last executing test programs:

6.67917587s ago: executing program 3 (id=1089):
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./file1\x00', 0x101880a, &(0x7f0000000400)=ANY=[], 0xff, 0x5523, &(0x7f0000000540)="$eJzs3D9vG2UYAPDHSdM2bSkRYmDrSRVSItWmTv8ItgKt+CNSRQUGJnBsx3Jr+6LYcUImBkbEwDdBIDEx8hkYmNkQA4gNCeS7CyRAJKQ4dpP8fpL93Pv69XPPa0WWnrvIAZxZC8lvv5TiasxHxGxEXInIjkvz+xbdy8MLEXEtImb2PUrF/F8T5yPiUkRcHSXPc5aKl764Mbx+5+e3f/32+wvnLn/5zQ9T2jLwFHgxIrob+fF2N49pK4+Pi/nasJ3F7u1hEfMXuk+KcZrH7eZalmG7treulsVbrXx9urHVH8X1Tq0+iq32eja/0ctP2B+29vJkb3hc28zGjeZaFtv9NIut3byund38u223P8jzNIp8H2fpYzDYi/l8c6eZ72fjSRbrvUExn+dNG82dURwWsThd1NNOI6tj7Sif9NPtnXZvaycZNjf77bSX3KlUX65U75arm2mjOWjeLte6jbu3k8VWZ7SsPGjWuvdaadrqNCv1tLuULLbq9XK1mizeb661a72kWq3cqtws31kqjm4kbzx8P+k0ksVRfK3d2xq0O/1kPd1M8ncsJcuVW68sJderybsrq8nqowcPVlbf+/D+Bw9fXXnr9WLRv8pKFpdvLi+XqzfLy9WlM7T/T4uix7h/OJLStAsAOHkO7f/3f63q/4ExO77+f/NRxPH3/6H/H4sT1f+evv5/+6WIqe4fjkT/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwZv0499Wb2cFCPr5czD9TTD1XjEsRMRMRf/yH2Th/IOdskWfukPVz/6jhu1JkGUbnuFA8LkXEveLx+7PH/SkAAADA6fX1J9c+z7v1/Gnh0JXzE6yKCckv2sxc+WhM+UoRMbfw05iyzYyenh9Tsuzv+1zsjClbdgHr4piS5Zfczo0r2/8yeyBc3BdKeZiZaDkAAMBEHOwEJtuFAAAAMEmfTbsApqMUe7cy9+4FZ/95//cNwfkDIwAAAOAEKk27AAAAAODYZf2/3/8DAACA0y3//T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+JOd+8lNG4jiAPxsMNB/Kqq671W6g2P0CF12WXGAXoIDdEGv0AtwBrLLESKI8BgCEVIWHttK9H2SMxnL/HiDYDEz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXbqrNst/v7/9aZuzP7STZzQAAADALbtqs6z/maf+h+b+p+bWl6ZfREQZEbfm7qOYXGWOmpzq6fm/l89Xz2r4H1EnHN9j2lzvI+J7cz187vpTAAAAgLdru1ov0mw9/ZkPXRB9Sos25ccfmfKKiKjm95nSymPe10xh9fd7HL8ypdULWLNMYWnJbZwr7UWT08/9vGo3u2iK1JQ3X3ouMtvYAQCAHo2umv5mIQAAAPTt59AFMIwiTluZ563AaWqa7b13Vz0AAADgFSqGLgAAAADoXD3/7+n8v4Pz/wAAAGAY6fw/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAurSrNsvtar1om7M/tJNnNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8sj/vKBACYRAGe9d3JnP/w0qDpqYmVSB8/I3BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABvfveX/xNT40wy99pYeh5J1k6NrVNj79w4+sP4+jUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDF/rykQAgEQRTMGf876fsfVhL0DCJEQMOjilo0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwBf97pf/E1PjTDJ32lg6HknWrhpbV429B42jB+Pt3wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDFzv28xlHFAQD/zszO1rSKMUoOEVHwoBebbmtrb+JBCR78E4SQbmvs1h9tEFuKmIs3ybkX0aOIoMRb/4eeW+il3nrIoYJnZWZnkqlZdEWd2bqfD7x5330M875vFkK+8yYBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDa3hsHcVYcFsdxWo3dfnB9o+jv/KEv3Ny5u1K0Ik7aTPrR8FzzQ7IcEce6SwYAAID5kNX1fUTcy3fXij5dLOv/vD6nqPm/fmIcV/X8J3XJul//L0TZ17V/0X768f4z+xMtjucpLnp+czQ8cTiV3n+1xln35F+e0SvvfPnsJSu/kPTt7af38vJ+Jl/euvVmvwyPtJEtAPCnssnDx+u+Curfh4p+0FpyAMyzXqPwruv/bLHbnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADasLcdx+o4iYiV3kFcuPPg+sak/ubO3ZW6nblxYyc+P7hmcYk8Is5vjoYnWl3NLMkOjVy5eu3i+mg0vNx+8HxEdDX769XyL747xckRndwfwb8UpNWXPSv5PBpBqz+YAACYA3nVirr+Xr67VowlSxG/ffNw/f9SI44p6//775253ZyrWf8PWlvh7FvduvTR6pWr117ZvLR+YXhh+MGrJwevDU6dPX367Gr5rGR1vp+YAAAA8M/1q9as/9Olw/v/RxtxTFn/f/zV4LPmXJn6f6KDTb+uMwEAAJhvT73w6y/JhPGk349P17e2Lg/Gx/3PJ8fHDlL9245UrVn/Z0tdZwUAAAC0YW87eWj//1wjjin3/x//9tnvm9fMImKh2v8/vvHh6Fx7y5lpbfw5cddrBAAAoFsLVWvu/+fl+//p/isPaUS8/OI4rv4N4FT1f/bWF98152q+/3+qvSXOpHR5fD/Kfjmit9x1RgAAAPyfPVa1otj/Od9de/+Ho+/0vf8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0LbfAwAA///cMzsr")
r0 = openat(0xffffffffffffff9c, &(0x7f000000ac40)='./file1\x00', 0x183042, 0x15)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0xc0406618, 0x0)

4.571656603s ago: executing program 2 (id=1098):
syz_mount_image$exfat(&(0x7f0000000080), &(0x7f0000000000)='./bus\x00', 0x800, &(0x7f00000001c0)={[{@allow_utime={'allow_utime', 0x3d, 0x80000001}}, {@umask={'umask', 0x3d, 0x2}}, {@namecase}, {}, {@fmask={'fmask', 0x3d, 0xab}}, {@discard}, {@namecase}, {@utf8}, {@iocharset={'iocharset', 0x3d, 'iso8859-9'}}, {@errors_remount}]}, 0x1, 0x1536, &(0x7f0000001980)="$eJzs3AucjkX7OPDrmpl7rU08bXJYZua6eZLD2CTJIUkOSZIkSU4JSZJXEhJLSNKShOSwJLGE5LAhrfP5fEhok7RJEhLSYf6fjf15e+s99+b9v3t9P5/nY65n7mvuue9r1zP3eD6+7D68dtM6NRoTEfxb8PwfSQAQCwCDASAfAAQAUCG+QnxWf26JSf/eSdjv697USz0Ddilx/XM2rn/OxvXP2bj+ORvXP2fj+udsXP+cjevPWE62dUbhK/iVc1+/z/6/+L8W7////4Q///+HZJYd/+n6slf1AIj5R1O4/jkb1/9/VvCPHMT1z9m4/jlV7KWeAPsvwL//OUGuv9rD9c/ZuP6M5WSXev/5Ur8g8l92D47lPl+Y/3sv+M9eP2OMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wx9gc46y9SAJDdvtTzYowxxhhjjDHG2O/H57rUM2CMMcYYY4wxxth/HoIACQoCiIFcEAu5IQ4EAFwOeSEfROAKiIcrIT9cBQWgIBSCwpAARaAoaDBggSCEYlAconA1lIBroCSUgtJQBhyUhUS4FsrBdVAerocKcANUhBuhElSGKlAVboJqcDNUh1ugBtwKNaEW1IY6cBvUhduhHtwB9eFOaAB3QUO4GxrBPdAY7oUmcB80hfuhGTwAzaEFtIRW0Ppfyn8aesMz0Af6QhL0g/7wLAyAgTAInoPB8DwMgRdgKLwIyTAMhsNLMAJehpHwCoyC0TAGXoWx8BqMg/EwASZCCkyCyfA6TIE3YCq8CdNgOqTCDJgJb8EsmA1z4G2YC+/APJgPC2AhpMG7sAgWwxJ4D5bC+5AOy2A5rICVsApWwxpYC+tgPWyAjbAJNsMW2ArbYDvsgJ2wC3bDB7AHPoS9sA/2w0eQAR//7fzc2TXOzj/zF/k9EBBQoECFCmMwBmMxFuMwDvNgHsyLeTGCEYzHeMyP+bEAFsBCWAgTMAGLYlE0aJCQsBgWwyhGsQSWwJJYEktjaXToMBETsRxeh+WxPFbAClgRK2IlrIyVsSpWxWpYDatjdayBNbAm1sTaWBtvw9uwH9bDelgf62MDbJC9PYWNsTE2wSbYFJtiM2yGzbE5tsSW2BpbYxtsg22xLbbH9tgBO2BH7IidsBN2xs7YBbtgV+yK3bAbdsfu2AN7Ys/Mp3MBPoPPYF+sKfphf+yPAzA51yB8Dp/D53EIvoAv4IuYjMNwOL6EL+HLOBJP4ygcjWNwDFYTr+E4HI8kJmIKpuBknIxTcApmTfRNnI6pOANn4kychbNxNr6Nc/EdfAfn43xciGmYhotwMS7BJbgUz2A6LsPluAJX4ipciWtwLa7B9bgB1+Mm3IRbcAtuw224A3fgLtyFH6ACwA9xH+7DZMzADDyAB/AgHsRDeAgzMRMP42E8gkfwKB7FY3gMj+MJPIkn8BSewtN4Br08f0N/wCcTPm/yQal1ySCyKKFEjIgRsSJWxIk4kUfkEXlFXhEREREv4kV+kV8UEAVEIVFIJIgEUVQUFUYYQSKMAQARFVFRQpQQJUVJUVqUFk44kSgSRTlRTpQX5UUFcYOoKG4UlURl0c5VFVVFNdHeVRe3iBqihqgpaonaoo6oI+qKuqKeqBdbX9QXDUQD0VDcLRqJfjgI7xVZlWkqhmEzMRybixbiwqVAGzES24p2or14WIzGUdhRtHGdxGOisxiHXcSfxHh8QnQTE7G7eEr0ED1FL/G06C3auj6ir5iK/UR/MR0HiIFikHhOzMJa4m2cm7u2eFEki2FiuHhJLMSXxUjxihglRosx4lUxVrwmxonxYoKYKFLEJDFZvC6miDfEVPGmmCami1QxQ8wUb4lZYraYI94Wc8U7Yp6YLxaIhSJNvCsWicViiXhPLBXvi3SxTCwXK8RKsUqsFmvEWrFOrBcbxEaxSWwWW8RWsU1sFzvETrFL7BYfiD3iQ7FX7BP7xUciQ3wsDohPxEHxqTgkPhOZ4nNxWHwhjogvxVHxlTgmvhbHxQlxUnwjTolvxWlxRpwV34lz4nvxg/hR/CS8AIlSSCmVDGSMzCVjZW4ZJy+TeWRw4e5eIePllTK/vEoWkAVlIVlYJsgisqjU0kgrSYaymCwuo/JqWUJeI0vKUrK0LCOdLCsT5bWynLxOlpfXywryBllR3igrycqyiqwqb5LV5M0SIufPUVPWkrVlHXmbTILbZT15h6wv75QN5F2yobxbNpL3yMbyXtlE3iebyvtlM/mAbC5byJaylWwtH5Rt5EOyrWwn28uHZQf5iOwoH5Wd5GOys8z+aX9CdpNPyu7yKdlD9pS95I/yJ+llH9lXQj+Q/eWzcoAcKAfFAoB8Xg6RL8ih8kWZLIfJ4fIlOUK+LEfKV+QoOVqOka/KsfI1OU6OlxPkRJkiJ8nJ8nU5Rb4hp8o35TQ5XabKGXKQHPzzSHOk/Lv5r/9G/tCfz75FbpXb5Ha5Q+6Uu+Ru+YHcI/fIvXKv3C/3ywyZIQ/IA/KgPCgPyUMyU2bKw/KwPCKPyKPyqDwmj8nj8oT8Tn4jT8lv5Wl5Rp6R38lz8pz84cI9AIVKKKmUClSMyqViVW4Vpy5TedTlKq/KpyLqChWvrlT51VWqgCqoCqnCKkEVUUWVVkZZRSpUxVRxFVVX44UfGFValVFOlVWJ6tp/Jl+VUNeokqrUL/Kz55f0V+bXWrVWbVQb1Va1Ve1Ve9VBdVAdVUfVSXVSnVVn1UV1UV1VV9VNdVPdVXfVQ/VQvVQv1Vv1Vn1UH5WkklR/9awaoAaqQeo5NVg9r4aoIWqoGqqSVbIaroarEWqEGqlGqlFqlBqjxqixaqwap8apCWqCSlEparKarKaoKWqqmqqmqWkqVaWqmWqmmqVmqTlqjpqr5qp5ap5aoBaoNJWmFqlFask5771aqtLVMrVMrVAr1Cq1Sq1Ra9Q6tU5tUBvUJrVJpautaqvarrarnWqn2q12qz1qj9qr9qr9ar/KUBnqgDqgDqqD6pA6pDJVpjqsDqsj6og6qo6qY+qYOq6Oq5PqpDqlTqnT6rQ6q86qc+qc+kH9oH5SP2Ut+wIRiEAFKogJYoLYIDaIC+KCPEGeIG+QN4gEkSA+iA/yB1cFBYKCQaGgcJAQFAmKBjowgQ3EhaJHg6uDEsE1QcmgVFA6KBO4oGyQGFwblAuuC8oH1wcVghuCisGNQaWgclAlqBrcFFQLbg6qB7cENYJbg5pBraB2UCe4Lagb3B7UC+4I6gd3Bg2Cu4KGwd1Bo+CeoHFwb9AkuC9oGtwfNAseCJoHLYKWQaug9e86vvenCz7k+ui+Okn30/31s3qAHqgH6ef0YP28HqJf0EP1izpZD9PD9Ut6hH5Zj9Sv6FF6tB6jX9Vj9Wt6nB6vJ+iJOkVP0pP163qKfkNP1W/qaXq6TtUz9Ez9lp6lZ+s5+m09V7+j5+n5eoFeqNP0u3qRXqyX6Pf0Uv2+TtfL9HK9Qq/Uq/RqvUav1ev0er1Bb9Sb9Ga9RW/V2/R2vUPv1Lv0bv2B3qM/1Hv1Pr1ff6Qz9Mf6gP5EH9Sf6kP6M52pP9eH9Rf6iP5SH9Vf6WP6a31cn9An9Tf6lP5Wn9Zn9Fn9nT6nYy9U02ct7rM+3o0yysSYGBNrYk2ciTN5TB6T1+Q1ERMx8Sbe5Df5TQFTwBQyhUyCSTBFTVGThQyZYqaYiZqoKWFKmJKmpCltShtnnEk0iaacKWfKm/KmgqlgKpqKppKpZKqYKuYmc5O52dxsbjG3mFvNraaWqWXqmDqmrqlr6pl6pr6pbxqYBqahaWgamUamsWlsmpgmpqlpapqZZqa5aW5ampamtWlt2pg2pq1pa9qb9qaD6WA6Gu9/+vnbzZ1NF9PFdDVdTTfTzXQ33U0P08P0Mr1Mb9Pb9DF9TJJJMv1NfzPADDCDzCAz2Aw2Q8wQM9QMNckm2Qw3w80IM8KMNCPNKDPajMlaqJrXzDgz3kwwE02KSTGTzWQzxUwxU81UM81MM6km1cw0M80sM8vMMXPMXDPXzDPzzAKzwKSZNLPILDJLzBKz1Cw16SbdLDfLzUqz0qw2q81as9asN+vNRthoNpvNZqvZarab7Wan2Wl2m91mj9lj9pq9Zr/ZbzJMhjlgDpiD5qA5ZA6ZTJNpDpvD5og5Yo6ao+aYOWaOm+PmpDlpTplT5rQ5bc6as+acKXjh89KbWJvbxtnLbB57uc1r89m/jAvZwjbBFrFFrbYFbMFfxMZaW9KWsqVtGetsWZtor/1VXMlWtlVsVXuTrWZvttV/Fde1t9t69g5b395p69jbfhE3sHfZhvZ+2wgRwLawTWwr29Teb5vZB2xz28K2tK1sB/uI7WgftZ3sY7azffxX8SK72K616+x6u8HutfvsWfudPWK/tOfs97aP7WsH2+ftEPuCHWpftMl22K/iMfZVO9a+ZsfZ8XaCnfireJqdblPtDDvTvmVn2dm/itPsu3auXWLn2fl2gV34c5w1pyX2PbvUvm/TbQDL7Qq70q6yq+2a7Ln6fHaT3Wy32D32Q7vd7rA77S67O3shbPfZ/fYjm2E/toftF/ag/dQeskdtpv385zjr+o7ar+wx+7U9bk/Yk/Ybe8p+q7Kzs679G/uj/cl6C4QEJElRQDGUi2IpN8XRZZSHLqe8lI8idAXF05WUn66iAlSQClFhSqAiVJQ0GbJEFFIxKk5Rupqyp1eaypCjspRI11I5uo7K0/VUgW6ginQjVaLKVIWq0k1UjW6m6nQL1aBbqSbVotpUh26junQ71aM7qD7dSQ3oLmpId1Mjuoca073UhO6jpnQ/NaMHqDm1oJbUilrTg9SGHqK21I7a08PUgR6hjvQodaLHqDM9Tl3oT9SVnqBu9CR1p6eoB/WkXvQ09aZnqA/1pSTqR/3pWRpAA2kQPUeD6XkaQi/QUHqRkmkYDaeXaAS9TCPpFRpFo2kMvUpj6TUaR+NpAk2kFJpEk+l1mkJv0FR6k6bRdEqlGTST3qJZNJvm0Ns0l96heTSfFtBCSqN3aREtpiX0Hi2l9ymdltFyWkEraRWtpjW0ltbRetpAG2kTbaYttJW20XbaQTtpF+2mD2gPfUh7aR/tp48ogz6mA/QJHaRP6RB9Rpn0OR2mL+gIfUlH6Svfl76m43SCTtI3dIq+pdOUcfn5Cn1PP9CP9BN5ghBDEcpQhUEYE+YKY8PcYVx4WZgnvDzMG+YLI+EVYXx4ZZg/vCosEBYMC4WFw4SwSFg01KEJbUhhGBYLi4fR8OqwRHhNWDIsFZYOy4QuLBsmhteG5cLrwvLh9WGF8IawYnhjWCmsHN5/Z9XwprBaeHNYPbwlrBHeGtYMa4W1wzrhbWHd8PawXnhHWD+8Mywf3hU2DO8OG4X3hI3De8Mm4X1h0/D+sFn4QNg8bBG2DFuFrcMHwzbhQ2HbsF3YPnw47BA+EnYMHw07hY+FncPHf+6/a/Ff708K+4X9w2fDZ0Pv75ALogujadF3o4uii6NLou9Fl0bfj6ZHl0WXR1dEV0ZXRVdH10TXRtdF10c3RDdGN0U3R7dEva+TCxw64aRTLnAxLpeLdbldnLvM5XGXu7wun4u4K1y8u9Lld1e5Aq6gK+QKuwRXxBV12hlnHbnQFXPFXdRd7Uq4a1xJV8qVdmWcc2VdomvlWrvWro17yLV17Vx797B72D3iHnGPukfdY66ze9x1cX9yXd0Trpt70j3pnnI9XE/Xyz3tertJec9XPMn1d/3dADfADXKD3GA32A1xQ9xQN9Qlu2Q33A13I9wIN9KNdKPcKDfGjXFj3Vg3zo1zE9wEl+JS3GQ32U1xU9xUN9VNc9Ncqkt1M91MN8vNctVmnz/LPDfPLXALXJpLc4tc1ppxiVvqlrp0l+6Wu+VupVvpVrvVbq1b69a79W6j2+g2u81uq9vqtrvtbqfb6Xa73W6P2+P2+nznB3UZ7oA74A66g+6Q+8xlus/dYfeFO+K+dEfdV+6Y+9oddyfcSfeNO+W+dafdGXfWfefOue/dD+5H95PzLiUyKTI58npkSuSNyNTIm5FpkemR1MiMyMzIW5FZkdmROZG3I3Mj70TmReZHFkQWRtIi70YWRRZHlkTeiyyNvB9JjyyLLI+siKyMrIp4X2R76Iv54j7qr/Yl/DW+pC/lS/sy3vmyPtFf68v563x5f72v4G/wFf2NvpKv7Kv4B3xz38K39K18a/+gb+Mf8m19O9/eP+w7+Ed8R/+o7+Qf8539476L/5Pv6p/w3fyTvrt/yvfwPX0v/7Tv7Z/xfXxfn+T7+f7+WT/AD/SD/HN+sH/eD/Ev+KH+RZ/sh/nh/iU/wr/sR/pX/Cg/2o+JedWPzX5Ehok+xU/yk/3rfop/w0/1b/ppfrpP9TP8TP+Wn+Vn+zn+bT/Xv+Pn+fl+gV/o0/y7fpFf7Jf49/xS/75P98uyNxz9ar/Gr/Xr/Hq/wW/0m/xmv8Vv9dv8dr/D7/S7/G7/gd/jP/R7/T6/33/kM/zH/oD/xB/0n/pD/jOf6T/3h/0X/oj/0h/1X/lj/mt/3J/wJ/03/pT/1p/2Z/xZ/50/57/3P/gff17X/ctb4IwxxhhjOciki03xy57z2/n9fiNH/NnB/QHg8h2FMy/25oKsFeXGAuejgSKhQwQAHuvb/d7sV82aSUlJF45OlxAUnw+Q/S9BWWLgYrwM2sMj0AnaQbnfnP9A0fMc/Z3xozcAxP1ZTixcjC+O/wkAJv3G+A8+PGZRxfBs/N8Yfz5AyeIXc3LDxXgZtP95f6UdlP8r8y/Y5u/MP/enKQBt/ywnD1yML84/ER6Cx6HTL478DV9l/u1+xhhjjDHGGGP/kwaKKl2znz+zv/H5W8/nCepiTi64GP+953PGGGOMMcYYY4xdek/07PXog506tev6zzeq/0tZ/3CjGfynRubGbza8B8h+RwHAvzkgQFZD/pFXse0POVfyhV+dv+xa+Z0P4L+jlL9H4xL/xcQYY4wxxhj73V1c9P/yfXWpJsQYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjOVAf8R/J3apr5ExxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhi71P5fAAAA//9Rl/rE")
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, &(0x7f0000002100)=ANY=[@ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000040000,user_id', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])

4.457259389s ago: executing program 3 (id=1099):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setns(0xffffffffffffffff, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_ro(r3, &(0x7f00000000c0)='blkio.bfq.avg_queue_size\x00', 0x0, 0x0)
preadv2(r4, &(0x7f0000000280)=[{&(0x7f0000000340)=""/198, 0xc6}], 0x1, 0x0, 0x0, 0x0)

4.412277132s ago: executing program 0 (id=1100):
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
syz_open_dev$video(&(0x7f0000000000), 0x100000001, 0x0)
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000100)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff000005020524", @ANYRES8=r0, @ANYBLOB="05"], 0x0)

