last executing test programs:

34.188171502s ago: executing program 0 (id=1928):
r0 = socket$kcm(0x2b, 0x1, 0x0)
sendmsg$inet(r0, &(0x7f0000000040)={&(0x7f00000000c0)={0x2, 0x4001, @loopback}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x2000488c)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r2)
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r0, 0x6, 0x1e, &(0x7f0000000500)=r3, 0x4)

33.311690464s ago: executing program 0 (id=1932):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000080)=[@in6={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}], 0x1c)
setsockopt(r0, 0x84, 0x7f, &(0x7f0000000040)="020000000980ffff", 0x8)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000140)=0x7c, 0x4)
recvmsg(r0, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)

31.922369563s ago: executing program 0 (id=1940):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x10, 0x3, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x90)
openat$sysfs(0xffffff9c, &(0x7f00000000c0)='/sys/block/loop0', 0x42, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32, @ANYBLOB="0c00990000000000000000000800a10007000000080026000000000008009f00"], 0x40}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mremap(&(0x7f0000ffe000/0x1000)=nil, 0xffffdf004002, 0xffffdf004000, 0x0, &(0x7f0000ffc000/0x1000)=nil)
r2 = socket(0x10, 0x3, 0x0)
syz_open_procfs$userns(0x0, 0x0)
sendmsg$nl_generic(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
prlimit64(0x0, 0x0, &(0x7f00000000c0)={0x758, 0xeb0c}, &(0x7f00000001c0))
write$binfmt_misc(0xffffffffffffffff, 0x0, 0xd)
sched_setscheduler(0x0, 0x0, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x4801})
bpf$MAP_CREATE(0x0, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r4, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6, 0x3, 0xfffffffe}, 0x1c)
mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, 0xffffffffffffffff, 0x0)
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
r5 = inotify_init1(0x0)
fcntl$setown(r5, 0x8, 0xffffffffffffffff)
fcntl$getownex(r5, 0x10, &(0x7f0000000040)={0x0, <r6=>0x0})
ptrace$setopts(0x4206, r6, 0x0, 0x0)

28.814837445s ago: executing program 0 (id=1951):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x2}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x2, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {0x7, 0x0, 0x0, 0x9}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff1, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

28.123895178s ago: executing program 0 (id=1954):
r0 = socket(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
setresuid(0xee00, 0xee00, 0x0)
prctl$PR_GET_IO_FLUSHER(0x3a)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x14, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x3)
r4 = dup(0xffffffffffffffff)
listen(r4, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x17, 0x3, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8}, 0x90)
socket$inet6(0xa, 0x0, 0x0)
socket(0x0, 0x80805, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_int(r5, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r6, &(0x7f0000000280)=ANY=[@ANYBLOB='N'], 0x6a)
sendmsg$inet(r0, &(0x7f0000000200)={&(0x7f0000000180)={0x2, 0x4e23, @remote}, 0x10, 0x0, 0x0, &(0x7f00000003c0)=[@ip_retopts={{0x14, 0x0, 0x34, {[@noop]}}}], 0x18}, 0x0)

14.754742415s ago: executing program 5 (id=1995):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000140)={0x2, &(0x7f0000000080)=[{0x48}, {0x6}]}, 0x10)
r6 = fcntl$dupfd(r4, 0x0, r3)
sendmmsg$unix(r6, &(0x7f0000000600)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000000c0)="f08c", 0x2}], 0x1}}], 0x777ee7a793ff, 0x0)

12.751754798s ago: executing program 5 (id=2000):
r0 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x90, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x60, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x4}]}}]}, 0x90}}, 0x0)

11.370345535s ago: executing program 1 (id=2009):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x7)
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000ac0)='./file0\x00', 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="6c617a7974696d652c6e6f696e6c696e655f78617474722c6c617a7974696d652c6e6f626172726965722c6163746976655f6c6f67733d342c757365725f78617474722c6d6f64653d6c66732c616c6c6f635f6d6f64653d64656661756c742c00be9ee044c45511e65887f6fac9eba6d787c3684a836f23dbf8ad3dd5931c08b4d8bde7e8acbbf3bf3326f2faa5952a332ad2ced40c98a2affa2dad4d623f9ff3ffa81e45095548ab6200f069d0f63d20fd71d3043b0dd5c4cf9785f3f531abc19bc1548f5e0b33006bd1049ca45bd8500d67a5aa6e1c23d900000000007867738729e703bb122283fb2fae9813a0cfefcdf3dc96eb384dbb4268c50943198a96d9b1af9c91506b30922be8537f54e65cf60c6b6a5798955796aea325770d6ccc93a95fad93b2c7bad114fcbc55036a301c23b07073c71555791db8919235022bb0ee4294211ab9b43f3fbedecd223722d937aa22b31e2e9c97e5ea94e4ab83d4e5811c7556813c334aec856af0a0c12b3c93ba5aa906bde2268a0c6cbbb13f496d87c608604eb02b2c031d5ae40c75"], 0x1, 0x5511, &(0x7f0000015b80)="$eJzs3E1rY9UfB/CTdjqdp//8i7hwNxcGoYVJmPRh0F3VGXzADsWHhStNkzRkJsktTZrWrly4FBe+Djei4Mql+BIEXbsTF4o7Qck9pzIdFdRmkqn9fOD2e+/JzS+/E0rLuQk3AGfWQvbzj6VwNVwMIcyGEK6EUOyX0lZYj/FUCOFaCGHmga2Uxn8fOB9CuBRCuDoqHmuW0kMf3RheX/vhlZ+++Hr+3OVPPv92erMGpu3pEEJ3J+7vd2PmrZj30nht2C6yuzpMGR/o3k/Hecz95lZRYb92dF6tyJVWPD/f2euPcrtTq4+y1d4uxnd68QX7w9ZRneIJ92q7xXGjuVVku58X2TqMfR0cxr9th/1BrNNI9d4tyofB4CjjePOgGeczf7/Iem+QxmPdvNE8GOUwZXq5UM87jaKPrZO804+3V9u9vYNs2Nztt/NetlapPlOp3ipXd/NGc9BcLde6jVur2WKrMzqtPGjWuuutPG91mpV63l3KFlv1erlazRZvN7fatV5WrVZWKjfLa0tp70b24t03s04jWxzl8+3e3qDd6Wfb+W4Wn7GULVdWnl3Krlez1zc2s83X7tzZ2Hzj7dtv3X1u4+UX0kl/aCtbXL65vFyu3iwvV5dO7/xH/+v/0fzfT02Pcf5wIqVpNwBw+lj/A5P28VcxT/P6P/yb9f+O9f/DrP/P9vzhRKz/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADOrO/mPn2p2FmIx5fT+P/S0BPpuBRCmAkh/PonZsP5YzVnU525vzh/7qEeviyFosLoNebTdimEsJ62X/7/qN8FAAAA+O/67L1rH8bVevyxMO2GmKR40WbmyjtjqlcKIcwtfD+GKiFdbApPnryraPT7fS4cjKlacQHrwpiKxUtu58ZV7W+ZPRYXHohSjJmJtgMAAEzE8ZXAZFchAAAATNIH026A6Sg+aU3fxU9f4J+PkT4QvHjsCAAAADiFStNuAAAAAHjkivX/43P/v2+Kfff/AwAAgPGK9/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiNnfvJSR2K4gB8Wuh7vD9GYpy7FWewDFdgHDo0LMBNsATcghtgDThzCQYMbYnWYKLhto3k+5K23Bvy45QwOfeSAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANCmp2Ixfbi7uD80Z705TJq7AQAAAPZZFYtp+WJcjf/V8yf11Fk9ziIij4h9vfsgfjUyB3VO8cn7iw81PEaUCdvP+F0ffyPisj5eTtv+FgAAAOB4LWfzSdWtV6dx3wXRpWrRJv9/lSgvi4hi/JwoLd+ezhOFlb/vYdwmSisXsEaJwqolt2GqtC8ZNC6jd5esuuSdlgMAAHSi2Ql024UAAADQpZu+C6AfWey2Mnd7weU/7982BP80RgAAAMAPlPVdAAAAANC6sv/3/D8AAAA4btXz/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGjTqlhMl7P5pDF5/f2c9eYw6e4IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXtmfdxQIgTAIg73rO5O5/2GlQUNjkyoQPv7GYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4M3v/vJ/YmqcSeZeG0vPI8naqbF1auydG0d/GF+/BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgYn9eUiAEgiAK5oz/nfT9DysJegYRIqDhUUUtGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4ot/98n9iapxJ5k4bS8cjydpVY+uqsfegcfRgvP0bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgYud+XuOo4gCAf3dnZ2urYoySQ0QUPOjFptva2qsHJXjwTxBCuq3RrT/aHGwpQi7eJOdeRI8ighJv/R96bqGXeuthDxU89VCZ2ZnkdS24WjqzST4fePO+Mwzzvm8SQr7zZhcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDa+L29OCs2C5O4Wx27df/aetHfnuoLN7bvLBetiDtNJr0PPHgYr6b7naX2cgEAAODwyOr6PiLu5jurRd9dKOv/vD6nqPl/eH4S1/X8dN1f93XtX7Tff7v38u5AC5Nxioue3xgNT/wzld7Tm+V8e+Ffz+iVd7589pKVP5Duh1svjfPyfna+u3nz/X4ZHmkiWwDg/zhe91VQ/z9U9IM2EwPg0OglhXdd/2cL7eYEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0IT+Vjxbx52IWO7txYXb96+tl/3U/o3tO8t1O3P9+nZ6zeISeUSc3xgNTzQ1kX3g8pWrn62NRsNLzQevRUR7o1fBxzOcE9FmhoInDbrV7/q85LM/gpb/MAEAcODkVSvq+rv5zmpxrLMY8fDHR+v/N5M40vp/qk/r/3ufnLmVjpXW/4PGZjj/VjYvfrly+crVtzcurl0YXhh+/s7JwbuDU2dPnz67Uj4rWfHEBAAAgCfTr1pa/3cXI8ZT6//HkjhmrP+/+n7wTTpWpv5/rL1Fv7YzAQAAONxefP2vPzuPOd7p9+Prtc3NS4PJdnf/5GTbQqr/2ZGqpfV/tth2VgAAAEATxludR9b/zyVxzLj+/9xPr/ySXjOLiKPV+v/x9S9G55qbTksezHRWEx8nfupTBQAAYK4drVq6/p+X7/93d1956EbEW29M4uprAGeq/7MPvv05HSt9//9Uc1OcS92lyf0o+6WI3lLbGQEAAHCQPVO1otj/I99Z/fTXYx/1vf8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0LS/AwAA//+xhkJ5")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
fadvise64(r0, 0x0, 0x0, 0x2)

10.962346457s ago: executing program 5 (id=2011):
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
mlock(&(0x7f0000bff000/0x400000)=nil, 0x400000)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.stat\x00', 0x275a, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r1, 0xc038943b, &(0x7f0000000280)={0x3, 0x48, '\x00', 0x0, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000080))
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0)
add_key$fscrypt_v1(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
open_by_handle_at(r2, &(0x7f0000000100)=@reiserfs_2={0x8, 0x2, {0x744, 0x645}}, 0x0)
ftruncate(r3, 0x2000009)
write$binfmt_script(r2, &(0x7f00000008c0)={'#! ', './file0'}, 0xb)
write$binfmt_script(r3, &(0x7f0000000140), 0xfcb8)
ioctl$EXT4_IOC_MOVE_EXT(r2, 0x40305829, &(0x7f00000000c0)={0x17c04, 0xffffffffffffffff, 0x0, 0x100000001})
ioctl$EXT4_IOC_MOVE_EXT(r2, 0x40305829, &(0x7f0000000180)={0x17c04, 0xffffffffffffffff, 0xc500, 0x100000001})
ioctl$FS_IOC_FSSETXATTR(r1, 0x401c5820, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x6)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xe, 0x4, 0x4, 0xbf22}, 0x48)
syz_emit_vhci(&(0x7f0000000380)=@HCI_SCODATA_PKT={0x3, {0x0, 0xa8}, "077cea0b57b2f9dd715d4a1a300a14df12af2492e916b111608ddcaa77cadba3d1995b4102896add48acad86d07ef37efdbba2ba2ac4eee31471b8b7947091c28426f34441f2adec94ec1f810f5ff717427fb2a45fc378e41944a661918652cc67cd1e85a5a043e74c1201dcf7d685a22dc214fa58ec6b235d3ced88cbade1ef3e2e859a9825124fd66adc43fd2a0f82c6c1b595f94f5bc9fbaacb16b7f45238a7b4f46c057173a0"}, 0xac)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)

10.15599818s ago: executing program 3 (id=2013):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.time\x00', 0x26e1, 0x0)
close(r0)
socket$kcm(0x10, 0x2, 0x4)
ioctl$SIOCSIFHWADDR(r0, 0x8b05, &(0x7f0000000000)={'virt_wifi0\x00', @multicast})

10.046647026s ago: executing program 1 (id=2014):
creat(0x0, 0x1)
io_setup(0x0, &(0x7f0000000200))
syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000002580)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c64d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cf84ded40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c86e00f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec231fed44da4928b30142ba11de6c5d50b83c6e613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038d0100a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870cec1fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b17680100969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df004030000007d7f9e119f2c06f815312e0cfe222a06de269e97fbb0776bf56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105cfdf8be5877050c91301bb997316dbf17866fb84d4173731efe895012f1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f01000080000008004febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60133641a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad0200a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d37261774cc5a3bf6b466cb72812da518ff602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d50a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2e9a20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1015ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846899c6b23c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33694f40000000000005d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b95bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953f88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca86f750189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c23406a8aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc681b6c9a693979f55174a5fe1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8504611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c01446234437b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c64cd14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e87973d574ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00000000000000aceb111b66a500ca52fd8f848088c67ee65dfdcc4c580e9bc18c1699dca07d019bf1bf9dd3da480d6c155d7e60674ce88ab5ae07a9d16e22792d99986b531ab4e592ab5925da779e700cf20309a2137877690dc5c07956fc82d7b3bb46d3138041af18508938c9be4e5d0a98073463a5cff6c146d020743da474cb81677a6f389f0e00c33b70b7f8bab95435c27167f365a29fb09cbf35bf192f6a65616fa2ad9a6c7ca3a3ecd96aaecd993e8badb40e7eb8a22b0015e70c885cd519e28448168c6d914265998bff74ea1b0e651a6cae9419096248a0e41573827ad60fafce6e6540734c1f23f75337d836c31497e8112969a039d65aa297e2b046b5f4d11116a89f9f65693d4dc3e70fbfe0b2044fdb3f87e887d1daae8e38a0c19f668f776e19a02bb2449ee4384fe8d00f4085d7e41bc0276ee2b125d41ff358323311703ec01d64a573bdeb75bdcc87d01de38365ab9222713d2d1640a742d62fefb5403b2ed9969c32a0841e8c36b0107bb888eb14ac62e6d4bdfaeb9ee7430100bf3825a1996c8997ce285edf1d277ed703f560460417bfe702af833e83c5b987befb6d1fcf765ab7ea537d9dafb622a1ba8686cb150963b84470364942e90d1cf8"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = getpid()
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x8042, 0x0)
fcntl$setlease(r2, 0x400, 0x1)
fcntl$setlease(r2, 0x8, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x183203, 0x0)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x1)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r3, &(0x7f0000000380)={0x2, 0x0, @dev}, 0x10)
sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0x810)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000100000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r4}, 0x10)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xab43, 0x0)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$FUSE_DEV_IOC_CLONE(r6, 0x8004e500, &(0x7f0000000040)=r5)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0x3, &(0x7f0000000780)=ANY=[@ANYBLOB="180000a20e000000000000000000000095000000000000000f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)

10.046367679s ago: executing program 4 (id=2015):
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

8.202385326s ago: executing program 2 (id=2016):
r0 = socket(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
setresuid(0xee00, 0xee00, 0x0)
prctl$PR_GET_IO_FLUSHER(0x3a)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x14, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x3)
r4 = dup(0xffffffffffffffff)
listen(r4, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x17, 0x3, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8}, 0x90)
socket$inet6(0xa, 0x0, 0x0)
socket(0x0, 0x80805, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_int(r5, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r6, &(0x7f0000000280)=ANY=[@ANYBLOB='N'], 0x6a)
sendmsg$inet(r0, &(0x7f0000000200)={&(0x7f0000000180)={0x2, 0x4e23, @remote}, 0x10, 0x0, 0x0, &(0x7f00000003c0)=[@ip_retopts={{0x14, 0x0, 0x34, {[@noop]}}}], 0x18}, 0x0)

7.779470048s ago: executing program 3 (id=2017):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000600)={0x0, 0x0, 0x0, 'queue0\x00'})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r0, 0xc08c5334, &(0x7f0000000500))

6.448630722s ago: executing program 2 (id=2018):
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000100)='./file0\x00', 0x82000, 0x0, 0xfe, 0x0, &(0x7f0000000000))
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x0, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = fanotify_init(0x200, 0x0)
fanotify_mark(r1, 0x1, 0x4800003e, r0, 0x0)
r2 = dup2(r1, r0)
readv(r2, &(0x7f0000001400)=[{0x0}, {&(0x7f0000000300)=""/160, 0xa0}], 0x2)

6.367687863s ago: executing program 4 (id=2019):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0xb, &(0x7f0000000440)=@framed={{}, [@printk]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='mm_page_alloc\x00', r0}, 0x10)
r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x203, 0x8401)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x5, 0x0, 0x0, 0x7995}, 0xfcb5, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0})
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
mount$binder(0x0, &(0x7f0000000000)='./file0/../file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000240)={[{@stats}]})
r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='mounts\x00')
read$FUSE(r3, &(0x7f0000000cc0)={0x2020}, 0x2020)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = syz_open_procfs(0x0, &(0x7f0000000000)='net/psched\x00')
lseek(r5, 0x0, 0x1)
timer_create(0x0, 0x0, &(0x7f0000000180))
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
timer_delete(0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={0x0, r4}, 0x10)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@delsa={0x28, 0x11, 0x9555b451b135be19, 0x0, 0x0, {@in=@loopback}}, 0x28}}, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f00000000c0)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmsg$sock(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000140)="c7", 0x1}], 0x1}, 0x0)
sendmsg$sock(r7, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0)
recvmsg(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000240)=""/139, 0x8b}], 0x1}, 0x0)

5.645828895s ago: executing program 3 (id=2020):
r0 = syz_open_dev$vbi(&(0x7f0000000580), 0x0, 0x2)
ioctl$VIDIOC_G_FMT(r0, 0xc0285629, &(0x7f0000000000)={0x9})

5.482705342s ago: executing program 2 (id=2021):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "2af01c3d0040fbffffffffffffff00"})
r1 = syz_open_pts(r0, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)=0x13)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f00000000c0))
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000140)=0x11)

5.07059667s ago: executing program 4 (id=2022):
r0 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x90, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x60, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x4}]}}]}, 0x90}}, 0x0)

5.051818204s ago: executing program 1 (id=2023):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_opts(r0, 0x0, 0x5, &(0x7f0000000040)='~', 0x1)

5.019590546s ago: executing program 5 (id=2024):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f0000001cc0)='hugetlb.2MB.failcnt\x00', 0x2, 0x0)
write$cgroup_int(r1, &(0x7f0000000080), 0x12)

