last executing test programs:

3m29.397751759s ago: executing program 2 (id=800):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000200)={{{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4e21, 0x0, 0x4e24, 0x101, 0xa, 0x80, 0x80, 0x2f}, {0xffffffff, 0xfffffffffffffff7, 0x2, 0x9, 0x7, 0xffffffffffffffff, 0x5}, {0x7, 0xfbd9, 0x800, 0x40}, 0x3, 0x0, 0x1, 0x0, 0x1}, {{@in=@loopback, 0x4d3, 0x6c}, 0xa, @in=@remote, 0x3500, 0x9d5ecdb20db5883, 0x0, 0x7f, 0x8, 0x80, 0x3}}, 0xe8)
r1 = memfd_create(&(0x7f0000000540)='\x01\xfd\xae.+\xa6\x8c\xb6?2\x199\x94S,|x?Ue[\xbd\xe1!\x033\xbc\'#\xff\x17\x9b%\xf3[d \x06\x00\x00\x00\x97A\xc2\xd8\xf0Uq!\xe4\xc4\xb1\xa2\x1c\xffC;\x94Q\r\xb6}\x9c\xecC\v\xcf\xeb\xe4\x9aR\xe5,\x82\x03\x00\x19\x8d\xe8\xc6\xb9\xe4\xb4\x99\x8a\x19P\xb8\x8cx\b\x99\x04R\x05\xaf\xa2\xea5\f\xcc\x1a\x9b\x00Uf\xa5\xf7\x80Tgiz\nX\b\x91\xfd0\x8e\xb6\xa3\v#\x16\xdf\xb4\xc0\xe6\xb4\xef\xa8i\xd8\xa2\xd2(\x98\x9bA\x8f\x13\xeb\xf4b/\xef!\x8f\xf6]-\xf1k\xb62\x89gEv\x13\xf4\xc7\xb2\xf5\\\x17\x90\xb5\xa6\xa8\xb8o\x0f\xe2 \xe7\x9c$\xd7\xf2@\xf7cdv[\t\x00\x8d\xf3\xcc1\r$\x1e\xff\xf0P\xb2\x97\xb8\xbc\xeb\x91\x87\x8bu\xbf\xd4\'\xff\x1f\f\x016\x9dQ\xeeT\xe8\bY\x00\xb2\x06\xa6\xbel\x9b.o\xbe\x80\x9dx\xd5O\xd6h\\I\xc9\x8d\a\x1d\xc9k\x83\xfc\xa4\xad4\x03\xa2X\x0f\x82\xdbs\xc7\x83L\x9e\xa2\xd1\xb3\xac\x8d\xd8\xb4\xb4\xea\x90Q\xd8\xc7\xeb%\x8bOp\x1ab\x96\xcf\xbb\x15\xcf\xfcN\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00s\xaf\xa2\x14]p+\x96\x1ei|n\xda\xee\\\xae\x96*\x82*\xb8j\xda\xaa\x14\x1f\x1d\xf8\xf8\xae\xfcH\xc4\xb3j\xe8\xcfO\xef\x0e\xafe\xb5*\x89\x18\xb2w\x96\b\x1by\xeaT\xdd\xb3g6\xbc\x85\xb2Y\xccv\x06\x00\x00\x00\xc5e\x90\xc51\x9f\v_# \b\xa5\xbcP,|\xe9\xd6s\x1f\x1f\xbe\xd3\x80\xb1\xa8 \xce|df\x903\v\x02\xea.\x03X\xb5\xe4,8\xb7\xadEI\xdcA\xa7\xcc\xd7\xf9n\x1b\x95\xf8\x11Z\xe6:\x03\xce\xfe\x02\x8ctdy~_oC\x9e\xef\xf0\xa2K\xe9;\x8e:\x01\x03C\x92\xeb\x16\x1c\xbf\xbe\xef\xccUxhg\xdfY\xe6\x83\xa6z\xff\x01\x9d o_{!O\xaajU\x84 \xe9\xb59r\x9cw\x18Z\xd3\xcd\x0e\xba\\\xdb\xf0\xe1\x86\t\xaf\vi\xdc\xbf?\xf5\n\xbd^\x05\xc0\xceuC}\xa8\xc7\xad\x86\xd7\x15&\xb9]1\x05J\x96\xf0\x84\xc1\f\xa6p\x96?\x00\x00\x00\x00\x00\x00\x00\x12\x88\xc8\x9c\xc9Cn\xd4\xa47V\'+\xcc\xbf\r\xa9\x10\x1d\xcf\xebKlb\xe5:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00G\xdf\xbb\xc0_\x99F\xf4n]\x14\xbc\xcd\xd3\x9f\x9fe\xc5\xe6\xe8Mb\xc6\x82\x82\xcb\xcaXe\xe1\xa2\xaa\x02\x86\xb8\x18\xe2C\xeb\xa9\x17&\x01&\'w\xa1t0\x80\xf0\x93\x80\x9f\x9b\xe0\x9f\xea\xb9\x9eD]#V\xda\x92\xca\xc6\xfa.\xd6\xe31\xfe\xe8\x02\xebX\xbd\nz\x01O\xd3r\xa2\xa9u\x93>m\xd7q\'\xdf\xfajo\xd8n\xa7\xecJi\xde\xdf\x7f\xe3\xc4*Z 4\xe8S$\xa1H=\xdf\x05\xf3\xe3T\xd1\xdd\xc6f\xa4\xb4\x96\\\xa0\xf9\x0f\x17\x11{\xb6\x9d\xd21\xc1\x90Vj\x13r\x00\x00\xde\x03\xab\xff\x8as0\xc6E\xca\"\xd9*\x9a\x15\xb95r\x8f\xaaj\x82\xd6\xd2%\xed\xa2WQ\xec2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xccX\xfdRB\xffU\xe9\xfa\x1f\xf6\xce\b\xde@\x061\xc6z\xe4\xe0\xc9?\xa7\x94>\x9c\xd1\xa5o\x04\xaaim\xae\xfe\xc7f\xa3\x96\xd7\xb4c)r{\r#\xddI&\n\xf2\xec\xd4\xff\x9f\x136zZ-2\x80\xfbH+\x9b8\xf3\xed\xdf\xa2my\xb28c[\xc3\xfe\xb5M\x84\x97\xa5\'s\xe9\xdc=)I\xabLt2\x9c\v\xd9S', 0x6)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
fallocate(r1, 0x0, 0xa297, 0x4)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0)

3m29.366247021s ago: executing program 2 (id=801):
socket$kcm(0x10, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x1e)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='debugfs\x00', 0x0, 0x0)
mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x40020, &(0x7f0000000480)=ANY=[@ANYBLOB='gid'])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={<r2=>0xffffffffffffffff}, 0x2, 0x9}}, 0x20)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x2, 0x6}}, 0x20)
write$RDMA_USER_CM_CMD_BIND(r3, &(0x7f00000000c0)={0x14, 0x88, 0xfa00, {r4, 0x10, 0x0, @in={0x2, 0x4e23, @empty}}}, 0x90)
write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f0000000540)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000500)=0x1, r2, 0x0, 0x2, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f00000001c0)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000180)=0x1, r2, 0x0, 0x1, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_BIND_IP(0xffffffffffffffff, &(0x7f00000002c0)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e23, 0xfffffffd, @empty, 0x5}, r2}}, 0x30)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040)={<r6=>0xffffffffffffffff}, 0x2, 0x6}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r5, &(0x7f00000002c0)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000280)=0x1, r6, 0x0, 0x1, 0x4}}, 0x20)
close_range(r1, 0xffffffffffffffff, 0x0)

3m28.567536224s ago: executing program 2 (id=805):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = syz_open_dev$mouse(0x0, 0x0, 0x2042)
read$fb(r1, 0x0, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, 0x0, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)=ANY=[@ANYBLOB="40010000100001000000000800000000aca47601000000000000000000004000fe8000000000000000000000000000bb00020000000000000000200000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ffffffff0000000000000000000000000000000033000000ac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000ffffffffffffffff0000008056000000000000000000000000000000000000000000000000000000100000000900000002000000feffffff0000000002000100000000000000000048000100736861323536000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000b0000"], 0x140}}, 0x0)
set_mempolicy(0x1, &(0x7f0000000100)=0xd01c, 0x6)
syz_open_procfs(0x0, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0}, 0x18)
dup(0xffffffffffffffff)

3m26.895206166s ago: executing program 2 (id=810):
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000004c0)='./file0\x00', 0x0, 0x40000, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
pivot_root(&(0x7f0000007b00)='./file0/../file0\x00', &(0x7f0000000280)='./file0\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r1 = syz_open_dev$sndmidi(0x0, 0x2, 0x143102)
writev(r1, &(0x7f0000000840), 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043ef50d", @ANYRES64], 0xf8)
socket$inet6(0xa, 0x1, 0x8010000000000084)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
sendto$inet(r2, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10)
connect$inet(r2, &(0x7f0000000040)={0x2, 0x4e21, @rand_addr=0x64010102}, 0x10)
listen(r2, 0xda90)
accept4(r2, 0x0, 0x0, 0x0)

3m25.689554186s ago: executing program 2 (id=815):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) (async)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0xa, 0x8c}]}, &(0x7f0000000080)='syzkaller\x00'}, 0x94) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, 0x0) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x18, 0x7, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000e50003000000000085100000fcffffff250000001000000006000000faffffff95"], &(0x7f0000000140)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000}, 0x94) (async)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x40000, 0x173)
ioctl$FS_IOC_FSSETXATTR(r1, 0x401c5820, &(0x7f00000008c0)={0xc0})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000340)='selinux_audited\x00', r1, 0x0, 0x806}, 0x6) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4000000000008, 0x2}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) (async)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) (async)
r3 = syz_mount_image$ocfs2(&(0x7f0000000480), &(0x7f0000000040)='./file0\x00', 0x1218c0, &(0x7f0000000080)=ANY=[@ANYBLOB="61636c2c6865617274010061743d6e6f6e652c6469725f726573765f6c6576656c3d30303030332c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c6c6f63616c666c6f636b732c636f686572656e63793d66756c2c6e6f61636c2c00"/118], 0x1, 0x4428, &(0x7f0000008940)="$eJzs3T9sG2UfAOD3Lvm+Jv3afknpUCQkLFEJBChKOgGpRJqmTZM2FBVaIRbXSdw24MRV4iCGDmGrxITEgBgqkNgyVRlYy8jIwlgmhkowsCAhVQTZPie5i62YKk5oeR6pOd/73/75Xr83XN84Ubk5t5SbW8oVFnLlmetLJ3MflUvL88UQ75H97p/2dCJOYr9/Lp05987VkyF8N/vjw/X19fVQ1R2aGtry+vffbs9sPTbEmTrVdpu3tlveDyEc2zauqq4QwnvfhhCFEE4naaPJsTeEcCTU867e/vRabpdGc+9B8VT+0dSdteETk6t311q/9yiEL0vPvnpj/pcXuoZ/enmXugcAAAAAAAAAAAAAAAAA4Ak3fvnSlbcHh8L9KHSvRtuf1x1Pjq2ej13fNc93/s0CAAAAAAAAAAAAAAAAAADAP9Tm8/+56GiT5//HkuNIi/rrb3Z+jHTOxFuXxs4ODiX7v0fb8l9Lkn493RX6m+z7nt3//XSmfvP937f387ga42v02xeieCB1HscDAyF8nWz8fjw6GJfKS5VXrpeXF2Z3bRhPrHT867v3p6KTbOi/U/x//r5ebjTTfuf3/39m27epen5t975iT7V0/Ltalvvmk6it6/9Mpt5exJ/Hl45/dy2td2uBkfoEUI3/Z907x38s036n4n8khJCLqmPNpWaA6hqmmt5qvUJaOv7/qaWlps7kg2x1/f+Rif/ZTPv7Nf+vZH+IaCod///W0npSJTav//545+v/XKb9/Yh/dfwrfv/bko7/gXpid6pI7ZNsd/4fz7TfqfhfiZNxHolS34DVqJ7e6v+rIy0d/55t+Zv3f3Fb67/zmfp7df/X6Ldx/9eY/l+K6vd/NJeOf2/Lcu1e/xOZep2e/0dq6z8eVzr+B2tp6bVzX+1vu/GfzLTfqfjXViU9jfhvzid/Hqinf2X915Z0/P9XT4y3llip/a2t/6Kd1/8XMu3vx/qvOv6VuLO9Pi3S8T/Uslw1/j+08ft/MVOv8/HfzdXEv086/odblqtd/z07x38qU6/T8X+xk40DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAFGk2NfiOKB1HkcDwyEcCY5Px4ORtOF2fx0qTzz4VIIY0l6LhyNbpTK04VSfm6hPFvMF0ql8kwIZ5P8Y6EnWiqVK/n5wq1zG231RjeLhcXKdLFQCSGMJ+nPhcONtqbnKvOFWyGE8xt5/4/Li7duFhbys3OLbwwODg6GiY0x9EfFjyvFhUq993puCJMbdfuiLYOrZV/YGMuh6IPy8uJCoVRLv7ilTqk8UyhtqTOV5H0e+qPK4vLCTKFSzJfKNxr97aeR5Dg2cfndyxeHtuVfi+rH0b0dFgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB/0/3h178IIXTXz+IQQi5KXkTJv5R7D4qn8o+m7qwNn5hcvbv2sFkZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgL/YgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwi79ozQQRHEAfjMWWnoMq2W3s11RRAtXBE+gx/AwehQv4R0sUqRNEQLJLIT9A9sk1fc1D+bHzHswDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgOUe37r317qJSHG1vYz4/fz7P86fS/2+m75/cYYZOZ2nl+7+oW7Kv6dRfluOVm3ep5v110dM1N7PYE+G+3Qw7jM0t29z8/V9ryPlKiLakt+knKtq2VsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwI4dOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7MCxAAAAAIAwf+so+jYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4FQAA//8KEyDQ")
rseq(&(0x7f0000000400), 0x20, 0x0, 0x0) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000c80)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010080030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a32000000009c000000060a010400000000000000000100000008000b400000000074000480340001800b000100657874686472000024000280080001400000400c0800034000000000080004400000002205000200070000003c0001800c00010062697477697365002c0002800800014000000014080002400000001208000340000000040c000480070001006eee7e00040005800900010073797a3000000000140000001100010000000000000000000700000a"], 0x110}}, 0x0)
fchownat(r3, &(0x7f0000000440)='./file1\x00', 0x0, 0xffffffffffffffff, 0x0)
shmctl$IPC_RMID(0x0, 0x0) (async)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

