8BAABg/7r8i49+/KtjL9ycuXX9yJkwfte68ydjfyL+bf1a7Ofr3idj8W/+P4z9n8f2d7H9W7a/158AAADA7kufE+Pv/wAAALB/pc8pNf8HAACA/Wsmtub/AAAAsH/dG1vzfwAAANjHigObb45tui/waGx7XdcPANj7vhDbR2J7JLZHY/vF2KbrgMdi+6Wa6gMAds5Pv/Ojp94u1tf7P5WN347bU3uX5Tt3CorGxpX8D8b2UGwf77Ge/PMAes2fHO4xz27ln95mfgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg/2isfT19erYI4d2P3zk7ffnsy6vbjrb3mFv7WsReM4Qw1v65NLre/2Xc8fbNt86ttiuxbcW2CAuhCEV7PDx3o51pMoSwHObCJ6EZjh5vfn5t5NnFD9/79Njli8+8sov/BAAAALDv/TcAAP//vcAp6A==")
openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x2000, 0x0)
r1 = epoll_create(0x1)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000280)={0x60002003})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
r3 = socket$inet6(0xa, 0x3, 0x1)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
shutdown(r3, 0x0)
recvmmsg(r3, 0x0, 0x0, 0x2, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x80044940, &(0x7f0000001480))
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='pids.current\x00', 0x275a, 0x0)
write(r0, &(0x7f0000000000)="0c000000010001", 0x7)

13.01584533s ago: executing program 2 (id=122):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0x400}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
userfaultfd(0x80001)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000006c0), 0x48200, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0xc14)
ioctl$TIOCSETD(r4, 0x5423, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x6)
gettid()
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quota'])
r5 = openat(0xffffffffffffff9c, &(0x7f0000004d00)='./file1\x00', 0x250942, 0x1cd)
quotactl_fd$Q_GETNEXTQUOTA(r5, 0xffffffff80000901, 0xee00, 0x0)

12.642459324s ago: executing program 3 (id=123):
socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000440)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58)
r4 = accept$alg(r3, 0x0, 0x0)
r5 = dup(r4)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=@newlink={0x20, 0x10, 0x401}, 0x20}}, 0x0)
r7 = open(&(0x7f0000000000)='./file1\x00', 0x10f0c2, 0x0)
socket$kcm(0x10, 0x2, 0x4)
ftruncate(r7, 0x200004)
read$FUSE(r5, &(0x7f00000023c0)={0x2020}, 0xfffffe9f)
sendfile(r5, r7, 0x0, 0x80001d00c0d1)
ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, &(0x7f0000003080)={0x0, 0x0, 0x6, &(0x7f0000003040)={0x1e, "f4e1a230be8f46463fb1a5f1b44f44eaa65e485b747aa95df8c005af07677d18bc"}})

12.546024835s ago: executing program 1 (id=124):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d3e457201e040b40e73e000000010902120001000000000904"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000080)={0x24, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = userfaultfd(0x1)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000080))
ppoll(&(0x7f00000000c0)=[{r2}], 0x1, 0x0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)

11.580097882s ago: executing program 2 (id=125):
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='gid_map\x00')
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r3=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000003c0)=@abs={0x1, 0x0, 0x4e23}, 0x6e)
r4 = syz_io_uring_setup(0x6de4, &(0x7f0000000180)={0x0, 0x113a, 0x2, 0x2}, &(0x7f00000000c0), &(0x7f0000000000))
io_uring_enter(r4, 0x0, 0xe38e, 0x5, 0x0, 0x0)
r5 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0)
write$vga_arbiter(r5, &(0x7f0000000040)=@target={'target ', {'PCI:', '0', ':', '7', ':', '2', '.', '0'}}, 0x13)
io_uring_register$IORING_REGISTER_BUFFERS2(r4, 0xf, &(0x7f00000024c0)={0x2, 0x0, 0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f0000000240)=""/191, 0xbf}], &(0x7f0000002480)=[0x0, 0x2]}, 0x20)
r6 = socket$xdp(0x2c, 0x3, 0x0)
write$binfmt_elf64(r6, &(0x7f0000000440)={{0x7f, 0x45, 0x4c, 0x46, 0x6, 0x22, 0xc, 0x1, 0x900000, 0x3, 0x3e, 0x2, 0x6e, 0x40, 0x282, 0xe, 0x7, 0x38, 0x3, 0x81, 0x8}, [{0x474e553, 0x2, 0x8000000000000001, 0xffffffffffffffff, 0x2, 0x2, 0x2627e68d, 0x9}, {0x6474e551, 0x80000000, 0x10001, 0xa26, 0x0, 0x1, 0x9, 0xe}, {0x6, 0x5, 0x7, 0x100, 0x3, 0x0, 0x200, 0xffffffffffffffff}], "25c8e7a093f5a0fce74731a433885038d6507dc8033239d05e3d57a06e2485dcc29e0fe563beb845fffb8c4b3c999c42406191634930ee2dee51270856c218df7d9c8ab3f364530c1adc5c2280597f53f8df4b93fd6896b69882bf6ba04be45f346c34ffb5ca574acb1eede1f34c21a6e164157ad539241d9c345bae08de41f5e83d8a075db754f776a6c254dc818af1d7f6109a94f09469dc9d137917e02ebc29f428349227a0dc85cafa85ed994d246d0f7d0352f84f34b289eedf3ff3934ed7619b45d8653427436c1d", ['\x00']}, 0x2b3)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)

11.579247405s ago: executing program 0 (id=126):
socket$can_bcm(0x1d, 0x2, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0xffffffffffffffff}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0)
r4 = memfd_create(&(0x7f00000000c0)='\xfd\x0fm3#/\x00n\xaa\xaa\xe4\x01U\x8b\xc2\f\x03\x19\x9c\x8e\xcb\x90\x00\x00\xaegQ\x0e\x94\\y\x0fU2@\'\x8a\x80\x00$\x12\xfc\xe4.)\x9b\xf2@\xf0\xe0\xdb\x1f\xe6\xb4gc\x13\xda\xf9\xcd7el\xb7\xe6\b\x00\x00\x00\x00\xef\xff\x00vob/~\xc2\x00\b\x00\x00\x00\x00\x00\x00 \xff\xf1\xdem\x9c;%\xb5\"\xe4\xf1x2\x8a\x19p\x04\\\xaa-\x93\xd1\xc4 )\xbfK\xf7E\xf3\x05\xa0\xd0\xe6%\x97\x15\xf0\xab\x86\x90k\x10\xcer\x14\xe0a\xaf\xab\xfe\xd9V\x19\xa5d\x16\x8e]:3\xff\t\xe6\xf7\xb3\xbf\xa3\b[?\xb5\x14t\xd3\x8e\xc0\xe8\xefd\x88\xddz\xa25)\x17\xef\xfb4\xff\xdb\t\x8e\xeb\x1d\\\xf9\x14\xc7\v\xa8\x89\xdb A\xbaBAj\xfe\x18\xc3-+\xd6\xb0K\xee\x1b+\xc7lA\x84\xa6\xfe\x8bU<&\x1a\xe7m\x86\xb7\xa1A\xf9\x02S;C\x99\a.$K\x833\x82\x7f\x1b\'nj\x06\b\xb7\xe8] \x87A[y\xdc\x14\f\xcet\x00\x1f\x0f\xef\xca\xcfz\x7f\an0\xebB\xb8}&\xdd\xc9\xa7\x1dp\t\x9a\xceb \x81\xaaq{H\x88\xdf\xf8\x80\\\x1c8\xfe\xc4\xe3\xb0\x90\xcb\x8b1r\x94\x9f\x00\xce\xc8\xc3\x84\xa0\xc9\b\x00\x81Ks\xba\xbbC6\xd6\x13\xb5\xe086EzD\x18\xd5\x16\x88E\xc6\xf0A9\xf1u\xb3\x85\x02\x12\\Sp\xf4\x9a\xe8\x96^\xe6\xa8K\x12\b}\xff\xcb{\xc6\xf6\xb4\x8b\xb6\xa8Y\xf2\x91\xeeR\v#\xb5)\xb0\x99\x9b-p\xe3\x17\x04\xb0\xdc\x0fk\x11\xe1\x9a\a\x16\xb7\x9b\x88\xfa\x1e`\x84$\xfc\xd7\xf5^X\xd8[}\x032\xd0\x84\xdby\x94Vp\xa5\xcd(\xab\xb6\x95sR\xab\xfc\x8c\'\x9c\x16Q\xad\xbc\xb04%\xb7\xe5\x14\xb1`\x87#X\\W`;\'_4\xc5\xc9\x921<\xd9\xad\x9f\x12@!\xfaI\x88\xab\xef\x86\xe9\a>\xdd7\xb7\x8e\x9c0-o\xc9\xec_|\x02\xc8Ru\x95\xa8#U\xd6J\x87\xf6X\xb6{\x11$\x00\xc8\x14\xcb\xd1nK\xd8\xb9\x0e\x9bA\xed\xbcs\x1fS\r\x12O\x83\x15\xcb(\xdb\xb1S\x1f%\x04\x9a\xa0l\xa3}\xe7r\x02\x00\x00\x00\x8aeh;F[\xe2\x1c<L\xaa\x87A\xcdN#\xfb\xb0\xf2\x1e\x0e#J\xd0hB<\xc0\x82A0)p\xe7&J\x82\x83\x83\xd14\x01\xcf\x1b\xa9\x1d\x1ef\x0f\x86(1\xd6l\xd2\x8f\xb0\xad\t\x15\xdb|\x87\xf1\xc4\xb8\xb2\x9a\xd2A\x80\xbf\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd6\x80\x00\x00\x00\x00\x00\x00\x00\x88&}\xd1\x00\x00\x00\xe6\xaf\t\x9f\x96\rN\xc9\x90\xbe\xed\x1ad\x14\xe7\x84\t\'\x8b\x00\xdd\xc9\x0f\x14v\xb6\x04\xf2U\xb4\xf6\xbe\xddT\xcb\x00\x00\x00\x00\x00\x00\xe9\x00\x00\x00\x00\x00\x00o:}\xa7jmH\xedn\x11\xfe\xe2\x0fT\x00\x94\xbc\xc6\x7f\x93eE1xp\xa3\xdc\xd7K9J<\xeb\xd2!\xf4\x19\xbd#\xb8\x83\x858\n\xf8\x12Z\x1a\x12\xfa\xcc\x04\r\xf3\xf4;\v\x15b^\xea\xa2\x04 \xe8\x99\xb3\x97\x9e\r\xb0\x05\xbb(f\xd0\x85\xc5\x15\xae#\x12Q\xacF\xfb\xc8\xbd\xcc#\v\x00\x00\x00\x00\x00\x00\x8f\x9b\x00\x03\xc8}\x11\xbc\x01\x8fi\xf5\x7f\xaf\x11\xfb\x16\x95\xdfc\xc9\x8a/&\x81w\xdf]ao\\\x88\xf7\xce\xbd\xb0\xa6J~\x8d\xf1\xe9\x1c\xcfo\xb3\xdc\x04Y\x8e\r\xf5\xa0\xeft\x06G0\xe3D\xd6\xa3L\xedN\x0e\xdc@7\xd8^\xae\xea\x92\xbe\x9c\xf9~c\xc1|\xca\x8d\x93R\xe5\xceU\xa5\x0f\xbf\xd8l\x96`\x0f\x00e\x8aR{\x17Y\x15m>\xe26 \x19k&.\x7f\x1d~\xdaI\xd4\x99\a+\xdf]\xbc\xa6\xc3\x0f\x99W\x9c-t\v\xc7J\xfd\x91\x853\xd1j;\x19W\x96V\x8az+\xf9\x82#\xfaC\xa3YN:\xe8\xda\xbc\xb2h\x8f\xe0\xc6d\x96\xccy\xb3\xc2\x98\x1c\xca\xde\"\xaeW\x89\x83\xc2sB\xe7\b\x9b9~}\xc2\xb3\x1d\xcc?\xd1\x89\xef\xca\x00\x00\x00\x00\x00\x00\x00\x00\x00J[\xc4\x04\xc1\xa6\x10\xc2\x9d\x11\t|\xc0\t\xd9(\x80\xe6s\xaa\x88\x8a\xd6\xa2\x01\x10W]Z\x8d\xf7\xd1P\xf9d\x01|\xa3\x03hSq\x95\x8f\xe1J\xd3#/fcCz\xff\x80\xe2M\xa3-r\xf6\x1a\xd74\xdc\xe1\xe4\xc3\x9dU t}\x02\x9a{C|S\xf4\x98\x05\xb9\x15}\xfa\"\xdc\xc2r\xf9\a\xadnD\xb6\x06\xd3\'\x10\x9f|\x17\xd6\x89O\f\x98@\x85\xa5m\x9d\\&\x17o\x11Z=l\xfb\x93\x8exZ', 0x6)
syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
ioctl$FS_IOC_RESVSP(r4, 0x40305828, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x8010002})

10.220937992s ago: executing program 0 (id=127):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x54)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
pipe2$9p(&(0x7f0000000000)={<r2=>0xffffffffffffffff}, 0x0)
r3 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
splice(r2, 0x0, r3, 0x0, 0x10000000000016, 0x0)
r4 = open(&(0x7f0000000300)='./bus\x00', 0x14103e, 0x18a)
r5 = open(&(0x7f00000001c0)='./file0\x00', 0x14b042, 0x83)
ftruncate(r5, 0x3000000)
sendfile(r4, r5, 0x0, 0x80000001)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
r6 = open(&(0x7f00000000c0)='./bus\x00', 0x2100, 0x115)
ioctl$FS_IOC_FSSETXATTR(r6, 0x401c5820, &(0x7f00000003c0)={0xd8, 0x0, 0x0, 0x0, 0x2000000})