4.908330514s ago: executing program 3 (id=2025):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x7)
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000ac0)='./file0\x00', 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="6c617a7974696d652c6e6f696e6c696e655f78617474722c6c617a7974696d652c6e6f626172726965722c6163746976655f6c6f67733d342c757365725f78617474722c6d6f64653d6c66732c616c6c6f635f6d6f64653d64656661756c742c00be9ee044c45511e65887f6fac9eba6d787c3684a836f23dbf8ad3dd5931c08b4d8bde7e8acbbf3bf3326f2faa5952a332ad2ced40c98a2affa2dad4d623f9ff3ffa81e45095548ab6200f069d0f63d20fd71d3043b0dd5c4cf9785f3f531abc19bc1548f5e0b33006bd1049ca45bd8500d67a5aa6e1c23d900000000007867738729e703bb122283fb2fae9813a0cfefcdf3dc96eb384dbb4268c50943198a96d9b1af9c91506b30922be8537f54e65cf60c6b6a5798955796aea325770d6ccc93a95fad93b2c7bad114fcbc55036a301c23b07073c71555791db8919235022bb0ee4294211ab9b43f3fbedecd223722d937aa22b31e2e9c97e5ea94e4ab83d4e5811c7556813c334aec856af0a0c12b3c93ba5aa906bde2268a0c6cbbb13f496d87c608604eb02b2c031d5ae40c75"], 0x1, 0x5511, &(0x7f0000015b80)="$eJzs3E1rY9UfB/CTdjqdp//8i7hwNxcGoYVJmPRh0F3VGXzADsWHhStNkzRkJsktTZrWrly4FBe+Djei4Mql+BIEXbsTF4o7Qck9pzIdFdRmkqn9fOD2e+/JzS+/E0rLuQk3AGfWQvbzj6VwNVwMIcyGEK6EUOyX0lZYj/FUCOFaCGHmga2Uxn8fOB9CuBRCuDoqHmuW0kMf3RheX/vhlZ+++Hr+3OVPPv92erMGpu3pEEJ3J+7vd2PmrZj30nht2C6yuzpMGR/o3k/Hecz95lZRYb92dF6tyJVWPD/f2euPcrtTq4+y1d4uxnd68QX7w9ZRneIJ92q7xXGjuVVku58X2TqMfR0cxr9th/1BrNNI9d4tyofB4CjjePOgGeczf7/Iem+QxmPdvNE8GOUwZXq5UM87jaKPrZO804+3V9u9vYNs2Nztt/NetlapPlOp3ipXd/NGc9BcLde6jVur2WKrMzqtPGjWuuutPG91mpV63l3KFlv1erlazRZvN7fatV5WrVZWKjfLa0tp70b24t03s04jWxzl8+3e3qDd6Wfb+W4Wn7GULVdWnl3Krlez1zc2s83X7tzZ2Hzj7dtv3X1u4+UX0kl/aCtbXL65vFyu3iwvV5dO7/xH/+v/0fzfT02Pcf5wIqVpNwBw+lj/A5P28VcxT/P6P/yb9f+O9f/DrP/P9vzhRKz/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADOrO/mPn2p2FmIx5fT+P/S0BPpuBRCmAkh/PonZsP5YzVnU525vzh/7qEeviyFosLoNebTdimEsJ62X/7/qN8FAAAA+O/67L1rH8bVevyxMO2GmKR40WbmyjtjqlcKIcwtfD+GKiFdbApPnryraPT7fS4cjKlacQHrwpiKxUtu58ZV7W+ZPRYXHohSjJmJtgMAAEzE8ZXAZFchAAAATNIH026A6Sg+aU3fxU9f4J+PkT4QvHjsCAAAADiFStNuAAAAAHjkivX/43P/v2+Kfff/AwAAgPGK9/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiNnfvJSR2K4gB8Wuh7vD9GYpy7FWewDFdgHDo0LMBNsATcghtgDThzCQYMbYnWYKLhto3k+5K23Bvy45QwOfeSAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANCmp2Ixfbi7uD80Z705TJq7AQAAAPZZFYtp+WJcjf/V8yf11Fk9ziIij4h9vfsgfjUyB3VO8cn7iw81PEaUCdvP+F0ffyPisj5eTtv+FgAAAOB4LWfzSdWtV6dx3wXRpWrRJv9/lSgvi4hi/JwoLd+ezhOFlb/vYdwmSisXsEaJwqolt2GqtC8ZNC6jd5esuuSdlgMAAHSi2Ql024UAAADQpZu+C6AfWey2Mnd7weU/7982BP80RgAAAMAPlPVdAAAAANC6sv/3/D8AAAA4btXz/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGjTqlhMl7P5pDF5/f2c9eYw6e4IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXtmfdxQIgTAIg73rO5O5/2GlQUNjkyoQPv7GYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4M3v/vJ/YmqcSeZeG0vPI8naqbF1auydG0d/GF+/BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgYn9eUiAEgiAK5oz/nfT9DysJegYRIqDhUUUtGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4ot/98n9iapxJ5k4bS8cjydpVY+uqsfegcfRgvP0bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgYud+XuOo4gCAf3dnZ2urYoySQ0QUPOjFptva2qsHJXjwTxBCuq3RrT/aHGwpQi7eJOdeRI8ighJv/R96bqGXeuthDxU89VCZ2ZnkdS24WjqzST4fePO+Mwzzvm8SQr7zZhcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDa+L29OCs2C5O4Wx27df/aetHfnuoLN7bvLBetiDtNJr0PPHgYr6b7naX2cgEAAODwyOr6PiLu5jurRd9dKOv/vD6nqPl/eH4S1/X8dN1f93XtX7Tff7v38u5AC5Nxioue3xgNT/wzld7Tm+V8e+Ffz+iVd7589pKVP5Duh1svjfPyfna+u3nz/X4ZHmkiWwDg/zhe91VQ/z9U9IM2EwPg0OglhXdd/2cL7eYEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0IT+Vjxbx52IWO7txYXb96+tl/3U/o3tO8t1O3P9+nZ6zeISeUSc3xgNTzQ1kX3g8pWrn62NRsNLzQevRUR7o1fBxzOcE9FmhoInDbrV7/q85LM/gpb/MAEAcODkVSvq+rv5zmpxrLMY8fDHR+v/N5M40vp/qk/r/3ufnLmVjpXW/4PGZjj/VjYvfrly+crVtzcurl0YXhh+/s7JwbuDU2dPnz67Uj4rWfHEBAAAgCfTr1pa/3cXI8ZT6//HkjhmrP+/+n7wTTpWpv5/rL1Fv7YzAQAAONxefP2vPzuPOd7p9+Prtc3NS4PJdnf/5GTbQqr/2ZGqpfV/tth2VgAAAEATxludR9b/zyVxzLj+/9xPr/ySXjOLiKPV+v/x9S9G55qbTksezHRWEx8nfupTBQAAYK4drVq6/p+X7/93d1956EbEW29M4uprAGeq/7MPvv05HSt9//9Uc1OcS92lyf0o+6WI3lLbGQEAAHCQPVO1otj/I99Z/fTXYx/1vf8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0LS/AwAA//+xhkJ5")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
fadvise64(r0, 0x0, 0x0, 0x2)

4.723714728s ago: executing program 2 (id=2026):
r0 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r1=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x56, r1, <r2=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r0, 0xc06864ce, &(0x7f0000000440)={r2})
r3 = creat(&(0x7f0000000180)='./file0\x00', 0x0)
close(r3)
r4 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
r5 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r6=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f00000030c0)={0x0, 0xfffffe0f, r6, <r7=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r3, 0xc06864ce, &(0x7f0000000600)={r7, 0x0, 0x0, 0x0, 0x0, [<r8=>0x0]})
ioctl$DRM_IOCTL_GEM_CLOSE(r4, 0x40086409, &(0x7f0000000100)={r8})

4.258120151s ago: executing program 4 (id=2027):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000140)={0x2, &(0x7f0000000080)=[{0x48}, {0x6}]}, 0x10)
r6 = fcntl$dupfd(r4, 0x0, r3)
sendmmsg$unix(r6, &(0x7f0000000600)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000000c0)="f08c", 0x2}], 0x1}}], 0x777ee7a793ff, 0x0)

4.249683373s ago: executing program 1 (id=2028):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.time\x00', 0x26e1, 0x0)
close(r0)
socket$kcm(0x10, 0x2, 0x4)
ioctl$SIOCSIFHWADDR(r0, 0x8b05, &(0x7f0000000000)={'virt_wifi0\x00', @multicast})

4.183866585s ago: executing program 5 (id=2029):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005800000095"], 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x3}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

4.001695618s ago: executing program 2 (id=2030):
r0 = socket(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
setresuid(0xee00, 0xee00, 0x0)
prctl$PR_GET_IO_FLUSHER(0x3a)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x14, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x3)
r4 = dup(0xffffffffffffffff)
listen(r4, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x17, 0x3, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8}, 0x90)
socket$inet6(0xa, 0x0, 0x0)
socket(0x0, 0x80805, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_int(r5, &(0x7f0000000080)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r6, &(0x7f0000000280)=ANY=[@ANYBLOB='N'], 0x6a)
sendmsg$inet(r0, &(0x7f0000000200)={&(0x7f0000000180)={0x2, 0x4e23, @remote}, 0x10, 0x0, 0x0, &(0x7f00000003c0)=[@ip_retopts={{0x14, 0x0, 0x34, {[@noop]}}}], 0x18}, 0x0)

2.353976625s ago: executing program 3 (id=2031):
r0 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_QUERYMENU(r0, 0xc02c5625, &(0x7f0000000040)={0x98f90a, 0x0, @name="31df3501d44927091cd023ae5d74fd043ee24cc1b33dc6398b24abe651d65a21"})

2.07745809s ago: executing program 4 (id=2032):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'geneve1\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=@newlink={0x34, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x4}}}]}, 0x34}, 0x1, 0x2}, 0x0)

2.076096039s ago: executing program 5 (id=2033):
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48)
r2 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x802)
write$evdev(r2, &(0x7f0000000000), 0x100000008)
ioctl$EVIOCGBITSW(r2, 0x40044590, &(0x7f0000000300)=""/243)
ioctl$EVIOCGRAB(r2, 0x40044590, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x11, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x10}, 0xffffffffffffff0e)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYRESDEC=r2, @ANYBLOB="15dab94468b6d2bde43fc1a5aa4d6ce1912d61c7a5d82f48e20c5da2c4115402aaf9a8a93ea10221bd949898fd3d13cc0af778ae237a86587aa4a8f05ed5c0e62f8e9f", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='ext4_da_write_pages\x00', r3}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x4030582b, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)
sendto$inet6(r0, 0x0, 0x5c4, 0x404c844, &(0x7f0000000540)={0x2, 0x4e24, 0x0, @local}, 0x1c)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$sock_attach_bpf(r4, 0x1, 0x26, &(0x7f0000001a00), 0x4)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r5, &(0x7f0000000680)=ANY=[@ANYBLOB='\v\x00\x00\x00syz0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a'], 0x1f7)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r5, 0x0)
setitimer(0x1, &(0x7f0000000000), 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000380)=@newqdisc={0xb4, 0x24, 0x405, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, {0xc, 0xc}}, [@TCA_STAB={0x90, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x5c, 0x0, 0x4000, 0x3, 0x1, 0xfb0, 0x198a, 0x7}}, {0x12, 0x2, [0x3ff, 0x2, 0x100, 0x6e7, 0x8, 0x401, 0x1]}}, {{0x1c, 0x1, {0x8, 0x48, 0x9d8f, 0x3, 0x2, 0x5, 0x7, 0x5}}, {0xe, 0x2, [0x7, 0x7f, 0x0, 0xd4c, 0x3f15]}}, {{0x1c, 0x1, {0x40, 0x4, 0x1f, 0x0, 0x1, 0x4, 0x0, 0x8}}, {0x14, 0x2, [0x7702, 0xd8d5, 0x0, 0x4, 0x3, 0x3f, 0xf800, 0x778e]}}]}]}, 0xb4}, 0x1, 0x0, 0x0, 0x2004800}, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f0000000100), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r6, 0x0)
ppoll(0x0, 0x0, &(0x7f00000000c0)={0x0, 0x3938700}, 0x0, 0x0)

1.946013392s ago: executing program 1 (id=2034):
mount$tmpfs(0x0, &(0x7f0000000080)='.\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000300)={[{@nr_blocks}], [], 0x39})

886.574165ms ago: executing program 2 (id=2035):
creat(0x0, 0x1)
io_setup(0x0, &(0x7f0000000200))
syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000002580)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c64d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cf84ded40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c86e00f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec231fed44da4928b30142ba11de6c5d50b83c6e613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038d0100a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870cec1fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b17680100969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df004030000007d7f9e119f2c06f815312e0cfe222a06de269e97fbb0776bf56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105cfdf8be5877050c91301bb997316dbf17866fb84d4173731efe895012f1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f01000080000008004febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60133641a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad0200a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d37261774cc5a3bf6b466cb72812da518ff602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d50a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2e9a20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1015ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846899c6b23c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33694f40000000000005d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b95bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953f88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca86f750189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c23406a8aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc681b6c9a693979f55174a5fe1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8504611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c01446234437b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c64cd14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e87973d574ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00000000000000aceb111b66a500ca52fd8f848088c67ee65dfdcc4c580e9bc18c1699dca07d019bf1bf9dd3da480d6c155d7e60674ce88ab5ae07a9d16e22792d99986b531ab4e592ab5925da779e700cf20309a2137877690dc5c07956fc82d7b3bb46d3138041af18508938c9be4e5d0a98073463a5cff6c146d020743da474cb81677a6f389f0e00c33b70b7f8bab95435c27167f365a29fb09cbf35bf192f6a65616fa2ad9a6c7ca3a3ecd96aaecd993e8badb40e7eb8a22b0015e70c885cd519e28448168c6d914265998bff74ea1b0e651a6cae9419096248a0e41573827ad60fafce6e6540734c1f23f75337d836c31497e8112969a039d65aa297e2b046b5f4d11116a89f9f65693d4dc3e70fbfe0b2044fdb3f87e887d1daae8e38a0c19f668f776e19a02bb2449ee4384fe8d00f4085d7e41bc0276ee2b125d41ff358323311703ec01d64a573bdeb75bdcc87d01de38365ab9222713d2d1640a742d62fefb5403b2ed9969c32a0841e8c36b0107bb888eb14ac62e6d4bdfaeb9ee7430100bf3825a1996c8997ce285edf1d277ed703f560460417bfe702af833e83c5b987befb6d1fcf765ab7ea537d9dafb622a1ba8686cb150963b84470364942e90d1cf8"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = getpid()
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x8042, 0x0)
fcntl$setlease(r2, 0x400, 0x1)
fcntl$setlease(r2, 0x8, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x183203, 0x0)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x1)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r3, &(0x7f0000000380)={0x2, 0x0, @dev}, 0x10)
sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0x810)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000100000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r4}, 0x10)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xab43, 0x0)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$FUSE_DEV_IOC_CLONE(r6, 0x8004e500, &(0x7f0000000040)=r5)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0x3, &(0x7f0000000780)=ANY=[@ANYBLOB="180000a20e000000000000000000000095000000000000000f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)

461.900357ms ago: executing program 3 (id=2036):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x2}]}}}]}, 0x40}}, 0x0)

431.229912ms ago: executing program 1 (id=2037):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, "4d6b55f67e02bfc6aafbd98ec07c05a8765ccb"})
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000a40))
readv(r0, &(0x7f0000000d00)=[{&(0x7f0000000a80)=""/103, 0x67}], 0x1)

351.831625ms ago: executing program 4 (id=2038):
r0 = gettid()
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
read(r1, &(0x7f0000000200)=""/209, 0xd1)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000080)={0x335})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r1, 0xc0105303, &(0x7f0000000180)={0xbf})
tkill(r0, 0x7)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)

0s ago: executing program 0 (id=1958):
r0 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[{0x10, 0x110, 0xe}, {0x10, 0x110, 0xe}], 0x20}, 0x0)

kernel console output (not intermixed with test programs):