3m25.311985813s ago: executing program 2 (id=818):
r0 = syz_mount_image$minix(&(0x7f00000000c0), &(0x7f0000000340)='./file2\x00', 0x1200808, &(0x7f0000000080)=ANY=[@ANYRES64=0x0, @ANYRES16, @ANYRES64, @ANYRES64=0x0, @ANYRES8, @ANYRES16, @ANYRES16], 0x1, 0x1e6, &(0x7f0000000700)="$eJzs20tu00Acx/HfJGkSQ4HyXCCkILGADUmaikqsWs7BqmrTqsIFhNkkQsJcAM7AObgMB4AFO1YY+ZGm9aM1E9y0zfez8Xh+/dvjuu6MolgAFtamHsrIqBnuPGivfLltStU1qx4YgMoFyfZPYMOxqgJwXtR/p3uSFYA/n/EAOCs/X0jfJf349WFb9eyqPsz9SV5rZfNP0v1Gkpu2nPT64qv0eFJvrmTrG/E2zq/mHv/Jo8n5l3VN13VDK7qpW8aXifKdw/p7VmsgAAAWjVH3tLwr1QvSePLOrgqmlrT7LTurTzW1u+8OB6fka4V5K8q722/cnRPOAiBPrdTzX6wePX/9gnRJivLVZL9tO0wAFfBG45Zcd/jOG4WTfNQYv9py/6nhWFWVaZjKjpzfaKZ6go+SDns2bY8c6FiPc/T33PE6sw/exJ/SKB05ZcpryoteWgxjIxuFU8BsN8X4VuXLn5V7XbM1NlTqhzs598K60TqjP/7jjXn/ZwJQtd77g7c9bzR+un+wtTfcG74e9PvP15+tra4PetHKvnfS+h7ARTad9HXk20AAAAAAAAAAAAAAAOAiuaO74Sb92i4AAACAS+i/vTPUUOHrVvO+RgAAAAAAAAAAAAAAAAAALpu/AQAA///U5AZL")
socket$unix(0x1, 0x1, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x5, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=<r2=>0x0)
timer_settime(r2, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e08092320"], 0xb)
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
listen(r3, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_mreqn(r5, 0x0, 0x23, &(0x7f00000000c0)={@multicast2=0xe0004000, @dev={0xac, 0x14, 0x14, 0x3a}}, 0xc)
close_range(r4, 0xffffffffffffffff, 0x0)
accept4$rose(r3, 0x0, 0x0, 0x0)
r6 = dup2(0xffffffffffffffff, r0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xaf4, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)={0x18, 0x2d, 0x1, 0x70bd2d, 0x25dfdbfc, {0x4}, [@nested={0x4, 0x12}]}, 0x18}, 0x1, 0x700}, 0x8004)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r8 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r8, &(0x7f0000019680)=""/102392, 0x18ff8)
r9 = openat$autofs(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
connect$rds(r6, &(0x7f0000000100)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1c}}, 0x10)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r9, 0xc018937e, &(0x7f0000000240)={{0x1, 0x1, 0x5f, <r10=>0xffffffffffffffff, {0x2}}, './file0\x00'})
ioctl$TIOCMSET(r10, 0x5418, &(0x7f0000000000)=0x2)

3m23.895436799s ago: executing program 32 (id=818):
r0 = syz_mount_image$minix(&(0x7f00000000c0), &(0x7f0000000340)='./file2\x00', 0x1200808, &(0x7f0000000080)=ANY=[@ANYRES64=0x0, @ANYRES16, @ANYRES64, @ANYRES64=0x0, @ANYRES8, @ANYRES16, @ANYRES16], 0x1, 0x1e6, &(0x7f0000000700)="$eJzs20tu00Acx/HfJGkSQ4HyXCCkILGADUmaikqsWs7BqmrTqsIFhNkkQsJcAM7AObgMB4AFO1YY+ZGm9aM1E9y0zfez8Xh+/dvjuu6MolgAFtamHsrIqBnuPGivfLltStU1qx4YgMoFyfZPYMOxqgJwXtR/p3uSFYA/n/EAOCs/X0jfJf349WFb9eyqPsz9SV5rZfNP0v1Gkpu2nPT64qv0eFJvrmTrG/E2zq/mHv/Jo8n5l3VN13VDK7qpW8aXifKdw/p7VmsgAAAWjVH3tLwr1QvSePLOrgqmlrT7LTurTzW1u+8OB6fka4V5K8q722/cnRPOAiBPrdTzX6wePX/9gnRJivLVZL9tO0wAFfBG45Zcd/jOG4WTfNQYv9py/6nhWFWVaZjKjpzfaKZ6go+SDns2bY8c6FiPc/T33PE6sw/exJ/SKB05ZcpryoteWgxjIxuFU8BsN8X4VuXLn5V7XbM1NlTqhzs598K60TqjP/7jjXn/ZwJQtd77g7c9bzR+un+wtTfcG74e9PvP15+tra4PetHKvnfS+h7ARTad9HXk20AAAAAAAAAAAAAAAOAiuaO74Sb92i4AAACAS+i/vTPUUOHrVvO+RgAAAAAAAAAAAAAAAAAALpu/AQAA///U5AZL")
socket$unix(0x1, 0x1, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x5, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=<r2=>0x0)
timer_settime(r2, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e08092320"], 0xb)
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
listen(r3, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_mreqn(r5, 0x0, 0x23, &(0x7f00000000c0)={@multicast2=0xe0004000, @dev={0xac, 0x14, 0x14, 0x3a}}, 0xc)
close_range(r4, 0xffffffffffffffff, 0x0)
accept4$rose(r3, 0x0, 0x0, 0x0)
r6 = dup2(0xffffffffffffffff, r0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xaf4, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)={0x18, 0x2d, 0x1, 0x70bd2d, 0x25dfdbfc, {0x4}, [@nested={0x4, 0x12}]}, 0x18}, 0x1, 0x700}, 0x8004)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r8 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r8, &(0x7f0000019680)=""/102392, 0x18ff8)
r9 = openat$autofs(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
connect$rds(r6, &(0x7f0000000100)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1c}}, 0x10)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r9, 0xc018937e, &(0x7f0000000240)={{0x1, 0x1, 0x5f, <r10=>0xffffffffffffffff, {0x2}}, './file0\x00'})
ioctl$TIOCMSET(r10, 0x5418, &(0x7f0000000000)=0x2)

1m43.376938642s ago: executing program 0 (id=1178):
syz_open_dev$video(&(0x7f0000000000), 0x7, 0x40440)
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x1, "fa02c800"})
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r2 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCSWINSZ(r3, 0x5414, &(0x7f0000000180)={0x4406, 0x6, 0x1000, 0x1})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r6=>0x0})
sendto$packet(r5, &(0x7f0000000080)="18", 0x10, 0x0, &(0x7f00000000c0)={0x11, 0xc, r6, 0x1, 0x0, 0x6, @multicast}, 0x14)
ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, &(0x7f0000000100)={0x4, <r7=>r1})
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xa, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000041ffffff000000000800000091117200000000009500"], &(0x7f0000000c40)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff9}, 0x94)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000000010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_MSG_GETCHAIN(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000300)=ANY=[@ANYBLOB="14000000040a0102"], 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x400c2)
recvmmsg(r8, &(0x7f0000005300)=[{{0x0, 0x0, 0x0}, 0x8}], 0x1, 0x2122, 0x0)
ioctl$DMA_BUF_SET_NAME_A(r7, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00')
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f0000000040)=[{0x100, 0x0, 0x1, 0x7fffffff}]})
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
r10 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r10, 0x29, 0x2a, &(0x7f0000000200)={0x8, {{0xa, 0x4e21, 0x6de, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @local}}}, 0x108)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
prctl$PR_SET_NAME(0xf, &(0x7f0000000000)='\\\x00')
r11 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00')
read$FUSE(r11, &(0x7f0000001300)={0x2020}, 0x2020)
setsockopt$inet6_group_source_req(r10, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0xd, @mcast1={0xff, 0x7}}}, {{0xa, 0xfffa, 0x2, @dev={0xfe, 0x80, '\x00', 0x22}, 0x7}}}, 0x108)
ioctl$SG_BLKTRACETEARDOWN(r7, 0x1276, 0x0)
close_range(r9, 0xffffffffffffffff, 0x0)

