last executing test programs: 13.348792203s ago: executing program 1 (id=104): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) setxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r0, 0x0, 0x0, 0x40408d1) shutdown(r0, 0x1) setsockopt(r0, 0x84, 0x7f, &(0x7f00000001c0), 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r1 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) r2 = syz_open_procfs(0x0, 0x0) getdents(r2, &(0x7f0000001000)=""/4085, 0xff5) r3 = syz_open_dev$I2C(&(0x7f00000000c0), 0x0, 0x121c80) ioctl$I2C_RDWR(r3, 0x707, &(0x7f00000001c0)={&(0x7f0000001840)=[{0x0, 0x0, 0x0, 0x0}, {0x8001, 0x10, 0x0, 0x0}], 0x2}) r4 = socket$unix(0x1, 0x2, 0x0) bind$unix(r4, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r5 = syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r5, 0xc0045627, &(0x7f0000000100)=0x3) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r5, 0xc0845657, &(0x7f00000007c0)={0x0, @bt={0xa8c, 0x870, 0x1, 0x2, 0xd59f82, 0x19f5, 0xacc, 0xb, 0x0, 0x8, 0x27fd, 0x2800, 0x440, 0x3, 0xd, 0x22, {0x45, 0x80}, 0xcd, 0x3}}) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x20004800) connect$unix(0xffffffffffffffff, 0x0, 0x0) 13.001420257s ago: executing program 3 (id=105): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000000)={'syzkaller0\x00', @broadcast}) socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x4d, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084) sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001300)=@newqdisc={0x24, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdf8, {0x0, 0x0, 0x0, 0x0, {0x10}, {}, {0xa, 0x3}}}, 0x24}, 0x1, 0x0, 0x0, 0x40098}, 0x0) 11.771561072s ago: executing program 1 (id=109): setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) connect$bt_l2cap(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$phonet_pipe(0x23, 0x5, 0x2) ioctl$SIOCPNGETOBJECT(r3, 0x89e0, &(0x7f0000000480)) socket$inet6_udp(0xa, 0x2, 0x0) syz_genetlink_get_family_id$l2tp(&(0x7f00000008c0), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r4, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20008802}, 0x30) 11.710864214s ago: executing program 3 (id=111): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000100)=0x1800, 0x4) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) listen(r1, 0xfffffffc) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r2, 0x0, 0x0) 11.692477141s ago: executing program 4 (id=112): r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf01b}, {0x0}], 0x2) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x2, 0x0, r0, 0x0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0, 0x4, 0x1}) r2 = syz_io_uring_setup(0x487, &(0x7f0000000240)={0x0, 0x59c4, 0x800, 0x1000, 0x5cc}, &(0x7f0000000300)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x4, 0x0, 0x2}]}, 0x8) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_EPOLL_CTL=@del={0x1d, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x1}) io_uring_enter(r2, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5) 11.640869675s ago: executing program 2 (id=113): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) setxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r0, 0x0, 0x0, 0x40408d1) shutdown(r0, 0x1) setsockopt(r0, 0x84, 0x7f, &(0x7f00000001c0), 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r1 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) r2 = syz_open_procfs(0x0, 0x0) getdents(r2, &(0x7f0000001000)=""/4085, 0xff5) r3 = syz_open_dev$I2C(&(0x7f00000000c0), 0x0, 0x121c80) ioctl$I2C_RDWR(r3, 0x707, &(0x7f00000001c0)={&(0x7f0000001840)=[{0x8001, 0x10, 0x0, 0x0}], 0x1}) r4 = socket$unix(0x1, 0x2, 0x0) bind$unix(r4, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r5 = syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r5, 0xc0045627, &(0x7f0000000100)=0x3) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r5, 0xc0845657, &(0x7f00000007c0)={0x0, @bt={0xa8c, 0x870, 0x1, 0x2, 0xd59f82, 0x19f5, 0xacc, 0xb, 0x0, 0x8, 0x27fd, 0x2800, 0x440, 0x3, 0xd, 0x22, {0x45, 0x80}, 0xcd, 0x3}}) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x20004800) connect$unix(0xffffffffffffffff, &(0x7f0000000000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 11.444312911s ago: executing program 0 (id=114): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) listen(r0, 0xfffffffc) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 10.462556638s ago: executing program 1 (id=115): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c) sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0xb, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x48043) sendto$inet6(r1, &(0x7f0000002380)='~', 0x1, 0x0, 0x0, 0x0) r2 = dup(r0) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, 0x0, 0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0xce20, 0x6, @empty, 0x2d}}, 0x7, 0x1, 0xf06, 0x3, 0xb4, 0x7f, 0x9}, 0x9c) pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSETATTR(r4, &(0x7f0000000000)={0x7, 0x1b, 0x2}, 0xffffff9a) splice(r3, 0x0, r0, 0x0, 0xffff, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e60, 0xeffffff2, @empty, 0x5}}, 0x10001fc, 0x6, 0xffff1896, 0x3, 0x26, 0xffffffb9, 0x1a}, 0x9c) 9.978246057s ago: executing program 3 (id=116): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000280)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYBLOB="01002dbd7000fddbdf250c0000002000018008000300030000001400020076657468305f766c616e0000000000"], 0x48}, 0x1, 0x0, 0x0, 0x4801}, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c6261636b67726f756e645f67633d6f6e2c6e6f757365725f78617474722c6e6f71756f74612c64697361626c655f726f6c6c5f666f72776172642c67635f6d657267652c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c646973636172645f756e69743d73656374696f6e2c636865636b706f696e743d64697361626c652c6e6f696e6c696e655f64656e7472792c00ec6da92d1c80a6c720380e3c2c55bf27596d2776ce408c4bb19b149757508e1c7e919c6c2047023baa412d14fa75c8cac6e5f103e13ea52708af0a7c5da8af4ecb6612"], 0x2, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S") prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) r2 = shmget$private(0x0, 0x2000, 0x800, &(0x7f0000ffd000/0x2000)=nil) ioctl$FS_IOC_GETFSLABEL(r1, 0x81009431, &(0x7f0000000880)) shmat(r2, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff) madvise(&(0x7f00001c1000/0x3000)=nil, 0x3000, 0x9) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = open(&(0x7f0000000580)='./bus\x00', 0x84242, 0x1df2a23c5997fa5f) r4 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r4, 0xc01864c6, &(0x7f0000000040)={0x0}) write$FUSE_CREATE_OPEN(r3, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x2, 0x5, 0x7, 0x3, 0x3, {0x400000080001, 0xff, 0x20ff, 0x8, 0xe, 0xd615, 0x9, 0x3, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x5, 0x2000001}}, {0x0, 0x14}}}, 0xa0) sendfile(r3, r3, &(0x7f0000000080), 0x7f03) syz_clone3(&(0x7f0000000300)={0x100000400, &(0x7f0000000040), 0x0, 0x0, {0x11}, 0x0, 0x0, 0x0, &(0x7f0000000240)=[0x0], 0x1, {r3}}, 0x58) setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f00000000c0)='reno', 0x4) 9.85518805s ago: executing program 0 (id=117): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x802, 0x0) 8.763230876s ago: executing program 4 (id=118): r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf01b}, {0x0}], 0x2) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x2, 0x0, r0, 0x0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0, 0x4, 0x1}) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f0000000740)=[{&(0x7f00000003c0)=""/201, 