1][ T6921] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  313.754713][ T6921] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  313.765188][ T6921] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  313.776549][ T6921] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  313.790975][ T6921] batman_adv: batadv0: Interface activated: batadv_slave_1
[  313.818382][ T6978] veth0_vlan: entered promiscuous mode
[  313.865276][ T6921] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  313.876388][ T6921] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  313.891780][ T6921] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  313.932185][ T6921] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  314.004758][ T6978] veth1_vlan: entered promiscuous mode
[  314.268787][ T6978] veth0_macvtap: entered promiscuous mode
[  314.368240][ T6978] veth1_macvtap: entered promiscuous mode
[  314.699927][ T7394] loop5: detected capacity change from 0 to 256
[  314.762935][ T7394] exfat: Bad value for 'uid'
[  314.884604][   T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  314.936736][ T6978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  314.936741][   T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  314.936771][ T6978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  314.936790][ T6978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  315.003176][ T6978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  315.019770][ T6978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  315.032196][ T6978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  315.042872][ T6978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  315.071892][ T6978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  315.087511][ T6978] batman_adv: batadv0: Interface activated: batadv_slave_0
[  315.358743][ T6978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  315.368044][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  315.378110][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  315.378827][ T6978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  315.401501][ T6978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  315.416198][ T6978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  315.431397][ T6978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  315.442142][ T6978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  315.454352][ T6978] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  315.465097][ T6978] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  315.481103][ T6978] batman_adv: batadv0: Interface activated: batadv_slave_1
[  315.531409][ T6978] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  315.550762][ T6978] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  315.562221][ T6978] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  315.580184][ T6978] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  315.714710][ T7212] 8021q: adding VLAN 0 to HW filter on device batadv0
[  315.933356][ T7406] loop3: detected capacity change from 0 to 1024
[  315.991256][ T7407] loop0: detected capacity change from 0 to 2048
[  316.063436][ T7406] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  316.113794][ T7407]  loop0: p1 p2 p3
[  316.136836][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  316.181197][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  316.287353][ T7212] veth0_vlan: entered promiscuous mode
[  316.451923][   T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  316.452973][   T29] audit: type=1804 audit(1719627205.867:29): pid=7413 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.152" name="/root/syzkaller.IArHrs/0/file0/bus" dev="loop3" ino=18 res=1 errno=0
[  316.473226][ T7212] veth1_vlan: entered promiscuous mode
[  316.492602][   T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  316.824782][ T6921] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  316.848637][ T7212] veth0_macvtap: entered promiscuous mode
[  316.911574][ T7212] veth1_macvtap: entered promiscuous mode
[  317.026035][ T7212] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  317.054461][ T7212] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  317.099618][ T7212] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  317.127333][ T7420] loop4: detected capacity change from 0 to 16
[  317.147073][ T7212] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  317.168056][ T7420] erofs: (device loop4): mounted with root inode @ nid 36.
[  317.172047][ T7212] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  317.208755][ T7212] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  317.227051][ T7212] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  317.239745][ T4484] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 0] out[9000]
[  317.265286][ T7212] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  317.272473][ T7420] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  317.275455][ T7212] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  317.299325][ T7212] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  317.316017][ T7212] batman_adv: batadv0: Interface activated: batadv_slave_0
[  317.358924][   T29] audit: type=1800 audit(1719627206.737:30): pid=7420 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.166" name="file3" dev="loop4" ino=89 res=0 errno=0
[  317.403686][ T7424] netlink: 'syz.0.671': attribute type 15 has an invalid length.
[  317.407868][ T7420] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  317.431814][ T7212] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  317.457914][ T7212] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  317.472900][ T7420] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  317.493727][ T7212] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  317.520051][ T7212] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  317.535521][ T7212] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  317.547282][ T7212] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  317.560685][ T7212] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  317.576490][ T7212] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  317.587539][ T7212] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  317.601774][ T7212] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  317.620212][ T7212] batman_adv: batadv0: Interface activated: batadv_slave_1
[  317.669045][ T7212] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  317.680731][ T7212] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  317.692406][ T7212] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  317.705075][ T7212] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  318.444134][   T29] audit: type=1800 audit(1719627207.857:31): pid=7434 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.676" name="bus" dev="sda1" ino=1982 res=0 errno=0
[  318.464355][    C1] vkms_vblank_simulate: vblank timer overrun
[  318.567246][   T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  318.734731][   T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  318.780568][   T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  318.907819][   T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  318.928220][ T7438] loop2: detected capacity change from 0 to 512
[  318.972981][ T7438] EXT4-fs: Ignoring sb option on remount
[  319.050626][ T7438] EXT4-fs (sda1): re-mounted 5941fea2-f5fa-4b4e-b5ef-9af118b27b95 r/w. Quota mode: writeback.
[  319.071975][   T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  319.122694][   T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  319.152250][   T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  319.409994][   T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  319.759542][ T4484] Bluetooth: hci3: unexpected event for opcode 0x0404
[  319.813977][   T53] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  319.825857][   T53] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  319.837814][   T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  319.849424][   T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  319.869847][   T53] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  319.880119][   T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  319.940416][ T7455] netlink: 8 bytes leftover after parsing attributes in process `syz.0.683'.
[  320.134119][ T7455] loop0: detected capacity change from 0 to 1024
[  320.184285][   T12] bridge_slave_1: left allmulticast mode
[  320.190647][   T12] bridge_slave_1: left promiscuous mode
[  320.221209][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  320.221526][ T7457] loop2: detected capacity change from 0 to 1024
[  320.256012][   T12] bridge_slave_0: left allmulticast mode
[  320.264016][   T12] bridge_slave_0: left promiscuous mode
[  320.271104][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  320.629040][ T7462] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  321.547947][ T7474] loop2: detected capacity change from 0 to 256
[  321.631972][ T7474] exfat: Bad value for 'uid'
[  321.793882][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  321.875460][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  321.990223][ T4484] Bluetooth: hci0: command tx timeout
[  322.003615][   T12] bond0 (unregistering): Released all slaves
[  322.931617][   T12] hsr_slave_0: left promiscuous mode
[  322.941694][   T12] hsr_slave_1: left promiscuous mode
[  322.992527][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  323.004196][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  323.024585][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  323.034599][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  323.090119][   T12] veth1_macvtap: left promiscuous mode
[  323.096080][   T12] veth0_macvtap: left promiscuous mode
[  323.101936][   T12] veth1_vlan: left promiscuous mode
[  323.108393][   T12] veth0_vlan: left promiscuous mode
[  323.660453][ T7508] loop1: detected capacity change from 0 to 1024
[  323.668471][ T7512] loop5: detected capacity change from 0 to 64
[  323.691971][ T7508] hfsplus: unable to parse mount options
[  323.826779][ T4484] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  323.836864][ T4484] Bluetooth: hci3: Injecting HCI hardware error event
[  323.846391][ T4484] Bluetooth: hci3: hardware error 0x00
[  323.948788][ T7513] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  324.069277][   T53] Bluetooth: hci0: command tx timeout
[  324.592263][    T8] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  324.775449][   T12] team0 (unregistering): Port device team_slave_1 removed
[  324.834667][    T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  324.858362][    T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  324.898131][    T8] usb 3-1: New USB device found, idVendor=0eef, idProduct=72d0, bcdDevice= 0.00
[  324.925367][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  324.949726][    T8] usb 3-1: config 0 descriptor??
[  324.965290][   T12] team0 (unregistering): Port device team_slave_0 removed
[  325.627845][ T7529] kernel profiling enabled (shift: 10)
[  325.707523][    T8] hid-multitouch 0003:0EEF:72D0.0003: collection stack underflow
[  325.715626][    T8] hid-multitouch 0003:0EEF:72D0.0003: item 0 1 0 12 parsing failed
[  325.738573][    T8] hid-multitouch 0003:0EEF:72D0.0003: probe with driver hid-multitouch failed with error -22
[  325.915065][ T4484] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  326.142843][ T4484] Bluetooth: hci0: command tx timeout
[  326.260562][ T7502] netlink: 8 bytes leftover after parsing attributes in process `syz.1.701'.
[  326.428540][   T45] usb 3-1: USB disconnect, device number 2
[  326.627472][ T7450] chnl_net:caif_netlink_parms(): no params data found
[  326.947164][ T7450] bridge0: port 1(bridge_slave_0) entered blocking state
[  326.976314][ T7544] loop0: detected capacity change from 0 to 512
[  326.989158][ T7450] bridge0: port 1(bridge_slave_0) entered disabled state
[  326.998773][ T7450] bridge_slave_0: entered allmulticast mode
[  327.018506][ T7450] bridge_slave_0: entered promiscuous mode
[  327.035603][ T7450] bridge0: port 2(bridge_slave_1) entered blocking state
[  327.043815][ T7450] bridge0: port 2(bridge_slave_1) entered disabled state
[  327.051339][ T7450] bridge_slave_1: entered allmulticast mode
[  327.067527][ T7450] bridge_slave_1: entered promiscuous mode
[  327.109863][ T1244] ieee802154 phy0 wpan0: encryption failed: -22
[  327.117840][ T1244] ieee802154 phy1 wpan1: encryption failed: -22
[  327.227931][ T7450] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  327.247706][ T7450] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  327.352610][ T4484] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  327.363780][ T4484] Bluetooth: hci1: Injecting HCI hardware error event
[  327.373023][   T53] Bluetooth: hci1: hardware error 0x00
[  327.434294][ T7450] team0: Port device team_slave_0 added
[  327.471334][ T7450] team0: Port device team_slave_1 added
[  327.681412][ T7450] batman_adv: batadv0: Adding interface: batadv_slave_0
[  327.701106][ T7450] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  327.748989][ T7450] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  327.767197][ T7450] batman_adv: batadv0: Adding interface: batadv_slave_1
[  327.777511][ T7450] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  327.805543][ T7450] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  327.935842][ T7450] hsr_slave_0: entered promiscuous mode
[  327.944090][ T7450] hsr_slave_1: entered promiscuous mode
[  327.958535][ T7450] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  327.972052][ T7450] Cannot create hsr debugfs directory
[  328.139235][   T29] audit: type=1800 audit(1719627217.557:32): pid=7559 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.724" name="bus" dev="sda1" ino=1968 res=0 errno=0
[  328.222669][ T4484] Bluetooth: hci0: command tx timeout
[  329.073375][ T7573] loop3: detected capacity change from 0 to 1024
[  329.211196][ T7573] hfsplus: unable to parse mount options
[  329.363044][    T8] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  329.423210][   T53] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  329.723712][ T7587] loop5: detected capacity change from 0 to 2048
[  329.731744][ T7450] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  329.741467][    T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  329.758295][ T7450] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  329.762182][    T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  329.776535][    T8] usb 1-1: New USB device found, idVendor=0eef, idProduct=72d0, bcdDevice= 0.00
[  329.794152][    T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  329.796223][ T7450] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  329.844178][    T8] usb 1-1: config 0 descriptor??
[  329.850613][ T7450] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  330.412895][ T7450] 8021q: adding VLAN 0 to HW filter on device bond0
[  330.534141][    T8] hid-multitouch 0003:0EEF:72D0.0004: collection stack underflow
[  330.557636][ T7450] 8021q: adding VLAN 0 to HW filter on device team0
[  330.569565][    T8] hid-multitouch 0003:0EEF:72D0.0004: item 0 1 0 12 parsing failed
[  330.583448][    T8] hid-multitouch 0003:0EEF:72D0.0004: probe with driver hid-multitouch failed with error -22
[  330.594495][   T29] audit: type=1800 audit(1719627220.007:33): pid=7599 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.740" name="bus" dev="sda1" ino=1978 res=0 errno=0
[  330.621639][ T5107] bridge0: port 1(bridge_slave_0) entered blocking state
[  330.628994][ T5107] bridge0: port 1(bridge_slave_0) entered forwarding state
[  330.681211][ T5098] bridge0: port 2(bridge_slave_1) entered blocking state
[  330.688644][ T5098] bridge0: port 2(bridge_slave_1) entered forwarding state
[  330.790304][   T25] usb 1-1: USB disconnect, device number 2
[  331.070303][ T7605] loop2: detected capacity change from 0 to 1024
[  331.203480][ T7605] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  331.462976][   T29] audit: type=1804 audit(1719627220.867:34): pid=7605 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.742" name="/root/syzkaller.IJJguI/16/file0/bus" dev="loop2" ino=18 res=1 errno=0
[  331.618525][ T7450] 8021q: adding VLAN 0 to HW filter on device batadv0
[  331.655408][ T6880] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  332.311406][ T7631] loop2: detected capacity change from 0 to 2048
[  332.394708][   T29] audit: type=1800 audit(1719627221.817:35): pid=7633 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.751" name="bus" dev="sda1" ino=1991 res=0 errno=0
[  332.532673][ T7636] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  332.703884][   T53] Bluetooth: hci6: Controller not accepting commands anymore: ncmd = 0
[  332.713242][   T53] Bluetooth: hci6: Injecting HCI hardware error event
[  332.722590][   T53] Bluetooth: hci6: hardware error 0x00
[  332.856811][ T7450] veth0_vlan: entered promiscuous mode
[  332.878784][ T7450] veth1_vlan: entered promiscuous mode
[  332.925375][ T7450] veth0_macvtap: entered promiscuous mode
[  332.990255][ T7450] veth1_macvtap: entered promiscuous mode
[  333.248514][ T7450] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  333.272115][ T7450] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  333.304881][ T7450] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  333.346616][ T7450] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  333.373079][ T7450] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  333.416131][ T7450] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  333.442923][ T7450] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  333.477218][ T7450] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  333.490492][ T7450] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  333.501931][ T7450] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  333.527502][ T7450] batman_adv: batadv0: Interface activated: batadv_slave_0
[  333.589742][ T7450] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  333.604603][ T7450] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  333.619838][ T7450] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  333.630475][ T7450] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  333.640397][ T7450] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  333.651311][ T7450] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  333.696532][ T7450] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  333.757583][ T7450] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  333.801706][ T7645] loop1: detected capacity change from 0 to 512
[  333.810262][ T7450] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  333.834191][ T7645] EXT4-fs (loop1): VFS: Can't find ext4 filesystem
[  333.854348][ T7450] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  333.889581][ T7450] batman_adv: batadv0: Interface activated: batadv_slave_1
[  333.951200][ T7450] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  333.968342][ T7450] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  333.979618][ T7450] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  334.000988][ T7652] loop5: detected capacity change from 0 to 1764
[  334.029997][ T7450] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  334.048876][ T7652] ISOFS: Logical zone size(6) < hardware blocksize(1024)
[  334.314668][ T2417] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  334.341906][ T2417] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  334.443826][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  334.453848][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  334.772219][ T5157] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  334.956220][ T7662] netlink: 72 bytes leftover after parsing attributes in process `syz.0.759'.
[  335.206642][   T53] Bluetooth: hci6: Opcode 0x0c03 failed: -110
[  335.958093][ T5157] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  335.988676][ T5157] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  336.005649][ T5157] usb 2-1: New USB device found, idVendor=0eef, idProduct=72d0, bcdDevice= 0.00
[  336.023479][ T5157] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  336.040051][ T5157] usb 2-1: config 0 descriptor??
[  336.895206][ T5157] hid-multitouch 0003:0EEF:72D0.0005: collection stack underflow
[  336.907529][ T5157] hid-multitouch 0003:0EEF:72D0.0005: item 0 1 0 12 parsing failed
[  337.036036][ T5157] hid-multitouch 0003:0EEF:72D0.0005: probe with driver hid-multitouch failed with error -22
[  337.092574][ T5157] usb 2-1: USB disconnect, device number 3
[  337.278067][ T7694] loop2: detected capacity change from 0 to 8
[  337.518203][ T7694] unable to read fragment index table
[  337.936082][ T7694] loop2: detected capacity change from 0 to 512
[  337.997318][ T7694] EXT4-fs error (device loop2): ext4_orphan_get:1420: comm syz.2.773: bad orphan inode 15
[  338.045759][ T7694] ext4_test_bit(bit=14, block=5) = 0
[  338.086567][ T7694] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  338.331662][ T7702] loop5: detected capacity change from 0 to 512
[  339.596453][ T6880] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  340.544454][ T7730] netlink: 'syz.0.786': attribute type 4 has an invalid length.
[  341.785704][ T7759] loop5: detected capacity change from 0 to 512
[  343.283629][ T7792] netlink: 16 bytes leftover after parsing attributes in process `syz.0.812'.
[  343.302541][ T7792] netlink: 16 bytes leftover after parsing attributes in process `syz.0.812'.
[  343.701806][ T7799] netlink: 72 bytes leftover after parsing attributes in process `syz.1.809'.
[  345.018830][ T7813] loop4: detected capacity change from 0 to 512
[  346.082998][ T7833] loop4: detected capacity change from 0 to 512
[  346.163097][ T7833] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  346.223528][ T7833] ext4 filesystem being mounted at /root/syzkaller.VMRuJd/11/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  346.293750][ T7833] EXT4-fs error (device loop4): ext4_do_update_inode:5075: inode #2: comm syz.4.822: corrupted inode contents