1m43.258582187s ago: executing program 0 (id=1179):
read$FUSE(0xffffffffffffffff, &(0x7f0000000000)={0x2020, 0x0, 0x0, <r0=>0x0, 0x0, <r1=>0x0}, 0x2020)
prlimit64(r1, 0xc, &(0x7f0000002040)={0xfffffffffffffff6, 0xfff}, &(0x7f0000002080))
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000002140)={{0x1, <r2=>0xffffffffffffffff}, &(0x7f00000020c0), &(0x7f0000002100)='%pS    \x00'}, 0x20)
r3 = dup2(0xffffffffffffffff, r2)
sendmsg$ETHTOOL_MSG_LINKINFO_SET(r3, &(0x7f0000002240)={&(0x7f0000002180)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000002200)={&(0x7f00000021c0)={0x1c, 0x0, 0x200, 0x70bd2b, 0x25dfdbfb, {}, [@ETHTOOL_A_LINKINFO_PORT={0x5, 0x2, 0x9}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x4)
clock_gettime(0x0, &(0x7f0000002280)={<r4=>0x0, <r5=>0x0})
clock_gettime(0x0, &(0x7f00000022c0)={<r6=>0x0, <r7=>0x0})
timerfd_settime(r3, 0x0, &(0x7f0000002300)={{r4, r5+60000000}, {r6, r7+60000000}}, &(0x7f0000002340))
ioctl$SNDRV_PCM_IOCTL_HW_REFINE_OLD(r3, 0xc1004110, &(0x7f0000002380)={0x4, [0x2f, 0x4, 0x5], [{0x81, 0x8, 0x1, 0x1, 0x1}, {0x4, 0x1, 0x0, 0x1, 0x1}, {0x100, 0xd8, 0x1, 0x1, 0x0, 0x1}, {0xf8, 0x2, 0x1, 0x1, 0x1}, {0x8, 0x0, 0x1, 0x1, 0x0, 0x1}, {0xc3, 0x0, 0x1, 0x0, 0x1, 0x1}, {0x8, 0x9, 0x0, 0x0, 0x0, 0x1}, {0x4, 0x3, 0x0, 0x1, 0x1}, {0x4, 0xc, 0x0, 0x1, 0x1, 0x1}, {0x0, 0xf, 0x1, 0x0, 0x1}, {0x9, 0x8, 0x1, 0x0, 0x1}, {0x2, 0xffffffff, 0x1, 0x1, 0x1, 0x1}], 0x2})
quotactl_fd$Q_QUOTAOFF(r2, 0xffffffff80000302, r0, 0x0)
keyctl$KEYCTL_CAPABILITIES(0x1f, &(0x7f0000002480)=""/4096, 0x1000)
ioctl$EVIOCSFF(r3, 0x40304580, &(0x7f0000003480)={0x51, 0xb, 0x8, {0xaa8b, 0x93f9}, {0x5b, 0x7f}, @rumble={0xfffd, 0x2}})
r8 = socket(0x8, 0x3, 0xffffffff)
ioctl$KVM_SET_SREGS2(r3, 0x4140aecd, &(0x7f00000034c0)={{0x1000, 0x2, 0xa, 0x57, 0xfd, 0x9b, 0x6, 0x7, 0x11, 0x10, 0x0, 0x9}, {0xdddd9000, 0xf000, 0x9, 0x2, 0x90, 0x2, 0x46, 0x8, 0x3, 0xff, 0x40, 0x5}, {0x4, 0x2000, 0xc, 0x8, 0xf, 0x3a, 0xff, 0x10, 0x6, 0x6, 0x6, 0x4}, {0xeeee8000, 0x80b0000, 0x4, 0x4, 0x4, 0x8, 0x6, 0x6e, 0x0, 0xa8, 0x2}, {0xf000, 0xdddd0000, 0x8, 0x8, 0x4, 0x4, 0x9, 0xb, 0x7, 0x4, 0x4}, {0x4, 0x10000, 0x4, 0x0, 0x1, 0x6, 0x6, 0x10, 0xfc, 0x40, 0x5, 0x80}, {0xeeee8000, 0x2, 0x4, 0x4, 0xe, 0xd7, 0x6, 0x1, 0x6, 0xa, 0x3, 0x4}, {0xd5dd0000, 0x6000, 0x8, 0x73, 0x9, 0x4, 0xef, 0x3, 0x9, 0xf8, 0x80, 0x40}, {0x6000, 0x401}, {0xeeef0000, 0x4}, 0xe0000014, 0x0, 0x3000, 0x8, 0xf, 0x5101, 0xd000, 0x1, [0x9, 0xe, 0x1, 0x6]})
bind$inet6(r8, &(0x7f0000003600)={0xa, 0x4e22, 0x9, @private1={0xfc, 0x1, '\x00', 0x1}, 0x54e}, 0x1c)
ioctl$HIDIOCGFIELDINFO(r3, 0xc038480a, &(0x7f0000003640)={0x2, 0xffffffff, 0x81, 0x101, 0x1, 0x9, 0x3, 0x6, 0x3, 0x4, 0x2, 0x9, 0x3210, 0xb})
ioctl$SNDRV_PCM_IOCTL_WRITEI_FRAMES(r3, 0x40184150, &(0x7f00000036c0)={0x0, &(0x7f0000003680)="f2a67f0ad2a2a2ce86d62093df55a62ce0360f6d031c187a2bf6658addd182d142ad", 0x22})
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000003740), 0xffffffffffffffff)
sendmsg$IEEE802154_LLSEC_LIST_DEV(r9, &(0x7f0000003800)={&(0x7f0000003700)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000037c0)={&(0x7f0000003780)={0x14, r10, 0x300, 0x70bd27, 0x25dfdbfb, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x8c4)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r8, 0x29, 0x20, &(0x7f0000003840)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x8, 0x1, 0xff, 0x3, 0x2, 0x1}, 0x20)
ioctl$VIDIOC_S_TUNER(r3, 0x4054561e, &(0x7f0000003880)={0x8, "890175b699d02f1cf2f3aad818735fd829bf7ff3497e73d0a8b76dcfe36200f3", 0x2, 0x1000, 0x9, 0x1000, 0x10, 0x4, 0x5, 0x2})
sched_rr_get_interval(r1, &(0x7f0000003900))
r11 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000003c00)={0x0, &(0x7f0000003940)=[@wr_drn={0x6e, 0x20, {0x6, 0x8}}, @uexit={0x0, 0x18, 0xffffffff80000000}, @wr_drn={0x6e, 0x20, {0x4, 0x4}}, @wr_crn={0x46, 0x20, {0x0, 0x1}}, @uexit={0x0, 0x18, 0x8}, @code={0xa, 0x66, {"66490f3a16f1472e67460f3566baf80cb878bb1784ef66bafc0cec26430f01f80f20e035200000000f22e066baf80cb880a98887ef66bafc0cb8a01094e5efc482052c160f01b20000010042dce2f266460fbb6300"}}, @in_dx={0x82, 0x20, {0x658b, 0x4}}, @in_dx={0x82, 0x20, {0x9136}}, @rdmsr={0x32, 0x18, {0x33d}}, @in_dx={0x82, 0x20, {0x5606}}, @code={0xa, 0x5b, {"66ba210066ed66410f38818cb3f67c0000b903010040b80001c0feba000000000f3084bd4ebed502f20f0965420fc77500f30fc7b0010000000f01c566ba410066b8ca0266ef470f0119"}}, @code={0xa, 0x60, {"0f01d666baf80cb840e46987ef66bafc0c66ed663640f4672636660ff4db66baf80cb8c9281f8def66bafc0cb000ee6666470f388023c4e23da7b52a110000f30fc7739066410fc77045660fc7705c"}}, @rdmsr={0x32, 0x18, {0x11a}}, @wr_drn={0x6e, 0x20, {0x6, 0x8}}, @in_dx={0x82, 0x20, {0x100000000, 0x4}}], 0x281})
ioctl$KVM_PRE_FAULT_MEMORY(r11, 0xc040aed5, &(0x7f0000003c40)={0xdddd0000, 0xc000})
ioctl$PPPIOCSMRRU(r3, 0x4004743b, &(0x7f0000003c80)=0x4)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r3, 0x40106614, &(0x7f0000003cc0))
ioctl$VIDIOC_SUBDEV_DV_TIMINGS_CAP(r3, 0xc0905664, &(0x7f0000003d00)={0x0, 0x0, '\x00', @bt={0x80000000, 0x400, 0x5, 0x2, 0x9, 0x3, 0x2, 0xa}})
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000003dc0)={{&(0x7f0000ffd000/0x1000)=nil, 0x1000}, 0x5})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000004040)={0x0, 0x0, &(0x7f0000003e00), &(0x7f0000003e40)='syzkaller\x00', 0x7fffffff, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, r3, 0x8, &(0x7f0000003ec0)={0x3, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000003fc0)=[0xffffffffffffffff, r3, r3, r2, 0xffffffffffffffff], &(0x7f0000004000)=[{0x5, 0x5, 0x6, 0x1}, {0x5, 0x4, 0xd, 0x4}, {0x5, 0x1, 0x8, 0x7}], 0x10, 0x1}, 0x94)

1m42.58200477s ago: executing program 0 (id=1180):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000540)=@ipv4_newroute={0x30, 0x18, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0xa}, @RTA_ENCAP={0xc, 0x16, 0x0, 0x1, @SEG6_LOCAL_IIF={0x8, 0x6, 0x3}}]}, 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000100)={0x0, 0x5, 0xffdffff8, 0xffffffff, 0x5, "ff000000000000000000000000000200"})
r2 = syz_open_pts(r1, 0x0)
ioctl$TCXONC(r2, 0x540a, 0x0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000180)=0x57)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000002c0)=0x1)
ioctl$KDSETKEYCODE(r3, 0x4b4d, &(0x7f0000000000)={0x4, 0x6})
ioctl$TCSETA(r2, 0x5406, &(0x7f0000000200)={0xfffe, 0x80, 0xe000, 0xb3, 0x17, "041000"})
ioctl$TCXONC(r2, 0x540a, 0x1)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000140)=0x4)

1m42.32484496s ago: executing program 0 (id=1182):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0)
mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x1805406, 0x0)
mount$fuse(0x0, &(0x7f00000005c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) (async)
mount$fuse(0x0, &(0x7f00000005c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$9p_unix(&(0x7f0000000340)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x5257418, 0x0)
mmap$binder(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x80000000) (async)
mmap$binder(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x80000000)
syz_mount_image$ext4(&(0x7f0000000240)='ext3\x00', &(0x7f0000000280)='./file0\x00', 0xc0ed000e, &(0x7f0000000440)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x10000}}, {@nolazytime}, {@debug}, {@noload}, {@nouser_xattr}, {@dioread_lock}, {@lazytime}, {@acl}]}, 0xfe, 0x478, &(0x7f0000000940)="$eJzs3M9vFFUcAPDvbH9QftmK+AMEqaIRf7W0/JCDBzWacMDERA8YT3W7kMpCDa2JEKLVAx4NiXfj3T/AeNKLUU8mXvVuSIjhAnpaM7szZWl3S7fsdqH7+STTfW/mLe99Z+YxM+/tbgA9azT9k0Rsi4g/I2K4lr29wGjt5eb1S8V/r18qJlGpvPNPUi134/qlYl40f9/WWqZSyfKbGtR7+f2IqXK5dD7Lj8+f/Wh87sLFl2bOTp0unS6dmzx27PChvYNHJ4/Uv21orXGmcd3Y/ensnl3H37vyVvHklQ9+/S5t77Zse30c7TJa27sNPdPuyrpse1066e9iQ2hJX0Skh2ug2v+Hoy82L24bjje/6GrjgI6qVCqVRtfnzEIF2MCS6HYLgO7IL/Tp82++rNOtxz3h2mvVB6D8oad4czH+/ijUEvsGljzfttNoRJxc+O+bdIlWxyH2dahRAMCG9mN6//Nio/u/QjxSSwymfx7I5lBGIuLBiNgREQ9FxM6IeDiiWvbRiHisxfqXzpAsv/8pXF1zcKuQ3v+9ks1t5UtWb15kpC/Lba/GP5CcmimXDmb75EAMbDo1k5QmVqjjpzf++KrZtvr7v3RJ68/vBbN2XO1fMkA3PTU/dTcx17v2ecTu/kbxJ5FP4yQRsSsidq+xjpnnm08I3Tn+FbRhnqnybcSzteO/EEvizyVN5ycnXj46eWR8KMqlg+P5WbHcb79ffrtZ/bfHH0Mtxd8G6fHf0vD8X4x/JBmKmLtw8Ux1vnau9Tou//Vl02eaFs//49uz838webe6YjDb8MnU/Pz5iYjB5MTy9ZO3/rU8n5dP4z+wv3H/3xG39sTjEbEnIvZGxBPZo1fa9icj4qmI2L9C/L+8/vSHrce/wqh8G6XxT9/p+Ef98W890Xfm5x9ajz+XHv/D1dSBbM1q/v9bbQPvZt8BAADA/aJQ/Qx8UhhbTBcKY2O1z/DvjC2F8uzc/AunZj8+N137rPxIDBTyka7huvHQiWxsOM9PLskfysaNv+7bXM2PFWfL090OHnrc1ib9P/V3X7dbB3TcGubRXu1EO4D15/ua0Lv0f+hNif4PPU3/h97VqP9vblp67PuONgZYV67/0LtW0f8Xai+fdbwtwPpy/Yfepf9DT2r63fjCXX3lX6JtiRPPJXEPNGNZIgr3RDM2fqJ/1T9m0UKiMlzr/+maTQ3LLP9tJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgPvR/wEAAP//lDvbhQ==")
getpid() (async)
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
r2 = socket$kcm(0x11, 0x2, 0x0)
setsockopt$sock_attach_bpf(r2, 0x107, 0x14, &(0x7f0000000000), 0x4) (async)
setsockopt$sock_attach_bpf(r2, 0x107, 0x14, &(0x7f0000000000), 0x4)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce"], 0xfdef)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
sendmsg$NFT_BATCH(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000500)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @synproxy={{0xd}, @val={0x4}}}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x24044010)
sendmsg$kcm(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000140)}], 0x1}, 0x0)
setns(r1, 0x24020000) (async)
setns(r1, 0x24020000)
r5 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x15, 0x3, &(0x7f0000000000)=@framed={{0xdb, 0xa, 0xa, 0xfe00, 0xa0, 0x71, 0x10, 0x1d}}, &(0x7f0000000480)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x67, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xd}, 0x94)
mkdirat(r5, &(0x7f00000000c0)='./file0\x00', 0x10c)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
r6 = shmget$private(0x0, 0x2000, 0x2, &(0x7f0000ffd000/0x2000)=nil)
shmctl$SHM_LOCK(r6, 0xb)
syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0)
mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x221809, 0x0) (async)
mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x221809, 0x0)

