last executing test programs:

1m56.835904413s ago: executing program 1 (id=12):
socket$packet(0x11, 0x2, 0x300)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/packet\x00')
pread64(r0, &(0x7f00000001c0)=""/165, 0xa5, 0x43)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000700000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='ext4_writepages_result\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x804810, &(0x7f0000000a40), 0x26, 0x756, &(0x7f00000002c0)="$eJzs3M1rXOUaAPDnnGaafuTeyYUL9+pChBZaKD1Jmk27aty4KxQKbmtITkLISSZkJrUTC7auhdpsFARR1y7dCqX+Ae6koOBeEK1xIW5GzuSjNGam0ybpSPr7wcl53vP1vE/m8GYO5D0BvLReL38kEUMRcTUiqpvb04g42o6ORdzeOG790a2pckmi1br2S1KeFuut6va1ks31yWifEv+PiAeViHPv/z1vvbk6P1kU+fJme6SxsDRSb66en1uYnM1n88Wx8UujF8fHL46OP7WG//VY6+m3Lh2/9+2ba2vffdW4+9rA+SQm2nXHZm09XuaZbPxOKjGxY/viQSTro6TfHQAAoCfl9/wjETHQ/pZajSPtCAAAADhMWoMtAAAA4NBLot89AAAAAA7W1v8BbM3tPah5sJ38/EZEDO+Wf6A9hzjiWFQi4sR68sTMhGTjNNiT23ci4v7Ezvvvi/IOu73Ha4/uaD85R/roHq/Ofrhfjj8Tu40/6fb4E7uMPwNb707Yo87j3+P8RzqMf1d7zPH1p69UOua/E/HqwG75k+38SYf8b/eY/+7aB/c67Wt9HnFm178/yRO5urwfYmJmruj6+oEHf5592K3+E53yJ93rX+qx/nfXf5vvNJaU+c+e6v7575a/vCc+3OxHGhH3Ntdle21HjlML33/Trf7piNbzfP6f9Vj/j18O3uzxUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGhLI2IokjTbjtM0yyJORsR/40Ra1OqNczO1lcXpcl/EcFTSmbkiH42I6kY7Kdtj7fhx+8KO9nhE/OeH4xtJ54o8m6oV0/0uHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgG0nI2IokjSLiDQifq+maZZFDPRw7uAL6B8AAACwT4b73QEAAADgwHn+BwAAgMPveZ//k33uBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCoXb1ypVxa649uTZXt6RvNlfnajfPTeX0+W1iZyqZqy0vZbK02W+TZVG3hadcrarWlsUuxcnOkkdcbI/Xm6vWF2spi4/rcwuRsfj2vvJCqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFZD7SVJs4hI23GaZlnEvyJiOCrJzFyRj0bEvyPiYbUyWLbH+t1pAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9l29uTo/WRT5skAgeGHBexHxD+hGl6DfIxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP1Qb67OTxZFvlzvd08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADor/SnJCLK5Uz19NDOvUeTP6rtdUS888m1j25ONhrLY+X2X7e3Nz7e3H6hH/0HAACAl8LlZzl46zl96zkeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgV/Xm6vxkUeTLewsuR3O1lXQ4pt81AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAz+evAAAA//8KQsc4")
chdir(&(0x7f0000000240)='./file0\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
geteuid()
ioctl$FS_IOC_ENABLE_VERITY(r2, 0x40806685, &(0x7f0000000a80)={0x1, 0x2, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0})

1m53.023120776s ago: executing program 1 (id=18):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6(0xa, 0x2, 0x3a)
sendto$inet6(r3, &(0x7f0000000000)="800037bbfa9ba1ce", 0x8, 0x4000, &(0x7f0000001100)={0xa, 0x0, 0x0, @loopback}, 0x1c)
recvmmsg(r3, &(0x7f0000000380)=[{{&(0x7f0000000640)=@l2tp6={0xa, 0x0, 0x0, @mcast2}, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000140)=""/144}, {&(0x7f0000000200)=""/230}, {&(0x7f0000000300)=""/86, 0xfffffe94}, {&(0x7f00000003c0)=""/253}, {&(0x7f00000004c0)=""/208}]}, 0x3422a61a}], 0x4000000000003c9, 0x10102, 0x0)

1m50.517093643s ago: executing program 1 (id=21):
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x4000, 0x0, 0x0, 0x0, 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x800)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
getresuid(&(0x7f0000000600), &(0x7f0000000640), &(0x7f0000000340)=<r3=>0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000000100000100000028"], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x18)
write$FUSE_CREATE_OPEN(r2, &(0x7f0000000280)={0xa0, 0x24, 0x0, {{0x0, 0x1, 0x5, 0x6, 0x3, 0x6, {0x6, 0x1, 0x65d1, 0x0, 0xfffffffff7ff15ef, 0x3fb, 0x27, 0x7fff, 0x7, 0x2000, 0x8, 0x0, 0x0, 0x2, 0x10000}}, {0x0, 0x1}}}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',privport,access=', @ANYRESDEC=r3])
mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000240)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})

1m49.469246606s ago: executing program 1 (id=23):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=@base={0xa, 0x4, 0xfff, 0x7, 0x88, 0xffffffffffffffff, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000e41621eb70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x14, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8}, 0x48)
close(0xffffffffffffffff)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff})
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
setsockopt$sock_attach_bpf(r2, 0x1, 0x41, 0x0, 0x0)
setsockopt$sock_attach_bpf(r2, 0x1, 0x25, &(0x7f0000000100), 0x4)

1m45.13658302s ago: executing program 1 (id=28):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r2}, &(0x7f00000006c0), &(0x7f0000000700)=r1}, 0x20)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r3, 0x0, 0xd}, 0x18)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x1fffffffffe, 0xfffffffffffffffd, 0x80000001, 0x0, 0x1000001000, 0x9}, 0x0, &(0x7f00000002c0)={0x3fb, 0xc, 0x400000000001, 0x7, 0x40000000000000, 0xf, 0xf4e0, 0x2}, 0x0, 0x0)

1m41.597810573s ago: executing program 1 (id=34):
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
set_mempolicy(0x3, &(0x7f00000000c0)=0x3, 0x5)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r2 = socket$alg(0x26, 0x5, 0x0)
accept4(r2, 0x0, 0x0, 0x80800)
io_uring_enter(0xffffffffffffffff, 0x7a98, 0x0, 0x0, 0x0, 0x0)

1m25.874311682s ago: executing program 32 (id=34):
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
set_mempolicy(0x3, &(0x7f00000000c0)=0x3, 0x5)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r2 = socket$alg(0x26, 0x5, 0x0)
accept4(r2, 0x0, 0x0, 0x80800)
io_uring_enter(0xffffffffffffffff, 0x7a98, 0x0, 0x0, 0x0, 0x0)

41.030025971s ago: executing program 4 (id=136):
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(0x0, 0x0, 0x0)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xa}}, 0x2}}, 0x2e)
symlink(&(0x7f0000000080)='.\x00', &(0x7f0000000240)='./file0\x00')
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r2, {}, 0x2, 0x4}}, 0x26)
ioctl$PPPIOCGL2TPSTATS(r2, 0x8004745a, &(0x7f0000000ac0))
syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x0)

39.401389876s ago: executing program 4 (id=138):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000180)='./file1\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x2, 0x3, 0x0, 0x6, 0x7fffffff})
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x478103, 0x60)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x100)

38.417682279s ago: executing program 4 (id=140):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000800000000000070000000900010073797a30000000007c000000090a010400000000000000000700000008000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d38001280140001800c000100636f756e7465720004000280200001800e000100636f6e6e6c696d69740000000c00028008000140000000080800034000000110"], 0xc4}}, 0x20050890)

36.104612014s ago: executing program 4 (id=143):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20020008008f}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
unshare(0x8000600)

33.871255823s ago: executing program 4 (id=145):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10)
read$msr(r0, &(0x7f000001aa40)=""/102400, 0x19000)
r1 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000007c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0xfffffffd, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4000}}, {0x4}}, {{0x1c, 0x1, {0x8, 0x1e, 0xc}}, {0x4}}]}]}, 0x68}}, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r2, &(0x7f0000004480)=[{{&(0x7f0000000080)={0xa, 0x4e22, 0x8, @mcast1, 0x9}, 0x1c, 0x0}}, {{&(0x7f0000000140)={0xa, 0x4e20, 0xe5, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x5}, 0x1c, 0x0, 0x0, &(0x7f0000001a00)=[@flowinfo={{0x14, 0x29, 0xb, 0xfffffef1}}, @flowinfo={{0x14, 0x29, 0xb, 0x1}}], 0x30}}], 0x2, 0x80)

33.373457436s ago: executing program 4 (id=147):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$vsock_stream(0x28, 0x1, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2031}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FLAGS={0x8, 0x3, 0x2}]}, @IFLA_GROUP={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x20048054}, 0x0)

19.609642179s ago: executing program 0 (id=168):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800001f1a0068099b3c0000000000001860000000000000824d086bb227733218120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000001800000000000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xa5, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = openat(0xffffffffffffff9c, 0x0, 0x2040, 0x0)
fcntl$setlease(r0, 0x400, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff})
r3 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
fchdir(r4)
open(&(0x7f00000003c0)='.\x00', 0x800, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)

17.915305465s ago: executing program 0 (id=173):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000980)={'gre0\x00'})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f0000000100)={0x1d, r1, 0x0, {0x1, 0x0, 0x4}, 0x1}, 0x18)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r4=>0x0})
bind$can_j1939(r3, &(0x7f0000000340)={0x1d, r4, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18)
setsockopt$sock_int(r3, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
sendmsg$inet(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081)
sendmsg$nl_route_sched(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r4, {0xfffd, 0xffeb}, {0x1, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x850)

17.413463208s ago: executing program 33 (id=147):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$vsock_stream(0x28, 0x1, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2031}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FLAGS={0x8, 0x3, 0x2}]}, @IFLA_GROUP={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x20048054}, 0x0)

17.256743667s ago: executing program 2 (id=176):
socket$inet_udp(0x2, 0x2, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000000001000001000000"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='kfree\x00', r1, 0x0, 0x7}, 0x18)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
r4 = syz_io_uring_setup(0x117, &(0x7f0000000100)={0x0, 0xfffffffe, 0x80, 0x2000000, 0x3a6}, &(0x7f00000001c0)=<r5=>0x0, &(0x7f0000000200)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r3, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000010000000100000009"], 0x18}, 0x0, 0x40000, 0x1})
io_uring_enter(r4, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)

16.622993023s ago: executing program 2 (id=177):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
gettid()
futex_waitv(0x0, 0x0, 0x0, 0x0, 0x1)
prctl$PR_MCE_KILL(0x4e, 0x1, 0x2)

15.28830011s ago: executing program 2 (id=180):
r0 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
close(r0)
r2 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x1a1)
fcntl$setlease(r2, 0x400, 0x1)
r3 = memfd_create(&(0x7f0000000180)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xecz\xabq\x95t*T9\xa9\b X \x04\"\x17\xbf\xcb\xccF\xda\xcf\xdd^\xa0\x15\xc0\xcb^h>\x1b\xb5d\xc7\x7f0\x9a&\xb0\x12#\x9c`\xa6\xed\x05\x95g\a\xccYb\xaf\xe9\xb6G?\x9f\xf5\xfe\xc1\xc0JJ\xc8\xd9d\x80\x13\x8fX\xb4\x19\xc4\\\xcb\x89-)\x90\x01\v\xac^\xdbBQ|\xaej;\x92\\\xf8u\x19Y\xee\x99EI\xf1t\xadn<\x9b\xc9\x87\xd0\xa7\x1a\x81\xb9\xc87sq\xd7\x15\xd6\x91O\x9c\x99!9>\xff\xa8\xfa\xe6=d\xcf\xca\xa9\xc61!\xc6P\x13\xd0\x88gZ\xbe\xdfl\xfa\xff\xb0m;d07tx\xbb\xabd\xe5\x16\xc4\xae\xf0', 0x0)
write$binfmt_script(r3, &(0x7f0000000340)={'#! ', './file0'}, 0xb)
ioperm(0x2, 0x7fb, 0x100)
execveat(r3, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)

14.245574074s ago: executing program 2 (id=181):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x80000000000001, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = syz_open_dev$usbfs(&(0x7f0000000480), 0x76, 0x160341)
ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)

14.234181959s ago: executing program 3 (id=182):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000480)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r3, &(0x7f0000000480)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0x80020}, 0x1c, &(0x7f0000000500)=[{&(0x7f00000034c0)='\x00', 0x1}], 0x1}}], 0x1, 0x34000811)

13.051177481s ago: executing program 3 (id=183):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r3, &(0x7f0000000280)={0x2, 0x0, @local}, 0x10)
sendmmsg$inet(r3, &(0x7f0000004d00), 0x7fffffffffffd33, 0x20000890)

12.862920352s ago: executing program 2 (id=184):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
rseq(&(0x7f0000000400), 0x20, 0x0, 0x0)
r1 = socket(0x1e, 0x4, 0x0)
connect$tipc(r1, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10)
sendmmsg$unix(r1, &(0x7f0000004400), 0x400000000000203, 0x0)
syz_emit_vhci(0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)