[  346.337558][ T7833] EXT4-fs error (device loop4): ext4_dirty_inode:5935: inode #2: comm syz.4.822: mark_inode_dirty error
[  346.351893][ T7833] EXT4-fs error (device loop4): ext4_do_update_inode:5075: inode #2: comm syz.4.822: corrupted inode contents
[  346.367099][ T7833] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #2: comm syz.4.822: mark_inode_dirty error
[  346.427810][   T29] audit: type=1800 audit(1719627235.847:36): pid=7833 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.822" name="bus" dev="loop4" ino=18 res=0 errno=0
[  346.435230][   T53] Bluetooth: Frame is too long (len 10, expected len 8)
[  347.169036][ T7450] EXT4-fs error (device loop4): ext4_readdir:258: inode #2: block 3: comm syz-executor: path /root/syzkaller.VMRuJd/11/file0: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0
[  347.295788][ T7851] netlink: 'syz.3.829': attribute type 11 has an invalid length.
[  347.446711][ T7450] EXT4-fs error (device loop4): ext4_readdir:258: inode #2: block 12: comm syz-executor: path /root/syzkaller.VMRuJd/11/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[  347.479738][ T7450] EXT4-fs error (device loop4): ext4_readdir:258: inode #2: block 13: comm syz-executor: path /root/syzkaller.VMRuJd/11/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[  347.520761][ T7450] EXT4-fs error (device loop4): ext4_readdir:258: inode #2: block 14: comm syz-executor: path /root/syzkaller.VMRuJd/11/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  347.597624][ T7450] EXT4-fs error (device loop4): ext4_readdir:258: inode #2: block 15: comm syz-executor: path /root/syzkaller.VMRuJd/11/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[  347.656028][ T7450] EXT4-fs error (device loop4): ext4_readdir:258: inode #2: block 16: comm syz-executor: path /root/syzkaller.VMRuJd/11/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[  348.474418][ T7862] loop3: detected capacity change from 0 to 512
[  350.180902][ T7890] netlink: 16 bytes leftover after parsing attributes in process `syz.5.843'.
[  350.210533][ T7890] netlink: 16 bytes leftover after parsing attributes in process `syz.5.843'.
[  350.765341][ T7897] netlink: 'syz.5.846': attribute type 11 has an invalid length.
[  351.605736][ T7904] netlink: 368 bytes leftover after parsing attributes in process `syz.3.848'.
[  352.211610][ T7912] loop3: detected capacity change from 0 to 512
[  352.322437][    T8] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  352.535970][    T8] usb 2-1: config index 0 descriptor too short (expected 23569, got 27)
[  352.561908][    T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  352.587950][    T8] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  352.601928][    T8] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  352.623441][    T8] usb 2-1: Manufacturer: syz
[  352.659697][    T8] usb 2-1: config 0 descriptor??
[  352.912232][    T8] rc_core: IR keymap rc-hauppauge not found
[  352.918635][    T8] Registered IR keymap rc-empty
[  352.976460][    T8] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  353.034936][    T8] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input7
[  353.224048][ T7909] loop1: detected capacity change from 0 to 4096
[  353.556392][   T45] usb 2-1: USB disconnect, device number 4
[  353.770933][ T7932] input: syz1 as /devices/virtual/input/input8
[  354.531367][ T7941] netlink: 72 bytes leftover after parsing attributes in process `syz.5.862'.
[  357.121777][   T29] audit: type=1800 audit(1719627246.537:37): pid=7953 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.866" name="bus" dev="sda1" ino=2002 res=0 errno=0
[  357.143570][ T7955] loop2: detected capacity change from 0 to 512
[  357.155572][ T7957] netlink: 368 bytes leftover after parsing attributes in process `syz.3.865'.
[  358.043959][ T7450] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  358.188935][ T2417] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  358.342441][ T2417] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  358.456999][ T4484] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  358.471491][ T5094] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  358.481624][ T5094] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  358.504983][ T5094] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  358.521161][ T5094] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  358.531510][ T2417] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  358.546487][ T5094] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  358.647741][ T2417] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  359.528667][ T2417] bridge_slave_1: left allmulticast mode
[  359.536776][ T2417] bridge_slave_1: left promiscuous mode
[  359.550870][ T2417] bridge0: port 2(bridge_slave_1) entered disabled state
[  359.564440][ T2417] bridge_slave_0: left allmulticast mode
[  359.579945][ T2417] bridge_slave_0: left promiscuous mode
[  359.587144][ T2417] bridge0: port 1(bridge_slave_0) entered disabled state
[  359.782811][  T781] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  360.013298][  T781] usb 4-1: config index 0 descriptor too short (expected 23569, got 27)
[  360.021871][  T781] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  360.056801][  T781] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  360.079177][  T781] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  360.102343][  T781] usb 4-1: Manufacturer: syz
[  360.116816][  T781] usb 4-1: config 0 descriptor??
[  360.342303][  T781] rc_core: IR keymap rc-hauppauge not found
[  360.348320][  T781] Registered IR keymap rc-empty
[  360.363112][  T781] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  360.397947][  T781] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input9
[  360.570762][ T7986] loop3: detected capacity change from 0 to 4096
[  360.571260][ T7999] netlink: 368 bytes leftover after parsing attributes in process `syz.1.882'.
[  360.622742][   T53] Bluetooth: hci0: command tx timeout
[  360.909443][  T781] usb 4-1: USB disconnect, device number 3
[  361.006473][ T2417] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  361.025929][ T2417] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  361.043765][ T2417] bond0 (unregistering): Released all slaves
[  361.252805][ T7972] chnl_net:caif_netlink_parms(): no params data found
[  361.354582][ T8007] loop5: detected capacity change from 0 to 256
[  361.815452][ T2417] hsr_slave_0: left promiscuous mode
[  361.825078][ T2417] hsr_slave_1: left promiscuous mode
[  361.831847][ T2417] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  361.839618][ T2417] batman_adv: batadv0: Removing interface: batadv_slave_0
[  361.856331][ T2417] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  361.863975][ T2417] batman_adv: batadv0: Removing interface: batadv_slave_1
[  361.909106][ T2417] veth1_macvtap: left promiscuous mode
[  361.932306][ T2417] veth0_macvtap: left promiscuous mode
[  361.939131][ T2417] veth1_vlan: left promiscuous mode
[  361.945742][ T2417] veth0_vlan: left promiscuous mode
[  362.702474][   T53] Bluetooth: hci0: command tx timeout
[  363.335017][ T8035] netlink: 'syz.2.895': attribute type 11 has an invalid length.
[  363.875210][ T2417] team0 (unregistering): Port device team_slave_1 removed
[  363.881217][ T8041] loop5: detected capacity change from 0 to 1024
[  363.959523][ T2417] team0 (unregistering): Port device team_slave_0 removed
[  364.416129][ T8046] loop1: detected capacity change from 0 to 512
[  364.518007][ T8046] EXT4-fs (loop1): 1 orphan inode deleted
[  364.545165][ T8046] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  364.782355][   T53] Bluetooth: hci0: command tx timeout
[  364.992501][ T7972] bridge0: port 1(bridge_slave_0) entered blocking state
[  364.993149][ T8052] Bluetooth: MGMT ver 1.22
[  365.003941][ T7972] bridge0: port 1(bridge_slave_0) entered disabled state
[  365.004180][ T7972] bridge_slave_0: entered allmulticast mode
[  365.030986][ T7972] bridge_slave_0: entered promiscuous mode
[  365.087647][ T7972] bridge0: port 2(bridge_slave_1) entered blocking state
[  365.101450][ T7972] bridge0: port 2(bridge_slave_1) entered disabled state
[  365.112425][ T7972] bridge_slave_1: entered allmulticast mode
[  365.123227][ T7972] bridge_slave_1: entered promiscuous mode
[  365.245587][ T8053] netem: change failed
[  365.293573][ T7972] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  365.347457][ T7972] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  365.544922][ T7972] team0: Port device team_slave_0 added
[  365.575700][ T7212] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  365.580152][ T7972] team0: Port device team_slave_1 added
[  365.687725][ T8057] loop5: detected capacity change from 0 to 256
[  365.729529][ T7972] batman_adv: batadv0: Adding interface: batadv_slave_0
[  365.738137][ T7972] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  365.771534][ T7972] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  365.790673][ T7972] batman_adv: batadv0: Adding interface: batadv_slave_1
[  365.792503][    T8] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  365.807365][ T7972] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  365.865131][ T7972] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  365.971962][ T7972] hsr_slave_0: entered promiscuous mode
[  366.000441][ T7972] hsr_slave_1: entered promiscuous mode
[  366.007138][    T8] usb 4-1: config index 0 descriptor too short (expected 23569, got 27)
[  366.018566][ T7972] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  366.026047][    T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  366.026545][ T7972] Cannot create hsr debugfs directory
[  366.059464][    T8] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  366.082024][    T8] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  366.094279][ T8061] sp0: Synchronizing with TNC
[  366.101272][    T8] usb 4-1: Manufacturer: syz
[  366.121124][    T8] usb 4-1: config 0 descriptor??
[  366.352375][    T8] rc_core: IR keymap rc-hauppauge not found
[  366.358338][    T8] Registered IR keymap rc-empty
[  366.410520][    T8] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  366.456369][    T8] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input10
[  366.512967][ T8055] loop3: detected capacity change from 0 to 4096
[  366.862342][   T53] Bluetooth: hci0: command tx timeout
[  366.905242][    T8] usb 4-1: USB disconnect, device number 4
[  367.869850][ T7972] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  367.887014][ T7972] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  367.906973][ T7972] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  367.924085][ T7972] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  368.213503][ T7972] 8021q: adding VLAN 0 to HW filter on device bond0
[  368.279794][ T7972] 8021q: adding VLAN 0 to HW filter on device team0
[  368.303939][ T4554] bridge0: port 1(bridge_slave_0) entered blocking state
[  368.311264][ T4554] bridge0: port 1(bridge_slave_0) entered forwarding state
[  368.361041][ T4554] bridge0: port 2(bridge_slave_1) entered blocking state
[  368.368435][ T4554] bridge0: port 2(bridge_slave_1) entered forwarding state
[  368.816476][ T7972] 8021q: adding VLAN 0 to HW filter on device batadv0
[  369.226504][ T7972] veth0_vlan: entered promiscuous mode
[  369.256449][ T7972] veth1_vlan: entered promiscuous mode
[  369.325001][ T7972] veth0_macvtap: entered promiscuous mode
[  369.340598][ T7972] veth1_macvtap: entered promiscuous mode
[  369.381842][ T7972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  369.393696][ T7972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  369.406150][ T7972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  369.417711][ T7972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  369.428773][ T7972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  369.440177][ T7972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  369.454146][ T7972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  369.464972][ T7972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  369.476102][ T7972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  369.486610][ T7972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  369.499757][ T7972] batman_adv: batadv0: Interface activated: batadv_slave_0
[  369.520208][ T7972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  369.538849][ T7972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  369.550952][ T7972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  369.562841][ T7972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  369.572868][ T7972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  369.584535][ T7972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  369.594556][ T7972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  369.605083][ T7972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  369.615014][ T7972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  369.625539][ T7972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  369.639237][ T7972] batman_adv: batadv0: Interface activated: batadv_slave_1
[  369.678385][ T7972] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  369.687698][ T7972] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  369.697417][ T7972] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  369.708850][ T7972] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  369.878907][   T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  369.896962][   T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  369.947741][ T5655] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  369.956127][ T5655] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  374.037483][ T8109] loop1: detected capacity change from 0 to 512
[  374.049740][ T8108] netlink: 6 bytes leftover after parsing attributes in process `syz.3.918'.
[  374.132360][ T8108] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  374.197754][ T8109] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  374.223432][ T8109] ext4 filesystem being mounted at /root/syzkaller.sXHJvO/39/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  374.432016][ T7212] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  374.651710][ T8122] loop4: detected capacity change from 0 to 256
[  374.678272][ T8122] exfat: Deprecated parameter 'namecase'
[  374.758528][ T8122] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x6ff59669, utbl_chksum : 0xe619d30d)
[  374.818350][ T8126] input: syz1 as /devices/virtual/input/input11
[  377.192616][ T8169] loop0: detected capacity change from 0 to 256
[  377.223024][ T8169] exfat: Deprecated parameter 'namecase'
[  379.117148][ T8180] loop3: detected capacity change from 0 to 131072
[  379.151088][ T8180] F2FS-fs (loop3): invalid crc value
[  379.180903][ T8180] F2FS-fs (loop3): Found nat_bits in checkpoint
[  379.267168][ T8180] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  379.814794][ T8196] loop1: detected capacity change from 0 to 64
[  379.917654][ T8196] Trying to free block not in datazone
[  380.738798][ T8211] loop2: detected capacity change from 0 to 256
[  380.781885][ T8211] exfat: Deprecated parameter 'namecase'
[  380.894238][ T8211] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x6ff59669, utbl_chksum : 0xe619d30d)
[  382.852087][    C1] sched: RT throttling activated
[  383.361807][ T8228] loop2: detected capacity change from 0 to 131072
[  383.404765][ T8228] F2FS-fs (loop2): invalid crc value
[  383.417918][ T8228] F2FS-fs (loop2): Found nat_bits in checkpoint
[  383.519077][ T8228] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[  386.685008][ T8282] netlink: 'syz.3.991': attribute type 9 has an invalid length.
[  386.712436][ T8282] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.991'.
[  386.878241][ T8283] netlink: 'syz.3.991': attribute type 9 has an invalid length.
[  386.906492][ T8283] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.991'.
[  387.543071][ T8300] netlink: 6 bytes leftover after parsing attributes in process `syz.1.996'.
[  387.597518][ T8300] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  388.159648][ T8294] loop0: detected capacity change from 0 to 32768
[  388.549774][ T1244] ieee802154 phy0 wpan0: encryption failed: -22
[  388.557053][ T1244] ieee802154 phy1 wpan1: encryption failed: -22
[  389.667845][ T8342] loop3: detected capacity change from 0 to 16
[  389.700936][ T8342] MTD: Attempt to mount non-MTD device "/dev/loop3"
[  389.721167][ T8342] cramfs: wrong endianness
[  390.622356][ T5094] Bluetooth: hci2: command 0x0406 tx timeout
[  394.582633][ T8398] binder: 8393:8398 ioctl c0306201 200003c0 returned -14
[  399.103259][ T8451] binder: 8450:8451 ioctl c0306201 200003c0 returned -14
[  401.516201][ T8494] netlink: 192 bytes leftover after parsing attributes in process `syz.4.1079'.
[  404.127342][ T8525] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1089'.
[  404.524108][ T8525] hsr_slave_1 (unregistering): left promiscuous mode
[  406.136925][ T8552] netlink: 192 bytes leftover after parsing attributes in process `syz.1.1100'.
[  406.308029][ T8557] netlink: 209852 bytes leftover after parsing attributes in process `syz.5.1101'.
[  406.330870][ T8557] openvswitch: netlink: Multiple metadata blocks provided
[  407.508856][ T8579] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1109'.
[  407.973770][ T8579] hsr_slave_1 (unregistering): left promiscuous mode
[  409.328353][ T8601] tmpfs: Unknown parameter 'N'
[  410.039142][ T8607] netlink: 192 bytes leftover after parsing attributes in process `syz.0.1123'.
[  410.139456][ T5094] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  410.269395][ T5094] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  410.300805][ T5094] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  410.314340][ T5094] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  410.323115][ T5094] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  410.330897][ T5094] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  411.059479][   T63] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  411.261415][   T63] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  411.531591][   T63] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  411.795414][   T63] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  412.157992][ T8613] chnl_net:caif_netlink_parms(): no params data found
[  412.382444][   T53] Bluetooth: hci1: command tx timeout
[  412.669508][ T8613] bridge0: port 1(bridge_slave_0) entered blocking state
[  412.677251][ T8613] bridge0: port 1(bridge_slave_0) entered disabled state
[  412.688315][ T8613] bridge_slave_0: entered allmulticast mode
[  412.697149][ T8613] bridge_slave_0: entered promiscuous mode
[  412.712457][   T63] bridge_slave_1: left allmulticast mode
[  412.731628][   T63] bridge_slave_1: left promiscuous mode
[  412.758861][   T63] bridge0: port 2(bridge_slave_1) entered disabled state
[  412.784300][   T63] bridge_slave_0: left allmulticast mode
[  412.790169][   T63] bridge_slave_0: left promiscuous mode
[  412.798974][   T63] bridge0: port 1(bridge_slave_0) entered disabled state
[  414.122812][ T8653] tmpfs: Unknown parameter 'N'
[  414.430229][   T63] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  414.446506][   T63] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  414.462996][   T53] Bluetooth: hci1: command tx timeout
[  414.471175][   T63] bond0 (unregistering): Released all slaves
[  414.494889][ T8613] bridge0: port 2(bridge_slave_1) entered blocking state
[  414.506399][ T8613] bridge0: port 2(bridge_slave_1) entered disabled state
[  414.513868][ T8613] bridge_slave_1: entered allmulticast mode
[  414.521956][ T8613] bridge_slave_1: entered promiscuous mode
[  414.689172][ T8613] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  414.807388][ T8613] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  414.991361][ T8613] team0: Port device team_slave_0 added
[  415.047029][ T8662] netlink: 'syz.5.1141': attribute type 9 has an invalid length.
[  415.065302][ T8662] netlink: 209836 bytes leftover after parsing attributes in process `syz.5.1141'.
[  415.101976][ T8613] team0: Port device team_slave_1 added
[  415.250061][   T63] hsr_slave_0: left promiscuous mode
[  415.268184][   T63] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  415.287456][   T63] batman_adv: batadv0: Removing interface: batadv_slave_0
[  415.309206][   T63] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  415.338034][   T63] batman_adv: batadv0: Removing interface: batadv_slave_1
[  415.396134][   T63] veth1_macvtap: left promiscuous mode
[  415.403313][   T63] veth0_macvtap: left promiscuous mode
[  415.410095][   T63] veth1_vlan: left promiscuous mode
[  415.415833][   T63] veth0_vlan: left promiscuous mode
[  416.574639][   T53] Bluetooth: hci1: command tx timeout
[  417.562833][ T8693] tmpfs: Unknown parameter 'N'
[  417.893775][   T63] team0 (unregistering): Port device team_slave_1 removed
[  418.662337][   T53] Bluetooth: hci1: command tx timeout
[  419.243604][   T63] team0 (unregistering): Port device team_slave_0 removed
[  419.424489][ T5094] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  419.436743][ T5094] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  419.446146][ T5094] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  419.462883][ T5094] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  419.471274][ T5094] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  419.479273][ T5094] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  420.660097][ T8664] netlink: 'syz.5.1141': attribute type 9 has an invalid length.
[  420.697713][ T8664] netlink: 209836 bytes leftover after parsing attributes in process `syz.5.1141'.
[  420.767421][ T8613] batman_adv: batadv0: Adding interface: batadv_slave_0
[  420.775683][ T8613] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  420.801704][    C0] vkms_vblank_simulate: vblank timer overrun
[  420.827392][ T8613] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  421.091023][ T8613] batman_adv: batadv0: Adding interface: batadv_slave_1
[  421.115133][ T8613] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  421.144553][ T8613] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  421.342403][ T8713] netlink: 192 bytes leftover after parsing attributes in process `syz.2.1158'.