1m41.875766873s ago: executing program 0 (id=1184):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001e40)={0x6, 0x43, &(0x7f0000001a80)=ANY=[@ANYBLOB="1800000077f80000000000000100000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000184a0000010000000000000000000000b7080000000000007b8af8ff00000000b7080000040000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b70500000800000085000000a5000000d0a8e0ffffffffff1840000003000000000000000000000018", @ANYRES32, @ANYBLOB="00000000000000008520000001000000b7080000000000007b8af8ff00000000b7080000070000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="00000000000000a7000000000000000085000000a5000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000030000008500000006000000850000004b00000018110000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b7080000050000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000010000008500000082000000bf91000000000000b7020000020000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000580)='GPL\x00', 0x6, 0x14, &(0x7f0000000140)=""/20, 0x41000, 0x50, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f00000001c0)={0x1, 0x4}, 0x8, 0x10, &(0x7f0000000400)={0x3, 0x6, 0xff, 0x400}, 0x10, 0x0, 0x0, 0x6, 0x0, &(0x7f0000000440)=[{0x2, 0x3, 0xa, 0x5}, {0x2, 0x5, 0x7, 0x2}, {0x1, 0x2, 0x401, 0x8}, {0x1, 0x5, 0x1, 0x5}, {0x4, 0x2, 0x1, 0x1}, {0x2, 0x4, 0x9, 0xa}], 0x10, 0x5}, 0x94)

1m41.855762428s ago: executing program 0 (id=1186):
syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
setuid(0x0)
write$FUSE_CREATE_OPEN(0xffffffffffffffff, &(0x7f00000004c0)={0xa0, 0x0, 0x0, {{0x3, 0x3, 0x1, 0xff, 0xa56, 0x7ff, {0x3, 0x5, 0x5f, 0x1, 0x3, 0x3, 0x2, 0x3, 0x0, 0x1000, 0x9, 0x0, 0x0, 0xe9, 0x200}}, {0x0, 0x14}}}, 0xa0)
chdir(&(0x7f00000001c0)='./bus\x00')
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000001140)='io_uring_task_add\x00', 0xffffffffffffffff, 0x0, 0xd12}, 0x18)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x0, 0x20}, 0xc)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sched_setscheduler(0x0, 0x2, 0x0)
sendto$inet6(r3, &(0x7f0000000180)="1a", 0x34000, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmmsg$sock(r3, &(0x7f0000000340)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000280)='\x00', 0x1}], 0x1}}, {{0x0, 0x3f, &(0x7f0000000040)=[{&(0x7f00000002c0)="a6", 0x3f}], 0x1}}], 0x2, 0x40448c0)
shutdown(r3, 0x1)
syz_open_dev$vim2m(&(0x7f0000000000), 0x6, 0x2)

1m40.61115144s ago: executing program 33 (id=1186):
syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
setuid(0x0)
write$FUSE_CREATE_OPEN(0xffffffffffffffff, &(0x7f00000004c0)={0xa0, 0x0, 0x0, {{0x3, 0x3, 0x1, 0xff, 0xa56, 0x7ff, {0x3, 0x5, 0x5f, 0x1, 0x3, 0x3, 0x2, 0x3, 0x0, 0x1000, 0x9, 0x0, 0x0, 0xe9, 0x200}}, {0x0, 0x14}}}, 0xa0)
chdir(&(0x7f00000001c0)='./bus\x00')
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000001140)='io_uring_task_add\x00', 0xffffffffffffffff, 0x0, 0xd12}, 0x18)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x0, 0x20}, 0xc)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sched_setscheduler(0x0, 0x2, 0x0)
sendto$inet6(r3, &(0x7f0000000180)="1a", 0x34000, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmmsg$sock(r3, &(0x7f0000000340)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000280)='\x00', 0x1}], 0x1}}, {{0x0, 0x3f, &(0x7f0000000040)=[{&(0x7f00000002c0)="a6", 0x3f}], 0x1}}], 0x2, 0x40448c0)
shutdown(r3, 0x1)
syz_open_dev$vim2m(&(0x7f0000000000), 0x6, 0x2)

18.579850444s ago: executing program 3 (id=1445):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZE(r0, 0x5609, &(0x7f00000000c0)={0x80, 0x8001, 0x3a75})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=ANY=[@ANYBLOB="440000001000090600"/20, @ANYRES32=0x0, @ANYBLOB="adffa888000000001c00128009000100626f6e64000000000c000280050001000600000008000a0079"], 0x44}}, 0xf3ffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)

17.933174051s ago: executing program 3 (id=1447):
sched_setscheduler(0x0, 0x2, 0x0)
syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
mlock2(&(0x7f0000370000/0x3000)=nil, 0x3000, 0x1)
syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = syz_io_uring_setup(0x113, &(0x7f0000000100)={0x0, 0x4, 0x80, 0x2000000, 0x37a}, &(0x7f00000001c0)=<r5=>0x0, &(0x7f0000000180)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r0, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000001000000"], 0x18}, 0x0, 0x40000, 0x1})
io_uring_enter(r4, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000070000000900010073797a300000000040000000090a010400000000000000000700000008a1000a40000000000900020073797a310000000008000a400000000408000540000000040800063fffffff00140000001000010009000000000000000084000a"], 0x88}, 0x1, 0x0, 0x0, 0x20000080}, 0x0)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r7, 0x10000000000)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000300)={0x74, 0x0, &(0x7f0000000600)=[@release={0x40046306, 0x1}, @register_looper, @acquire, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000280)={@ptr={0x70742a85, 0x2, &(0x7f0000000100)=""/43, 0x2b, 0x1, 0x2a}, @ptr={0x70742a85, 0x0, &(0x7f0000000440)=""/237, 0xed, 0x1, 0xc}, @fda={0x66646185, 0x4, 0x0, 0xd}}, &(0x7f00000001c0)={0x0, 0x28, 0x50}}}, @dead_binder_done, @acquire], 0x7, 0x0, &(0x7f00000005c0)="2f9c9ab037e00f"})
sendmsg$rds(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=[@fadd={0x58, 0x114, 0x6, {{0x7, 0x8}, &(0x7f0000000240)=0x6, 0x0, 0x8, 0x4, 0xe, 0x8, 0x0, 0x8}}], 0x58}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002100)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
sendmmsg$unix(r9, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmsg$unix(r8, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x2)
r10 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r10, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp_SCTP_MAX_BURST(r10, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000001080)=0x8)