11.200613163s ago: executing program 5 (id=185):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
preadv(r1, 0x0, 0x0, 0x1, 0x9)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_mount_image$squashfs(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f00000002c0), 0x1, 0x228, &(0x7f0000000300)="$eJzKKC4sZmdgYPj7sSaZgUGAAQRYGEQYLjAwMrAwMDDIM4KFGD4yQeipUPomlGaDyl+B0r5Q8XYo/de8KiKKgYExU+meGdMB8RRFRgEGHpGvpx4wJDPwxzJYzvNecykoc8pVobdL94PUe4VWbmJgVE/hXzRnwwSnmbwcIEHGyChkc5gPyMziABnEwMAw+U/EvQcskgwiSGaJcvwTO9WyfJVZ532GGR3T0hgYDWaBzNE7ojvTzoC3mwlqZnFlVXZiTk5qUfEZBlTzJzPuZ1JkBKk78/dq8ANGO4buWAZGBrkN/mqLv/2Rqty4qT5yelVEzdTupptL18cxbNP/e8VE6v3EjLD/Dw4Jalnk5X+YJ6P0fXPDnA81dU9MHDsblefyt17+++59TG1xghrTY/GuQjb+BDetmk/OTm6Wj+emV7dvKVZckJXmMvHY1It/E46vZWCYfOGJrX7NmUPxijGcUm6Vc2PuusULci1TP1/3hoHhYNTniQyMyxn3MzEwzAzbuQfZX+UN0MhgYGZgYFBhYGBgYmBhSMvMSTXwYGBkYIZyDFmgqmCqmRg4wBJ6yfk5Ke0MjOAkANa2nIEFbobhYwZWOMcImWNs0QA1iaEdSqtAaQ8ovRxKP4bS8mjJhgVsQj+Up9HAwMDGUJFYUlJkyMbAAGXBxYzgYkYCcJuZoLbOZUL13HEmhlEwCkbBKBgFo2AUjIJRMApGwSgYyQAQAAD//0UbugI=")

11.105438267s ago: executing program 0 (id=186):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000400)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r3, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x4e20, 0x0, @private2}]}, &(0x7f0000000180)=0x10)

11.10522507s ago: executing program 3 (id=187):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000340)="1400000023003517d25a806f8b6394f90324fc60", 0x14}], 0x1, 0x0, 0x0, 0x2000000}, 0x0)

9.818832892s ago: executing program 5 (id=188):
socket$inet_udp(0x2, 0x2, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000000001000001000000"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='kfree\x00', r1, 0x0, 0x7}, 0x18)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
r4 = syz_io_uring_setup(0x117, &(0x7f0000000100)={0x0, 0xfffffffe, 0x80, 0x2000000, 0x3a6}, &(0x7f00000001c0)=<r5=>0x0, &(0x7f0000000200)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r3, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000010000000100000009"], 0x18}, 0x0, 0x40000, 0x1})
io_uring_enter(r4, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)

8.927957118s ago: executing program 3 (id=189):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r3, &(0x7f0000000480), 0x10)
connect$can_bcm(r3, &(0x7f0000000900), 0x10)

7.941144492s ago: executing program 0 (id=190):
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0xc8080)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r2, 0xc0045516, &(0x7f0000000000)=0x639)
r3 = syz_io_uring_setup(0x239, &(0x7f0000000200)={0x0, 0xc2d3, 0x10100, 0x2, 0x3}, &(0x7f0000000180)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r3, 0x79a5, 0x2, 0x46, 0x0, 0x0)
readv(r2, &(0x7f0000000180)=[{&(0x7f0000000200)=""/147, 0x93}], 0x1)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f0000000240), 0x3af4701e)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28012, r6, 0x0)

5.80006555s ago: executing program 3 (id=191):
r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000640)='\xf0\x891\xb8R\xe6\x8d\x12\xe5\xe3+\xcd24\x01\x80\x1a\xc9A\x93\xb1@\xbf\x89K\xd0\x86\xd9\x86\x18\xc4:\xc3\xe0\xac\xed~\x97\a\xbe\xfb1d\xbe\xa1\xc1N\xd2p\xf0\xc6\xf3\x8eD\x1b\xc7q\x99?9\xf1\xe6\f\xa9\x90\xec:\x037\xe8\x0f\rX6\xf2\x88\x8d\r\xd2\xfc+\x19\x9a}\x9c\xd9\x1a\xef\xf1\x16d>ah\xa2\xa7\x02U\x06\xe1\xe1PY\x90\x17\xf0p\x01*!I\xd3$\xd00C\x88*NA\xc3\x95`\xb2\xf1\xb1\xed\x91\xe4\x87\xcf_9\x1eIpAfN\x99\xa9\v)\x98p\xea[\xc5&D\xe7\xf3\xba/\xcd\xdb\x9dz\xb2\xbf\xc6\xea?\x13(\x15\xc1\tm\xe7t,[\x14|bM\xfa\xeb\x91\xb0\xdfAR\xf3\xe2\xdf', &(0x7f00000007c0)='{\xe0e%m\"\x92\xb5\xcb\x00\x01\x0e!5\xd8\xf2\x92\x97\x86\xf9\xa8\xe7;\xdff3\x83\xb1a\xf2j\t\x7f??,\xd9\xe28\xae\xd6>\xbaN\x1d_N\xcbdIP2$\xbc\xc9\x89\xb5\n\x90-i%\xe2\x94\fH\xf1\xed\r\b\x1c\x81>\t\xc30-\xe2\xb3\xb0<m\x8ePDhx\x04\xd8\x17\xbcP\x8bl\xd5\x00\x00\x00\x00\x00\x00\xa3E\x9a_\x9b\x98#\xb2\x03\x18!V\x1b\xcbk\xf8\xd6JE4,\xdf\x96\x80j#\xf9\xd8\x13,\x89\x10\x90:l/\xb9T\x9a', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r1 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
readv(r0, &(0x7f0000000080)=[{&(0x7f0000000100)=""/161, 0xa1}], 0x1)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000880)='\xf5\xfc\xd2\xec]\x95zx8*\xa2d\x11\xb5\xb1\x01\x00\x00\x00\xe49{\x8a{\x81s\xea$\xdfg\xb1\x03DY!\x97\xadM\xd7\xff\x8a\xcd[>\x12e\xc3]d8\xba\x8ec\x00\x00\x00\x00\x00\x00\x00\xa0\xe2\xd5y\xec\x90\x00\x98Y\x91\x19\x16\x89\xd0\x1a\xad\xcd\xd6\xd0\xc6\xb9\xeb\x95\xd3\x9cl\x9cu#\xb4\xee\xe5\x9d\t\fV\xd4\xda\xfc`2?\x15P\xba\x14b\x1c\xcc\xd5\xb9jA$s\xb9g3\x15M\xd9\xb9 \xca[\xc7\xec\xa9;\xee\x01\xc9\xc4\x1f\xc3\xe4\xfa\xd3fU\x0e\x86\xc8\xa7\xaf\xaf\x04p\xa3\x8bb\xbf\\\xdb\x83\x00\x96sy\x14\x1eo\xcc9&\x946\xf9\xf5v\xee\xb5m$;\x01\xb8\xeau\x00\xd1S=\x920H\xc2z\xb5\xbe\x95\xef\xeb\xd1\xc8\xa1\xba\xach\xbef\xa8\x86\xc2\x18\x9cC\x15\x9c^\xcf\xe9\xbcp\xb4Ff\x00\x9d>p\"\x19\xd8}|~\xae\xdb\a59f\xb8?\xba\xf2\x8e\xa5y\\\xf0\fkd??-\x983\xf3\x19\xc7\xc0/\xe9\x1a\x80=\xa72)\xd2\x00'/277, &(0x7f00000002c0)='/\x00\x01\x00H\x98', 0x0)
tkill(r1, 0xb)
bpf$PROG_LOAD(0x23, 0x0, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0)

5.271471754s ago: executing program 5 (id=192):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r1, 0x0, 0xd}, 0x18)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x1fffffffffe, 0xfffffffffffffffd, 0x80000001, 0x0, 0x1000001000, 0x9}, 0x0, &(0x7f00000002c0)={0x3fb, 0x8000, 0x400000000001, 0x9, 0x40000000000000, 0xf, 0xf4e0, 0x2}, 0x0, 0x0)

3.554696258s ago: executing program 0 (id=193):
close(0x3)
r0 = epoll_create(0x10000e9)
r1 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0), 0x2)
r2 = memfd_create(&(0x7f0000000580)='y\x105\xfb\xf7\x88\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7`\x9b=\xec\x9f\x1d\x9b@$\x8c\bb\x1a\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\'\xffO,4\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2\x01G\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\rr\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\xc6\x8a=\x04\xa35\x9b\xf5\x80E\x8f\x1e\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x10\x00'/276, 0x2)
ftruncate(r2, 0xffff)
fcntl$addseals(r2, 0x409, 0x7)
r3 = ioctl$UDMABUF_CREATE(r1, 0x40187542, &(0x7f0000000100)={r2, 0x0, 0x0, 0x1000})
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r3, &(0x7f0000000080)={0x30000009})
r4 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfad6}, &(0x7f0000000040)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x2085}})
io_uring_enter(r4, 0x1f85, 0x40110a, 0x4d, 0x0, 0x85)

3.553652547s ago: executing program 5 (id=194):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b7020000f7ffffffbfa70000000000009702000020febfff7a0af0fff8ff00f869a4f0ff00000000b70600001218d1fe2d640500000000002404000000ffffffd404000020000000b7040000100000207207f0ff00000000850000002f000000b70000000a00000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x8}, 0x3b)