4.044928271s ago: executing program 4 (id=1104):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x804e20}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
io_uring_setup(0x5f45, &(0x7f00000001c0)={0x0, 0x0, 0x2})
setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, 0x0, 0x0)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r5 = socket$qrtr(0x2a, 0x2, 0x0)
r6 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r6, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @private=0x4000000}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe000}, 0x5}], 0x1, 0x0)
r7 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r7, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @private=0x4000000}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[], 0x18}, 0x0)
getpeername$qrtr(r5, 0x0, 0x0)
r8 = socket$l2tp6(0xa, 0x2, 0x73)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, 0x0)
listen(r4, 0x0)

3.490274984s ago: executing program 2 (id=1105):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r2 = socket$unix(0x1, 0x1, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x8000000, {0x0, 0x0, 0x0, r4, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffffd, 0x6}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)

3.301229271s ago: executing program 3 (id=1106):
prlimit64(0x0, 0xe, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x4c, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x40}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x4c}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000000906010200000000000000000500fff7240007800c000180080001406401012008000a40004000020c00028008000140640101000900020073797a31000000000500010007"], 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080)

3.273168555s ago: executing program 2 (id=1108):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_GET_UNALIGN(0x5, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x2014a0, &(0x7f0000000380), 0xfe, 0x57a, &(0x7f00000009c0)="$eJzs3U1rXFUfAPD/nbz0Je3TFEp5dCGBLqzUTprElwou6lK0WNB9HZJpKJn0lsykNLFgurAbN1IEEQviB3DvsvgF/BQFLRQtQRduIndyJ5kkM3lppmbq/H4wk3PuPTPnnLn3f3LO3BkmgJ41kt0VIl6KiK+SiBNN+/oj3zmyWm756Z3J7JbEysrHvyeR5Nsa5ZP871Ce+X9E/PxFxLnC1nqrC4szpUqlPJfnR2uzN0erC4vnr8+WpsvT5RvjExMX35wYf+fttzrW19eu/PXtRw/fv/jlmeVvfnx88n4Sl+JYvq+5H/uw1JwZiZFIIlmKGIhLmwqOdaCybpIcdAN4Jn15nA9ENgaciL486oH/vs8jYgXoUYn4hx7VmAc01vYdWge/MJ68t7oA2tr//tX3RuJwfW10dDnZsDLK1rvDHag/q+On3x7cz27RufchAHa0dDciLvT3bx3/knz8e3YXdlFmcx17HP9W9tgkoMnDbP7zeqv5T5qXOFy/3zz/GWoRu89i5/gvPO5ANW1l8793W85/1y5aDfflueP1Od9Acu16pZyNbf+LiLMxcCjLb3c95+Lyo7bj1Pr8b7A+B8zqb8wF83Y87j+08TFTpVppP31u9uRuxMst57/J2vw3aXH8s9fjyi7rOF1+8Eq7fc3z39b9f75Wfoh4NT/+SxvWROtXtJLtr0+O1s+H0cZZsdWf907/0q7+9v0//hx6u1V2/I+2PP/X+j+cNF+vre69ju8P/11ut2/n49/6/B9MPqmnB/Ntt0u12txYxGDy4dbt4+uPbeQb5bP+nz3TOv63O/+PRMSnu+z/vVP32hY96PM/6//Uno7/3hOPPvjsu3b17+74v1FPnc237Gb8220D9/PaAQAAAAAAQLcpRMSxSArFtXShUCyufr7jVBwtVNJq7dy1dP7GVNS/KzscA4XGle6hps9DjOWfh23kxzflJyLiZER83Xekni9OppWpg+48AAAAAAAAAAAAAAAAAAAAdImhNt//z/zad9CtA547P/kNvWvH+O/ELz0BXcn/f+hd4h96l/iH3iX+oXeJf+hd4h96l/iH3iX+AQAAAAAAAAAAAAAAAAAAAAAAAAAAoKOuXL6c3VaWn96ZzPJTtxbmZ9Jb56fK1Zni7PxkcTKdu1mcTtPpSrk4mc5u+2TJH1FJ05tj4zF/e7RWrtZGqwuLV2fT+Ru1q9dnS9Plq+WBf6tjAAAAAAAAAAAAAAAAAAAA8AKpLizOlCqV8tyLkcia3AXNkFhP9HdHMyRWE43A3vcTHuiwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAb/BMAAP//SgU3vQ==")
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(sm4)\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x80000)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), r4)
writev(r4, 0x0, 0x0)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(r4, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000240)={0x54, r5, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x7f}, {0x6, 0x11, 0xf00}, {0x8, 0x15, 0x8931}}]}, 0x54}}, 0x44000)

3.253269933s ago: executing program 3 (id=1110):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000240)='./bus\x00', 0x2008042, &(0x7f0000000040), 0x1, 0x571, &(0x7f0000000780)="$eJzs3c+PG1cdAPDvzP5yk7SbQA9QAQlQCCiKnXXaqOql5QJCVSVExQFxSJddZ7XEjkPsLd0lUrd/A0ggcYI/gQMSB6SeOHDjiMQBEOWAVCACJUgcBs3Yu+ts7MSNvXaz/nykybyZN+Pve/bOvOdnxy+AmXUuInYjYjEi3oyI5e7+pLvEq50lP+7undtr9+7cXksiy974Z1Lk5/ui55zcye5jliLim1+L+G7yYNzW9s711Xq9dqu7XWk3blZa2zsXNxurG7WN2o1q9crKlUsvXX6xOra6nm388oOvbr72rd/8+tPv/373yz/Mi3Wqm9dbj3HqVH1hP05uPiJeO4pgUzDXXS9OuRw8njQiPhYRnyuu/+WYK/46AYDjLMuWI1vu3QYAjru0GANL0nJEpGm3E1DujOE9GyfSerPVvnCtuXVjvTNWdjoW0mub9dqlM0t//H5x8EKSb68UeUV+sV09tH05Is5ExI+Xniq2y2vN+vp0ujwAMPNO9rb/EfGfpTQtl4c6tc+negDAE6M07QIAABOn/QeA2aP9B4DZM0T73/2wf/fIywIATIb3/wAwe7T/ADB7tP8AMFO+8frr+ZLd6/7+9fpb21vXm29dXK+1rpcbW2vlteatm+WNZnOj+M2exqMer95s3lx5IbberrRrrXaltb1ztdHcutG+Wvyu99XawkRqBQA8zJmz7/0hiYjdl58qluiZy0FbDcdbOsajgCfL3Cgn6yDAE81sXzC7hmrCi07C7468LMB09P0x71Lf5P1++iGC+J4RfKSc/+Tw4//meIbjxcg+zK7HG/9/ZezlACbvscf//zzecgCTl2XJ4Tn/F/ezAIBjaYSv8GXvjKsTAkzVoybzHsvn/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHDMnIqI70WSlou5wNP837Rcjng6Ik7HQnJts167FBHPxNmIWFjKt1emXWgAYETp35Pu/F/nl58/dTh3MfnvUrGOiB/87I2fvL3abt9ayff/a3//0t70YdWD80aYVxAAGN5fhzmoaL+r3XXPG/m7d26v7S1HWMYHfPCV/clH1+7duV0snZz5yLIsiygVfYkT/05ivntOKSKei4i5McTffTciPtGv/kkxNnK6O/Npb/zoxn56ovHT++KnRV5nnT99Hx9DWWDWvJfff149fP3NFVfWueKI/td/qbhDja64/5Ui9u59B/e/veu9VJTmcPz8mj83bIwXfvv1B3Zmy528dyOem+8XP9mPnwyI//yQ8f/0qc/86JUBednPI85H//i9sSrtxs1Ka3vn4mZjdaO2UbtRrV5ZuXLppcsvVivFGHVlb6T6Qf94+cIzg8qW1//EgPidV/7kofov7p/7hSHr/4v/vfmdzx5sLh2O/6XP93/9ny3W/Z//vE384pDxV0/8auD03Xn89QH1f9Trf2HI+O//bWd9yEMBgAlobe9cX63Xa7dGSuTvQj/8WVmWvZOX4SHH5NnDPeBed3G06vwlisTB05JEEqM/P/cn8s7YMAcvjFyd+xJ7wyXjrk6fxPx+X3G8j/zth/+1DEosjhI0HXstHicRp7uJu5MKOpXbETBBBxf9tEsCAAAAAAAAAAAAAAAMMon/wzTtOgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB8/T8AAP//Z1e+LQ==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
r1 = getpid()
syz_pidfd_open(r1, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x5)
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00')
getdents64(r3, &(0x7f0000002f40)=""/4098, 0x1002)

3.141415737s ago: executing program 4 (id=1111):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_COMPAT={0xc, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x2}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELSET={0x64, 0xb, 0xa, 0x801, 0x0, 0x0, {0x7, 0x0, 0x6}, [@NFTA_SET_USERDATA={0x4e, 0xd, 0x1, 0x0, "21d3ea70a11821c1e0fab8ac45e3330884c2fff41c1fa755d6741f23cd8cbc0968c8750a667714fd9283f7549c7827cb69cd42035d266c0277b53c0cd9077d45998b8b724f5b822b18cc"}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0xb8}}, 0x10)
write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff020000000000000000000000000001000000000000000000000000000000000000000000000000860090780000000000000000000000000000ee3f000000002b036f8c006e75021d683910c3090b3188a7c747eb2278a273c1b80029442911892704"], 0xfdef)

2.642399371s ago: executing program 4 (id=1113):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000140))
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000000140)=""/92})
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000140)={'#! ', './file2'}, 0xb)
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
connect$vsock_stream(r1, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)=""/57, 0x0, &(0x7f0000000500)=""/4096})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)

2.505064242s ago: executing program 1 (id=1114):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_io_uring_setup(0x7b, &(0x7f0000000540)={0x0, 0x3bca, 0x10100, 0x0, 0x313}, &(0x7f00000005c0)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
syz_io_uring_submit(r4, r5, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x50, 0x0, r7, 0x0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000002c0)=""/183, 0xb7}], 0x1}, 0x0, 0x40000103, 0x0, {0x4}})
io_uring_enter(r3, 0x46f3, 0x0, 0x0, 0x0, 0x0)
openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0)
write(r6, &(0x7f0000000200)='~', 0x1)
r8 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r9 = syz_open_dev$dri(&(0x7f0000000300), 0x40100001, 0x189002)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r9, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r9, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r10=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r8, 0xc02064b6, &(0x7f00000002c0)={r10, <r11=>0x0, <r12=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r9, 0xc04064a0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000640)=[<r13=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_SETCRTC(r8, 0xc06864a2, &(0x7f0000000580)={&(0x7f0000000040)=[r13, r13], 0x2, r11, r12, 0x3, 0x0, 0xffffffff, 0x804, {0xac7c, 0x1, 0x3, 0x67, 0xf4b, 0x1, 0x2, 0x5, 0x4132, 0xe154, 0x1000, 0x7f, 0x3, 0xffffffff, "fe1d00003413000000000020b42717e47f00"}})
r14 = socket$inet_udp(0x2, 0x2, 0x0)
sendto$inet(r14, &(0x7f0000000000)="170cf31f8e85bcdbb6ad484c26dfa6be3180020cc3ad083eb719a8495180e3411bca5a3904d99c037e2d8e3c1c72fa92fbc31f328a0634a228ba73fca36ab95455c2429a396c437ae822453d5dbfd246cfc6e49f4b77fbb58e3e23beae7970b5bdb6c5d6a4b76a6e910402706986d2c4da7f3cab1ec82c46628456875bad37ebb5c0bef76aeae81b5489235cc4a3533c44fae97f864aa56771761bf7b68f404289dfd955fc20d7c7eb05951df334942d46ba78c78f3c72a7e827134798ba9e611ff2de814c88b7ee20d6163a99b26f4756f5ed20986bfe8de8c2292656a566df0117b53931975aaafdc881", 0xeb, 0x4000810, &(0x7f0000000100)={0x2, 0x4e21, @remote}, 0x10)
setsockopt$IPT_SO_SET_REPLACE(r14, 0x4000000000000, 0x40, &(0x7f00000019c0)=@raw={'raw\x00', 0x4001, 0x3, 0xa38, 0x0, 0xb, 0x148, 0x0, 0x148, 0x9a0, 0x240, 0x240, 0x9a0, 0x215, 0x3, 0x0, {[{{@ip={@local, @local, 0x0, 0x0, 'ip6gretap0\x00', 'veth0\x00', {}, {}, 0x11}, 0x2e8, 0x880, 0x8e8, 0x0, {0xff0f000000000000}, [@common=@inet=@udp={{0x30}}, @common=@unspec=@u32={{0x7e0}, {[], 0x1}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}, {{@ip={@broadcast, @broadcast, 0x0, 0x0, 'team0\x00', 'netpci0\x00'}, 0xec010000, 0x98, 0xb8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0xa98)

2.444360217s ago: executing program 0 (id=1115):
r0 = socket(0x400000000010, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
preadv2(0xffffffffffffffff, 0x0, 0x0, 0x2b, 0x0, 0x0)
openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000340)={'bridge_slave_0\x00', 0x4088})

2.442599342s ago: executing program 4 (id=1116):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setns(0xffffffffffffffff, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_ro(r3, &(0x7f00000000c0)='blkio.bfq.avg_queue_size\x00', 0x0, 0x0)
preadv2(r4, &(0x7f0000000280)=[{&(0x7f0000000340)=""/198, 0xc6}], 0x1, 0x0, 0x0, 0x0)

2.007641294s ago: executing program 3 (id=1117):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socket$igmp6(0xa, 0x3, 0x2)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000001700), 0x0, 0x4044012)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r2 = socket$kcm(0x2, 0x5, 0x84)
sendmsg$inet(r2, &(0x7f0000000240)={&(0x7f0000000080)={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f0000000100)=[{&(0x7f00000006c0)="10", 0x1}], 0x1}, 0x24000900)
r3 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x4000040)
sendmsg$inet(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="5c00000014006b03000000d86e6c1d0002847ea622fb564500004e23e3f58e76110165f450e71b0075e3002500028d459e37000f0000000000bf9367b47e51f60a64c9f4d4938037e786a6d0bdd700"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x840)

2.006981263s ago: executing program 2 (id=1118):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r2 = socket$unix(0x1, 0x1, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x8000000, {0x0, 0x0, 0x0, r4, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffffd, 0x6}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)

1.634329791s ago: executing program 1 (id=1119):
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x490420, 0x2}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20c01, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, 0x0)

1.608939317s ago: executing program 1 (id=1120):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_int(r0, &(0x7f0000000040)='notify_on_release\x00', 0x2, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e21, @broadcast}, 0x10)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
connect$inet(r1, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10)
sendto(r1, &(0x7f00000002c0)='%', 0x300000, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$xdp(0x2c, 0x3, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x1, 0x0, 0xab}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0xa, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

1.533228999s ago: executing program 1 (id=1121):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000300)={{0x1, 0x1, 0x18, <r5=>r0, {0x4}}, './file0\x00'})
sendmsg$inet6(r5, 0x0, 0xc091)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
ptrace$PTRACE_GETSIGMASK(0x420a, r2, 0x0, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000e40)=@raw={'raw\x00', 0x3c1, 0x3, 0x4c0, 0x0, 0x18c, 0x203, 0x8000000, 0x19030000, 0x3f0, 0x2e0, 0x2e0, 0x3f0, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x2d8, 0x300, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{0x1d}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0xe}, {}, {0x0, 0x0, 0x3}, {0x2}, {}, {0x0, 0x0, 0x0, 0x1}, {}, {}, {0x16}, {}, {}, {0x7}, {}, {0x0, 0x0, 0x0, 0x101}, {}, {}, {}, {}, {}, {}, {0xfffe}, {}, {}, {}, {0x0, 0xfd}, {}, {0x7a04}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x800}, {}, {0xb84, 0x0, 0x0, 0xf00}, {0x0, 0x1, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}]}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0x4}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0xb, 'syz1\x00', {0x6c8}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x520)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x33, 0x1, 0x270bd26, 0x25d7dbfc, {0x3, 0x0, 0x4000}}, 0x14}, 0x1, 0x8000000000000, 0x0, 0xc0}, 0x8004)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x1000000000000003, &(0x7f0000000800)={<r7=>0xffffffffffffffff}, 0x106, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000280)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x107fe, @empty, 0x2}, {0xa, 0x4e20, 0x5, @dev={0xfe, 0x80, '\x00', 0x22}, 0x7}, r7, 0xb}}, 0x48)
r8 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_GETKMSGREDIRECT(r8, 0x4b4b, &(0x7f0000000000))
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
write$RDMA_USER_CM_CMD_GET_EVENT(0xffffffffffffffff, &(0x7f0000000180)={0xc, 0x8, 0xfa00, {&(0x7f0000000f80)}}, 0x10)

1.501981816s ago: executing program 2 (id=1122):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$SIOCGETMIFCNT_IN6(0xffffffffffffffff, 0x89e0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_ACCEPT(r3, &(0x7f0000000300)={0x8, 0x11f, 0xfa00, {0x2, {0x2, 0xffffffff, "4a98d70a878ede23c879faa64e0c5564b6de8fa7b15b3515a1f66f0ba2c23401426d9ff3efc29b11e0bdde9888033df2510062afde80a7cbaf76e4c7aefda0f63632ba26ccd2bf137c0a33edf822e9f0b241d4051f59e9ceedcebeb49f90a2af53644e1d0d026018141603e3b4473f5ab32e3d3ab7833b751d8a6a0c415faee570f3f185aa5715db1b6779730915a1cbe4dce4607ab639150d18e1226f187a10fbdd5f9de786ae868879005073fcd69f944e069eae46e6992f8cbfdf895769a6356c54d886da9b0a2b5276e40c813edc107e7fb425c952744d15e9a4c5bfe9ae283e6789c1dbc0e34655c2a1e7a600b3fd63cf5b7986b09d0b1a8aa8a5bc84ba", 0x5, 0x10, 0xee, 0x86, 0x1, 0xac, 0x10, 0x1}}}, 0x128)
r4 = syz_open_dev$media(&(0x7f00000012c0), 0x66, 0x180502)
ioctl$MEDIA_IOC_G_TOPOLOGY(r4, 0xc0487c04, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001440), 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)})
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r5, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r6 = socket$packet(0x11, 0x2, 0x300)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
setsockopt$sock_attach_bpf(r6, 0x1, 0x32, 0x0, 0x0)

1.134810707s ago: executing program 4 (id=1123):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
socket$packet(0x11, 0x2, 0x300)
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000080)='./file0\x00', 0x400, &(0x7f00000004c0)=ANY=[@ANYBLOB="6e6f626172726965722c6e6f657874656e745f63616368652c6673796e635f6d6f64653d7374726963742c696e6c696e655f78617474720000693a653d3078303030303030303030303030303766662c736d61636b6673726f6f080000006673f52b00e58abba2d0cc27be339f6f4fe5ad35a724e1531a622f050000008586eb5ba3614d2c24abf5a2614c0f111e057112dafd66336a5e3b6512b81cda80be6e9a34ccc2b88c0100008000000000e3f5def862b95c20ee847008000b0c22653d2ff39b36732e46b56357afe57094f42ba61c5e8b4e184d7dd50000000000000000c0469264c247cd3c7fcb39043dda97538456bc294ae31e525d3b664cf8e83b52b1885b866b58698b3f132aced62a4fc7c8c400b805173d7488a35708d2523190c0014689f57be6ee3f5d28935a0000000000000000000000000000000000000059c1403d010001008ab61fa90695a8b268c277645c1e357ec9316354f659d4244fe126a8364eaa0de6bf4ba21c767782a04bdbb8c86d0cc7e3f03f8ef15c0ee311768cccb8affb0ae5d7cd0000000097676c046a6c754c98dd5f400ad99a588d983ae6e07b4e0e0907266aca53b30a815a84295fb5eab2f263613d36994dc15562892c33ed149270907e9c2e4d0cac7dd9735621a0c6768d4f70c664699157854bb1b85ce3f6ea44456e4f1ae1575315d77f2b995ce4d6ce21b17ca891c155ddd9916e997c32e78231e8d54675e4edf480980023b9736180ff98cf93f888eb70abb728b7e91a5d75b7e43e54f92b6e679249576f12533bef1c93aa993977f15c0a7b595423444db6e87480c46c408f6d48afa1ba"], 0x1, 0x5514, &(0x7f0000005d80)="$eJzs3M1rI2UYAPAn7Xa/XYt48LYDi9DCJmy67aK3qrv4gV3KqgdPmiZpyG6SKU2a1p48eBQPnv0nRMGTR/8GD569iQfFm6BkZqpbP8ClSWPb3w8mz7xv3jzzvGFZeGZKAjiz5pNffirFtbgUEbMRcTUiOy8VR2Y1D89FxPWImHnsKBXzf0ycj4jLEXFtlDzPWSre+vTm8MbKj2/8/PW3F85d+fyr76a3a2Dano+I7lZ+vtvNY9rK48NivjZsZ7G7PCxi/kb3UTFO87jb3Mgy7NYO1tWyeLuVr0+3dvqjuNmp1Uex1d7M5rd6+QX7w9ZBnuwDD2vb2bjR3Mhiu59msbWf17W3n//ftt8f5HkaRb4PsvQxGBzEfL6518z3s/Uoi/XeoJjP86aN5t4oDotYXC7qaaeR1bFxlG/6/+3Ndm9nLxk2t/vttJesVKovVKp3ytXttNEcNJfLtW7jznKy0OqMlpUHzVp3tZWmrU6zUk+7i8lCq14vV6vJwt3mRrvWS6rVyu3KrfLKYnF2M3n1/jtJp5EsjOLL7d7OoN3pJ5vpdpJ/YjFZqtx+cTG5UU3eWltP1h/cu7e2/vZ7d9+9/9La668Ui/5WVrKwdGtpqVy9VV6qLp6h/X9UFD3G/cORlJ5s+YVJ1QFwguj/gWmYXP+//SBi8v1/6P/H4kT1vxPr/z87s/uHI3nC/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNPj+7kvXstO5vPxlWL+qWLqmWJcioiZiPjtH8zG+UM5Z4s8c/+yfu4vNXxTiizD6BoXiuNyRKwWx69PT/pbAAAAgNPryw+vf5J36/nL/LQL4jjlN21mrr4/pnyliJib/2FM2WZGL8+OKVn27/tc7I0pW3YD6+KYkuW33M6NK9t/MnsoXHwslPIwc6zlAAAAx+JwJ3C8XQgAAADH6eNpF8B0lOLgUebBs+DsL+//fCB46dAIAAAAOIFK0y4AAAAAmLis//f7fwAAAHC65b//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv7NzP7lpA1EcgJ8NLvSfiqru26N0B8foEbrssuIAvQRHoFfIBTgD2eUIEUR4HBSiJIrisa2Q75PMMBb8/IzwYmakAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALp0Wa0X//9+/9c2Z7dv54WX/dG2bgAAAHgLttV6Ub+Zpf7H5vzn5tTXpl9ERBkRD43dR/HuJHPU5FSPfL66V8NFRJ1wuMakOT5ExM/muP7S9a8AAAAA52uzXM3TaD29zIYuiD6lSZvy069MeUVEVLOrTGnlIe9bprD6/z2OP5nS6gmsaaawNOU2zpX2LPXjfpy1m95pitSUT38/270DAAA9Gp00/Y5CAAAA6NPvoQtgGEXcLmUelwInqWmW996f9AAAAIBXqBi6AAAAAKBz9fjf/n8AAABw3tL+fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHRpW60Xm+Vq3jZnt28nz90AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADADfvzjgIhEAZhsHd9ZzL3P6w0aGpqUgXCx98YDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvPndX/5PTI0zydxrY+l5JFk7NbZOjb1z4+gP4+vXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABc7M9tCoAgEIbBrezrX3j/w8YLeoYIZkB42EVBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBH7hnLOLXO2BJPVbVME3vGvaqOrBJnVokrF/p4sPUPfwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMvO/bzGUcUBAH8zs7NJq+IaZQ8RseBBLzbd1tbexIMSPPgnCCHd1titP9ocbClCLt4k515EjyKCEm/9H3puoZd662EPFTxX5lcy+XFYhZ3ZZD8fePO+Mwzzvm8WQr77XgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADsM/5wL06yQ6+I4/Law2d317P+0YE+c3/78XLWsjhqMunj4Y36SdSvnSw2nwwAAADzIanq+xDCk3RnNevjXl7/p9U9Wc3/00tFXNXzB+v+qq9q/6z9+cfT13YH6hXjZA+9ujEanjucSmd6s5xhz1+e4KZO/ubz716S/AOJP9l6dZzm7zP64cGDj7p5uDD9dAGA/+ds1ZdB9ftQ1g/aTAyAudGpFd5V/Z/02s0JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAnjrfBCFUchhOXOXpx59Ozu+lH9/e3Hy1W7dO/edv2Z2SPSEMLVjdHwXFhscDaz7dbtO9fXRqPhzeaDN0MIbY3+QTn9659NcHMIU0rjTEtvfs6CuPywZyWf4xG0+EMJAIATKS1bVtc/SXdWs2vRUgjPf95f/79di8OE9f/Tzy89rI9Vr/8Hjc1w9q1s3vh65dbtO+9u3Fi7Nrw2/PK984P3BxcuX7x4eSX/rqQ4tp0mAAAAx1i3bPX6P146vP5/uhaHCev/b34cfFcfK1H/H2lv0a/tTAAAAObbK2f++Ts64nrU7YZv1zY3bw6K4+75+eLYQqr/2ULZ6vV/stR2VgAAAEATxlvRvvX/K7U4TLj+/+Ivr/9Wf2YSQjhVrv+fXf9qdKW56cy0qfzx8EL5cDsLAAAAKOvxUwfW/9N8/3+8u+UhDiG881YRl/8GcKL6P/n4+1/rY9X3/19oboozKe4X7yPv+yF0+m1nBAAAwEm2mLdeXv//le6sfvH76U+79v8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANO3fAAAA///FdTwZ")
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
fdatasync(r4)
socket$inet(0x2, 0x1, 0x0)