12.455706339s ago: executing program 3 (id=1462):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xc4c80000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r0 = syz_clone(0x1000000, &(0x7f00000002c0), 0x0, 0x0, 0x0, 0x0)
sendmsg$MPTCP_PM_CMD_SET_FLAGS(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x58, 0x0, 0x8, 0x70bd29, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_TOKEN={0x8}, @MPTCP_PM_ATTR_LOC_ID={0x5}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x7}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x4}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x8}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x2}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x5}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x4}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x7}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x20080, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x1, &(0x7f0000000100)=0x5)
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000018bbdecde39739fcd1df176dde746ec834120600000000003b814e50a959736d6572462abc30ef5b65c70f73ecea54b5e5bea9836c319f653557e79a002208ce996dda659bd5ba0f4ce5c2080002223dc60000000000000044cd0a1e3686873600000000005493b4b81d5b9fa9b40fe4d76afc3a989c6d60044e89eb96e44d01a1034e3797ffa86870b82939f41ffa0f3d726f085663c29cbdc4c766a7eb77cc36160191acf5ae7469c82ab4145b595b987d75912a0fcd1c061835294cc0c618aba204f8adaa20c80108d356cd88cc86177056b06e7068c40f807d9e539f8f5b64a8ee0725aa8d00000000007cb6020d90ea79b8027cf75964dd86c2ed2b5e75779690b5f02ec52830a17b01eaae1c3df076000000000000000000000000000083a48a6b926c668b9b90195018ea3619f9d80a0b894e212178e1a19909d764666264fa29e2c055fd7f8e67c2acfb75f0a8d41692f4542a575ee42ed94a0014fba44985cca9df12fe93bfaccf0122a6e7e593613ac0111701b125cc6799c43aa4ff708dc4a00a6decad26f0378072a571da000000b1a6bdf03fd56697e348b5b494f6fddb9f56142a47a40ef81690a7eca421bd0ad198afa58ce69d61c29deaa93c0efea0df04f20020ee84075b010000003d1be1138de4668e7b6137545708790c501f1ed7f6a571d500"/522], 0x27, 0x5586, &(0x7f00000079c0)="$eJzs3EtvG2UXAOAzTtP71y9CLNh1pAopkWqrTi+CFQVacRGtKi4LVuDYruXW9kSx44SsumCJWPBPEEisWPIbWMASdogFiB0SyDMTaNoGSuM4avs80vjMHL8+874jK9KZiRzAU2sh/e2XJE7FsYiYi4iTSeT7SblF3Im4XIx9LiJOR0Tlri0p838lDkfE8Yg4NSle1EzKtz47Oz5z8ec3f/362yOHTnz+1XcHunDgQD0fEf3VYn+jX8SsU8RbZb4x7uaxf2FcxtUdNfpZkd9or+QVNhrb4xp5PN8pxmer68NJvNlrNCex072Z51cHxQmH4852nckH0luNtfy41V7JY3eY5bGzVZx3c6v427Y1HBV1WmW9j/LyMRptxyLf3mwX61m9ncfmYFTmi7pZq705ieMylqeLZtZr5fNYecSL/Bh4qztY30zH7bVhNxukF2v1F2r1S9X6WtZqj9oXqo1+69KFdLHTmwyrjtqN/uVOlnV67Voz6y+li51ms1qvp4tX2ivdxiCt12vna+eqF5fKvbPpa9ffS3utdHESX+kO1kfd3jC9ma2lxSeW0uXa+ReX0jP19J1rN9Ibb1+9eu3Gux9cef/6y9feeLUcdN+00sXlc8vL1fq56nJ96Sla/8flpP/D+pMHp3/4fm+XDQq7fMEA2N19/X/c2/+H/h+Yur30//3b5fH+9P/xMP1/TLP/n7RU+v9/738rB9D/zof+fx/XD3vyaP3/4anPAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAmftx/ovX852F4vhEmf9fmXqmPE4iohIRfzzAXBzeUXOurDO/y/j5e+bwTRJ5hck5jpTb8Yi4XG6//3+/rwIAAAA8ub68c/rTolsvXhYOekLMUnHTpnLywynVSyJifuGnKVWrTF6enVKx/Pt9KDanVC2/gXV0SsWKW26HplXtocztCEfvCkkRKjOdDgAAMBM7O4HZdiEAAADM0if/+O5LM5sHM5bE9qPM7WfB+X/e//1A8NiO9wAAAIDHUHLQEwAAAAD2Xd7/+/0/AAAAeLIVv/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf7JzP7lpA1EcgJ8Nhv5VUdV9r9IdHKNH6LLLwgF6CY5Ar9ALcAYiZZEjRBBhT5CcgBSJMU7Q90m2M+Po5xlg88bSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXbqpVrN/f77/PTdnuztPntkAAAAAx2yq1az+Y9K0P6b+z6nra2oXEVFGxLHafRCjVuYg5VQn/r96Mob/EXXCvn+cjg8R8SMd91+6/hQAAADgeq0Xy2lTrTentARw2++ouJBm0ab89DNTXhER1eQuU1q5P33LFFb/vofxO1NavYD1LlNYs+Q2PH5vlOshbYPW5XEm8/pLrFtlN88FAAD61K4ETlQhAAAAXIFffQ+AS3he2heH0+E947i5pBeC71stAAAA4A0q+h4AAAAA0Lm6/n9N+/8V9v8DAACA7Jr9/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjSplrN1ovl9NT9+Qtztrvz5JsRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLA/7ygQAmEQBnvXdyZz/8NKg4bGJlUgfPyNwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxf68pEAIBEEUzBn/O+n7H1YS9AwiREDDo4paNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxb799EZRhgEAf3anu1DUWKtpYtVgwkEvUhYEuRqjaTz4EUyassXqIgo9CGnEXryZnrkYPRpjoqm3fgfONOGCNw491MSTh5r5V2bbFRqUmUJ/v+Td99nZ4f23E9Jn3lkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABKm+/Gq+0iTtKXiTwuj93eWp5P641ddWp99c50WtK4VfO4nwCvVd8cn2puIAAAABweSZnfR8TdztpsWrcnsvy/U56T5vw/PJfHZT6/O+/f2Fo+Wnw0Xeb/v/9276WdjiaSrJ+00YXFQf/U3qGMPaYpHnjPP/SMsWzls3svSfaFtD9ceXGzk61n67tbt97vZuGROkYLADyKk2VdBOXfQ2nda3JgABwaY5XEu8z/k4lmxwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQh82VeKaMWxExPXY/Tm1sLc+Pqr9ZvTO9XpRzN2+uVttMm+hExMLioH+qxrkcXOVqXv9sbjDoX7l6re7geESM+OjG/v55Ugz/X8/pRsTQkRMvj2jn4330taudPUFxeUa9aziezu+hJ7eGjrT2LPh727kmLoC6gnbx/TyOLsZr/96Hg/La+/9brvm/IwAAnnqdoqSZ6N3O2mx6rDUZsf3jcP7/RiWOobx/+0Z+JH+/Xsn/731y7na1r2r+36tpfk+CmaVLX8xcvXb9rcVLcxf7F/ufv326907vzPmzZ8/PZPdKZhai7Y4JAAAA/0G3KNX8vz25d///WCWOB+z/51vCef7/5fe9r6t9JfL/ke5v+jU9EgAAgMOouxO98Ppff7ZGnNHqduOruaWlK738def96fy11uE+oiNFqeb/yWTTowIAAADqsLnSGtr/v1CJ4wH7/9Xn/5/96ZVfqm0mETEecTki+ifnLw8u1DedA62OHypnHXWbnikAAABNGS9Kdf+/kz3/39555KEdEW+eiPi7+A1/7DP/Tz749udqX9Xn/8/UOsuDpz2Vr0dWT0WMTTU9IgAAAJ5mR4uSJvt/dNZmP/312Eddz/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1O2fAAAA//+FVSwP")
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f00000003c0)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1)
r7 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000180), 0x0)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$nl_generic(r3, 0x0, 0xc000)
r8 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000600)=[@text32={0x20, 0x0}], 0x1, 0x74, 0x0, 0x0)
ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f0000000100)=ANY=[@ANYBLOB="0400000000000000850400000000000005"])
mlock2(&(0x7f0000018000/0x2000)=nil, 0x2000, 0x0)
ptrace$cont(0x20, r0, 0x4, 0x0)

11.938781813s ago: executing program 1 (id=1463):
socket$kcm(0x10, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x1e)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x40020, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={<r3=>0xffffffffffffffff}, 0x2, 0x9}}, 0x20)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff}, 0x2, 0x6}}, 0x20)
write$RDMA_USER_CM_CMD_BIND(r4, &(0x7f00000000c0)={0x14, 0x88, 0xfa00, {r5, 0x10, 0x0, @in={0x2, 0x4e23, @empty}}}, 0x90)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000540)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000500)=0x1, r3, 0x0, 0x2, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f00000001c0)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000180)=0x1, r3, 0x0, 0x1, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_BIND_IP(r2, &(0x7f00000002c0)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e23, 0xfffffffd, @empty, 0x5}, r3}}, 0x30)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040)={<r7=>0xffffffffffffffff}, 0x2, 0x6}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r6, &(0x7f00000002c0)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000280)=0x1, r7, 0x0, 0x1, 0x4}}, 0x20)
close_range(r1, 0xffffffffffffffff, 0x0)

10.598963069s ago: executing program 1 (id=1466):
sched_setscheduler(0x0, 0x2, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000440)={0x10200, 0x7, 0x10002, 0x1000, &(0x7f0000fff000/0x1000)=nil})
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$IOMMU_VFIO_SET_IOMMU(0xffffffffffffffff, 0x3b66, 0x1)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x5}, 0x2f)
capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000000140)={0x0, 0x3, 0x1, 0x89, 0xfffffffb})
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x15, 0x1e, &(0x7f00000002c0)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {0x7, 0x0, 0xb, 0x6, 0x0, 0x0, 0x5}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0x6, 0x9}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x5, 0x1, 0xa, 0x9, 0x9}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x6, 0x2, 0x0, r1}, {}, {0x46, 0x8, 0xfff0, 0x76}}, @map_fd={0x18, 0x0, 0x1, 0x0, r2}], {{0x7, 0x1, 0xb, 0x8, 0x9, 0x0, 0x4000}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

7.463063402s ago: executing program 1 (id=1475):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x169a82, 0x18c)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f0000000880)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e64000000000000450404000100000017041fffffff0a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d621ffbc9a4fd39b0631f6dde53a9a53608c10556e5734eb84049761471ce540c772e2d9f8004e26f7fcc059c062234d5595f6dba87b81d0806fb0289ce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d70300000000000000d9b912ef9f1dcc4ff8546fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f231b6d753a7be428ba953df6c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8a9f7043e09b9e10dc7777bfae5884e4ba1e9cc4a2a9e99e30816127f46a1aae33d4d63d716c0975e1ce4a655362e7062ff6ab3934555c0184021b829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47910000118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2d727e62b7f097a02dbf8be1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f80492461d273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c528df8000000d8d79c79ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b1e152ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b273940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d1bfa928e2ba458ecd989cb3581a3f270ad48255ac0dad4923e3e36629589ff6b0ceb3438e4b432dd454c04be2d538aaa072b5d7f0a349f1a75f01b5c203d4bdde6ff12de9a3ad97e2edefb5e0b0326bd25f6fd1d108efa9d30a98838156ff00000000000000cdbf91f7582ab314be3e67b8c9459564c856339a80919ecf839560c62e69df8667b274cc53f83f2086cfd2664252471fad9081824d60741d663ee258705c364e162b84a09870acd0a19399103474444f4fa12dcbd10b40195b6088513029b60a34e4161fe48c092693eb07dc8ddcba2eac2efe30b285a877c862c73ff8a60cf73f1b17da0000000000005664181c1f28cd2880e6872bae932eaf4b0000000000007b662c0fe22cfd6d4bd7b851ae928cebeec6375b16af342e93c39d97e5d74d5a8e96c15fdcde7526b0af54b145e61b042c1e600390590a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340), 0xfffffffffffffe19}, 0x42)

6.774953561s ago: executing program 1 (id=1477):
socket$kcm(0x10, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x1e)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x40020, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={<r3=>0xffffffffffffffff}, 0x2, 0x9}}, 0x20)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff}, 0x2, 0x6}}, 0x20)
write$RDMA_USER_CM_CMD_BIND(r4, &(0x7f00000000c0)={0x14, 0x88, 0xfa00, {r5, 0x10, 0x0, @in={0x2, 0x4e23, @empty}}}, 0x90)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000540)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000500)=0x1, r3, 0x0, 0x2, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f00000001c0)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000180)=0x1, r3, 0x0, 0x1, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_BIND_IP(r2, &(0x7f00000002c0)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e23, 0xfffffffd, @empty, 0x5}, r3}}, 0x30)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040)={<r7=>0xffffffffffffffff}, 0x2, 0x6}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r6, &(0x7f00000002c0)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000280)=0x1, r7, 0x0, 0x1, 0x4}}, 0x20)
close_range(r1, 0xffffffffffffffff, 0x0)

6.758146499s ago: executing program 4 (id=1478):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0x17, &(0x7f0000000100)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {0x85, 0x0, 0x0, 0x8}, {0x4, 0x1, 0xb, 0x9, 0x0, 0x8}}, {{0x6, 0x0, 0xb, 0xa}, {0xf}}, [@printk={@lu, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0x2, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x15}}], {{0x7, 0x1, 0x3, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000080)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x103}, 0x90)

5.751687657s ago: executing program 5 (id=1480):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
r2 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xc, &(0x7f0000000040)=@assoc_value, &(0x7f0000000000)=0x8)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, 0x0, 0x0)
r3 = syz_io_uring_setup(0x5c23, &(0x7f0000000240)={0x0, 0x17f6, 0x13290}, &(0x7f0000000440)=<r4=>0x0, &(0x7f0000000040)=<r5=>0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000f1ffffff0000000000100000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='io_uring_req_failed\x00', r6}, 0x18)
syz_io_uring_submit(r4, r5, &(0x7f0000000140)=@IORING_OP_RENAMEAT={0x23, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r3, 0x1, 0x0, 0x1, 0x0, 0x1000000)
bind$inet(r1, 0x0, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_open_dev$I2C(0x0, 0x1, 0x402)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={0x0}, 0x1, 0x0, 0x0, 0x20042042}, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet(r1, &(0x7f0000000580)="17", 0x1d4c, 0x10048095, 0x0, 0x0)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f0000001040)={'wlan1\x00', <r11=>0x0})
sendmsg$NL80211_CMD_SET_TID_CONFIG(r10, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000200)={0x3c, r9, 0x1, 0x70bd29, 0x0, {{}, {@val={0x8, 0x3, r11}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x20, 0x11d, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xb2}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}]}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40800}, 0x0)
r12 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/cpuinfo\x00', 0x0, 0x0)
sendfile(r0, r12, 0x0, 0x1000)
ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000140)={0x106, 0x8001, 0xe, 0x3, 0x7, "63ff08000000000010000100000100000000fc", 0x64, 0x1})