3.263011084s ago: executing program 2 (id=195):
unshare(0x2c020400)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
syz_mount_image$bcachefs(&(0x7f0000000180), &(0x7f0000000000)='./file1\x00', 0x810, &(0x7f00000001c0)=ANY=[@ANYRES32, @ANYRESHEX, @ANYRESDEC, @ANYRESDEC], 0xff, 0x5a85, &(0x7f0000001080)="$eJzs3X+QHNV9IPDXM7Pa2V39WAkcZDCrRUYJwbG14lf5RyqWc4mdAoeSyynH4mTDglZE9kqo9COATGKRA591YJedci7ByR/EhX1nW3FxZV+MQpmAOYnzLxUXH3VlU2ffYf/hK8KhMqCjXD42tTP9Zmd6p7dnZ2elBT6fkran37z59rdfv+np92Z2JwAAAPCqcPzOfaeuPvd3v/1nEy989Pf+YdftYahcK6/GCsPp8pYzlSGnU39lbW2Z7Re/9pEv/XT0ht/+1v2Dn3/x2PYLdvzwd8664cEPXXn0nr9+5PkVX3vpqaK4sT9dPLOePJOEUP3Gyb/42LHvnDNdlqyc/lk6FMLqZM0jq5NMiLFfhBC2T+cYQlibufOrL1y6Y3p5+139LeWrMvXy+nuD/v6KNt0PpzvWwVM3vyH86B1b7/jeuq/8Xd+Rpw/NVEmqTf0phJXXNT++L4QwkP4PaV8MTf0xdtotIYTBpse9uSCv13eY/8ac9fPS5bJ0OVQQJ96/PrNeytTLrkd9meVgwfYWKi+PbuqVO6izPLOePRktVF6esXx1uvx6urx4nvHL6T6Uk1BKQqWR/mQy00dC03FLQlI7ltXGeqlxbEO6/5n1JLNeyqyX+zL7Vdtu2tHKSdJaHutlyuPpuJKWX9B8bdLGe3PKX5suq+kT9cW4HrI36oZm3WjsV03M6+QcuZwOpaZzULvyxoFPD8ZQWjaUrJn1mKk24n3Htt69obztm8eHc/JI7k/S+ElX8Q9+d/XyD3758IHs63oj/nWlNH6pq/g/vurEs9cc/txnc+N/KsYvdxX/kocGn7nq0TvX57bPydg+la7ijz/12CfWnX39kdz8743xq13F33z0RP+KUw89nJv/WGyfga7iP/m2d/7ki0888HRu/BDjD3YVf9vRPZ/sHzl1UW78h2P7DHXXf547csUPRkZ+NpoX//EYf0VX8b9w6J633rfqritzj++W2D7DXcV/94UP3rH81APn5507k3s7fYUFoJ2z0musj6frXY0zp7KzFvPXNF74q9FK/Zpvefp/xYKjN8lcfE5vZ2Uv4wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABACOE1b/iv7/rf7xt+ppKu96c3nizVl7F8WQjJQAhh3/7xvft37r5x9EM3Hdi7e3xydHz/6MTu/XtvHb3sN0b3TuyZHL91+t6xN15af9yakNSXyfmztj0QpqZKw61lcXv/6sIjP9rw5v/zzyGMveb7I5Xc/Dfes+u+s9v8zEg2T71914Grv3/536b7NZzmNdwmr6mpqamQk9f/ff8v7/vzkz+9KISxX5krr8ee/K1/bEmoVjATJ1XqD/WE+pPBtnk0sk7zie1V2bFzcmJs7vadfnw5Zz/+9Uee/sWOWz79y3r7VnP3o8P2Hdg8NVn6y63v/v9/eVu9oCivM3Xci9o77kXML7ZfNW3vlel+rczZr0rOft35vYef+Ma5h/MbumC/+tIO0Je8tqPtxr0bTFa3lFfT+jGR+LiN+3ft2bjv1oNv3Llr/MaJGyd2v2XTZZuuGLv8iss31vZ8Y2/2//lDYazy3LrBELf/qx3ufy/600D22Tdru6v++NDX48/O+lNrXsvm3R7TeRW3R3NGec+/wfd+7DNvuefRq+sFRf081m6cT9Ll4PRx3hSa+tvstmq3X0XHJ4Qw2q4dnn3+ynDO/9h5R9F5qPnINP/MSDZPfWf9z//2zX+z9jfrBaflPN+cUJfn+UbWM/nU2qu6Y+ftzXWXWvv2h3K6X0Nt89r0nUf77j7+z3/SyG/ZsnDL+P79ezfVfy5PM12enNc2r2xp3K91tZ/lkB7e0OimbfrrtL5Qzy97/ozVs606lN43lKxpu19Z8b5jW+/eUN72zeN5LZ3cX9/iQFhRXyavy6k5mXlguZFwu+0v1edfUf8YedfffO19X/v7y2b1j0vqP4v2K8nZr6888YXPfP7T//bve7df7/qtE8M//59/tKFesOTPK+V6Io2s03ySmfPK5MQlIRQ9/9aF9vvReP79+3KMm2bUfn+Knn/Z7czUbx9vNLM+FMpdPV8veWjwmasevXN97vP15FzP1+adva3lceWC5+tS6T/Z51dSac1j8Z5fLR0l2Tz1rY+fdeiRj245t15Q9HrZqN2uX1/awfgjZ7/+8ZofjNw0+m/+e+/OG1/6ja9e+8PxzX9aL+j+uMdcenPcq2n7VnPat5F1HHc2t++bbrhpcnu9vKidz9z1b7osGP/EU8m+Ww9+eHxycmLvvs72q9PX07idbCt3+3oaz25rCvarNGu/Fu9GJ+3V6fMt5r+96/Zqfb4NhaSr14WD3129/INfPnxgeNaj0g1dV0rjl7qK/+OrTjx7zeHPfTY3/qdi/EpX8cefeuwT686+/khu/HuTNH61q/ibj57oX3HqoYdz44/F/Ae6iv/k2975ky8+8cDTufFDjD/UVfzUz3LjP56k25m+Rgrhqy9cuqO+noS+9PkW8+hryStk15PMeimzXm5eL8VZhHQD5SRpLY/10vILmnJp5w9zyuNVWHVtffliXA/ZG3OXLzWlpnN/u/Ki61QAgFe6+P5/vAaN7/9PpBdK+TMNMKPbcdiPnztyxQ9GRn62NiduHIfNzOe0vse6No0fHx/nAUfeFMaml7eP1i/05/s+Qnw+ZOc543Yuen1rjMJ5zqna9mfNcxbNv6/PrMe86vPllaZxaGr2uKYSOph/X58JUzT/ntn94vezRj8+K63Rpnmr7PHrS2fM2n3eIbS2S2U6Ql7/yM6Lxc9zjKwMW2rb67B/ZD9HE49D9nM0cTvnZk6c3X6OJq9/DM9uh5a8Yv+I9eboH7WUi9+PnH38whztO3P82kfLHr95HO9qCP/pc3Flsd6f7cG8YdtTWifzhv1tthDv63zecHHfDzMvmRM/fYJ1MG/40qqWx53eecNYHvej0uF84vtyyns1nxhPFzGvk3PkcjqYTwReqeL4P75GTI//py/A/1+mXtE4JXvVGOPlfk6v3D6fonHH7M/pDXb1Or7t6J5P9o+cuij3OufhTj+nt6dlbbDgcz9F7bghs17YjjkTNEXjvex2ito9+7mMobCiq3b/wqF73nrfqruuzG33LfUX0uJ2/0zL2oqCdl/sz3O+/D9nYLzQNv4S/xxDp/NnZ+xzDOkHnxZrPPIHOeXzHY8MzrrR2K+apTsemXkh7W+dwAMAaCuO/xvvn6Xj//8VK6TXEUXj1osz6zFe7rg15/okb9z6++nylkz9ofQ3KuZ73fzuCx+8Y/mpB87PHbfc2+k49D+2rA0XjkMXNm7OHUds6c3nxXPHEY1x1sLGibn5N8aJCxun57xN2zROX9g4Ord9GuPo1nmAz5zoLH6cB8iN35gH6OE496WZSqdvnFswX5fZWFztdL7ujIyjV7bu56KMo9Nfn12scfR7c8rnO44emnWjsV81S3cc3VpuHA0AvFLF8X+8jIvj/0cz9Rb6PnvuuKBH1+3ZvwfSiP/4oowrZ+L36P3f4nHfYo9b88b1yaF2W4n3dj6uX+x5iZf7+7+LPS80XPsDnmn8TSs7jN/pPNkZe395qYyL040aFwMAsJTF8f9Aup4//l/Y+GTW+K2vfgk5Mz55+Y3Pm+udufF5r953Nz5vG7/T961z4i+d+a/F/ZzMq378H9fT1SnjfwAAlqA4/o+/9hj//t9/Sdezf7d+6Y3Tp9JL0kV6Hz1tD+N04/Qwxzj97Tm/7xHv73yc3uN5thi/+XMA5gFO7+fjB2bqmwcAAOBM6KuNlGb/nv0H0mX29+zzfi//mpz6NR38TdRKenl8/f69ExPXHtizfXz/xLW7b9o+se/am/fu3L9/Yne93kLHjbnjljTJvlBJ26N9vey4bVU6MbAq5+8hZOvHsOfVbsz+ewjZzQ4U/B2BmePXWb55x680R/12/SPveOfF/8Oc+lHj+N/wR5dcu2PftTt379y/c3xy58GJ1ujTDTE4j+/NTNL/8/q+1Mee/HfHQ6jfqn1rZkZp/t/fGQ/PPPNo+THriVSabpEk9/hP55Fk8lidZrI67/sPcvL+9n/78z++cOqXXwxh7DXl180379aQm6f+8/snfn//8e/vmc6/NGf+jZppXkXfV5qtH/enMnnTvv1v2HHTgd3Zb5TsTpzPKDXWF2k+I336lzucn9iWUz7f398vz7qxNHU8PzHtHdefvsQAAJa4+P5/vJ6N7x9+Or2AiuWdj9PrF47dvn+cO04f62ycnv1esqJxerZ+3N9Ox+nVBY7Ts9vPH6cP5NZvN07PG3fnxf+DnPrz1Xk/6eL3MeLw88uHD+T2k+uy/WSgbb3s9xkU9ZNs/fn2k2SB/SS7/aL5nHb12/WTvOOeF/89OfXzFPWHSqM/LOz3Z3L7w6c6O2/8ema9qD9k68+3P5QW2B+y2y/qD+3qt+sPecc3L/7VOfU71do/pjtGrV9MXHvzTXs/3FRvsb//Isz+SEYn+S2beezifv9Htzpv38X93NfC8w9hc60kL//F/VzZwvMvav95/P7XyjDrc2W5+T+ecwLpef6L+/0uGXnVZz/+dM3XpmeCos+fFc3jbs0pn+887rJZN5amec3jAj0Vx//x7Z44/r8rXfb6baCX//ek+R6ztvF79D1mRdcxr7rX8+xb7l7PAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF7++kPor6yt3Tx+575TV5/7u9/+s4kXPvp7/7Dr9l/7yJd+OnrDb3/r/sHPv3hs+wU7fvg7Z93w4IeuPHrPXz/y/IqvvfRUYezh2s/KxelqNYTkmSSE6jdO/sXHjn3nnOmyJIRQToYPhbA6WfPI6iQTYewXIYTtMdVK651ffeHSHdPL2+/qbylflQmS3a8wVI75NOcZwi2Fe8TLUDXtZwdP3fyG8KN3bL3je+u+8nd9R54+NFMlqTb1pxBWXtf8+L4QwkD6P9SfMjVr44PT5ZYQwmDT495ckNfrO8x/Y876eelyWbocKogT71+fWS9l6mXXo77McrBgewuVl0e39Yosz6xnT0YLlZdnLF+dLr+eLi+eZ/xy/J+EUhIqjfQnk5k+EpqOWxKS2rGsNtZLjWMb0v3PrCeZ9VJmvdyX2a/adtOOVk6S1vJYL1MeT8eVtPyC5nN1G+/NKX9tuqymT9QX43rI3qgbmnWjsV81Ma+Tc+SS+g/FVbpXajoHtStvHPj0YAylZUPJmlmPmWoj3nds690bytu+eXw4J4/k/iSNn3QV/+B3Vy//4JcPH1ibF/+6Uhq/1FX8H1914tlrDn/us7nxPxXjl7uKf8lDg89c9eid63Pb52Rsn0pX8cefeuwT686+/khu/vfG+NWu4m8+eqJ/xamHHs7Nfyy2z0BX8Z982zt/8sUnHng6N36I8Qe7ir/t6J5P9o+cuig3/sOxfYa66z/PHbniByMjPxvNi/94jL+iq/hfOHTPW+9bddeVucd3S2yf4a7iv/vCB+9YfuqB8/POncm9vXrlBHh1Oiu9xvp4ut7tOHOhmsYLfzVaqV/zLU//r+jlhjKmt7NyEeMDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDK9E+3XfaB97/9PVsrSQhJTp2pNuJ95WWbN492sd3xpx77xLqzrz/SXLa2izgAAABAsTgOLzVKqmFtuDkZCOe1rR/nCM6La0lreXYZ42TnCDqNEzJxSm3ilLqIU+5RPpUexenrUZxlPYrT36M41YI41dBZnIE54lSme0CH+QzOmU/ncYZ6FGd5j+Ks6FGclT2Ks6pHcYbnjNN5P1zdozhrehTnrB7FObtHcV7Tozi/0qM45/QoTnZOeb79cEVa89y8OLUb5cI4laTcuKPdfPo56XbOX+B2hubcTnVqRdHrcYfbGSjYn7id12ceVyrezqHm+tUOt/Or899O6/53uJ1fX+B2SgXbif32lmx+cTtxrcP+f2uP4hzsUZyP9CjObT2K8yfzidPmPbIY5097lM9HFxgHoFNx/D8z3hsO/ZXfDIPpGSc7CxDHu+tqP2e/3uWdkGK812XKlxXFyw7UM/HWzTe/7ARCJt76TLS+lniVxnhkjnjV5ngbMnfOtb9v29w+t+Z4F2fK++eIV5OdWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACARfRPt132gfe//T1bQxKm/7U11Ua8r7xs8+bRLrZ7bOvdG8rbvnm8uay/0kUgAAAAoFAch/c1Sqqhv7Ip9CfLWupV03mAarpeHq4vR1aGLdPLZLRUWx9MVs/5uEr6uI37d+3ZuO/Wg2/cuWv8xokbJ3a/ZdNlm64Yu/yKyzfu2Dk5MVb/GUJ/QbwQQm36Yd+tBz88Pjk5sXdfvTCb/9r0cWtrydb+1R438qYwNr28Pc1/TcH2SrO2t3g3OjqAAAAAAAAAAAAA/8Ku3YZKWpYPAL+emTkz49H9O398Gxf3OKyrWFmpHUNLPA8ECb4sHoSYY51kyZWko7vorphNupCaUgTKwrLhhzZM0qQvvqREvrBgmCV0NgmV8kN9KLQMFT+EMnHOzDNnZs6McxrEXbff78Pzct3XfV/P/Xw4cD1nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgQ7TYmJ6vz8zOTSYRyZCc5gDZWL6YprUx6n7lie0/KE29c3p3rFQYYyEAAABgpKwPn+hEylEq5CMfJy7fbYyugVjp+wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP89i43p+frM7NyRSUQyJKc5QDaWL6ZpbYy6r7710Gdfmpr6W3esOsY6AAAAwGhZH57rRMpRjVNiIjlxqfPvRLNvA+v75rfyVmTrbFhjXv+3g2F5p6wx77Q15n1sRN7m9vmmAAAAgI++rP8vdCKVKBXWreqHs/5/VF+f5Z3cl5dvn9f+W4HimjMBAACA95f1/6VOpBqlQrXTr6+139/Yl5fNH/V/+2z+qUPmj/p//qXts//TAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBHx2Jjer4+MzuXTyKSITnNAbKxfDFNa2PUPfvJyX9cvP/2jd2xUmGMhQAAAICRsj58pfUuR6kwGRNx5HLfP3XhvY986ZHHpiOi1eYXi3HTlh07rj+7dczyznp+/8T3n33926vyzmodD9oGAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAD8xiY3q+PjM7d0QSkQzJaQ6QjeWLaVobo+4rn//iXx548fHXumPVMdYBAAAARsv68JXevxzVKEYxjl++6+71l+T65g/7ZgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcPm745s3f2LKwsPV6FwfnopmPOAQew4WL3ouD/ZcJAAD4oJ0cSTT/SydcdrCfGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBQsNqbn6zOzc+UkIhmS02w2dy0dumVj+WKa1saomz7xQmndO08+3R2rjrEOAAAAMFrWh6/0/uWoxkRMxHHLd4O+CSz3/5UP8SEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAQ8piY3q+PjM7ty6JSIbkNAfIxvLFNK2NUff+XXs/d9/R37uoO1YqjLEQAAAAMFLWhxc7kXKUCh+PUpzUvl/onZDk2+fB3wVW5m3vmTa55nmNrlnFyK953p19Oyu0d9OaV25H85XWuTOvtjIv155X65pXjU75Wmfe8sva3VNt3YjnHPTuAQAA4MOS9f+lTqQSpUKpq///aU9+RZ8LAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyx2Jier8/MziVJRDIkpzlANpYvpmltjLo3//b/j/rqz+7a2R2rjrEOAAAAMFrWh6/0/uWoxob4v9iw3PdHpTc/y/tn/d377vnXX0+POPP4A1OF/mV/lF38+pULnuo/ROR6s3MRR7frJUPq/eb399y4qfnuAxFnHpc/aVW9eP96vUumzUfrWy/d8eyB7SNeDgAAABwmsv5/ohOpRKlw3dD+P+u8R/T/HcsN+NE37vrFse1juyPvm5GrtOvlhtT7wqaH/nzquX9/fan/X13vk52rT++99r5jewq2In2StDlz7c7NB87Zl8t23aqf76ufvZcvf+u1f199093vtuqXo9yOr+97lFa11ce+8pE2F3J75i55b0+jt35hyP5v/93TL/5q/V1vL9V/6+TJTv3TYlD91s4LQ+vHEWlz8vI7dp+3d//m3voRUYv86vpvvH1RnPDHa27r3/9k38Ldb7772P8C0ubzG9/cd+691fN76ydL9btk7//nL96/+yd3f/exrH72W5HTT1lr/Vxf/efuPGbXM7detr63fq6vfrb/p654aWpb7Tt/6N//VT2rFoY+xer9P3jGw1e+vCW9pX8IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg8LLYmJ6vz8zO5ZKIZEhOc4BsLF9M09oYdV+9+IU3rrjrxz/sjlXHWAcAAAAYLevDV3r/clSjGMWYXO77H61vvXTHswe2R6U1mrTPhYVtN+z4xNXbdl531UF6cgAAAGCtXr04We7/C51IJUqFTTHR7v9nrt25+cA5+3JZ/59bOicRcfU1C1vPjE7ec3ces+uZWy9b3/lOELH8s4DyUt5nVvIuvOCFypt/+vqpA/POXsl7fuOb+869t3p+lhfdeWdF5/vEg2c8fOXLW9JbOs/Xnfepr21baH+eyNadvPyO3eft3b85l33HaJ8n2+tmeQu5PXOXvLenkatEaWk8384rt/cNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKy22Jier8/MzkU+IhmS0+zWDmRj+WKa1saoe8mmX9521DuPb+iOlQpjLAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB/2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsJ+/YVIVfZxAH+emdl3Z3d2dVdfaCtaVysKu1AKIuqmoiI0QujKkLA0L6IgiCjsojU0Eiu6CbJuJCqothAMcpNEizX6J910UUGBdRGItFC7SBcZO/OccfY4p9HZCqTPB4Znn+ec8z2/c55nzuwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADiv9FZG6u2RHY/M3nnRrZ89df/Mk7d/8NC2K55466exTTd/urf/9ZNTm5dv+faWpZsOPLBmcvcrh38bfO+PYx2DH280K1O3GkI8EUOofjj94tNTn18wNxZDCOU4NB7CcFxyeDjmElb/HkLY3Kxz/sZ9M9dsmWu37eqdN744F5K/rlArZ/U0DM2vt9WpfBjnnWpaZ1tnH7sqfH/T+u1fLnv3nZ6J4+Ond4lz+5TTegph0cbW43tCCH3pMydbbSPZwaldF0Lobznuug51XXqW9a8q6F+c2v+lttYhJ9u+Itcv5fbL9zM9uba/w/kWqqiObvfrZCDXzz+MFqpZ56r248OpfT+1K88xv5x9YijFUGmW/2A8vUZCy7zFEOtzWW32S9ncVkK6/p6W42IIMdcv5frlntx11c+bFlo5xvnj2X658exxXEnjy1uf1W3cVTB+YWqr6Yt6MuuH/B8NtTP+aF5XXVbX9F/U8m8otTyD2o03Jz5NRi2N1eKSM4451Ua2bWr9s5eXN3x0ZKigjrg3pvzYVf7WL4YH7nl756MjRfkbSym/1FX+D2uP/nL3zldfLsx/Icsvd5V/9cH+E2s/3rGi8P5MZ/enclb5MfWzbfce++S5Zf+/b6LdXNfz92T51a7qv3HyaO/g7MFDhfWvzu5PX1f5391w249vfr3/eGF+yPL7u8rfMPnw872js1cW5h9qfBVq9RXaxfr5deLab0ZHfx4ryv8qu/+DbfJjx/w3xndf/9riXWsK1+e67P4Mpfy+c6r/jssObB+Y3X9J0bMz7vm7fjkB/puWpv+xnkn9Tu+Z+2ZKbd8zF6rlfeGlsUrjF2ggfTq9Gy7E3HkW/YP5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAn+zAAQkAAACAoP+v2xEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBUAAP//2/0YpQ==")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x441, 0x104)
fallocate(r1, 0x0, 0x4, 0x5)
writev(r1, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
close(r0)
open(&(0x7f00000001c0)='./file1\x00', 0x14927e, 0x20)