1.053341975s ago: executing program 3 (id=1124):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, 0x0, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0xfffffffffffffe8d, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x8d, 0x11e41e7b, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x4, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x4}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x24000815}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB], 0x0, 0x4a}, 0x28)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xe0}, 0x1, 0x0, 0x0, 0x1}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x25dfdbfc, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_XMIT_HASH_POLICY={0x5, 0xe, 0x2}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4}, 0x0)

992.458057ms ago: executing program 0 (id=1125):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000002500)=ANY=[@ANYBLOB="380000004800010029bd7000ffdbdf250a00", @ANYRES32, @ANYBLOB="010000000800020002000000140001"], 0x38}, 0x1, 0x0, 0x0, 0x24048804}, 0x20000840)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
fanotify_mark(0xffffffffffffffff, 0x2, 0x0, 0xffffffffffffffff, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="1200000004000000040000001200000000000000", @ANYRES32, @ANYBLOB='\b\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/21], 0x48)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sysvipc/shm\x00', 0x0, 0x0)
read$FUSE(r4, &(0x7f0000002480)={0x2020}, 0x2020)
r5 = syz_open_dev$evdev(0x0, 0x0, 0x121041)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000000c0)={0x0, 0x0, 0x0, {0x0, 0x100000000000001}, {0x74, 0x2}})
write$evdev(r5, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x6, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f00000004c0)='fdinfo\x00')
fchdir(r6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x4008032, 0xffffffffffffffff, 0x0)

543.947332ms ago: executing program 1 (id=1126):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001000)=ANY=[@ANYBLOB="0b0000000500000004000000afa9000009"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000740)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffff9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

469.201921ms ago: executing program 2 (id=1127):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000240)='./bus\x00', 0x2008042, &(0x7f0000000040), 0x1, 0x571, &(0x7f0000000780)="$eJzs3c+PG1cdAPDvzP5yk7SbQA9QAQlQCCiKnXXaqOql5QJCVSVExQFxSJddZ7XEjkPsLd0lUrd/A0ggcYI/gQMSB6SeOHDjiMQBEOWAVCACJUgcBs3Yu+ts7MSNvXaz/nykybyZN+Pve/bOvOdnxy+AmXUuInYjYjEi3oyI5e7+pLvEq50lP+7undtr9+7cXksiy974Z1Lk5/ui55zcye5jliLim1+L+G7yYNzW9s711Xq9dqu7XWk3blZa2zsXNxurG7WN2o1q9crKlUsvXX6xOra6nm388oOvbr72rd/8+tPv/373yz/Mi3Wqm9dbj3HqVH1hP05uPiJeO4pgUzDXXS9OuRw8njQiPhYRnyuu/+WYK/46AYDjLMuWI1vu3QYAjru0GANL0nJEpGm3E1DujOE9GyfSerPVvnCtuXVjvTNWdjoW0mub9dqlM0t//H5x8EKSb68UeUV+sV09tH05Is5ExI+Xniq2y2vN+vp0ujwAMPNO9rb/EfGfpTQtl4c6tc+negDAE6M07QIAABOn/QeA2aP9B4DZM0T73/2wf/fIywIATIb3/wAwe7T/ADB7tP8AMFO+8frr+ZLd6/7+9fpb21vXm29dXK+1rpcbW2vlteatm+WNZnOj+M2exqMer95s3lx5IbberrRrrXaltb1ztdHcutG+Wvyu99XawkRqBQA8zJmz7/0hiYjdl58qluiZy0FbDcdbOsajgCfL3Cgn6yDAE81sXzC7hmrCi07C7468LMB09P0x71Lf5P1++iGC+J4RfKSc/+Tw4//meIbjxcg+zK7HG/9/ZezlACbvscf//zzecgCTl2XJ4Tn/F/ezAIBjaYSv8GXvjKsTAkzVoybzHsvn/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHDMnIqI70WSlou5wNP837Rcjng6Ik7HQnJts167FBHPxNmIWFjKt1emXWgAYETp35Pu/F/nl58/dTh3MfnvUrGOiB/87I2fvL3abt9ayff/a3//0t70YdWD80aYVxAAGN5fhzmoaL+r3XXPG/m7d26v7S1HWMYHfPCV/clH1+7duV0snZz5yLIsiygVfYkT/05ivntOKSKei4i5McTffTciPtGv/kkxNnK6O/Npb/zoxn56ovHT++KnRV5nnT99Hx9DWWDWvJfff149fP3NFVfWueKI/td/qbhDja64/5Ui9u59B/e/veu9VJTmcPz8mj83bIwXfvv1B3Zmy528dyOem+8XP9mPnwyI//yQ8f/0qc/86JUBednPI85H//i9sSrtxs1Ka3vn4mZjdaO2UbtRrV5ZuXLppcsvVivFGHVlb6T6Qf94+cIzg8qW1//EgPidV/7kofov7p/7hSHr/4v/vfmdzx5sLh2O/6XP93/9ny3W/Z//vE384pDxV0/8auD03Xn89QH1f9Trf2HI+O//bWd9yEMBgAlobe9cX63Xa7dGSuTvQj/8WVmWvZOX4SHH5NnDPeBed3G06vwlisTB05JEEqM/P/cn8s7YMAcvjFyd+xJ7wyXjrk6fxPx+X3G8j/zth/+1DEosjhI0HXstHicRp7uJu5MKOpXbETBBBxf9tEsCAAAAAAAAAAAAAAAMMon/wzTtOgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB8/T8AAP//Z1e+LQ==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
r1 = getpid()
syz_pidfd_open(r1, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x5)
r4 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00')
getdents64(r4, &(0x7f0000002f40)=""/4098, 0x1002)

468.922592ms ago: executing program 1 (id=1128):
syz_mount_image$bfs(&(0x7f0000000000), &(0x7f0000000240)='./bus\x00', 0x8008, &(0x7f0000000100)=ANY=[@ANYRES64=0x0], 0xf, 0xab, &(0x7f0000010140)="$eJzs1zGKwkAYBeB/s7CbdptFsLBO4x08ilhqI1aK4A3Ei3gVj5DewiKtiCOYiIidRQT5vmLgzWPgtbM7brubIiKtIlLRme7T3Wy+GA8n9Rl8pCwifiMij4jeX50Pg7r7avqyWo7K6vv58c+69b0AAMDrsug/5nNqLk7NL/Aa/m993vI+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHe7BAAA//+dfyiL")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x143042, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='rdma.current\x00', 0x275a, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x40, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file7\x00', 0x105042, 0x1ff)
linkat(0xffffffffffffff9c, &(0x7f0000000000)='./file4\x00', 0xffffffffffffff9c, &(0x7f00000006c0)='./file5\x00', 0x0)
syz_mount_image$udf(&(0x7f0000000000), &(0x7f0000000080)='./bus\x00', 0x1000000, &(0x7f0000000040)=ANY=[@ANYBLOB='\x00'], 0x2, 0x58a, &(0x7f0000000740)="$eJzs3c1rXWkZAPDnPc1NbzrtzJ22ttaOckHBMmJJ006qpjjWyQSE4oRp04UrY5N2wtwkJclIOgzahejG/8HVbBRkQN0ILnTrQnciA67ErVEGBhRHOSfnfiUZk5mbm4/m94PknnvOcz7eAwk872cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABFff/nm8JW0308BAAAA9NM3b786PCL/BwAAgCfaHe3/AAAAAAAAAHDYpcjih5Fi9dRaOll8X1e9NbfwxurU+MTWpw2l4sxjRXz+U70ycvXaC6PXv9T8/P/n77YL8crtOzfrLy3OP1yaXV6enalPLczdW5yZ3fEVej1/o+eLF1Cff/2Nmfv3l+sjl692HV6t/e34U+dqY19++eytZuzU+MTE7Y6YgcrHvvsmengAAAAcbYORxbVIcefiz9OpiMii91x4m7qDfhuKWp5/F4WYGp8oCtKYm15YyQ9ONhPhWndOPNjMkfcgF+9JLeJ0/qyDMnoAAAB2rhJZfCZSXPhgLT0dEceaefAXiokBt79AbQ8ecgsDEXEmIi7FIcjZAQAAYJ8djyxejRS/adTimTKvLvL/r0WM7ffDAQAAALtiILK4HineG1tLtaI/QEQ8PzU+Ub91t/6NhfuLHbGTqWxRP+zjA/aSvgkAAAAcANXI4lTR4r+Wnv2QmIE9fiYAAABgdw1FFv+KFJ9/8bvFvHJRzEv/zNhXTt6Y6Jxh7vw218ljL0fExR2Oya+Ucw1OpsmUsk1Xe7wrhQMAAAAK1ZTFXyPF+3+uFt8vlbl50ugPAAAAT46UxQ8ixVcn11LasC79sY71/VsO+9j//j7/UPWlxYePluYevLay5fET1ZvfWV5Zmr639eH1tQu7ukNst44hAAAA7EAlZfHPSPH7xjutvLNcA6DsAdBONN++0c5Nq2nD0aLe4Omi3qA1huCpkZHO7S1T1o8wP16tvO+x3osNAAAAR0pKWQxGis/97pPl2v8nYlMbdBn3h0hxY/G5Mi4bzOOawwRqxe/q/bnG7HAeOx4pftloxkYRe7yMPdOOvZLH/ja/7nR3bLWMPduOHcljP4gUry1tHfuJduzVPHYpUvzsJ/Vm7Ik89mQZe64de/neYmOmby8YAAAADoBKyuJXkeLH/663hvx3t/+3W9vffqvd3r9pgr4PafPvtf2/1rHvcVkPcbysrxjYpr7ilUhx4dnnmuUp6gqa3QrW1zpo11f8I1Isfas7drCMPd2OvbLjFwsAAAAHSLP//x/v/rrV5b7MgcuvW+f/n9o4P2Cf8v/ONQnzey4/evP16UZjdmk/Nyof8azvR0TXnnQQSmHjv6WD8jx7ulH+UT0+KM/T60Zv/wcBAOAoyPP/u5Fi9b13W+3dZf5fdpVv5//vf6+d/49tvFCf8v/THfvGyvkGKgMR1ZX5h5XzEdXlR29+cW5++sHsg9mFq6MvjA6Pjl6/NlIZbDbut7d6flcAAABwWOX5/3Ck+PuPftoan7+T9v8TGy/Up/z/TMe+/J7tRr98z196LT4AAAAcCXn+/4tI8aeL77Tm0evO/zvm/3+rPc7+0mfXewu0agf6lP+f7dhXK+4bMbRLZQcAAAAAAAAAAAAAAAAAAICDopKy+E+keLc6kMoJ/3c0/9/Mxgv1afz/uY59M7E36//1/FIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgkMoii7lI8enza+nFfMe3I052fgIAAACH3v8CAAD//16XHzs=")
write$binfmt_script(r0, &(0x7f00000008c0), 0xfecc)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000006ac0)='cpuacct.stat\x00', 0x275a, 0x0)
openat$incfs(0xffffffffffffff9c, &(0x7f0000000640)='.log\x00', 0xa5d, 0x1)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x161442, 0xb6)
syz_clone(0x2000400, 0x0, 0xfffffebf, 0x0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='pids.current\x00', 0x275a, 0x0)
open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpu.stat\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='freezer.state\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)

97.540812ms ago: executing program 4 (id=1129):
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x20)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r3}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[], 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
io_setup(0x30, &(0x7f0000000600)=<r4=>0x0)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002)
io_submit(r4, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000540)=@newlink={0x4c, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1159b}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_FWMARK={0x8, 0x14, 0x200}, @IFLA_GRE_FLAGS={0x8, 0xd, 0x100}]}}}]}, 0x4c}}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r5 = syz_open_dev$video4linux(&(0x7f0000000000), 0x73, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r5, 0xc0305602, &(0x7f0000000040)={0x0, 0x1, 0x2011, 0x1000000})
socket$nl_generic(0x10, 0x3, 0x10)

68.081344ms ago: executing program 0 (id=1130):
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x490420, 0x2}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20c01, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, 0x0)

23.003951ms ago: executing program 0 (id=1131):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_NET_SET(r0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2805}, 0x0)

0s ago: executing program 0 (id=1132):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r2 = socket$unix(0x1, 0x1, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x8000000, {0x0, 0x0, 0x0, r4, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffffd, 0x6}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)

kernel console output (not intermixed with test programs):