5.653099855s ago: executing program 1 (id=1481):
sched_setscheduler(0x0, 0x2, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000180), 0xe, 0x80)
getpid()
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000000)={[{@bh}, {@dioread_lock}]}, 0xfe, 0x55b, &(0x7f0000000980)="$eJzs3c9vFFUcAPDvbFt+FaUkhKgH04SDGGRLW39g4gGPRokkesdNOzSkW5Z0t4RWEuEgFy+GmBgjifEP8O6R+A/4V5AoCTGk0YOXNbOdhaXdH6UsdGU/n2TgvXmzvHkz8328t283G8DQmsz+KES8GhHfJhGHWspGIy+c3Dhu/cG1uWxLol7/7K8kknxf8/gk/3s8z7wSEb99HXGisLXe6uraYqlcTpfz/FRt6fJUdXXt5MWl0kK6kF6amZ09/c7szPvvvbv1xXt31tY3z/3zw6d3Pjr9zbH173+5d/hWEmfiYF7W2o6ncL01MxmT+TUZizObDpzuQ2WDJNntE2BHRvI4H4usDzgUI3nUAy++ryKiDgypRPzDkGqOA5pz+67z4PqLN8u7/+HGBGhr+5ON90ZiX2NudGA9eWxmlF2JiT7Un9Xx65+3b2Vb9O99CICert+IiFOjo4/1fy9HS/+3c6e2cczmOvR/8PzcycY/b+1tM/4pPBz/RJvxz3ib2N2J3vFfuNeHajrKxn8ftB3/Ply0mhjJcy81xnxjyYWL5TTr27Ju8niM7c3y3dZzTq/frXcqax3/ZVtWf3MsmJ/HvdFN613zpVrpadrc6v6NiNd6jH+TNvc/ux7ntlnH0fT2653Kerf/2ar/HPFG2/v/aK6TdF+fnGo8D1PNp2Krv28e/b1T/bvd/uz+H+je/omkdb22+uR1/LTv37RT2WSSL5o+4fO/J/m8kd6T77taqtWWpyP2JJ9s3T/z6LXNfPP4rP3Hj7WP/27P//6I+GKb7b955GbHQwfh/s8/0f3vkKgnHYvufvzlj53q317/93YjdTzfs53+r8uZPpZ4mmsHAAAAAAAAg6YQEQcjKRQfpguFYnHj8x1H4kChXKnWTlyorFyaj8Z3ZSdirNBc6R5v+TzEdP552GZ+ZlN+NiIOR8R3I/sb+eJcpTy/240HAAAAAAAAAAAAAAAAAACAATHe4fv/mT9GdvvsgGfOT37D8OoZ//34pSdgIPn/H4aX+IfhJf5heIl/GF7iH4aX+IfhJf5heIl/AAAAAAAAAAAAAAAAAAAAAAAAAAAA6KtzZ89mW339wbW5LD9/ZXVlsXLl5HxaXSwurcwV5yrLl4sLlcpCOS3OVZZ6/XvlSuXy9EysXJ2qpUltqrq6dn6psnKpdv7iUmkhPZ+OPZdWAQAAAAAAAAAAAAAAAAAAwP9LdXVtsVQup8sSEjtKjA7GaUj0ObHbPRMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPPJfAAAA//9j0zaD")
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x22051, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xa, 0x7ff}, 0x28)
setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x0, 0x0)
r6 = openat$cgroup_procs(r5, &(0x7f0000000240)='cgroup.threads\x00', 0x2, 0x0)
open_by_handle_at(r6, &(0x7f0000000100)=ANY=[@ANYBLOB="0c0000000100010004"], 0x408100)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={<r8=>0xffffffffffffffff}, 0x2, 0x9}}, 0x20)
r9 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r9, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x2, 0x6}}, 0x20)
write$RDMA_USER_CM_CMD_BIND(r2, &(0x7f0000000380)={0x14, 0x88, 0xfa00, {r8, 0x10, 0x0, @ib={0x1b, 0x7f, 0x10d62, {"5f3cebe55d196e9dd24fbdb43b07efa1"}, 0x5, 0x1, 0x401}}}, 0x90)
write$RDMA_USER_CM_CMD_SET_OPTION(r7, &(0x7f0000000540)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000500)=0x1, r8, 0x0, 0x2, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_BIND_IP(r7, &(0x7f00000002c0)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e23, 0xfffffffd, @empty, 0x5}, r8}}, 0x30)
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

5.113338418s ago: executing program 4 (id=1482):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c010000190001000000000000000000200100000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffbf0000000000000200000000000000000080ffffffffffffff0000000000000000000000000000400009000000000000000000000000000000000000000000000084000500ac1414aa0000000000000000000000000000000033000000000000007f0000010000000000000000000000000000000001030000000000000000000000000000ac1e0101000000000000000000000000000000003300000000000000fe800000000000000000000000a7d44b04bf7dc37e"], 0x13c}}, 0x0)

4.439177782s ago: executing program 4 (id=1483):
r0 = syz_open_procfs$userns(0x0, &(0x7f0000000000))
fcntl$setlease(r0, 0x400, 0xd43cc9553494900a)
ioctl$KVM_GET_XSAVE(r0, 0x9000aea4, &(0x7f0000000040))
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000001080), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000001440)={&(0x7f0000001040)={0x10, 0x0, 0x0, 0x43dde9cb305e9421}, 0xc, &(0x7f0000001400)={&(0x7f00000010c0)={0x330, r1, 0x10, 0x70bd2a, 0x25dfdbff, {}, [@TIPC_NLA_NET={0x5c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x80}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x800}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x5}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0xcc}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xfffffffffffffffe}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x70fa}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x1}, @TIPC_NLA_NET_NODEID={0xc}]}, @TIPC_NLA_LINK={0xd0, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_LINK_PROP={0x44, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xdbb}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xf051}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x44, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xd5b5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x100}]}]}, @TIPC_NLA_NODE={0x10, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xf8}, @TIPC_NLA_NODE_KEY_MASTER={0x4}]}, @TIPC_NLA_SOCK={0x48, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x5}, @TIPC_NLA_SOCK_CON={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0xfffffffd}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x9}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xa}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xf1}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xe}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3fe}]}]}, @TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8}]}, @TIPC_NLA_MEDIA={0xf0, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x10}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xe}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x401}]}, @TIPC_NLA_MEDIA_PROP={0x54, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x873}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x400}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffff}, @TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}]}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x3}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffff}]}, @TIPC_NLA_MON={0x44, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x4ad43b86}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfffffff7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x2}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}]}]}, 0x330}, 0x1, 0x0, 0x0, 0x80}, 0x1)
r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x9, 0x12, 0xffffffffffffffff, 0x8000000)
r3 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000001480), 0x10, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r2, 0x0, &(0x7f0000001540)=@IORING_OP_SEND={0x1a, 0x20, 0x0, r3, 0x0, &(0x7f00000014c0)="e3096cb7c067bf575e10732ec4326a1e173de58dee67d093581c1b0924b457fd4c9124e2edaf6583286f3a89f1834dceb79881af921d00267fa5cdc0b888d61ec7bba69dee9748b46ded53a6ee0586af4dd6255dc6f7f843605b6c8131f86419fc3667198b293d80472d0aab272b2a77742883406d9f53", 0x77, 0x4000001, 0x1, {0x0, r4}})
getsockopt$IP_SET_OP_GET_BYINDEX(r3, 0x1, 0x53, &(0x7f0000001580)={0x7, 0x7, 0x4}, &(0x7f00000015c0)=0x28)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000001600)={'wlan1\x00'})
r5 = syz_io_uring_setup(0x3064, &(0x7f0000001640)={0x0, 0x6802, 0x8000, 0x0, 0x1c6}, &(0x7f00000016c0), &(0x7f0000001700))
ioctl$SG_BLKTRACESTOP(0xffffffffffffffff, 0x1275, 0x0)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000001740)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
r7 = openat$cgroup_ro(r6, &(0x7f0000001780)='blkio.bfq.time\x00', 0x0, 0x0)
r8 = openat$cgroup_ro(r7, &(0x7f00000017c0)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x0, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r7, 0x6, 0xe, &(0x7f0000001800)={@in6={{0xa, 0x4e21, 0x7, @mcast2, 0x810d}}, 0x0, 0x0, 0x2b, 0x0, "9fb0a5f17d3203e04dfc1ca71b802c4ab83d19e1d272b361789b64d17f882770f74198c74f016d8a2b3cf4f0a2c2d14f566ca8cad6a3a4ec63f9c600884de10eb32821b1c42e440149fc6547e21f6304"}, 0xd8)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001900), 0x40800, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r7, 0x4038ae7a, &(0x7f0000001a40)={0xf196, 0xa71, &(0x7f0000001940)="811ef095453beb2c596a10fa38c99f902842897601040112942d6383ecb965dfeb68d5ef41cfd1b449eaff85f27b9febd55d7ef31acffeed1d5b97438fd045ed6f4bc4e057d80f4fdb1818ca2b0fdb02d8a8d74f4ffeb1f15cf685154efc6ba93eac793ca58baf821e864c13ef5e2457bbf8e9116d016b87d666dc81188bf2625dbb4e0a87", &(0x7f0000001a00)="c0b4e0f0299a057701fb2ac1c39b1c4c98aae6eabab3dc0edad88a5b2b6bde143c91ca9e5e2953394f1c7f8c124bbc7ca7feba1c501ee1a00846f9bf90f699", 0x85, 0x3f})
r9 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000001a80), 0x8000, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r9, 0x402c5342, &(0x7f0000001ac0)={0x0, 0x0, 0x6, {0x10, 0x8}, 0x8, 0xffff})
ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r8, 0x8008f512, &(0x7f0000001b40))
ioctl$FICLONERANGE(r5, 0x4020940d, &(0x7f0000001b80)={{r8}, 0x5, 0xa86, 0xffffffffffffff6e})
openat$kvm(0xffffffffffffff9c, &(0x7f0000001bc0), 0x81, 0x0)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000001dc0)={&(0x7f0000001c00)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000001d80)={&(0x7f0000001c40)={0x120, 0x9, 0x6, 0x0, 0x0, 0x0, {0x0, 0x0, 0x8}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_ADT={0x2c, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x82}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBQUEUE={0x6, 0x1d, 0x1, 0x0, 0x9}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_COMMENT={0xa, 0x1a, 'wlan1\x00'}}]}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0xffffff00}, @IPSET_ATTR_IFACE={0x14, 0x17, 'ip_vti0\x00'}, @IPSET_ATTR_PACKETS={0xc, 0x19, 0x1, 0x0, 0x2}]}, @IPSET_ATTR_ADT={0x94, 0x8, 0x0, 0x1, [{0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_NAMEREF={0x9, 0x13, 'syz2\x00'}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_ETHER={0xa, 0x11, @random="299115e8455e"}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x4}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @rand_addr=0x64010100}}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_NAMEREF={0x9, 0x13, 'syz0\x00'}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CIDR={0x5, 0x3, 0xa}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_BYTES={0xc, 0x18, 0x1, 0x0, 0x7fffffffffffffff}}, {0x1c, 0x7, 0x0, 0x1, @IPSET_ATTR_IP2_TO={0x18, 0x16, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @mcast2}}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e20}}]}]}, 0x120}, 0x1, 0x0, 0x0, 0x100}, 0x44084)
ioctl$UFFDIO_WAKE(r7, 0x8010aa02, &(0x7f0000001e00)={&(0x7f0000fff000/0x1000)=nil, 0x1000})
fsconfig$FSCONFIG_SET_PATH_EMPTY(r7, 0x4, &(0x7f0000001e40)='/dev/ubi_ctrl\x00', &(0x7f0000001e80)='./file0\x00', r8)
socket$inet6_sctp(0xa, 0x1, 0x84)
futex_waitv(&(0x7f0000002a00)=[{0x7, &(0x7f0000001ec0)=0x4, 0x82}, {0xff, &(0x7f0000001f00)=0x23a8, 0x82}, {0xfffffffffffffff7, &(0x7f0000001f40)=0xffffffffffffffff, 0x82}, {0x21, &(0x7f0000001f80)=0xff, 0x2}, {0x0, &(0x7f0000001fc0)=0x7, 0x82}, {0x5, &(0x7f0000002000)=0x9, 0x2}, {0x5, &(0x7f0000002040)=0xf9bf, 0x82}, {0x2, &(0x7f0000002080)=0x10, 0x3a97622ed01c7667}, {0x781, &(0x7f00000020c0)=0x4, 0x2}, {0x3, &(0x7f0000002100)=0xc0000, 0x2}, {0x7fffffffffffffff, &(0x7f0000002140)=0xfb, 0x2}, {0x4, &(0x7f0000002180)=0x2, 0x82}, {0x7, &(0x7f00000021c0)=0x17c24229, 0x2}, {0x6, &(0x7f0000002200)=0x2, 0x2}, {0x401, &(0x7f0000002240)=0x5, 0x2}, {0x100000000000000, &(0x7f0000002280)=0x2, 0x82}, {0x2, &(0x7f00000022c0)=0xda23, 0x82}, {0xe11, &(0x7f0000002300)=0xffffffff, 0x82}, {0x7ff, &(0x7f0000002340), 0x2}, {0x8, &(0x7f0000002380), 0x2}, {0x8, &(0x7f00000023c0)=0x7, 0x82}, {0x9a3c, &(0x7f0000002400)=0xffffffff00000001, 0x2}, {0x6, &(0x7f0000002440)=0x1, 0x82}, {0x3, &(0x7f0000002480)=0xfffffffffffffffc, 0x2}, {0x4, &(0x7f00000024c0)=0xffff, 0x2}, {0x80000000, &(0x7f0000002500)=0xffffffff, 0x2}, {0xffffffffffffffff, &(0x7f0000002540), 0x82}, {0x2, &(0x7f0000002580)=0xfffffffffffffc32, 0x2}, {0xaa72f12, &(0x7f00000025c0)=0x7, 0xa617fe049f6ef1b9}, {0x7, &(0x7f0000002600)=0x4, 0x82}, {0x7fff, &(0x7f0000002640)=0x2, 0x2}, {0x1400000000, &(0x7f0000002680)=0x80000000, 0x82}, {0xffffffffffffffff, &(0x7f00000026c0)=0x5, 0x82}, {0xf, &(0x7f0000002700)=0x8, 0x2}, {0x9, &(0x7f0000002740)=0x4e45, 0x82}, {0x8, &(0x7f0000002780)=0xe, 0x82}, {0x9, &(0x7f00000027c0)=0xfff, 0x2}, {0xfffffffffffff5f1, &(0x7f0000002800)=0x9, 0x82}, {0x10, &(0x7f0000002840)=0x80000001, 0x82}, {0x6, &(0x7f0000002880)=0x100}, {0x5, &(0x7f00000028c0)=0x5, 0x80}, {0x6, &(0x7f0000002900)=0x1, 0x2}, {0x7fff800000, &(0x7f0000002940)=0x7, 0x82}, {0x4, &(0x7f0000002980)=0x4, 0x2}, {0x7, &(0x7f00000029c0)=0x9af1, 0x82}], 0x2d, 0x0, &(0x7f0000002e40), 0x1)
ioctl$vim2m_VIDIOC_G_FMT(r8, 0xc0d05604, &(0x7f0000002fc0)={0x3, @win={{0x3, 0x3, 0x3, 0x7}, 0x4, 0x3, &(0x7f0000002f00)={{0x36, 0x7, 0xa7a, 0x9}, &(0x7f0000002ec0)={{0x101, 0x72, 0x9a5f, 0x1}, &(0x7f0000002e80)={{0x2, 0xa1, 0xffffffff, 0x1}}}}, 0x1ff, &(0x7f0000002f40)="ceefbbf854ee23ffd88b73e7ebff34b045294c6fe8ae8c2cbc84df24428d868c6e56dff22be6ebb02e488e18763bd0eacf54e9d794c0fe72c569d2af6abbde5007a11d2854a6f9459f047351d710bba4eb961afdcc2931fb62d04fffdc85d2fdb67eb18c46e648c961dcbf1a8d04"}})