3.261422623s ago: executing program 3 (id=205):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, 0x0)
r0 = syz_io_uring_setup(0xcc5, &(0x7f00000011c0)={0x0, 0x0, 0x80, 0xffffffff}, &(0x7f0000001240)=<r1=>0x0, &(0x7f0000000340)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_TIMEOUT={0xb, 0x2, 0x0, 0x0, 0x800, &(0x7f00000001c0), 0x1, 0x40})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r0, 0x2, 0x10a5, 0x3, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0xfff}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)

1.887788576s ago: executing program 5 (id=196):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000480)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r3, &(0x7f0000000480)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0x80020}, 0x1c, &(0x7f0000000500)=[{&(0x7f00000034c0)='\x00', 0x1}], 0x1}}], 0x1, 0x34000811)

1.417839637s ago: executing program 0 (id=197):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x50, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x14, 0x11, 0x0, 0x1, @quota={{0xa}, @val={0x4}}}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x98}}, 0x20008844)

0s ago: executing program 5 (id=198):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r2 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x7079, 0x400, 0x3, 0x288}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r1, 0x0, 0x0})
io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.154' (ED25519) to the list of known hosts.
[  101.566133][    T9] cfg80211: failed to load regulatory.db
[  101.972615][ T5846] cgroup: Unknown subsys name 'net'
[  102.089111][ T5846] cgroup: Unknown subsys name 'cpuset'
[  102.099166][ T5846] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[  103.819510][ T5846] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  106.871300][ T5883] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  106.879614][ T5883] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  106.887298][ T5882] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  106.887722][ T5883] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  106.903059][ T5883] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  106.905350][ T5882] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  106.926594][ T5883] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  106.935177][ T5882] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  106.938866][ T5884] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  106.944957][ T5887] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  106.950337][ T5884] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  106.958390][ T5885] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  106.964791][ T5884] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  106.970818][ T5887] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  106.978528][ T5884] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  106.984342][ T5885] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  106.991867][ T5884] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  107.007216][ T5884] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  107.015369][ T5884] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  107.015544][ T5885] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  107.026625][ T5888] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  107.037054][ T5888] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  107.047672][   T51] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  107.055270][ T5885] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  107.064189][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  107.072224][ T5885] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  107.080898][ T5871] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  107.094354][ T5879] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  107.125232][ T5882] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  107.142300][ T5882] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  107.936271][ T5862] chnl_net:caif_netlink_parms(): no params data found
[  108.098181][ T5863] chnl_net:caif_netlink_parms(): no params data found
[  108.205081][ T5864] chnl_net:caif_netlink_parms(): no params data found
[  108.242837][ T5866] chnl_net:caif_netlink_parms(): no params data found
[  108.426794][ T5867] chnl_net:caif_netlink_parms(): no params data found
[  108.528913][ T5865] chnl_net:caif_netlink_parms(): no params data found
[  108.550740][ T5862] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.558095][ T5862] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.566193][ T5862] bridge_slave_0: entered allmulticast mode
[  108.574217][ T5862] bridge_slave_0: entered promiscuous mode
[  108.665307][ T5862] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.672519][ T5862] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.680341][ T5862] bridge_slave_1: entered allmulticast mode
[  108.688552][ T5862] bridge_slave_1: entered promiscuous mode
[  108.718944][ T5863] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.726293][ T5863] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.734095][ T5863] bridge_slave_0: entered allmulticast mode
[  108.741804][ T5863] bridge_slave_0: entered promiscuous mode
[  108.760722][ T5864] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.768146][ T5864] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.775749][ T5864] bridge_slave_0: entered allmulticast mode
[  108.783652][ T5864] bridge_slave_0: entered promiscuous mode
[  108.835150][ T5862] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  108.861283][ T5863] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.868739][ T5863] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.876593][ T5863] bridge_slave_1: entered allmulticast mode
[  108.884557][ T5863] bridge_slave_1: entered promiscuous mode
[  108.909575][ T5864] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.916996][ T5864] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.925832][ T5864] bridge_slave_1: entered allmulticast mode
[  108.933597][ T5864] bridge_slave_1: entered promiscuous mode
[  108.951693][ T5862] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  108.977770][ T5866] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.985077][ T5866] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.992296][ T5866] bridge_slave_0: entered allmulticast mode
[  109.002479][ T5866] bridge_slave_0: entered promiscuous mode
[  109.085090][ T5880] Bluetooth: hci5: command tx timeout
[  109.085548][ T5882] Bluetooth: hci1: command tx timeout
[  109.107635][ T5866] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.115072][ T5866] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.122271][ T5866] bridge_slave_1: entered allmulticast mode
[  109.130487][ T5866] bridge_slave_1: entered promiscuous mode
[  109.163665][ T5880] Bluetooth: hci3: command tx timeout
[  109.169561][ T5880] Bluetooth: hci2: command tx timeout
[  109.181104][ T5882] Bluetooth: hci0: command tx timeout
[  109.184059][ T5863] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  109.243671][ T5882] Bluetooth: hci4: command tx timeout
[  109.258444][ T5862] team0: Port device team_slave_0 added
[  109.285704][ T5863] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  109.330885][ T5864] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  109.345246][ T5864] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  109.356059][ T5867] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.363209][ T5867] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.371339][ T5867] bridge_slave_0: entered allmulticast mode
[  109.379548][ T5867] bridge_slave_0: entered promiscuous mode
[  109.389941][ T5862] team0: Port device team_slave_1 added
[  109.399371][ T5866] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  109.456348][ T5867] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.464067][ T5867] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.471841][ T5867] bridge_slave_1: entered allmulticast mode
[  109.480161][ T5867] bridge_slave_1: entered promiscuous mode
[  109.522286][ T5866] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  109.534489][ T5863] team0: Port device team_slave_0 added
[  109.540576][ T5865] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.547957][ T5865] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.556566][ T5865] bridge_slave_0: entered allmulticast mode
[  109.564476][ T5865] bridge_slave_0: entered promiscuous mode
[  109.642547][ T5863] team0: Port device team_slave_1 added
[  109.665842][ T5865] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.673060][ T5865] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.680541][ T5865] bridge_slave_1: entered allmulticast mode
[  109.688623][ T5865] bridge_slave_1: entered promiscuous mode
[  109.698915][ T5864] team0: Port device team_slave_0 added
[  109.708970][ T5867] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  109.724826][ T5867] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  109.735550][ T5862] batman_adv: batadv0: Adding interface: batadv_slave_0
[  109.742514][ T5862] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  109.768944][ T5862] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  109.834318][ T5864] team0: Port device team_slave_1 added
[  109.857343][ T5862] batman_adv: batadv0: Adding interface: batadv_slave_1
[  109.865080][ T5862] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  109.891334][ T5862] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  109.905501][ T5866] team0: Port device team_slave_0 added
[  109.912368][ T5863] batman_adv: batadv0: Adding interface: batadv_slave_0
[  109.919483][ T5863] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  109.948760][ T5863] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  110.020367][ T5866] team0: Port device team_slave_1 added
[  110.028428][ T5863] batman_adv: batadv0: Adding interface: batadv_slave_1
[  110.036220][ T5863] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  110.062732][ T5863] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  110.097051][ T5865] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  110.128936][ T5864] batman_adv: batadv0: Adding interface: batadv_slave_0
[  110.136483][ T5864] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  110.162757][ T5864] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  110.177966][ T5867] team0: Port device team_slave_0 added
[  110.187282][ T5867] team0: Port device team_slave_1 added
[  110.232184][ T5865] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  110.260249][ T5864] batman_adv: batadv0: Adding interface: batadv_slave_1
[  110.267757][ T5864] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  110.293900][ T5864] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  110.367517][ T5866] batman_adv: batadv0: Adding interface: batadv_slave_0
[  110.375225][ T5866] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  110.401690][ T5866] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  110.417453][ T5866] batman_adv: batadv0: Adding interface: batadv_slave_1
[  110.424556][ T5866] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  110.450977][ T5866] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  110.482744][ T5865] team0: Port device team_slave_0 added
[  110.504835][ T5867] batman_adv: batadv0: Adding interface: batadv_slave_0
[  110.511816][ T5867] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  110.538007][ T5867] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  110.589331][ T5865] team0: Port device team_slave_1 added
[  110.619398][ T5862] hsr_slave_0: entered promiscuous mode
[  110.630464][ T5862] hsr_slave_1: entered promiscuous mode
[  110.638321][ T5867] batman_adv: batadv0: Adding interface: batadv_slave_1
[  110.645669][ T5867] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  110.673035][ T5867] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  110.709375][ T5863] hsr_slave_0: entered promiscuous mode
[  110.717035][ T5863] hsr_slave_1: entered promiscuous mode
[  110.723606][ T5863] debugfs: 'hsr0' already exists in 'hsr'
[  110.729476][ T5863] Cannot create hsr debugfs directory
[  110.776049][ T5864] hsr_slave_0: entered promiscuous mode
[  110.782934][ T5864] hsr_slave_1: entered promiscuous mode
[  110.789685][ T5864] debugfs: 'hsr0' already exists in 'hsr'
[  110.795473][ T5864] Cannot create hsr debugfs directory
[  110.815799][ T5865] batman_adv: batadv0: Adding interface: batadv_slave_0
[  110.822819][ T5865] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  110.849208][ T5865] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  110.863224][ T5865] batman_adv: batadv0: Adding interface: batadv_slave_1
[  110.870519][ T5865] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  110.896681][ T5865] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  111.039326][ T5866] hsr_slave_0: entered promiscuous mode
[  111.047421][ T5866] hsr_slave_1: entered promiscuous mode
[  111.054085][ T5866] debugfs: 'hsr0' already exists in 'hsr'
[  111.059840][ T5866] Cannot create hsr debugfs directory