named from eth3
[   26.595124][ T6531] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   26.600736][ T6531] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   26.608289][ T6531] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   26.610417][ T6531] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   26.622224][ T6530] 8021q: adding VLAN 0 to HW filter on device bond0
[   26.624175][ T6529] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.624225][ T6529] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.624307][ T6529] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.624345][ T6529] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.650097][ T6537] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   26.656559][   T41] bridge0: port 1(bridge_slave_0) entered disabled state
[   26.657838][   T41] bridge0: port 2(bridge_slave_1) entered disabled state
[   26.659310][   T41] bridge0: port 1(bridge_slave_0) entered disabled state
[   26.661036][   T41] bridge0: port 1(bridge_slave_0) entered disabled state
[   26.662253][   T41] bridge0: port 2(bridge_slave_1) entered disabled state
[   26.665034][   T41] bridge0: port 2(bridge_slave_1) entered disabled state
[   26.673054][ T6530] 8021q: adding VLAN 0 to HW filter on device team0
[   26.675650][ T6537] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   26.677972][ T6537] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   26.685477][ T6537] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   26.691966][   T15] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.692032][   T15] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.698090][ T6528] 8021q: adding VLAN 0 to HW filter on device bond0
[   26.706483][   T15] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.706541][   T15] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.712986][ T6528] 8021q: adding VLAN 0 to HW filter on device team0
[   26.717119][   T15] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.717171][   T15] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.729927][   T15] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.729980][   T15] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.742895][ T6530] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   26.742955][ T6530] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   26.754293][ T6529] 8021q: adding VLAN 0 to HW filter on device bond0
[   26.758670][ T6531] 8021q: adding VLAN 0 to HW filter on device bond0
[   26.785928][ T6529] 8021q: adding VLAN 0 to HW filter on device team0
[   26.796112][ T6528] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   26.798370][ T6531] 8021q: adding VLAN 0 to HW filter on device team0
[   26.800642][ T2677] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.800693][ T2677] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.810911][   T15] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.810964][   T15] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.811305][   T15] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.811327][   T15] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.814653][   T15] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.814683][   T15] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.826050][ T6537] 8021q: adding VLAN 0 to HW filter on device bond0
[   26.839157][ T6529] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   26.841276][ T6529] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   26.869359][ T6537] 8021q: adding VLAN 0 to HW filter on device team0
[   26.875187][   T15] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.875246][   T15] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.880704][ T6530] 8021q: adding VLAN 0 to HW filter on device batadv0
[   26.881971][   T42] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.882023][   T42] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.889166][ T6528] 8021q: adding VLAN 0 to HW filter on device batadv0
[   26.933179][ T6529] 8021q: adding VLAN 0 to HW filter on device batadv0
[   26.940995][ T6528] veth0_vlan: entered promiscuous mode
[   26.956073][ T6530] veth0_vlan: entered promiscuous mode
[   26.958370][ T6530] veth1_vlan: entered promiscuous mode
[   26.973636][ T6528] veth1_vlan: entered promiscuous mode
[   26.981403][ T6530] veth0_macvtap: entered promiscuous mode
[   26.990493][ T6529] veth0_vlan: entered promiscuous mode
[   26.995654][ T6528] veth0_macvtap: entered promiscuous mode
[   27.002332][ T6530] veth1_macvtap: entered promiscuous mode
[   27.008427][ T6530] batman_adv: batadv0: Interface activated: batadv_slave_0
[   27.015423][ T6529] veth1_vlan: entered promiscuous mode
[   27.018843][ T6528] veth1_macvtap: entered promiscuous mode
[   27.021276][ T6530] batman_adv: batadv0: Interface activated: batadv_slave_1
[   27.027118][ T6531] 8021q: adding VLAN 0 to HW filter on device batadv0
[   27.032288][ T6528] batman_adv: batadv0: Interface activated: batadv_slave_0
[   27.038604][ T6530] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   27.040140][ T6530] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   27.041689][ T6530] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   27.043129][ T6530] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   27.048352][ T6528] batman_adv: batadv0: Interface activated: batadv_slave_1
[   27.052413][ T6537] 8021q: adding VLAN 0 to HW filter on device batadv0
[   27.055916][ T6528] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   27.057381][ T6528] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   27.058920][ T6528] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   27.060463][ T6528] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   27.097005][ T6529] veth0_macvtap: entered promiscuous mode
[   27.112926][ T1954] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   27.112986][ T1954] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   27.120255][ T6531] veth0_vlan: entered promiscuous mode
[   27.122043][ T6531] veth1_vlan: entered promiscuous mode
[   27.126417][ T6529] veth1_macvtap: entered promiscuous mode
[   27.135130][ T6529] batman_adv: batadv0: Interface activated: batadv_slave_0
[   27.138603][ T6529] batman_adv: batadv0: Interface activated: batadv_slave_1
[   27.149657][   T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   27.149947][   T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   27.151785][ T6529] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   27.151817][ T6529] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   27.151842][ T6529] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   27.151863][ T6529] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   27.181293][ T2677] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   27.181336][ T2677] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   27.188899][ T6531] veth0_macvtap: entered promiscuous mode
[   27.189895][ T6531] veth1_macvtap: entered promiscuous mode
[   27.198753][ T1954] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   27.198794][ T1954] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   27.211943][ T6530] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   27.221115][ T6531] batman_adv: batadv0: Interface activated: batadv_slave_0
[   27.224493][ T6531] batman_adv: batadv0: Interface activated: batadv_slave_1
[   27.225319][ T6531] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   27.225341][ T6531] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   27.225355][ T6531] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   27.225370][ T6531] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   27.238554][ T6537] veth0_vlan: entered promiscuous mode
[   27.240077][ T6537] veth1_vlan: entered promiscuous mode
[   27.252769][ T1954] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   27.252813][ T1954] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   27.292734][   T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   27.292773][   T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   27.296078][ T6537] veth0_macvtap: entered promiscuous mode
[   27.299229][ T6537] veth1_macvtap: entered promiscuous mode
[   27.305430][ T6537] batman_adv: batadv0: Interface activated: batadv_slave_0
[   27.307847][ T6537] batman_adv: batadv0: Interface activated: batadv_slave_1
[   27.310184][ T6537] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   27.311738][ T6537] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   27.322134][ T6537] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   27.325077][ T6537] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   27.347007][ T1954] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   27.347053][ T1954] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   27.380724][   T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   27.382399][   T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   27.421185][   T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   27.421215][   T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   27.472131][ T6652] Bluetooth: MGMT ver 1.23
[   27.566366][ T6659] IPVS: sync thread started: state = BACKUP, mcast_ifn = bond0, syncid = 8, id = 0
[   27.570204][ T6657] IPVS: stopping backup sync thread 6659 ...
[   27.571873][   T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   27.571908][   T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   27.634291][ T6657] netlink: 64 bytes leftover after parsing attributes in process `syz.3.7'.
[   27.669384][ T6663] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   27.669620][ T6663] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   27.756360][ T6670] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(10)
[   27.756412][ T6670] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[   27.760351][ T6670] vhci_hcd vhci_hcd.0: Device attached
[   27.763491][ T6670] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(12)
[   27.763529][ T6670] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   27.765894][ T6670] vhci_hcd vhci_hcd.0: Device attached
[   27.767507][ T6670] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[   27.770780][ T6670] vhci_hcd vhci_hcd.0: pdev(3) rhport(3) sockfd(16)
[   27.770809][ T6670] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[   27.774839][ T6670] vhci_hcd vhci_hcd.0: Device attached
[   27.782189][ T6670] vhci_hcd vhci_hcd.0: pdev(3) rhport(4) sockfd(18)
[   27.782237][ T6670] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[   27.782310][ T6670] vhci_hcd vhci_hcd.0: Device attached
[   27.789071][ T6670] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(20)
[   27.789107][ T6670] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[   27.789177][ T6670] vhci_hcd vhci_hcd.0: Device attached
[   27.792621][ T6670] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[   27.796510][ T6670] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[   27.798297][ T6670] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[   27.801482][ T6670] vhci_hcd vhci_hcd.0: port 0 already used
[   27.808720][ T6681] vhci_hcd: connection closed
[   27.808948][ T6673] vhci_hcd: connection closed
[   27.809642][   T42] vhci_hcd: stop threads
[   27.809753][   T42] vhci_hcd: release socket
[   27.809776][   T42] vhci_hcd: disconnect device
[   27.809920][ T6671] vhci_hcd: connection closed
[   27.810166][   T42] vhci_hcd: stop threads
[   27.810186][   T42] vhci_hcd: release socket
[   27.810202][   T42] vhci_hcd: disconnect device
[   27.810276][ T6676] vhci_hcd: connection closed
[   27.810437][   T42] vhci_hcd: stop threads
[   27.810452][   T42] vhci_hcd: release socket
[   27.810465][   T42] vhci_hcd: disconnect device
[   27.819466][ T2677] vhci_hcd: stop threads
[   27.819502][ T2677] vhci_hcd: release socket
[   27.819522][ T2677] vhci_hcd: disconnect device
[   27.821981][ T6679] vhci_hcd: connection closed
[   27.822100][ T2677] vhci_hcd: stop threads
[   27.822134][ T2677] vhci_hcd: release socket
[   27.822157][ T2677] vhci_hcd: disconnect device
[   27.833891][   T52] Bluetooth: hci4: command tx timeout
[   27.843750][   T52] Bluetooth: hci0: command tx timeout
[   27.843783][ T6532] Bluetooth: hci1: command tx timeout
[   27.843928][   T52] Bluetooth: hci2: command tx timeout
[   27.843952][ T6532] Bluetooth: hci3: command tx timeout
[   28.482832][    T9] cfg80211: failed to load regulatory.db
[   28.641615][ T6706] netlink: 12 bytes leftover after parsing attributes in process `syz.3.18'.
[   28.641685][ T6706] netlink: 12 bytes leftover after parsing attributes in process `syz.3.18'.
[   28.792816][ T6712] netlink: 'syz.3.21': attribute type 6 has an invalid length.
[   29.553303][ T6727] netlink: 4 bytes leftover after parsing attributes in process `syz.3.24'.
[   29.663748][ T6728] netlink: 4 bytes leftover after parsing attributes in process `syz.3.24'.
[   29.915852][ T6097] Bluetooth: hci3: command tx timeout
[   29.916024][ T6097] Bluetooth: hci2: command tx timeout
[   29.916199][ T6097] Bluetooth: hci0: command tx timeout
[   29.916348][ T6097] Bluetooth: hci1: command tx timeout
[   29.916498][ T6097] Bluetooth: hci4: command tx timeout
[   30.009593][ T6734] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   30.095067][ T6725] bridge0: port 3(veth0_to_team) entered blocking state
[   30.096629][ T6725] bridge0: port 3(veth0_to_team) entered disabled state
[   30.098089][ T6725] veth0_to_team: entered allmulticast mode
[   30.099743][ T6725] veth0_to_team: entered promiscuous mode
[   30.101260][ T6725] bridge0: port 3(veth0_to_team) entered blocking state
[   30.101350][ T6725] bridge0: port 3(veth0_to_team) entered forwarding state
[   30.204862][ T6749] netlink: 12 bytes leftover after parsing attributes in process `syz.1.34'.
[   30.288392][ T6753] syz.4.35 uses obsolete (PF_INET,SOCK_PACKET)
[   30.323481][    T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   30.625602][    T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   30.627523][    T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   30.629896][    T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[   30.631816][    T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   30.636392][    T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   30.638360][    T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   30.639965][    T9] usb 1-1: Product: syz
[   30.641009][    T9] usb 1-1: Manufacturer: syz
[   30.906413][    T9] cdc_wdm 1-1:1.0: skipping garbage
[   30.907694][    T9] cdc_wdm 1-1:1.0: skipping garbage
[   30.911827][    T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[   30.913178][    T9] cdc_wdm 1-1:1.0: Unknown control protocol
[   31.109413][ T6639] usb 1-1: USB disconnect, device number 2
[   31.188756][ T6771] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   31.192814][ T6771] netlink: 'syz.1.39': attribute type 4 has an invalid length.
[   31.311741][ T6772] Zero length message leads to an empty skb
[   31.667463][ T6784] loop4: detected capacity change from 0 to 128
[   31.671149][ T6784] =======================================================
[   31.671149][ T6784] WARNING: The mand mount option has been deprecated and
[   31.671149][ T6784]          and is ignored by this kernel. Remove the mand
[   31.671149][ T6784]          option from the mount to silence this warning.
[   31.671149][ T6784] =======================================================
[   31.803303][ T6639] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   31.968840][ T6639] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   31.970585][ T6639] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   31.972562][ T6639] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[   31.982991][ T6639] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   31.988462][ T6639] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   31.990254][ T6639] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   31.992031][ T6639] usb 1-1: Product: syz
[   31.993120][ T6639] usb 1-1: Manufacturer: syz
[   31.993731][ T6097] Bluetooth: hci1: command tx timeout
[   31.993782][ T6097] Bluetooth: hci0: command tx timeout
[   31.993807][ T6097] Bluetooth: hci2: command tx timeout
[   31.993829][ T6097] Bluetooth: hci3: command tx timeout
[   31.993924][   T52] Bluetooth: hci4: command tx timeout
[   32.011650][ T6639] cdc_wdm 1-1:1.0: skipping garbage
[   32.012962][ T6639] cdc_wdm 1-1:1.0: skipping garbage
[   32.015551][ T6639] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[   32.017839][ T6639] cdc_wdm 1-1:1.0: Unknown control protocol
[   32.110820][ T6800] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   32.115968][ T6800] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   32.146768][ T6804] syzkaller0: entered promiscuous mode
[   32.148319][ T6804] syzkaller0: entered allmulticast mode
[   32.339990][ T6808] netlink: 36 bytes leftover after parsing attributes in process `syz.3.55'.
[   32.808977][    C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[   32.809036][    C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[   32.810267][    C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[   32.810290][    C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[   32.811324][    C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[   32.811348][    C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[   32.812435][    C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[   32.812459][    C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[   32.813529][    C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[   32.813548][    C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[   32.813708][    C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[   32.813722][    C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[   32.813869][    C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[   32.813879][    C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[   32.814033][    C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[   32.814045][    C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[   32.814190][    C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[   32.814203][    C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[   32.814357][    C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[   32.814365][    C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[   32.825222][   T26] usb 1-1: USB disconnect, device number 3
[   32.825313][    C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[   33.333912][ T6833] mmap: syz.1.64 (6833) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   33.335986][ T6835] syzkaller0: entered promiscuous mode
[   33.336032][ T6835] syzkaller0: entered allmulticast mode
[   33.403582][ T6836] tipc: Started in network mode
[   33.403682][ T6836] tipc: Node identity 061ec195825f, cluster identity 4711
[   33.403869][ T6836] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   33.407270][ T6834] tipc: Resetting bearer <eth:syzkaller0>
[   33.925459][   T31] audit: type=1326 audit(33.690:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6838 comm="syz.0.66" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa9b5af28 code=0x7ffc0000
[   33.929146][   T31] audit: type=1326 audit(33.690:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6838 comm="syz.0.66" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa9b5af28 code=0x7ffc0000
[   34.084708][ T6544] Bluetooth: hci0: command tx timeout
[   34.084805][ T6544] Bluetooth: hci1: command tx timeout
[   34.091023][ T6097] Bluetooth: hci2: command tx timeout
[   34.099536][ T6532] Bluetooth: hci3: command tx timeout
[   34.111185][   T52] Bluetooth: hci4: command tx timeout
[   34.139192][ T6834] tipc: Disabling bearer <eth:syzkaller0>
[   34.177066][ T6849] netlink: 176 bytes leftover after parsing attributes in process `syz.4.68'.
[   34.347315][ T6861] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   34.348995][ T6861] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   34.359801][ T6861] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   34.359996][ T6861] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   34.379108][ T6867] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[   34.501795][ T6879] syzkaller0: entered promiscuous mode
[   34.502870][ T6879] syzkaller0: entered allmulticast mode
[   34.553481][ T6879] tipc: Started in network mode
[   34.553548][ T6879] tipc: Node identity de1641cfa353, cluster identity 4711
[   34.553789][ T6879] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   34.563535][ T6861] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   34.563747][ T6861] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   34.564436][ T6861] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   34.564587][ T6861] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   34.565090][ T6861] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   34.565226][ T6861] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   34.632795][ T6878] tipc: Resetting bearer <eth:syzkaller0>
[   34.704075][ T6878] tipc: Disabling bearer <eth:syzkaller0>
[   34.771234][ T6861] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   34.771441][ T6861] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   35.576908][ T6916] syzkaller0: entered promiscuous mode
[   35.578431][ T6916] syzkaller0: entered allmulticast mode
[   35.641672][ T6916] tipc: Started in network mode
[   35.644295][ T6916] tipc: Node identity 5ea57483fda, cluster identity 4711
[   35.649056][ T6916] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   35.657147][ T6914] tipc: Resetting bearer <eth:syzkaller0>
[   35.674756][ T6535] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   35.709179][ T6923] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   35.709414][ T6923] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   35.714782][ T6914] tipc: Disabling bearer <eth:syzkaller0>
[   35.747126][ T6927] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   35.749885][ T6927] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   35.809806][ T6933] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   35.809997][ T6933] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   35.838275][ T6535] usb 1-1: Using ep0 maxpacket: 16
[   35.840545][ T6535] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   35.840593][ T6535] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   35.840623][ T6535] usb 1-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[   35.840642][ T6535] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   35.848033][ T6535] usb 1-1: config 0 descriptor??
[   36.065473][ T6941] netlink: 4 bytes leftover after parsing attributes in process `syz.1.105'.
[   36.068702][ T6941] netlink: 24 bytes leftover after parsing attributes in process `syz.1.105'.
[   36.432471][ T6535] input: HID 05ac:8241 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:05AC:8241.0001/input/input2
[   36.501287][ T6535] appleir 0003:05AC:8241.0001: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.0-1/input0
[   37.824626][ T6977] ubi31: attaching mtd0
[   37.825243][ T6977] ubi31: scanning is finished
[   37.825283][ T6977] ubi31: empty MTD device detected
[   37.903780][ T6535] usb 1-1: reset high-speed USB device number 4 using dummy_hcd
[   37.935117][ T6977] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[   37.935182][ T6977] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[   37.935211][ T6977] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[   37.935227][ T6977] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[   37.935242][ T6977] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[   37.935256][ T6977] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[   37.935269][ T6977] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1768532752
[   37.935284][ T6977] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[   37.935479][ T6978] ubi: mtd0 is already attached to ubi31
[   37.947922][ T6985] ubi31: background thread "ubi_bgt31d" started, PID 6985
[   38.207217][ T6992] syz.1.119: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0
[   38.210765][ T6992] CPU: 0 UID: 0 PID: 6992 Comm: syz.1.119 Not tainted 6.16.0-rc7-syzkaller-g82af5ea7c611 #0 PREEMPT 
[   38.210790][ T6992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/18/2025
[   38.210801][ T6992] Call trace:
[   38.210807][ T6992]  show_stack+0x2c/0x3c (C)
[   38.210826][ T6992]  __dump_stack+0x30/0x40
[   38.210841][ T6992]  dump_stack_lvl+0xd8/0x12c
[   38.210853][ T6992]  dump_stack+0x1c/0x28
[   38.210864][ T6992]  warn_alloc+0x1f8/0x30c
[   38.210872][ T6992]  __vmalloc_node_range_noprof+0x114/0xf70
[   38.210882][ T6992]  vmalloc_user_noprof+0xf0/0x14c
[   38.210890][ T6992]  xskq_create+0xbc/0x168
[   38.210901][ T6992]  xsk_init_queue+0xb0/0x118
[   38.210910][ T6992]  xsk_setsockopt+0x39c/0x540
[   38.210919][ T6992]  do_sock_setsockopt+0x1ec/0x328
[   38.210929][ T6992]  __arm64_sys_setsockopt+0x170/0x1e0
[   38.210939][ T6992]  invoke_syscall+0x98/0x2b8
[   38.210945][ T6992]  el0_svc_common+0x130/0x23c
[   38.210950][ T6992]  do_el0_svc+0x48/0x58
[   38.210955][ T6992]  el0_svc+0x58/0x180
[   38.210961][ T6992]  el0t_64_sync_handler+0x84/0x12c
[   38.210968][ T6992]  el0t_64_sync+0x198/0x19c
[   38.235825][ T6992] Mem-Info:
[   38.235890][ T6992] active_anon:23 inactive_anon:13174 isolated_anon:0
[   38.235890][ T6992]  active_file:2296 inactive_file:4635 isolated_file:0
[   38.235890][ T6992]  unevictable:768 dirty:1652 writeback:0
[   38.235890][ T6992]  slab_reclaimable:9820 slab_unreclaimable:90062
[   38.235890][ T6992]  mapped:39689 shmem:9589 pagetables:1051