4.438413361s ago: executing program 5 (id=1484):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x1000)=nil, 0x1000, &(0x7f0000000040)='}\x00')
madvise(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0xc)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
socket$packet(0x11, 0x2, 0x300)
write$P9_RSTATu(r4, &(0x7f00000004c0)={0x232, 0x7d, 0x1, {{0x500, 0xf1, 0x0, 0x400, {0x0, 0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x1f, '\x04nodev{cvfox%\xff\xff\xff\x81\x02\x00\x00\x00\x00\x001\xff\xce\xbc\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00;Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x05\xb4\x94\xe1', 0x12, '\xcf\xc2\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3\x13\xf6\x00', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x03\xe8\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xd4\x89\xdad\x9a7\x00'}, 0x12c, 'odev-n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x232)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x800000009)
openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x10031, 0xffffffffffffffff, 0x65be1000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)

4.196821957s ago: executing program 1 (id=1485):
syz_open_dev$ptys(0xc, 0x3, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
r1 = socket$inet6(0xa, 0x2, 0x0)
sendmmsg$inet6(r1, &(0x7f00000006c0)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfffffffc}, 0x1c, 0x0}}, {{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000240)="aa", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000340)="ced98c1a5f5a93258dfa9a8c31878af8d7be921a531da9e6c50efdba96722424d55ce610a4d9b534b3aa09618dfc04f5504e30a263ad3fedf0a7381a8a", 0x3d}], 0x1}}], 0x3, 0x2000c8c0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r2)
sendmsg$NLBL_CIPSOV4_C_ADD(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000140)=ANY=[@ANYBLOB="d0000000", @ANYRES16=r3, @ANYBLOB="010000000000000000000100000008000100000000000400048008000c8004000b800800020001000000a00008801c0007800837d73ec300000008000600000000000800050000000000240007800800050000230000"], 0xd0}}, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10)
sendmsg$NBD_CMD_RECONFIGURE(r2, &(0x7f0000000380)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000140)={0x54, 0x0, 0x31, 0x70bd27, 0x25dfdbfe, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x3c}, @NBD_ATTR_SERVER_FLAGS={0xc}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}]}, 0x54}, 0x1, 0x0, 0x0, 0x20004044}, 0x40000)
sendmmsg$inet6(r1, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000280)="93503d", 0x3}], 0x1}}], 0x1, 0x40)
recvmmsg(r0, &(0x7f00000046c0)=[{{0x0, 0x0, &(0x7f0000000800)=[{0x0}, {&(0x7f0000001280)=""/79, 0x4f}], 0x2}, 0xc8b}], 0x1, 0x120, 0x0)
syz_usb_connect(0x3, 0x36, &(0x7f0000000200)={{0x12, 0x1, 0x0, 0xac, 0x2d, 0x8c, 0x20, 0xc52, 0x2861, 0x137, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x89, 0x1, 0x2, 0x87, 0x70, 0x2a, 0x0, [], [{{0x9, 0x5, 0xc, 0x10, 0x20, 0x8, 0x4, 0x4}}, {{0x9, 0x5, 0x8, 0x1, 0x0, 0x8, 0x2, 0x7}}]}}]}}]}}, 0x0)

3.491771318s ago: executing program 5 (id=1486):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000600)=ANY=[@ANYBLOB="c4010000100033060000000000000000ac141425000000000000000000000000ac1e00010000000000000000000000000000000000000000000000ea00000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000003200000000000000000000000000000000000000fdffffffffffffff00000000000000000000000000000000cd2d0000000000000000000000000000000000000000001a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000"], 0x1c4}}, 0x0)

3.441135015s ago: executing program 4 (id=1487):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000ff0d1400bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000bd000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000c80)={r0, 0x2000012, 0xffe, 0x0, &(0x7f0000000c40), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = syz_usb_connect(0x4, 0x0, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000300)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0x64, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="640000000206010200000000000000000000000015000300686173683a69702c706f72742c6e6574000000000900020073797a32000000000500040000000000140007800800124000000000050015002200000005000500020000000500010006"], 0x64}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)={0x1c, 0x3, 0x6, 0x401, 0x0, 0x0, {0x7}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x10)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_open_dev$vim2m(0x0, 0x0, 0x2)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x4, &(0x7f0000000240)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r7}, 0x18)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
lgetxattr(0x0, &(0x7f0000000280)=ANY=[], 0x0, 0x0)
r8 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r8, &(0x7f0000000340)={0x0, 0x20, &(0x7f0000000080)={&(0x7f00000003c0)={0x38, 0x1403, 0x1, 0x0, 0x25dfdbfb, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'ip6gretap0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x200808e4}, 0x4008000)

3.440447272s ago: executing program 3 (id=1488):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZE(r0, 0x5609, &(0x7f00000000c0)={0x80, 0x8001, 0x3a75})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=ANY=[@ANYBLOB="440000001000090600"/20, @ANYRES32=0x0, @ANYBLOB="adffa888000000001c00128009000100626f6e64000000000c000280050001000600000008000a0079"], 0x44}}, 0xffffffd9)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)

3.42185054s ago: executing program 6 (id=1489):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
getsockopt$IP_VS_SO_GET_DAEMON(r0, 0x0, 0x487, &(0x7f0000000100), &(0x7f0000000200)=0x30)
getsockopt$sock_buf(r0, 0x1, 0x19, 0x0, &(0x7f0000003080)=0x29)

3.24955623s ago: executing program 5 (id=1490):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket(0xa, 0x3, 0x3a)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001080)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce60300c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35179bd223ec839bc16ee78076e0dc8cedf3ceb9fbfbf9b0a49ef23d430f6296b32a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e898d3b3e22278d00031e5388ee5c867ddd58211d6ece1ccb0cd2b6d3cffd962867a3a2f624f192daa94a0c556f3218ce740068725c37074e468ee207d0f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff020000000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9f74fbe9c3c6fca5cbfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409e26183524cf5cc1b83d34889f40159e800ea2474b540500a30b23bcee46762e2c93bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ff80e87adf394c7bbdcd0e0eb52162e0c410ade7a36b26a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eede0068ca1457870eb30d211e23ccc8e06dddeb61799257ab5000013c86ba9affb12ec757c7234c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad1e1f4933545fc3c741374211663f6b63b1dd044dd0b2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff75067d2a214f8c9d9b2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869ba2f3caba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958ad009995ae166deb9856291a43a6f7eb2e32cefbf463789e1f79b8d4c22be89f44b032dad13007b82e6044f643fc8cd0e30c378b4a88c39c117d27326850a7c3b570863f532c218b10af13d7be949870c9920c2d2a53b384e88862ee92fa7c3ae6c08384865b66d2204c2e4f3ae20bf279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522e8dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f24a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a25468e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be42827dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361f399d7c091d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2ddf4c4d26f1cdd8c3c9736cf5e5082de3b484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b0033f8dfe0fd9bb2a70801f763524e1d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cfcb9066668627820d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8fc90f000000000000eef2e5eb804b9d52099fbd404e8ece970f67736ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e942e35c4baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e84256f2d62d03cab53aa50c3e6000000000000000000000000000000000000283cbeeb000000000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edf0a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b5b1dfa9fd31df213c88b404797056fd3baa8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab517124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221f05e6ca8c705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f12fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612aa25d6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e030000000000000000000000e14908d973262569d0d6ce62cf3a30aa342f960e838fa39b97e0bf1bc6482bb99717d37b7a54d1e9d794b527a8317efbb1d5f9988e00283c36089e9ab5ee537124396e2964776eb5f02b739260b1371c97158d84ecfd6fadede98c608f4fab805c43e8eaa367f1bf2fad8ccdb058e16c810ddcc543ae417a92f0de850d4180ff08bd2857ebfef435ad23a0cc7bfe8a7928cd9d4ed249cdfc7fcdcf5275c93483be5ebb81af35375e441b09c908e45df79d3b00f031b0ec1e9f3683ded75b1fc9f72af8d690356f9bd26e8ee631b5775b60659ef1aeb789b54aad2004eea0ff225f69a62632574a2a135aa6313aabb5a7fe3ed2a77579ceb4d4af57252a4e8b3aa2a1edb8d6e79eb4aa8b9e9c470d7b53d6d2fd095119a441e19d348e8a774808dbde6b1d4ff83ff3ba6ebfaa4d48f8ce0577e20ea2fe2213946e416d0e08c15016b39eeac426be0a69014bd81d9adb00"], &(0x7f0000000140)='GPL\x00', 0x30010000}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000900)={r3, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, 0x0, 0x40000)
r5 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@remote, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in6=@mcast2, 0x0, 0x2b}, 0x0, @in=@empty}}, 0xe8)
r6 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r6, 0x1, 0x8, &(0x7f00000001c0), 0x4)
sendmsg$key(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x10}}, 0x0)
sendmsg$key(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB], 0x10}}, 0x0)
r7 = socket$inet6(0xa, 0x3, 0x1)
setsockopt$inet6_IPV6_XFRM_POLICY(r7, 0x29, 0x23, &(0x7f0000000340)={{{@in=@rand_addr=0x64010100, @in=@multicast2, 0x0, 0x1, 0x4, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x3}, {}, 0x0, 0x0, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0x33}, 0xfffffffd, 0x2b}, 0x0, @in6=@dev={0xfe, 0x80, '\x00', 0x2}, 0x0, 0x0, 0x0, 0xfd}}, 0xe8)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=@updpolicy={0xb8, 0x19, 0xfd3649826d894c67, 0x0, 0x0, {{@in6=@dev={0xfe, 0x80, '\x00', 0x8}, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {}, 0x0, 0x0, 0x0, 0x1}}, 0xb8}}, 0x4000000)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r9, &(0x7f00000004c0), 0x1)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={{0x14}, [], {0x14}}, 0x28}}, 0x0)