0xc9}], 0x1) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x4, 0x0, 0x2}]}, 0x8) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_EPOLL_CTL=@del={0x1d, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x1}) io_uring_enter(0xffffffffffffffff, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5) 8.337116261s ago: executing program 2 (id=119): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c) sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0xb, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x48043) r2 = dup(r0) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='ip6gretap0\x00', 0x10) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, 0x0, 0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0xce20, 0x6, @empty, 0x2d}}, 0x7, 0x1, 0xf06, 0x3, 0xb4, 0x7f, 0x9}, 0x9c) pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSETATTR(r4, &(0x7f0000000000)={0x7, 0x1b, 0x2}, 0xffffff9a) splice(r3, 0x0, r0, 0x0, 0xffff, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e60, 0xeffffff2, @empty, 0x5}}, 0x10001fc, 0x6, 0xffff1896, 0x3, 0x26, 0xffffffb9, 0x1a}, 0x9c) 7.774040217s ago: executing program 3 (id=120): r0 = syz_open_procfs$namespace(0xffffffffffffffff, 0x0) ioctl$NS_GET_USERNS(r0, 0xb701, 0x0) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f00000000c0)=@sack_info={0x0, 0x6, 0x5a97ad85}, 0xc) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000040)=@assoc_value={0x0, 0xe}, &(0x7f00000001c0)=0xfffffdcb) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) syz_open_procfs(0x0, 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='nfsd\x00', 0x0, 0x0) r2 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]}) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x2, 0x2, 0x0, 0x4002004c4, 0x7f, 0x8000000000000000, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0xfff, 0xb3, 0x39da], 0x30000, 0x2010d3}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 7.773335473s ago: executing program 0 (id=121): r0 = syz_open_procfs$namespace(0xffffffffffffffff, 0x0) ioctl$NS_GET_USERNS(r0, 0xb701, 0x0) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f00000000c0)=@sack_info={0x0, 0x6, 0x5a97ad85}, 0xc) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000040)=@assoc_value={0x0, 0xe}, &(0x7f00000001c0)=0xfffffdcb) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) syz_open_procfs(0x0, 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='nfsd\x00', 0x0, 0x0) r2 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]}) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 7.75932986s ago: executing program 1 (id=122): r0 = syz_open_procfs$namespace(0xffffffffffffffff, 0x0) ioctl$NS_GET_USERNS(r0, 0xb701, 0x0) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f00000000c0)=@sack_info={0x0, 0x6, 0x5a97ad85}, 0xc) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000040)=@assoc_value={0x0, 0xe}, &(0x7f00000001c0)=0xfffffdcb) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) syz_open_procfs(0x0, 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='nfsd\x00', 0x0, 0x0) r2 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]}) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x2, 0x2, 0x0, 0x4002004c4, 0x7f, 0x8000000000000000, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0xfff, 0xb3, 0x39da], 0x30000, 0x2010d3}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 5.936585762s ago: executing program 2 (id=123): setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$phonet_pipe(0x23, 0x5, 0x2) ioctl$SIOCPNGETOBJECT(r3, 0x89e0, &(0x7f0000000480)) socket$inet6_udp(0xa, 0x2, 0x0) syz_genetlink_get_family_id$l2tp(&(0x7f00000008c0), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r4, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20008802}, 0x30) 5.892233502s ago: executing program 4 (id=124): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) listen(r0, 0xfffffffc) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r1, 0x0, 0x0) 5.817583149s ago: executing program 1 (id=125): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c) sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0xb, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x48043) sendto$inet6(r1, &(0x7f0000002380), 0x0, 0x0, 0x0, 0x0) r2 = dup(r0) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='ip6gretap0\x00', 0x10) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0xce20, 0x6, @empty, 0x2d}}, 0x7, 0x1, 0xf06, 0x3, 0xb4, 0x7f, 0x9}, 0x9c) pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSETATTR(r4, &(0x7f0000000000)={0x7, 0x1b, 0x2}, 0xffffff9a) splice(r3, 0x0, r0, 0x0, 0xffff, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e60, 0xeffffff2, @empty, 0x5}}, 0x10001fc, 0x6, 0xffff1896, 0x3, 0x26, 0xffffffb9, 0x1a}, 0x9c) 5.636976846s ago: executing program 0 (id=126): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c) sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0xb, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x48043) r2 = dup(r0) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='ip6gretap0\x00', 0x10) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e24, @empty}}, 0x8003, 0xbffc, 0xe652, 0x5, 0x134, 0x48, 0xff}, 0x9c) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, 0x0, 0x0) pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSETATTR(r4, &(0x7f0000000000)={0x7, 0x1b, 0x2}, 0xffffff9a) splice(r3, 0x0, r0, 0x0, 0xffff, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e60, 0xeffffff2, @empty, 0x5}}, 0x10001fc, 0x6, 0xffff1896, 0x3, 0x26, 0xffffffb9, 0x1a}, 0x9c) 5.029464053s ago: executing program 4 (id=127): syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs2/binder0\x00', 0x802, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x110a, 0x2}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x12, 0x9, 0x4, 0x3}, 0x50) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000001c0)={r5, &(0x7f00000000c0)}, 0x20) sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc800000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000005400038050000080080003400000000244000b802c0001800a0001006c696d69740000001c0002800c00024000000000000000030c000140000000000000100014000180090001006c617374000000000400028014000000110001"], 0xe4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) 4.830490597s ago: executing program 2 (id=128): bpf$MAP_CREATE(0x0, 0x0, 0x48) socket$packet(0x11, 0x3, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x89}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000440)='./file0\x00', 0x0, &(0x7f0000000480), 0x4, 0x3fa, &(0x7f00000004c0)="$eJzs281rXFUbAPDn3nyUt2nfxFq/2qrTBjGgJk2iQsBNRUVBcKE7FxKaaSlOmtKM2BYXKoKr4saVrlzpH+DGhSDuXQmudC+FIMW1jNyZe5txMhMzyYyjvb8fTHLO3DOc88yZZ+bcc2cCKK1K9ieJOBIRP0fEdKv61waV1r/fb793Prsl0Wi8/lvSbJfVi6bF46byylwakX6UxMku/W5ev/H2aq1WvZrXF+rrVxY2r9946tL66sXqxerl5ZVnzi4trzy7sjywWG/ePvXTxuev/fHJmV+mnr/51gvZeI/kx9rjGJRKVKKR6zz22KA7G7GjbeVkfIQDoS9jEZFN10Qz/6djLLYnbzpe/HCkgwOGKvtsOtT78PsN4C6WxKhHAIxG8UFfnNsP4zz432zrXOsEaGf845HmbSY6zm8HKTvbuvbmx99mtxjSPgQAQLvvsvXPk93WP2nc39bu//m1oZmIuCcijkXEvRFxPCLui2i2fSAiHuyz/0pHfef6J721r8D2KFv/Pdd1/Vus/mJmLK8dbcY/kVy4VKuezZ+TuZg4lNUXd+njx1e++rLXsUrb+i+7Zf0Xa8F8HLfGOzbo1lbrqweJud3WBxEnuq5/kztXApKIeCgiTuyzj2/ONT7rdezv4x+uxhcRj3ed/+2roMnu1ycXmq+HheJVsdOpd6+s9ep/1PFn83949/hnkvbrtZv99/H1zOmtXsf2+/qfTN5olifz+66t1utXFyMmk1d33r+0/diiXrTP4p+b7Z7/x2L7mTiZzWNEPBwRj0TEo/nYT0fEmYiY3SX+l2Zfru4//uHK4l/ra/77L6wvff9Dr/73Nv9PN0tz+T17ef/b6wAP8twBAADAf0Xa/A58ks7fKafp/HzrO/zH43Ba29isP3Fh453La63vys/ERFrsdE237Ycu5nvDRX2po76c7xt/Ova/Zn3+/Eat56YY8I+Y6pH/mV/HRj06YOj8XgvKS/5Decl/KC/5D+Ul/6G85D+Ul/yH8pL/UF7yH8pL/kMpHeR3/QoKCndrYdTvTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIPxZwAAAP//jYTnFQ==") fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) io_setup(0x202, &(0x7f0000000200)=0x0) io_submit(r3, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000), 