[   38.235890][ T6992]  sec_pagetables:0 bounce:0
[   38.235890][ T6992]  kernel_misc_reclaimable:0
[   38.235890][ T6992]  free:1423536 free_pcp:15739 free_cma:7360
[   38.244618][ T6992] Node 0 active_anon:92kB inactive_anon:52696kB active_file:9184kB inactive_file:18540kB unevictable:3072kB isolated(anon):0kB isolated(file):0kB mapped:158756kB dirty:6608kB writeback:0kB shmem:38356kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9976kB pagetables:4204kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[   38.244666][ T6992] Node 0 DMA free:3076864kB boost:0kB min:20856kB low:26068kB high:31280kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145728kB managed:3080192kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:29440kB
[   38.244714][ T6992] lowmem_reserve[]: 0 0 3494 3494 3494
[   38.244766][ T6992] Node 0 Normal free:2617280kB boost:0kB min:24196kB low:30244kB high:36292kB reserved_highatomic:0KB free_highatomic:0KB active_anon:92kB inactive_anon:52696kB active_file:9184kB inactive_file:18540kB unevictable:3072kB writepending:6608kB present:5242880kB managed:3577920kB mlocked:0kB bounce:0kB free_pcp:63248kB local_pcp:54808kB free_cma:0kB
[   38.244793][ T6992] lowmem_reserve[]: 0 0 0 0 0
[   38.244831][ T6992] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 1*256kB (C) 1*512kB (C) 0*1024kB 0*2048kB 751*4096kB (MC) = 3076864kB
[   38.244940][ T6992] Node 0 Normal: 1239*4kB (UME) 361*8kB (UME) 305*16kB (UM) 108*32kB (UME) 34*64kB (UME) 24*128kB (UME) 12*256kB (UME) 6*512kB (UM) 7*1024kB (UME) 5*2048kB (UME) 628*4096kB (UM) = 2617268kB
[   38.245081][ T6992] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[   38.245092][ T6992] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=32768kB
[   38.245103][ T6992] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[   38.245114][ T6992] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=64kB
[   38.245125][ T6992] 16516 total pagecache pages
[   38.245134][ T6992] 0 pages in swap cache
[   38.245143][ T6992] Free swap  = 124996kB
[   38.245152][ T6992] Total swap = 124996kB
[   38.245161][ T6992] 2097152 pages RAM
[   38.245170][ T6992] 0 pages HighMem/MovableOnly
[   38.245179][ T6992] 432624 pages reserved
[   38.245188][ T6992] 8192 pages cma reserved
[   38.245197][ T6992] 0 pages hwpoisoned
[   39.397494][ T1835] usb 1-1: USB disconnect, device number 4
[   39.681803][ T7020] warning: `syz.0.128' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   40.534777][ T7038] netlink: 44 bytes leftover after parsing attributes in process `syz.4.134'.
[   40.536652][ T7038] netlink: 4 bytes leftover after parsing attributes in process `syz.4.134'.
[   41.402183][ T7059] netlink: 228 bytes leftover after parsing attributes in process `syz.1.141'.
[   41.628069][ T7066] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[   42.171712][ T7078] lo speed is unknown, defaulting to 1000
[   42.171922][ T7078] lo speed is unknown, defaulting to 1000
[   42.173917][ T7078] lo speed is unknown, defaulting to 1000
[   42.177690][ T7078] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   42.183146][ T7078] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[   42.199820][ T7078] lo speed is unknown, defaulting to 1000
[   42.201577][ T7078] lo speed is unknown, defaulting to 1000
[   42.203993][ T7078] lo speed is unknown, defaulting to 1000
[   42.205667][ T7078] lo speed is unknown, defaulting to 1000
[   42.207650][ T7078] lo speed is unknown, defaulting to 1000
[   42.729132][ T7082] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input3
[   42.842897][ T7094] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   42.844700][ T7094] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   44.924215][   T26] IPVS: starting estimator thread 0...
[   44.946821][   T31] audit: type=1326 audit(44.710:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7110 comm="syz.0.157" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa9b5af28 code=0x7fc00000
[   45.013863][ T7123] IPVS: using max 55 ests per chain, 132000 per kthread
[   45.609468][ T7129] netlink: 228 bytes leftover after parsing attributes in process `syz.4.161'.
[   54.887865][ T7112] tipc: Started in network mode
[   54.887917][ T7112] tipc: Node identity 7f000001, cluster identity 4711
[   54.888373][ T7112] tipc: Enabled bearer <udp:syz2>, priority 10
[   54.908489][ T7149] lo speed is unknown, defaulting to 1000
[   55.039214][ T7161] tipc: Started in network mode
[   55.039266][ T7161] tipc: Node identity 965cb2e3f057, cluster identity 4711
[   55.039360][ T7161] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   55.040115][ T7161] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[   55.306838][ T7161] tipc: Resetting bearer <eth:syzkaller0>
[   55.453908][ T7160] tipc: Disabling bearer <eth:syzkaller0>
[   55.519413][ T7172] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   55.521046][ T7172] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   55.675267][ T7185] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   55.677133][ T7185] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   56.044100][    T9] tipc: Node number set to 2130706433
[   56.378324][ T7200] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   56.379239][ T7200] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[   56.415661][ T7200] tipc: Resetting bearer <eth:syzkaller0>
[   56.504565][ T7199] tipc: Disabling bearer <eth:syzkaller0>
[   56.537967][ T7207] netlink: 4 bytes leftover after parsing attributes in process `syz.1.184'.
[   56.538024][ T7207] netlink: 4 bytes leftover after parsing attributes in process `syz.1.184'.
[   56.538044][ T7207] netlink: 4 bytes leftover after parsing attributes in process `syz.1.184'.
[   56.538062][ T7207] netlink: 4 bytes leftover after parsing attributes in process `syz.1.184'.
[   56.538079][ T7207] netlink: 4 bytes leftover after parsing attributes in process `syz.1.184'.
[   56.538098][ T7207] netlink: 4 bytes leftover after parsing attributes in process `syz.1.184'.
[   56.538114][ T7207] netlink: 4 bytes leftover after parsing attributes in process `syz.1.184'.
[   56.538130][ T7207] netlink: 4 bytes leftover after parsing attributes in process `syz.1.184'.
[   56.538148][ T7207] netlink: 4 bytes leftover after parsing attributes in process `syz.1.184'.
[   56.538166][ T7207] netlink: 4 bytes leftover after parsing attributes in process `syz.1.184'.
[   57.149874][   T26] libceph: connect (1)[c::]:6789 error -101
[   57.151314][   T26] libceph: mon0 (1)[c::]:6789 connect error
[   57.405080][   T26] libceph: connect (1)[c::]:6789 error -101
[   57.405191][   T26] libceph: mon0 (1)[c::]:6789 connect error
[   57.480677][ T7225] netlink: 'syz.0.189': attribute type 10 has an invalid length.
[   57.489257][ T7225] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.498388][ T7225] bond0: (slave batadv0): Enslaving as an active interface with an up link
[   57.554088][ T7218] ceph: No mds server is up or the cluster is laggy
[   57.673405][ T6536] Bluetooth: hci4: command 0x0405 tx timeout
[   59.095396][ T7260] block device autoloading is deprecated and will be removed.
[   59.260802][ T6639] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[   59.349673][ T7260] lo speed is unknown, defaulting to 1000
[   59.379401][ T7264] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   59.380154][ T7264] syzkaller0: entered promiscuous mode
[   59.380176][ T7264] syzkaller0: entered allmulticast mode
[   59.430554][ T7264] tipc: Resetting bearer <eth:syzkaller0>
[   59.441059][ T7263] tipc: Resetting bearer <eth:syzkaller0>
[   59.443306][ T6639] usb 1-1: Using ep0 maxpacket: 8
[   59.445415][ T6639] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[   59.445447][ T6639] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[   59.445475][ T6639] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[   59.445493][ T6639] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   59.445517][ T6639] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   59.445534][ T6639] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   59.463013][ T6639] usbtmc 1-1:16.0: bulk endpoints not found
[   59.514575][ T7263] tipc: Disabling bearer <eth:syzkaller0>
[   59.753307][ T6536] Bluetooth: hci4: command 0x0405 tx timeout
[   59.768726][ T6535] usb 1-1: USB disconnect, device number 5
[   59.871461][ T7282] fuse: Bad value for 'fd'
[   59.944654][ T7272] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   59.945327][ T7272] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   59.993968][ T7286] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   59.994157][ T7286] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   60.242522][ T7290] ubi: mtd0 is already attached to ubi31
[   61.435722][ T6536] Bluetooth: hci4: Malformed HCI Event
[   61.583132][ T7316] fuse: Bad value for 'fd'
[   61.624430][ T7318] iommufd_mock iommufd_mock0: Adding to iommu group 0
[   61.806333][ T7321] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   61.811528][ T7321] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   61.833293][ T6536] Bluetooth: hci4: command 0x0405 tx timeout
[   62.021522][ T7323] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   62.022262][ T7323] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   62.493319][ T6639] usb 1-1: new full-speed USB device number 6 using dummy_hcd
[   62.645910][ T6639] usb 1-1: config 150 has an invalid interface number: 204 but max is 0
[   62.645958][ T6639] usb 1-1: config 150 has no interface number 0
[   62.645975][ T6639] usb 1-1: config 150 interface 204 has no altsetting 0
[   62.650755][ T6639] usb 1-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb
[   62.651020][ T6639] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   62.651053][ T6639] usb 1-1: Product: syz
[   62.651077][ T6639] usb 1-1: Manufacturer: syz
[   62.651093][ T6639] usb 1-1: SerialNumber: syz
[   63.039998][    C0] raw-gadget.2 gadget.0: ignoring, device is not running
[   63.040237][    C0] raw-gadget.2 gadget.0: ignoring, device is not running
[   63.047265][ T6639] usb 1-1: USB disconnect, device number 6
[   63.094094][ T7332] fuse: Bad value for 'fd'
[   63.957975][ T6639] IPVS: starting estimator thread 0...
[   64.055965][ T7348] IPVS: using max 67 ests per chain, 160800 per kthread
[   64.068920][ T7354] capability: warning: `syz.1.233' uses deprecated v2 capabilities in a way that may be insecure
[   64.146580][ T7358] __nla_validate_parse: 49 callbacks suppressed
[   64.146640][ T7358] netlink: 28 bytes leftover after parsing attributes in process `syz.2.234'.
[   64.146674][ T7358] netlink: 8 bytes leftover after parsing attributes in process `syz.2.234'.
[   64.169145][ T7358] bridge_slave_0: left allmulticast mode
[   64.169204][ T7358] bridge_slave_0: left promiscuous mode
[   64.169293][ T7358] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.172879][ T7358] bridge_slave_1: left allmulticast mode
[   64.172925][ T7358] bridge_slave_1: left promiscuous mode
[   64.173004][ T7358] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.190932][ T7358] bond0: (slave bond_slave_0): Releasing backup interface
[   64.455007][ T7367] fuse: Bad value for 'fd'
[   64.459118][ T7358] bond0: (slave bond_slave_1): Releasing backup interface
[   64.573973][ T7358] team0: Port device team_slave_0 removed
[   64.581274][ T7358] team0: Port device team_slave_1 removed
[   64.581345][ T7370] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   64.581535][ T7370] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   64.589653][ T7358] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   64.592773][ T7358] batman_adv: batadv0: Removing interface: batadv_slave_0
[   64.655047][ T7373] ubi: mtd0 is already attached to ubi31
[   64.729935][ T2405] ieee802154 phy0 wpan0: encryption failed: -22
[   64.730045][ T2405] ieee802154 phy1 wpan1: encryption failed: -22
[   64.843156][ T7358] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   64.843204][ T7358] batman_adv: batadv0: Removing interface: batadv_slave_1
[   64.898608][   T52] Bluetooth: hci3: connection err: -111
[   65.157173][ T7387] siw: device registration error -23
[   65.835420][ T7394] kernel profiling enabled (shift: 17)
[   66.048538][ T7400] random: crng reseeded on system resumption
[   66.147642][ T7400] loop2: detected capacity change from 0 to 32768
[   66.153915][ T7400] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.247 (7400)
[   66.167361][ T7400] BTRFS info (device loop2): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[   66.167486][ T7400] BTRFS info (device loop2): using crc32c (crc32c-arm64) checksum algorithm
[   66.167535][ T7400] BTRFS info (device loop2): using free-space-tree
[   66.210521][ T7417] fuse: Bad value for 'fd'
[   66.229843][ T6531] BTRFS info (device loop2): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[   66.330344][ T7423] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   66.333176][ T7423] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   66.926158][ T7431] netlink: 348 bytes leftover after parsing attributes in process `syz.2.252'.
[   67.868711][ T7456] binder: BINDER_SET_CONTEXT_MGR already set
[   67.868794][ T7456] binder: 7454:7456 ioctl 4018620d 20004a80 returned -16
[   67.869058][ T7456] binder: 7454:7456 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10)
[   67.869078][ T7456] binder: 7456 RLIMIT_NICE not set
[   68.480187][ T7471] siw: device registration error -23
[   68.910933][ T7488] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   68.911115][ T7488] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   68.991162][ T7491] ubi: mtd0 is already attached to ubi31
[   69.224190][ T6540] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[   69.377041][ T6540] usb 1-1: Using ep0 maxpacket: 8
[   69.381740][ T6540] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[   69.381795][ T6540] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[   69.381829][ T6540] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[   69.381851][ T6540] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   69.381878][ T6540] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   69.381897][ T6540] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   69.387405][ T6540] usbtmc 1-1:16.0: bulk endpoints not found
[   69.439422][ T7499] netlink: 356 bytes leftover after parsing attributes in process `syz.4.275'.
[   69.468679][ T7501] netlink: 12 bytes leftover after parsing attributes in process `syz.4.276'.
[   69.731884][ T7505] binder: BINDER_SET_CONTEXT_MGR already set
[   69.731922][ T7505] binder: 7504:7505 ioctl 4018620d 20004a80 returned -16
[   69.734988][ T7505] binder: 7504:7505 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10)
[   69.735037][ T7505] binder: 7505 RLIMIT_NICE not set
[   69.745122][ T6594] usb 1-1: USB disconnect, device number 7
[   70.672187][ T7523] netlink: 8 bytes leftover after parsing attributes in process `syz.4.282'.
[   70.812682][ T7533] netlink: 356 bytes leftover after parsing attributes in process `syz.4.286'.
[   71.370197][ T7543] loop0: detected capacity change from 0 to 256
[   71.375934][ T7543] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   71.376359][ T7543] exFAT-fs (loop0): Medium has reported failures. Some data may be lost.
[   71.383553][ T7543] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c1d22, utbl_chksum : 0xe619d30d)
[   72.093890][ T7553] binder: 7552:7553 IncRefs 0 refcount change on invalid ref 0 ret -22
[   72.098747][ T7553] binder: 7552:7553 got transaction to invalid handle, 1
[   72.101352][ T7553] binder: 7553:7552 cannot find target node
[   72.102555][ T7553] binder: 7552:7553 transaction call to 0:0 failed 5/29201/-22, code 0 size 0-0 line 3152
[   72.105924][ T7553] binder: 7552:7553 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10)
[   72.105968][ T7553] binder: 7553 RLIMIT_NICE not set
[   72.156734][ T7561] netlink: 'syz.3.295': attribute type 1 has an invalid length.
[   72.276668][ T7561] 8021q: adding VLAN 0 to HW filter on device bond1
[   72.317013][ T7566] bond1: (slave veth3): Enslaving as an active interface with a down link
[   72.319816][ T7561] 8021q: adding VLAN 0 to HW filter on device batadv1
[   72.319979][ T7561] bond1: (slave batadv1): dev_set_mac_address on slave failed! ALB mode requires that the base driver support setting the hw address also when the network device's interface is open
[   72.359670][ T7571] netlink: 356 bytes leftover after parsing attributes in process `syz.0.297'.
[   72.754000][ T7586] ubi: mtd0 is already attached to ubi31
[   72.940995][ T1835] binder: undelivered TRANSACTION_ERROR: 29201
[   73.444799][ T7604] netlink: 356 bytes leftover after parsing attributes in process `syz.3.308'.
[   73.651256][ T7613] lo speed is unknown, defaulting to 1000
[   73.653644][ T7613] lo speed is unknown, defaulting to 1000
[   73.654974][ T7613] lo speed is unknown, defaulting to 1000
[   73.786481][ T7613] infiniband s
z1: set active
[   73.786591][ T7613] infiniband s
z1: added lo
[   73.796080][ T1835] lo speed is unknown, defaulting to 1000
[   73.931400][ T7613] RDS/IB: s
z1: added
[   73.931845][ T7613] smc: adding ib device s
z1 with port count 1
[   73.931962][ T7613] smc:    ib device s
z1 port 1 has pnetid 
[   73.934564][ T7613] lo speed is unknown, defaulting to 1000
[   74.004658][ T7613] lo speed is unknown, defaulting to 1000
[   74.026656][ T6594] lo speed is unknown, defaulting to 1000
[   74.148970][ T7613] lo speed is unknown, defaulting to 1000
[   74.212153][ T7624] dlm: no local IP address has been set
[   74.212358][ T7624] dlm: cannot start dlm midcomms -107
[   74.386923][ T7620] syzkaller0: entered promiscuous mode
[   74.389932][ T7620] syzkaller0: entered allmulticast mode
[   74.519154][ T7629] netlink: 28 bytes leftover after parsing attributes in process `syz.1.315'.
[   74.519204][ T7629] netlink: 8 bytes leftover after parsing attributes in process `syz.1.315'.
[   74.555896][ T7613] lo speed is unknown, defaulting to 1000
[   74.561688][ T7629] bridge_slave_0: left allmulticast mode
[   74.562869][ T7629] bridge_slave_0: left promiscuous mode
[   74.565297][ T7629] bridge0: port 1(bridge_slave_0) entered disabled state
[   74.592248][ T7629] bridge_slave_1: left allmulticast mode
[   74.593343][ T7629] bridge_slave_1: left promiscuous mode
[   74.593497][ T7629] bridge0: port 2(bridge_slave_1) entered disabled state
[   74.597383][ T7629] bond0: (slave bond_slave_0): Releasing backup interface
[   74.629326][ T7629] bond0: (slave bond_slave_1): Releasing backup interface
[   74.660614][ T7629] veth0_to_team: left allmulticast mode
[   74.661781][ T7629] veth0_to_team: left promiscuous mode
[   74.663147][ T7629] bridge0: port 3(veth0_to_team) entered disabled state
[   74.670893][ T7629] team0: Port device team_slave_0 removed
[   74.674286][ T7629] team0: Port device team_slave_1 removed
[   74.675987][ T7629] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   74.677470][ T7629] batman_adv: batadv0: Removing interface: batadv_slave_0
[   74.680095][ T7629] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   74.681479][ T7629] batman_adv: batadv0: Removing interface: batadv_slave_1
[   74.706652][ T7613] lo speed is unknown, defaulting to 1000
[   75.107528][ T7641] netlink: 356 bytes leftover after parsing attributes in process `syz.3.320'.
[   75.691060][ T7658] syzkaller0: entered promiscuous mode
[   75.692126][ T7658] syzkaller0: entered allmulticast mode
[   76.186829][ T7668] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   76.187023][ T7668] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   76.196391][ T7673] loop4: detected capacity change from 0 to 40427
[   76.207627][ T7673] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[   76.207735][ T7673] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[   76.225327][ T7673] F2FS-fs (loop4): invalid crc value
[   76.284267][ T7673] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[   76.284373][ T7673] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   76.311307][ T7684] netlink: 356 bytes leftover after parsing attributes in process `syz.0.332'.
[   76.386855][ T7687] dlm: no local IP address has been set
[   76.386926][ T7687] dlm: cannot start dlm midcomms -107
[   76.603134][ T7690] loop0: detected capacity change from 0 to 16
[   76.623166][ T7690] erofs (device loop0): EXPERIMENTAL EROFS subpage compressed block support in use. Use at your own risk!
[   76.626635][ T7690] erofs (device loop0): mounted with root inode @ nid 36.
[   76.992203][ T7706] 8021q: adding VLAN 0 to HW filter on device bond0
[   76.995538][ T7706] bond0: (slave rose0): Enslaving as an active interface with an up link
[   77.097824][ T7715] netlink: 28 bytes leftover after parsing attributes in process `syz.3.342'.
[   77.100681][ T7715] netlink: 8 bytes leftover after parsing attributes in process `syz.3.342'.
[   77.167537][ T7727] netlink: 356 bytes leftover after parsing attributes in process `syz.3.343'.
[   77.855072][ T7775] loop2: detected capacity change from 0 to 4096
[   78.010873][ T7775] ntfs3(loop2): ino=1a, mi_enum_attr
[   78.011025][ T7775] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[   78.133998][ T7789] dlm: no local IP address has been set
[   78.134082][ T7789] dlm: cannot start dlm midcomms -107
[   78.269406][ T7787] netlink: 356 bytes leftover after parsing attributes in process `syz.4.354'.
[   78.331200][ T7797] netlink: 28 bytes leftover after parsing attributes in process `syz.3.357'.
[   78.867855][ T7808] iommufd_mock iommufd_mock0: Adding to iommu group 0
[   79.141836][ T7822] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[   79.214219][ T7806] ceph: No mds server is up or the cluster is laggy
[   79.310366][ T7829] netlink: 'syz.3.366': attribute type 63 has an invalid length.
[   80.044478][ T7848] loop4: detected capacity change from 0 to 64
[   80.050189][ T7848] MINIX-fs: mounting unchecked file system, running fsck is recommended
[   80.919425][ T7859] dlm: no local IP address has been set
[   80.919555][ T7859] dlm: cannot start dlm midcomms -107
[   81.295749][ T7866] netlink: 28 bytes leftover after parsing attributes in process `syz.1.376'.
[   81.494534][ T6540] libceph: connect (1)[c::]:6789 error -101
[   81.496061][ T6540] libceph: mon0 (1)[c::]:6789 connect error
[   81.755951][ T6540] libceph: connect (1)[c::]:6789 error -101
[   81.757267][ T6540] libceph: mon0 (1)[c::]:6789 connect error
[   81.805274][ T7878] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   81.809641][ T7878] tipc: Resetting bearer <eth:syzkaller0>
[   81.915093][ T7875] tipc: Disabling bearer <eth:syzkaller0>
[   81.923036][ T7885] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[   81.965181][ T7893] netlink: 4 bytes leftover after parsing attributes in process `syz.3.384'.
[   82.115252][ T7871] ceph: No mds server is up or the cluster is laggy
[   82.355778][ T7911] dlm: no local IP address has been set
[   82.355856][ T7911] dlm: cannot start dlm midcomms -107
[   82.805426][ T7919] netlink: 356 bytes leftover after parsing attributes in process `syz.2.394'.
[   82.836605][ T7921] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   82.838329][ T7921] tipc: Resetting bearer <eth:syzkaller0>
[   82.848713][ T7923] netlink: 4 bytes leftover after parsing attributes in process `syz.2.396'.
[   82.954030][ T7920] tipc: Disabling bearer <eth:syzkaller0>
[   83.285390][ T7935] netlink: 28 bytes leftover after parsing attributes in process `syz.1.400'.
[   83.715793][ T6540] libceph: connect (1)[c::]:6789 error -101
[   83.715906][ T6540] libceph: mon0 (1)[c::]:6789 connect error
[   83.739579][ T7948] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[   83.974074][ T6109] libceph: connect (1)[c::]:6789 error -101
[   83.974198][ T6109] libceph: mon0 (1)[c::]:6789 connect error
[   84.132984][ T7955] loop0: detected capacity change from 0 to 32768
[   84.153973][ T7943] ceph: No mds server is up or the cluster is laggy
[   84.223121][ T7957] netlink: 356 bytes leftover after parsing attributes in process `syz.3.406'.
[   84.337796][ T7970] netlink: 4 bytes leftover after parsing attributes in process `syz.4.411'.
[   84.364707][ T7972] fuse: Bad value for 'fd'
[   84.428104][ T7973] dlm: no local IP address has been set
[   84.428174][ T7973] dlm: cannot start dlm midcomms -107
[   84.752904][ T7986] netlink: 28 bytes leftover after parsing attributes in process `syz.1.418'.
[   84.802796][ T7991] netlink: 356 bytes leftover after parsing attributes in process `syz.0.420'.
[   85.248619][ T1835] libceph: connect (1)[c::]:6789 error -101
[   85.250596][ T1835] libceph: mon0 (1)[c::]:6789 connect error
[   85.277545][ T7990] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[   85.573599][ T8002] bond0: (slave batadv0): Releasing backup interface
[   85.589406][ T7994] ceph: No mds server is up or the cluster is laggy
[   85.617222][ T8002] bridge_slave_0: left allmulticast mode
[   85.617275][ T8002] bridge_slave_0: left promiscuous mode
[   85.617928][ T8002] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.632991][ T8002] bridge_slave_1: left allmulticast mode
[   85.633034][ T8002] bridge_slave_1: left promiscuous mode
[   85.637357][ T8002] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.640887][ T8002] bond0: (slave bond_slave_0): Releasing backup interface
[   85.679437][ T8002] bond0: (slave bond_slave_1): Releasing backup interface
[   85.754352][ T8017] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   85.758836][ T8017] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   85.771541][ T8002] team0: Port device team_slave_0 removed