10.159339476s ago: executing program 3 (id=128):
syz_mount_image$hfs(&(0x7f0000000140), &(0x7f0000000040)='./file1\x00', 0x2810880, &(0x7f0000000000)=ANY=[], 0x8b, 0x2a7, &(0x7f0000000180)="$eJzs3U9P1EAYx/HftMuyCGIVjInxYFCiJwN4MV5IDPE1eNGo7JoQNxAVE/Ui8Wx8Ad69+AJ8EZ6MiWc9efIFcKuZ2Vl2yrZbWEIr8ftJFsp2/jzTdtt5miwVgP/WnbWfn27+ti8jxYol3ZYiu+qyGpLO60Lr5eb2xna30x7VUCy15F5GcjXNUJn1zU5eVVvP1fAS+1dDM+F7OB5pmqa/6g4CdWr533Heykia9J/OOCx8ku3E0k7dQdTM7GpXrzRbdxwAgHqZ3vU98tf5GT9/jyJp0V/2w+v/j9M1x3s017Rbdwg1C67/LstKjd2/Z9yqQb7nUji7PupniYftx04em+odWZkJpslmlcPJooslmnqy0e3cWN/qtiO906oXFJuXtKq2z1m9kmgXcrrLaurgrY0w7cYwYcewUhD/XF6n4/dYznw138wDk+ij2nvzv0ZqbPcugmRvT92dGMS/VNTc1rP7rlavVMEoz7pOLmY37MhRxkUZifyWSmNlbxAk2TibubWa2lerN7rlop58O3O5tVZKas3bWp+DWoOjubjmcTMfzD2zoD/6orVg/h/Zrb2o4U9mfiOupD8y+uPJzQ0brmQSvrVzKbfNaLzxYCzv9Vi3NPvi9Zunj7rdzvOqF2wMlXfKQm+hfxD8K/GMt2DPsftXNarpvXnkTdfSoQoPjzRc6J86D9Bg/yRd2mktZyVUbLDTi8u8rTIgVM2ePEwv/wvylSWXItkfyYh5elo2bQtaXM7JDSb3Cp4KWjL+/nxxBjRdnMEdNOe6cl26GrxZknMlOidNjRzrSWLW9F0Puf8PAAAAAAAAAAAAAAAAAABw0lTxbY2gO/6jDwAAAAAAAAAAAAAAAAAAAAAAYyh+/m9Lx/j838z3AHj+L1CPvwEAAP//pAVz+Q==")
open(&(0x7f0000000240)='./file0\x00', 0x0, 0xa0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001a00)=ANY=[@ANYBLOB="18000000030000000000000026d0000095002b000000000093adff012255f674412d02000000880b5f04596a5e99fce658be2f200c699223886d8be4b50000005ab527ee3697f98125f30e6326996a3cfee33025a30b45bdcf2c69d105e5e55a1d273683623f1a5dc6e3c7e20eb7a98ecf3bd2cf898e924abe26ac296f660e69ba982fd76e00dcff7f0000ca6b78ad833488cfe4109eaf009eddcf21f5c63cde2f00150200000001000000520a0000151d010000000100bf00000000cc587424363da52001a3cdf2000000db74596fd72c002a60c1bc7dc8c38b7d2e13c50424b9dd1145d03ff45f70685c6bd9ff41c69b7de406e89dcbb7677e65a88a8407a9e7f9c0e91028b0856eb1ed9474480737a55ebb0bd701f7fb21135c6172eba7eb8a341f07e5a2d1e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d93a433f50479387467824262852c7939db5672d07cdbe8e14abf56497e5d56dbe37551b870b2851c3f0a1a9ebfcba105a6ccdd01b0f04edb256c0200000073f6db43661bd7f0e2536ffbfe5ca31b4083145531458b7d1e341c6b351ebc5223f54d6bec93f4ef088e5d1be2515226988d664709ff03f1aa3dc7f1580ace9bf2afd28d0700000000000000d6eb372713255012e028cb2654d493a0b43bf21375709f348f5eda2967199cc936859a538100070000000000dc10e13ef227f627a40000ad1fa253d33fa74f172d3407ae4e1e347c0c6ef9dd2b6bb700000000000000000c586272c3f4d79bc36315745cb149f3cb385e6add14652003c7cdd3324f07d134d3a6c718bbd1aafe1140cff0be4c6f8df084c5e9734ae30aa9af030025f01ab03a9b1074407136bc506031f0916a39d3057d55183612b39e73ae8e6dc30356886a831836469e2051d937eb85f3f2d5ae2c1dca476b97419a3b76ed62409d004d7fbe362145d19605d760df4c5124ca325d374b371867a79b35c6617fc3327191fbf514573f0e30d1d60be2168fffc2f3dccd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257bc9110971b749ccd74089ed6b86f81ca3ba47d8f71d290ed1b1a11f7a67125170c88c3b6a50692cc0064fc6bbd312536ac15016c85c6332226401b110da9c786eeca22debc99335587b54c13c3107008fa069af8223b38ced735c2d906551004d8dc10d88738488da01ffa4add56474573c964a270000"], 0x0, 0x4, 0xb7, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000180)={r0, r1})
ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f0000001380)={<r3=>0xffffffffffffffff})
syz_genetlink_get_family_id$batadv(0x0, r3)
sendmmsg$inet(r2, &(0x7f0000000880)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000027c0)}], 0x1}}], 0x1, 0x50)
socket$netlink(0x10, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
mknodat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x81c0, 0x0)
r5 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x88882, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000040)=0xd)
ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000300))
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000080)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x81008e, &(0x7f0000003f80)=ANY=[@ANYBLOB="726f6469722c7379735f696d6d757461626c652c6572726f72733d636f6e74696e75652c756e695f786c6174653d312c73686f72746e616d653d77696e6e742c756e695f786c6174653d302c636865636b3d7374726963742c636f6465706167653d3935302c696f636861727365743d63703836302c696f636861727365743d63703433372c73686f72746e616d653d77696e6e742c696f636861727365743d63703933322c6e6f6e756d7461696c3d302c6e66732c726f6469722c757466383d312c73686f72746e616d653d6d697865642c757466383d302c00e23bb66df271dc392ed708", @ANYRES16], 0x4, 0x2ba, &(0x7f00000001c0)="$eJzs3T9ra2UYAPDnpPmnDskgDiJ4QIc7XW7v6mCq9MLFTEoGXfTiTUGaILRQ8A+mnVxdHP0EguDW1Q/g4jcQXAU3OxSOnJNzmqZN00ZMq97fb+nTc97nfZ+3edvSwnny0Svj3adp7Bx9+Wu020nUetGLkyS6UYvKYczpfRMAwH/ZSZbFH9nUKnlJRLTXVxYAsEYr//7/ce0lAQBr9t77H7yz1e9vv5um7Xg0/vpgkP9ln3+c3t/aiU9iFMN4EJ04jcjOTONHWZZN6mmuG6+PJweDPHP84c/l/Fu/RxT5m9GJbnFpPv9xf3sznTqXP8nreL5cv5fnP6x34sUF6z/ubz9ckB+DZtx7raw/4jDuRyd++Tg+jVE8LYqY5X+1maZvZ9/++UXxH408P5kcDFrFuJls47ZfGwAAAAAAAAAAAAAAAAAAAAAA/r/ul71zWlH078kvlf13Nk7zTxqRVrrz/Xmm+Uk10YX+QJMsvqv66zxIX2pl5cBZfj1erkf9bnYNAAAAAAAAAAAAAAAAAAAA/y77n32++2Q0Gu4tC248uOoGUD3Wf+3MVwS94d5xdeXVWD64NVurVoajYV7IwqzYqMYkEUvLyDfxt4pfPXiuqHnBre9/WHXC9vVjGovX+ieD6sDsPkkWfw1bZ69Ouzokx+fHNOOGazWnwZuXbmUrHb/mwludG6Qn8/O8UASTJVmRLCvsjd8iGhHVmU8u7qJ51cEeDRtFcO/qb732Suf58s+KRLcOAAAAAAAAAAAAAAAAAABYq8sP+Z9ztDS1lrXWVhYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3KrZ+/+vEEzK5OmVn95aMrgZe/t3vEUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeAX8FAAD//9OuWkY=")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='rdma.current\x00', 0x275a, 0x0)

9.35770638s ago: executing program 2 (id=129):
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0)
open(&(0x7f0000000100)='./file0\x00', 0x80ff, 0x36)
openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000100)='autofs\x00', 0x0, &(0x7f0000000400))
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0x9362, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='mounts\x00')
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
wait4(0x0, &(0x7f0000000140), 0x4, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
listen(r2, 0x7)
accept4$x25(r2, 0x0, 0x0, 0x80800)

8.685035348s ago: executing program 0 (id=130):
r0 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r0, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x9fc69000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x3a)
connect$inet6(r4, &(0x7f0000000240)={0xa, 0x0, 0x8, @mcast1, 0xb}, 0x1c)
recvmmsg(r4, &(0x7f0000006280)=[{{0x0, 0x0, 0x0}}], 0x400000000000094, 0x42, 0x0)
bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10)
r5 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r5, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
r6 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r6, 0x0, 0x0)
bind$tipc(r6, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42, 0x3}}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x1}, 0x10)
bind$tipc(r0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0xe, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x1}, [@generic={0x71, 0x0, 0x1, 0x43}]}, &(0x7f0000000040)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

8.684065094s ago: executing program 4 (id=131):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x18)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000001200), 0xffffffffffffffff)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000780)=@raw={'raw\x00', 0x3c1, 0x3, 0x2b8, 0x0, 0x4c, 0x1a, 0xc000000, 0x73, 0x2c8, 0x258, 0x258, 0x2c8, 0x258, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @local, [], [], 'wg2\x00', 'macvlan1\x00'}, 0x0, 0xd8, 0x108, 0x0, {}, [@common=@inet=@l2tp={{0x30}, {0x0, 0x0, 0x2, 0x0, 0x6}}]}, @common=@inet=@SET2={0x30}}, {{@uncond, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x318)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = syz_open_dev$evdev(&(0x7f00000001c0), 0x0, 0x0)
ioctl$EVIOCGPROP(r3, 0x80404509, &(0x7f00000007c0)=""/4096)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r2}, 0x10)
socket$vsock_stream(0x28, 0x1, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r7, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fedbdf2501000000000000000b0000000014001462726f6164"], 0x30}, 0x1, 0x0, 0x0, 0x4000851}, 0x880)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
stat(0x0, &(0x7f0000002e00))
sendmmsg$unix(r5, &(0x7f0000008880), 0x0, 0x200480c4)
readv(0xffffffffffffffff, 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xa, 0x0, 0x0)

7.615960184s ago: executing program 2 (id=132):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x3000000, &(0x7f0000000180), 0x1, 0x512, &(0x7f0000000c40)="$eJzs3W1rZFcdAPD/vcmk2d3UTFVkLdgWW9ktujNJY9so0lYQfVVQ6/s1JpMQMsmEzKRuQtEsfgBBRAU/gG8EP4Ag+xFEWND3oqKI7upL3St35kbzMJMMySSzTn4/OJlz7sP5n3PJ3LkPh3sDuLJeioh3ImIsIl6NiOlielqk2OukfLnHjz5YzFMSWfbe35JIimn7deXl8Yi4Uaw2GRFf/0rEt5LjcZs7u2sL9XptqyhXW+ub1ebO7p3V9YWV2kptY25u9o35N+dfn5/JCufqZzki3vrSn370/Z99+a1ffebbv7/7l9vfyZv1hY912h0Ri+cK0EOn7lJ7W+zLt9HWRQQbkrw/pbFhtwIAgH7kx/gfjohPto//p2OsfTQHAAAAjJLs7an4VxKRAQAAACMrjYipSNJKMRZgKtK0UumM4f1oXE/rjWbr08uN7Y2lfF5EOUrp8mq9NlOMFS5HKcnLs8UY2/3ya0fKcxHxXET8cPpau1xZbNSXhn3xAwAAAK6IGy8ePv//53TazgMAAAAjptyzAAAAAIwKp/wAAAAw+pz/AwAAwEj76rvv5inbf4/30vs722uN9+8s1ZprlfXtxcpiY2uzstJorLSf2bd+Wn31RmPzs7Gxfa/aqjVb1ebO7t31xvZG6+7qoVdgAwAAAJfouRcf/C6JiL3PX2unKJ4DCHDIH4fdAGCQxobdAGBoxofdAGBoSqcuYQ8Boy45Zf7xwTuda4Xx64tpDwAAMHi3Pn78/v9EMe/0awPA/zNjfQDg6nF3D66u0llHAN4cdEuAYflQ5+OZXvN7Pryjj/v/nWsMWXamhgEAAAMz1U5JWimO06ciTSuViGfbrwUoJcur9dpMcX7w2+nSM3l5tr1mcuqYYQAAAAAAAAAAAAAAAAAAAAAAAACgI8uSyAAAAICRFpH+OWk/zT/i1vQrU4evDhx569dP3/vxvYVWa2s2YiL5+3Q+aSIiWj8ppr+WeSUAAAAAPAU65+nF5+ywWwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqHn86IPF/XSZcf/6xYgod4s/HpPtz8koRcT1fyQxfmC9JCLGBhB/735E3OwWP4knWZaVi1Z0i3/tguOX25ume/w0Im4MID5cZQ/y/c873b5/abzU/uz+/Rsv0nn13v+l/93/jfXY/zx7pNzL8w9/Ue0Z/37E8+Pd9z/78ZNO/EMh8sLLffbxm9/Y3e0640CV3eIfjFVtrW9Wmzu7d1bXF1ZqK7WNubnZN+bfnH99fqa6vFqvFX+7hvnBJ3755KT+X+8Rv3y4/8e2/yt99T6Lfz+89+gjnUKpW/zbL3f//b3ZI35a/PZ9qsjn82/t5/c6+YNe+PlvXjip/0s9+j95Sv9v99X/+NyrX/veH7rOObY1AIDL0NzZXVuo12tbJ2Qm+1jmkjNvPx3NGGAmno5mDCuTfbfz/3i+es65+rFMdp7Vx2MAzZg49j0di7NWmETs5XX1+Q8JAACMmP8d9J90BwkAAAAAAAAAAAAAAAAAAAC4SGd8LNlkRPS98NGYe8PpKgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAif4TAAD//4RX0Xo=")
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x4, 0x50, r2, 0xd467a000)
syz_open_procfs(0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
symlink(0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00')
getdents64(r3, 0x0, 0x0)
lchown(&(0x7f00000006c0)='./file0\x00', 0x0, 0xee01)
capset(0x0, 0x0)
lchown(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
lchown(0x0, 0x0, 0x0)

7.613958795s ago: executing program 3 (id=133):
arch_prctl$ARCH_REQ_XCOMP_GUEST_PERM(0x1025, 0x12)
arch_prctl$ARCH_REQ_XCOMP_GUEST_PERM(0x1025, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
sendto$inet6(0xffffffffffffffff, 0x0, 0xffffffffffffff50, 0x8090, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @dev={0xfe, 0x80, '\x00', 0x15}, 0xffffffff}, 0x1c)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
r2 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x28a02, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x19)
ioctl$TCFLSH(r2, 0x40085500, 0x400000000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000140)='inode_switch_wbs\x00'}, 0x18)
setxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a310000000054000000030a01020000000000000000010000000900030073797a320000000028000480080002400000000008000140000000051400030076657468315f6d6163767461700000000900010073797a31000000004c000000050a01020000000000000000010020000c00024000000000000000010900010073797a3100000000200004801400030076657468315f6d616376746170000000080001"], 0xe8}, 0x1, 0x0, 0x0, 0x40040000}, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r4=>0x0}, &(0x7f0000000040)=0x8)
timer_create(0xb, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000300)={r4, 0x328, 0x40, 0x9, 0x101, 0x7ac, 0x0, 0x3, {0x0, @in={{0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x401, 0x26, 0x4, 0x3, 0x10001}}, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040))
openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0)

7.21120104s ago: executing program 1 (id=134):
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000003f80)=ANY=[], 0x1, 0x2f4, &(0x7f0000000900)="$eJzs3M9PE1sUwPHTn7QlUBYv7+W95IUb3ehmAtW10hhIjE0kSI0/EpMBptp0bEmnwdQY0ZVb4x/hgrBkR6L8A2zc6caNOzYmLmRhrOn8oKVMKYVKEb6fhMxhzj3tvZ2SnNt02Lrz+nEhZ2k5vSLBmJKAiMi2yIgExRNwj0E7jkqzF3Jx8NvH/2/dvXcjnclMzig1lZ69lFJKDY++e/Is7g5bH5DNkQdbX1NfNv/e/Hfr5+yjvKXyliqWKkpXc6XPFX3ONNRC3ipoSk2bhm4ZKl+0jLKTLzn5nFlaXKwqvbgwlFgsG5al9GJVFYyqqpRUpVxVoYd6vqg0TVNDCUEn2ZWZGT19yOL5Hk8Gv0m5nNZDIhLfk8mu9GVCAACgr1r7/6CoXvb/q+c2KoO314bd/n896tf/X/7kPNau/j8mIr79v/f8vv2/3l3/v7cjOluO1P/jZBiN7jkVaIT1ZDmtJ9y/X9vL+6tjdkD/DwAAAAAAAAAAAAAAAAAAAADAn2C7VkvWarWkd/R+6rmYiDT/3iIkIlePf8bopXbXf6Dz9ccp0LhxLzwsYr5ayi5lnaM7YENETDFkTJLyw34/uOqxd+eRqhuR9+ayW7+8lA3ZmXRO8nb9uCQj0lpfq01dz0yOK8fu+ogkmutTkpS//OtTvvVRuXC+qV6TpHyYl5KYsmDPo1H/fFypazczLfVxexwAAAAAAKeBpnb47t81rV3eqd/ZX7d+PhBq7K/HfPfnYfkv3N+1AwAAAABwVljVpwXdNI3yPkFcOo9xgsgBxrQG4W4GdxF4Kzxolfddhh5P42CB9+S7UjH3ZM9flkAXL0ubICiHqRqtr0YddRXex0btxsj0xPFfQTv4583b7717wCtrsQ4rPXwQ2v8NEHG//gUAAADgFGk0/d6Zif5OCAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAM+g4/jtav9cIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnBS/AgAA//9p2gTn")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18)
prctl$PR_SET_TSC(0x1a, 0x0)
sendmsg$ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000010}, 0x4008000)
r4 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r4, 0xc0185879, &(0x7f0000000000)={@desc={0x1, 0x0, @auto='\x00\x00&\x00'}})