0x4000, 0xa00}]) 3.920840513s ago: executing program 4 (id=129): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) setxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r0, 0x0, 0x0, 0x40408d1) shutdown(r0, 0x1) setsockopt(r0, 0x84, 0x7f, &(0x7f00000001c0), 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r1 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) r2 = syz_open_procfs(0x0, 0x0) getdents(r2, &(0x7f0000001000)=""/4085, 0xff5) r3 = syz_open_dev$I2C(&(0x7f00000000c0), 0x0, 0x121c80) ioctl$I2C_RDWR(r3, 0x707, 0x0) r4 = socket$unix(0x1, 0x2, 0x0) bind$unix(r4, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r5 = syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r5, 0xc0045627, &(0x7f0000000100)=0x3) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r5, 0xc0845657, &(0x7f00000007c0)={0x0, @bt={0xa8c, 0x870, 0x1, 0x2, 0xd59f82, 0x19f5, 0xacc, 0xb, 0x0, 0x8, 0x27fd, 0x2800, 0x440, 0x3, 0xd, 0x22, {0x45, 0x80}, 0xcd, 0x3}}) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x20004800) connect$unix(0xffffffffffffffff, &(0x7f0000000000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 2.929261558s ago: executing program 1 (id=130): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000300)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) semctl$SEM_INFO(0x0, 0x4, 0x13, 0x0) 2.401839573s ago: executing program 2 (id=131): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000000)={'syzkaller0\x00', @broadcast}) socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x4d, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084) sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001300)=@newqdisc={0x24, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdf8, {0x0, 0x0, 0x0, r3, {0x10}, {}, {0xa, 0x3}}}, 0x24}, 0x1, 0x0, 0x0, 0x40098}, 0x0) 2.388048146s ago: executing program 0 (id=132): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) listen(r1, 0xfffffffc) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x20, r3, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x20}}, 0x0) 2.237160319s ago: executing program 3 (id=133): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x10000005) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x121040, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) 375.13737ms ago: executing program 4 (id=134): r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)}, {0x0}], 0x2) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x2, 0x0, r0, 0x0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0, 0x4, 0x1}) r2 = syz_io_uring_setup(0x487, &(0x7f0000000240)={0x0, 0x59c4, 0x800, 0x1000, 0x5cc}, &(0x7f0000000300)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000000740)=[{&(0x7f00000003c0)=""/201, 0xc9}], 0x1) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x4, 0x0, 0x2}]}, 0x8) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_EPOLL_CTL=@del={0x1d, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x1}) io_uring_enter(r2, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5) 269.717186ms ago: executing program 3 (id=135): r0 = syz_open_procfs$namespace(0xffffffffffffffff, 0x0) ioctl$NS_GET_USERNS(r0, 0xb701, 0x0) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f00000000c0)=@sack_info={0x0, 0x6, 0x5a97ad85}, 0xc) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000040)=@assoc_value={0x0, 0xe}, &(0x7f00000001c0)=0xfffffdcb) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) syz_open_procfs(0x0, 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='nfsd\x00', 0x0, 0x0) r2 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]}) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 219.597358ms ago: executing program 0 (id=136): r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000002f80)=ANY=[], 0x48) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$nl_generic(0x10, 0x3, 0x10) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000100)={0x3, 0x2, 0x1}) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2, 0x11, r0, 0x0) 0s ago: executing program 2 (id=137): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) listen(r1, 0xfffffffc) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x28, r3, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.106' (ED25519) to the list of known hosts. [ 71.683584][ T5827] cgroup: Unknown subsys name 'net' [ 71.791901][ T5827] cgroup: Unknown subsys name 'cpuset' [ 71.800923][ T5827] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 73.275598][ T5827] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 75.615796][ T5845] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 75.635505][ T5850] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 75.645184][ T5850] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 75.654121][ T5850] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 75.664398][ T5850] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 75.676030][ T5859] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 75.684646][ T5850] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 75.686172][ T5859] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 75.696442][ T5860] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 75.701834][ T5859] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 75.713343][ T5860] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 75.715989][ T5859] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 75.724554][ T5860] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 75.729430][ T5859] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 75.735011][ T5860] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 75.745668][ T5859] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 75.755159][ T5860] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 75.766448][ T5860] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 75.773688][ T5857] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 75.776233][ T5850] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 75.789736][ T5850] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 75.796974][ T5857] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 75.804950][ T5860] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 75.819319][ T5850] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 75.840569][ T5860] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 76.477599][ T5842] chnl_net:caif_netlink_parms(): no params data found [ 76.509990][ T5843] chnl_net:caif_netlink_parms(): no params data found [ 76.615909][ T5844] chnl_net:caif_netlink_parms(): no params data found [ 76.698734][ T5841] chnl_net:caif_netlink_parms(): no params data found [ 76.797493][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 76.810254][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.818213][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.825460][ T5842] bridge_slave_0: entered allmulticast mode [ 76.833497][ T5842] bridge_slave_0: entered promiscuous mode [ 76.893521][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.900903][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.908234][ T5842] bridge_slave_1: entered allmulticast mode [ 76.916030][ T5842] bridge_slave_1: entered promiscuous mode [ 76.976227][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.983604][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.990879][ T5843] bridge_slave_0: entered allmulticast mode [ 76.998517][ T5843] bridge_slave_0: entered promiscuous mode [ 77.043214][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.050692][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.057959][ T5843] bridge_slave_1: entered allmulticast mode [ 77.065496][ T5843] bridge_slave_1: entered promiscuous mode [ 77.079399][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.086671][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.094028][ T5844] bridge_slave_0: entered allmulticast mode [ 77.101624][ T5844] bridge_slave_0: entered promiscuous mode [ 77.119702][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.153114][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.160914][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.168214][ T5844] bridge_slave_1: entered allmulticast mode [ 77.175765][ T5844] bridge_slave_1: entered promiscuous mode [ 77.193011][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.263714][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.273262][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.280658][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.288006][ T5841] bridge_slave_0: entered allmulticast mode [ 77.295443][ T5841] bridge_slave_0: entered promiscuous mode [ 77.341101][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.361777][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.369128][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.376393][ T5841] bridge_slave_1: entered allmulticast mode [ 77.384224][ T5841] bridge_slave_1: entered promiscuous mode [ 77.394909][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.404430][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.411757][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.419181][ T5840] bridge_slave_0: entered allmulticast mode [ 77.426568][ T5840] bridge_slave_0: entered promiscuous mode [ 77.437233][ T5842] team0: Port device team_slave_0 added [ 77.474547][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.484274][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.491666][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.499203][ T5840] bridge_slave_1: entered allmulticast mode [ 77.506687][ T5840] bridge_slave_1: entered promiscuous mode [ 77.515800][ T5842] team0: Port device team_slave_1 added [ 77.524063][ T5843] team0: Port device team_slave_0 added [ 77.591636][ T5843] team0: Port device team_slave_1 added [ 77.601745][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.613623][ T5844] team0: Port device team_slave_0 added [ 77.660322][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.672427][ T5844] team0: Port device team_slave_1 added [ 77.682317][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.693495][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 77.700508][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 77.726669][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.779345][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.790237][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.797184][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 77.823229][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.844858][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 77.851867][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 77.877805][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.880246][ T5850] Bluetooth: hci4: command tx timeout [ 77.889545][ T5860] Bluetooth: hci3: command tx timeout [ 77.889792][ T5860] Bluetooth: hci0: command tx timeout [ 77.896058][ T5845] Bluetooth: hci2: command tx timeout [ 77.901020][ T5860] Bluetooth: hci1: command tx timeout [ 77.919000][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.925967][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 77.952495][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.025031][ T5841] team0: Port device team_slave_0 added [ 78.032635][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.039826][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.066069][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.080611][ T5840] team0: Port device team_slave_0 added [ 78.090418][ T5840] team0: Port device team_slave_1 added [ 78.114156][ T5841] team0: Port device team_slave_1 added [ 78.122010][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.129137][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.155432][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.240801][ T5842] hsr_slave_0: entered promiscuous mode [ 78.247744][ T5842] hsr_slave_1: entered promiscuous mode [ 78.256124][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.263316][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.290283][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.315922][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.324502][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.350859][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.380523][ T5843] hsr_slave_0: entered promiscuous mode [ 78.388093][ T5843] hsr_slave_1: entered promiscuous mode [ 78.394639][ T5843] debugfs: 'hsr0' already exists in 'hsr' [ 78.400503][ T5843] Cannot create hsr debugfs directory [ 78.407380][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.414625][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.440791][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.464333][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.471445][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.497632][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.574186][ T5844] hsr_slave_0: entered promiscuous mode [ 78.581238][ T5844] hsr_slave_1: entered promiscuous mode [ 78.587759][ T5844] debugfs: 'hsr0' already exists in 'hsr' [ 78.593924][ T5844] Cannot create hsr debugfs directory [ 78.752019][ T5840] hsr_slave_0: entered promiscuous mode [ 78.759450][ T5840] hsr_slave_1: entered promiscuous mode [ 78.766525][ T5840] debugfs: 'hsr0' already exists in 'hsr' [ 78.772770][ T5840] Cannot create hsr debugfs directory [ 78.794588][ T5841] hsr_slave_0: entered promiscuous mode [ 78.801535][ T5841] hsr_slave_1: entered promiscuous mode [ 78.808410][ T5841] debugfs: 'hsr0' already exists in 'hsr' [ 78.814160][ T5841] Cannot create hsr debugfs directory [ 79.423542][ T5842] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 79.440625][ T5842] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 79.452694][ T5842] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 79.476090][ T5842] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 79.557135][ T5843] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 79.575718][ T5843] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 79.603755][ T5843] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 79.614794][ T5843] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 79.714516][ T5844] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 79.733463][ T5844] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 79.763068][ T5844] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 79.775512][ T5844] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 79.863480][ T5840] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 79.895125][ T5840] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 79.906894][ T5840] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 79.935217][ T5840] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 79.958372][ T5860] Bluetooth: hci4: command tx timeout [ 79.959002][ T5850] Bluetooth: hci2: command tx timeout [ 79.963825][ T5860] Bluetooth: hci0: command tx timeout [ 79.963846][ T5860] Bluetooth: hci3: command tx timeout [ 79.963864][ T5860] Bluetooth: hci1: command tx timeout [ 80.072406][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.121269][ T5841] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 80.146463][ T5841] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 80.168410][ T5841] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 80.180243][ T5841] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 80.204873][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.244927][ T5842] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.300013][ T159] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.307443][ T159] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.340886][ T5843] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.352797][ T136] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.360007][ T136] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.412658][ T136] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.419821][ T136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.443502][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.471906][ T136] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.479139][ T136] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.569086][ T5844] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.628640][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.645816][ T136] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.652994][ T136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.706331][ T3566] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.713509][ T3566] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.739945][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.796718][ T143] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.803971][ T143] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.841431][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.900856][ T159] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.908111][ T159] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.004233][ T5841] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.061721][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.068972][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.140541][ T159] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.147779][ T159] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.280030][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.356970][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.485990][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.621113][ T5842] veth0_vlan: entered promiscuous mode [ 81.696211][ T5842] veth1_vlan: entered promiscuous mode [ 81.853538][ T5844] veth0_vlan: entered promiscuous mode [ 81.894528][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.925667][ T5842] veth0_macvtap: entered promiscuous mode [ 81.940413][ T5844] veth1_vlan: entered promiscuous mode [ 81.955064][ T5842] veth1_macvtap: entered promiscuous mode [ 81.985886][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.038641][ T5845] Bluetooth: hci3: command tx timeout [ 82.038696][ T5850] Bluetooth: hci1: command tx timeout [ 82.045208][ T5860] Bluetooth: hci0: command tx timeout [ 82.050537][ T5846] Bluetooth: hci4: command tx timeout [ 82.058574][ T5845] Bluetooth: hci2: command tx timeout [ 82.077132][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.105739][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.164533][ T159] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.175255][ T159] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.195729][ T159] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.206756][ T159] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.257368][ T5840] veth0_vlan: entered promiscuous mode [ 82.278849][ T5844] veth0_macvtap: entered promiscuous mode [ 82.298227][ T5843] veth0_vlan: entered promiscuous mode [ 82.342626][ T5840] veth1_vlan: entered promiscuous mode [ 82.351544][ T5844] veth1_macvtap: entered promiscuous mode [ 82.361494][ T5841] veth0_vlan: entered promiscuous mode [ 82.398988][ T5843] veth1_vlan: entered promiscuous mode [ 82.481656][ T5841] veth1_vlan: entered promiscuous mode [ 82.492903][ T143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.501779][ T143] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.516849][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.558358][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.606621][ T35] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.615560][ T35] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.632457][ T136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.648484][ T136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.659762][ T35] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.669602][ T35] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.689795][ T5840] veth0_macvtap: entered promiscuous mode [ 82.738052][ T5840] veth1_macvtap: entered promiscuous mode [ 82.778689][ T5842] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 82.801585][ T5843] veth0_macvtap: entered promiscuous mode [ 82.872204][ T5841] veth0_macvtap: entered promiscuous mode [ 82.886692][ T5843] veth1_macvtap: entered promiscuous mode [ 82.943571][ T5841] veth1_macvtap: entered promiscuous mode [ 82.973534][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.995440][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.012342][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.035341][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.091537][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.118940][ T136] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.129287][ T136] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.143058][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.154557][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.160210][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.172914][ T136] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.181917][ T136] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.204016][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.265165][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.283634][ T159] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.294370][ T159] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.304179][ T159] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.313770][ T159] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.637337][ T35] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.650581][ T35] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.118597][ T5860] Bluetooth: hci4: command tx timeout [ 84.124506][ T5845] Bluetooth: hci1: command tx timeout [ 84.130650][ T5860] Bluetooth: hci3: command tx timeout [ 84.131426][ T5850] Bluetooth: hci2: command tx timeout [ 84.137241][ T5845] Bluetooth: hci0: command tx timeout [ 84.242665][ T35] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.265010][ T35] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.380450][ T143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.389047][ T143] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.304537][ T136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.382885][ T136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.445823][ T3566] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.471225][ T3566] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.638818][ T159] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.662616][ T159] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.895987][ T136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.158843][ T136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.282074][ T143] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.326359][ T143] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.146311][ T47] cfg80211: failed to load regulatory.db [ 98.146852][ T5923] IPVS: starting estimator thread 0... [ 98.808490][ T6067] IPVS: using max 37 ests per chain, 88800 per kthread [ 103.824844][ T6112] syzkaller0: entered promiscuous mode [ 103.833583][ T6112] syzkaller0: entered allmulticast mode [ 106.189350][ T6136] loop2: detected capacity change from 0 to 40427 [ 106.202269][ T6136] F2FS-fs (loop2): invalid crc value [ 106.281786][ T6136] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 106.304588][ T6136] F2FS-fs (loop2): Start checkpoint disabled! [ 106.460829][ T6136] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0 [ 106.488788][ T6136] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 107.109152][ T29] audit: type=1800 audit(1773944242.846:2): pid=6136 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.51" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 107.728915][ T29] audit: type=1800 audit(1773944242.996:3): pid=6153 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.51" name="bus" dev="loop2" ino=10 res=0 errno=0 [ 108.196962][ T6153] syz.2.51: attempt to access beyond end of device [ 108.196962][ T6153] loop2: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 108.221528][ T6153] syz.2.51: attempt to access beyond end of device [ 108.221528][ T6153] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 108.251363][ T6153] syz.2.51: attempt to access beyond end of device [ 108.251363][ T6153] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 108.270992][ T6153] syz.2.51: attempt to access beyond end of device [ 108.270992][ T6153] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 108.288130][ T6153] syz.2.51: attempt to access beyond end of device [ 108.288130][ T6153] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 108.370440][ T6153] syz.2.51: attempt to access beyond end of device [ 108.370440][ T6153] loop2: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 108.425661][ T6153] syz.2.51: attempt to access beyond end of device [ 108.425661][ T6153] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 108.586110][ T136] kworker/u8:5: attempt to access beyond end of device [ 108.586110][ T136] loop2: rw=2049, sector=45112, nr_sectors = 8 limit=40427 [ 108.703308][ T136] CPU: 0 UID: 0 PID: 136 Comm: kworker/u8:5 Not tainted syzkaller #0 PREEMPT(full) [ 108.703327][ T136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 108.703335][ T136] Workqueue: writeback wb_workfn (flush-7:2) [ 108.703361][ T136] Call Trace: [ 108.703369][ T136] [ 108.703375][ T136] dump_stack_lvl+0xe8/0x150 [ 108.703397][ T136] f2fs_handle_critical_error+0x37c/0x540 [ 108.703419][ T136] f2fs_write_end_io+0x1274/0x1740 [ 108.703444][ T136] __submit_merged_bio+0x256/0x700 [ 108.703465][ T136] __submit_merged_write_cond+0x3c9/0x4e0 [ 108.703487][ T136] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 108.703517][ T136] f2fs_write_data_pages+0x287e/0x34f0 [ 108.703536][ T136] ? unwind_next_frame+0xa5/0x23c0 [ 108.703548][ T136] ? lock_release+0x4b/0x3d0 [ 108.703587][ T136] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 108.703614][ T136] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 108.703647][ T136] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 108.703679][ T136] ? __lock_acquire+0x6b5/0x2cf0 [ 108.703706][ T136] ? __pfx_f2fs_inode_chksum_set+0x10/0x10 [ 108.703722][ T136] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 108.703741][ T136] do_writepages+0x32e/0x550 [ 108.703761][ T136] ? reacquire_held_locks+0x104/0x190 [ 108.703774][ T136] ? writeback_sb_inodes+0x477/0x1a20 [ 108.703794][ T136] __writeback_single_inode+0x133/0x11a0 [ 108.703812][ T136] ? do_raw_spin_unlock+0xf5/0x210 [ 108.703831][ T136] writeback_sb_inodes+0x992/0x1a20 [ 108.703864][ T136] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 108.703879][ T136] ? do_raw_spin_lock+0x12b/0x2f0 [ 108.703919][ T136] ? rcu_is_watching+0x15/0xb0 [ 108.703937][ T136] wb_writeback+0x456/0xb70 [ 108.703955][ T136] ? queue_io+0x1d1/0x4a0 [ 108.703976][ T136] ? __pfx_wb_writeback+0x10/0x10 [ 108.703990][ T136] ? do_raw_spin_lock+0x12b/0x2f0 [ 108.704015][ T136] wb_workfn+0x414/0xf50 [ 108.704030][ T136] ? look_up_lock_class+0x57/0x110 [ 108.704054][ T136] ? __pfx_wb_workfn+0x10/0x10 [ 108.704069][ T136] ? do_raw_spin_lock+0x12b/0x2f0 [ 108.704086][ T136] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 108.704115][ T136] ? process_one_work+0x8bb/0x1780 [ 108.704134][ T136] process_one_work+0x9ab/0x1780 [ 108.704166][ T136] ? __pfx_process_one_work+0x10/0x10 [ 108.704183][ T136] ? do_raw_spin_lock+0x12b/0x2f0 [ 108.704217][ T136] worker_thread+0xba8/0x11e0 [ 108.704245][ T136] kthread+0x388/0x470 [ 108.704261][ T136] ? __pfx_worker_thread+0x10/0x10 [ 108.704271][ T136] ? __pfx_kthread+0x10/0x10 [ 108.704287][ T136] ret_from_fork+0x51e/0xb90 [ 108.704307][ T136] ? __pfx_ret_from_fork+0x10/0x10 [ 108.704324][ T136] ? __switch_to+0xc7d/0x1450 [ 108.704343][ T136] ? __pfx_kthread+0x10/0x10 [ 108.704359][ T136] ret_from_fork_asm+0x1a/0x30 [ 108.704381][ T136] [ 109.003305][ T136] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 114.639558][ T6202] loop0: detected capacity change from 0 to 40427 [ 114.749072][ T6202] F2FS-fs (loop0): invalid crc value [ 114.930226][ T6202] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 114.952542][ T6202] F2FS-fs (loop0): Start checkpoint disabled! [ 115.218070][ T6202] F2FS-fs (loop0): f2fs_disable_checkpoint() finish, err:0 [ 115.254185][ T6202] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 115.306433][ T29] audit: type=1800 audit(1773944251.076:4): pid=6202 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.70" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 115.445387][ T6210] syz.0.70: attempt to access beyond end of device [ 115.445387][ T6210] loop0: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 115.505517][ T6210] syz.0.70: attempt to access beyond end of device [ 115.505517][ T6210] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 115.536220][ T6210] syz.0.70: attempt to access beyond end of device [ 115.536220][ T6210] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 115.560999][ T6210] syz.0.70: attempt to access beyond end of device [ 115.560999][ T6210] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 115.622095][ T6210] syz.0.70: attempt to access beyond end of device [ 115.622095][ T6210] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 115.643756][ T6210] syz.0.70: attempt to access beyond end of device [ 115.643756][ T6210] loop0: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 115.659242][ T6210] syz.0.70: attempt to access beyond end of device [ 115.659242][ T6210] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 115.677580][ T6210] syz.0.70: attempt to access beyond end of device [ 115.677580][ T6210] loop0: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 115.694116][ T6210] syz.0.70: attempt to access beyond end of device [ 115.694116][ T6210] loop0: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 115.714400][ T6210] syz.0.70: attempt to access beyond end of device [ 115.714400][ T6210] loop0: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 117.315432][ T29] audit: type=1800 audit(1773944251.136:5): pid=6210 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.70" name="bus" dev="loop0" ino=10 res=0 errno=0 [ 117.741667][ T143] CPU: 0 UID: 0 PID: 143 Comm: kworker/u8:6 Not tainted syzkaller #0 PREEMPT(full) [ 117.741690][ T143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 117.741699][ T143] Workqueue: writeback wb_workfn (flush-7:0) [ 117.741727][ T143] Call Trace: [ 117.741733][ T143] [ 117.741751][ T143] dump_stack_lvl+0xe8/0x150 [ 117.741776][ T143] f2fs_handle_critical_error+0x37c/0x540 [ 117.741800][ T143] f2fs_write_end_io+0x1274/0x1740 [ 117.741829][ T143] __submit_merged_bio+0x256/0x700 [ 117.741852][ T143] __submit_merged_write_cond+0x3c9/0x4e0 [ 117.741877][ T143] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 117.741913][ T143] f2fs_write_data_pages+0x287e/0x34f0 [ 117.741960][ T143] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 117.741990][ T143] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 117.742036][ T143] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 117.742072][ T143] ? __lock_acquire+0x6b5/0x2cf0 [ 117.742104][ T143] ? __pfx_f2fs_inode_chksum_set+0x10/0x10 [ 117.742121][ T143] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 117.742143][ T143] do_writepages+0x32e/0x550 [ 117.742165][ T143] ? reacquire_held_locks+0x104/0x190 [ 117.742179][ T143] ? writeback_sb_inodes+0x477/0x1a20 [ 117.742201][ T143] __writeback_single_inode+0x133/0x11a0 [ 117.742245][ T143] ? do_raw_spin_unlock+0xf5/0x210 [ 117.742274][ T143] writeback_sb_inodes+0x992/0x1a20 [ 117.742332][ T143] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 117.742349][ T143] ? do_raw_spin_lock+0x12b/0x2f0 [ 117.742396][ T143] ? rcu_is_watching+0x15/0xb0 [ 117.742417][ T143] wb_writeback+0x456/0xb70 [ 117.742437][ T143] ? queue_io+0x1d1/0x4a0 [ 117.742460][ T143] ? __pfx_wb_writeback+0x10/0x10 [ 117.742476][ T143] ? do_raw_spin_lock+0x12b/0x2f0 [ 117.742505][ T143] wb_workfn+0x414/0xf50 [ 117.742524][ T143] ? look_up_lock_class+0x57/0x110 [ 117.742552][ T143] ? __pfx_wb_workfn+0x10/0x10 [ 117.742569][ T143] ? do_raw_spin_lock+0x12b/0x2f0 [ 117.742588][ T143] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 117.742621][ T143] ? process_one_work+0x8bb/0x1780 [ 117.742642][ T143] process_one_work+0x9ab/0x1780 [ 117.742678][ T143] ? __pfx_process_one_work+0x10/0x10 [ 117.742697][ T143] ? do_raw_spin_lock+0x12b/0x2f0 [ 117.742727][ T143] worker_thread+0xba8/0x11e0 [ 117.742759][ T143] kthread+0x388/0x470 [ 117.742794][ T143] ? __pfx_worker_thread+0x10/0x10 [ 117.742811][ T143] ? __pfx_kthread+0x10/0x10 [ 117.742834][ T143] ret_from_fork+0x51e/0xb90 [ 117.742867][ T143] ? __pfx_ret_from_fork+0x10/0x10 [ 117.742886][ T143] ? __switch_to+0xc7d/0x1450 [ 117.742907][ T143] ? __pfx_kthread+0x10/0x10 [ 117.742924][ T143] ret_from_fork_asm+0x1a/0x30 [ 117.742962][ T143] [ 117.744717][ T143] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 122.440189][ T6248] loop3: detected capacity change from 0 to 512 [ 123.612923][ T6248] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 125.137944][ T5841] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 125.502121][ T6267] loop4: detected capacity change from 0 to 4096 [ 125.512761][ T6267] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [ 125.524657][ T6267] ntfs3(loop4): Mark volume as dirty due to NTFS errors [ 125.533662][ T6267] ntfs3(loop4): Failed to load $MFTMirr (-22). [ 129.373811][ T6306] syzkaller0: entered promiscuous mode [ 129.397357][ T6306] syzkaller0: entered allmulticast mode [ 129.439704][ T6309] loop2: detected capacity change from 0 to 4096 [ 129.447735][ T6309] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [ 129.458199][ T6309] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 129.466915][ T6309] ntfs3(loop2): Failed to load $MFTMirr (-22). [ 131.757019][ T6329] Zero length message leads to an empty skb [ 132.057374][ T6334] loop3: detected capacity change from 0 to 40427 [ 132.069592][ T6334] F2FS-fs (loop3): invalid crc value [ 132.114554][ T6334] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 132.124508][ T6334] F2FS-fs (loop3): Start checkpoint disabled! [ 132.132627][ T6334] F2FS-fs (loop3): f2fs_disable_checkpoint() finish, err:0 [ 132.140304][ T6334] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 132.533961][ T29] audit: type=1800 audit(1773944268.306:6): pid=6334 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.116" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 132.725614][ T6338] bio_check_eod: 182 callbacks suppressed [ 132.725691][ T6338] syz.3.116: attempt to access beyond end of device [ 132.725691][ T6338] loop3: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 132.747253][ T6338] syz.3.116: attempt to access beyond end of device [ 132.747253][ T6338] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 132.764016][ T6338] syz.3.116: attempt to access beyond end of device [ 132.764016][ T6338] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 132.779695][ T6338] syz.3.116: attempt to access beyond end of device [ 132.779695][ T6338] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 132.795835][ T6338] syz.3.116: attempt to access beyond end of device [ 132.795835][ T6338] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 132.814445][ T6338] syz.3.116: attempt to access beyond end of device [ 132.814445][ T6338] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 132.828761][ T6338] syz.3.116: attempt to access beyond end of device [ 132.828761][ T6338] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 132.845294][ T6338] syz.3.116: attempt to access beyond end of device [ 132.845294][ T6338] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 132.861858][ T6338] syz.3.116: attempt to access beyond end of device [ 132.861858][ T6338] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 132.879317][ T6338] syz.3.116: attempt to access beyond end of device [ 132.879317][ T6338] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 132.900802][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.927177][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.915507][ T29] audit: type=1800 audit(1773944268.396:7): pid=6338 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.116" name="bus" dev="loop3" ino=10 res=0 errno=0 [ 134.013987][ T35] CPU: 1 UID: 0 PID: 35 Comm: kworker/u8:2 Not tainted syzkaller #0 PREEMPT(full) [ 134.014012][ T35] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 134.014022][ T35] Workqueue: writeback wb_workfn (flush-7:3) [ 134.014048][ T35] Call Trace: [ 134.014054][ T35] [ 134.014061][ T35] dump_stack_lvl+0xe8/0x150 [ 134.014088][ T35] f2fs_handle_critical_error+0x37c/0x540 [ 134.014118][ T35] f2fs_write_end_io+0x1274/0x1740 [ 134.014153][ T35] __submit_merged_bio+0x256/0x700 [ 134.014183][ T35] __submit_merged_write_cond+0x3c9/0x4e0 [ 134.014213][ T35] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 134.014257][ T35] f2fs_write_data_pages+0x287e/0x34f0 [ 134.014313][ T35] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 134.014350][ T35] ? __lock_acquire+0x6b5/0x2cf0 [ 134.014399][ T35] ? unwind_next_frame+0xa5/0x23c0 [ 134.014423][ T35] ? unwind_next_frame+0xa5/0x23c0 [ 134.014452][ T35] ? unwind_next_frame+0xa5/0x23c0 [ 134.014471][ T35] ? ret_from_fork_asm+0x1a/0x30 [ 134.014487][ T35] ? ret_from_fork_asm+0x1a/0x30 [ 134.014522][ T35] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 134.014549][ T35] do_writepages+0x32e/0x550 [ 134.014576][ T35] ? reacquire_held_locks+0x104/0x190 [ 134.014594][ T35] ? writeback_sb_inodes+0x477/0x1a20 [ 134.014622][ T35] __writeback_single_inode+0x133/0x11a0 [ 134.014650][ T35] ? do_raw_spin_unlock+0xf5/0x210 [ 134.014676][ T35] writeback_sb_inodes+0x992/0x1a20 [ 134.014724][ T35] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 134.014745][ T35] ? do_raw_spin_lock+0x12b/0x2f0 [ 134.014809][ T35] ? rcu_is_watching+0x15/0xb0 [ 134.014835][ T35] wb_writeback+0x456/0xb70 [ 134.014861][ T35] ? queue_io+0x1d1/0x4a0 [ 134.014890][ T35] ? __pfx_wb_writeback+0x10/0x10 [ 134.014910][ T35] ? do_raw_spin_lock+0x12b/0x2f0 [ 134.014945][ T35] wb_workfn+0x414/0xf50 [ 134.014966][ T35] ? look_up_lock_class+0x57/0x110 [ 134.014999][ T35] ? __pfx_wb_workfn+0x10/0x10 [ 134.015021][ T35] ? do_raw_spin_lock+0x12b/0x2f0 [ 134.015045][ T35] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 134.015087][ T35] ? process_one_work+0x8bb/0x1780 [ 134.015112][ T35] process_one_work+0x9ab/0x1780 [ 134.015158][ T35] ? __pfx_process_one_work+0x10/0x10 [ 134.015181][ T35] ? do_raw_spin_lock+0x12b/0x2f0 [ 134.015218][ T35] worker_thread+0xba8/0x11e0 [ 134.015244][ T35] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 134.015265][ T35] ? __kthread_parkme+0x7a/0x1f0 [ 134.015284][ T35] ? __kthread_parkme+0x19c/0x1f0 [ 134.015306][ T35] kthread+0x388/0x470 [ 134.015333][ T35] ? __pfx_worker_thread+0x10/0x10 [ 134.015348][ T35] ? __pfx_kthread+0x10/0x10 [ 134.015369][ T35] ret_from_fork+0x51e/0xb90 [ 134.015398][ T35] ? __pfx_ret_from_fork+0x10/0x10 [ 134.015422][ T35] ? __switch_to+0xc7d/0x1450 [ 134.015448][ T35] ? __pfx_kthread+0x10/0x10 [ 134.015470][ T35] ret_from_fork_asm+0x1a/0x30 [ 134.015502][ T35] [ 134.303456][ T35] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 134.763925][ T6356] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 138.020587][ T6387] loop2: detected capacity change from 0 to 512 [ 138.372992][ T6387] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 139.400030][ T5844] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 140.797927][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 141.508534][ T6400] syzkaller0: entered promiscuous mode [ 141.516723][ T6400] syzkaller0: entered allmulticast mode [ 141.934986][ T6394] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] SMP KASAN PTI [ 141.946931][ T6394] KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] [ 141.955345][ T6394] CPU: 1 UID: 0 PID: 6394 Comm: syz.1.130 Not tainted syzkaller #0 PREEMPT(full) [ 141.964538][ T6394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 141.974605][ T6394] RIP: 0010:rwsem_mark_wake+0xfa/0x7c0 [ 141.980093][ T6394] Code: 01 00 74 08 4c 89 f7 e8 94 d9 8d 00 4c 89 74 24 10 4d 8b 26 4d 8d 74 24 18 4c 89 f0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <0f> b6 04 08 84 c0 0f 85 75 06 00 00 41 83 3e 00 74 64 4c 89 ef be [ 141.999695][ T6394] RSP: 0018:ffffc90006e879a0 EFLAGS: 00010006 [ 142.005765][ T6394] RAX: 0000000000000003 RBX: 0000000000000000 RCX: dffffc0000000000 [ 142.013746][ T6394] RDX: 1ffff92000dd0f40 RSI: ffffffff8e1b1f01 RDI: ffffffff8c287200 [ 142.021712][ T6394] RBP: ffffc90006e87aa0 R08: 0000000000000003 R09: 0000000000000004 [ 142.029687][ T6394] R10: dffffc0000000000 R11: fffff52000dd0f50 R12: 0000000000000000 [ 142.037653][ T6394] R13: ffff88807cbbb4d0 R14: 0000000000000018 R15: ffffc90006e87c20 [ 142.045621][ T6394] FS: 000055555d669500(0000) GS:ffff888125536000(0000) knlGS:0000000000000000 [ 142.054567][ T6394] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 142.061149][ T6394] CR2: 00007feea3f1dff8 CR3: 0000000035068000 CR4: 00000000003526f0 [ 142.069130][ T6394] Call Trace: [ 142.072419][ T6394] [ 142.075351][ T6394] ? preempt_schedule_notrace_thunk+0x16/0x30 [ 142.081431][ T6394] ? __pfx_rwsem_mark_wake+0x10/0x10 [ 142.086716][ T6394] ? do_raw_spin_lock+0x12b/0x2f0 [ 142.091744][ T6394] rwsem_del_wake_waiter+0x25d/0x2e0 [ 142.097057][ T6394] rwsem_down_write_slowpath+0xa6f/0x1080 [ 142.102782][ T6394] ? rwsem_down_write_slowpath+0x4a3/0x1080 [ 142.108770][ T6394] ? __pfx_rwsem_down_write_slowpath+0x10/0x10 [ 142.114952][ T6394] ? vm_mmap_pgoff+0x234/0x4f0 [ 142.119716][ T6394] down_write_killable+0x1eb/0x240 [ 142.124834][ T6394] ? __pfx_down_write_killable+0x10/0x10 [ 142.130471][ T6394] ? apparmor_mmap_file+0x197/0x3e0 [ 142.135670][ T6394] ? security_mmap_file+0x4df/0xa20 [ 142.140882][ T6394] vm_mmap_pgoff+0x234/0x4f0 [ 142.145473][ T6394] ? irqentry_exit+0x61a/0x700 [ 142.150238][ T6394] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 142.155356][ T6394] ? ksys_mmap_pgoff+0xf3/0x760 [ 142.160214][ T6394] ? __x64_sys_mmap+0x7f/0x140 [ 142.164988][ T6394] do_syscall_64+0x14d/0xf80 [ 142.169583][ T6394] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.175652][ T6394] ? clear_bhb_loop+0x40/0x90 [ 142.180327][ T6394] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.186216][ T6394] RIP: 0033:0x7f4a7039c502 [ 142.190651][ T6394] Code: 4f 01 00 0f 1f 44 00 00 41 f7 c1 ff 0f 00 00 75 27 55 89 cd 53 48 89 fb 48 85 ff 74 3b 41 89 ea 48 89 df b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 6e 5b 5d c3 0f 1f 00 48 c7 c0 e8 ff ff ff 64 [ 142.210256][ T6394] RSP: 002b:00007fff30ff80f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 142.218677][ T6394] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4a7039c502 [ 142.226667][ T6394] RDX: 0000000000000000 RSI: 0000000000021000 RDI: 0000000000000000 [ 142.234646][ T6394] RBP: 0000000000020022 R08: 00000000ffffffff R09: 0000000000000000 [ 142.242634][ T6394] R10: 0000000000020022 R11: 0000000000000246 R12: 00007fff30ff8260 [ 142.250598][ T6394] R13: ffffffffffffffc0 R14: 0000000000001000 R15: 0000000000000000 [ 142.258591][ T6394] [ 142.261609][ T6394] Modules linked in: [ 142.265510][ T6394] ---[ end trace 0000000000000000 ]--- [ 142.270977][ T6394] RIP: 0010:rwsem_mark_wake+0xfa/0x7c0 [ 142.276454][ T6394] Code: 01 00 74 08 4c 89 f7 e8 94 d9 8d 00 4c 89 74 24 10 4d 8b 26 4d 8d 74 24 18 4c 89 f0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <0f> b6 04 08 84 c0 0f 85 75 06 00 00 41 83 3e 00 74 64 4c 89 ef be [ 142.296057][ T6394] RSP: 0018:ffffc90006e879a0 EFLAGS: 00010006 [ 142.302119][ T6394] RAX: 0000000000000003 RBX: 0000000000000000 RCX: dffffc0000000000 [ 142.310090][ T6394] RDX: 1ffff92000dd0f40 RSI: ffffffff8e1b1f01 RDI: ffffffff8c287200 [ 142.318058][ T6394] RBP: ffffc90006e87aa0 R08: 0000000000000003 R09: 0000000000000004 [ 142.326025][ T6394] R10: dffffc0000000000 R11: fffff52000dd0f50 R12: 0000000000000000 [ 142.333993][ T6394] R13: ffff88807cbbb4d0 R14: 0000000000000018 R15: ffffc90006e87c20 [ 142.341982][ T6394] FS: 000055555d669500(0000) GS:ffff888125536000(0000) knlGS:0000000000000000 [ 142.350906][ T6394] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 142.357483][ T6394] CR2: 00007feea3f1dff8 CR3: 0000000035068000 CR4: 00000000003526f0 [ 142.365460][ T6394] Kernel panic - not syncing: Fatal exception [ 143.511868][ T6394] Shutting down cpus with NMI [ 143.517255][ T6394] Kernel Offset: disabled [ 143.521581][ T6394] Rebooting in 86400 seconds..