[  421.499273][ T8613] hsr_slave_0: entered promiscuous mode
[  421.508688][ T8613] hsr_slave_1: entered promiscuous mode
[  421.519287][ T8613] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  421.527698][ T8613] Cannot create hsr debugfs directory
[  421.582601][   T53] Bluetooth: hci5: command tx timeout
[  422.251918][   T63] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  422.515988][   T63] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  423.897612][   T53] Bluetooth: hci5: command tx timeout
[  424.717841][   T63] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  425.120685][   T63] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  425.569318][ T8700] chnl_net:caif_netlink_parms(): no params data found
[  425.902026][   T63] bridge_slave_1: left allmulticast mode
[  425.908450][   T63] bridge_slave_1: left promiscuous mode
[  425.916816][   T63] bridge0: port 2(bridge_slave_1) entered disabled state
[  425.949640][   T63] bridge_slave_0: left allmulticast mode
[  425.957071][   T63] bridge_slave_0: left promiscuous mode
[  425.963631][   T63] bridge0: port 1(bridge_slave_0) entered disabled state
[  425.982279][   T53] Bluetooth: hci5: command tx timeout
[  426.831304][   T63] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  426.846823][   T63] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  426.873702][   T63] bond0 (unregistering): Released all slaves
[  426.907501][   T63] bond1 (unregistering): Released all slaves
[  428.062461][   T53] Bluetooth: hci5: command tx timeout
[  428.476797][ T8700] bridge0: port 1(bridge_slave_0) entered blocking state
[  428.494481][ T8700] bridge0: port 1(bridge_slave_0) entered disabled state
[  428.513596][ T8700] bridge_slave_0: entered allmulticast mode
[  428.555263][ T8700] bridge_slave_0: entered promiscuous mode
[  428.750407][ T8700] bridge0: port 2(bridge_slave_1) entered blocking state
[  428.760209][ T8700] bridge0: port 2(bridge_slave_1) entered disabled state
[  428.769988][ T8700] bridge_slave_1: entered allmulticast mode
[  428.779378][ T8700] bridge_slave_1: entered promiscuous mode
[  428.855646][ T8613] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  428.966498][ T8700] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  428.978191][ T8613] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  429.081684][ T8700] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  429.175816][ T8613] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  429.214806][ T5098] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  429.315242][   T63] hsr_slave_0: left promiscuous mode
[  429.321965][   T63] hsr_slave_1: left promiscuous mode
[  429.338803][   T63] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  429.356175][   T63] batman_adv: batadv0: Removing interface: batadv_slave_0
[  429.370729][   T63] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  429.378440][   T63] batman_adv: batadv0: Removing interface: batadv_slave_1
[  429.415957][ T5098] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  429.427606][ T5098] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  429.431609][   T63] veth1_macvtap: left promiscuous mode
[  429.438354][ T5098] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  429.452303][   T63] veth0_macvtap: left promiscuous mode
[  429.456156][ T5098] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  429.479080][ T8773] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  429.486847][   T63] veth1_vlan: left promiscuous mode
[  429.498045][   T63] veth0_vlan: left promiscuous mode
[  429.820011][ T5098] usb 3-1: USB disconnect, device number 3
[  429.866643][   T29] audit: type=1326 audit(1719627319.287:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8783 comm="syz.5.1185" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8fa1b75b99 code=0x0
[  429.888304][    C0] vkms_vblank_simulate: vblank timer overrun
[  430.686798][ T8796] loop0: detected capacity change from 0 to 256
[  431.312186][   T63] team0 (unregistering): Port device team_slave_1 removed
[  431.747156][   T63] team0 (unregistering): Port device team_slave_0 removed
[  432.213387][ T5094] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  432.243846][ T5094] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  432.269485][ T5094] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  432.288317][ T5094] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  432.297701][ T5094] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  432.309946][ T5094] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  432.638519][ T8812] loop0: detected capacity change from 0 to 256
[  433.083377][ T8613] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  433.232749][ T8700] team0: Port device team_slave_0 added
[  433.278117][ T8700] team0: Port device team_slave_1 added
[  433.415501][   T29] audit: type=1326 audit(1719627322.827:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8819 comm="syz.2.1202" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7fa1975b99 code=0x0
[  433.437198][    C0] vkms_vblank_simulate: vblank timer overrun
[  433.491507][ T8700] batman_adv: batadv0: Adding interface: batadv_slave_0
[  433.519998][ T8700] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  433.577332][ T8700] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  433.643387][ T8700] batman_adv: batadv0: Adding interface: batadv_slave_1
[  433.650552][ T8700] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  433.680837][ T8700] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  434.030081][ T8700] hsr_slave_0: entered promiscuous mode
[  434.065341][ T8700] hsr_slave_1: entered promiscuous mode
[  434.074150][ T8700] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  434.081870][ T8700] Cannot create hsr debugfs directory
[  434.178091][ T8830] binder: transaction release 12 bad handle 1, ret = -22
[  434.186984][ T8830] binder: 8828:8830 ioctl c0306201 20002300 returned -14
[  434.392511][   T53] Bluetooth: hci4: command tx timeout
[  434.745921][   T63] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  435.236615][   T63] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  435.938200][ T8846] loop0: detected capacity change from 0 to 2048
[  435.999455][ T8846] EXT4-fs: Ignoring removed orlov option
[  436.460373][   T63] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  436.470917][   T53] Bluetooth: hci4: command tx timeout
[  436.633034][ T8806] chnl_net:caif_netlink_parms(): no params data found
[  436.875663][   T63] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  437.019408][ T8613] 8021q: adding VLAN 0 to HW filter on device bond0
[  437.583923][ T8806] bridge0: port 1(bridge_slave_0) entered blocking state
[  437.600602][ T8806] bridge0: port 1(bridge_slave_0) entered disabled state
[  437.610248][ T8806] bridge_slave_0: entered allmulticast mode
[  437.627124][ T8806] bridge_slave_0: entered promiscuous mode
[  437.653453][ T8806] bridge0: port 2(bridge_slave_1) entered blocking state
[  437.660941][ T8806] bridge0: port 2(bridge_slave_1) entered disabled state
[  437.670155][ T8806] bridge_slave_1: entered allmulticast mode
[  437.683396][ T8806] bridge_slave_1: entered promiscuous mode
[  437.727703][ T8613] 8021q: adding VLAN 0 to HW filter on device team0
[  437.867048][ T8864] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1215'.
[  437.891211][ T8806] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  437.940071][ T4554] bridge0: port 1(bridge_slave_0) entered blocking state
[  437.947433][ T4554] bridge0: port 1(bridge_slave_0) entered forwarding state
[  437.985208][ T8806] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  438.041180][ T5331] bridge0: port 2(bridge_slave_1) entered blocking state
[  438.042447][ T8866] binder: transaction release 20 bad handle 1, ret = -22
[  438.048493][ T5331] bridge0: port 2(bridge_slave_1) entered forwarding state
[  438.073007][ T8866] binder: 8865:8866 ioctl c0306201 20002300 returned -14
[  438.214444][ T8806] team0: Port device team_slave_0 added
[  438.228508][ T8806] team0: Port device team_slave_1 added
[  438.256265][   T63] bridge_slave_1: left allmulticast mode
[  438.270801][   T63] bridge_slave_1: left promiscuous mode
[  438.277741][   T63] bridge0: port 2(bridge_slave_1) entered disabled state
[  438.294129][   T63] bridge_slave_0: left allmulticast mode
[  438.301380][   T63] bridge_slave_0: left promiscuous mode
[  438.308998][   T63] bridge0: port 1(bridge_slave_0) entered disabled state
[  438.367609][   T29] audit: type=1326 audit(1719627327.777:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8868 comm="syz.0.1218" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4648575b99 code=0x0
[  438.553208][   T53] Bluetooth: hci4: command tx timeout
[  438.952956][ T8879] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.1222'.
[  438.968820][ T8879] openvswitch: netlink: VXLAN extension message has 13 unknown bytes.
[  439.172479][   T63] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  439.222628][   T63] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  439.252327][   T63] bond0 (unregistering): Released all slaves
[  439.451713][ T8806] batman_adv: batadv0: Adding interface: batadv_slave_0
[  439.466366][ T8806] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  439.518969][ T8806] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  439.636560][ T8806] batman_adv: batadv0: Adding interface: batadv_slave_1
[  439.660872][ T8806] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  439.717894][ T8806] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  439.815848][ T8700] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  440.107513][ T8700] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  440.144806][ T8700] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  440.233768][ T8806] hsr_slave_0: entered promiscuous mode
[  440.266355][ T8806] hsr_slave_1: entered promiscuous mode
[  440.295294][ T8806] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  440.325920][ T8806] Cannot create hsr debugfs directory
[  440.365830][ T8700] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  440.417601][ T8892] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1228'.
[  440.623915][   T53] Bluetooth: hci4: command tx timeout
[  440.917765][ T8896] binder: transaction release 28 bad handle 1, ret = -22
[  440.959968][ T8896] binder: 8895:8896 ioctl c0306201 20002300 returned -14
[  441.160488][   T63] hsr_slave_0: left promiscuous mode
[  441.176985][   T63] hsr_slave_1: left promiscuous mode
[  441.197467][   T63] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  441.207806][   T63] batman_adv: batadv0: Removing interface: batadv_slave_0
[  441.222453][   T63] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  441.232621][   T63] batman_adv: batadv0: Removing interface: batadv_slave_1
[  441.291541][   T63] veth1_macvtap: left promiscuous mode
[  441.308461][   T63] veth0_macvtap: left promiscuous mode
[  441.320452][   T63] veth1_vlan: left promiscuous mode
[  441.328174][   T63] veth0_vlan: left promiscuous mode
[  442.217594][ T8905] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1233'.
[  442.228978][ T8905] openvswitch: netlink: VXLAN extension message has 13 unknown bytes.
[  442.261208][   T29] audit: type=1326 audit(1719627331.667:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8904 comm="syz.4.1234" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8641175b99 code=0x0
[  442.488544][   T63] team0 (unregistering): Port device team_slave_1 removed
[  442.579295][   T63] team0 (unregistering): Port device team_slave_0 removed
[  443.661229][ T8922] binder: transaction release 36 bad handle 1, ret = -22
[  444.548510][ T8613] 8021q: adding VLAN 0 to HW filter on device batadv0
[  444.886117][ T8613] veth0_vlan: entered promiscuous mode
[  444.911902][ T8700] 8021q: adding VLAN 0 to HW filter on device bond0
[  445.002721][ T8613] veth1_vlan: entered promiscuous mode
[  445.051976][ T8700] 8021q: adding VLAN 0 to HW filter on device team0
[  445.178967][ T5157] bridge0: port 1(bridge_slave_0) entered blocking state
[  445.186309][ T5157] bridge0: port 1(bridge_slave_0) entered forwarding state
[  445.249301][ T5157] bridge0: port 2(bridge_slave_1) entered blocking state
[  445.256633][ T5157] bridge0: port 2(bridge_slave_1) entered forwarding state
[  445.392739][ T8806] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  445.430784][ T8806] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  445.537773][ T8806] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  445.600596][ T8806] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  445.637225][ T8613] veth0_macvtap: entered promiscuous mode
[  445.671415][ T8613] veth1_macvtap: entered promiscuous mode
[  445.818887][ T8613] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  445.851038][ T8613] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  445.868550][ T8613] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  445.880521][ T8613] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  445.895761][ T8613] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  445.908862][ T8613] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  445.928234][ T8613] batman_adv: batadv0: Interface activated: batadv_slave_0
[  445.988129][ T8613] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  446.009920][ T8952] binder: transaction release 44 bad handle 1, ret = -22
[  446.021276][ T8613] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  446.038164][ T8952] binder: 8949:8952 ioctl c0306201 20002300 returned -14
[  446.052295][ T8613] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  446.090187][ T8613] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  446.110784][ T8613] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  446.158606][ T8613] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  446.212318][ T8613] batman_adv: batadv0: Interface activated: batadv_slave_1
[  446.325888][ T8613] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  446.390221][ T8613] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  446.435653][ T8613] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  446.456098][ T8613] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  448.116432][ T8700] 8021q: adding VLAN 0 to HW filter on device batadv0
[  448.264078][ T5270] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  448.275264][ T5270] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  448.339647][ T5154] libceph: connect (1)[c::]:6789 error -101
[  448.371342][ T5154] libceph: mon0 (1)[c::]:6789 connect error
[  448.706269][   T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  448.715099][ T5154] libceph: connect (1)[c::]:6789 error -101
[  448.735849][ T5154] libceph: mon0 (1)[c::]:6789 connect error
[  448.742327][   T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  448.802219][ T8806] 8021q: adding VLAN 0 to HW filter on device bond0
[  449.223079][ T8806] 8021q: adding VLAN 0 to HW filter on device team0
[  449.247985][ T8700] veth0_vlan: entered promiscuous mode
[  449.266690][ T5157] libceph: connect (1)[c::]:6789 error -101
[  449.285343][ T5157] libceph: mon0 (1)[c::]:6789 connect error
[  449.405850][ T5107] bridge0: port 1(bridge_slave_0) entered blocking state
[  449.413161][ T5107] bridge0: port 1(bridge_slave_0) entered forwarding state
[  449.429216][ T8967] ceph: No mds server is up or the cluster is laggy
[  449.528685][ T8700] veth1_vlan: entered promiscuous mode
[  449.604990][ T5107] bridge0: port 2(bridge_slave_1) entered blocking state
[  449.612424][ T5107] bridge0: port 2(bridge_slave_1) entered forwarding state
[  449.990165][ T1244] ieee802154 phy0 wpan0: encryption failed: -22
[  449.998214][ T1244] ieee802154 phy1 wpan1: encryption failed: -22
[  450.191453][ T8700] veth0_macvtap: entered promiscuous mode
[  450.214560][ T8806] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  450.274739][ T8700] veth1_macvtap: entered promiscuous mode
[  450.443921][ T8700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  450.471098][ T8700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  450.518834][ T8700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  450.566445][ T8700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  450.605079][ T8700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  450.627944][ T8700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  450.647145][ T8700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  450.665896][ T8700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  450.679484][ T8700] batman_adv: batadv0: Interface activated: batadv_slave_0
[  450.718783][ T8994] raw_sendmsg: syz.1.1121 forgot to set AF_INET. Fix it!
[  450.741384][ T8700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  450.769403][ T8700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  450.781005][ T8700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  450.792510][ T8700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  450.802733][ T8700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  450.816465][ T8700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  450.828900][ T8700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  450.848813][ T8700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  450.881025][ T8700] batman_adv: batadv0: Interface activated: batadv_slave_1
[  450.977698][ T8700] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  451.009214][ T8700] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  451.027420][ T8700] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  451.061660][ T8700] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  451.369938][ T8806] 8021q: adding VLAN 0 to HW filter on device batadv0
[  451.399524][ T5270] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  451.441198][ T5270] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  451.649744][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  451.689213][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  451.839381][ T9004] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.1264'.
[  451.886378][ T9004] openvswitch: netlink: VXLAN extension message has 13 unknown bytes.
[  453.552372][ T8806] veth0_vlan: entered promiscuous mode
[  453.615188][ T8806] veth1_vlan: entered promiscuous mode
[  454.008976][ T8806] veth0_macvtap: entered promiscuous mode
[  454.061352][ T8806] veth1_macvtap: entered promiscuous mode
[  454.260427][ T8806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  454.309483][ T8806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  454.364172][ T8806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  454.398531][ T8806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  454.429529][ T8806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  454.483522][ T8806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  454.516336][ T8806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  454.572997][ T8806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  454.612548][ T8806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  454.639779][ T8806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  454.678043][ T8806] batman_adv: batadv0: Interface activated: batadv_slave_0
[  454.736752][ T8806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  454.769738][ T8806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  454.781671][ T8806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  454.830946][ T8806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  454.872156][ T8806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  454.892967][ T8806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  454.909544][ T8806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  454.930949][ T8806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  454.962237][ T8806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  454.985695][ T8806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  455.007635][ T8806] batman_adv: batadv0: Interface activated: batadv_slave_1
[  455.070973][ T8806] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  455.091464][ T8806] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  455.100489][ T8806] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  455.125165][ T8806] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  455.541899][   T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  455.592458][   T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  455.718992][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  455.737441][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  458.072405][ T9061] netlink: 168 bytes leftover after parsing attributes in process `syz.0.1283'.
[  458.145330][ T9061] netlink: 'syz.0.1283': attribute type 2 has an invalid length.
[  458.172682][ T9061] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1283'.
[  458.281615][ T5154] libceph: connect (1)[c::]:6789 error -101
[  458.315516][ T5154] libceph: mon0 (1)[c::]:6789 connect error
[  458.683367][    T8] libceph: connect (1)[c::]:6789 error -101
[  458.710522][    T8] libceph: mon0 (1)[c::]:6789 connect error
[  459.279022][    T8] libceph: connect (1)[c::]:6789 error -101
[  459.294612][    T8] libceph: mon0 (1)[c::]:6789 connect error
[  459.444381][ T9051] ceph: No mds server is up or the cluster is laggy
[  461.599058][ T9097] cannot load conntrack support for proto=3
[  463.267691][ T9110] binder: BINDER_SET_CONTEXT_MGR already set
[  463.305676][ T9110] binder: 9108:9110 ioctl 4018620d 20000040 returned -16
[  464.546514][ T9123] ALSA: mixer_oss: invalid OSS volume ''
[  466.227825][ T9147] loop5: detected capacity change from 0 to 2048
[  469.025374][ T9173] ALSA: mixer_oss: invalid OSS volume ''
[  470.903149][ T9182] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  470.950071][ T9182] CIFS: Unable to determine destination address
[  472.919805][ T9203] cannot load conntrack support for proto=3
[  474.490944][ T9230] CIFS: Unable to determine destination address
[  477.887780][ T9249] cannot load conntrack support for proto=3