[   85.782566][ T8002] team0: Port device team_slave_1 removed
[   85.785205][ T8002] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   85.785248][ T8002] batman_adv: batadv0: Removing interface: batadv_slave_0
[   85.789089][ T8002] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   85.791126][ T8002] batman_adv: batadv0: Removing interface: batadv_slave_1
[   85.931601][ T8024] netlink: 'syz.0.430': attribute type 10 has an invalid length.
[   85.935418][ T8024] netlink: 40 bytes leftover after parsing attributes in process `syz.0.430'.
[   85.981547][ T8024] team0: Port device geneve0 added
[   86.038214][ T8026] loop0: detected capacity change from 0 to 1024
[   86.098357][   T12] hfsplus: b-tree write err: -5, ino 4
[   86.352821][ T8033] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[   86.453374][ T6540] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[   86.610548][ T8043] __nla_validate_parse: 1 callbacks suppressed
[   86.611856][ T8043] netlink: 4 bytes leftover after parsing attributes in process `syz.3.439'.
[   86.615002][ T6540] usb 1-1: Using ep0 maxpacket: 32
[   86.618253][ T6540] usb 1-1: config 0 has an invalid interface number: 67 but max is 0
[   86.618298][ T6540] usb 1-1: config 0 has no interface number 0
[   86.622637][ T6540] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[   86.622677][ T6540] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   86.622705][ T6540] usb 1-1: Product: syz
[   86.622723][ T6540] usb 1-1: Manufacturer: syz
[   86.622739][ T6540] usb 1-1: SerialNumber: syz
[   86.634977][ T6540] usb 1-1: config 0 descriptor??
[   86.657415][ T6540] smsc95xx v2.0.0
[   86.968802][   T31] audit: type=1326 audit(86.690:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8040 comm="syz.2.437" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff8095af28 code=0x0
[   86.978780][ T8049] fuse: Bad value for 'fd'
[   87.050686][ T8053] loop2: detected capacity change from 0 to 16
[   87.070183][ T8053] erofs (device loop2): mounted with root inode @ nid 36.
[   87.076345][ T8043] bond0: (slave bond_slave_1): Releasing backup interface
[   87.360576][ T6540] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[   87.360625][ T6540] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[   87.396323][ T8058] netlink: 356 bytes leftover after parsing attributes in process `syz.1.443'.
[   87.571614][ T8065] syz.2.442: attempt to access beyond end of device
[   87.571614][ T8065] loop2: rw=0, sector=1152, nr_sectors = 257 limit=16
[   87.571929][ T8065] erofs (device loop2): read error -5 @ 0 of nid 36
[   88.168334][ T8090] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[   88.196183][ T6540] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[   88.198290][ T6540] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -71
[   88.201022][ T8089] loop4: detected capacity change from 0 to 32768
[   88.204511][ T6540] usb 1-1: USB disconnect, device number 8
[   88.227625][ T8089] ocfs2: Mounting device (7,4) on (node local, slot 0) with writeback data mode.
[   88.241790][ T8089] OCFS2: ERROR (device loop4): int ocfs2_validate_gd_self(struct super_block *, struct buffer_head *, int): Group descriptor #32 has an invalid bg_blkno of 3298534883360
[   88.253487][ T8089] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[   88.254207][ T8089] OCFS2: File system is now read-only.
[   88.254248][ T8089] (syz.4.452,8089,1):ocfs2_trim_mainbm:7630 ERROR: status = -30
[   88.273817][ T6537] ocfs2: Unmounting device (7,4) on (node local)
[   88.288117][ T8096] netlink: 356 bytes leftover after parsing attributes in process `syz.4.454'.
[   88.307226][ T8098] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   88.307538][ T8098] syzkaller0: entered promiscuous mode
[   88.307558][ T8098] syzkaller0: entered allmulticast mode
[   88.312770][ T8098] tipc: Resetting bearer <eth:syzkaller0>
[   88.360705][ T8097] tipc: Resetting bearer <eth:syzkaller0>
[   88.395322][ T8097] tipc: Disabling bearer <eth:syzkaller0>
[   88.600048][ T8127] netlink: 20 bytes leftover after parsing attributes in process `syz.1.469'.
[   89.345752][ T8144] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   89.355523][ T8147] syzkaller0: entered promiscuous mode
[   89.355585][ T8147] syzkaller0: entered allmulticast mode
[   89.369336][ T8156] tipc: Resetting bearer <eth:syzkaller0>
[   89.384653][ T8139] tipc: Resetting bearer <eth:syzkaller0>
[   89.417354][ T8139] tipc: Disabling bearer <eth:syzkaller0>
[   89.823352][   T26] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[   90.003916][   T26] usb 1-1: Using ep0 maxpacket: 8
[   90.057178][ T8194] block device autoloading is deprecated and will be removed.
[   90.080208][ T8194] loop4: detected capacity change from 0 to 8
[   90.173904][ T8194] Page size > filesystem block size (0).  This is currently not supported!
[   90.241308][ T8192] loop1: detected capacity change from 0 to 512
[   90.244145][ T8192] EXT4-fs: Ignoring removed bh option
[   90.245770][   T26] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[   90.246910][ T8192] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[   90.248627][   T26] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   90.250521][   T26] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   90.252343][   T26] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   90.254139][   T26] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   90.256507][   T26] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[   90.257416][ T8192] EXT4-fs (loop1): 1 truncate cleaned up
[   90.258317][ T8192] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   90.312465][   T26] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   90.596931][   T26] usb 1-1: usb_control_msg returned -32
[   90.597000][   T26] usbtmc 1-1:16.0: can't read capabilities
[   90.811183][ T8206] netlink: 28 bytes leftover after parsing attributes in process `syz.4.488'.
[   90.811238][ T8206] netlink: 8 bytes leftover after parsing attributes in process `syz.4.488'.
[   90.840539][ T8206] bridge_slave_0: left allmulticast mode
[   90.840600][ T8206] bridge_slave_0: left promiscuous mode
[   90.840959][ T8206] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.845151][ T8206] bridge_slave_1: left allmulticast mode
[   90.845176][ T8206] bridge_slave_1: left promiscuous mode
[   90.845237][ T8206] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.848651][ T8206] bond0: (slave bond_slave_0): Releasing backup interface
[   90.850593][ T6530] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   90.882475][ T8206] bond0: (slave bond_slave_1): Releasing backup interface
[   90.913504][ T8206] team0: Port device team_slave_0 removed
[   90.919306][ T8206] team0: Port device team_slave_1 removed
[   90.920846][ T8206] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   90.922320][ T8206] batman_adv: batadv0: Removing interface: batadv_slave_0
[   90.924301][ T8206] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   90.924340][ T8206] batman_adv: batadv0: Removing interface: batadv_slave_1
[   90.960433][ T8209] usbtmc 1-1:16.0: stb usb_control_msg returned -32
[   90.961775][   T26] usb 1-1: USB disconnect, device number 9
[   91.189214][ T8226] netlink: 24 bytes leftover after parsing attributes in process `syz.1.498'.
[   91.296986][ T8233] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   91.297181][ T8233] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   91.327804][ T8233] lo speed is unknown, defaulting to 1000
[   91.332232][ T8233] lo speed is unknown, defaulting to 1000
[   91.481233][ T8246] netlink: 'syz.1.505': attribute type 10 has an invalid length.
[   91.481282][ T8246] netlink: 40 bytes leftover after parsing attributes in process `syz.1.505'.
[   91.541420][ T8246] team0: Port device geneve0 added
[   91.562032][ T8251] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   91.562451][ T8245] syzkaller0: entered promiscuous mode
[   91.562495][ T8245] syzkaller0: entered allmulticast mode
[   91.600236][ T8252] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[   91.610238][ T8245] tipc: Resetting bearer <eth:syzkaller0>
[   91.617817][ T8241] tipc: Resetting bearer <eth:syzkaller0>
[   91.683771][ T8241] tipc: Disabling bearer <eth:syzkaller0>
[   91.760416][ T8260] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   91.760826][ T8260] syzkaller0: entered promiscuous mode
[   91.760847][ T8260] syzkaller0: entered allmulticast mode
[   91.763119][ T8260] tipc: Resetting bearer <eth:syzkaller0>
[   91.770050][ T8259] tipc: Resetting bearer <eth:syzkaller0>
[   91.815491][ T8259] tipc: Disabling bearer <eth:syzkaller0>
[   92.016334][ T8278] loop2: detected capacity change from 0 to 732
[   92.229031][ T8279] trusted_key: syz.3.513 sent an empty control message without MSG_MORE.
[   92.330952][ T8283] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[   92.421444][ T8301] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   92.421803][ T8301] syzkaller0: entered promiscuous mode
[   92.421826][ T8301] syzkaller0: entered allmulticast mode
[   92.429048][ T8301] tipc: Resetting bearer <eth:syzkaller0>
[   92.431996][ T8299] tipc: Resetting bearer <eth:syzkaller0>
[   92.455069][ T8299] tipc: Disabling bearer <eth:syzkaller0>
[   92.499564][ T8309] loop2: detected capacity change from 0 to 128
[   92.511396][ T8309] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   92.542270][ T6531] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   92.751657][ T8326] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[   92.756324][ T8332] loop2: detected capacity change from 0 to 4096
[   92.766945][ T8335] netlink: 28 bytes leftover after parsing attributes in process `syz.4.536'.
[   92.768511][ T8335] netlink: 8 bytes leftover after parsing attributes in process `syz.4.536'.
[   92.790249][ T8332] NILFS (loop2): invalid segment: Checksum error in segment payload
[   92.790391][ T8332] NILFS (loop2): trying rollback from an earlier position
[   92.821874][ T8332] NILFS (loop2): recovery complete
[   92.829536][ T8340] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   93.528334][ T8349] netlink: 'syz.1.540': attribute type 10 has an invalid length.
[   93.529971][ T8349] netlink: 40 bytes leftover after parsing attributes in process `syz.1.540'.
[   93.689719][ T8361] netlink: 24 bytes leftover after parsing attributes in process `syz.0.545'.
[   94.221108][ T8369] netlink: 28 bytes leftover after parsing attributes in process `syz.2.548'.
[   94.222734][ T8369] netlink: 8 bytes leftover after parsing attributes in process `syz.2.548'.
[   94.265146][ T8374] binder: 8373:8374 ioctl 4018620d 0 returned -22
[   94.266731][ T8374] binder: 8373:8374 IncRefs 0 refcount change on invalid ref 0 ret -22
[   94.269032][ T8374] binder: 8373:8374 got transaction to invalid handle, 1
[   94.270262][ T8374] binder: 8374:8373 cannot find target node
[   94.271229][ T8374] binder: 8373:8374 transaction call to 0:0 failed 11/29201/-22, code 0 size 0-0 line 3152
[   94.273111][ T8374] binder: 8373:8374 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10)
[   94.275213][ T8374] binder: 8374 RLIMIT_NICE not set
[   94.280114][ T8376] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   94.281875][ T8376] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   94.292859][ T8365] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[   95.338881][ T6535] binder: undelivered TRANSACTION_ERROR: 29201
[   95.400975][ T8403] netlink: 24 bytes leftover after parsing attributes in process `syz.0.559'.
[   95.687668][ T8415] loop2: detected capacity change from 0 to 40427
[   95.749367][ T8419] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[   95.942462][ T8415] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   96.038114][ T8439] binder: 8438:8439 ioctl 4018620d 0 returned -22
[   96.040798][ T8439] binder: 8438:8439 IncRefs 0 refcount change on invalid ref 0 ret -22
[   96.045775][ T8439] binder: 8438:8439 got transaction to invalid handle, 1
[   96.048616][ T8439] binder: 8439:8438 cannot find target node
[   96.048663][ T8439] binder: 8438:8439 transaction call to 0:0 failed 14/29201/-22, code 0 size 0-0 line 3152
[   96.287059][ T8439] binder: 8438:8439 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10)
[   96.293827][ T8439] binder: 8439 RLIMIT_NICE not set
[   96.470847][ T6531] syz-executor: attempt to access beyond end of device
[   96.470847][ T6531] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   96.471812][ T6531] CPU: 1 UID: 0 PID: 6531 Comm: syz-executor Not tainted 6.16.0-rc7-syzkaller-g82af5ea7c611 #0 PREEMPT 
[   96.471827][ T6531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/18/2025
[   96.471833][ T6531] Call trace:
[   96.471837][ T6531]  show_stack+0x2c/0x3c (C)
[   96.471851][ T6531]  __dump_stack+0x30/0x40
[   96.471861][ T6531]  dump_stack_lvl+0xd8/0x12c
[   96.471868][ T6531]  dump_stack+0x1c/0x28
[   96.471875][ T6531]  f2fs_handle_critical_error+0x34c/0x4b8
[   96.471883][ T6531]  f2fs_stop_checkpoint+0x5c/0x70
[   96.471889][ T6531]  f2fs_write_end_io+0x58c/0x818
[   96.471895][ T6531]  bio_endio+0x804/0x840
[   96.471901][ T6531]  submit_bio_noacct+0x158/0x176c
[   96.471908][ T6531]  submit_bio+0x354/0x4d4
[   96.471914][ T6531]  f2fs_submit_write_bio+0x13c/0x324
[   96.471920][ T6531]  __submit_merged_bio+0x254/0x704
[   96.471925][ T6531]  __submit_merged_write_cond+0x23c/0x4ac
[   96.471930][ T6531]  f2fs_write_data_pages+0x1d28/0x2634
[   96.471936][ T6531]  do_writepages+0x270/0x468
[   96.471943][ T6531]  filemap_fdatawrite+0x144/0x1e8
[   96.471948][ T6531]  f2fs_sync_dirty_inodes+0x2b8/0x788
[   96.471955][ T6531]  f2fs_write_checkpoint+0x684/0x1694
[   96.471961][ T6531]  kill_f2fs_super+0x21c/0x584
[   96.471967][ T6531]  deactivate_locked_super+0xc4/0x12c
[   96.471972][ T6531]  deactivate_super+0xe0/0x100
[   96.471977][ T6531]  cleanup_mnt+0x31c/0x3ac
[   96.471982][ T6531]  __cleanup_mnt+0x20/0x30
[   96.471988][ T6531]  task_work_run+0x1dc/0x260
[   96.471993][ T6531]  do_notify_resume+0x174/0x1f4
[   96.471999][ T6531]  el0_svc+0xb8/0x180
[   96.472005][ T6531]  el0t_64_sync_handler+0x84/0x12c
[   96.472010][ T6531]  el0t_64_sync+0x198/0x19c
[   96.472018][ T6531] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[   96.751393][ T8461] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   96.752805][ T8461] syzkaller0: entered promiscuous mode
[   96.752848][ T8461] syzkaller0: entered allmulticast mode
[   96.767055][ T8461] tipc: Resetting bearer <eth:syzkaller0>
[   96.771953][ T8460] tipc: Resetting bearer <eth:syzkaller0>
[   96.814636][ T8460] tipc: Disabling bearer <eth:syzkaller0>
[   96.867828][   T26] binder: undelivered TRANSACTION_ERROR: 29201
[   97.014998][ T8471] netlink: 28 bytes leftover after parsing attributes in process `syz.4.579'.
[   97.015057][ T8471] netlink: 8 bytes leftover after parsing attributes in process `syz.4.579'.
[   97.051081][ T8463] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[   97.418650][ T8476] loop2: detected capacity change from 0 to 32768
[   97.424328][ T8476] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.580 (8476)
[   97.430844][ T8476] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   97.430918][ T8476] BTRFS info (device loop2): using crc32c (crc32c-arm64) checksum algorithm
[   97.430951][ T8476] BTRFS info (device loop2): using free-space-tree
[   97.540483][ T6531] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   97.643992][ T8512] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   97.644317][ T8512] syzkaller0: entered promiscuous mode
[   97.644337][ T8512] syzkaller0: entered allmulticast mode
[   97.646788][ T8512] tipc: Resetting bearer <eth:syzkaller0>
[   97.648635][ T8511] tipc: Resetting bearer <eth:syzkaller0>
[   97.694494][ T8511] tipc: Disabling bearer <eth:syzkaller0>
[   97.699171][ T8514] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[   97.789478][ T8517] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[   97.817945][ T8523] netlink: 28 bytes leftover after parsing attributes in process `syz.2.591'.
[   97.818004][ T8523] netlink: 8 bytes leftover after parsing attributes in process `syz.2.591'.
[   98.792477][ T8545] netlink: 12 bytes leftover after parsing attributes in process `syz.0.599'.
[   98.834632][ T8545] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[   98.834725][ T8545] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[   98.834760][ T8545] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[   98.834781][ T8545] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[   98.835876][ T8545] bond2: (slave geneve2): Enslaving as an active interface with an up link
[   99.071717][ T8560] netlink: 356 bytes leftover after parsing attributes in process `syz.2.604'.
[   99.110786][ T8553] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[   99.159536][ T8572] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[   99.384727][ T8582] binder: 8580:8582 ioctl 4018620d 0 returned -22
[   99.547562][ T8584] dlm: no local IP address has been set
[   99.547660][ T8584] dlm: cannot start dlm midcomms -107
[  100.214078][ T8598] netlink: 356 bytes leftover after parsing attributes in process `syz.1.617'.
[  100.405692][ T8612] 9pnet_virtio: no channels available for device 
[  100.635072][ T8603] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  100.650865][ T8619] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  100.654595][ T8619] syzkaller0: entered promiscuous mode
[  100.657876][ T8619] syzkaller0: entered allmulticast mode
[  100.670453][ T8622] netlink: 24 bytes leftover after parsing attributes in process `syz.0.624'.
[  100.681242][ T8619] tipc: Resetting bearer <eth:syzkaller0>
[  100.682424][ T8618] tipc: Resetting bearer <eth:syzkaller0>
[  101.108200][ T8618] tipc: Disabling bearer <eth:syzkaller0>
[  101.131741][ T8627] netlink: 28 bytes leftover after parsing attributes in process `syz.0.626'.
[  101.131800][ T8627] netlink: 8 bytes leftover after parsing attributes in process `syz.0.626'.
[  101.218749][ T8627] team0: Port device geneve0 removed
[  101.220949][ T8627] bond2: (slave geneve2): Releasing backup interface
[  101.264366][ T8627] netdevsim netdevsim0 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0
[  101.264424][ T8627] netdevsim netdevsim0 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0
[  101.264456][ T8627] netdevsim netdevsim0 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0
[  101.264479][ T8627] netdevsim netdevsim0 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0
[  101.294212][ T8637] netlink: 356 bytes leftover after parsing attributes in process `syz.3.629'.
[  101.344919][ T8641] binder: 8638:8641 ioctl 4018620d 0 returned -22
[  101.565350][ T8647] dlm: no local IP address has been set
[  101.565385][ T8647] dlm: cannot start dlm midcomms -107
[  101.850269][ T8657] netlink: 24 bytes leftover after parsing attributes in process `syz.4.635'.
[  101.869612][ T8653] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  102.472097][ T8691] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  102.594572][ T8688] tipc: Disabling bearer <eth:syzkaller0>
[  102.792226][ T8705] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  102.792586][ T8705] syzkaller0: entered promiscuous mode
[  102.792608][ T8705] syzkaller0: entered allmulticast mode
[  102.797444][ T8705] tipc: Resetting bearer <eth:syzkaller0>
[  102.798596][ T8704] tipc: Resetting bearer <eth:syzkaller0>
[  102.850974][ T8704] tipc: Disabling bearer <eth:syzkaller0>
[  102.862845][ T8707] netlink: 'syz.2.654': attribute type 10 has an invalid length.
[  102.862887][ T8707] __nla_validate_parse: 4 callbacks suppressed
[  102.863399][ T8707] netlink: 40 bytes leftover after parsing attributes in process `syz.2.654'.
[  102.967123][ T8707] team0: Port device geneve0 added
[  103.196925][ T8717] dlm: no local IP address has been set
[  103.197006][ T8717] dlm: cannot start dlm midcomms -107
[  103.321027][ T8719] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  103.434887][ T8718] tipc: Disabling bearer <eth:syzkaller0>
[  103.626229][ T8729] netlink: 356 bytes leftover after parsing attributes in process `syz.3.663'.
[  103.723388][ T8736] loop3: detected capacity change from 0 to 1024
[  104.286406][ T8744] loop4: detected capacity change from 0 to 512
[  104.292371][ T8744] EXT4-fs (loop4): Using encoding defined by superblock: utf8-12.1.0 with flags 0x0
[  104.295484][ T8744] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  104.295532][ T8744] EXT4-fs (loop4): Couldn't mount because of unsupported optional features (fffc1829)
[  104.295554][ T8744] EXT4-fs (loop4): couldn't mount as ext3 due to feature incompatibilities
[  104.297035][ T8742] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  104.297345][ T8742] syzkaller0: entered promiscuous mode
[  104.297366][ T8742] syzkaller0: entered allmulticast mode
[  104.655605][ T8742] tipc: Resetting bearer <eth:syzkaller0>
[  104.680797][ T8741] tipc: Resetting bearer <eth:syzkaller0>
[  104.725118][ T8741] tipc: Disabling bearer <eth:syzkaller0>
[  104.771524][ T8760] netlink: 356 bytes leftover after parsing attributes in process `syz.1.674'.
[  104.826844][ T8763] netlink: 24 bytes leftover after parsing attributes in process `syz.1.675'.
[  105.118218][ T8770] dlm: no local IP address has been set
[  105.118262][ T8770] dlm: cannot start dlm midcomms -107
[  105.255697][ T8773] loop1: detected capacity change from 0 to 32768
[  105.257323][ T8773] BTRFS: device fsid 59b5568a-a427-4554-b73a-27dcd238cc5a devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.678 (8773)
[  105.267917][ T8773] BTRFS info (device loop1): first mount of filesystem 59b5568a-a427-4554-b73a-27dcd238cc5a
[  105.267987][ T8773] BTRFS info (device loop1): using crc32c (crc32c-arm64) checksum algorithm
[  105.268030][ T8773] BTRFS info (device loop1): using free-space-tree
[  105.312885][ T8788] netlink: 4 bytes leftover after parsing attributes in process `syz.2.679'.
[  105.346180][ T6530] BTRFS info (device loop1): last unmount of filesystem 59b5568a-a427-4554-b73a-27dcd238cc5a
[  105.947616][ T8808] netlink: 356 bytes leftover after parsing attributes in process `syz.0.685'.
[  105.989090][ T8813] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  105.992220][ T8813] syzkaller0: entered promiscuous mode
[  105.994006][ T8813] syzkaller0: entered allmulticast mode
[  105.995533][ T8817] fuse: Unknown parameter 'group_i00000000000000000000'
[  106.081663][ T8821] tipc: Resetting bearer <eth:syzkaller0>
[  106.085642][ T8812] tipc: Resetting bearer <eth:syzkaller0>
[  106.105600][ T8823] netlink: 28 bytes leftover after parsing attributes in process `syz.4.690'.
[  106.105650][ T8823] netlink: 8 bytes leftover after parsing attributes in process `syz.4.690'.
[  106.144096][ T8812] tipc: Disabling bearer <eth:syzkaller0>
[  106.545594][ T8837] dlm: no local IP address has been set
[  106.545747][ T8837] dlm: cannot start dlm midcomms -107
[  106.833427][ T8845] netlink: 356 bytes leftover after parsing attributes in process `syz.3.697'.
[  106.943631][ T8850] fuse: Unknown parameter 'group_i00000000000000000000'
[  107.122238][ T8855] netlink: 28 bytes leftover after parsing attributes in process `syz.4.701'.
[  107.149765][ T8856] serio: Serial port ptm0
[  107.602370][ T8871] loop0: detected capacity change from 0 to 256
[  107.624339][ T8871] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[  107.668287][ T8875] loop3: detected capacity change from 0 to 256
[  107.672428][ T8875] exfat: Deprecated parameter 'namecase'
[  107.672499][ T8875] exfat: Deprecated parameter 'namecase'
[  107.672521][ T8875] exfat: Deprecated parameter 'utf8'
[  107.683957][ T8875] exFAT-fs (loop3): failed to load upcase table (idx : 0x00012366, chksum : 0xd06b6363, utbl_chksum : 0xe619d30d)
[  107.702229][ T8877] fuse: Unknown parameter 'group_id00000000000000000000'
[  107.871377][ T8882] fuse: Unknown parameter '0xffffffffffffffff'
[  107.926048][ T8883] dlm: no local IP address has been set
[  107.926117][ T8883] dlm: cannot start dlm midcomms -107
[  108.360925][ T8888] loop2: detected capacity change from 0 to 40427
[  108.375908][ T8888] F2FS-fs (loop2): invalid crc value
[  108.399707][ T8888] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  108.443874][ T6531] syz-executor: attempt to access beyond end of device
[  108.443874][ T6531] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  108.448106][ T6531] CPU: 0 UID: 0 PID: 6531 Comm: syz-executor Not tainted 6.16.0-rc7-syzkaller-g82af5ea7c611 #0 PREEMPT 
[  108.448125][ T6531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/18/2025
[  108.448131][ T6531] Call trace:
[  108.448134][ T6531]  show_stack+0x2c/0x3c (C)
[  108.448149][ T6531]  __dump_stack+0x30/0x40
[  108.448163][ T6531]  dump_stack_lvl+0xd8/0x12c
[  108.448171][ T6531]  dump_stack+0x1c/0x28
[  108.448178][ T6531]  f2fs_handle_critical_error+0x34c/0x4b8
[  108.448186][ T6531]  f2fs_stop_checkpoint+0x5c/0x70
[  108.448193][ T6531]  f2fs_write_end_io+0x58c/0x818
[  108.448201][ T6531]  bio_endio+0x804/0x840
[  108.448207][ T6531]  submit_bio_noacct+0x158/0x176c
[  108.448214][ T6531]  submit_bio+0x354/0x4d4
[  108.448220][ T6531]  f2fs_submit_write_bio+0x13c/0x324
[  108.448225][ T6531]  __submit_merged_bio+0x254/0x704
[  108.448230][ T6531]  __submit_merged_write_cond+0x23c/0x4ac
[  108.448235][ T6531]  f2fs_write_data_pages+0x1d28/0x2634
[  108.448241][ T6531]  do_writepages+0x270/0x468
[  108.448249][ T6531]  filemap_fdatawrite+0x144/0x1e8
[  108.448254][ T6531]  f2fs_sync_dirty_inodes+0x2b8/0x788
[  108.448260][ T6531]  f2fs_write_checkpoint+0x684/0x1694