[  111.165838][ T5882] Bluetooth: hci5: command tx timeout
[  111.171284][ T5880] Bluetooth: hci1: command tx timeout
[  111.188318][ T5867] hsr_slave_0: entered promiscuous mode
[  111.195556][ T5867] hsr_slave_1: entered promiscuous mode
[  111.202001][ T5867] debugfs: 'hsr0' already exists in 'hsr'
[  111.208502][ T5867] Cannot create hsr debugfs directory
[  111.244460][ T5882] Bluetooth: hci0: command tx timeout
[  111.244845][ T5880] Bluetooth: hci2: command tx timeout
[  111.255401][ T5882] Bluetooth: hci3: command tx timeout
[  111.308009][ T5865] hsr_slave_0: entered promiscuous mode
[  111.314907][ T5865] hsr_slave_1: entered promiscuous mode
[  111.321331][ T5865] debugfs: 'hsr0' already exists in 'hsr'
[  111.324210][ T5880] Bluetooth: hci4: command tx timeout
[  111.328203][ T5865] Cannot create hsr debugfs directory
[  112.069359][ T5866] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  112.101946][ T5866] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  112.115960][ T5866] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  112.138801][ T5866] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  112.191548][ T5862] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  112.206521][ T5862] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  112.230539][ T5862] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  112.261293][ T5862] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  112.372308][ T5863] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  112.401503][ T5863] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  112.430754][ T5863] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  112.448283][ T5863] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  112.552101][ T5865] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  112.578882][ T5865] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  112.600558][ T5865] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  112.612789][ T5865] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  112.740985][ T5866] 8021q: adding VLAN 0 to HW filter on device bond0
[  112.759870][ T5867] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  112.781240][ T5867] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  112.798223][ T5867] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  112.812276][ T5867] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  112.873290][ T5866] 8021q: adding VLAN 0 to HW filter on device team0
[  112.942773][  T132] bridge0: port 1(bridge_slave_0) entered blocking state
[  112.950134][  T132] bridge0: port 1(bridge_slave_0) entered forwarding state
[  112.978116][ T5862] 8021q: adding VLAN 0 to HW filter on device bond0
[  112.990683][ T1111] bridge0: port 2(bridge_slave_1) entered blocking state
[  112.998019][ T1111] bridge0: port 2(bridge_slave_1) entered forwarding state
[  113.096757][ T5864] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  113.108402][ T5864] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  113.128309][ T5862] 8021q: adding VLAN 0 to HW filter on device team0
[  113.149460][ T5864] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  113.162865][ T5864] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  113.244353][ T5882] Bluetooth: hci1: command tx timeout
[  113.250120][ T5880] Bluetooth: hci5: command tx timeout
[  113.251485][ T1111] bridge0: port 1(bridge_slave_0) entered blocking state
[  113.262727][ T1111] bridge0: port 1(bridge_slave_0) entered forwarding state
[  113.319183][ T5863] 8021q: adding VLAN 0 to HW filter on device bond0
[  113.327689][ T5880] Bluetooth: hci2: command tx timeout
[  113.333126][ T5880] Bluetooth: hci3: command tx timeout
[  113.339396][ T5882] Bluetooth: hci0: command tx timeout
[  113.345257][ T1164] bridge0: port 2(bridge_slave_1) entered blocking state
[  113.352402][ T1164] bridge0: port 2(bridge_slave_1) entered forwarding state
[  113.406077][ T5880] Bluetooth: hci4: command tx timeout
[  113.439735][ T5863] 8021q: adding VLAN 0 to HW filter on device team0
[  113.543265][ T1164] bridge0: port 1(bridge_slave_0) entered blocking state
[  113.550563][ T1164] bridge0: port 1(bridge_slave_0) entered forwarding state
[  113.582393][ T5865] 8021q: adding VLAN 0 to HW filter on device bond0
[  113.638729][ T1164] bridge0: port 2(bridge_slave_1) entered blocking state
[  113.646064][ T1164] bridge0: port 2(bridge_slave_1) entered forwarding state
[  113.780529][ T5865] 8021q: adding VLAN 0 to HW filter on device team0
[  113.819690][ T5867] 8021q: adding VLAN 0 to HW filter on device bond0
[  113.860996][  T132] bridge0: port 1(bridge_slave_0) entered blocking state
[  113.868488][  T132] bridge0: port 1(bridge_slave_0) entered forwarding state
[  113.896939][ T1111] bridge0: port 2(bridge_slave_1) entered blocking state
[  113.904472][ T1111] bridge0: port 2(bridge_slave_1) entered forwarding state
[  113.936065][ T5866] 8021q: adding VLAN 0 to HW filter on device batadv0
[  114.049475][ T5864] 8021q: adding VLAN 0 to HW filter on device bond0
[  114.086232][ T5867] 8021q: adding VLAN 0 to HW filter on device team0
[  114.118907][ T5865] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  114.144439][ T5865] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  114.220592][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  114.228137][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  114.295059][  T132] bridge0: port 2(bridge_slave_1) entered blocking state
[  114.302261][  T132] bridge0: port 2(bridge_slave_1) entered forwarding state
[  114.398560][ T5864] 8021q: adding VLAN 0 to HW filter on device team0
[  114.491579][  T132] bridge0: port 1(bridge_slave_0) entered blocking state
[  114.498996][  T132] bridge0: port 1(bridge_slave_0) entered forwarding state
[  114.556122][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[  114.563481][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[  114.707179][ T5862] 8021q: adding VLAN 0 to HW filter on device batadv0
[  114.872090][ T5863] 8021q: adding VLAN 0 to HW filter on device batadv0
[  115.097280][ T5865] 8021q: adding VLAN 0 to HW filter on device batadv0
[  115.212343][ T5862] veth0_vlan: entered promiscuous mode
[  115.319914][ T5866] veth0_vlan: entered promiscuous mode
[  115.324256][ T5882] Bluetooth: hci1: command tx timeout
[  115.330942][ T5880] Bluetooth: hci5: command tx timeout
[  115.337670][ T5862] veth1_vlan: entered promiscuous mode
[  115.407599][ T5880] Bluetooth: hci3: command tx timeout
[  115.413093][ T5880] Bluetooth: hci0: command tx timeout
[  115.419492][ T5882] Bluetooth: hci2: command tx timeout
[  115.432041][ T5866] veth1_vlan: entered promiscuous mode
[  115.484694][ T5880] Bluetooth: hci4: command tx timeout
[  115.607457][ T5865] veth0_vlan: entered promiscuous mode
[  115.633207][ T5867] 8021q: adding VLAN 0 to HW filter on device batadv0
[  115.699694][ T5866] veth0_macvtap: entered promiscuous mode
[  115.728601][ T5866] veth1_macvtap: entered promiscuous mode
[  115.737530][ T5865] veth1_vlan: entered promiscuous mode
[  115.768605][ T5862] veth0_macvtap: entered promiscuous mode
[  115.787581][ T5864] 8021q: adding VLAN 0 to HW filter on device batadv0
[  115.824025][ T5862] veth1_macvtap: entered promiscuous mode
[  115.891636][ T5863] veth0_vlan: entered promiscuous mode
[  115.943184][ T5866] batman_adv: batadv0: Interface activated: batadv_slave_0
[  115.955955][ T5865] veth0_macvtap: entered promiscuous mode
[  115.972471][ T5867] veth0_vlan: entered promiscuous mode
[  115.999467][ T5866] batman_adv: batadv0: Interface activated: batadv_slave_1
[  116.011413][ T5865] veth1_macvtap: entered promiscuous mode
[  116.029113][ T5862] batman_adv: batadv0: Interface activated: batadv_slave_0
[  116.037424][ T5863] veth1_vlan: entered promiscuous mode
[  116.061860][ T5864] veth0_vlan: entered promiscuous mode
[  116.076590][ T5864] veth1_vlan: entered promiscuous mode
[  116.100510][   T13] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  116.111394][   T13] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  116.142905][ T5862] batman_adv: batadv0: Interface activated: batadv_slave_1
[  116.154036][   T13] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  116.170804][ T5865] batman_adv: batadv0: Interface activated: batadv_slave_0
[  116.179754][ T5867] veth1_vlan: entered promiscuous mode
[  116.212901][   T13] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  116.236927][   T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  116.246310][   T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  116.269720][ T5865] batman_adv: batadv0: Interface activated: batadv_slave_1
[  116.287457][   T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  116.296377][   T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  116.337125][  T132] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  116.347118][  T132] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  116.372104][ T5864] veth0_macvtap: entered promiscuous mode
[  116.391257][  T132] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  116.402639][   T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  116.430427][ T5864] veth1_macvtap: entered promiscuous mode
[  116.470717][ T5867] veth0_macvtap: entered promiscuous mode
[  116.504446][ T5863] veth0_macvtap: entered promiscuous mode
[  116.575396][ T5867] veth1_macvtap: entered promiscuous mode
[  116.595450][ T5863] veth1_macvtap: entered promiscuous mode
[  116.604812][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.612368][ T5864] batman_adv: batadv0: Interface activated: batadv_slave_0
[  116.620456][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.677485][ T5864] batman_adv: batadv0: Interface activated: batadv_slave_1
[  116.685545][  T132] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.699227][  T132] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.737200][ T5863] batman_adv: batadv0: Interface activated: batadv_slave_0
[  116.750225][ T5863] batman_adv: batadv0: Interface activated: batadv_slave_1
[  116.778259][ T5867] batman_adv: batadv0: Interface activated: batadv_slave_0
[  116.826431][   T72] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.827087][ T5867] batman_adv: batadv0: Interface activated: batadv_slave_1
[  116.842003][   T72] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.858888][ T1164] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  116.869083][ T1095] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  116.905443][ T1095] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  116.917497][ T1164] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  116.950744][ T1164] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  116.959589][ T1164] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  116.988691][   T72] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.996989][   T72] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.015741][ T1164] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  117.025958][   T13] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  117.064307][ T1164] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.072297][ T1164] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.099106][   T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  117.108174][   T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  117.234010][   T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  117.244342][   T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  117.263245][ T5862] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  117.304774][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.313857][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.352680][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.374394][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.514379][   T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.522286][   T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.727901][   T72] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.747715][   T72] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.315445][   T72] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.344370][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  119.403726][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  119.556492][   T72] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.678030][ T6024] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  119.684675][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.717289][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  121.045857][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  121.072038][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  121.224961][ T6036] binder: 6035:6036 ioctl c00c620f 0 returned -14
[  121.400016][ T6039] loop1: detected capacity change from 0 to 2048
[  122.345819][ T6039] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  122.454793][ T6039] ext4 filesystem being mounted at /1/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  124.055306][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  124.496487][    T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!!