[  480.070528][ T9294] loop5: detected capacity change from 0 to 256
[  483.351644][ T9310] binder: 9305:9310 ioctl c0306201 20000500 returned -14
[  484.466111][   T53] Bluetooth: hci0: command 0x0406 tx timeout
[  486.439055][ T9363] netlink: 'syz.2.1393': attribute type 10 has an invalid length.
[  486.492668][ T9363] team0: Device veth1_macvtap failed to register rx_handler
[  489.757337][ T9413] netlink: 'syz.3.1409': attribute type 10 has an invalid length.
[  489.840393][ T9413] team0: Device veth1_macvtap failed to register rx_handler
[  490.563915][ T9430] nfs: Unknown parameter 'context'
[  492.392476][ T9458] netlink: 'syz.3.1427': attribute type 10 has an invalid length.
[  492.405315][ T9458] team0: Device veth1_macvtap failed to register rx_handler
[  495.472342][  T781] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  495.619474][ T9477] nfs: Unknown parameter 'context'
[  495.632312][  T781] usb 1-1: device descriptor read/64, error -71
[  496.052366][  T781] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  496.212214][  T781] usb 1-1: device descriptor read/64, error -71
[  496.343079][  T781] usb usb1-port1: attempt power cycle
[  496.582722][ T9490] loop5: detected capacity change from 0 to 128
[  498.748527][ T9507] loop5: detected capacity change from 0 to 2048
[  498.845929][ T9507] hpfs: hpfs_map_sector(): read error
[  498.934719][ T9513] nfs: Unknown parameter 'context'
[  500.017275][ T9519] overlayfs: failed to resolve './bus': -2
[  502.530246][ T9543] Illegal XDP return value 4294967274 on prog  (id 292) dev syz_tun, expect packet loss!
[  504.720166][ T9560] cannot load conntrack support for proto=3
[  507.095406][ T9582] overlayfs: failed to resolve './bus': -2
[  509.817355][ T9613] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1485'.
[  509.829956][ T9613] netlink: 'syz.1.1485': attribute type 2 has an invalid length.
[  509.854292][ T9613] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1485'.
[  509.959127][ T9615] loop0: detected capacity change from 0 to 16
[  511.428525][ T1244] ieee802154 phy0 wpan0: encryption failed: -22
[  511.437032][ T1244] ieee802154 phy1 wpan1: encryption failed: -22
[  511.643211][ T9630] loop5: detected capacity change from 0 to 8192
[  512.409464][ T9644] loop5: detected capacity change from 0 to 2048
[  512.468506][ T9644] hpfs: hpfs_map_sector(): read error
[  513.147603][ T9663] loop5: detected capacity change from 0 to 16
[  516.677336][ T9698] loop0: detected capacity change from 0 to 512
[  517.911036][ T9705] cannot load conntrack support for proto=3
[  518.387565][ T9706] loop5: detected capacity change from 0 to 40427
[  519.432694][   T29] audit: type=1804 audit(1719627408.847:42): pid=9706 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.1516" name="/root/syzkaller.wN8lux/42/file0" dev="sda1" ino=2016 res=1 errno=0
[  522.648009][ T9748] loop5: detected capacity change from 0 to 512
[  523.142454][ T9759] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1532'.
[  523.168954][ T9760] netlink: 'syz.2.1533': attribute type 1 has an invalid length.
[  524.972222][ T5107] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  525.201844][ T5107] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  525.242727][ T5107] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  525.261459][ T5107] usb 4-1: New USB device found, idVendor=0eef, idProduct=72d0, bcdDevice= 0.00
[  525.272001][ T5107] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  525.285747][ T5107] usb 4-1: config 0 descriptor??
[  526.844046][ T5107] hid (null): bogus close delimiter
[  526.845424][ T9791] netlink: 'syz.0.1544': attribute type 49 has an invalid length.
[  526.882457][ T5107] hid-multitouch 0003:0EEF:72D0.0006: bogus close delimiter
[  526.901930][ T5107] hid-multitouch 0003:0EEF:72D0.0006: item 0 2 2 10 parsing failed
[  526.904278][ T9791] netlink: 'syz.0.1544': attribute type 49 has an invalid length.
[  526.936451][ T5107] hid-multitouch 0003:0EEF:72D0.0006: probe with driver hid-multitouch failed with error -22
[  527.612387][ T9800] loop5: detected capacity change from 0 to 512
[  527.891696][ T9802] netlink: 'syz.0.1550': attribute type 1 has an invalid length.
[  528.303937][  T781] usb 4-1: USB disconnect, device number 5
[  528.842196][    T8] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  529.042225][    T8] usb 1-1: Using ep0 maxpacket: 32
[  529.053676][    T8] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  529.071489][    T8] usb 1-1: New USB device found, idVendor=05ac, idProduct=024f, bcdDevice= 0.00
[  529.082744][    T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  529.107687][    T8] usb 1-1: config 0 descriptor??
[  529.119003][    T8] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  529.251701][ T9826] netlink: 'syz.1.1562': attribute type 49 has an invalid length.
[  529.265555][ T9826] netlink: 'syz.1.1562': attribute type 49 has an invalid length.
[  529.790522][ T5098] usb 1-1: USB disconnect, device number 6
[  531.064598][ T9848] veth1_macvtap: left promiscuous mode
[  533.176853][ T9876] loop0: detected capacity change from 0 to 256
[  534.302525][ T5094] Bluetooth: hci1: command 0x0406 tx timeout
[  535.182544][   T53] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  535.191472][   T53] Bluetooth: hci1: Injecting HCI hardware error event
[  535.202718][ T5094] Bluetooth: hci1: hardware error 0x00
[  535.372781][ T9906] 9pnet_virtio: no channels available for device @
[  537.263958][ T5094] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  540.420215][ T9951] loop5: detected capacity change from 0 to 4096
[  541.379080][ T9967] fscrypt (sda1, inode 2013): Unsupported encryption modes (contents 5, filenames 60)
[  542.658372][ T9996] loop0: detected capacity change from 0 to 2048
[  542.875397][ T9996] loop0: detected capacity change from 0 to 1024
[  542.910010][ T9996] ext2: Unknown parameter 'appraise_type'
[  543.002590][ T5098] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  543.010518][   T29] audit: type=1326 audit(1719627432.417:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9994 comm="syz.0.1629" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4648575b99 code=0x0
[  543.225534][ T5098] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  543.248454][ T5098] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  543.288293][ T5098] usb 4-1: New USB device found, idVendor=0eef, idProduct=72d0, bcdDevice= 0.00
[  543.298023][ T5098] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  543.313271][ T5098] usb 4-1: config 0 descriptor??
[  543.942903][T10016] bpf: Bad value for 'gid'
[  544.226330][ T5094] Bluetooth: hci5: command 0x0406 tx timeout
[  547.248201][ T5098] usbhid 4-1:0.0: can't add hid device: -71
[  547.263363][ T5098] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  547.284493][ T5098] usb 4-1: USB disconnect, device number 6
[  551.234419][T10053] loop5: detected capacity change from 0 to 32768
[  552.308977][T10054] cannot load conntrack support for proto=3
[  553.139617][T10058] loop0: detected capacity change from 0 to 2048
[  553.349293][T10058] loop0: detected capacity change from 0 to 1024
[  553.386924][T10058] ext2: Unknown parameter 'appraise_type'
[  553.483945][T10063] bpf: Bad value for 'gid'
[  553.491124][   T29] audit: type=1326 audit(1719627442.907:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10052 comm="syz.0.1653" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4648575b99 code=0x0
[  554.568363][   T53] Bluetooth: hci4: command 0x0406 tx timeout
[  556.163946][T10020] Bluetooth: hci2: unexpected event for opcode 0x0c6d
[  557.195767][T10102] loop5: detected capacity change from 0 to 32768
[  559.716152][T10108] loop0: detected capacity change from 0 to 164
[  560.293968][T10108] Unable to read rock-ridge attributes
[  560.402808][T10111] cannot load conntrack support for proto=3
[  560.488815][T10108] Unable to read rock-ridge attributes
[  561.281793][T10119] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1674'.
[  561.837556][T10131] loop5: detected capacity change from 0 to 512
[  561.893374][T10131] EXT4-fs: Ignoring removed oldalloc option
[  562.045906][T10131] EXT4-fs warning (device sda1): __ext4_ioctl:1257: Setting inode version is not supported with metadata_csum enabled.
[  563.971854][   T29] audit: type=1800 audit(1719627453.387:45): pid=10144 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1686" name="bus" dev="sda1" ino=2014 res=0 errno=0
[  564.014475][T10144] syz.2.1686[10144] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  564.014752][T10144] syz.2.1686[10144] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  564.032986][T10146] capability: warning: `syz.4.1685' uses 32-bit capabilities (legacy support in use)
[  564.388738][   T29] audit: type=1326 audit(1719627453.787:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10140 comm="syz.2.1686" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7fa1975b99 code=0x0
[  565.156891][T10159] loop5: detected capacity change from 0 to 164
[  565.262024][T10160] cannot load conntrack support for proto=3
[  565.567933][T10159] Unable to read rock-ridge attributes
[  565.659820][T10159] Unable to read rock-ridge attributes
[  566.256368][T10166] loop0: detected capacity change from 0 to 4096
[  566.595165][    T8] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  566.661595][T10172] EXT4-fs warning (device sda1): __ext4_ioctl:1257: Setting inode version is not supported with metadata_csum enabled.
[  566.789521][    T8] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  566.807351][    T8] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  566.838653][    T8] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  566.857798][T10178] loop0: detected capacity change from 0 to 512
[  566.920094][    T8] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  566.932412][    T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  566.940685][    T8] usb 2-1: Product: syz
[  566.946100][    T8] usb 2-1: Manufacturer: syz
[  566.950867][    T8] usb 2-1: SerialNumber: syz
[  567.191650][    T8] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 5 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  567.398827][    T8] usb 2-1: USB disconnect, device number 5
[  567.433413][    T8] usblp0: removed
[  567.466664][T10190] loop5: detected capacity change from 0 to 256
[  567.993780][T10195] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  569.360663][  T781] libceph: connect (1)[c::]:6789 error -101
[  569.366946][  T781] libceph: mon0 (1)[c::]:6789 connect error
[  569.378347][  T781] libceph: connect (1)[c::]:6789 error -101
[  569.384528][  T781] libceph: mon0 (1)[c::]:6789 connect error
[  569.393225][T10213] cannot load conntrack support for proto=3
[  569.700890][ T5154] libceph: connect (1)[c::]:6789 error -101
[  569.719811][ T5154] libceph: mon0 (1)[c::]:6789 connect error
[  570.238801][ T5154] libceph: connect (1)[c::]:6789 error -101
[  570.269163][ T5154] libceph: mon0 (1)[c::]:6789 connect error
[  570.425543][T10219] loop0: detected capacity change from 0 to 512
[  570.481599][T10219] EXT4-fs: Ignoring removed oldalloc option
[  570.690299][T10219] EXT4-fs warning (device sda1): __ext4_ioctl:1257: Setting inode version is not supported with metadata_csum enabled.
[  570.983743][T10200] ceph: No mds server is up or the cluster is laggy
[  571.798247][T10236] loop0: detected capacity change from 0 to 256
[  571.903224][   T29] audit: type=1804 audit(1719627461.317:47): pid=10236 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1716" name="/root/syzkaller.xbbfuB/465/file0" dev="sda1" ino=2019 res=1 errno=0
[  572.291940][T10245] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  572.567507][   T29] audit: type=1804 audit(1719627461.987:48): pid=10246 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1719" name="/root/syzkaller.uTlJG8/148/file0" dev="sda1" ino=1974 res=1 errno=0
[  572.693293][T10253] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1722'.
[  572.703229][T10252] trusted_key: syz.3.1723 sent an empty control message without MSG_MORE.
[  572.780903][   T29] audit: type=1804 audit(1719627462.197:49): pid=10254 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.1724" name="/root/syzkaller.wN8lux/80/bus" dev="sda1" ino=1949 res=1 errno=0
[  572.807007][T10254] netlink: 11 bytes leftover after parsing attributes in process `syz.5.1724'.
[  572.886296][ T1244] ieee802154 phy0 wpan0: encryption failed: -22
[  572.888700][T10254] block device autoloading is deprecated and will be removed.
[  572.895247][ T1244] ieee802154 phy1 wpan1: encryption failed: -22
[  572.906863][T10254] syz.5.1724: attempt to access beyond end of device
[  572.906863][T10254] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  573.075078][T10256] loop0: detected capacity change from 0 to 164
[  573.127524][T10256] Unable to read rock-ridge attributes
[  573.148710][T10256] Unable to read rock-ridge attributes
[  573.404926][T10265] EXT4-fs warning (device sda1): __ext4_ioctl:1257: Setting inode version is not supported with metadata_csum enabled.
[  573.509410][T10270] process 'syz.2.1726' launched './file0' with NULL argv: empty string added
[  574.842442][   T29] audit: type=1804 audit(1719627464.257:50): pid=10276 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1731" name="/root/syzkaller.xbbfuB/467/file0/bus" dev="ramfs" ino=33109 res=1 errno=0
[  574.945895][T10281] overlayfs: failed to resolve './bus': -2
[  578.098051][   T29] audit: type=1804 audit(1719627467.337:51): pid=10312 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1739" name="/root/syzkaller.IJJguI/197/file0" dev="sda1" ino=2018 res=1 errno=0
[  578.309793][T10020] Bluetooth: hci4: unexpected event for opcode 0x0c6d
[  578.364929][T10318] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1742'.
[  578.508619][T10317] loop5: detected capacity change from 0 to 1024
[  579.326954][   T29] audit: type=1804 audit(1719627468.747:52): pid=10333 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1749" name="/root/syzkaller.33x3ad/82/file0/bus" dev="ramfs" ino=32383 res=1 errno=0
[  580.012317][ T9096] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  580.222619][ T9096] usb 5-1: Using ep0 maxpacket: 16
[  580.849665][ T9096] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 8
[  580.909924][ T9096] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[  580.922255][ T9096] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  580.930589][ T9096] usb 5-1: Product: syz
[  580.937303][ T9096] usb 5-1: Manufacturer: syz
[  580.941945][ T9096] usb 5-1: SerialNumber: syz
[  580.957136][T10341] overlayfs: failed to resolve './bus': -2
[  580.963859][ T9096] usb 5-1: config 0 descriptor??
[  581.049033][ T9096] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected
[  581.088992][ T9096] usb 5-1: Detected FT232R
[  581.573943][ T9096] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  581.587456][   T29] audit: type=1804 audit(1719627471.007:53): pid=10359 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1755" name="/root/syzkaller.xbbfuB/471/bus" dev="sda1" ino=1974 res=1 errno=0
[  581.616112][ T9096] ftdi_sio 5-1:0.0: GPIO initialisation failed: -71
[  581.640349][ T9096] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  581.645909][   T29] audit: type=1800 audit(1719627471.007:54): pid=10359 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1755" name="bus" dev="sda1" ino=1974 res=0 errno=0
[  581.663983][ T9096] usb 5-1: USB disconnect, device number 2
[  581.693646][ T9096] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  581.704735][ T9096] ftdi_sio 5-1:0.0: device disconnected
[  583.222702][   T29] audit: type=1804 audit(1719627472.637:55): pid=10370 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.1758" name="/root/syzkaller.wN8lux/86/file0" dev="sda1" ino=1974 res=1 errno=0
[  584.267811][   T29] audit: type=1804 audit(1719627473.687:56): pid=10386 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1765" name="/root/syzkaller.33x3ad/86/file0/bus" dev="ramfs" ino=32430 res=1 errno=0
[  585.516840][   T29] audit: type=1800 audit(1719627474.937:57): pid=10405 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1771" name="bus" dev="sda1" ino=1987 res=0 errno=0
[  585.822875][  T927] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  586.032204][  T927] usb 5-1: Using ep0 maxpacket: 16
[  586.048748][   T29] audit: type=1804 audit(1719627475.467:58): pid=10412 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1776" name="/root/syzkaller.xbbfuB/475/file0" dev="sda1" ino=2021 res=1 errno=0
[  586.093872][  T927] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 8
[  586.113280][  T927] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[  586.122571][  T927] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  586.132935][  T927] usb 5-1: Product: syz
[  586.137122][  T927] usb 5-1: Manufacturer: syz
[  586.141761][  T927] usb 5-1: SerialNumber: syz
[  586.151129][  T927] usb 5-1: config 0 descriptor??
[  586.169875][  T927] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected
[  586.183947][  T927] usb 5-1: Detected FT232R
[  586.889122][  T927] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  586.931177][  T927] ftdi_sio 5-1:0.0: GPIO initialisation failed: -71
[  586.951556][  T927] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  587.023300][  T927] usb 5-1: USB disconnect, device number 3
[  587.043126][  T927] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  587.064588][  T927] ftdi_sio 5-1:0.0: device disconnected
[  588.413967][T10445] netlink: 124 bytes leftover after parsing attributes in process `syz.3.1787'.
[  588.443342][T10445] netlink: 124 bytes leftover after parsing attributes in process `syz.3.1787'.
[  590.915749][T10488] overlayfs: failed to resolve './bus': -2
[  591.426323][ T5628] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  591.626225][ T5628] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  591.691464][T10500] netlink: 124 bytes leftover after parsing attributes in process `syz.1.1807'.
[  591.718205][T10500] netlink: 124 bytes leftover after parsing attributes in process `syz.1.1807'.
[  591.789688][ T5628] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  591.819420][T10501] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1806'.
[  591.994125][ T5628] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  593.629915][ T5628] bridge_slave_1: left allmulticast mode
[  593.657425][ T5628] bridge_slave_1: left promiscuous mode
[  593.722516][ T5628] bridge0: port 2(bridge_slave_1) entered disabled state
[  593.786770][ T5628] bridge_slave_0: left allmulticast mode
[  593.822686][ T5628] bridge_slave_0: left promiscuous mode
[  593.840099][ T5628] bridge0: port 1(bridge_slave_0) entered disabled state
[  593.863132][   T53] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  593.874711][   T53] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  593.887608][   T53] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  593.911259][   T53] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  593.922390][   T53] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  593.934837][   T53] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  594.795148][ T5628] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  594.810758][ T5628] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  594.824559][ T5628] bond0 (unregistering): Released all slaves
[  594.849805][T10521] netlink: 'syz.4.1816': attribute type 21 has an invalid length.
[  594.858450][T10521] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1816'.
[  595.509068][ T5628] hsr_slave_0: left promiscuous mode
[  595.518490][ T5628] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  595.527465][ T5628] batman_adv: batadv0: Removing interface: batadv_slave_0
[  595.544732][ T5628] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  595.556189][ T5628] batman_adv: batadv0: Removing interface: batadv_slave_1
[  595.641635][ T5628] veth1_macvtap: left promiscuous mode
[  595.647650][ T5154] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  595.663605][ T5628] veth0_macvtap: left promiscuous mode
[  595.679843][ T5628] veth1_vlan: left promiscuous mode
[  595.856195][ T5154] usb 2-1: Using ep0 maxpacket: 16
[  595.879332][ T5154] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 8
[  595.925589][ T5154] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[  595.940710][ T5154] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  595.971864][ T5154] usb 2-1: Product: syz
[  595.976823][ T5154] usb 2-1: Manufacturer: syz
[  595.981463][ T5154] usb 2-1: SerialNumber: syz
[  595.987059][T10020] Bluetooth: hci3: command tx timeout
[  596.088136][ T5154] usb 2-1: config 0 descriptor??
[  596.099400][ T5154] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected
[  596.121386][ T5154] usb 2-1: Detected FT232R
[  597.099451][ T5154] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  597.122695][ T5154] ftdi_sio 2-1:0.0: GPIO initialisation failed: -71
[  597.136141][ T5154] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  597.150061][ T5154] usb 2-1: USB disconnect, device number 6
[  597.182908][ T5154] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  597.207813][ T5154] ftdi_sio 2-1:0.0: device disconnected
[  598.733478][T10020] Bluetooth: hci3: command tx timeout
[  598.949759][ T5628] team0 (unregistering): Port device team_slave_1 removed
[  599.127675][ T5628] team0 (unregistering): Port device team_slave_0 removed
[  600.049375][T10548] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1826'.
[  600.123001][T10568] netlink: 'syz.1.1835': attribute type 21 has an invalid length.
[  600.140822][T10568] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1835'.
[  600.541641][T10515] chnl_net:caif_netlink_parms(): no params data found
[  600.782472][   T53] Bluetooth: hci3: command tx timeout
[  600.916792][T10515] bridge0: port 1(bridge_slave_0) entered blocking state
[  600.965209][T10515] bridge0: port 1(bridge_slave_0) entered disabled state
[  600.981915][T10515] bridge_slave_0: entered allmulticast mode
[  601.011870][T10515] bridge_slave_0: entered promiscuous mode