6.527102656s ago: executing program 0 (id=135):
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100009e173610ef09000000070002030109022a00010000000009040000db09"], 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[], 0x50)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000500)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x48c0}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCDELRT(r3, 0x890c, &(0x7f0000000300)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x8, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bpq0, 0x7, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast]})
socket$netlink(0x10, 0x3, 0x10)
listen(0xffffffffffffffff, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz1\x00', 0x200002, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
setuid(0xee00)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000400), 0x12)

4.087302087s ago: executing program 1 (id=136):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000005c0)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$SIOCRSSCAUSE(0xffffffffffffffff, 0x89e1, 0x0)
r3 = socket$rxrpc(0x21, 0x2, 0x2)
bind$rxrpc(r3, 0x0, 0x0)
bind$rxrpc(r3, 0x0, 0x0)
r4 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r4, &(0x7f0000001600)='./file1\x00', 0x2000, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
linkat(r4, &(0x7f0000000000)='./file1\x00', r4, &(0x7f0000000240)='./file0\x00', 0x0)
unlink(&(0x7f0000000080)='./file0\x00')
unlink(&(0x7f0000001200)='./file1\x00')

4.083779735s ago: executing program 2 (id=137):
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
open_tree(0xffffffffffffff9c, 0x0, 0x0)
syz_open_dev$dri(0x0, 0x1, 0x11f102)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000018bbdecde39739fcd1df176dde746ec834120600000000003b814e50a959736d6572462abc30ef5b65c70f73ecea54b5e5bea9836c319f653557e79a002208ce996dda659bd5ba0f4ce5c2080002223dc60000000000000044cd0a1e3686873600000000005493b4b81d5b9fa9b40fe4d76afc3a989c6d60044e89eb96e44d01a1034e3797ffa86870b82939f41ffa0f3d726f085663c29cbdc4c766a7eb77cc36160191acf5ae7469c82ab4145b595b987d75912a0fcd1c061835294cc0c618aba204f8adaa20c80108d356cd88cc86177056b06e7068c40f807d9e539f8f5b64a8ee0725aa8d00000000007cb6020d90ea79b8027cf75964dd86c2ed2b5e75779677aa8c76b848dd03dab190b5f02ec52830a17b01eaae1c3df076000000000000000000000000000083a48a6b926c668b9b90195018ea3619f9d80a0b894e212178e1a19909d764666264fa29e2c055fd7f8e67c2acfb75f0a8d41692f4542a575ee42ed94a0014fba44985cca9df12fe93bfaccf0122a6e7e593613ac0111701b125cc6799c43aa4ff708dc4a00a6decad26f0378072a571da000000b1a6bdf03fd56697e348b5b494f6fddb9f56142a47a40ef81690a7eca421bd0ad198afa58ce69d61c29deaa93c0efea0df04f20020ee84075b4e1a2ad43d1be1138de4668e7b6137545708790c501f1ed7f6a571d500000000000000"], 0x25, 0x5586, &(0x7f00000079c0)="$eJzs3EtvG2UXAOAzTtP71y9CLNh1pAopkWqrTi+CFQVacRGtKi4LVuDYruXW9kSx44SsumCJWPBPEEisWPIbWMASdogFiB0SyDMTaNoGSuM4avs80vjMHL8+874jK9KZiRzAU2sh/e2XJE7FsYiYi4iTSeT7SblF3Im4XIx9LiJOR0Tlri0p838lDkfE8Yg4NSle1EzKtz47Oz5z8ec3f/362yOHTnz+1XcHunDgQD0fEf3VYn+jX8SsU8RbZb4x7uaxf2FcxtUdNfpZkd9or+QVNhrb4xp5PN8pxmer68NJvNlrNCex072Z51cHxQmH4852nckH0luNtfy41V7JY3eY5bGzVZx3c6v427Y1HBV1WmW9j/LyMRptxyLf3mwX61m9ncfmYFTmi7pZq705ieMylqeLZtZr5fNYecSL/Bh4qztY30zH7bVhNxukF2v1F2r1S9X6WtZqj9oXqo1+69KFdLHTmwyrjtqN/uVOlnV67Voz6y+li51ms1qvp4tX2ivdxiCt12vna+eqF5fKvbPpa9ffS3utdHESX+kO1kfd3jC9ma2lxSeW0uXa+ReX0jP19J1rN9Ibb1+9eu3Gux9cef/6y9feeLUcdN+00sXlc8vL1fq56nJ96Sla/8flpP/D+pMHp3/4fm+XDQq7fMEA2N19/X/c2/+H/h+Yur30//3b5fH+9P/xMP1/TLP/n7RU+v9/738rB9D/zof+fx/XD3vyaP3/4anPAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAmftx/ovX852F4vhEmf9fmXqmPE4iohIRfzzAXBzeUXOurDO/y/j5e+bwTRJ5hck5jpTb8Yi4XG6//3+/rwIAAAA8ub68c/rTolsvXhYOekLMUnHTpnLywynVSyJifuGnKVWrTF6enVKx/Pt9KDanVC2/gXV0SsWKW26HplXtocztCEfvCkkRKjOdDgAAMBM7O4HZdiEAAADM0if/+O5LM5sHM5bE9qPM7WfB+X/e//1A8NiO9wAAAIDHUHLQEwAAAAD2Xd7/+/0/AAAAeLIVv/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf7JzP7lpA1EcgJ8Nhv5VUdV9r9IdHKNH6LLLwgF6CY5Ar9ALcAYiZZEjRBBhT5CcgBSJMU7Q90m2M+Po5xlg88bSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXbqpVrN/f77/PTdnuztPntkAAAAAx2yq1az+Y9K0P6b+z6nra2oXEVFGxLHafRCjVuYg5VQn/r96Mob/EXXCvn+cjg8R8SMd91+6/hQAAADgeq0Xy2lTrTentARw2++ouJBm0ab89DNTXhER1eQuU1q5P33LFFb/vofxO1NavYD1LlNYs+Q2PH5vlOshbYPW5XEm8/pLrFtlN88FAAD61K4ETlQhAAAAXIFffQ+AS3he2heH0+E947i5pBeC71stAAAA4A0q+h4AAAAA0Lm6/n9N+/8V9v8DAACA7Jr9/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjSplrN1ovl9NT9+Qtztrvz5JsRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLA/7ygQAmEQBnvXdyZz/8NKg4bGJlUgfPyNwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxf68pEAIBEEUzBn/O+n7H1YS9AwiREDDo4paNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxb799EZRhgEAf3anu1DUWKtpYtVgwkEvUhYEuRqjaTz4EUyassXqIgo9CGnEXryZnrkYPRpjoqm3fgfONOGCNw491MSTh5r5V2bbFRqUmUJ/v+Td99nZ4f23E9Jn3lkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABKm+/Gq+0iTtKXiTwuj93eWp5P641ddWp99c50WtK4VfO4nwCvVd8cn2puIAAAABweSZnfR8TdztpsWrcnsvy/U56T5vw/PJfHZT6/O+/f2Fo+Wnw0Xeb/v/9276WdjiaSrJ+00YXFQf/U3qGMPaYpHnjPP/SMsWzls3svSfaFtD9ceXGzk61n67tbt97vZuGROkYLADyKk2VdBOXfQ2nda3JgABwaY5XEu8z/k4lmxwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQh82VeKaMWxExPXY/Tm1sLc+Pqr9ZvTO9XpRzN2+uVttMm+hExMLioH+qxrkcXOVqXv9sbjDoX7l6re7geESM+OjG/v55Ugz/X8/pRsTQkRMvj2jn4330taudPUFxeUa9aziezu+hJ7eGjrT2LPh727kmLoC6gnbx/TyOLsZr/96Hg/La+/9brvm/IwAAnnqdoqSZ6N3O2mx6rDUZsf3jcP7/RiWOobx/+0Z+JH+/Xsn/731y7na1r2r+36tpfk+CmaVLX8xcvXb9rcVLcxf7F/ufv326907vzPmzZ8/PZPdKZhai7Y4JAAAA/0G3KNX8vz25d///WCWOB+z/51vCef7/5fe9r6t9JfL/ke5v+jU9EgAAgMOouxO98Ppff7ZGnNHqduOruaWlK738def96fy11uE+oiNFqeb/yWTTowIAAADqsLnSGtr/v1CJ4wH7/9Xn/5/96ZVfqm0mETEecTki+ifnLw8u1DedA62OHypnHXWbnikAAABNGS9Kdf+/kz3/39555KEdEW+eiPi7+A1/7DP/Tz749udqX9Xn/8/UOsuDpz2Vr0dWT0WMTTU9IgAAAJ5mR4uSJvt/dNZmP/312Eddz/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1O2fAAAA//+FVSwP")
socket$inet_mptcp(0x2, 0x1, 0x106)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000003c0)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r3, &(0x7f0000000180), 0x40041)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000100)='./file1\x00', 0x808046, &(0x7f0000000280), 0x3, 0x6b3, &(0x7f0000000780)="$eJzs3U9sHFcdB/DvbDbrbJBSt03TgJBiNVIFjUjsrEqChNSAEMohQhFcerUSp7HipJXjorRCZAMUJE6cUA8cilA49IQQQionRDkjIXHhlHskbhxyAIzmz9pre+PYieN1289Hmp03+96895tf5s/ubKwJ8Jl1/vXs76fI+RMXbpXL9+72Fu7d7V0flJNMJGkl7XqWopsUHyfnUk/5fPlm013xsHFevf9R0X7/w1691G6mqn1rs/U2GNmynxxYWdiXZKou/mcLHbZG91dNVT+XVvt7TMVK3GXCjg8SB+O2vEF/tXLUobHW1o9bYM+6XV83N5hMDqa+upafA9KcHR59Zhi/Tc9N/d2LAwAAAJ6Wkd/lhz3zIA9yK4d2JxwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4dCjqZwYWzdQalKdSDJ7/3xl6pn5nzOE+ofeuVLPvPjPuQAAAAAAAAADgiRx7kAe5lUOD5eWi+s3/pWrhcPX6ubydm5nLYk7mVmazlKUsZibJ5FBHnVuzS0uLMxvX/GXKNZeXl283a54euebptXH11wc66n8abGgEAAAAAAAAAJ9ZP8r51d//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgLyiSffWsmg4PypNptZMcSNIpplaad8Ya7A7487gDAAAAgKev28wPFf+rC8tF9Z3/SPW9/0Dezo0sZT5LWchcLlf3Aupv/a2/93sL9+72rpfTxo6/8a9txVH1mPrew+iRp6sWL6yscT7fzvdyIlO5mMXM5/uZzVLmMpVvVaXZFJls7l5M3rvbzSDWjfGeW7N0cX1sx4bKZXxHq0i6uZL5KraTudQZhN5q2h0dGu2PnWTdiHfK7BSvNbaYo8vNvNyiXzTzvWGy2vL9KxmZbnJfZuPZ4bxvzP0295P1I82ktXIP6vDqKOXi+pEeK+cHm3mZ658+3Zxv81ba2kz0f14uDfa+I5vnPPnyP/5y8WrrxrWrV26e2Du70WNav0/0hjLx4pYysVBmov8EmTjwJPHvnE6Tjfosur2z5UvVuocyn+/kzVzOXM5kOjM5m+l8LafTy+mhvL6weV6rY621vWPt+JeaQnlN+tnQtWnXTDysoszrs0N5HT7TTVZ1w++sZum5LWSp6GR0lv45MpT2F5pCOcaPh64447c+EzNDmXh+80z8+r/LSW4u3Li2eHX2rS2O93IzLw/b99aem3+zIxu0fc3mlvvLc+U/VurLxvDeUdY9P6hbl69O84tLu+lsTV0n1fFc1z3qSC17OnJnVE913YsjR+lVdUeH6tZ8ysmbWVj5FNLY9YMUgC04+MrBTvd+92/dD7o/6V7tXjjwzYmzE1/sZP9f23/a97vWb1tfL17JB/lhDo07UgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+DS4+c6712YXFuYW92AhrR3u8M7IqkEq6nc6I9ocyx7IxiejMLHZHvX71I9resjqnXHE3M1D49ndQtq7MNZERlRdWHmnm7RW4klybY884A54Gk4tXX/r1M133v3K/PXZN+bemLtx+uyZ1870vjpz+9SV+YW56fq1adwec7DAjlr9GDDuSAAAAAAAAAAAAICt2o0/bxgxbNEfw7YCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAn0znX8/+forMTJ+cLpfv3e0tlNOgvNqynaSVpPhBUnycnEs9ZXKou+Jh47x6/6Nfvfz+h73VvtqD9q116/3h38vL29yKfjNlKsm+Zv5oE1vq79JQf/1tBlYrVrawTNjxQeJg3P4fAAD//+/HBYc=")
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x62400, 0x0)