[  124.567069][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  124.920226][ T5880] Bluetooth: hci0: unexpected cc 0x1001 length: 1 < 9
[  124.926621][ T6063] netlink: 188 bytes leftover after parsing attributes in process `syz.2.15'.
[  124.958396][    T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!!
[  125.014839][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  125.040241][ T5867] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  127.626495][ T6084] loop3: detected capacity change from 0 to 1024
[  127.676225][ T6084] ext4: Unknown parameter 'fsmagic'
[  127.889416][ T6087] overlayfs: overlapping lowerdir path
[  128.524177][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  128.604030][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  129.072062][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  134.850640][ T6124] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  136.199065][ T6128] binder: BINDER_SET_CONTEXT_MGR already set
[  136.243642][ T6128] binder: 6127:6128 ioctl 4018620d 200000000040 returned -16
[  136.993094][   T30] audit: type=1326 audit(1756374290.750:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6145 comm="syz.0.46" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4998f8ebe9 code=0x7ffc0000
[  137.089902][ T6146] netlink: 180 bytes leftover after parsing attributes in process `syz.0.46'.
[  137.265942][   T30] audit: type=1326 audit(1756374290.750:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6145 comm="syz.0.46" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4998f8ebe9 code=0x7ffc0000
[  137.513558][   T30] audit: type=1326 audit(1756374290.750:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6145 comm="syz.0.46" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4998f8ebe9 code=0x7ffc0000
[  137.585599][   T30] audit: type=1326 audit(1756374290.760:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6145 comm="syz.0.46" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f4998f8ebe9 code=0x7ffc0000
[  137.791158][ T6147] netlink: 180 bytes leftover after parsing attributes in process `syz.0.46'.
[  137.819751][ T6153] netlink: 180 bytes leftover after parsing attributes in process `syz.0.46'.
[  137.847012][   T30] audit: type=1326 audit(1756374290.760:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6145 comm="syz.0.46" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4998f8ebe9 code=0x7ffc0000
[  137.870207][   T30] audit: type=1326 audit(1756374290.760:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6145 comm="syz.0.46" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4998f8ebe9 code=0x7ffc0000
[  137.895074][   T30] audit: type=1326 audit(1756374290.760:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6145 comm="syz.0.46" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4998f8ebe9 code=0x7ffc0000
[  137.921412][   T30] audit: type=1326 audit(1756374290.860:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6145 comm="syz.0.46" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f4998f8ebe9 code=0x7ffc0000
[  138.057311][   T30] audit: type=1326 audit(1756374291.530:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6145 comm="syz.0.46" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4998f8ebe9 code=0x7ffc0000
[  138.083994][   T30] audit: type=1326 audit(1756374291.530:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6145 comm="syz.0.46" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4998f8ebe9 code=0x7ffc0000
[  140.450785][ T6171] netfs: Couldn't get user pages (rc=-14)
[  141.686977][ T6181] loop2: detected capacity change from 0 to 2048
[  141.781806][ T6181] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  142.220368][   T30] audit: type=1800 audit(1756374295.980:12): pid=6181 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.44" name="file1" dev="loop2" ino=1415 res=0 errno=0
[  143.214390][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  143.221025][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  148.462034][ T6208] syz.3.53 uses obsolete (PF_INET,SOCK_PACKET)
[  162.749496][ T6283] netlink: 4 bytes leftover after parsing attributes in process `syz.0.74'.
[  163.014009][ T6285] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  163.063696][ T6285] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  163.083609][ T5882] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  163.106290][ T5882] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  163.125885][ T5882] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  163.141085][ T5882] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  163.149232][ T5882] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  163.260254][ T6285] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  164.619927][ T6291] loop0: detected capacity change from 0 to 32768
[  164.814939][ T6294] find_entry called with index = 0
[  165.239507][ T5880] Bluetooth: hci4: command tx timeout
[  165.484353][   T35] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  165.863989][ T6301] loop3: detected capacity change from 0 to 8
[  167.342031][   T35] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  167.357115][ T6307] Device name cannot be null; rc = [-22]
[  167.418186][ T5880] Bluetooth: hci4: command tx timeout
[  168.081712][ T6311] random: crng reseeded on system resumption
[  169.220852][   T35] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  169.477472][ T5880] Bluetooth: hci4: command tx timeout
[  170.388429][   T35] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  170.756606][ T6342] loop5: detected capacity change from 0 to 40427
[  170.821062][ T6342] F2FS-fs (loop5): invalid crc value
[  170.955733][ T6340] loop3: detected capacity change from 0 to 4096
[  170.960002][ T6342] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  170.973815][ T6342] F2FS-fs (loop5): Start checkpoint disabled!
[  171.068942][ T6342] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  171.102701][ T6340] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512).
[  171.374267][   T30] audit: type=1800 audit(1756374581.130:13): pid=6350 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.91" name="bus" dev="loop5" ino=10 res=0 errno=0
[  171.449508][ T6350] syz.5.91: attempt to access beyond end of device
[  171.449508][ T6350] loop5: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  171.471185][ T6350] syz.5.91: attempt to access beyond end of device
[  171.471185][ T6350] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  171.490415][ T6350] syz.5.91: attempt to access beyond end of device
[  171.490415][ T6350] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  171.508395][ T6350] syz.5.91: attempt to access beyond end of device
[  171.508395][ T6350] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  171.524988][ T6350] syz.5.91: attempt to access beyond end of device
[  171.524988][ T6350] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  171.550040][ T6350] syz.5.91: attempt to access beyond end of device
[  171.550040][ T6350] loop5: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  171.556059][ T5880] Bluetooth: hci4: command tx timeout
[  171.575612][ T6350] syz.5.91: attempt to access beyond end of device
[  171.575612][ T6350] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  171.594451][ T6350] syz.5.91: attempt to access beyond end of device
[  171.594451][ T6350] loop5: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  171.611278][ T6350] syz.5.91: attempt to access beyond end of device
[  171.611278][ T6350] loop5: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  171.630462][ T6350] syz.5.91: attempt to access beyond end of device
[  171.630462][ T6350] loop5: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  172.947785][   T13] CPU: 1 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted syzkaller #0 PREEMPT(full) 
[  172.947836][   T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  172.947860][   T13] Workqueue: writeback wb_workfn (flush-7:5)
[  172.947925][   T13] Call Trace:
[  172.947936][   T13]  <TASK>
[  172.947950][   T13]  dump_stack_lvl+0x16c/0x1f0
[  172.948008][   T13]  f2fs_handle_critical_error+0x624/0x9f0
[  172.948061][   T13]  ? srso_alias_return_thunk+0x5/0xfbef5
[  172.948107][   T13]  ? f2fs_build_fault_attr+0x53/0x1f0
[  172.948159][   T13]  f2fs_write_end_io+0x958/0xcf0
[  172.948217][   T13]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  172.948280][   T13]  ? srso_alias_return_thunk+0x5/0xfbef5
[  172.948336][   T13]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  172.948386][   T13]  bio_endio+0x6bf/0x800
[  172.948446][   T13]  submit_bio_noacct+0x306/0x1ed0
[  172.948503][   T13]  __submit_merged_bio+0x33c/0x770
[  172.948561][   T13]  __submit_merged_write_cond+0x319/0x3f0
[  172.948627][   T13]  f2fs_sync_node_pages+0x1394/0x1620
[  172.948695][   T13]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  172.948798][   T13]  ? srso_alias_return_thunk+0x5/0xfbef5
[  172.948840][   T13]  ? lock_acquire+0x179/0x350
[  172.948901][   T13]  ? srso_alias_return_thunk+0x5/0xfbef5
[  172.948944][   T13]  ? rcu_is_watching+0x12/0xc0
[  172.948991][   T13]  ? srso_alias_return_thunk+0x5/0xfbef5
[  172.949044][   T13]  f2fs_write_node_pages+0x27d/0x7a0
[  172.949094][   T13]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  172.949154][   T13]  ? srso_alias_return_thunk+0x5/0xfbef5
[  172.949197][   T13]  ? __lock_acquire+0xb97/0x1ce0
[  172.949263][   T13]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  172.949313][   T13]  do_writepages+0x27a/0x600
[  172.949368][   T13]  ? __pfx_do_writepages+0x10/0x10
[  172.949412][   T13]  ? srso_alias_return_thunk+0x5/0xfbef5
[  172.949455][   T13]  ? reacquire_held_locks+0xcd/0x1f0
[  172.949512][   T13]  ? writeback_sb_inodes+0x3b0/0xfa0
[  172.949569][   T13]  __writeback_single_inode+0x160/0xfb0
[  172.949624][   T13]  ? __pfx___writeback_single_inode+0x10/0x10
[  172.949672][   T13]  ? srso_alias_return_thunk+0x5/0xfbef5
[  172.949715][   T13]  ? do_raw_spin_unlock+0x172/0x230
[  172.949756][   T13]  ? srso_alias_return_thunk+0x5/0xfbef5
[  172.949807][   T13]  writeback_sb_inodes+0x60d/0xfa0
[  172.949885][   T13]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  172.949932][   T13]  ? srso_alias_return_thunk+0x5/0xfbef5
[  172.949975][   T13]  ? find_held_lock+0x2b/0x80
[  172.950095][   T13]  ? srso_alias_return_thunk+0x5/0xfbef5
[  172.950139][   T13]  ? rcu_is_watching+0x12/0xc0
[  172.950183][   T13]  ? srso_alias_return_thunk+0x5/0xfbef5
[  172.950227][   T13]  ? queue_io+0x3f6/0x520
[  172.950279][   T13]  wb_writeback+0x419/0xb70
[  172.950341][   T13]  ? __pfx_wb_writeback+0x10/0x10
[  172.950387][   T13]  ? srso_alias_return_thunk+0x5/0xfbef5
[  172.950446][   T13]  ? srso_alias_return_thunk+0x5/0xfbef5
[  172.950490][   T13]  ? mark_held_locks+0x49/0x80
[  172.950555][   T13]  wb_workfn+0x14d/0xbe0
[  172.950612][   T13]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  172.950664][   T13]  ? __pfx_wb_workfn+0x10/0x10
[  172.950719][   T13]  ? srso_alias_return_thunk+0x5/0xfbef5
[  172.950768][   T13]  ? srso_alias_return_thunk+0x5/0xfbef5
[  172.950818][   T13]  ? srso_alias_return_thunk+0x5/0xfbef5
[  172.950861][   T13]  ? rcu_is_watching+0x12/0xc0
[  172.950916][   T13]  process_one_work+0x9cf/0x1b70
[  172.950981][   T13]  ? __pfx_process_one_work+0x10/0x10
[  172.951022][   T13]  ? srso_alias_return_thunk+0x5/0xfbef5
[  172.951080][   T13]  ? srso_alias_return_thunk+0x5/0xfbef5
[  172.951124][   T13]  ? assign_work+0x1a0/0x250
[  172.951167][   T13]  worker_thread+0x6c8/0xf10
[  172.951234][   T13]  ? __pfx_worker_thread+0x10/0x10
[  172.951283][   T13]  kthread+0x3c5/0x780
[  172.951321][   T13]  ? __pfx_kthread+0x10/0x10
[  172.951361][   T13]  ? srso_alias_return_thunk+0x5/0xfbef5
[  172.951404][   T13]  ? rcu_is_watching+0x12/0xc0
[  172.951450][   T13]  ? __pfx_kthread+0x10/0x10
[  172.951490][   T13]  ret_from_fork+0x5d7/0x6f0
[  172.951523][   T13]  ? __pfx_kthread+0x10/0x10
[  172.951561][   T13]  ret_from_fork_asm+0x1a/0x30
[  172.951635][   T13]  </TASK>
[  173.347882][    C1] vkms_vblank_simulate: vblank timer overrun
[  173.613636][   T13] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  173.765103][   T13] CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted syzkaller #0 PREEMPT(full) 
[  173.765151][   T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  173.765174][   T13] Workqueue: writeback wb_workfn (flush-7:5)
[  173.765225][   T13] Call Trace:
[  173.765234][   T13]  <TASK>
[  173.765244][   T13]  dump_stack_lvl+0x16c/0x1f0
[  173.765286][   T13]  f2fs_handle_critical_error+0x624/0x9f0
[  173.765323][   T13]  ? srso_alias_return_thunk+0x5/0xfbef5
[  173.765362][   T13]  ? f2fs_build_fault_attr+0x53/0x1f0
[  173.765403][   T13]  f2fs_write_end_io+0x958/0xcf0
[  173.765448][   T13]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  173.765499][   T13]  ? srso_alias_return_thunk+0x5/0xfbef5
[  173.765540][   T13]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  173.765579][   T13]  bio_endio+0x6bf/0x800
[  173.765623][   T13]  submit_bio_noacct+0x306/0x1ed0
[  173.765666][   T13]  __submit_merged_bio+0x33c/0x770