[  108.448267][ T6531]  kill_f2fs_super+0x21c/0x584
[  108.448273][ T6531]  deactivate_locked_super+0xc4/0x12c
[  108.448279][ T6531]  deactivate_super+0xe0/0x100
[  108.448283][ T6531]  cleanup_mnt+0x31c/0x3ac
[  108.448289][ T6531]  __cleanup_mnt+0x20/0x30
[  108.448294][ T6531]  task_work_run+0x1dc/0x260
[  108.448300][ T6531]  do_notify_resume+0x174/0x1f4
[  108.448306][ T6531]  el0_svc+0xb8/0x180
[  108.448312][ T6531]  el0t_64_sync_handler+0x84/0x12c
[  108.448317][ T6531]  el0t_64_sync+0x198/0x19c
[  108.464168][ T6531] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  108.525462][ T8898] __nla_validate_parse: 2 callbacks suppressed
[  108.526713][ T8898] netlink: 28 bytes leftover after parsing attributes in process `syz.4.717'.
[  108.528339][ T8898] netlink: 8 bytes leftover after parsing attributes in process `syz.4.717'.
[  108.642033][ T8904] netlink: 356 bytes leftover after parsing attributes in process `syz.0.719'.
[  108.705563][ T8908] fuse: Unknown parameter 'group_id00000000000000000000'
[  108.908754][ T8923] netlink: 8 bytes leftover after parsing attributes in process `syz.3.726'.
[  108.971235][ T2677] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.518560][ T8933] dlm: no local IP address has been set
[  109.518639][ T8933] dlm: cannot start dlm midcomms -107
[  109.738946][ T8937] netlink: 356 bytes leftover after parsing attributes in process `syz.4.731'.
[  109.779676][ T8939] netlink: 28 bytes leftover after parsing attributes in process `syz.0.732'.
[  109.779738][ T8939] netlink: 8 bytes leftover after parsing attributes in process `syz.0.732'.
[  109.871002][ T8943] gtp0: entered promiscuous mode
[  109.962048][ T8950] netlink: 8 bytes leftover after parsing attributes in process `syz.1.737'.
[  110.122222][ T8952] netlink: 'syz.4.738': attribute type 10 has an invalid length.
[  110.122270][ T8952] netlink: 40 bytes leftover after parsing attributes in process `syz.4.738'.
[  110.215523][ T8957] fuse: Bad value for 'user_id'
[  110.215586][ T8957] fuse: Bad value for 'user_id'
[  110.238250][ T8952] team0: Port device geneve0 added
[  110.489570][ T8965] netlink: 356 bytes leftover after parsing attributes in process `syz.4.743'.
[  110.516411][ T8968] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  110.520248][ T8968] tipc: Resetting bearer <eth:syzkaller0>
[  110.614100][ T8967] tipc: Disabling bearer <eth:syzkaller0>
[  110.990418][ T8979] dlm: no local IP address has been set
[  110.990510][ T8979] dlm: cannot start dlm midcomms -107
[  111.390674][ T8982] gtp0: entered promiscuous mode
[  111.476287][ T8988] fuse: Bad value for 'user_id'
[  111.476332][ T8988] fuse: Bad value for 'user_id'
[  111.924389][ T8995] loop0: detected capacity change from 0 to 16
[  111.927929][ T8995] erofs (device loop0): mounted with root inode @ nid 36.
[  111.931034][ T8995] erofs (device loop0): bogus lookback distance 1388 @ lcn 42 of nid 36
[  111.932877][ T8995] erofs (device loop0): read error -117 @ 43 of nid 36
[  112.457701][ T9018] fuse: Bad value for 'user_id'
[  112.458786][ T9018] fuse: Bad value for 'user_id'
[  112.480915][ T9020] loop1: detected capacity change from 0 to 512
[  112.520838][ T9020] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  112.710361][ T9029] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #2: comm syz.1.763: corrupted inode contents
[  112.713719][ T9029] EXT4-fs error (device loop1): ext4_dirty_inode:6459: inode #2: comm syz.1.763: mark_inode_dirty error
[  112.720228][ T9029] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #2: comm syz.1.763: corrupted inode contents
[  112.907507][ T9032] dlm: no local IP address has been set
[  112.907555][ T9032] dlm: cannot start dlm midcomms -107
[  113.397587][ T6530] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  113.462599][ T9053] fuse: Bad value for 'fd'
[  114.406633][   T26] usb 1-1: new full-speed USB device number 10 using dummy_hcd
[  114.421586][ T9075] __nla_validate_parse: 7 callbacks suppressed
[  114.425989][ T9075] netlink: 356 bytes leftover after parsing attributes in process `syz.3.779'.
[  114.507678][ T9083] netlink: 8 bytes leftover after parsing attributes in process `syz.3.783'.
[  114.556645][ T9087] binder: 9086:9087 got transaction to invalid handle, 1
[  114.556691][ T9087] binder: 9087:9086 cannot find target node
[  114.557197][ T9087] binder: 9086:9087 transaction call to 0:0 failed 25/29201/-22, code 0 size 0-0 line 3152
[  114.557770][ T9087] binder: 9086:9087 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10)
[  114.557796][ T9087] binder: 9087 RLIMIT_NICE not set
[  114.596489][   T26] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  114.596531][   T26] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[  114.596847][   T26] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  114.596893][   T26] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  114.599550][   T26] usb 1-1: config 0 descriptor??
[  114.601239][   T26] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  114.601375][   T26] dvb-usb: bulk message failed: -22 (3/0)
[  114.604994][   T26] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  114.605313][   T26] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  114.605376][   T26] usb 1-1: media controller created
[  114.606349][   T26] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  114.608647][   T26] dvb-usb: bulk message failed: -22 (6/0)
[  114.608732][   T26] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  114.609724][   T26] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input4
[  114.611027][   T26] dvb-usb: schedule remote query interval to 150 msecs.
[  114.611047][   T26] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  114.637725][ T9077] loop2: detected capacity change from 0 to 32768
[  114.642453][ T9077] (syz.2.780,9077,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  114.645204][ T9077] (syz.2.780,9077,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  114.655215][ T9077] JBD2: Ignoring recovery information on journal
[  114.672328][ T9077] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  114.721758][ T6531] ocfs2: Unmounting device (7,2) on (node local)
[  114.810161][   T26] dvb-usb: bulk message failed: -22 (1/0)
[  114.810275][   T26] dvb-usb: error while querying for an remote control event.
[  114.821550][ T9069] dibusb: i2c wr: len=61 is too big!
[  114.821550][ T9069] 
[  114.822022][ T9069] netlink: 'syz.0.777': attribute type 6 has an invalid length.
[  114.918411][ T9094] dlm: no local IP address has been set
[  114.918487][ T9094] dlm: cannot start dlm midcomms -107
[  115.081162][   T26] dvb-usb: bulk message failed: -22 (1/0)
[  115.081211][   T26] dvb-usb: error while querying for an remote control event.
[  115.233803][   T26] dvb-usb: bulk message failed: -22 (1/0)
[  115.233853][   T26] dvb-usb: error while querying for an remote control event.
[  115.392955][ T6639] binder: undelivered TRANSACTION_ERROR: 29201
[  115.421420][   T26] dvb-usb: bulk message failed: -22 (1/0)
[  115.421468][   T26] dvb-usb: error while querying for an remote control event.
[  115.585577][   T26] dvb-usb: bulk message failed: -22 (1/0)
[  115.585630][   T26] dvb-usb: error while querying for an remote control event.
[  115.658994][ T9107] netlink: 'syz.2.790': attribute type 10 has an invalid length.
[  115.660547][ T9107] netlink: 40 bytes leftover after parsing attributes in process `syz.2.790'.
[  115.711768][ T9109] netlink: 356 bytes leftover after parsing attributes in process `syz.2.791'.
[  115.789966][   T26] dvb-usb: bulk message failed: -22 (1/0)
[  115.790020][   T26] dvb-usb: error while querying for an remote control event.
[  115.944752][   T26] dvb-usb: bulk message failed: -22 (1/0)
[  115.945136][   T26] dvb-usb: error while querying for an remote control event.
[  116.103446][   T26] dvb-usb: bulk message failed: -22 (1/0)
[  116.104744][   T26] dvb-usb: error while querying for an remote control event.
[  116.263355][   T26] dvb-usb: bulk message failed: -22 (1/0)
[  116.264553][   T26] dvb-usb: error while querying for an remote control event.
[  116.809546][   T26] dvb-usb: bulk message failed: -22 (1/0)
[  116.809599][   T26] dvb-usb: error while querying for an remote control event.
[  116.826210][   T26] usb 1-1: USB disconnect, device number 10
[  117.173512][ T9133] binder: BINDER_SET_CONTEXT_MGR already set
[  117.173551][ T9133] binder: 9132:9133 ioctl 4018620d 20004a80 returned -16
[  117.173844][ T9133] binder: 9132:9133 got transaction to invalid handle, 1
[  117.173867][ T9133] binder: 9133:9132 cannot find target node
[  117.173886][ T9133] binder: 9132:9133 transaction call to 0:0 failed 29/29201/-22, code 0 size 0-0 line 3152
[  117.174270][ T9133] binder: 9132:9133 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10)
[  117.174292][ T9133] binder: 9133 RLIMIT_NICE not set
[  117.183566][   T26] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  117.287034][ T9143] netlink: 356 bytes leftover after parsing attributes in process `syz.1.802'.
[  117.391619][ T9147] dlm: no local IP address has been set
[  117.391691][ T9147] dlm: cannot start dlm midcomms -107
[  117.989177][ T6639] binder: undelivered TRANSACTION_ERROR: 29201
[  118.491005][ T6540] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  119.164050][ T6540] usb 1-1: Using ep0 maxpacket: 32
[  119.305115][ T6540] usb 1-1: config index 0 descriptor too short (expected 156, got 27)
[  119.305169][ T6540] usb 1-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  119.305205][ T6540] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  119.310423][ T6540] usb 1-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  119.312691][ T6540] usb 1-1: config 0 interface 0 has no altsetting 0
[  119.313177][ T9179] netlink: 356 bytes leftover after parsing attributes in process `syz.4.813'.
[  119.317903][ T6540] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  119.319618][ T6540] usb 1-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  119.321023][ T6540] usb 1-1: Product: syz
[  119.321693][ T6540] usb 1-1: Manufacturer: syz
[  119.322528][ T6540] usb 1-1: SerialNumber: syz
[  119.329091][ T6540] usb 1-1: config 0 descriptor??
[  119.380602][ T9181] binder: 9180:9181 got transaction to invalid handle, 1
[  119.380655][ T9181] binder: 9181:9180 cannot find target node
[  119.380689][ T9181] binder: 9180:9181 transaction call to 0:0 failed 34/29201/-22, code 0 size 0-0 line 3152
[  119.381295][ T9181] binder: 9180:9181 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10)
[  119.381328][ T9181] binder: 9181 RLIMIT_NICE not set
[  119.462051][ T6540] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  119.643306][ T9190] dlm: no local IP address has been set
[  119.643401][ T9190] dlm: cannot start dlm midcomms -107
[  119.691519][ T6540] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  119.744114][ T9186] nbd0: detected capacity change from 0 to 7
[  119.747303][ T7162] Buffer I/O error on dev nbd0, logical block 3, async page read
[  119.748742][ T6536] block nbd0: Receive control failed (result -104)
[  120.171628][ T6639] binder: undelivered TRANSACTION_ERROR: 29201
[  121.336020][   T26] usb 1-1: USB disconnect, device number 11
[  121.346846][   T26] ldusb 1-1:0.0: LD USB Device #0 now disconnected
[  121.427207][ T9218] netlink: 356 bytes leftover after parsing attributes in process `syz.0.825'.
[  121.822445][ T9224] loop2: detected capacity change from 0 to 8
[  121.824348][ T9224] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  121.850497][ T7815] udevd[7815]: incorrect cramfs checksum on /dev/loop2
[  121.904742][ T9229] loop1: detected capacity change from 0 to 256
[  121.915270][ T9230] process 'syz.2.824' launched './file2' with NULL argv: empty string added
[  121.922041][ T9230] cramfs: Error -5 while decompressing!
[  121.926596][ T9230] cramfs: 00000000c7e249b9(26)->000000009741d179(4096)
[  121.928630][ T9230] cramfs: Error -3 while decompressing!
[  121.930180][ T9230] cramfs: 000000001432a756(26)->00000000b29c23d7(4096)
[  121.931864][ T9230] cramfs: Error -3 while decompressing!
[  121.933168][ T9230] cramfs: 00000000078e26e4(16)->00000000062dac15(4096)
[  121.936342][ T9230] cramfs: Error -5 while decompressing!
[  121.937557][ T9230] cramfs: 00000000c7e249b9(26)->000000009741d179(4096)
[  121.948423][ T9229] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[  122.776945][ T9242] netlink: 'syz.2.832': attribute type 10 has an invalid length.
[  122.778777][ T9242] syz_tun: entered promiscuous mode
[  122.796384][ T9242] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  122.811119][ T9244] netlink: 4 bytes leftover after parsing attributes in process `syz.3.833'.
[  122.919589][ T9252] netlink: 356 bytes leftover after parsing attributes in process `syz.3.836'.
[  123.450013][ T9260] binder: 9259:9260 got transaction to invalid handle, 1
[  123.450054][ T9260] binder: 9260:9259 cannot find target node
[  123.450069][ T9260] binder: 9259:9260 transaction call to 0:0 failed 39/29201/-22, code 0 size 0-0 line 3152
[  123.451632][ T9260] binder: 9259:9260 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10)
[  123.451650][ T9260] binder: 9260 RLIMIT_NICE not set
[  124.177859][ T9282] netlink: 4 bytes leftover after parsing attributes in process `syz.1.846'.
[  124.268713][ T9284] netlink: 356 bytes leftover after parsing attributes in process `syz.1.847'.
[  124.280911][ T6540] binder: undelivered TRANSACTION_ERROR: 29201
[  124.527613][ T9296] loop1: detected capacity change from 0 to 8
[  124.540796][ T9296] SQUASHFS error: lzo decompression failed, data probably corrupt
[  124.540886][ T9296] SQUASHFS error: Failed to read block 0x144: -5
[  124.540935][ T9296] SQUASHFS error: Unable to read metadata cache entry [142]
[  124.540979][ T9296] SQUASHFS error: Unable to read inode 0x11f
[  125.763872][ T9317] netlink: 4 bytes leftover after parsing attributes in process `syz.3.857'.
[  125.789385][ T9319] netlink: 356 bytes leftover after parsing attributes in process `syz.0.858'.
[  125.852023][ T9321] binder: tried to use weak ref as strong ref
[  125.852085][ T9321] binder: 9320:9321 Acquire 1 refcount change on invalid ref 0 ret -22
[  125.852296][ T9321] binder: 9320:9321 got transaction to invalid handle, 1
[  125.852317][ T9321] binder: 9321:9320 cannot find target node
[  125.852347][ T9321] binder: 9320:9321 transaction call to 0:0 failed 42/29201/-22, code 0 size 0-0 line 3152
[  125.853246][   T26] binder: undelivered TRANSACTION_ERROR: 29201
[  126.155085][ T2405] ieee802154 phy0 wpan0: encryption failed: -22
[  126.155148][ T2405] ieee802154 phy1 wpan1: encryption failed: -22
[  126.677895][ T9348] netlink: 356 bytes leftover after parsing attributes in process `syz.1.870'.
[  126.717537][ T9352] binder: tried to use weak ref as strong ref
[  126.717587][ T9352] binder: 9351:9352 Acquire 1 refcount change on invalid ref 0 ret -22
[  126.717854][ T9352] binder: 9351:9352 got transaction to invalid handle, 1
[  126.717875][ T9352] binder: 9352:9351 cannot find target node
[  126.717892][ T9352] binder: 9351:9352 transaction call to 0:0 failed 45/29201/-22, code 0 size 0-0 line 3152
[  126.718863][ T6639] binder: undelivered TRANSACTION_ERROR: 29201
[  126.740627][ T9356] netlink: 28 bytes leftover after parsing attributes in process `syz.4.875'.
[  127.490075][ T9376] loop2: detected capacity change from 0 to 64
[  127.701816][ T9376] BFS-fs: bfs_fill_super(): loop2 is unclean, continuing
[  127.711989][ T6639] IPVS: starting estimator thread 0...
[  127.713940][ T9376] BFS-fs: bfs_fill_super(): Inode 0x00000003 corrupted on loop2
[  127.813529][ T9378] IPVS: using max 69 ests per chain, 165600 per kthread
[  127.980851][ T9391] binder: tried to use weak ref as strong ref
[  127.981049][ T9391] binder: 9391:9390 cannot find target node
[  127.981768][ T9391] binder: 9390:9391 transaction call to 0:0 failed 48/29201/-22, code 0 size 0-0 line 3152
[  127.982158][ T6594] binder: undelivered TRANSACTION_ERROR: 29201
[  128.473174][ T9402] fuse: Unknown parameter 'use00000000000000000000'
[  128.529709][ T9407] netlink: 28 bytes leftover after parsing attributes in process `syz.2.891'.
[  128.959149][ T9413] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  128.959338][ T9413] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  129.369210][ T9422] loop3: detected capacity change from 0 to 512
[  129.519990][ T9429] binder: 9428:9429 ioctl 4018620d 0 returned -22
[  129.521586][ T9429] binder_user_error: 2 callbacks suppressed
[  129.521622][ T9429] binder: tried to use weak ref as strong ref
[  129.524226][ T9429] binder: 9428:9429 Acquire 1 refcount change on invalid ref 0 ret -22
[  129.526039][ T9429] binder: 9428:9429 got transaction to invalid handle, 1
[  129.527641][ T9429] binder: 9429:9428 cannot find target node
[  129.529102][ T9429] binder: 9428:9429 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10)
[  129.531886][ T9429] binder: 9429 RLIMIT_NICE not set
[  129.557015][ T9422] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  129.865681][   T26] usb 1-1: new full-speed USB device number 12 using dummy_hcd
[  130.301901][ T6528] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  130.314185][ T9439] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  130.318101][ T9439] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  130.319688][   T26] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  130.321682][   T26] usb 1-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  130.325353][   T26] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  130.328055][   T26] usb 1-1: config 0 descriptor??
[  130.330555][ T9431] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  130.647717][ T9448] tipc: Cannot configure node identity twice
[  131.251883][   T26] elan 0003:04F3:0755.0002: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.0-1/input0
[  131.288689][ T9460] netlink: 28 bytes leftover after parsing attributes in process `syz.2.908'.
[  131.802532][ T9477] binder: 9476:9477 ioctl 4018620d 0 returned -22
[  131.802719][ T9477] binder: tried to use weak ref as strong ref
[  131.802749][ T9477] binder: 9476:9477 Acquire 1 refcount change on invalid ref 0 ret -22
[  131.802874][ T9477] binder: 9476:9477 got transaction to invalid handle, 1
[  131.802891][ T9477] binder_debug: 2 callbacks suppressed
[  131.802908][ T9477] binder: 9477:9476 cannot find target node
[  131.802927][ T9477] binder: 9476:9477 transaction call to 0:0 failed 54/29201/-22, code 0 size 0-0 line 3152
[  131.803078][ T9477] binder: 9476:9477 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10)
[  131.803096][ T9477] binder: 9477 RLIMIT_NICE not set
[  132.533531][ T6608] usb 1-1: reset full-speed USB device number 12 using dummy_hcd
[  132.587442][ T9431] loop0: detected capacity change from 0 to 2048
[  132.631098][ T6109] binder: undelivered TRANSACTION_ERROR: 29201
[  132.652098][ T9491] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  132.954957][ T9508] netlink: 28 bytes leftover after parsing attributes in process `syz.1.925'.
[  134.547356][ T6594] usb 1-1: USB disconnect, device number 12
[  134.738958][ T9540] loop1: detected capacity change from 0 to 1024
[  134.823332][ T9541] loop2: detected capacity change from 0 to 64
[  135.104855][ T9541] BFS-fs: bfs_fill_super(): loop2 is unclean, continuing
[  135.106272][ T9541] BFS-fs: bfs_fill_super(): Inode 0x00000003 corrupted on loop2
[  135.592616][ T6608] usb 1-1: new full-speed USB device number 13 using dummy_hcd
[  135.610923][ T9555] netlink: 28 bytes leftover after parsing attributes in process `syz.1.940'.
[  135.632290][ T9556] loop4: detected capacity change from 0 to 512
[  135.706247][ T9556] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  137.464429][ T6608] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  137.464479][ T6608] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[  137.464509][ T6608] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  137.464526][ T6608] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  137.465737][ T6608] usb 1-1: config 0 descriptor??
[  137.467848][ T6608] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  137.467868][ T6608] dvb-usb: bulk message failed: -22 (3/0)
[  137.468916][ T6608] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  137.469171][ T6608] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  137.469192][ T6608] usb 1-1: media controller created
[  137.469601][ T6608] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  137.470521][ T6608] dvb-usb: bulk message failed: -22 (6/0)
[  137.470549][ T6608] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  137.471341][ T6608] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input5
[  137.471734][ T6608] dvb-usb: schedule remote query interval to 150 msecs.
[  137.471749][ T6608] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  137.614251][ T9587] mac80211_hwsim hwsim4 syzkaller0: entered promiscuous mode
[  137.615590][ T9587] mac80211_hwsim hwsim4 syzkaller0: entered allmulticast mode
[  137.618428][ T9587] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  137.622183][ T6537] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  137.633416][   T26] dvb-usb: bulk message failed: -22 (1/0)
[  137.634349][   T26] dvb-usb: error while querying for an remote control event.
[  137.706420][ T9549] dibusb: i2c wr: len=61 is too big!
[  137.706420][ T9549] 
[  137.706636][ T9549] netlink: 'syz.0.938': attribute type 6 has an invalid length.
[  138.088085][ T6608] dvb-usb: bulk message failed: -22 (1/0)
[  138.088198][ T6608] dvb-usb: error while querying for an remote control event.
[  138.243685][   T26] dvb-usb: bulk message failed: -22 (1/0)
[  138.243821][   T26] dvb-usb: error while querying for an remote control event.
[  138.426452][   T26] dvb-usb: bulk message failed: -22 (1/0)
[  138.426542][   T26] dvb-usb: error while querying for an remote control event.
[  138.737206][ T6540] tipc: Node number set to 2218901909
[  138.747126][   T26] dvb-usb: bulk message failed: -22 (1/0)
[  138.747173][   T26] dvb-usb: error while querying for an remote control event.
[  138.758476][   T26] usb 1-1: USB disconnect, device number 13
[  138.796224][ T9621] syzkaller0: entered promiscuous mode
[  138.797434][ T9621] syzkaller0: entered allmulticast mode
[  138.802141][ T9621] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  138.817944][ T9620] tipc: Resetting bearer <eth:syzkaller0>
[  138.834909][   T26] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  138.874448][ T9620] tipc: Disabling bearer <eth:syzkaller0>
[  138.938708][ T9635] loop4: detected capacity change from 0 to 64
[  139.002355][ T9635] BFS-fs: bfs_fill_super(): loop4 is unclean, continuing
[  139.007956][ T9635] BFS-fs: bfs_fill_super(): Inode 0x00000003 corrupted on loop4
[  139.695311][ T9656] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  139.695531][ T9656] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  139.700666][ T9656] netlink: 'syz.3.974': attribute type 6 has an invalid length.
[  139.738186][ T9660] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  139.738419][ T9660] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  140.153082][ T9670] syzkaller0: entered promiscuous mode
[  140.155659][ T9670] syzkaller0: entered allmulticast mode
[  140.160415][ T9670] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  140.161609][ T9669] tipc: Resetting bearer <eth:syzkaller0>
[  140.214466][ T9669] tipc: Disabling bearer <eth:syzkaller0>
[  140.379212][ T9680] syzkaller0: entered promiscuous mode
[  140.379260][ T9680] syzkaller0: entered allmulticast mode
[  140.389962][ T9680] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  141.562998][ T9712] loop0: detected capacity change from 0 to 1024
[  141.980814][ T9719] loop1: detected capacity change from 0 to 256
[  141.981179][ T9719] exfat: Deprecated parameter 'namecase'
[  141.981233][ T9719] exfat: Deprecated parameter 'namecase'
[  141.981256][ T9719] exfat: Deprecated parameter 'utf8'
[  141.998113][ T9719] exFAT-fs (loop1): failed to load upcase table (idx : 0x00012366, chksum : 0xd06b6363, utbl_chksum : 0xe619d30d)
[  142.010427][ T9723] syzkaller0: entered promiscuous mode
[  142.010471][ T9723] syzkaller0: entered allmulticast mode
[  142.013120][ T9723] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  142.183747][ T9725] fuse: Unknown parameter '0xffffffffffffffff'
[  142.360464][ T9731] netlink: 'syz.2.1003': attribute type 10 has an invalid length.
[  142.365302][ T9731] 8021q: adding VLAN 0 to HW filter on device bond0
[  142.366060][ T9731] team0: Port device bond0 added
[  143.598254][ T9731] team0 (unregistering): Port device geneve0 removed
[  143.601233][ T9731] team0 (unregistering): Port device bond0 removed
[  143.649682][ T9735] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  143.764641][ T9739] team0: Port device geneve0 removed
[  143.837421][ T9770] loop1: detected capacity change from 0 to 256
[  143.842689][ T9770] exfat: Deprecated parameter 'namecase'
[  143.845211][ T9770] exfat: Deprecated parameter 'namecase'
[  143.846696][ T9770] exfat: Deprecated parameter 'utf8'
[  143.931639][ T9772] No such timeout policy "syz1"
[  144.072012][ T9775] netlink: 356 bytes leftover after parsing attributes in process `syz.3.1014'.
[  144.079957][ T9761] syzkaller0: entered promiscuous mode
[  144.082788][ T9761] syzkaller0: entered allmulticast mode
[  144.086077][ T9758] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  144.086085][ T9770] exFAT-fs (loop1): failed to load upcase table (idx : 0x00012366, chksum : 0xd06b6363, utbl_chksum : 0xe619d30d)