2.652680826s ago: executing program 1 (id=138):
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x83, 0x2, 0x3, 0x7f, 0xa9, 0x4d, 0x6, 0x5f, 0x9, 0x15, 0xffff2d37, 0xff7fff01, 0x6, 0x5, 0x7, 0x5, 0x8006, 0x0, 0x7, 0x3c5b, 0x1, 0x24, 0x10, 0x5, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x20003, 0x8, 0x4c74, 0x10000, 0x242, 0x3, 0xe, 0x8, 0x80008071, 0x7, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x18e, 0x6, 0x6, 0x454f, 0x6, 0x4, 0x8, 0x3ff, 0x80, 0x0, 0x5, 0x6, 0x8, 0x8000, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432f6, 0xc8, 0xf1, 0xe, 0x2bf, 0x6c7, 0x9, 0x4, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x66abcbd2, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0xfffff575, 0x5f31, 0xd, 0x4e0, 0x381, 0x4, 0xb, 0x4, 0x9, 0x8, 0x5, 0x6, 0x47, 0x8, 0x1, 0xfe000000, 0x8, 0x2, 0x4, 0x9, 0x3, 0x3, 0x4000009, 0x6, 0x0, 0x3, 0xbc45, 0x48c93690, 0x42, 0x3], [0x4, 0x408, 0x4, 0x5, 0xfffffffd, 0x100, 0x4, 0x9, 0x5, 0x7fff, 0x0, 0x9, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x303c, 0xfffffffa, 0x8000000b, 0x5, 0x2, 0x2, 0x400003, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x0, 0x2950bfaf, 0x1000, 0xa2, 0x4, 0xa9, 0x5, 0x0, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0xffffffff, 0x5, 0x10000, 0x120000, 0x807ff, 0x2006, 0x80a2ef, 0x1, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x1938, 0x6, 0x6, 0xfffffffd, 0xb9, 0xce4, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x2, 0x10000, 0x4, 0x7fff, 0xffff, 0xa620, 0x1, 0x5, 0x1, 0x2000002, 0x14c, 0x60a7, 0x6, 0x7, 0xffffffff, 0x80000000, 0x5, 0x5, 0xc8, 0x1, 0xfffff000, 0xffff, 0x3, 0x7e, 0x100, 0x9622, 0x7, 0xaf, 0x20000008, 0x4, 0x226, 0x2, 0x5, 0x0, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x530e, 0x6c1b, 0xfffffffe, 0x4, 0x5, 0x803, 0xd7, 0x200, 0xb, 0xfff]}, 0x45c)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000001100)='./file1\x00', 0x0, &(0x7f0000000200)={[{@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}, {@usrjquota}, {@errors_remount}, {@dioread_lock}, {@max_batch_time={'max_batch_time', 0x3d, 0x5}}, {@mblk_io_submit}, {@minixdf}, {@barrier_val}, {@nombcache}, {}]}, 0x45, 0x7b6, &(0x7f0000001140)="$eJzs3c9rG1ceAPDvyPLPZNdeWNjNngwLu4EQeZ31JruwsF72sBQaCLSnHpoYWTGpZStYcoiNaRNKoZdCW3prLzn356X02h+HXtr/oySkrROa0kNxGf2wZVtyrMSWkubzgYne07zRe995ozcvmrEUwBNrPP0nE3EsIl5PIkbrzycR0V9NZSOma+Xura/l0yWJjY1nvkuqZe6ur+WjaZvUkXrmjxHx+SsRJzK76y2vrM7PFIuFpXp+orJweaK8snry0sLMXGGusHh6cmrq1Jl/nDn9UOENN2d++Hr16K03/v/XD6Z/evkPH772RRLTcbS+rjmOgzIe4/V90p/uwm3+d9CV9czHL+6jUNMRkD3MxtChtGP66r1yLEajb6/+Ge5mywCAw/JSRGy009d2DQDwWEtq5///9LodAEC3ND4HuLu+lm8svf1Eortu/zcihobqudr1zVo6W79mN1S9DjpyN9l2ZSSJiLEDqH88It755Pn30iUO6TokQCvXrkfEhbHx3eN/suuehU79rfXTc82Z8R0rjX/QPZ+m859/tpr/ZTbnP9Fi/jPY4r37IO7//s/cPIBq2krnf/9uurftXlP8dWN99dxvqnO+/uTipWIhHdt+GxHHo38wzU/uUcfxOz/fabeuef73/ZsvvJvWnz5ulcjczA5u32Z2pjLzMDE3u3094k/ZVvGn4/9gtf+TNvPfc/X0wH3qeOpfr77dbl0afxpvY9kd/+HauBHxl5b9n2yWSfa8P3GiejhMNA6KFj6ajpF29Y9nt/o/XdL6G/8X6Ia0/0f2jn8sab5fs7zvl968W+yrG6OftSvUfPy3jr/18T+QPFtNN469qzOVytJkxEDy9O7nT21t28g3yqfxH/9z6/d/Y/xrcfw/l77+hX3uiOytb99/8PgPVxr/bEf933Eihu7N97Wrf3/9P7Vtm/2Mf/tt4IPuNwAAAAAAAAAAAAAAAAAAAAAAAADoRCYijkaSyW2mM5lcrvYb3r+PkUyxVK6cuFhaXpyN6m9lj0V/pvFVl6NN34c6Wf8+/Eb+1I783yPidxHx1uBwNZ/Ll4qzvQ4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOqOtPn9/9Q3gzsK9/WihQDAoRhyYgeAJ02Szfa6CQBAtw11VHr40NoBAHRPZ+d/AODXwPkfAJ489zn/7/wzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjUubNn02Xjx/W1fJqfvbKyPF+6cnK2UJ7PLSznc/nS0uXcXKk0Vyzk8qWFti90rfZQLJUuT8Xi8tWJSqFcmSivrJ5fKC0vVs5fWpiZK5wv9HctMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYv/LK6vxMsVhYkuhJYv7LWj88Ku2R6CwR12r996i05+ASMbA1Sgz3ZnACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeAz8EgAA//99gB7t")
acct(&(0x7f0000000200)='./file1\x00')
r3 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r3, 0x0, &(0x7f0000000040)='dirsync\x00', 0x0, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r3, 0x7, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4276ef66ba420266b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000980)=[@textreal={0x8, 0x0}], 0x1, 0x51, 0x0, 0x0)
r4 = epoll_create1(0x80000)
r5 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000), 0x140, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r5, &(0x7f0000000180)={0x80000001})
syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x9, &(0x7f0000000000)={[{@nombcache}, {@jqfmt_vfsv0}, {@abort}, {}, {@noquota}, {@usrjquota, 0x2e}], [], 0x2e}, 0x6, 0x48d, &(0x7f0000000980)="$eJzs3EtvG1UbAOB3xnV6/5qv3wV6AQIFEXFJmrRAF2xAIHWDhARIZRnStCpNG9QEiVYVTREqS9RfACyR+AWsYIOAFYgtSGyQEFKFuqGwGjT2TOpcHGzHjil+HsntOTNnfM47M8c+MyfjAAbWSP5PErErIr4fithTzy4vMFL/79bNy9O/37w8nUSWvfRrUiv3283L02XRcrudRWY0jUjfTeLAGvXOX7x0dmp2duZCkR9fOPfG+PzFS4+fOTd1eub0zPnJY8eOHpl46snJJ7oS5+68rfvfnju47/ir11+YPnH9ta8+yZfvKtY3xlE33PJ7b2+yfCRGlu/LBg9F/JRlWct1/N3tbkgnW/rYENpSiYj8cFXz/h97ohK3D96eeP6dvjYO6Kksy7Ktq5ZWysRiBvyDJdF0VbqpDQE2WflFn1//lq9NHH703Y1n6hdAedy3ild9zZZIizLVFde33TQSEScW//ggf8Wa9yEAALrrs3z889ha4780/t9Q7l9Rnxsajoh/R8TeiPhPRPw3Iv4XUSt7V0Tc3Wb9Iyvyq8c/3zabXumKfPz3dDG3dXv8N1SLvzBcKXK7a/FXk1NnZmcOF/tkNKpb8/zEOnV8/tx37y9lti1f1zj+y195/eVYsC79ZcuKG3QnpxamuhB6zY2rS4GuGP8mSzMBSUTsi4j9Hbx/vs/OPPLxwWbr/zr+dXRhnin7KOLh+vFfjBXxl5L15yfHt8XszOHx8qxY7etvrr3YrP4Nxd8FN65G7Fh1/kdj/MNJ43ztfPt1XPvhvabXNJ2e/0PJy7X0ULHsramFhQsTEUPJ4urlk7e3LfNl+Tz+0UNrxZ/W3uPDYrsDEZGfxPdExL0RcV/R9vsj4oGIOLRO/F8+++DrncffW3n8J9s6/u0nKme/+LRZ/a0d/6O11GixpJXPv1YbuJF9BwAAAHeKtPY38Ek6tpRO07GxiFdq93Z3pLNz8wuPnpp78/zJ+t/KD0c1Le90pQ33QyeKe8NlfnJF/kjtvnGWZdn2Wn5sem62V3PqQGt2Nun/uZ8r/W4d0HNtzaM1e6INuCO11f9XPy0E3ME8rw2Dq9X+X+1xO4DN5/sfBtda/f9KxK0+NAXYZL7/YXDp/zC49H8YXPo/DKSNPNe/XmLv8Y43zzZUe/n7Kh1u/mNP9sZ6iUqnm29t42cOepCIdM1V1YjoS3vaSqS9qyI/+drbKj+QrRa+0umJ3XZi2cfEUD8+mwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALrhzwAAAP//dNfhIw==")
mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x7, 0xf, 0x9, '\x00', 0x9})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000009, 0x12, r7, 0x1000)
setsockopt$inet6_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000080)='highspeed\x00', 0xa)

2.642703942s ago: executing program 0 (id=139):
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet6_tcp(0xa, 0x1, 0x0)
mmap$KVM_VCPU(&(0x7f0000f3d000/0x4000)=nil, 0x930, 0xc, 0x8010, 0xffffffffffffffff, 0x0)
syz_usbip_server_init(0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000021c0)='/proc/asound/timers\x00', 0x0, 0x0)
read$FUSE(r4, &(0x7f0000000180)={0x2020}, 0x2024)
r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_int(r5, 0x0, 0x8, &(0x7f0000000080)=0x5, 0x4)
sendto$inet(r5, &(0x7f0000000000)="f461c5bbd75c3583", 0x8, 0x0, &(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10)
recvmmsg(r5, &(0x7f0000000ec0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000800)=""/238, 0xee}, 0x4}], 0x1, 0x40000140, 0x0)

1.591670331s ago: executing program 2 (id=140):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000180)='./file1\x00', 0x4040, &(0x7f00000015c0)=ANY=[], 0x2, 0xc2d, &(0x7f00000001c0)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIhRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2KEmV9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSwWwEAPEhXRr96+qz7PwA8Vq76/38AAAAAAAAAAAAAADjoUhTxZKSYu7KWxqv3HfXL7b5bt8eGhrevdiRVNQ9V5cuf+pmz585/6YXBC9283J75gPr322fjtdGrlxovz96cm59aWJiabIzNtCdmJ6d2vYe91t/qZHUCGjdfvzV5/fpC4+zz5zZ9fHvg/f4njg9cHHz21DPdsmNDw8OjG0XqveVr99yQjp1meByOIk5Fiue+99PUiogi9n4u6g927Lc6UnXiZNWJsaHhqiPT7dbMYvnhSPdEFBGNnkrN7jnafiyi1vdA+7CzZsRS2fyywSfL7o3OteZb16anGiOt+cX2Ynt2ZiR1Wlv2pxFFXEgRyxGx2n/37vqiiFqk+M6xtXQtIg51z8MXq4nBO7ej2Mc+7kLZzkZfxHLxCIzZAdYfRbwaKX72zomYyNeZ6lrzhYhXy/xBxFtlvhSRyi/G+Yj3tvke8WiqRRF/WY7/xbU0WV0PuteVy19rfGXm+mxP2e515SPeH+66Ujyk+8ORLflgHPBrUz2KaFVX/LV077/ZAQAAAAAAAAAAAAAAAOB+OxJFfCZSvPIff1LNK45qXvqxi4N/OPCrvXPGn/6Q/ZRln4+IpWJ3c3IP54mBI2kkpYc8l/hxVo8i/jTP//vWw24MAAAAAAAAAAAAAAAAAADAY62In0SKF989kZajd03x9syNxtXWtenOqrDdtX+7a6avr6+vN1InmznHcy7lXM65knM1ZxS5fs5mzvGcSzmXc67kXM0Zh3L9nM2c4zmXci7nXMm5mjNquX7OZs7xnEs5l3Ou5FzNGQdk7V4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+TIor4RaT49jfWUqSIaEaMRydX+h926wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAUn8q4vuRovFHzTvbahGRqn87TpS/nI/m4TI/Gc3BMl+K5qWcrSprzW89hPazN32piB9Hiv7623cGPI9/X+fdna9BvPXNjXefrXXyUPfDgff7nzh+7OLg8G88vdPrtF0DTl5uz9y63RgbGh4e7dlcy0f/ZM+2gXzc4v50nYhYeOPN11vT01Pz9/6i/Arsofoj9CLVHpeeelG9iNqBaMbD6TuPgfL+/16k+N13/7N7w+/c/+vxK513d+7w8fM/27j/v7h1R7u8/9e21sv3//Kevt39/8mebS/m34301SLqizfn+o5H1BfeePNU+2brxtSNqZnzp09/eXDwy+dO9x2OqF9vT0/1vLovpwsAAAAAAAAAAAAAAADgwUlF/H6kaP14LTUi4nY1X2vg4uCzp545FIeq+Vab5m2/Nnr1UuPl2Ztz81MLC1OTjbGZ9sTs5NRuD1evpnuNDQ3vS2c+1JF9bv+R+suzc2/Mt2/88eK2nx+tX7q2sDjfmtj+4zgSRUSzd8vJqsFjQ8NVo6fbrZmq6si2k+k/ur5UxH9FionzjfT5vC3P/986w3/T/P+lrTvap/n/n+jZVh4zpSJ+Hil+56+ejs9X7Twad52zXO7vIsXJC5/L5eJwWa7bhs5zBTozA8uy/xcp/ukXm8t250M+uVH2zK5P7COiHP9jkeL7f/Hd+M28bfPzH7Yf/6Nbd7RP4/9Uz7ajm55XsOeuk8f/VKR46cm347fytg96/kf32RsncuE7z+fYp/H/VM+2gXzc374/XQcAAAAAAAAAAHik9aUi/j5S/HC4ll7I23bz9/8mt+5on/7+16d7tk3en/WKPvTFnk8qAAAAABwQfamIn0SKG4tv35lDvXn+d8/8z9/bmP85lLZ8Wv05369Vzw24n3/+12sgH3d8790GAAAAAAAAAAAAAAAAAACAAyWlIl7I66mPV/P5J3dcT30lUrzyP8/lcul4Wa67DvxA9Wv9yuzMqUvT07MTrcXWtempxuhca2KqrPtUpFj728/lukW1vnp3vfnOGu8ba7HPR4rhf+iW7azF3l2b/KmNsmfKsp+IFP/9j5vLdtex/tRG2bNl2b+JFF//l+3LHt8oe64s+91I8aOvN7plj5Zlu89H/fRG2ecnZot9GBUAAAAAAAAAAAAAAAAAAAAeN32piD+PFP97c/nOXP68/n9fz9vKW9/sWe9/i9vVOv8D1fr/O72+l/X/q+cKLO10VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HhKUcSbkWLuylpa6S/fd9Qvt2du3R4bGt6+2pFU1TxUlS9/6mfOnjv/pRcGL3Tzg+vfb5+J10avXmq8PHtzbn5qYWFqsjE2056YnZza9R72Wn+rk9UJaNx8/dbk9esLjbPPn9v08e2B9/ufOD5wcfDZU890y44NDQ+P9pSp9d3z0e+Sdth+OIr460jx3Pd+mn7YH1HE3s/Fh3x39tuRqhMnq06MDQ1XHZlut2YWyw9HuieiiGj0VGp2z9EDGIs9aUYslc0vG3yy7N7oXGu+dW16qjHSml9sL7ZnZ0ZSp7VlfxpRxIUUsRwRq/13764ving9Unzn2Fr61/6IQ93z8MUro189fXbndhT72MddKNvZ6ItYLh6BMTvA+qOIf44UP3vnRPxbf0QtOj/xhYhXy/xBxFvRGe9UfjHOR7y3zfeIR1Mtivj/cvwvrqV3+svrQfe6cvlrja/MXJ/tKdu9rjzy94cH6YBfm+pRxI+qK/5a+nf/XQMAAAAAAAAAAAAAAAAcIEX8eqR48d0TqZoffGdOcXvmRuNq69p0Z1pfd+5fd870+vr6eiN1splzPOdSzuWcKzlXc0aR6+dslllfXx/P75dyLudcybmaMw7l+jmbOcdzLuVczrmSczVn1HL9nM2c4zmXci7nXMm5mjMOyNw9AAAAAAAAAAAAAAAAAADg46Wo/knx7W+spfX+zvrS49HJFeuBfuz9MgAA//8hX/ir")
r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0)
ioctl$I2C_SMBUS(r0, 0x541b, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='blkio.throttle.io_serviced\x00', 0x275a, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0xc0086c43, &(0x7f0000000080)=0x700)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$FBIO_WAITFORVSYNC(r1, 0x40044620, 0x0)
setresuid(0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r5 = syz_open_dev$I2C(&(0x7f0000000080), 0x0, 0x0)
ioctl$I2C_SMBUS(r5, 0x720, &(0x7f00000000c0)={0x0, 0x0, 0x4, 0xfffffffffffffffe})
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x60000, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000080)=0x1)
ioctl$TCFLSH(r6, 0x8910, 0xffffffffffff7ffe)