[  173.765708][   T13]  __submit_merged_write_cond+0x319/0x3f0
[  173.765755][   T13]  f2fs_sync_node_pages+0x1394/0x1620
[  173.765803][   T13]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  173.765873][   T13]  ? srso_alias_return_thunk+0x5/0xfbef5
[  173.765905][   T13]  ? lock_acquire+0x179/0x350
[  173.765949][   T13]  ? srso_alias_return_thunk+0x5/0xfbef5
[  173.765981][   T13]  ? rcu_is_watching+0x12/0xc0
[  173.766020][   T13]  ? srso_alias_return_thunk+0x5/0xfbef5
[  173.766059][   T13]  f2fs_write_node_pages+0x27d/0x7a0
[  173.766095][   T13]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  173.766138][   T13]  ? srso_alias_return_thunk+0x5/0xfbef5
[  173.766170][   T13]  ? __lock_acquire+0xb97/0x1ce0
[  173.766214][   T13]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  173.766251][   T13]  do_writepages+0x27a/0x600
[  173.766292][   T13]  ? __pfx_do_writepages+0x10/0x10
[  173.766325][   T13]  ? srso_alias_return_thunk+0x5/0xfbef5
[  173.766357][   T13]  ? reacquire_held_locks+0xcd/0x1f0
[  173.766399][   T13]  ? writeback_sb_inodes+0x3b0/0xfa0
[  173.766440][   T13]  __writeback_single_inode+0x160/0xfb0
[  173.766481][   T13]  ? __pfx___writeback_single_inode+0x10/0x10
[  173.766516][   T13]  ? srso_alias_return_thunk+0x5/0xfbef5
[  173.766548][   T13]  ? do_raw_spin_unlock+0x172/0x230
[  173.766578][   T13]  ? srso_alias_return_thunk+0x5/0xfbef5
[  173.766616][   T13]  writeback_sb_inodes+0x60d/0xfa0
[  173.766670][   T13]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  173.766704][   T13]  ? srso_alias_return_thunk+0x5/0xfbef5
[  173.766736][   T13]  ? find_held_lock+0x2b/0x80
[  173.766819][   T13]  ? srso_alias_return_thunk+0x5/0xfbef5
[  173.766851][   T13]  ? rcu_is_watching+0x12/0xc0
[  173.766883][   T13]  ? srso_alias_return_thunk+0x5/0xfbef5
[  173.766915][   T13]  ? queue_io+0x3f6/0x520
[  173.766950][   T13]  wb_writeback+0x419/0xb70
[  173.766994][   T13]  ? __pfx_wb_writeback+0x10/0x10
[  173.767033][   T13]  ? srso_alias_return_thunk+0x5/0xfbef5
[  173.767075][   T13]  ? srso_alias_return_thunk+0x5/0xfbef5
[  173.767107][   T13]  ? mark_held_locks+0x49/0x80
[  173.767155][   T13]  wb_workfn+0x14d/0xbe0
[  173.767196][   T13]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  173.767234][   T13]  ? __pfx_wb_workfn+0x10/0x10
[  173.767276][   T13]  ? srso_alias_return_thunk+0x5/0xfbef5
[  173.767311][   T13]  ? srso_alias_return_thunk+0x5/0xfbef5
[  173.767348][   T13]  ? srso_alias_return_thunk+0x5/0xfbef5
[  173.767380][   T13]  ? rcu_is_watching+0x12/0xc0
[  173.767419][   T13]  process_one_work+0x9cf/0x1b70
[  173.767465][   T13]  ? __pfx_process_one_work+0x10/0x10
[  173.767496][   T13]  ? srso_alias_return_thunk+0x5/0xfbef5
[  173.767539][   T13]  ? srso_alias_return_thunk+0x5/0xfbef5
[  173.767580][   T13]  ? assign_work+0x1a0/0x250
[  173.767618][   T13]  worker_thread+0x6c8/0xf10
[  173.767675][   T13]  ? __pfx_worker_thread+0x10/0x10
[  173.767705][   T13]  kthread+0x3c5/0x780
[  173.767733][   T13]  ? __pfx_kthread+0x10/0x10
[  173.767761][   T13]  ? srso_alias_return_thunk+0x5/0xfbef5
[  173.767794][   T13]  ? rcu_is_watching+0x12/0xc0
[  173.767828][   T13]  ? __pfx_kthread+0x10/0x10
[  173.767857][   T13]  ret_from_fork+0x5d7/0x6f0
[  173.767882][   T13]  ? __pfx_kthread+0x10/0x10
[  173.767909][   T13]  ret_from_fork_asm+0x1a/0x30
[  173.767962][   T13]  </TASK>
[  174.278008][   T13] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  174.700461][ T6280] chnl_net:caif_netlink_parms(): no params data found
[  177.969993][ T6383] ttyS ttyS3: ldisc open failed (-12), clearing slot 3
[  178.132761][ T6381] loop2: detected capacity change from 0 to 2048
[  178.439132][ T6381] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  178.541762][ T6280] bridge0: port 1(bridge_slave_0) entered blocking state
[  178.605802][ T6280] bridge0: port 1(bridge_slave_0) entered disabled state
[  178.647675][ T6280] bridge_slave_0: entered allmulticast mode
[  178.693503][   T30] audit: type=1800 audit(1756374588.484:14): pid=6377 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.100" name="bus" dev="loop2" ino=18 res=0 errno=0
[  178.726290][ T6280] bridge_slave_0: entered promiscuous mode
[  178.757362][   T35] bridge_slave_1: left allmulticast mode
[  178.792280][   T35] bridge_slave_1: left promiscuous mode
[  178.800469][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  178.934518][   T35] bridge_slave_0: left allmulticast mode
[  178.972165][   T35] bridge_slave_0: left promiscuous mode
[  179.001911][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  181.345990][ T5862] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  183.561667][ T6425] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  188.381626][ T6457] overlayfs: failed to clone upperpath
[  188.462181][ T6458] netlink: 'syz.5.117': attribute type 11 has an invalid length.
[  189.395260][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  189.582677][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  189.904855][   T35] bond0 (unregistering): Released all slaves
[  189.946289][ T6280] bridge0: port 2(bridge_slave_1) entered blocking state
[  190.642423][ T6280] bridge0: port 2(bridge_slave_1) entered disabled state
[  190.649861][ T6280] bridge_slave_1: entered allmulticast mode
[  190.658174][ T6280] bridge_slave_1: entered promiscuous mode
[  190.670062][ T6420] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  190.789736][ T6475] loop5: detected capacity change from 0 to 128
[  191.743800][ T6483] loop0: detected capacity change from 0 to 8
[  191.860831][ T6483] SQUASHFS error: Failed to read block 0x4de: -5
[  191.898436][ T6483] SQUASHFS error: Failed to read block 0x4de: -5
[  191.939682][   T30] audit: type=1800 audit(1756374601.730:15): pid=6483 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.125" name="file1" dev="loop0" ino=5 res=0 errno=0
[  191.978044][ T6483] SQUASHFS error: Failed to read block 0x4de: -5
[  192.009040][ T6483] SQUASHFS error: Failed to read block 0x4de: -5
[  192.024231][ T6483] SQUASHFS error: Failed to read block 0x4de: -5
[  192.042770][ T6483] SQUASHFS error: Failed to read block 0x4de: -5
[  192.358182][ T6280] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  192.411229][ T6280] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  193.797216][ T6518] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  193.823521][ T6518] CIFS mount error: No usable UNC path provided in device string!
[  193.823521][ T6518] 
[  193.833988][ T6518] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  197.383984][ T6540] loop3: detected capacity change from 0 to 128
[  197.464176][ T6280] team0: Port device team_slave_0 added
[  197.735748][ T6550] bio_check_eod: 182 callbacks suppressed
[  197.735769][ T6550] syz.3.134: attempt to access beyond end of device
[  197.735769][ T6550] loop3: rw=2049, sector=153, nr_sectors = 8 limit=128
[  197.775413][ T6550] syz.3.134: attempt to access beyond end of device
[  197.775413][ T6550] loop3: rw=2049, sector=169, nr_sectors = 8 limit=128
[  198.083794][ T6550] syz.3.134: attempt to access beyond end of device
[  198.083794][ T6550] loop3: rw=2049, sector=185, nr_sectors = 8 limit=128
[  198.151040][ T6550] syz.3.134: attempt to access beyond end of device
[  198.151040][ T6550] loop3: rw=2049, sector=201, nr_sectors = 8 limit=128
[  198.208692][ T6550] syz.3.134: attempt to access beyond end of device
[  198.208692][ T6550] loop3: rw=2049, sector=217, nr_sectors = 8 limit=128
[  198.281972][ T6280] team0: Port device team_slave_1 added
[  198.383561][ T6550] syz.3.134: attempt to access beyond end of device
[  198.383561][ T6550] loop3: rw=2049, sector=233, nr_sectors = 8 limit=128
[  198.484781][ T6550] syz.3.134: attempt to access beyond end of device
[  198.484781][ T6550] loop3: rw=2049, sector=249, nr_sectors = 8 limit=128
[  198.995311][ T6550] syz.3.134: attempt to access beyond end of device
[  198.995311][ T6550] loop3: rw=2049, sector=265, nr_sectors = 8 limit=128
[  199.050985][ T6550] syz.3.134: attempt to access beyond end of device
[  199.050985][ T6550] loop3: rw=2049, sector=281, nr_sectors = 8 limit=128
[  199.148239][   T35] hsr_slave_0: left promiscuous mode
[  199.162352][ T6550] syz.3.134: attempt to access beyond end of device
[  199.162352][ T6550] loop3: rw=2049, sector=297, nr_sectors = 8 limit=128
[  199.213217][ T6558] overlayfs: failed to clone upperpath
[  199.219225][   T35] hsr_slave_1: left promiscuous mode
[  199.253658][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  199.320986][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  199.394488][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  199.451258][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  200.564808][   T35] veth1_macvtap: left promiscuous mode
[  200.570845][   T35] veth0_macvtap: left promiscuous mode
[  200.873571][   T35] veth1_vlan: left promiscuous mode
[  201.659716][   T35] veth0_vlan: left promiscuous mode
[  203.953149][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  204.009165][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  205.019675][ T6591] netlink: 'syz.2.146': attribute type 1 has an invalid length.
[  206.838855][ T6600] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  207.588460][ T5952] usb 3-1: new low-speed USB device number 2 using dummy_hcd
[  207.855616][ T5952] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  207.880845][ T5952] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  207.978743][ T5952] usb 3-1: config 0 descriptor??
[  210.498115][ T5952] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  210.548120][ T5952] asix 3-1:0.0: probe with driver asix failed with error -71
[  210.653924][ T5952] usb 3-1: USB disconnect, device number 2
[  210.951317][ T6623] fuse: Bad value for 'fd'
[  216.050546][ T6647] loop5: detected capacity change from 0 to 8
[  216.071226][ T6647] SQUASHFS error: Failed to read block 0x4de: -5
[  216.078021][ T6647] SQUASHFS error: Failed to read block 0x4de: -5
[  216.086139][   T30] audit: type=1800 audit(1756374625.892:16): pid=6647 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.162" name="file1" dev="loop5" ino=5 res=0 errno=0
[  216.244500][ T6651] SQUASHFS error: Failed to read block 0x4de: -5
[  216.258557][ T6651] SQUASHFS error: Failed to read block 0x4de: -5
[  216.266559][ T6651] SQUASHFS error: Failed to read block 0x4de: -5
[  216.277957][ T6651] SQUASHFS error: Failed to read block 0x4de: -5
[  217.510449][ T6649] binder_alloc: 6646: binder_alloc_buf size 8 failed, no address space
[  217.560990][ T6649] binder_alloc: allocated: 12288 (num: 1 largest: 12288), free: 0 (num: 0 largest: 0)
[  219.284474][   T35] team0 (unregistering): Port device team_slave_1 removed
[  219.379282][ T5882] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  219.390372][ T5882] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  219.399866][ T5882] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  219.409471][ T5882] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  219.417571][ T5882] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  220.450513][   T35] team0 (unregistering): Port device team_slave_0 removed
[  220.587985][ T6680] netlink: 4 bytes leftover after parsing attributes in process `syz.0.173'.
[  220.732393][ T6682] loop3: detected capacity change from 0 to 2048
[  220.835751][    C1] vcan0: j1939_tp_rxtimer: 0xffff888053a19000: rx timeout, send abort
[  220.848403][ T6682] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  221.190873][ T5880] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  221.205444][ T5880] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  221.215075][ T5880] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  221.237683][ T5880] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  221.269925][ T5880] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  221.336407][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805418ac00: rx timeout, send abort
[  221.345491][    C1] vcan0: j1939_tp_rxtimer: 0xffff888053a19000: abort rx timeout. Force session deactivation
[  221.545288][ T5882] Bluetooth: hci6: command tx timeout
[  221.647977][ T5864] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  221.844477][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805418ac00: abort rx timeout. Force session deactivation
[  222.689815][ T6699] process 'syz.2.180' launched '/dev/fd/4' with NULL argv: empty string added
[  222.745038][ T6701] loop3: detected capacity change from 0 to 8
[  222.781729][ T6701] SQUASHFS error: Failed to read block 0x4de: -5
[  222.788411][ T6701] SQUASHFS error: Failed to read block 0x4de: -5
[  222.796140][   T30] audit: type=1800 audit(1756374632.606:17): pid=6701 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.179" name="file1" dev="loop3" ino=5 res=0 errno=0
[  222.948421][ T6702] SQUASHFS error: Failed to read block 0x4de: -5
[  222.966788][ T6702] SQUASHFS error: Failed to read block 0x4de: -5
[  223.003829][ T6702] SQUASHFS error: Failed to read block 0x4de: -5
[  223.022778][ T6702] SQUASHFS error: Failed to read block 0x4de: -5
[  223.292041][ T5882] Bluetooth: hci7: command tx timeout