[  601.057772][T10586] ptrace attach of "./syz-executor exec"[8700] was attempted by ""[10586]
[  601.075059][T10515] bridge0: port 2(bridge_slave_1) entered blocking state
[  601.115435][T10515] bridge0: port 2(bridge_slave_1) entered disabled state
[  601.123015][T10515] bridge_slave_1: entered allmulticast mode
[  601.132033][T10515] bridge_slave_1: entered promiscuous mode
[  601.308566][T10515] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  601.381982][T10515] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  601.535950][T10515] team0: Port device team_slave_0 added
[  601.592734][T10515] team0: Port device team_slave_1 added
[  602.001767][T10515] batman_adv: batadv0: Adding interface: batadv_slave_0
[  602.022045][T10515] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  602.049606][T10515] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  602.066192][T10515] batman_adv: batadv0: Adding interface: batadv_slave_1
[  602.073990][T10515] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  602.115340][   T29] audit: type=1804 audit(1719627491.537:59): pid=10605 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.1847" name="/root/syzkaller.wN8lux/103/file1" dev="sda1" ino=1967 res=1 errno=0
[  602.122165][T10515] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  602.592376][T10607] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1848'.
[  602.685591][T10515] hsr_slave_0: entered promiscuous mode
[  602.720604][T10515] hsr_slave_1: entered promiscuous mode
[  602.756079][T10515] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  602.801952][T10515] Cannot create hsr debugfs directory
[  602.873048][   T53] Bluetooth: hci3: command tx timeout
[  605.494960][T10632] loop5: detected capacity change from 0 to 512
[  605.525580][T10632] EXT4-fs: Ignoring sb option on remount
[  605.531325][T10632] EXT4-fs: Ignoring removed nomblk_io_submit option
[  605.553679][T10632] EXT4-fs: Cannot specify journal on remount
[  605.611923][T10515] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  605.634456][T10515] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  605.669915][T10515] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  605.709368][T10515] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  605.809704][T10636] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  606.016842][T10515] 8021q: adding VLAN 0 to HW filter on device bond0
[  606.056577][T10515] 8021q: adding VLAN 0 to HW filter on device team0
[  606.080742][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[  606.088233][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[  606.123182][T10640] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  606.170564][ T9096] bridge0: port 2(bridge_slave_1) entered blocking state
[  606.177881][ T9096] bridge0: port 2(bridge_slave_1) entered forwarding state
[  606.864365][ T9096] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  607.084096][ T9096] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  607.112254][ T9096] usb 6-1: New USB device found, idVendor=046d, idProduct=1017, bcdDevice= 0.00
[  607.132230][ T9096] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  607.140632][T10515] 8021q: adding VLAN 0 to HW filter on device batadv0
[  607.154960][ T9096] usb 6-1: config 0 descriptor??
[  607.166306][ T9096] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[  607.339670][T10515] veth0_vlan: entered promiscuous mode
[  607.384486][T10515] veth1_vlan: entered promiscuous mode
[  607.439691][ T5098] usb 6-1: USB disconnect, device number 3
[  607.488159][T10515] veth0_macvtap: entered promiscuous mode
[  607.524418][T10515] veth1_macvtap: entered promiscuous mode
[  607.591223][T10515] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  607.607826][T10515] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  607.617891][T10515] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  607.643715][T10515] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  607.653975][T10515] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  607.665349][T10515] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  607.675730][T10515] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  607.686792][T10515] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  607.698983][T10515] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  607.710276][T10515] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  607.725676][T10515] batman_adv: batadv0: Interface activated: batadv_slave_0
[  607.753129][T10515] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  607.764201][T10515] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  607.774271][T10515] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  607.785736][T10515] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  607.796047][T10515] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  607.808224][T10515] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  607.818600][T10515] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  607.832549][T10515] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  607.846276][T10515] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  607.857262][T10515] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  607.874427][T10515] batman_adv: batadv0: Interface activated: batadv_slave_1
[  607.895628][T10515] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  607.909140][T10515] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  607.918769][T10515] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  607.937618][T10515] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  608.110196][   T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  608.120801][   T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  608.186051][ T5628] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  608.196184][ T5628] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  614.589832][T10664] netlink: 120 bytes leftover after parsing attributes in process `syz.2.1868'.
[  614.604416][T10666] netlink: 'syz.1.1867': attribute type 1 has an invalid length.
[  614.628272][T10666] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1867'.
[  615.039064][T10670] loop0: detected capacity change from 0 to 4096
[  615.232922][    T8] hid (null): report_id 2445601295 is invalid
[  615.253495][    T8] hid (null): report_id 0 is invalid
[  615.274584][    T8] hid (null): global environment stack underflow
[  615.282043][    T8] hid (null): unknown global tag 0xe
[  615.349678][    T8] hid-generic 2BD5:3849DFF5:F76C68F0.0007: report_id 2445601295 is invalid
[  615.369791][    T8] hid-generic 2BD5:3849DFF5:F76C68F0.0007: item 0 4 1 8 parsing failed
[  615.381890][    T8] hid-generic 2BD5:3849DFF5:F76C68F0.0007: probe with driver hid-generic failed with error -22
[  615.968537][T10689] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  616.874758][   T53] Bluetooth: hci2: unexpected event for opcode 0x0c6d
[  618.373847][  T927] hid (null): report_id 2445601295 is invalid
[  618.380010][  T927] hid (null): report_id 0 is invalid
[  618.413489][  T927] hid (null): global environment stack underflow
[  618.421908][  T927] hid (null): unknown global tag 0xe
[  618.450238][  T927] hid-generic 2BD5:3849DFF5:F76C68F0.0008: report_id 2445601295 is invalid
[  618.459066][  T927] hid-generic 2BD5:3849DFF5:F76C68F0.0008: item 0 4 1 8 parsing failed
[  618.481055][  T927] hid-generic 2BD5:3849DFF5:F76C68F0.0008: probe with driver hid-generic failed with error -22
[  618.752458][T10726] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  620.735625][   T29] audit: type=1804 audit(1719627510.147:60): pid=10743 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.1901" name="/root/syzkaller.wN8lux/111/file1" dev="sda1" ino=1982 res=1 errno=0
[  623.027492][   T29] audit: type=1326 audit(1719627512.447:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10782 comm="syz.5.1915" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff88bf75b99 code=0x0
[  623.965570][T10805] ptrace attach of "./syz-executor exec"[10515] was attempted by ""[10805]
[  626.280392][   T29] audit: type=1326 audit(1719627515.697:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10815 comm="syz.5.1926" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff88bf75b99 code=0x0
[  626.916232][T10830] netlink: 'syz.4.1930': attribute type 1 has an invalid length.
[  626.928212][T10830] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1930'.
[  627.254243][T10839] SET target dimension over the limit!
[  627.322372][   T29] audit: type=1326 audit(1719627516.737:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10838 comm="syz.4.1933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8641175b99 code=0x7fc00000
[  627.414154][   T29] audit: type=1326 audit(1719627516.837:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10838 comm="syz.4.1933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f864116cbe7 code=0x7fc00000
[  627.436333][    C0] vkms_vblank_simulate: vblank timer overrun
[  627.471481][   T29] audit: type=1326 audit(1719627516.837:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10838 comm="syz.4.1933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f86411115b9 code=0x7fc00000
[  627.525102][   T29] audit: type=1326 audit(1719627516.837:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10838 comm="syz.4.1933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f864111167f code=0x7fc00000
[  627.561035][   T29] audit: type=1326 audit(1719627516.837:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10838 comm="syz.4.1933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f8641175b99 code=0x7fc00000
[  627.583330][    C0] vkms_vblank_simulate: vblank timer overrun
[  629.151601][   T29] audit: type=1800 audit(1719627518.557:68): pid=10864 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1941" name="file1" dev="sda1" ino=1987 res=0 errno=0
[  629.212216][   T29] audit: type=1800 audit(1719627518.607:69): pid=10866 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1941" name="file1" dev="sda1" ino=1987 res=0 errno=0
[  629.361268][T10861] ptrace attach of "./syz-executor exec"[10515] was attempted by ""[10861]
[  629.388923][   T29] audit: type=1800 audit(1719627518.807:70): pid=10864 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1941" name="file2" dev="sda1" ino=1982 res=0 errno=0
[  629.426812][   T29] audit: type=1800 audit(1719627518.807:71): pid=10864 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1941" name="file2" dev="sda1" ino=1982 res=0 errno=0
[  629.631948][T10872] loop5: detected capacity change from 0 to 8
[  631.588537][   T29] audit: type=1326 audit(1719627521.007:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10880 comm="syz.3.1947" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f32f1375b99 code=0x0
[  631.724943][T10891] netlink: 120 bytes leftover after parsing attributes in process `syz.4.1948'.
[  632.247605][T10902] SET target dimension over the limit!
[  632.528876][   T29] audit: type=1326 audit(1719627521.877:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10898 comm="syz.1.1953" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3fc375b99 code=0x7fc00000
[  633.983077][   T29] audit: type=1326 audit(1719627521.987:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10898 comm="syz.1.1953" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fe3fc36cbe7 code=0x7fc00000
[  634.203551][   T29] audit: type=1326 audit(1719627521.987:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10898 comm="syz.1.1953" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe3fc3115b9 code=0x7fc00000
[  634.265678][   T29] audit: type=1326 audit(1719627521.987:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10898 comm="syz.1.1953" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7fe3fc31167f code=0x7fc00000
[  634.287886][    C1] vkms_vblank_simulate: vblank timer overrun
[  634.310134][ T1244] ieee802154 phy0 wpan0: encryption failed: -22
[  634.327366][ T1244] ieee802154 phy1 wpan1: encryption failed: -22
[  634.462806][   T29] audit: type=1326 audit(1719627521.987:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10898 comm="syz.1.1953" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fe3fc375b99 code=0x7fc00000
[  635.729963][T10020] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  635.741894][T10020] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  635.751474][T10020] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  635.762120][T10020] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  635.770694][T10020] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  635.780342][T10020] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  636.789261][   T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  637.065472][T10945] IPVS: Error connecting to the multicast addr
[  637.137212][   T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  637.309952][   T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  637.527158][   T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  637.663570][ T9096] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  637.823651][T10020] Bluetooth: hci3: command tx timeout
[  637.875342][T10936] chnl_net:caif_netlink_parms(): no params data found
[  637.926256][ T9096] usb 6-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  637.958422][ T9096] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  637.974619][ T9096] usb 6-1: Product: syz
[  637.979419][ T9096] usb 6-1: Manufacturer: syz
[  637.984195][ T9096] usb 6-1: SerialNumber: syz
[  637.992012][ T9096] usb 6-1: config 0 descriptor??
[  638.225207][    T8] usb 6-1: USB disconnect, device number 4
[  638.361758][   T35] bridge_slave_1: left allmulticast mode
[  638.373866][   T35] bridge_slave_1: left promiscuous mode
[  638.386624][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  638.478727][   T35] bridge_slave_0: left allmulticast mode
[  638.492246][   T35] bridge_slave_0: left promiscuous mode
[  638.508392][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  639.531964][T10981] loop5: detected capacity change from 0 to 64
[  639.912618][T10020] Bluetooth: hci3: command tx timeout
[  639.941917][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  639.963271][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  639.991460][   T35] bond0 (unregistering): Released all slaves
[  642.004434][T10020] Bluetooth: hci3: command tx timeout
[  643.701932][T11004] IPVS: Error connecting to the multicast addr
[  643.808070][T10936] bridge0: port 1(bridge_slave_0) entered blocking state
[  643.820125][T10936] bridge0: port 1(bridge_slave_0) entered disabled state
[  643.831787][T10936] bridge_slave_0: entered allmulticast mode
[  643.842562][T10936] bridge_slave_0: entered promiscuous mode
[  643.863930][T10936] bridge0: port 2(bridge_slave_1) entered blocking state
[  643.882839][T10936] bridge0: port 2(bridge_slave_1) entered disabled state
[  643.895575][T10936] bridge_slave_1: entered allmulticast mode
[  643.908765][T10936] bridge_slave_1: entered promiscuous mode
[  644.130052][T10936] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  644.199421][T10936] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  644.231827][   T35] hsr_slave_0: left promiscuous mode
[  644.245326][   T35] hsr_slave_1: left promiscuous mode
[  644.269811][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  644.287801][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  644.303823][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  644.311251][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  644.358924][   T35] veth1_macvtap: left promiscuous mode
[  644.364676][   T35] veth0_macvtap: left promiscuous mode
[  644.371633][   T35] veth1_vlan: left promiscuous mode
[  644.378079][   T35] veth0_vlan: left promiscuous mode
[  645.185284][T10020] Bluetooth: hci3: command tx timeout
[  647.461291][   T35] team0 (unregistering): Port device team_slave_1 removed
[  647.541619][   T35] team0 (unregistering): Port device team_slave_0 removed
[  648.980534][T10936] team0: Port device team_slave_0 added
[  649.050798][T10936] team0: Port device team_slave_1 added
[  649.416046][T10936] batman_adv: batadv0: Adding interface: batadv_slave_0
[  649.472321][T10936] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  649.591094][T10936] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  649.664911][T10936] batman_adv: batadv0: Adding interface: batadv_slave_1
[  649.690698][T10936] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  649.759756][T10936] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  649.778665][  T781] kernel write not supported for file /radio9 (pid: 781 comm: kworker/0:2)
[  649.969763][T10936] hsr_slave_0: entered promiscuous mode
[  649.979514][T10936] hsr_slave_1: entered promiscuous mode
[  649.998564][T10936] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  650.013302][T10936] Cannot create hsr debugfs directory
[  654.241349][T10936] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  654.257668][T10936] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  654.278672][T10936] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  654.353822][T10936] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  654.461644][T10020] Bluetooth: hci4: SCO packet for unknown connection handle 0
[  655.004161][T10936] 8021q: adding VLAN 0 to HW filter on device bond0
[  655.079045][T10936] 8021q: adding VLAN 0 to HW filter on device team0
[  655.101716][  T927] bridge0: port 1(bridge_slave_0) entered blocking state
[  655.109036][  T927] bridge0: port 1(bridge_slave_0) entered forwarding state
[  655.134361][  T927] bridge0: port 2(bridge_slave_1) entered blocking state
[  655.141581][  T927] bridge0: port 2(bridge_slave_1) entered forwarding state
[  655.737665][T10936] 8021q: adding VLAN 0 to HW filter on device batadv0
[  655.995086][T10936] veth0_vlan: entered promiscuous mode
[  656.071212][T10936] veth1_vlan: entered promiscuous mode
[  656.690681][T10936] veth0_macvtap: entered promiscuous mode
[  656.718032][T10936] veth1_macvtap: entered promiscuous mode
[  656.753002][T10936] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  656.764786][T10936] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  656.779977][T10936] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  656.792664][T10936] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  657.472392][T10936] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  657.489006][T10936] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  657.551648][T10936] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  657.632263][T10936] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  657.851109][T10936] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  657.868986][T10936] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  657.920268][T10936] batman_adv: batadv0: Interface activated: batadv_slave_0
[  657.997392][T10936] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  658.023007][T10936] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  658.033133][T10936] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  658.045512][T10936] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  658.056070][T10936] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  658.066908][T10936] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  658.077441][T10936] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  658.173555][T10936] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  658.190376][T10936] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  658.483309][T10936] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  658.801645][T10936] batman_adv: batadv0: Interface activated: batadv_slave_1
[  658.909391][T10936] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  659.042471][T10936] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  659.116941][T10936] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  659.139568][T10936] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  659.419760][T11149] tmpfs: Bad value for 'nr_blocks'
[  659.527979][   T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  659.572626][   T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  659.741955][ T2848] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  659.774955][ T2848] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  659.997960][   T29] audit: type=1804 audit(1719627549.417:78): pid=11158 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2035" name="/root/syzkaller.IJJguI/253/file1" dev="sda1" ino=1989 res=1 errno=0
[  660.282130][    C0] ==================================================================
[  660.290251][    C0] BUG: KASAN: stack-out-of-bounds in profile_pc+0x186/0x1a0
[  660.297601][    C0] Read of size 8 at addr ffffc9001538fba0 by task syz-executor/8613
[  660.305640][    C0] 
[  660.307955][    C0] CPU: 0 PID: 8613 Comm: syz-executor Not tainted 6.10.0-rc5-syzkaller-00243-g6c0483dbfe72 #0
[  660.318196][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  660.328248][    C0] Call Trace:
[  660.331524][    C0]  <IRQ>
[  660.334361][    C0]  dump_stack_lvl+0x116/0x1f0
[  660.339055][    C0]  print_report+0xc3/0x620
[  660.343491][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  660.349133][    C0]  ? __virt_addr_valid+0x5e/0x580
[  660.354178][    C0]  kasan_report+0xd9/0x110
[  660.358602][    C0]  ? profile_pc+0x186/0x1a0
[  660.363124][    C0]  ? profile_pc+0x186/0x1a0
[  660.367646][    C0]  ? queued_read_lock_slowpath+0x135/0x2b1
[  660.373461][    C0]  profile_pc+0x186/0x1a0
[  660.378162][    C0]  profile_tick+0xd3/0x140
[  660.382601][    C0]  tick_nohz_handler+0x380/0x530
[  660.387587][    C0]  ? __pfx_tick_nohz_handler+0x10/0x10
[  660.393069][    C0]  __hrtimer_run_queues+0x65a/0xcc0
[  660.398291][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  660.404030][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  660.409672][    C0]  ? ktime_get_update_offsets_now+0x201/0x310
[  660.415753][    C0]  hrtimer_interrupt+0x31b/0x800
[  660.420744][    C0]  __sysvec_apic_timer_interrupt+0x112/0x450
[  660.426759][    C0]  sysvec_apic_timer_interrupt+0x90/0xb0
[  660.432767][    C0]  </IRQ>
[  660.435698][    C0]  <TASK>