0s ago: executing program 0 (id=141):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
ioctl$VIDIOC_PREPARE_BUF(r0, 0xc058565d, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
socket$nl_sock_diag(0x10, 0x3, 0x4)
r4 = open(0x0, 0x0, 0x0)
getdents(r4, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = syz_open_dev$I2C(0x0, 0x0, 0x2000)
ioctl$I2C_RDWR(r5, 0x707, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x4, 0x4, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x3, 0x17, &(0x7f0000000880)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {0x85, 0x0, 0x0, 0x76}}, {{0x6, 0x0, 0x2, 0x9, 0x0, 0x6, 0xe7030000}, {0x4, 0x0, 0x0, 0x6}}, [@printk={@llu, {0x5, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0xa, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x14}}], {{0x4, 0x1, 0x5, 0x3}, {0x5, 0x0, 0xb, 0x3, 0x0, 0x2}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.76' (ED25519) to the list of known hosts.
[   81.632316][ T5821] cgroup: Unknown subsys name 'net'
[   81.744391][ T5821] cgroup: Unknown subsys name 'cpuset'
[   81.753568][ T5821] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   83.298565][ T5821] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   85.986040][ T5840] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   85.994340][ T5840] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   86.002757][ T5840] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   86.004924][ T5845] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   86.010051][ T5840] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   86.018090][ T5845] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   86.024921][ T5840] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   86.032353][ T5845] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   86.045438][ T5848] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   86.053756][ T5845] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   86.062370][ T5848] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   86.069934][ T5845] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   86.077656][ T5848] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   86.096247][ T5848] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   86.107457][ T5847] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   86.114951][ T5848] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   86.123508][ T5848] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   86.132210][ T5847] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   86.160999][ T5837] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   86.168842][ T5837] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   86.194722][ T5840] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   86.211252][ T5840] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   86.220185][ T5840] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   86.230242][ T5840] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   86.252709][ T5840] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   86.807999][ T5842] chnl_net:caif_netlink_parms(): no params data found
[   86.838838][ T5831] chnl_net:caif_netlink_parms(): no params data found
[   87.026875][ T5835] chnl_net:caif_netlink_parms(): no params data found
[   87.059298][ T5832] chnl_net:caif_netlink_parms(): no params data found
[   87.305805][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.313128][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.320542][ T5831] bridge_slave_0: entered allmulticast mode
[   87.331294][ T5831] bridge_slave_0: entered promiscuous mode
[   87.356202][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.363640][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.370921][ T5842] bridge_slave_0: entered allmulticast mode
[   87.378019][ T5842] bridge_slave_0: entered promiscuous mode
[   87.426027][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.433641][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.441278][ T5831] bridge_slave_1: entered allmulticast mode
[   87.448443][ T5831] bridge_slave_1: entered promiscuous mode
[   87.456211][ T5850] chnl_net:caif_netlink_parms(): no params data found
[   87.466828][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.474199][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.481922][ T5842] bridge_slave_1: entered allmulticast mode
[   87.489229][ T5842] bridge_slave_1: entered promiscuous mode
[   87.515191][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.522491][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.529895][ T5835] bridge_slave_0: entered allmulticast mode
[   87.537911][ T5835] bridge_slave_0: entered promiscuous mode
[   87.546605][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.554256][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.561699][ T5835] bridge_slave_1: entered allmulticast mode
[   87.568778][ T5835] bridge_slave_1: entered promiscuous mode
[   87.628467][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   87.669647][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   87.691897][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   87.726973][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.734598][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.742771][ T5832] bridge_slave_0: entered allmulticast mode
[   87.749845][ T5832] bridge_slave_0: entered promiscuous mode
[   87.774814][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   87.786437][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   87.826520][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.833798][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.841659][ T5832] bridge_slave_1: entered allmulticast mode
[   87.849544][ T5832] bridge_slave_1: entered promiscuous mode
[   87.877504][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   87.908432][ T5842] team0: Port device team_slave_0 added
[   87.930455][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   87.979662][ T5831] team0: Port device team_slave_0 added
[   88.007778][ T5842] team0: Port device team_slave_1 added
[   88.017872][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   88.042147][ T5835] team0: Port device team_slave_0 added
[   88.049640][ T5831] team0: Port device team_slave_1 added
[   88.120480][ T5835] team0: Port device team_slave_1 added
[   88.154253][ T5847] Bluetooth: hci0: command tx timeout
[   88.158034][ T5840] Bluetooth: hci3: command tx timeout
[   88.168538][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.176096][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.204064][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.215799][ T5850] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.223389][ T5850] bridge0: port 1(bridge_slave_0) entered disabled state
[   88.230937][ T5850] bridge_slave_0: entered allmulticast mode
[   88.238312][ T5850] bridge_slave_0: entered promiscuous mode
[   88.241504][ T5840] Bluetooth: hci1: command tx timeout
[   88.247268][ T5850] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.249790][ T5847] Bluetooth: hci2: command tx timeout
[   88.256791][ T5850] bridge0: port 2(bridge_slave_1) entered disabled state
[   88.256947][ T5850] bridge_slave_1: entered allmulticast mode
[   88.279318][ T5850] bridge_slave_1: entered promiscuous mode
[   88.286692][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.294162][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.320435][ T5847] Bluetooth: hci4: command tx timeout
[   88.324436][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.341591][ T5832] team0: Port device team_slave_0 added
[   88.362503][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.369477][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.395817][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   88.442145][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.449126][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.475376][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   88.488786][ T5832] team0: Port device team_slave_1 added
[   88.495810][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.503409][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.529361][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.542614][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.549559][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.576076][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   88.597211][ T5850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   88.642279][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.649259][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.676016][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.688470][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.696604][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.723058][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   88.736694][ T5850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   88.814681][ T5850] team0: Port device team_slave_0 added
[   88.852346][ T5831] hsr_slave_0: entered promiscuous mode
[   88.858899][ T5831] hsr_slave_1: entered promiscuous mode
[   88.870084][ T5850] team0: Port device team_slave_1 added
[   88.972144][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.979132][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.005216][ T5850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   89.022780][ T5842] hsr_slave_0: entered promiscuous mode
[   89.029106][ T5842] hsr_slave_1: entered promiscuous mode
[   89.035409][ T5842] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   89.043370][ T5842] Cannot create hsr debugfs directory
[   89.053507][ T5835] hsr_slave_0: entered promiscuous mode
[   89.059750][ T5835] hsr_slave_1: entered promiscuous mode
[   89.067095][ T5835] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   89.074707][ T5835] Cannot create hsr debugfs directory
[   89.086879][ T5832] hsr_slave_0: entered promiscuous mode
[   89.093284][ T5832] hsr_slave_1: entered promiscuous mode
[   89.099292][ T5832] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   89.107168][ T5832] Cannot create hsr debugfs directory
[   89.128694][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_1
[   89.135888][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.161950][ T5850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   89.304145][ T5850] hsr_slave_0: entered promiscuous mode
[   89.310450][ T5850] hsr_slave_1: entered promiscuous mode
[   89.317575][ T5850] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   89.325376][ T5850] Cannot create hsr debugfs directory
[   89.816575][ T5831] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   89.835075][ T5831] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   89.860571][ T5831] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   89.879982][ T5831] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   89.928475][ T5832] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   89.938576][ T5832] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   89.958788][ T5832] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   89.969175][ T5832] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   90.060309][ T5835] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   90.095399][ T5835] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   90.105924][ T5835] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   90.143168][ T5850] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   90.163713][ T5835] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   90.203853][ T5850] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   90.231300][ T5847] Bluetooth: hci0: command tx timeout
[   90.236733][ T5850] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   90.244076][ T5840] Bluetooth: hci3: command tx timeout
[   90.253850][ T5850] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   90.295079][ T5842] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   90.311907][ T5840] Bluetooth: hci2: command tx timeout
[   90.314508][ T5847] Bluetooth: hci1: command tx timeout
[   90.324315][ T5842] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   90.336630][ T5842] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   90.355523][ T5842] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   90.390994][ T5847] Bluetooth: hci4: command tx timeout
[   90.432417][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.487961][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.523498][ T5832] 8021q: adding VLAN 0 to HW filter on device team0
[   90.535093][ T5831] 8021q: adding VLAN 0 to HW filter on device team0
[   90.569165][ T1037] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.576435][ T1037] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.588045][ T1037] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.595175][ T1037] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.606314][ T1037] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.613458][ T1037] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.649166][ T1037] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.656329][ T1037] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.784793][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.838872][ T5850] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.907847][ T5850] 8021q: adding VLAN 0 to HW filter on device team0
[   90.927567][ T5835] 8021q: adding VLAN 0 to HW filter on device team0
[   91.006726][ T1037] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.014020][ T1037] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.027266][ T1037] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.034481][ T1037] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.044966][ T1037] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.052192][ T1037] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.063594][ T1037] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.070785][ T1037] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.096320][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0
[   91.183135][ T5842] 8021q: adding VLAN 0 to HW filter on device team0
[   91.249773][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.256979][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.270223][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.277366][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.359418][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.410177][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.666468][ T5832] veth0_vlan: entered promiscuous mode
[   91.697291][ T5831] veth0_vlan: entered promiscuous mode
[   91.735266][ T5831] veth1_vlan: entered promiscuous mode
[   91.758348][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.769314][ T5832] veth1_vlan: entered promiscuous mode
[   91.836484][  T916] cfg80211: failed to load regulatory.db
[   91.892631][ T5831] veth0_macvtap: entered promiscuous mode
[   91.927962][ T5832] veth0_macvtap: entered promiscuous mode
[   91.958600][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.968953][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.977498][ T5832] veth1_macvtap: entered promiscuous mode
[   91.985517][ T5831] veth1_macvtap: entered promiscuous mode
[   92.050184][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0
[   92.098628][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.116527][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0
[   92.138863][ T5831] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.149684][ T5831] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.159293][ T5831] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.168084][ T5831] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.222979][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.237469][ T5842] veth0_vlan: entered promiscuous mode
[   92.273127][ T5832] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.282394][ T5832] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.292833][ T5832] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.301893][ T5832] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.311295][ T5847] Bluetooth: hci0: command tx timeout
[   92.312166][ T5840] Bluetooth: hci3: command tx timeout
[   92.324570][ T5835] veth0_vlan: entered promiscuous mode
[   92.334032][ T5842] veth1_vlan: entered promiscuous mode
[   92.371653][ T5835] veth1_vlan: entered promiscuous mode
[   92.400541][ T5840] Bluetooth: hci1: command tx timeout
[   92.406340][ T5847] Bluetooth: hci2: command tx timeout
[   92.458536][ T5842] veth0_macvtap: entered promiscuous mode
[   92.472122][ T5840] Bluetooth: hci4: command tx timeout
[   92.512299][ T5842] veth1_macvtap: entered promiscuous mode
[   92.536886][ T5850] veth0_vlan: entered promiscuous mode