[  223.609907][ T5882] Bluetooth: hci6: command tx timeout
[  224.874511][ T6707] hub 8-0:1.0: USB hub found
[  224.881093][ T6707] hub 8-0:1.0: 1 port detected
[  225.369192][ T5882] Bluetooth: hci7: command tx timeout
[  225.688865][ T5882] Bluetooth: hci6: command tx timeout
[  225.971555][ T6280] batman_adv: batadv0: Adding interface: batadv_slave_0
[  225.992445][ T6280] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  226.027259][ T6280] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  226.168986][ T6593] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  227.333475][ T6730] loop5: detected capacity change from 0 to 8
[  227.602569][ T5882] Bluetooth: hci7: command tx timeout
[  227.977768][ T5880] Bluetooth: hci6: command tx timeout
[  229.687047][ T5879] Bluetooth: hci7: command tx timeout
[  231.610239][   T51] Bluetooth: hci2: command 0x0406 tx timeout
[  231.616617][ T5871] Bluetooth: hci3: command 0x0406 tx timeout
[  231.622758][   T51] Bluetooth: hci1: command 0x0406 tx timeout
[  231.628914][ T5871] Bluetooth: hci0: command 0x0406 tx timeout
[  231.635008][ T5879] Bluetooth: hci5: command 0x0406 tx timeout
[  232.758163][ T6752] ceph: No mds server is up or the cluster is laggy
[  232.775050][ T5959] libceph: connect (1)[c::]:6789 error -101
[  232.802732][ T5959] libceph: mon0 (1)[c::]:6789 connect error
[  233.097064][  T977] libceph: connect (1)[c::]:6789 error -101
[  233.103221][  T977] libceph: mon0 (1)[c::]:6789 connect error
[  236.713301][ T6782] loop2: detected capacity change from 0 to 32768
[  238.036358][ T6782] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[  238.036398][ T6782]   allowing incompatible features above 0.0: (unknown version)
[  238.036419][ T6782]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  238.073306][ T6782] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0
[  238.081613][ T6782] bcachefs (loop2): initializing new filesystem
[  238.099474][ T6782] bcachefs (loop2): going read-write
[  238.123652][ T6782] bcachefs (loop2): bch2_journal_reclaim_start(): error creating journal reclaim thread EINTR
[  238.134935][ T6782] bcachefs (loop2): flushing journal and stopping allocators, journal seq 0
[  238.144661][ T6782] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 0
[  238.176717][ T6782] bcachefs (loop2): unclean shutdown complete, journal seq 1
[  238.185556][ T6782] bcachefs (loop2): bch2_fs_initialize(): error EINTR
[  238.193119][ T6782] bcachefs (loop2): bch2_fs_start(): error starting filesystem EINTR
[  238.201189][ T6782] bcachefs (loop2): shutting down
[  238.233931][ T6782] bcachefs (loop2): shutdown complete
[  238.240001][ T5880] ==================================================================
[  238.248074][ T5880] BUG: KASAN: slab-use-after-free in bch2_do_discards+0x319/0x570
[  238.255902][ T5880] Write of size 8 at addr ffff888029550040 by task kworker/u9:5/5880
[  238.263980][ T5880] 
[  238.266299][ T5880] CPU: 0 UID: 0 PID: 5880 Comm: kworker/u9:5 Not tainted syzkaller #0 PREEMPT(full) 
[  238.266351][ T5880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  238.266378][ T5880] Workqueue: bcachefs_journal journal_write_done
[  238.266436][ T5880] Call Trace:
[  238.266449][ T5880]  <TASK>
[  238.266462][ T5880]  dump_stack_lvl+0x116/0x1f0
[  238.266510][ T5880]  print_report+0xcd/0x630
[  238.266539][ T5880]  ? srso_alias_return_thunk+0x5/0xfbef5
[  238.266580][ T5880]  ? srso_alias_return_thunk+0x5/0xfbef5
[  238.266621][ T5880]  ? __phys_addr+0xe8/0x180
[  238.266668][ T5880]  ? bch2_do_discards+0x319/0x570
[  238.266713][ T5880]  kasan_report+0xe0/0x110
[  238.266744][ T5880]  ? bch2_do_discards+0x319/0x570
[  238.266795][ T5880]  kasan_check_range+0x100/0x1b0
[  238.266834][ T5880]  bch2_do_discards+0x319/0x570
[  238.266883][ T5880]  journal_write_done+0xee4/0x1430
[  238.266930][ T5880]  ? __pfx_journal_write_done+0x10/0x10
[  238.266971][ T5880]  ? srso_alias_return_thunk+0x5/0xfbef5
[  238.267011][ T5880]  ? debug_object_deactivate+0x1ec/0x3a0
[  238.267047][ T5880]  ? srso_alias_return_thunk+0x5/0xfbef5
[  238.267091][ T5880]  ? srso_alias_return_thunk+0x5/0xfbef5
[  238.267134][ T5880]  ? srso_alias_return_thunk+0x5/0xfbef5
[  238.267177][ T5880]  ? srso_alias_return_thunk+0x5/0xfbef5
[  238.267217][ T5880]  ? rcu_is_watching+0x12/0xc0
[  238.267264][ T5880]  process_one_work+0x9cf/0x1b70
[  238.267303][ T5880]  ? __pfx_process_one_work+0x10/0x10
[  238.267338][ T5880]  ? srso_alias_return_thunk+0x5/0xfbef5
[  238.267375][ T5880]  ? srso_alias_return_thunk+0x5/0xfbef5
[  238.267408][ T5880]  ? assign_work+0x1a0/0x250
[  238.267435][ T5880]  worker_thread+0x6c8/0xf10
[  238.267474][ T5880]  ? __pfx_worker_thread+0x10/0x10
[  238.267503][ T5880]  kthread+0x3c5/0x780
[  238.267530][ T5880]  ? __pfx_kthread+0x10/0x10
[  238.267557][ T5880]  ? srso_alias_return_thunk+0x5/0xfbef5
[  238.267589][ T5880]  ? rcu_is_watching+0x12/0xc0
[  238.267622][ T5880]  ? __pfx_kthread+0x10/0x10
[  238.267649][ T5880]  ret_from_fork+0x5d7/0x6f0
[  238.267674][ T5880]  ? __pfx_kthread+0x10/0x10
[  238.267700][ T5880]  ret_from_fork_asm+0x1a/0x30
[  238.267745][ T5880]  </TASK>
[  238.267754][ T5880] 
[  238.476819][ T5880] Allocated by task 6782:
[  238.481138][ T5880]  kasan_save_stack+0x33/0x60
[  238.485848][ T5880]  kasan_save_track+0x14/0x30
[  238.490556][ T5880]  __kasan_kmalloc+0xaa/0xb0
[  238.495196][ T5880]  __bch2_dev_alloc+0xb5/0xff0
[  238.500175][ T5880]  bch2_dev_alloc+0xb8/0x190
[  238.504783][ T5880]  bch2_fs_alloc+0x19ca/0x23f0
[  238.509578][ T5880]  bch2_fs_open+0x838/0xc50
[  238.514082][ T5880]  bch2_fs_get_tree+0xcb0/0x1b70
[  238.519021][ T5880]  vfs_get_tree+0x8e/0x340
[  238.523464][ T5880]  path_mount+0x1513/0x2000
[  238.527995][ T5880]  __x64_sys_mount+0x28d/0x310
[  238.532775][ T5880]  do_syscall_64+0xcd/0x4c0
[  238.537282][ T5880]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  238.543272][ T5880] 
[  238.545597][ T5880] Freed by task 6782:
[  238.549559][ T5880]  kasan_save_stack+0x33/0x60
[  238.554265][ T5880]  kasan_save_track+0x14/0x30
[  238.558972][ T5880]  kasan_save_free_info+0x3b/0x60
[  238.564016][ T5880]  __kasan_slab_free+0x60/0x70
[  238.568788][ T5880]  kfree+0x2b4/0x4d0
[  238.572700][ T5880]  kobject_put+0x1e7/0x5a0
[  238.577210][ T5880]  bch2_fs_free+0x225/0x420
[  238.581739][ T5880]  bch2_fs_get_tree+0xd5e/0x1b70
[  238.586703][ T5880]  vfs_get_tree+0x8e/0x340
[  238.591132][ T5880]  path_mount+0x1513/0x2000
[  238.595663][ T5880]  __x64_sys_mount+0x28d/0x310
[  238.600437][ T5880]  do_syscall_64+0xcd/0x4c0
[  238.604970][ T5880]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  238.610862][ T5880] 
[  238.613172][ T5880] The buggy address belongs to the object at ffff888029550000
[  238.613172][ T5880]  which belongs to the cache kmalloc-4k of size 4096
[  238.627239][ T5880] The buggy address is located 64 bytes inside of
[  238.627239][ T5880]  freed 4096-byte region [ffff888029550000, ffff888029551000)
[  238.641082][ T5880] 
[  238.643409][ T5880] The buggy address belongs to the physical page:
[  238.649806][ T5880] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29550
[  238.658580][ T5880] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  238.667077][ T5880] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  238.674632][ T5880] page_type: f5(slab)
[  238.678757][ T5880] raw: 00fff00000000040 ffff88801b842140 dead000000000122 0000000000000000
[  238.687341][ T5880] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  238.695948][ T5880] head: 00fff00000000040 ffff88801b842140 dead000000000122 0000000000000000
[  238.704617][ T5880] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  238.713314][ T5880] head: 00fff00000000003 ffffea0000a55401 00000000ffffffff 00000000ffffffff
[  238.721997][ T5880] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  238.730903][ T5880] page dumped because: kasan: bad access detected
[  238.737540][ T5880] page_owner tracks the page as allocated
[  238.743259][ T5880] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6782, tgid 6780 (syz.2.195), ts 237971655597, free_ts 237889140116
[  238.764760][ T5880]  post_alloc_hook+0x1c0/0x230
[  238.769632][ T5880]  get_page_from_freelist+0x132b/0x38e0
[  238.775277][ T5880]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  238.781192][ T5880]  alloc_pages_mpol+0x1fb/0x550
[  238.786063][ T5880]  new_slab+0x247/0x330
[  238.790227][ T5880]  ___slab_alloc+0xcf2/0x1740
[  238.794938][ T5880]  __slab_alloc.constprop.0+0x56/0xb0
[  238.800336][ T5880]  __kmalloc_cache_noprof+0xfb/0x3e0
[  238.805643][ T5880]  __bch2_dev_alloc+0xb5/0xff0
[  238.810418][ T5880]  bch2_dev_alloc+0xb8/0x190
[  238.815087][ T5880]  bch2_fs_alloc+0x19ca/0x23f0
[  238.820268][ T5880]  bch2_fs_open+0x838/0xc50
[  238.824990][ T5880]  bch2_fs_get_tree+0xcb0/0x1b70
[  238.830139][ T5880]  vfs_get_tree+0x8e/0x340
[  238.834775][ T5880]  path_mount+0x1513/0x2000
[  238.839297][ T5880]  __x64_sys_mount+0x28d/0x310
[  238.844077][ T5880] page last free pid 5846 tgid 5846 stack trace:
[  238.850398][ T5880]  __free_frozen_pages+0x7d5/0x10f0
[  238.855607][ T5880]  page_frag_free+0x27f/0x2e0
[  238.860277][ T5880]  skb_free_head+0xa4/0x210
[  238.864801][ T5880]  skb_release_data+0x795/0x9e0
[  238.869754][ T5880]  skb_attempt_defer_free+0x1b0/0x620
[  238.875164][ T5880]  tcp_recvmsg_locked+0x1248/0x2870
[  238.880363][ T5880]  tcp_recvmsg+0x12f/0x680
[  238.884778][ T5880]  inet_recvmsg+0x12a/0x6a0
[  238.889281][ T5880]  sock_recvmsg+0x1b2/0x250
[  238.893796][ T5880]  sock_read_iter+0x2b9/0x3b0
[  238.898502][ T5880]  vfs_read+0xa98/0xcf0
[  238.902667][ T5880]  ksys_read+0x1f8/0x250
[  238.906918][ T5880]  do_syscall_64+0xcd/0x4c0
[  238.911428][ T5880]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  238.917315][ T5880] 
[  238.919645][ T5880] Memory state around the buggy address:
[  238.925271][ T5880]  ffff88802954ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  238.933356][ T5880]  ffff88802954ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  238.941684][ T5880] >ffff888029550000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  238.949755][ T5880]                                            ^
[  238.955903][ T5880]  ffff888029550080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  238.963959][ T5880]  ffff888029550100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  238.972004][ T5880] ==================================================================
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  239.012663][ T5880] Kernel panic - not syncing: kasan.fault=panic_on_write set ...
[  239.020519][ T5880] CPU: 1 UID: 0 PID: 5880 Comm: kworker/u9:5 Not tainted syzkaller #0 PREEMPT(full) 
[  239.030030][ T5880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  239.040102][ T5880] Workqueue: bcachefs_journal journal_write_done
[  239.046468][ T5880] Call Trace:
[  239.049740][ T5880]  <TASK>
[  239.052665][ T5880]  dump_stack_lvl+0x3d/0x1f0
[  239.057276][ T5880]  vpanic+0x6e8/0x7a0
[  239.061290][ T5880]  ? __pfx_vpanic+0x10/0x10
[  239.065833][ T5880]  ? mark_held_locks+0x49/0x80
[  239.070622][ T5880]  ? bch2_do_discards+0x319/0x570
[  239.075661][ T5880]  panic+0xca/0xd0
[  239.079423][ T5880]  ? __pfx_panic+0x10/0x10
[  239.083857][ T5880]  ? bch2_do_discards+0x319/0x570
[  239.088898][ T5880]  ? srso_alias_return_thunk+0x5/0xfbef5
[  239.094540][ T5880]  ? preempt_schedule_thunk+0x16/0x30
[  239.099936][ T5880]  end_report+0x159/0x170
[  239.104265][ T5880]  kasan_report+0xee/0x110
[  239.108685][ T5880]  ? bch2_do_discards+0x319/0x570
[  239.113731][ T5880]  kasan_check_range+0x100/0x1b0
[  239.118677][ T5880]  bch2_do_discards+0x319/0x570
[  239.123548][ T5880]  journal_write_done+0xee4/0x1430
[  239.128678][ T5880]  ? __pfx_journal_write_done+0x10/0x10
[  239.134236][ T5880]  ? srso_alias_return_thunk+0x5/0xfbef5
[  239.139878][ T5880]  ? debug_object_deactivate+0x1ec/0x3a0
[  239.145514][ T5880]  ? srso_alias_return_thunk+0x5/0xfbef5
[  239.151162][ T5880]  ? srso_alias_return_thunk+0x5/0xfbef5
[  239.156803][ T5880]  ? srso_alias_return_thunk+0x5/0xfbef5
[  239.162449][ T5880]  ? srso_alias_return_thunk+0x5/0xfbef5
[  239.168095][ T5880]  ? rcu_is_watching+0x12/0xc0
[  239.172894][ T5880]  process_one_work+0x9cf/0x1b70
[  239.177850][ T5880]  ? __pfx_process_one_work+0x10/0x10
[  239.183229][ T5880]  ? srso_alias_return_thunk+0x5/0xfbef5
[  239.188877][ T5880]  ? srso_alias_return_thunk+0x5/0xfbef5
[  239.194519][ T5880]  ? assign_work+0x1a0/0x250
[  239.199124][ T5880]  worker_thread+0x6c8/0xf10
[  239.203733][ T5880]  ? __pfx_worker_thread+0x10/0x10
[  239.208851][ T5880]  kthread+0x3c5/0x780
[  239.212922][ T5880]  ? __pfx_kthread+0x10/0x10
[  239.217515][ T5880]  ? srso_alias_return_thunk+0x5/0xfbef5
[  239.223162][ T5880]  ? rcu_is_watching+0x12/0xc0
[  239.227947][ T5880]  ? __pfx_kthread+0x10/0x10
[  239.232545][ T5880]  ret_from_fork+0x5d7/0x6f0
[  239.237137][ T5880]  ? __pfx_kthread+0x10/0x10
[  239.241730][ T5880]  ret_from_fork_asm+0x1a/0x30
[  239.246520][ T5880]  </TASK>
[  239.249792][ T5880] Kernel Offset: disabled
[  239.254111][ T5880] Rebooting in 86400 seconds..