[  660.438624][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  660.444680][    C0] RIP: 0010:queued_read_lock_slowpath+0x135/0x2b1
[  660.451306][    C0] Code: 00 8b 03 84 c0 74 36 48 b8 00 00 00 00 00 fc ff df 49 89 de 48 89 dd 49 c1 ee 03 83 e5 07 49 01 c6 83 c5 03 f3 90 41 0f b6 06 <40> 38 c5 7c 08 84 c0 0f 85 1f 01 00 00 8b 03 84 c0 75 e7 48 c7 c0
[  660.470949][    C0] RSP: 0018:ffffc9001538fb98 EFLAGS: 00000286
[  660.477052][    C0] RAX: 0000000000000000 RBX: ffffffff8d80a080 RCX: ffffffff8aec1b8b
[  660.485023][    C0] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff8d80a080
[  660.493009][    C0] RBP: 0000000000000003 R08: 0000000000000001 R09: fffffbfff1b01410
[  660.500977][    C0] R10: ffffffff8d80a083 R11: 0000000000000000 R12: 1ffff92002a71f74
[  660.508944][    C0] R13: ffffffff8d80a084 R14: fffffbfff1b01410 R15: ffffffff8152e4d9
[  660.516913][    C0]  ? do_wait+0x1e9/0x570
[  660.521185][    C0]  ? queued_read_lock_slowpath+0xdb/0x2b1
[  660.526921][    C0]  ? queued_read_lock_slowpath+0xdb/0x2b1
[  660.532651][    C0]  ? __pfx_queued_read_lock_slowpath+0x10/0x10
[  660.538822][    C0]  __do_wait+0x105/0x890
[  660.543075][    C0]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  660.548899][    C0]  ? do_wait+0x1e9/0x570
[  660.553148][    C0]  do_wait+0x219/0x570
[  660.557228][    C0]  kernel_wait4+0x16c/0x280
[  660.561738][    C0]  ? __pfx_kernel_wait4+0x10/0x10
[  660.566774][    C0]  ? __pfx_child_wait_callback+0x10/0x10
[  660.572415][    C0]  ? __pfx_hrtimer_nanosleep+0x10/0x10
[  660.577915][    C0]  ? __might_fault+0xe3/0x190
[  660.582624][    C0]  __do_sys_wait4+0x15f/0x170
[  660.587485][    C0]  ? __pfx___do_sys_wait4+0x10/0x10
[  660.592703][    C0]  ? __pfx_get_timespec64+0x10/0x10
[  660.597918][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  660.603656][    C0]  do_syscall_64+0xcd/0x250
[  660.608174][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  660.614101][    C0] RIP: 0033:0x7fe3fc36be97
[  660.618542][    C0] Code: 89 7c 24 10 48 89 4c 24 18 e8 b5 14 03 00 4c 8b 54 24 18 8b 54 24 14 41 89 c0 48 8b 74 24 08 8b 7c 24 10 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 89 44 24 10 e8 05 15 03 00 8b 44
[  660.638163][    C0] RSP: 002b:00007fff7d0415f0 EFLAGS: 00000293 ORIG_RAX: 000000000000003d
[  660.646586][    C0] RAX: ffffffffffffffda RBX: 0000000000000157 RCX: 00007fe3fc36be97
[  660.654566][    C0] RDX: 0000000040000001 RSI: 00007fff7d04166c RDI: 00000000ffffffff
[  660.662560][    C0] RBP: 00007fff7d04166c R08: 0000000000000000 R09: 00007fe3fd1fa080
[  660.670537][    C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032
[  660.678516][    C0] R13: 00000000000a12c9 R14: 00000000000a11f2 R15: 00007fff7d0416d0
[  660.686506][    C0]  </TASK>
[  660.689520][    C0] 
[  660.691831][    C0] The buggy address belongs to stack of task syz-executor/8613
[  660.699366][    C0]  and is located at offset 0 in frame:
[  660.704898][    C0]  queued_read_lock_slowpath+0x0/0x2b1
[  660.710369][    C0] 
[  660.712682][    C0] This frame has 1 object:
[  660.717086][    C0]  [32, 36) 'val'
[  660.717104][    C0] 
[  660.723043][    C0] The buggy address belongs to the virtual mapping at
[  660.723043][    C0]  [ffffc90015388000, ffffc90015391000) created by:
[  660.723043][    C0]  create_io_thread+0xaa/0xf0
[  660.740858][    C0] 
[  660.743271][    C0] The buggy address belongs to the physical page:
[  660.749668][    C0] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6c8dc
[  660.758424][    C0] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  660.765538][    C0] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  660.774125][    C0] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[  660.782729][    C0] page dumped because: kasan: bad access detected
[  660.789129][    C0] page_owner tracks the page as allocated
[  660.794830][    C0] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102dc2(GFP_HIGHUSER|__GFP_NOWARN|__GFP_ZERO), pid 8596, tgid 8588 (syz.0.1117), ts 408528727303, free_ts 408364696835
[  660.813157][    C0]  post_alloc_hook+0x2d1/0x350
[  660.817944][    C0]  get_page_from_freelist+0x1353/0x2e50
[  660.823507][    C0]  __alloc_pages_noprof+0x22b/0x2460
[  660.828803][    C0]  alloc_pages_mpol_noprof+0x275/0x610
[  660.834268][    C0]  __vmalloc_node_range_noprof+0xa6a/0x1520
[  660.840181][    C0]  copy_process+0x2f38/0x8f10
[  660.844876][    C0]  create_io_thread+0xaa/0xf0
[  660.849554][    C0]  create_io_worker+0x1c2/0x590
[  660.854504][    C0]  io_wq_enqueue+0x66c/0xb70
[  660.859100][    C0]  io_queue_iowq+0x248/0x4e0
[  660.863988][    C0]  io_queue_async+0x24e/0x4b0
[  660.868680][    C0]  io_req_task_submit+0x1e0/0x210
[  660.873738][    C0]  io_handle_tw_list+0x4c6/0x540
[  660.878690][    C0]  tctx_task_work_run+0xa9/0x370
[  660.883731][    C0]  tctx_task_work+0x7b/0xd0
[  660.888270][    C0]  task_work_run+0x151/0x250
[  660.892862][    C0] page last free pid 7212 tgid 7212 stack trace:
[  660.899177][    C0]  free_unref_page+0x64a/0xe40
[  660.903972][    C0]  vfree+0x181/0x7a0
[  660.907883][    C0]  kcov_put+0x2a/0x40
[  660.911883][    C0]  kcov_close+0x10/0x20
[  660.916047][    C0]  __fput+0x40b/0xbb0
[  660.920035][    C0]  task_work_run+0x151/0x250
[  660.924652][    C0]  do_exit+0xa9b/0x2ba0
[  660.928809][    C0]  do_group_exit+0xd3/0x2a0
[  660.933319][    C0]  get_signal+0x2616/0x2710
[  660.937862][    C0]  arch_do_signal_or_restart+0x90/0x7e0
[  660.943423][    C0]  syscall_exit_to_user_mode+0x14a/0x2a0
[  660.949093][    C0]  do_syscall_64+0xda/0x250
[  660.953630][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  660.959570][    C0] 
[  660.961902][    C0] Memory state around the buggy address:
[  660.967523][    C0]  ffffc9001538fa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  660.975581][    C0]  ffffc9001538fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  660.983647][    C0] >ffffc9001538fb80: 00 00 00 00 f1 f1 f1 f1 04 f3 f3 f3 00 00 00 00
[  660.991700][    C0]                                ^
[  660.996799][    C0]  ffffc9001538fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  661.004854][    C0]  ffffc9001538fc80: 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00
[  661.012908][    C0] ==================================================================
[  661.020958][    C0] Disabling lock debugging due to kernel taint
[  661.027139][    C0] ==================================================================
[  661.035186][    C0] BUG: KASAN: stack-out-of-bounds in profile_pc+0x186/0x1a0
[  661.042484][    C0] Read of size 8 at addr ffffc9001538fba0 by task syz-executor/8613
[  661.050555][    C0] 
[  661.052870][    C0] CPU: 0 PID: 8613 Comm: syz-executor Tainted: G    B              6.10.0-rc5-syzkaller-00243-g6c0483dbfe72 #0
[  661.064610][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  661.074663][    C0] Call Trace:
[  661.077938][    C0]  <IRQ>
[  661.080776][    C0]  dump_stack_lvl+0x116/0x1f0
[  661.085469][    C0]  print_report+0xc3/0x620
[  661.089896][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  661.095539][    C0]  ? __virt_addr_valid+0x5e/0x580
[  661.100587][    C0]  kasan_report+0xd9/0x110
[  661.105011][    C0]  ? profile_pc+0x186/0x1a0
[  661.109540][    C0]  ? profile_pc+0x186/0x1a0
[  661.114059][    C0]  ? queued_read_lock_slowpath+0x135/0x2b1
[  661.119877][    C0]  profile_pc+0x186/0x1a0
[  661.124226][    C0]  profile_tick+0xd3/0x140
[  661.128666][    C0]  tick_nohz_handler+0x380/0x530
[  661.133628][    C0]  ? __pfx_tick_nohz_handler+0x10/0x10
[  661.139102][    C0]  __hrtimer_run_queues+0x65a/0xcc0
[  661.144328][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  661.150093][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  661.155735][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  661.161407][    C0]  hrtimer_interrupt+0x31b/0x800
[  661.166392][    C0]  __sysvec_apic_timer_interrupt+0x112/0x450
[  661.172467][    C0]  sysvec_apic_timer_interrupt+0x90/0xb0
[  661.178135][    C0]  </IRQ>
[  661.181060][    C0]  <TASK>
[  661.183983][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  661.189988][    C0] RIP: 0010:queued_read_lock_slowpath+0x135/0x2b1
[  661.196437][    C0] Code: 00 8b 03 84 c0 74 36 48 b8 00 00 00 00 00 fc ff df 49 89 de 48 89 dd 49 c1 ee 03 83 e5 07 49 01 c6 83 c5 03 f3 90 41 0f b6 06 <40> 38 c5 7c 08 84 c0 0f 85 1f 01 00 00 8b 03 84 c0 75 e7 48 c7 c0
[  661.216149][    C0] RSP: 0018:ffffc9001538fb98 EFLAGS: 00000286
[  661.222308][    C0] RAX: 0000000000000000 RBX: ffffffff8d80a080 RCX: ffffffff8aec1b8b
[  661.230294][    C0] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff8d80a080
[  661.238264][    C0] RBP: 0000000000000003 R08: 0000000000000001 R09: fffffbfff1b01410
[  661.246231][    C0] R10: ffffffff8d80a083 R11: 0000000000000000 R12: 1ffff92002a71f74
[  661.254374][    C0] R13: ffffffff8d80a084 R14: fffffbfff1b01410 R15: ffffffff8152e4d9
[  661.262433][    C0]  ? do_wait+0x1e9/0x570
[  661.266704][    C0]  ? queued_read_lock_slowpath+0xdb/0x2b1
[  661.272464][    C0]  ? queued_read_lock_slowpath+0xdb/0x2b1
[  661.278222][    C0]  ? __pfx_queued_read_lock_slowpath+0x10/0x10
[  661.284394][    C0]  __do_wait+0x105/0x890
[  661.288644][    C0]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  661.294483][    C0]  ? do_wait+0x1e9/0x570
[  661.298732][    C0]  do_wait+0x219/0x570
[  661.302811][    C0]  kernel_wait4+0x16c/0x280
[  661.307320][    C0]  ? __pfx_kernel_wait4+0x10/0x10
[  661.312352][    C0]  ? __pfx_child_wait_callback+0x10/0x10
[  661.317990][    C0]  ? __pfx_hrtimer_nanosleep+0x10/0x10
[  661.323464][    C0]  ? __might_fault+0xe3/0x190
[  661.328158][    C0]  __do_sys_wait4+0x15f/0x170
[  661.332847][    C0]  ? __pfx___do_sys_wait4+0x10/0x10
[  661.338051][    C0]  ? __pfx_get_timespec64+0x10/0x10
[  661.343264][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  661.348910][    C0]  do_syscall_64+0xcd/0x250
[  661.353430][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  661.359347][    C0] RIP: 0033:0x7fe3fc36be97
[  661.363758][    C0] Code: 89 7c 24 10 48 89 4c 24 18 e8 b5 14 03 00 4c 8b 54 24 18 8b 54 24 14 41 89 c0 48 8b 74 24 08 8b 7c 24 10 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 89 44 24 10 e8 05 15 03 00 8b 44
[  661.383367][    C0] RSP: 002b:00007fff7d0415f0 EFLAGS: 00000293 ORIG_RAX: 000000000000003d
[  661.391786][    C0] RAX: ffffffffffffffda RBX: 0000000000000157 RCX: 00007fe3fc36be97
[  661.399759][    C0] RDX: 0000000040000001 RSI: 00007fff7d04166c RDI: 00000000ffffffff
[  661.407729][    C0] RBP: 00007fff7d04166c R08: 0000000000000000 R09: 00007fe3fd1fa080
[  661.415714][    C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032
[  661.423697][    C0] R13: 00000000000a12c9 R14: 00000000000a11f2 R15: 00007fff7d0416d0
[  661.431681][    C0]  </TASK>
[  661.434869][    C0] 
[  661.437178][    C0] The buggy address belongs to stack of task syz-executor/8613
[  661.444716][    C0]  and is located at offset 0 in frame:
[  661.450248][    C0]  queued_read_lock_slowpath+0x0/0x2b1
[  661.455715][    C0] 
[  661.458026][    C0] This frame has 1 object:
[  661.462427][    C0]  [32, 36) 'val'
[  661.462444][    C0] 
[  661.468391][    C0] The buggy address belongs to the virtual mapping at
[  661.468391][    C0]  [ffffc90015388000, ffffc90015391000) created by:
[  661.468391][    C0]  create_io_thread+0xaa/0xf0
[  661.486113][    C0] 
[  661.488426][    C0] The buggy address belongs to the physical page:
[  661.494842][    C0] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6c8dc
[  661.503619][    C0] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  661.510735][    C0] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  661.519318][    C0] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[  661.527892][    C0] page dumped because: kasan: bad access detected
[  661.534304][    C0] page_owner tracks the page as allocated
[  661.540030][    C0] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102dc2(GFP_HIGHUSER|__GFP_NOWARN|__GFP_ZERO), pid 8596, tgid 8588 (syz.0.1117), ts 408528727303, free_ts 408364696835
[  661.558907][    C0]  post_alloc_hook+0x2d1/0x350
[  661.563686][    C0]  get_page_from_freelist+0x1353/0x2e50
[  661.569243][    C0]  __alloc_pages_noprof+0x22b/0x2460
[  661.574543][    C0]  alloc_pages_mpol_noprof+0x275/0x610
[  661.580012][    C0]  __vmalloc_node_range_noprof+0xa6a/0x1520
[  661.585950][    C0]  copy_process+0x2f38/0x8f10
[  661.590667][    C0]  create_io_thread+0xaa/0xf0
[  661.595344][    C0]  create_io_worker+0x1c2/0x590
[  661.600202][    C0]  io_wq_enqueue+0x66c/0xb70
[  661.604799][    C0]  io_queue_iowq+0x248/0x4e0
[  661.609399][    C0]  io_queue_async+0x24e/0x4b0
[  661.614092][    C0]  io_req_task_submit+0x1e0/0x210
[  661.619187][    C0]  io_handle_tw_list+0x4c6/0x540
[  661.624177][    C0]  tctx_task_work_run+0xa9/0x370
[  661.629140][    C0]  tctx_task_work+0x7b/0xd0
[  661.633679][    C0]  task_work_run+0x151/0x250
[  661.638308][    C0] page last free pid 7212 tgid 7212 stack trace:
[  661.644650][    C0]  free_unref_page+0x64a/0xe40
[  661.649432][    C0]  vfree+0x181/0x7a0
[  661.653353][    C0]  kcov_put+0x2a/0x40
[  661.657346][    C0]  kcov_close+0x10/0x20
[  661.661512][    C0]  __fput+0x40b/0xbb0
[  661.665495][    C0]  task_work_run+0x151/0x250
[  661.670093][    C0]  do_exit+0xa9b/0x2ba0
[  661.674248][    C0]  do_group_exit+0xd3/0x2a0
[  661.678775][    C0]  get_signal+0x2616/0x2710
[  661.683289][    C0]  arch_do_signal_or_restart+0x90/0x7e0
[  661.688839][    C0]  syscall_exit_to_user_mode+0x14a/0x2a0
[  661.694480][    C0]  do_syscall_64+0xda/0x250
[  661.698999][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  661.704926][    C0] 
[  661.707238][    C0] Memory state around the buggy address:
[  661.712855][    C0]  ffffc9001538fa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  661.720908][    C0]  ffffc9001538fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  661.728966][    C0] >ffffc9001538fb80: 00 00 00 00 f1 f1 f1 f1 04 f3 f3 f3 00 00 00 00
[  661.737017][    C0]                                ^
[  661.742113][    C0]  ffffc9001538fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  661.750170][    C0]  ffffc9001538fc80: 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00
[  661.758219][    C0] ==================================================================
[  661.766310][    C0] ==================================================================
[  661.774357][    C0] BUG: KASAN: stack-out-of-bounds in profile_pc+0x186/0x1a0
[  661.781654][    C0] Read of size 8 at addr ffffc9001538fba0 by task syz-executor/8613
[  661.789627][    C0] 
[  661.791941][    C0] CPU: 0 PID: 8613 Comm: syz-executor Tainted: G    B              6.10.0-rc5-syzkaller-00243-g6c0483dbfe72 #0
[  661.803656][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  661.813704][    C0] Call Trace:
[  661.816977][    C0]  <IRQ>
[  661.819900][    C0]  dump_stack_lvl+0x116/0x1f0
[  661.824587][    C0]  print_report+0xc3/0x620
[  661.829008][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  661.834649][    C0]  ? __virt_addr_valid+0x5e/0x580
[  661.839677][    C0]  kasan_report+0xd9/0x110
[  661.844096][    C0]  ? profile_pc+0x186/0x1a0
[  661.848616][    C0]  ? profile_pc+0x186/0x1a0
[  661.853137][    C0]  ? queued_read_lock_slowpath+0x135/0x2b1
[  661.858953][    C0]  profile_pc+0x186/0x1a0
[  661.863318][    C0]  profile_tick+0xd3/0x140
[  661.867754][    C0]  tick_nohz_handler+0x380/0x530
[  661.872713][    C0]  ? __pfx_tick_nohz_handler+0x10/0x10
[  661.878209][    C0]  __hrtimer_run_queues+0x65a/0xcc0
[  661.883430][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  661.889163][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  661.894800][    C0]  ? ktime_get_update_offsets_now+0x201/0x310
[  661.900877][    C0]  hrtimer_interrupt+0x31b/0x800
[  661.905842][    C0]  __sysvec_apic_timer_interrupt+0x112/0x450
[  661.911862][    C0]  sysvec_apic_timer_interrupt+0x90/0xb0
[  661.917606][    C0]  </IRQ>
[  661.920535][    C0]  <TASK>
[  661.923459][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  661.929465][    C0] RIP: 0010:queued_read_lock_slowpath+0x135/0x2b1
[  661.935912][    C0] Code: 00 8b 03 84 c0 74 36 48 b8 00 00 00 00 00 fc ff df 49 89 de 48 89 dd 49 c1 ee 03 83 e5 07 49 01 c6 83 c5 03 f3 90 41 0f b6 06 <40> 38 c5 7c 08 84 c0 0f 85 1f 01 00 00 8b 03 84 c0 75 e7 48 c7 c0
[  661.955523][    C0] RSP: 0018:ffffc9001538fb98 EFLAGS: 00000286
[  661.961585][    C0] RAX: 0000000000000000 RBX: ffffffff8d80a080 RCX: ffffffff8aec1b8b
[  661.969567][    C0] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff8d80a080
[  661.977548][    C0] RBP: 0000000000000003 R08: 0000000000000001 R09: fffffbfff1b01410
[  661.985519][    C0] R10: ffffffff8d80a083 R11: 0000000000000000 R12: 1ffff92002a71f74
[  661.993488][    C0] R13: ffffffff8d80a084 R14: fffffbfff1b01410 R15: ffffffff8152e4d9
[  662.001464][    C0]  ? do_wait+0x1e9/0x570
[  662.005743][    C0]  ? queued_read_lock_slowpath+0xdb/0x2b1
[  662.011480][    C0]  ? queued_read_lock_slowpath+0xdb/0x2b1
[  662.017210][    C0]  ? __pfx_queued_read_lock_slowpath+0x10/0x10
[  662.023382][    C0]  __do_wait+0x105/0x890
[  662.027630][    C0]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  662.033444][    C0]  ? do_wait+0x1e9/0x570
[  662.037689][    C0]  do_wait+0x219/0x570
[  662.041762][    C0]  kernel_wait4+0x16c/0x280
[  662.046272][    C0]  ? __pfx_kernel_wait4+0x10/0x10
[  662.051305][    C0]  ? __pfx_child_wait_callback+0x10/0x10
[  662.056944][    C0]  ? __pfx_hrtimer_nanosleep+0x10/0x10
[  662.062418][    C0]  ? __might_fault+0xe3/0x190
[  662.067103][    C0]  __do_sys_wait4+0x15f/0x170
[  662.071791][    C0]  ? __pfx___do_sys_wait4+0x10/0x10
[  662.076996][    C0]  ? __pfx_get_timespec64+0x10/0x10
[  662.082208][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  662.087852][    C0]  do_syscall_64+0xcd/0x250
[  662.092369][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  662.098279][    C0] RIP: 0033:0x7fe3fc36be97
[  662.102690][    C0] Code: 89 7c 24 10 48 89 4c 24 18 e8 b5 14 03 00 4c 8b 54 24 18 8b 54 24 14 41 89 c0 48 8b 74 24 08 8b 7c 24 10 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 89 44 24 10 e8 05 15 03 00 8b 44
[  662.122297][    C0] RSP: 002b:00007fff7d0415f0 EFLAGS: 00000293 ORIG_RAX: 000000000000003d
[  662.130708][    C0] RAX: ffffffffffffffda RBX: 0000000000000157 RCX: 00007fe3fc36be97
[  662.138692][    C0] RDX: 0000000040000001 RSI: 00007fff7d04166c RDI: 00000000ffffffff
[  662.146664][    C0] RBP: 00007fff7d04166c R08: 0000000000000000 R09: 00007fe3fd1fa080
[  662.154648][    C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032
[  662.162617][    C0] R13: 00000000000a12c9 R14: 00000000000a11f2 R15: 00007fff7d0416d0
[  662.170596][    C0]  </TASK>
[  662.173604][    C0] 
[  662.175914][    C0] The buggy address belongs to stack of task syz-executor/8613
[  662.183443][    C0]  and is located at offset 0 in frame:
[  662.189056][    C0]  queued_read_lock_slowpath+0x0/0x2b1
[  662.194526][    C0] 
[  662.196834][    C0] This frame has 1 object:
[  662.201235][    C0]  [32, 36) 'val'
[  662.201251][    C0] 
[  662.207176][    C0] The buggy address belongs to the virtual mapping at
[  662.207176][    C0]  [ffffc90015388000, ffffc90015391000) created by:
[  662.207176][    C0]  create_io_thread+0xaa/0xf0
[  662.224901][    C0] 
[  662.227227][    C0] The buggy address belongs to the physical page:
[  662.233626][    C0] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6c8dc
[  662.242379][    C0] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  662.249500][    C0] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  662.258087][    C0] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[  662.266746][    C0] page dumped because: kasan: bad access detected
[  662.273146][    C0] page_owner tracks the page as allocated
[  662.278855][    C0] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102dc2(GFP_HIGHUSER|__GFP_NOWARN|__GFP_ZERO), pid 8596, tgid 8588 (syz.0.1117), ts 408528727303, free_ts 408364696835
[  662.297182][    C0]  post_alloc_hook+0x2d1/0x350
[  662.301977][    C0]  get_page_from_freelist+0x1353/0x2e50
[  662.307551][    C0]  __alloc_pages_noprof+0x22b/0x2460
[  662.312871][    C0]  alloc_pages_mpol_noprof+0x275/0x610
[  662.318346][    C0]  __vmalloc_node_range_noprof+0xa6a/0x1520
[  662.324257][    C0]  copy_process+0x2f38/0x8f10
[  662.328990][    C0]  create_io_thread+0xaa/0xf0
[  662.333685][    C0]  create_io_worker+0x1c2/0x590
[  662.338547][    C0]  io_wq_enqueue+0x66c/0xb70
[  662.343140][    C0]  io_queue_iowq+0x248/0x4e0
[  662.347738][    C0]  io_queue_async+0x24e/0x4b0
[  662.352424][    C0]  io_req_task_submit+0x1e0/0x210
[  662.357463][    C0]  io_handle_tw_list+0x4c6/0x540
[  662.362414][    C0]  tctx_task_work_run+0xa9/0x370
[  662.367362][    C0]  tctx_task_work+0x7b/0xd0
[  662.371881][    C0]  task_work_run+0x151/0x250
[  662.376475][    C0] page last free pid 7212 tgid 7212 stack trace:
[  662.382791][    C0]  free_unref_page+0x64a/0xe40
[  662.387596][    C0]  vfree+0x181/0x7a0
[  662.391504][    C0]  kcov_put+0x2a/0x40
[  662.395662][    C0]  kcov_close+0x10/0x20
[  662.399822][    C0]  __fput+0x40b/0xbb0
[  662.403809][    C0]  task_work_run+0x151/0x250
[  662.408403][    C0]  do_exit+0xa9b/0x2ba0
[  662.412559][    C0]  do_group_exit+0xd3/0x2a0
[  662.417080][    C0]  get_signal+0x2616/0x2710
[  662.421596][    C0]  arch_do_signal_or_restart+0x90/0x7e0
[  662.427150][    C0]  syscall_exit_to_user_mode+0x14a/0x2a0
[  662.432806][    C0]  do_syscall_64+0xda/0x250
[  662.437318][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  662.443229][    C0] 
[  662.445551][    C0] Memory state around the buggy address:
[  662.451188][    C0]  ffffc9001538fa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  662.459244][    C0]  ffffc9001538fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  662.467298][    C0] >ffffc9001538fb80: 00 00 00 00 f1 f1 f1 f1 04 f3 f3 f3 00 00 00 00
[  662.475367][    C0]                                ^
[  662.480487][    C0]  ffffc9001538fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SYZFAIL: failed to send rpc
fd=3 want=56 sent=0 n=-1 (errno 32: Broken pipe)
[  662.488546][    C0]  ffffc9001538fc80