[   92.566381][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.575215][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.604310][ T5850] veth1_vlan: entered promiscuous mode
[   92.616419][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.622990][ T5835] veth0_macvtap: entered promiscuous mode
[   92.633385][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.660749][ T5835] veth1_macvtap: entered promiscuous mode
[   92.670637][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0
[   92.728429][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.738199][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.756449][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.757579][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0
[   92.785246][ T5842] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.795216][ T5842] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.804384][ T5842] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.814181][ T5842] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.850073][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.861581][ T5835] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.870309][ T5835] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.880205][ T5835] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.890067][ T5835] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.909590][ T5831] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   92.915589][ T5850] veth0_macvtap: entered promiscuous mode
[   92.938171][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.949113][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.999306][ T5850] veth1_macvtap: entered promiscuous mode
[   93.111529][ T5954] loop1: detected capacity change from 0 to 1024
[   93.153708][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.207071][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_1
[   94.394690][ T5840] Bluetooth: hci3: command tx timeout
[   94.400147][ T5840] Bluetooth: hci0: command tx timeout
[   95.162305][ T5840] Bluetooth: hci1: command tx timeout
[   95.168898][ T5840] Bluetooth: hci2: command tx timeout
[   95.179475][ T5847] Bluetooth: hci4: command tx timeout
[   95.209906][ T5850] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.230465][ T5850] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.245555][ T5850] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.254601][ T5850] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.342923][ T5964] Driver unsupported XDP return value 0 on prog  (id 2) dev N/A, expect packet loss!
[   95.360854][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.360914][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.375568][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.382519][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.481575][ T5965] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   95.565830][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.597855][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.642743][ T1037] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.655704][ T1037] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.011241][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   96.020269][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   96.029122][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   96.037693][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   96.046281][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   96.189311][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   96.291808][    T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!!
[   96.300859][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   96.393662][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   96.403088][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   96.563683][ T1037] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.657981][ T1037] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.878575][ T5986] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method
[   97.918715][ T1037] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   98.319104][ T1037] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.485150][   T30] audit: type=1326 audit(1749715548.588:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5984 comm="syz.0.10" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3da7f8e929 code=0x0
[   98.554273][ T5990] loop0: detected capacity change from 0 to 512
[   98.670624][ T5990] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   98.755631][ T5990] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   98.994370][ T5995] loop1: detected capacity change from 0 to 128
[   99.107923][ T5995] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x00000000 (sector = 1)
[   99.122329][ T5990] EXT4-fs (loop0): 1 truncate cleaned up
[   99.129138][ T5990] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   99.360797][   T30] audit: type=1800 audit(1749715549.348:3): pid=5995 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.11" name="file1" dev="loop1" ino=1048600 res=0 errno=0
[  101.494225][ T5835] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  101.664266][   T13] kworker/u8:1: attempt to access beyond end of device
[  101.664266][   T13] loop1: rw=1, sector=145, nr_sectors = 896 limit=128
[  101.682534][   T13] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x00000000 (sector = 1)
[  102.499265][ T6019] Invalid source name
[  102.503567][ T6019] UBIFS error (pid: 6019): cannot open "./file0", error -22
[  103.498462][ T6019] syz.0.14 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  105.827809][   T30] audit: type=1326 audit(1749715555.868:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6039 comm="syz.3.23" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc49c98e929 code=0x7ffc0000
[  106.172529][ T6042] loop3: detected capacity change from 0 to 32768
[  106.179948][ T6042] =======================================================
[  106.179948][ T6042] WARNING: The mand mount option has been deprecated and
[  106.179948][ T6042]          and is ignored by this kernel. Remove the mand
[  106.179948][ T6042]          option from the mount to silence this warning.
[  106.179948][ T6042] =======================================================
[  106.533127][   T30] audit: type=1326 audit(1749715555.918:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6039 comm="syz.3.23" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc49c98e929 code=0x7ffc0000
[  106.671012][   T30] audit: type=1326 audit(1749715555.928:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6039 comm="syz.3.23" exe="/root/syz-executor" sig=0 arch=c000003e syscall=67 compat=0 ip=0x7fc49c98e929 code=0x7ffc0000
[  106.700780][   T30] audit: type=1326 audit(1749715555.928:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6039 comm="syz.3.23" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc49c98e929 code=0x7ffc0000
[  106.728160][   T30] audit: type=1326 audit(1749715555.928:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6039 comm="syz.3.23" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc49c98e929 code=0x7ffc0000
[  106.754090][   T30] audit: type=1326 audit(1749715555.928:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6039 comm="syz.3.23" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc49c98e929 code=0x7ffc0000
[  106.792685][ T6042] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  106.883870][   T30] audit: type=1326 audit(1749715555.938:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6039 comm="syz.3.23" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7fc49c98e929 code=0x7ffc0000
[  106.911177][   T30] audit: type=1326 audit(1749715555.938:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6039 comm="syz.3.23" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc49c98e929 code=0x7ffc0000
[  106.935009][   T30] audit: type=1326 audit(1749715555.938:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6039 comm="syz.3.23" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fc49c98e929 code=0x7ffc0000
[  106.959457][   T30] audit: type=1326 audit(1749715555.938:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6039 comm="syz.3.23" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc49c98e929 code=0x7ffc0000
[  107.006481][ T6042] XFS (loop3): Ending clean mount
[  107.017808][ T6042] XFS (loop3): Quotacheck needed: Please wait.
[  107.122901][ T6042] XFS (loop3): Quotacheck: Done.
[  107.498209][ T6062] Zero length message leads to an empty skb
[  108.416242][ T6063] process 'syz.1.24' launched './file2' with NULL argv: empty string added
[  108.473567][ T6068] loop4: detected capacity change from 0 to 512
[  108.509330][ T6066] loop2: detected capacity change from 0 to 2048
[  108.586091][ T6066] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024)
[  108.607788][ T6068] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  108.621447][ T6068] ext4 filesystem being mounted at /5/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  108.715571][ T6068] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  108.750792][ T6075] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  108.773907][ T6022] udevd[6022]: incorrect nilfs2 checksum on /dev/loop2
[  110.267953][ T5850] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  111.328975][ T6083] loop1: detected capacity change from 0 to 32768
[  111.397005][ T6083] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  113.276677][ T6083] XFS (loop1): Metadata corruption detected at __xfs_buf_ioend+0x33f/0x6f0, xfs_inode block 0x3000 xfs_inode_buf_verify
[  113.291292][ T6083] XFS (loop1): Unmount and run xfs_repair
[  113.297722][ T6083] XFS (loop1): First 128 bytes of corrupted metadata buffer:
[  113.305260][ T6083] 00000000: 49 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00  I...............
[  113.314149][ T6083] 00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  113.323028][ T6083] 00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  113.331886][ T6083] 00000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  113.340765][ T6083] 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  113.349612][ T6083] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  113.358838][ T6083] 00000060: ff ff ff ff 34 42 28 19 00 00 00 00 00 00 00 00  ....4B(.........
[  113.367724][ T6083] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  113.376729][ T6083] XFS (loop1): metadata I/O error in "xfs_imap_to_bp+0x127/0x2f0" at daddr 0x3000 len 64 error 117
[  113.387582][ T6083] XFS (loop1): Failed to read root inode 0x1800, error 117
[  113.397030][ T6083] XFS (loop1): Uncorrected metadata errors detected; please run xfs_repair.
[  113.710078][ T6104] loop1: detected capacity change from 0 to 256
[  114.707580][ T6107] lo speed is unknown, defaulting to 1000
[  114.713522][ T6107] lo speed is unknown, defaulting to 1000
[  114.720758][ T6107] lo speed is unknown, defaulting to 1000
[  114.731629][ T6107] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  114.744786][ T6107] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  114.769150][ T6107] lo speed is unknown, defaulting to 1000
[  114.776656][ T6107] lo speed is unknown, defaulting to 1000
[  114.783633][ T6107] lo speed is unknown, defaulting to 1000
[  114.790569][ T6107] lo speed is unknown, defaulting to 1000
[  114.797515][ T6107] lo speed is unknown, defaulting to 1000
[  115.428590][ T6116] loop4: detected capacity change from 0 to 1024
[  115.462550][ T6116] EXT4-fs: Ignoring removed orlov option
[  115.468268][ T6116] EXT4-fs: Ignoring removed nomblk_io_submit option
[  115.567829][ T6116] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  115.698825][ T5842] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  116.171023][ T6127] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  117.508334][ T6116] syz.4.35 (6116) used greatest stack depth: 19464 bytes left
[  117.586616][ T5850] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  117.892966][ T6135] block device autoloading is deprecated and will be removed.
[  120.880950][ T6144] loop0: detected capacity change from 0 to 128
[  124.341304][ T6170] warning: `syz.1.44' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  124.432240][ T6171] binder_alloc: 6158: binder_alloc_buf, no vma
[  125.779572][ T6182] misc userio: Can't change port type on an already running userio instance
[  126.651741][    T9] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  127.180833][    T9] usb 4-1: Using ep0 maxpacket: 32
[  127.326550][    T9] usb 4-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  127.356583][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  127.443693][ T6194] input: syz1 as /devices/virtual/input/input7
[  127.563910][    T9] usb 4-1: config 0 descriptor??
[  127.777597][    T9] gspca_main: sunplus-2.14.0 probing 041e:400b
[  129.461653][    T9] gspca_sunplus: reg_w_riv err -110
[  129.467048][    T9] sunplus 4-1:0.0: probe with driver sunplus failed with error -110
[  129.671671][    T9] usb 4-1: USB disconnect, device number 2
[  131.026665][   T30] kauditd_printk_skb: 44 callbacks suppressed
[  131.026684][   T30] audit: type=1326 audit(1749715580.188:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6204 comm="syz.4.60" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f815458e929 code=0x7ffc0000
[  131.065919][ T6215] netlink: 8 bytes leftover after parsing attributes in process `syz.3.58'.
[  131.076382][ T6215] netlink: 8 bytes leftover after parsing attributes in process `syz.3.58'.
[  131.085847][ T6215] netlink: 8 bytes leftover after parsing attributes in process `syz.3.58'.
[  131.095363][ T6215] netlink: 8 bytes leftover after parsing attributes in process `syz.3.58'.
[  131.301514][   T30] audit: type=1326 audit(1749715580.188:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6204 comm="syz.4.60" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f815458e929 code=0x7ffc0000
[  131.325092][   T30] audit: type=1326 audit(1749715580.188:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6204 comm="syz.4.60" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f815458d290 code=0x7ffc0000
[  131.347189][   T30] audit: type=1326 audit(1749715580.188:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6204 comm="syz.4.60" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f8154590157 code=0x7ffc0000
[  131.617671][   T30] audit: type=1326 audit(1749715580.188:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6204 comm="syz.4.60" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f815458e929 code=0x7ffc0000
[  131.671201][   T30] audit: type=1326 audit(1749715580.188:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6204 comm="syz.4.60" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f8154590157 code=0x7ffc0000
[  131.766707][   T30] audit: type=1326 audit(1749715580.188:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6204 comm="syz.4.60" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f815458d58a code=0x7ffc0000
[  131.791327][ T6222] loop1: detected capacity change from 0 to 16
[  131.940306][   T30] audit: type=1326 audit(1749715580.188:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6204 comm="syz.4.60" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f815458e929 code=0x7ffc0000
[  131.962992][   T30] audit: type=1326 audit(1749715580.188:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6204 comm="syz.4.60" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f815458e929 code=0x7ffc0000
[  131.997606][ T6209] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  132.018222][   T30] audit: type=1326 audit(1749715580.188:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6204 comm="syz.4.60" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f815458e929 code=0x7ffc0000
[  132.728683][ T6222] erofs (device loop1): mounted with root inode @ nid 36.
[  132.815983][ T6226] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  132.823426][ T6226] IPv6: NLM_F_CREATE should be set when creating new route
[  132.856267][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[  132.867505][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[  133.027623][ T6222] erofs (device loop1): read error -117 @ 8200 of nid 36
[  133.253927][ T6230] ksmbd: Unknown IPC event: 1, ignore.
[  134.011490][ T6232] erofs (device loop1): read error -117 @ 8200 of nid 36
[  135.844878][ T6253] loop0: detected capacity change from 0 to 16
[  135.889590][ T6253] erofs (device loop0): mounted with root inode @ nid 36.
[  136.050785][ T5968] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  136.242436][ T6260] evm: overlay not supported
[  136.890854][ T5968] usb 3-1: Using ep0 maxpacket: 32
[  136.963918][ T6261] erofs (device loop0): bogus lookback distance 1586 @ lcn 46 of nid 36