[  144.616870][ T9791] fuse: Unknown parameter '0xffffffffffffffff'
[  144.812401][ T9799] loop2: detected capacity change from 0 to 16
[  144.814892][ T9799] erofs (device loop2): mounted with root inode @ nid 36.
[  144.823483][ T9799] erofs (device loop2): bogus lookback distance 1388 @ lcn 42 of nid 36
[  144.826798][ T9799] erofs (device loop2): read error -117 @ 43 of nid 36
[  145.548124][ T9818] netlink: 356 bytes leftover after parsing attributes in process `syz.1.1029'.
[  145.616611][ T9827] loop1: detected capacity change from 0 to 256
[  145.618233][ T9827] exfat: Deprecated parameter 'namecase'
[  145.619322][ T9827] exfat: Deprecated parameter 'namecase'
[  145.620423][ T9827] exfat: Deprecated parameter 'utf8'
[  145.621430][ T9824] syzkaller0: entered promiscuous mode
[  145.621477][ T9824] syzkaller0: entered allmulticast mode
[  145.630203][ T9827] exFAT-fs (loop1): failed to load upcase table (idx : 0x00012366, chksum : 0xd06b6363, utbl_chksum : 0xe619d30d)
[  145.674989][ T9828] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  145.677675][ T9824] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  145.714315][ T9823] tipc: Resetting bearer <eth:syzkaller0>
[  145.775114][ T9823] tipc: Disabling bearer <eth:syzkaller0>
[  145.778836][ T9828] tipc: Resetting bearer <eth:syzkaller0>
[  145.945806][ T9831] fuse: Unknown parameter '0xffffffffffffffff'
[  146.621385][ T9837] loop0: detected capacity change from 0 to 16
[  146.629038][ T9837] erofs (device loop0): mounted with root inode @ nid 36.
[  146.632234][ T9837] erofs (device loop0): bogus lookback distance 1388 @ lcn 42 of nid 36
[  146.639555][ T9837] erofs (device loop0): read error -117 @ 43 of nid 36
[  146.690325][ T9851] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  146.692538][ T9851] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  146.728029][ T9854] netlink: 356 bytes leftover after parsing attributes in process `syz.0.1042'.
[  147.144762][ T9868] syzkaller0: entered promiscuous mode
[  147.144813][ T9868] syzkaller0: entered allmulticast mode
[  147.146687][ T9868] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  147.993771][ T9883] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1050'.
[  147.999389][ T9885] loop2: detected capacity change from 0 to 256
[  148.001092][ T9885] exfat: Deprecated parameter 'namecase'
[  148.002258][ T9885] exfat: Deprecated parameter 'namecase'
[  148.003191][ T9885] exfat: Deprecated parameter 'utf8'
[  148.019007][ T9885] exFAT-fs (loop2): failed to load upcase table (idx : 0x00012366, chksum : 0xd06b6363, utbl_chksum : 0xe619d30d)
[  148.070431][ T9887] loop4: detected capacity change from 0 to 16
[  148.076646][ T9887] erofs (device loop4): mounted with root inode @ nid 36.
[  148.079256][ T9887] erofs (device loop4): bogus lookback distance 1388 @ lcn 42 of nid 36
[  148.079881][ T9887] erofs (device loop4): read error -117 @ 43 of nid 36
[  148.105903][ T9890] netlink: 356 bytes leftover after parsing attributes in process `syz.3.1053'.
[  148.403395][ T9896] fuse: Unknown parameter '0xffffffffffffffff'
[  148.478434][ T9901] loop1: detected capacity change from 0 to 1024
[  148.554416][ T9905] syzkaller0: entered promiscuous mode
[  148.876138][ T6536] Bluetooth: hci2: command 0x0406 tx timeout
[  148.876180][ T6544] Bluetooth: hci3: command 0x0406 tx timeout
[  148.876248][ T6544] Bluetooth: hci1: command 0x0406 tx timeout
[  148.884858][ T9905] syzkaller0: entered allmulticast mode
[  149.404206][ T9905] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  149.410988][ T9904] tipc: Resetting bearer <eth:syzkaller0>
[  149.454337][ T9904] tipc: Disabling bearer <eth:syzkaller0>
[  149.463733][ T9916] syzkaller0: entered promiscuous mode
[  149.463775][ T9916] syzkaller0: entered allmulticast mode
[  149.464993][ T9916] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  149.507912][ T9923] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1065'.
[  149.853201][ T9926] team0: Port device geneve0 removed
[  149.855986][   T56] block nbd0: Possible stuck request 000000009e8406ae: control (read@0,1024B). Runtime 30 seconds
[  149.856100][   T56] block nbd0: Possible stuck request 0000000008d0d750: control (read@1024,1024B). Runtime 30 seconds
[  149.856134][   T56] block nbd0: Possible stuck request 00000000779d6416: control (read@2048,1024B). Runtime 30 seconds
[  149.986968][ T9935] netlink: 356 bytes leftover after parsing attributes in process `syz.2.1066'.
[  150.077939][ T9943] loop2: detected capacity change from 0 to 256
[  150.078323][ T9943] exfat: Deprecated parameter 'namecase'
[  150.078358][ T9943] exfat: Deprecated parameter 'namecase'
[  150.078373][ T9943] exfat: Deprecated parameter 'utf8'
[  150.085942][ T9943] exFAT-fs (loop2): failed to load upcase table (idx : 0x00012366, chksum : 0xd06b6363, utbl_chksum : 0xe619d30d)
[  150.944294][ T9950] fuse: Unknown parameter '0xffffffffffffffff'
[  151.020391][ T9953] loop0: detected capacity change from 0 to 512
[  151.020811][ T9953] EXT4-fs: Ignoring removed mblk_io_submit option
[  151.044338][ T9953] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[  151.045973][ T9953] EXT4-fs (loop0): DAX unsupported by block device.
[  151.058510][ T9956] syzkaller0: entered promiscuous mode
[  151.059529][ T9956] syzkaller0: entered allmulticast mode
[  151.167897][ T9961] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  151.408242][ T9954] tipc: Resetting bearer <eth:syzkaller0>
[  151.411311][ T9962] loop3: detected capacity change from 0 to 1024
[  151.474290][ T9954] tipc: Disabling bearer <eth:syzkaller0>
[  151.557611][ T9968] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  151.557808][ T9968] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  151.565500][ T9968] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  151.565685][ T9968] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  151.567520][ T9968] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  151.567686][ T9968] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  152.128699][ T9982] loop2: detected capacity change from 0 to 16
[  152.142554][ T9982] erofs (device loop2): mounted with root inode @ nid 36.
[  152.169753][ T9982] erofs (device loop2): readahead error at folio 87 @ nid 36
[  152.169861][ T9982] erofs (device loop2): readahead error at folio 86 @ nid 36
[  152.170569][ T9982] erofs (device loop2): bogus lookback distance 363 @ lcn 82 of nid 36
[  152.170593][ T9982] erofs (device loop2): readahead error at folio 83 @ nid 36
[  152.170609][ T9982] erofs (device loop2): bogus lookback distance 363 @ lcn 82 of nid 36
[  152.170625][ T9982] erofs (device loop2): readahead error at folio 82 @ nid 36
[  152.170678][ T9982] erofs (device loop2): readahead error at folio 79 @ nid 36
[  152.170693][ T9982] erofs (device loop2): readahead error at folio 78 @ nid 36
[  152.170715][ T9982] erofs (device loop2): bogus lookback distance 1485 @ lcn 75 of nid 36
[  152.170730][ T9982] erofs (device loop2): readahead error at folio 76 @ nid 36
[  152.170745][ T9982] erofs (device loop2): bogus lookback distance 1485 @ lcn 75 of nid 36
[  152.170760][ T9982] erofs (device loop2): readahead error at folio 75 @ nid 36
[  152.170781][ T9982] erofs (device loop2): readahead error at folio 74 @ nid 36
[  152.170803][ T9982] erofs (device loop2): readahead error at folio 72 @ nid 36
[  152.170818][ T9982] erofs (device loop2): readahead error at folio 71 @ nid 36
[  152.170836][ T9982] erofs (device loop2): readahead error at folio 70 @ nid 36
[  152.170915][ T9982] erofs (device loop2): readahead error at folio 63 @ nid 36
[  152.170943][ T9982] erofs (device loop2): readahead error at folio 61 @ nid 36
[  152.170966][ T9982] erofs (device loop2): bogus lookback distance 1024 @ lcn 58 of nid 36
[  152.170981][ T9982] erofs (device loop2): readahead error at folio 59 @ nid 36
[  152.170995][ T9982] erofs (device loop2): bogus lookback distance 1024 @ lcn 58 of nid 36
[  152.171010][ T9982] erofs (device loop2): readahead error at folio 58 @ nid 36
[  152.171032][ T9982] erofs (device loop2): readahead error at folio 56 @ nid 36
[  152.171089][ T9982] erofs (device loop2): bogus lookback distance 1586 @ lcn 46 of nid 36
[  152.171104][ T9982] erofs (device loop2): readahead error at folio 47 @ nid 36
[  152.171119][ T9982] erofs (device loop2): bogus lookback distance 1586 @ lcn 46 of nid 36
[  152.171133][ T9982] erofs (device loop2): readahead error at folio 46 @ nid 36
[  152.171152][ T9982] erofs (device loop2): readahead error at folio 45 @ nid 36
[  152.171173][ T9982] erofs (device loop2): bogus lookback distance 1388 @ lcn 42 of nid 36
[  152.171188][ T9982] erofs (device loop2): readahead error at folio 43 @ nid 36
[  152.171203][ T9982] erofs (device loop2): bogus lookback distance 1388 @ lcn 42 of nid 36
[  152.171218][ T9982] erofs (device loop2): readahead error at folio 42 @ nid 36
[  152.171235][ T9982] erofs (device loop2): bogus lookback distance 774 @ lcn 40 of nid 36
[  152.171250][ T9982] erofs (device loop2): readahead error at folio 41 @ nid 36
[  152.171265][ T9982] erofs (device loop2): bogus lookback distance 774 @ lcn 40 of nid 36
[  152.171280][ T9982] erofs (device loop2): readahead error at folio 40 @ nid 36
[  152.171297][ T9982] erofs (device loop2): readahead error at folio 39 @ nid 36
[  152.171312][ T9982] erofs (device loop2): readahead error at folio 38 @ nid 36
[  152.171345][ T9982] erofs (device loop2): readahead error at folio 36 @ nid 36
[  152.171404][ T9982] erofs (device loop2): bogus lookback distance 1468 @ lcn 31 of nid 36
[  152.171419][ T9982] erofs (device loop2): readahead error at folio 31 @ nid 36
[  152.171489][ T9982] erofs (device loop2): readahead error at folio 25 @ nid 36
[  152.171507][ T9982] erofs (device loop2): readahead error at folio 24 @ nid 36
[  152.171554][ T9982] erofs (device loop2): readahead error at folio 19 @ nid 36
[  152.172068][ T9982] syz.2.1080: attempt to access beyond end of device
[  152.172068][ T9982] loop2: rw=524288, sector=784, nr_sectors = 64 limit=16
[  152.172176][ T9982] syz.2.1080: attempt to access beyond end of device
[  152.172176][ T9982] loop2: rw=524288, sector=13478624080, nr_sectors = 24 limit=16
[  152.172589][ T9982] syz.2.1080: attempt to access beyond end of device
[  152.172589][ T9982] loop2: rw=524288, sector=13478624032, nr_sectors = 48 limit=16
[  152.172667][ T9982] syz.2.1080: attempt to access beyond end of device
[  152.172667][ T9982] loop2: rw=524288, sector=32, nr_sectors = 64 limit=16
[  152.172708][ T9982] syz.2.1080: attempt to access beyond end of device
[  152.172708][ T9982] loop2: rw=524288, sector=8, nr_sectors = 24 limit=16
[  152.172757][ T9982] syz.2.1080: attempt to access beyond end of device
[  152.172757][ T9982] loop2: rw=524288, sector=14425508768, nr_sectors = 8 limit=16
[  152.688797][ T9988] loop4: detected capacity change from 0 to 256
[  152.689253][ T9988] exfat: Deprecated parameter 'namecase'
[  152.689580][ T9988] exfat: Deprecated parameter 'namecase'
[  152.689878][ T9988] exfat: Deprecated parameter 'utf8'
[  152.697305][ T9988] exFAT-fs (loop4): failed to load upcase table (idx : 0x00012366, chksum : 0xd06b6363, utbl_chksum : 0xe619d30d)
[  153.440883][ T9994] fuse: Unknown parameter '0xffffffffffffffff'
[  153.591210][T10000] syzkaller0: entered promiscuous mode
[  153.591259][T10000] syzkaller0: entered allmulticast mode
[  154.443907][T10000] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  154.445477][ T9997] tipc: Resetting bearer <eth:syzkaller0>
[  154.740107][ T9997] tipc: Disabling bearer <eth:syzkaller0>
[  154.809735][T10023] loop2: detected capacity change from 0 to 1024
[  154.901605][T10026] loop0: detected capacity change from 0 to 512
[  154.903639][T10004] loop3: detected capacity change from 0 to 40427
[  154.906839][T10004] F2FS-fs (loop3): Invalid segment/section count (31, 24 x 2305)
[  154.908831][T10004] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  154.911447][T10004] F2FS-fs (loop3): invalid crc value
[  155.592889][T10026] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  155.678540][T10004] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  155.681695][T10004] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  155.700187][T10045] loop2: detected capacity change from 0 to 256
[  155.701844][T10045] exfat: Deprecated parameter 'namecase'
[  155.702988][T10045] exfat: Deprecated parameter 'namecase'
[  155.703946][T10045] exfat: Deprecated parameter 'utf8'
[  155.717192][T10045] exFAT-fs (loop2): failed to load upcase table (idx : 0x00012366, chksum : 0xd06b6363, utbl_chksum : 0xe619d30d)
[  155.831370][ T6528] syz-executor: attempt to access beyond end of device
[  155.831370][ T6528] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  155.831436][ T6528] CPU: 0 UID: 0 PID: 6528 Comm: syz-executor Not tainted 6.16.0-rc7-syzkaller-g82af5ea7c611 #0 PREEMPT 
[  155.831450][ T6528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/18/2025
[  155.831455][ T6528] Call trace:
[  155.831458][ T6528]  show_stack+0x2c/0x3c (C)
[  155.831472][ T6528]  __dump_stack+0x30/0x40
[  155.831483][ T6528]  dump_stack_lvl+0xd8/0x12c
[  155.831491][ T6528]  dump_stack+0x1c/0x28
[  155.831498][ T6528]  f2fs_handle_critical_error+0x34c/0x4b8
[  155.831504][ T6528]  f2fs_stop_checkpoint+0x5c/0x70
[  155.831511][ T6528]  f2fs_write_end_io+0x58c/0x818
[  155.831517][ T6528]  bio_endio+0x804/0x840
[  155.831524][ T6528]  submit_bio_noacct+0x158/0x176c
[  155.831531][ T6528]  submit_bio+0x354/0x4d4
[  155.831537][ T6528]  f2fs_submit_write_bio+0x13c/0x324
[  155.831542][ T6528]  __submit_merged_bio+0x254/0x704
[  155.831547][ T6528]  __submit_merged_write_cond+0x23c/0x4ac
[  155.831552][ T6528]  f2fs_write_data_pages+0x1d28/0x2634
[  155.831562][ T6528]  do_writepages+0x270/0x468
[  155.831570][ T6528]  filemap_fdatawrite+0x144/0x1e8
[  155.831575][ T6528]  f2fs_sync_dirty_inodes+0x2b8/0x788
[  155.831582][ T6528]  f2fs_write_checkpoint+0x684/0x1694
[  155.831589][ T6528]  kill_f2fs_super+0x21c/0x584
[  155.831595][ T6528]  deactivate_locked_super+0xc4/0x12c
[  155.831601][ T6528]  deactivate_super+0xe0/0x100
[  155.831606][ T6528]  cleanup_mnt+0x31c/0x3ac
[  155.831611][ T6528]  __cleanup_mnt+0x20/0x30
[  155.831616][ T6528]  task_work_run+0x1dc/0x260
[  155.831622][ T6528]  do_notify_resume+0x174/0x1f4
[  155.831628][ T6528]  el0_svc+0xb8/0x180
[  155.831634][ T6528]  el0t_64_sync_handler+0x84/0x12c
[  155.831639][ T6528]  el0t_64_sync+0x198/0x19c
[  155.831737][ T6528] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  155.971737][ T6529] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  156.096763][T10053] fuse: Unknown parameter '0xffffffffffffffff'
[  156.633423][ T6540] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  156.785026][ T6540] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  156.785072][ T6540] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  156.788578][ T6540] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  156.788637][ T6540] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  156.788664][ T6540] usb 1-1: SerialNumber: syz
[  156.791713][T10074] syzkaller0: entered promiscuous mode
[  156.791739][T10074] syzkaller0: entered allmulticast mode
[  156.846104][T10074] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  156.848133][T10073] tipc: Resetting bearer <eth:syzkaller0>
[  156.894548][T10073] tipc: Disabling bearer <eth:syzkaller0>
[  156.977637][T10078] fuse: Unknown parameter '0x0000000000000004'
[  157.021907][T10082] loop2: detected capacity change from 0 to 1024
[  157.025088][ T6540] usb 1-1: 0:2 : does not exist
[  157.026831][ T6540] usb 1-1: unit 5: unexpected type 0x0a
[  157.037851][T10084] loop3: detected capacity change from 0 to 512
[  157.127685][ T6540] usb 1-1: USB disconnect, device number 14
[  157.306000][T10084] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  157.426265][ T7815] udevd[7815]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  157.948312][T10106] No such timeout policy "syz1"
[  158.270475][T10109] syzkaller0: entered promiscuous mode
[  158.270524][T10109] syzkaller0: entered allmulticast mode
[  158.286151][ T6528] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  158.610947][T10112] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  158.626393][T10108] tipc: Resetting bearer <eth:syzkaller0>
[  158.639633][T10121] fuse: Unknown parameter 'fd0x0000000000000004'
[  158.674749][T10108] tipc: Disabling bearer <eth:syzkaller0>
[  159.232932][T10133] loop4: detected capacity change from 0 to 40427
[  159.249961][T10133] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  159.337420][T10142] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1125'.
[  160.158618][T10150] loop2: detected capacity change from 0 to 512
[  160.160108][ T6537] syz-executor: attempt to access beyond end of device
[  160.160108][ T6537] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  160.160173][ T6537] CPU: 0 UID: 0 PID: 6537 Comm: syz-executor Not tainted 6.16.0-rc7-syzkaller-g82af5ea7c611 #0 PREEMPT 
[  160.160185][ T6537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/18/2025
[  160.160190][ T6537] Call trace:
[  160.160193][ T6537]  show_stack+0x2c/0x3c (C)
[  160.160206][ T6537]  __dump_stack+0x30/0x40
[  160.160217][ T6537]  dump_stack_lvl+0xd8/0x12c
[  160.160224][ T6537]  dump_stack+0x1c/0x28
[  160.160230][ T6537]  f2fs_handle_critical_error+0x34c/0x4b8
[  160.160240][ T6537]  f2fs_stop_checkpoint+0x5c/0x70
[  160.160248][ T6537]  f2fs_write_end_io+0x58c/0x818
[  160.160255][ T6537]  bio_endio+0x804/0x840
[  160.160261][ T6537]  submit_bio_noacct+0x158/0x176c
[  160.160268][ T6537]  submit_bio+0x354/0x4d4
[  160.160275][ T6537]  f2fs_submit_write_bio+0x13c/0x324
[  160.160280][ T6537]  __submit_merged_bio+0x254/0x704
[  160.160285][ T6537]  __submit_merged_write_cond+0x23c/0x4ac
[  160.160290][ T6537]  f2fs_write_data_pages+0x1d28/0x2634
[  160.160296][ T6537]  do_writepages+0x270/0x468
[  160.160304][ T6537]  filemap_fdatawrite+0x144/0x1e8
[  160.160309][ T6537]  f2fs_sync_dirty_inodes+0x2b8/0x788
[  160.160316][ T6537]  f2fs_write_checkpoint+0x684/0x1694
[  160.160323][ T6537]  kill_f2fs_super+0x21c/0x584
[  160.160329][ T6537]  deactivate_locked_super+0xc4/0x12c
[  160.160335][ T6537]  deactivate_super+0xe0/0x100
[  160.160339][ T6537]  cleanup_mnt+0x31c/0x3ac
[  160.160345][ T6537]  __cleanup_mnt+0x20/0x30
[  160.160350][ T6537]  task_work_run+0x1dc/0x260
[  160.160356][ T6537]  do_notify_resume+0x174/0x1f4
[  160.160362][ T6537]  el0_svc+0xb8/0x180
[  160.160369][ T6537]  el0t_64_sync_handler+0x84/0x12c
[  160.160374][ T6537]  el0t_64_sync+0x198/0x19c
[  160.160464][ T6537] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  160.173688][T10152] loop1: detected capacity change from 0 to 64
[  160.226464][T10156] fuse: Unknown parameter 'fd0x0000000000000004'
[  160.237513][T10150] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  160.327737][T10152] ------------[ cut here ]------------
[  160.327830][T10152] WARNING: CPU: 0 PID: 10152 at fs/buffer.c:1189 mark_buffer_dirty+0x284/0x490
[  160.329948][T10152] Modules linked in:
[  160.330662][T10152] CPU: 0 UID: 0 PID: 10152 Comm: syz.1.1128 Not tainted 6.16.0-rc7-syzkaller-g82af5ea7c611 #0 PREEMPT 
[  160.332420][T10152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/18/2025
[  160.334024][T10152] pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
[  160.335208][T10152] pc : mark_buffer_dirty+0x284/0x490
[  160.336122][T10152] lr : mark_buffer_dirty+0x284/0x490
[  160.337033][T10152] sp : ffff80009f4f7390
[  160.337730][T10152] x29: ffff80009f4f7390 x28: ffff0000fc6fc160 x27: dfff800000000000
[  160.339116][T10152] x26: ffff0000e7a2b600 x25: ffff0000f74e99a8 x24: ffff0000ded55488
[  160.340393][T10152] x23: ffff0000fc6fc018 x22: ffff0000c15ae488 x21: 1fffe0001f8df82c
[  160.341583][T10152] x20: 0000000000000010 x19: ffff0000ded55488 x18: 00000000ffffffff
[  160.342788][T10152] x17: ffff800093376000 x16: ffff80008051f01c x15: 0000000000000001
[  160.343933][T10152] x14: 1fffe0001bdaaa91 x13: 0000000000000000 x12: 0000000000000000
[  160.345118][T10152] x11: 0000000000080000 x10: 000000000000ba4f x9 : ffff8000a8c2a000
[  160.346295][T10152] x8 : 000000000000ba50 x7 : 0000000000000000 x6 : 0000000000000000
[  160.347471][T10152] x5 : ffff0000e7a2b800 x4 : ffff0000e1b75400 x3 : ffff800080e3349c
[  160.348616][T10152] x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000
[  160.349782][T10152] Call trace:
[  160.350243][T10152]  mark_buffer_dirty+0x284/0x490 (P)
[  160.351040][T10152]  bfs_get_block+0x4d8/0x9d4
[  160.351685][T10152]  __block_write_begin_int+0x53c/0x15e8
[  160.352474][T10152]  block_write_begin+0xa0/0x128
[  160.353188][T10152]  bfs_write_begin+0x48/0xec
[  160.353956][T10152]  generic_perform_write+0x23c/0x79c
[  160.354822][T10152]  __generic_file_write_iter+0xfc/0x204
[  160.355680][T10152]  generic_file_write_iter+0x104/0x470
[  160.356499][T10152]  vfs_write+0x62c/0x97c
[  160.357121][T10152]  ksys_write+0x120/0x210
[  160.357738][T10152]  __arm64_sys_write+0x7c/0x90
[  160.358413][T10152]  invoke_syscall+0x98/0x2b8
[  160.359079][T10152]  el0_svc_common+0x130/0x23c
[  160.359754][T10152]  do_el0_svc+0x48/0x58
[  160.360397][T10152]  el0_svc+0x58/0x180
[  160.361006][T10152]  el0t_64_sync_handler+0x84/0x12c
[  160.361833][T10152]  el0t_64_sync+0x198/0x19c
[  160.362614][T10152] irq event stamp: 4642
[  160.363266][T10152] hardirqs last  enabled at (4641): [<ffff800080e35cfc>] find_get_block_common+0x970/0xde8
[  160.364910][T10152] hardirqs last disabled at (4642): [<ffff80008aefc634>] el1_brk64+0x1c/0x48
[  160.366359][T10152] softirqs last  enabled at (4582): [<ffff8000803cedfc>] handle_softirqs+0xaf8/0xc88
[  160.367886][T10152] softirqs last disabled at (3183): [<ffff800080020efc>] __do_softirq+0x14/0x20
[  160.369290][T10152] ---[ end trace 0000000000000000 ]---
[  160.372270][T10166] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  160.444240][T10152] Unable to handle kernel paging request at virtual address dfff800000000005
[  160.446379][T10152] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
[  160.448673][T10152] Mem abort info:
[  160.449823][T10152]   ESR = 0x0000000096000005
[  160.451157][T10152]   EC = 0x25: DABT (current EL), IL = 32 bits
[  160.453415][T10152]   SET = 0, FnV = 0
[  160.454699][T10152]   EA = 0, S1PTW = 0
[  160.455837][T10152]   FSC = 0x05: level 1 translation fault
[  160.457291][T10152] Data abort info:
[  160.458423][T10152]   ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
[  160.459958][T10152]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[  160.461414][T10152]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[  160.462903][T10152] [dfff800000000005] address between user and kernel address ranges
[  160.464924][T10152] Internal error: Oops: 0000000096000005 [#1]  SMP
[  160.465853][T10152] Modules linked in:
[  160.466457][T10152] CPU: 0 UID: 0 PID: 10152 Comm: syz.1.1128 Tainted: G        W           6.16.0-rc7-syzkaller-g82af5ea7c611 #0 PREEMPT 
[  160.468473][T10152] Tainted: [W]=WARN
[  160.469093][T10152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/18/2025
[  160.470629][T10152] pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
[  160.471788][T10152] pc : bfs_get_block+0x498/0x9d4
[  160.472541][T10152] lr : bfs_get_block+0x470/0x9d4
[  160.473298][T10152] sp : ffff80009f4f73d0
[  160.473926][T10152] x29: ffff80009f4f7440 x28: ffff0000fc6fc160 x27: dfff800000000000
[  160.475316][T10152] x26: 0000000000000028 x25: ffff0000f74e99a8 x24: 0000000000000000
[  160.476651][T10152] x23: ffff0000fc6fc018 x22: ffff0000c15d1828 x21: 1fffe0001f8df82c
[  160.477962][T10152] x20: 0000000000000200 x19: 000000000000001f x18: 00000000ffffffff
[  160.479224][T10152] x17: ffff0001fea8b870 x16: ffff80008052b68c x15: 0000000000000001
[  160.480519][T10152] x14: 1fffffbff873d056 x13: 0000000000000000 x12: 0000000000000000
[  160.481885][T10152] x11: 0000000000080000 x10: 00000000000755e7 x9 : 0000000000000000
[  160.483220][T10152] x8 : 0000000000000005 x7 : 0000000000000000 x6 : 0000000000000000
[  160.484472][T10152] x5 : 0000000000000000 x4 : 0000000000000008 x3 : ffff800080e36534
[  160.485668][T10152] x2 : 0000000000000001 x1 : 0000000000000040 x0 : 0000000000000000
[  160.486940][T10152] Call trace:
[  160.487464][T10152]  bfs_get_block+0x498/0x9d4 (P)
[  160.488210][T10152]  __block_write_begin_int+0x53c/0x15e8
[  160.489138][T10152]  block_write_begin+0xa0/0x128
[  160.489858][T10152]  bfs_write_begin+0x48/0xec
[  160.490547][T10152]  generic_perform_write+0x23c/0x79c
[  160.491467][T10152]  __generic_file_write_iter+0xfc/0x204
[  160.492388][T10152]  generic_file_write_iter+0x104/0x470
[  160.493318][T10152]  vfs_write+0x62c/0x97c
[  160.493911][T10152]  ksys_write+0x120/0x210
[  160.494560][T10152]  __arm64_sys_write+0x7c/0x90
[  160.495319][T10152]  invoke_syscall+0x98/0x2b8
[  160.495987][T10152]  el0_svc_common+0x130/0x23c
[  160.496642][T10152]  do_el0_svc+0x48/0x58
[  160.497267][T10152]  el0_svc+0x58/0x180
[  160.497850][T10152]  el0t_64_sync_handler+0x84/0x12c
[  160.498564][T10152]  el0t_64_sync+0x198/0x19c
[  160.499254][T10152] Code: 97e6eaba 9100a31a f94012d4 d343ff48 (387b6908) 
[  160.500223][T10152] ---[ end trace 0000000000000000 ]---
[  160.740562][T10152] Kernel panic - not syncing: Oops: Fatal exception
[  160.741475][T10152] SMP: stopping secondary CPUs
[  160.742169][T10152] Kernel Offset: disabled
[  160.742752][T10152] CPU features: 0x10000,00001e00,042708a1,5427fea7
[  160.743661][T10152] Memory Limit: none
[  160.987464][T10152] Rebooting in 86400 seconds..