[  136.979716][ T5968] usb 3-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  136.994631][ T6261] erofs (device loop0): readahead error at folio 47 @ nid 36
[  137.002274][ T6261] erofs (device loop0): bogus lookback distance 1586 @ lcn 46 of nid 36
[  137.010762][ T6261] erofs (device loop0): readahead error at folio 46 @ nid 36
[  137.018596][ T6261] erofs (device loop0): readahead error at folio 45 @ nid 36
[  137.032174][ T6261] erofs (device loop0): bogus lookback distance 1388 @ lcn 42 of nid 36
[  137.032882][ T5968] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  137.052655][ T6261] erofs (device loop0): readahead error at folio 43 @ nid 36
[  137.073672][ T6261] erofs (device loop0): bogus lookback distance 1388 @ lcn 42 of nid 36
[  137.083194][ T6261] erofs (device loop0): readahead error at folio 42 @ nid 36
[  137.093054][ T5968] usb 3-1: config 0 descriptor??
[  137.098261][ T6261] erofs (device loop0): bogus lookback distance 774 @ lcn 40 of nid 36
[  137.109444][ T6261] erofs (device loop0): readahead error at folio 41 @ nid 36
[  137.121453][ T5968] gspca_main: sunplus-2.14.0 probing 041e:400b
[  137.133895][ T6246] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  137.149939][ T6261] erofs (device loop0): bogus lookback distance 774 @ lcn 40 of nid 36
[  137.356048][ T6261] erofs (device loop0): readahead error at folio 40 @ nid 36
[  137.376773][ T6261] erofs (device loop0): readahead error at folio 39 @ nid 36
[  137.394131][ T6261] erofs (device loop0): readahead error at folio 38 @ nid 36
[  137.961896][ T6261] erofs (device loop0): readahead error at folio 36 @ nid 36
[  138.067625][ T6261] erofs (device loop0): bogus lookback distance 1468 @ lcn 31 of nid 36
[  138.130785][ T6261] erofs (device loop0): readahead error at folio 31 @ nid 36
[  138.186012][ T6261] erofs (device loop0): readahead error at folio 25 @ nid 36
[  138.678322][ T6275] loop1: detected capacity change from 0 to 40427
[  138.762232][ T6261] erofs (device loop0): readahead error at folio 24 @ nid 36
[  138.780723][ T6275] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  138.789420][ T6275] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  138.965208][ T6278] loop3: detected capacity change from 0 to 4096
[  138.992999][ T6275] F2FS-fs (loop1): invalid crc value
[  139.160624][ T6261] erofs (device loop0): readahead error at folio 19 @ nid 36
[  139.277732][ T5968] gspca_sunplus: reg_w_riv err -71
[  139.287887][ T6261] syz.0.71: attempt to access beyond end of device
[  139.287887][ T6261] loop0: rw=524288, sector=784, nr_sectors = 64 limit=16
[  139.324386][ T5968] sunplus 3-1:0.0: probe with driver sunplus failed with error -71
[  139.344899][ T6281] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  139.963475][ T6261] syz.0.71: attempt to access beyond end of device
[  139.963475][ T6261] loop0: rw=524288, sector=13478624080, nr_sectors = 24 limit=16
[  139.996759][ T5968] usb 3-1: USB disconnect, device number 2
[  140.515281][ T6261] syz.0.71: attempt to access beyond end of device
[  140.515281][ T6261] loop0: rw=524288, sector=13478624032, nr_sectors = 48 limit=16
[  140.550368][ T6261] syz.0.71: attempt to access beyond end of device
[  140.550368][ T6261] loop0: rw=524288, sector=16, nr_sectors = 16 limit=16
[  140.580019][ T6275] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  140.587609][ T6275] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  144.647045][ T6304] netlink: 'syz.2.81': attribute type 3 has an invalid length.
[  144.729294][ T6310] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  144.823936][ T6311] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  144.839841][ T6311] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[  144.892320][ T6311] overlayfs: missing 'lowerdir'
[  145.681648][ T6304] netlink: 224 bytes leftover after parsing attributes in process `syz.2.81'.
[  145.724447][ T6316] loop0: detected capacity change from 0 to 128
[  145.835249][ T6316] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256
[  147.569923][ T6331] loop0: detected capacity change from 0 to 16
[  147.578756][ T6331] erofs (device loop0): invalid sb_extslots 4160 (more than a fs block)
[  148.910745][   T24] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  150.080726][   T24] usb 5-1: Using ep0 maxpacket: 32
[  150.089874][   T24] usb 5-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  150.117516][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  150.139429][   T24] usb 5-1: config 0 descriptor??
[  150.316210][ T6346] loop3: detected capacity change from 0 to 40427
[  150.463511][ T6346] F2FS-fs (loop3): build fault injection rate: 690
[  150.478253][ T6346] F2FS-fs (loop3): invalid crc value
[  150.773063][   T24] gspca_main: sunplus-2.14.0 probing 041e:400b
[  150.785066][   T24] gspca_sunplus: reg_w_riv err -71
[  150.790309][   T24] sunplus 5-1:0.0: probe with driver sunplus failed with error -71
[  150.813415][   T24] usb 5-1: USB disconnect, device number 2
[  150.820615][ T6346] F2FS-fs (loop3): Start checkpoint disabled!
[  150.901358][ T6346] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  151.286259][ T6353] loop0: detected capacity change from 0 to 32768
[  151.574566][ T6363] F2FS-fs (loop3): ino:10, start:0, end:8192, need to trigger GC to reclaim enough free segment when checkpoint is enabled
[  152.904380][   T68] kworker/u8:4: attempt to access beyond end of device
[  152.904380][   T68] loop3: rw=1, sector=77824, nr_sectors = 2056 limit=40427
[  153.046203][   T68] kworker/u8:4: attempt to access beyond end of device
[  153.046203][   T68] loop3: rw=1, sector=79880, nr_sectors = 2040 limit=40427
[  153.575813][   T68] kworker/u8:4: attempt to access beyond end of device
[  153.575813][   T68] loop3: rw=1, sector=73728, nr_sectors = 2544 limit=40427
[  153.680033][   T68] kworker/u8:4: attempt to access beyond end of device
[  153.680033][   T68] loop3: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  153.727742][   T68] CPU: 1 UID: 0 PID: 68 Comm: kworker/u8:4 Not tainted 6.16.0-rc1-next-20250612-syzkaller #0 PREEMPT(full) 
[  153.727771][   T68] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  153.727783][   T68] Workqueue: writeback wb_workfn (flush-7:3)
[  153.727822][   T68] Call Trace:
[  153.727830][   T68]  <TASK>
[  153.727839][   T68]  dump_stack_lvl+0x189/0x250
[  153.727859][   T68]  ? __pfx_dump_stack_lvl+0x10/0x10
[  153.727880][   T68]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  153.727903][   T68]  ? __pfx_queue_work_on+0x10/0x10
[  153.727919][   T68]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  153.727937][   T68]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  153.727956][   T68]  ? f2fs_hw_is_readonly+0x39b/0x470
[  153.727980][   T68]  f2fs_handle_critical_error+0x37c/0x540
[  153.728004][   T68]  f2fs_write_end_io+0x495/0x810
[  153.728024][   T68]  ? blkg_put+0x22/0x240
[  153.728056][   T68]  __submit_merged_bio+0x27a/0x6a0
[  153.728081][   T68]  __submit_merged_write_cond+0x255/0x530
[  153.728107][   T68]  f2fs_write_data_pages+0x261d/0x3000
[  153.728158][   T68]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  153.728244][   T68]  ? f2fs_write_meta_pages+0x357/0x450
[  153.728274][   T68]  ? __lock_acquire+0xab9/0xd20
[  153.728301][   T68]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  153.728326][   T68]  do_writepages+0x32b/0x550
[  153.728361][   T68]  ? reacquire_held_locks+0x127/0x1d0
[  153.728377][   T68]  ? writeback_sb_inodes+0x384/0x1010
[  153.728411][   T68]  __writeback_single_inode+0x145/0xff0
[  153.728439][   T68]  ? do_raw_spin_unlock+0x122/0x240
[  153.728464][   T68]  writeback_sb_inodes+0x6c7/0x1010
[  153.728516][   T68]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  153.728581][   T68]  ? rcu_is_watching+0x15/0xb0
[  153.728605][   T68]  wb_writeback+0x43b/0xaf0
[  153.728636][   T68]  ? queue_io+0x2e1/0x590
[  153.728663][   T68]  ? __pfx_wb_writeback+0x10/0x10
[  153.728697][   T68]  ? _raw_spin_unlock_irq+0x23/0x50
[  153.728723][   T68]  wb_workfn+0x409/0xef0
[  153.728758][   T68]  ? __pfx_wb_workfn+0x10/0x10
[  153.728784][   T68]  ? __lock_acquire+0xab9/0xd20
[  153.728822][   T68]  ? process_scheduled_works+0x9ef/0x17b0
[  153.728859][   T68]  ? _raw_spin_unlock_irq+0x23/0x50
[  153.728888][   T68]  ? process_scheduled_works+0x9ef/0x17b0
[  153.728916][   T68]  ? process_scheduled_works+0x9ef/0x17b0
[  153.728947][   T68]  process_scheduled_works+0xade/0x17b0
[  153.729007][   T68]  ? __pfx_process_scheduled_works+0x10/0x10
[  153.729055][   T68]  worker_thread+0x8a0/0xda0
[  153.729100][   T68]  kthread+0x711/0x8a0
[  153.729126][   T68]  ? __pfx_worker_thread+0x10/0x10
[  153.729143][   T68]  ? __pfx_kthread+0x10/0x10
[  153.729168][   T68]  ? _raw_spin_unlock_irq+0x23/0x50
[  153.729190][   T68]  ? lockdep_hardirqs_on+0x9c/0x150
[  153.729213][   T68]  ? __pfx_kthread+0x10/0x10
[  153.729236][   T68]  ret_from_fork+0x3fc/0x770
[  153.729267][   T68]  ? __pfx_ret_from_fork+0x10/0x10
[  153.729302][   T68]  ? __switch_to_asm+0x39/0x70
[  153.729321][   T68]  ? __switch_to_asm+0x33/0x70
[  153.729340][   T68]  ? __pfx_kthread+0x10/0x10
[  153.729363][   T68]  ret_from_fork_asm+0x1a/0x30
[  153.729400][   T68]  </TASK>
[  153.729409][   T68] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  154.107017][   T68] CPU: 1 UID: 0 PID: 68 Comm: kworker/u8:4 Not tainted 6.16.0-rc1-next-20250612-syzkaller #0 PREEMPT(full) 
[  154.107047][   T68] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  154.107061][   T68] Workqueue: writeback wb_workfn (flush-7:3)
[  154.107096][   T68] Call Trace:
[  154.107106][   T68]  <TASK>
[  154.107133][   T68]  dump_stack_lvl+0x189/0x250
[  154.107162][   T68]  ? __pfx_dump_stack_lvl+0x10/0x10
[  154.107179][   T68]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  154.107206][   T68]  ? __pfx_queue_work_on+0x10/0x10
[  154.107229][   T68]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  154.107255][   T68]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  154.107283][   T68]  ? f2fs_hw_is_readonly+0x39b/0x470
[  154.107317][   T68]  f2fs_handle_critical_error+0x37c/0x540
[  154.107353][   T68]  f2fs_write_end_io+0x495/0x810
[  154.107381][   T68]  ? blkg_put+0x22/0x240
[  154.107429][   T68]  __submit_merged_bio+0x27a/0x6a0
[  154.107464][   T68]  __submit_merged_write_cond+0x255/0x530
[  154.107500][   T68]  f2fs_write_data_pages+0x261d/0x3000
[  154.107575][   T68]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  154.107713][   T68]  ? f2fs_write_meta_pages+0x357/0x450
[  154.107755][   T68]  ? __lock_acquire+0xab9/0xd20
[  154.107791][   T68]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  154.107822][   T68]  do_writepages+0x32b/0x550
[  154.107870][   T68]  ? reacquire_held_locks+0x127/0x1d0
[  154.107890][   T68]  ? writeback_sb_inodes+0x384/0x1010
[  154.107935][   T68]  __writeback_single_inode+0x145/0xff0
[  154.107968][   T68]  ? do_raw_spin_unlock+0x122/0x240
[  154.108000][   T68]  writeback_sb_inodes+0x6c7/0x1010
[  154.108069][   T68]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  154.108159][   T68]  ? rcu_is_watching+0x15/0xb0
[  154.108193][   T68]  wb_writeback+0x43b/0xaf0
[  154.108248][   T68]  ? queue_io+0x2e1/0x590
[  154.108284][   T68]  ? __pfx_wb_writeback+0x10/0x10
[  154.108327][   T68]  ? _raw_spin_unlock_irq+0x23/0x50
[  154.108359][   T68]  wb_workfn+0x409/0xef0
[  154.108407][   T68]  ? __pfx_wb_workfn+0x10/0x10
[  154.108440][   T68]  ? __lock_acquire+0xab9/0xd20
[  154.108483][   T68]  ? process_scheduled_works+0x9ef/0x17b0
[  154.108523][   T68]  ? _raw_spin_unlock_irq+0x23/0x50
[  154.108546][   T68]  ? process_scheduled_works+0x9ef/0x17b0
[  154.108576][   T68]  ? process_scheduled_works+0x9ef/0x17b0
[  154.108610][   T68]  process_scheduled_works+0xade/0x17b0
[  154.108681][   T68]  ? __pfx_process_scheduled_works+0x10/0x10
[  154.108736][   T68]  worker_thread+0x8a0/0xda0
[  154.108792][   T68]  kthread+0x711/0x8a0
[  154.108821][   T68]  ? __pfx_worker_thread+0x10/0x10
[  154.108839][   T68]  ? __pfx_kthread+0x10/0x10
[  154.108871][   T68]  ? _raw_spin_unlock_irq+0x23/0x50
[  154.108896][   T68]  ? lockdep_hardirqs_on+0x9c/0x150
[  154.108920][   T68]  ? __pfx_kthread+0x10/0x10
[  154.108946][   T68]  ret_from_fork+0x3fc/0x770
[  154.108980][   T68]  ? __pfx_ret_from_fork+0x10/0x10
[  154.109019][   T68]  ? __switch_to_asm+0x39/0x70
[  154.109039][   T68]  ? __switch_to_asm+0x33/0x70
[  154.109059][   T68]  ? __pfx_kthread+0x10/0x10
[  154.109085][   T68]  ret_from_fork_asm+0x1a/0x30
[  154.109128][   T68]  </TASK>
[  154.109137][   T68] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  155.383285][ T6375] loop1: detected capacity change from 0 to 2048
[  155.589237][ T6375] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  155.886869][ T6375] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  159.015310][ T6399] Invalid source name
[  159.023754][ T6399] UBIFS error (pid: 6399): cannot open "./file0", error -22
[  162.216700][ T6415] xt_CT: No such helper "pptp"
[  162.622162][   T30] kauditd_printk_skb: 2 callbacks suppressed
[  162.622208][   T30] audit: type=1326 audit(1749715612.718:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6424 comm="syz.3.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc49c98e929 code=0x7ffc0000
[  164.072498][   T30] audit: type=1326 audit(1749715612.718:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6424 comm="syz.3.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc49c98e929 code=0x7ffc0000
[  164.168323][   T30] audit: type=1326 audit(1749715612.718:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6424 comm="syz.3.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7fc49c98e929 code=0x7ffc0000
[  164.876832][   T30] audit: type=1326 audit(1749715612.718:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6424 comm="syz.3.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc49c98e929 code=0x7ffc0000
[  165.007853][ T6439] delete_channel: no stack
[  165.436912][   T30] audit: type=1326 audit(1749715612.718:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6424 comm="syz.3.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc49c98e929 code=0x7ffc0000
[  165.460022][ T5840] Bluetooth: hci4: unexpected cc 0x2039 length: 9 > 1
[  165.473325][   T30] audit: type=1326 audit(1749715612.718:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6424 comm="syz.3.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc49c98d290 code=0x7ffc0000
[  165.496519][   T30] audit: type=1326 audit(1749715612.728:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6424 comm="syz.3.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fc49c990157 code=0x7ffc0000
[  165.540580][   T30] audit: type=1326 audit(1749715612.728:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6424 comm="syz.3.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc49c98e929 code=0x7ffc0000
[  165.562888][   T30] audit: type=1326 audit(1749715612.728:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6424 comm="syz.3.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fc49c990157 code=0x7ffc0000
[  165.585114][   T30] audit: type=1326 audit(1749715612.728:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6424 comm="syz.3.109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fc49c98d58a code=0x7ffc0000
[  168.422131][ T6457] capability: warning: `syz.1.118' uses deprecated v2 capabilities in a way that may be insecure
[  168.507193][ T6457] geneve1: entered allmulticast mode
[  169.704908][ T5840] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  169.782096][ T5840] Bluetooth: hci4: Injecting HCI hardware error event
[  169.791759][ T5840] Bluetooth: hci4: hardware error 0x00
[  170.169796][ T6471] loop4: detected capacity change from 0 to 4096
[  170.429930][ T6483] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  171.191383][   T30] kauditd_printk_skb: 5 callbacks suppressed
[  171.191402][   T30] audit: type=1800 audit(1749715621.308:85): pid=6471 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.121" name="file1" dev="loop4" ino=15 res=0 errno=0
[  171.460835][    T9] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  171.502165][ T6471] NILFS error (device loop4): nilfs_find_entry: dir 2 size 34359742464 exceeds block count 1
[  171.727490][ T6494] Bluetooth: MGMT ver 1.23
[  171.750349][ T6471] Remounting filesystem read-only
[  172.320942][ T5840] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  172.490911][    T9] usb 2-1: Using ep0 maxpacket: 32
[  172.672199][    T9] usb 2-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  172.684003][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  172.710054][    T9] usb 2-1: config 0 descriptor??
[  173.008630][    T9] gspca_main: sunplus-2.14.0 probing 041e:400b
[  173.122336][ T6500] loop3: detected capacity change from 0 to 64
[  173.376952][   T30] audit: type=1804 audit(1749715623.438:86): pid=6507 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.127" name="/newroot/23/bus/bus" dev="overlay" ino=163 res=1 errno=0
[  174.052168][ T5850] NILFS (loop4): disposed unprocessed dirty file(s) when detaching log writer
[  174.709467][    T9] gspca_sunplus: reg_w_riv err -71
[  174.818385][    T9] sunplus 2-1:0.0: probe with driver sunplus failed with error -71
[  174.852688][ T6500] hfs: keylen 94 too large
[  175.134607][    T9] usb 2-1: USB disconnect, device number 2
[  176.200373][ T6520] loop2: detected capacity change from 0 to 512
[  176.240350][ T6524] loop1: detected capacity change from 0 to 128
[  176.332115][ T6520] EXT4-fs (loop2): 1 orphan inode deleted
[  176.355804][ T6520] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  176.473344][ T6520] ext4 filesystem being mounted at /28/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  176.513016][ T6411] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  176.549545][   T24] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  177.711505][ T6534] syz.1.134: attempt to access beyond end of device
[  177.711505][ T6534] loop1: rw=2051, sector=104, nr_sectors = 25 limit=128
[  178.448855][ T6411] EXT4-fs error (device loop2): ext4_release_dquot:6969: comm kworker/u8:13: Failed to release dquot type 1
[  178.590718][   T24] usb 1-1: Using ep0 maxpacket: 16
[  178.687412][ T5832] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  178.701436][   T43] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  178.709263][   T24] usb 1-1: config index 0 descriptor too short (expected 42, got 18)
[  178.730342][   T24] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 219, using maximum allowed: 30
[  178.776985][   T24] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 219
[  179.152684][ T6541] loop2: detected capacity change from 0 to 40427
[  179.176243][ T6541] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  179.184358][ T6541] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  179.210774][   T43] usb 4-1: config 0 has no interfaces?
[  179.222470][   T24] usb 1-1: New USB device found, idVendor=09ef, idProduct=0000, bcdDevice= 7.00
[  179.274304][ T6541] F2FS-fs (loop2): invalid crc value
[  179.276803][   T24] usb 1-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[  179.294985][   T24] usb 1-1: Product: syz
[  179.299436][   T24] usb 1-1: SerialNumber: syz
[  179.313963][   T24] usb 1-1: config 0 descriptor??
[  180.046192][ T6541] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  180.053381][ T6541] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  180.058296][   T24] usb 1-1: can't set config #0, error -71
[  180.435890][ T6550] syz.2.137: attempt to access beyond end of device
[  180.435890][ T6550] loop2: rw=2049, sector=77824, nr_sectors = 520 limit=40427
[  181.136350][   T24] usb 1-1: USB disconnect, device number 2
[  181.323250][ T5832] syz-executor: attempt to access beyond end of device
[  181.323250][ T5832] loop2: rw=2051, sector=77824, nr_sectors = 520 limit=40427
[  181.598050][ T6557] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  181.678849][ T5832] F2FS-fs (loop2): Issue discard(9728, 9728, 65) failed, ret: -5
[  182.404149][ T6556] loop1: detected capacity change from 0 to 2048
[  182.430457][ T6556] EXT4-fs: Ignoring removed mblk_io_submit option
[  182.526529][ T6556] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  182.802807][ T5988] Process accounting resumed
[  182.992427][ T6565] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4294967295 (34359738360 ns) > initial count (288 ns). Using initial count to start timer.
[  183.740907][   T12] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm kworker/u8:0: bg 0: block 234: padding at end of block bitmap is not set
[  185.097396][ T6566] ==================================================================
[  185.105518][ T6566] BUG: KASAN: slab-use-after-free in do_check+0xb388/0xe170
[  185.112831][ T6566] Read of size 1 at addr ffff88807ab0fb79 by task syz.0.141/6566
[  185.120570][ T6566] 
[  185.122929][ T6566] CPU: 0 UID: 0 PID: 6566 Comm: syz.0.141 Not tainted 6.16.0-rc1-next-20250612-syzkaller #0 PREEMPT(full) 
[  185.122954][ T6566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  185.122973][ T6566] Call Trace:
[  185.122980][ T6566]  <TASK>
[  185.122986][ T6566]  dump_stack_lvl+0x189/0x250
[  185.123007][ T6566]  ? __virt_addr_valid+0x1c8/0x5c0
[  185.123023][ T6566]  ? rcu_is_watching+0x15/0xb0
[  185.123043][ T6566]  ? __kasan_check_byte+0x12/0x40
[  185.123065][ T6566]  ? __pfx_dump_stack_lvl+0x10/0x10
[  185.123083][ T6566]  ? rcu_is_watching+0x15/0xb0
[  185.123100][ T6566]  ? lock_release+0x4b/0x3e0
[  185.123130][ T6566]  ? __virt_addr_valid+0x1c8/0x5c0
[  185.123145][ T6566]  ? __virt_addr_valid+0x4a5/0x5c0
[  185.123161][ T6566]  print_report+0xd2/0x2b0
[  185.123185][ T6566]  ? do_check+0xb388/0xe170
[  185.123213][ T6566]  kasan_report+0x118/0x150
[  185.123235][ T6566]  ? do_check+0xb388/0xe170
[  185.123265][ T6566]  do_check+0xb388/0xe170
[  185.123289][ T6566]  ? preempt_schedule_irq+0xb5/0x150
[  185.123332][ T6566]  ? __pfx_do_check+0x10/0x10
[  185.123362][ T6566]  ? __asan_memset+0x22/0x50
[  185.123389][ T6566]  ? init_func_state+0x1ddf/0x2d20
[  185.123421][ T6566]  do_check_common+0x168d/0x20b0
[  185.123452][ T6566]  bpf_check+0x1381e/0x19e50
[  185.123478][ T6566]  ? __switch_to+0xd74/0x1600
[  185.123506][ T6566]  ? __lock_acquire+0xab9/0xd20
[  185.123545][ T6566]  ? finish_task_switch+0x18b/0x950
[  185.123573][ T6566]  ? rcu_qs+0xc4/0x170
[  185.123600][ T6566]  ? __switch_to+0xd74/0x1600
[  185.123619][ T6566]  ? __lock_acquire+0xab9/0xd20
[  185.123654][ T6566]  ? __pfx_bpf_check+0x10/0x10
[  185.123677][ T6566]  ? lockdep_hardirqs_on+0x9c/0x150
[  185.123706][ T6566]  ? rcu_is_watching+0x15/0xb0
[  185.123724][ T6566]  ? trace_sched_exit_tp+0x38/0x120
[  185.123747][ T6566]  ? __schedule+0x1713/0x4d00
[  185.123772][ T6566]  ? preempt_schedule_irq+0xb5/0x150
[  185.123798][ T6566]  ? __lock_acquire+0xab9/0xd20
[  185.123834][ T6566]  ? ktime_get_with_offset+0x8c/0x2a0
[  185.123860][ T6566]  ? seqcount_lockdep_reader_access+0x123/0x1c0
[  185.123884][ T6566]  ? lockdep_hardirqs_on+0x9c/0x150
[  185.123904][ T6566]  ? ktime_get_with_offset+0x8c/0x2a0
[  185.123919][ T6566]  ? seqcount_lockdep_reader_access+0x175/0x1c0
[  185.123936][ T6566]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[  185.123967][ T6566]  ? bpf_obj_name_cpy+0x194/0x1e0
[  185.123987][ T6566]  ? bpf_lsm_bpf_prog_load+0x9/0x20
[  185.124006][ T6566]  ? security_bpf_prog_load+0x7f/0x310
[  185.124034][ T6566]  bpf_prog_load+0x1318/0x1930
[  185.124062][ T6566]  ? __pfx_bpf_prog_load+0x10/0x10
[  185.124091][ T6566]  ? bpf_lsm_bpf+0x9/0x20
[  185.124109][ T6566]  ? security_bpf+0x7e/0x300
[  185.124135][ T6566]  __sys_bpf+0x5f1/0x860
[  185.124163][ T6566]  ? __pfx___sys_bpf+0x10/0x10
[  185.124198][ T6566]  ? rcu_is_watching+0x15/0xb0
[  185.124214][ T6566]  __x64_sys_bpf+0x7c/0x90
[  185.124232][ T6566]  do_syscall_64+0xfa/0x3b0
[  185.124258][ T6566]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  185.124292][ T6566]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  185.124312][ T6566]  ? clear_bhb_loop+0x60/0xb0
[  185.124333][ T6566]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  185.124353][ T6566] RIP: 0033:0x7f3da7f8e929
[  185.124371][ T6566] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  185.124383][ T6566] RSP: 002b:00007f3da8de7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  185.124402][ T6566] RAX: ffffffffffffffda RBX: 00007f3da81b6160 RCX: 00007f3da7f8e929
[  185.124419][ T6566] RDX: 0000000000000094 RSI: 0000200000000a40 RDI: 0000000000000005
[  185.124432][ T6566] RBP: 00007f3da8010b39 R08: 0000000000000000 R09: 0000000000000000
[  185.124445][ T6566] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  185.124456][ T6566] R13: 0000000000000000 R14: 00007f3da81b6160 R15: 00007ffc6dd0bbe8
[  185.124476][ T6566]  </TASK>
[  185.124483][ T6566] 
[  185.502676][ T6566] Allocated by task 6566:
[  185.507014][ T6566]  kasan_save_track+0x3e/0x80
[  185.511698][ T6566]  __kasan_kmalloc+0x93/0xb0
[  185.516287][ T6566]  __kmalloc_cache_noprof+0x230/0x3d0
[  185.521657][ T6566]  do_check_common+0x13f/0x20b0
[  185.526503][ T6566]  bpf_check+0x1381e/0x19e50
[  185.531100][ T6566]  bpf_prog_load+0x1318/0x1930
[  185.535866][ T6566]  __sys_bpf+0x5f1/0x860
[  185.540128][ T6566]  __x64_sys_bpf+0x7c/0x90
[  185.544554][ T6566]  do_syscall_64+0xfa/0x3b0
[  185.549053][ T6566]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  185.554966][ T6566] 
[  185.557287][ T6566] Freed by task 6566:
[  185.561272][ T6566]  kasan_save_track+0x3e/0x80
[  185.565960][ T6566]  kasan_save_free_info+0x46/0x50
[  185.571006][ T6566]  __kasan_slab_free+0x62/0x70
[  185.575777][ T6566]  kfree+0x18e/0x440
[  185.579687][ T6566]  push_stack+0x247/0x3c0
[  185.584019][ T6566]  check_cond_jmp_op+0x1069/0x2340
[  185.589153][ T6566]  do_check+0x672c/0xe170
[  185.593495][ T6566]  do_check_common+0x168d/0x20b0
[  185.598445][ T6566]  bpf_check+0x1381e/0x19e50
[  185.603041][ T6566]  bpf_prog_load+0x1318/0x1930
[  185.607822][ T6566]  __sys_bpf+0x5f1/0x860
[  185.612077][ T6566]  __x64_sys_bpf+0x7c/0x90
[  185.616495][ T6566]  do_syscall_64+0xfa/0x3b0
[  185.621014][ T6566]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  185.626912][ T6566] 
[  185.629247][ T6566] The buggy address belongs to the object at ffff88807ab0fb00
[  185.629247][ T6566]  which belongs to the cache kmalloc-192 of size 192
[  185.643305][ T6566] The buggy address is located 121 bytes inside of
[  185.643305][ T6566]  freed 192-byte region [ffff88807ab0fb00, ffff88807ab0fbc0)
[  185.657111][ T6566] 
[  185.659438][ T6566] The buggy address belongs to the physical page:
[  185.665858][ T6566] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7ab0f
[  185.674624][ T6566] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  185.681744][ T6566] page_type: f5(slab)
[  185.685729][ T6566] raw: 00fff00000000000 ffff88801a4413c0 dead000000000100 dead000000000122
[  185.694316][ T6566] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  185.702922][ T6566] page dumped because: kasan: bad access detected
[  185.709351][ T6566] page_owner tracks the page as allocated
[  185.715070][ T6566] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 5984, tgid 5984 (syz-executor), ts 98299703687, free_ts 98021202286
[  185.734621][ T6566]  post_alloc_hook+0x240/0x2a0
[  185.739406][ T6566]  get_page_from_freelist+0x21e4/0x22c0
[  185.744972][ T6566]  __alloc_frozen_pages_noprof+0x181/0x370
[  185.750781][ T6566]  allocate_slab+0x65/0x3b0
[  185.755285][ T6566]  ___slab_alloc+0xbfc/0x1480
[  185.759971][ T6566]  __kmalloc_node_noprof+0x2fd/0x4e0
[  185.765258][ T6566]  alloc_slab_obj_exts+0x39/0xa0
[  185.770211][ T6566]  __memcg_slab_post_alloc_hook+0x31e/0x7f0
[  185.776136][ T6566]  kmem_cache_alloc_lru_noprof+0x2c7/0x3d0
[  185.781969][ T6566]  __d_alloc+0x31/0x6f0
[  185.786150][ T6566]  d_alloc+0x4b/0x190
[  185.790167][ T6566]  lookup_one_qstr_excl+0xdc/0x360
[  185.795288][ T6566]  filename_create+0x224/0x3c0
[  185.800067][ T6566]  do_symlinkat+0xbc/0x3f0
[  185.804494][ T6566]  __x64_sys_symlinkat+0x95/0xb0
[  185.809464][ T6566]  do_syscall_64+0xfa/0x3b0
[  185.813983][ T6566] page last free pid 5982 tgid 5981 stack trace:
[  185.820312][ T6566]  __free_frozen_pages+0xc71/0xe70
[  185.825467][ T6566]  rcu_core+0xca8/0x1710
[  185.829718][ T6566]  handle_softirqs+0x283/0x870
[  185.834495][ T6566]  __irq_exit_rcu+0xca/0x1f0
[  185.839094][ T6566]  irq_exit_rcu+0x9/0x30
[  185.843347][ T6566]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  185.849006][ T6566]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  185.855011][ T6566] 
[  185.857356][ T6566] Memory state around the buggy address:
[  185.862981][ T6566]  ffff88807ab0fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  185.871047][ T6566]  ffff88807ab0fa80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[  185.879114][ T6566] >ffff88807ab0fb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  185.887186][ T6566]                                                                 ^
[  185.895172][ T6566]  ffff88807ab0fb80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  185.903246][ T6566]  ffff88807ab0fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  185.911313][ T6566] ==================================================================
[  185.921683][ T6566] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  185.928900][ T6566] CPU: 0 UID: 0 PID: 6566 Comm: syz.0.141 Not tainted 6.16.0-rc1-next-20250612-syzkaller #0 PREEMPT(full) 
[  185.940275][ T6566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  185.950340][ T6566] Call Trace:
[  185.953636][ T6566]  <TASK>
[  185.956584][ T6566]  dump_stack_lvl+0x99/0x250
[  185.961184][ T6566]  ? __asan_memcpy+0x40/0x70
[  185.965794][ T6566]  ? __pfx_dump_stack_lvl+0x10/0x10
[  185.970995][ T6566]  ? __pfx__printk+0x10/0x10
[  185.975606][ T6566]  panic+0x2db/0x790
[  185.979531][ T6566]  ? __pfx_panic+0x10/0x10
[  185.983966][ T6566]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  185.989866][ T6566]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  185.996216][ T6566]  ? print_memory_metadata+0x314/0x400
[  186.001696][ T6566]  ? do_check+0xb388/0xe170
[  186.006236][ T6566]  check_panic_on_warn+0x89/0xb0
[  186.011187][ T6566]  ? do_check+0xb388/0xe170
[  186.015706][ T6566]  end_report+0x78/0x160
[  186.019955][ T6566]  kasan_report+0x129/0x150
[  186.024462][ T6566]  ? do_check+0xb388/0xe170
[  186.028973][ T6566]  do_check+0xb388/0xe170
[  186.033325][ T6566]  ? preempt_schedule_irq+0xb5/0x150
[  186.038673][ T6566]  ? __pfx_do_check+0x10/0x10
[  186.043370][ T6566]  ? __asan_memset+0x22/0x50
[  186.047985][ T6566]  ? init_func_state+0x1ddf/0x2d20
[  186.053117][ T6566]  do_check_common+0x168d/0x20b0
[  186.058095][ T6566]  bpf_check+0x1381e/0x19e50
[  186.062698][ T6566]  ? __switch_to+0xd74/0x1600
[  186.067396][ T6566]  ? __lock_acquire+0xab9/0xd20
[  186.072262][ T6566]  ? finish_task_switch+0x18b/0x950
[  186.077473][ T6566]  ? rcu_qs+0xc4/0x170
[  186.081576][ T6566]  ? __switch_to+0xd74/0x1600
[  186.086267][ T6566]  ? __lock_acquire+0xab9/0xd20
[  186.091151][ T6566]  ? __pfx_bpf_check+0x10/0x10
[  186.095923][ T6566]  ? lockdep_hardirqs_on+0x9c/0x150
[  186.101160][ T6566]  ? rcu_is_watching+0x15/0xb0
[  186.105940][ T6566]  ? trace_sched_exit_tp+0x38/0x120
[  186.111156][ T6566]  ? __schedule+0x1713/0x4d00
[  186.115858][ T6566]  ? preempt_schedule_irq+0xb5/0x150
[  186.121163][ T6566]  ? __lock_acquire+0xab9/0xd20
[  186.126044][ T6566]  ? ktime_get_with_offset+0x8c/0x2a0
[  186.131438][ T6566]  ? seqcount_lockdep_reader_access+0x123/0x1c0
[  186.137683][ T6566]  ? lockdep_hardirqs_on+0x9c/0x150
[  186.142894][ T6566]  ? ktime_get_with_offset+0x8c/0x2a0
[  186.148263][ T6566]  ? seqcount_lockdep_reader_access+0x175/0x1c0
[  186.154518][ T6566]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[  186.161117][ T6566]  ? bpf_obj_name_cpy+0x194/0x1e0
[  186.166165][ T6566]  ? bpf_lsm_bpf_prog_load+0x9/0x20
[  186.171372][ T6566]  ? security_bpf_prog_load+0x7f/0x310
[  186.176857][ T6566]  bpf_prog_load+0x1318/0x1930
[  186.181648][ T6566]  ? __pfx_bpf_prog_load+0x10/0x10
[  186.186820][ T6566]  ? bpf_lsm_bpf+0x9/0x20
[  186.191163][ T6566]  ? security_bpf+0x7e/0x300
[  186.195776][ T6566]  __sys_bpf+0x5f1/0x860
[  186.200031][ T6566]  ? __pfx___sys_bpf+0x10/0x10
[  186.204832][ T6566]  ? rcu_is_watching+0x15/0xb0
[  186.209619][ T6566]  __x64_sys_bpf+0x7c/0x90
[  186.214057][ T6566]  do_syscall_64+0xfa/0x3b0
[  186.218592][ T6566]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  186.224674][ T6566]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  186.230917][ T6566]  ? clear_bhb_loop+0x60/0xb0
[  186.235613][ T6566]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  186.241518][ T6566] RIP: 0033:0x7f3da7f8e929
[  186.245935][ T6566] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  186.265561][ T6566] RSP: 002b:00007f3da8de7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  186.273982][ T6566] RAX: ffffffffffffffda RBX: 00007f3da81b6160 RCX: 00007f3da7f8e929
[  186.281972][ T6566] RDX: 0000000000000094 RSI: 0000200000000a40 RDI: 0000000000000005
[  186.289954][ T6566] RBP: 00007f3da8010b39 R08: 0000000000000000 R09: 0000000000000000
[  186.297933][ T6566] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  186.305916][ T6566] R13: 0000000000000000 R14: 00007f3da81b6160 R15: 00007ffc6dd0bbe8
[  186.313910][ T6566]  </TASK>
[  186.317290][ T6566] Kernel Offset: disabled
[  186.321622][ T6566] Rebooting in 86400 seconds..