3.14382952s ago: executing program 6 (id=1491):
socket$kcm(0x10, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x1e)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)
mount$bpf(0x0, 0x0, 0x0, 0x40020, &(0x7f0000000480)=ANY=[])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={<r3=>0xffffffffffffffff}, 0x2, 0x9}}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x2, 0x6}}, 0x20)
write$RDMA_USER_CM_CMD_BIND(0xffffffffffffffff, &(0x7f00000000c0)={0x14, 0x88, 0xfa00, {r4, 0x10, 0x0, @in={0x2, 0x4e23, @empty}}}, 0x90)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000540)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000500)=0x1, r3, 0x0, 0x2, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f00000001c0)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000180)=0x1, r3, 0x0, 0x1, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_BIND_IP(r2, &(0x7f00000002c0)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e23, 0xfffffffd, @empty, 0x5}, r3}}, 0x30)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040), 0x2, 0x6}}, 0x20)
close_range(r1, 0xffffffffffffffff, 0x0)

2.143238196s ago: executing program 3 (id=1492):
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r0, 0x400c330d, &(0x7f0000000040)={0x5, 0x8})
r1 = socket(0x10, 0x803, 0x0)
r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$vhost_msg_v2(r2, &(0x7f0000000640)={0x2, 0x0, {0x0, 0x0, 0x0}}, 0x1a)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000016c0)={0x2, &(0x7f0000001680)=[{0x6c}, {0x6}]})
sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x32}}, 0x0)
r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, &(0x7f00000000c0)={'pcl726\x00', [0x4f26, 0x6, 0x2, 0x401, 0x1, 0xcc7, 0xfff, 0x5c952399, 0x5, 0x3ff, 0x802, 0x1600, 0x1, 0x1, 0x9, 0xe1cb, 0x6, 0xfffffff8, 0x4, 0x395, 0x80001089, 0xfffffffd, 0x0, 0xfffffff5, 0xffffeadb, 0x3, 0x40003e, 0x8, 0x4, 0x8000000, 0x100]})
getsockname$packet(r1, &(0x7f0000000440)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001500)=0x14)
r4 = syz_open_dev$vbi(&(0x7f0000000080), 0x3, 0x2)
r5 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000100), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="14000000100001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$WG_CMD_SET_DEVICE(r6, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c020000", @ANYRES16=r5, @ANYBLOB], 0x21c}, 0x1, 0x0, 0x0, 0x20040010}, 0x4008804)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x40, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
r10 = dup(r9)
ioctl$KVM_SET_MSRS(r10, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000008000082000040"])
ioctl$VIDIOC_S_OUTPUT(r4, 0xc004562f, &(0x7f0000000000)=0x1)
ioctl$VIDIOC_S_DV_TIMINGS(r4, 0xc0845657, &(0x7f0000000380)={0x0, @bt={0x2d0, 0x190, 0x1, 0x0, 0xb, 0x1, 0x7, 0x1, 0x2, 0x4, 0x722, 0x13, 0x0, 0x7f, 0x3e, 0xb763599953cb091d, {0x0, 0x6fd8e84b}, 0x0, 0xed}})
getsockname$packet(r1, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
r11 = syz_genetlink_get_family_id$l2tp(&(0x7f00000008c0), 0xffffffffffffffff)
syz_usb_control_io$printer(0xffffffffffffffff, 0x0, 0x0)
sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r11, @ANYBLOB="01002cbd701004000000050000000600010005000000080009009d9318bb3d68a4b594b7e853899feb883c9d7b000008000c00a86ce5b6"], 0x34}, 0x1, 0x0, 0x0, 0x20008000}, 0x30)
sendmsg$L2TP_CMD_TUNNEL_MODIFY(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xa204}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r11, @ANYBLOB="000129bd7000fedbdf2503c54fe5cea2e9cfc800000000000000"], 0x20}, 0x1, 0x0, 0x0, 0x4000}, 0x20000000)

1.683247577s ago: executing program 6 (id=1493):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[], 0xa8}}, 0x0)
sendmsg$NFT_MSG_GETFLOWTABLE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="2c000000170a01080000000000000000020000000900010073797a3000000000090002"], 0x2c}, 0x1, 0x0, 0x0, 0x40080}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
getsockopt$IP_SET_OP_GET_BYNAME(r0, 0x1, 0x53, &(0x7f0000000240)={0x6, 0x7, 'syz1\x00'}, &(0x7f0000000280)=0x28)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xd, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)
sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=@newqdisc={0x140, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r7, {0x3}, {}, {0x2, 0x1}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x108, 0x2, [@TCA_GRED_STAB={0x104, 0x2, "bb9e7ec07552af55454469e3b0a9d418f0ac62d0dd67d862e222495cc4275d34376817f53385800d592867e3155c85549f9649e096b3cdf362ed9aa37926f3b910cd8f6c42af3ea9bf0f987e3fcdb754df7a23c8c843598cf1e895962481da9208484c6d74fd5f35500967f2f17474293dbaf16ef1c57648c546079058bcaa51cfa3bc7011f99d7c09d8a80f7193702b9d60b8ff1a06e3b61d3faa850eb1c4c8fb0828c956ec912b6557bdb8018bee2501a58119e24a0ce8aef1eb317a2486ce288f42f55537eace30464854ad1bb45dbb14e4ca06635e103c365a132438672683d451a32e7bd1e73771bc9d3ea7e373f740ec6814b65cb189e2436e34dcc51f"}]}}, @TCA_RATE={0x6, 0x5, {0x40, 0x2}}]}, 0x140}, 0x1, 0x0, 0x0, 0x40098}, 0x4000000)
r8 = socket(0x23, 0x80805, 0x0)
listen(r8, 0x0)
poll(&(0x7f0000000000)=[{r8, 0x9081}], 0x1, 0x2)
setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r8, 0x84, 0x4, &(0x7f0000000300)=0x2, 0x4)
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r9 = syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r9, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r9, 0xc01064b5, &(0x7f0000000140)={0x0})
r10 = syz_open_dev$vbi(&(0x7f0000000040), 0x1, 0x2)
ioctl$VIDIOC_G_AUDOUT(r10, 0x80345631, &(0x7f00000000c0))

1.283803931s ago: executing program 6 (id=1494):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
shmat(0x0, &(0x7f0000ff9000/0x1000)=nil, 0x4000)
shmctl$IPC_RMID(0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa10000000000000701"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x54, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10)
syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x20400, 0x0)
ioctl$COMEDI_DEVCONFIG(r5, 0x40946400, 0x0)
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, 0x0, 0x0)
bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000200000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a310000000084000000060a010400000000000000000100000008000b40000000005c0004802c000180090001007866726d000000001c0002800800024000000006050003000000000008000140000000092c00018008000100636d7000207387690500038005000100ac000000080001400000000908000240000000050900010073797a3000000000140000001100010000000000000000000000000a88f17fd060"], 0xf8}, 0x1, 0x0, 0x0, 0x4}, 0x0)
setsockopt$SO_BINDTODEVICE_wg(r0, 0x1, 0x19, &(0x7f00000003c0)='wg1\x00', 0x4)
connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @multicast2}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x6)

874.826304ms ago: executing program 5 (id=1495):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001e40)={0x6, 0x43, &(0x7f0000001a80)=ANY=[@ANYBLOB="1800000077f80000000000000100000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000184a0000010000000000000000000000b7080000000000007b8af8ff00000000b7080000040000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb702000008000000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b70500000800000085000000a5000000d0a8e0ffffffffff1840000003000000000000000000000018150000", @ANYRES32, @ANYBLOB="00000000000000008520000001000000b7080000000000007b8af8ff00000000b7080000070000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="00000000000000a7000000000000000085000000a5000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000030000008500000006000000850000004b00000018110000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b7080000050000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000010000008500000082000000bf91000000000000b7020000020000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000580)='GPL\x00', 0x6, 0x14, &(0x7f0000000140)=""/20, 0x41000, 0x50, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f00000001c0)={0x1, 0x4}, 0x8, 0x10, &(0x7f0000000400)={0x3, 0x6, 0xff, 0x400}, 0x10, 0x0, 0x0, 0x6, 0x0, &(0x7f0000000440)=[{0x2, 0x3, 0xa, 0x5}, {0x2, 0x5, 0x7, 0x2}, {0x1, 0x2, 0x401, 0x8}, {0x1, 0x5, 0x1, 0x5}, {0x4, 0x2, 0x1, 0x1}, {0x2, 0x4, 0x9, 0xa}], 0x10, 0x5}, 0x94)

822.595972ms ago: executing program 5 (id=1496):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5b}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, 0x0, 0x0)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000009940)=[{{&(0x7f0000000000)={0xa, 0x4e24, 0x6, @loopback, 0x3b1}, 0x1c, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='$\x00\x00\x00\x00\x00\x00\x00)\x00\x00\x002\x00\x00\x00 '], 0x28}}], 0x1, 0x10)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(aes))\x00'}, 0x58)
r5 = accept$alg(r4, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000480)="b19ccccf84f531d9ec214627c11430c1", 0x10)
sendmmsg$alg(r5, &(0x7f0000001bc0)=[{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000001c00)="5985d20392a438a118753a61ccd1d0e83101f02653a3db12a8785d9bcc59b58251f9ae571dc6a2d023b82407fbb8ae52a24b445059869df6095b826013c10bb7745d9edc0ef211452945180b52cc3986fb74d70cdc0194be37b376d2d4798d4e4463d042b1a462e80d80915fcffca56f2e0f5a6b6bff7e43eb6c80c1a8e85c077f4e980c3aa7b4b34562044059224e7280a86d55356ca279765d0943a185ac585ba7355885a40b0f4d02e5afe7b154deb20048d62307273f7069b86987af5b7fd9272d1ed5a9891e493deafa8a98f30c86803d00028221b891d3ae3437e26e9e0bbb0c152036ffebc06c5aa3fe55480e68414e7283793c5f93bf95ee471bf2b70abf696bb304bbecce852fd81439df022489675c1827a96f824378a80ce5338143bbc8fc3b1955bba34f2121cf485212c7cd8b50d81382605d28573b46b376e1092560f6d76c8ee2c4ebd9cf88665cec5acd5c2bb34ed1ce0338a7c1c8583914be1ef3a054e91f35a82147c0ef819f7971e12c18c5314df9e06bbbea133f82e638fd4646fb6a517fe75130f65392e8e1456fff3ae5cc7298b7bd6e7ea141808b4b4ec6930e7ee97e802a9a5c37c7bfaf6f8fd113b1e713e9d07cf0ddddf91965c29dbcc7a6478a071efe498458ee8428baeacd171ca321a88863d747ae8ba633f835401e66c831bec8d66ede3a6be8c9d6cd2e543df191a661d934e115c49db11cd3382aa4c378ea27b37078e4dbd52d5237873388f0b114dbcd77332e3cae456d8a96465a763709b9e33255b9648f186ae462f585dd729676a66e5dcba00b76ef82b9926d820d1f81f2ef2bdedb9727bc9b8420a16af0a3d49bfabaf53637b5712cd1efcfecefea443d99749398406a15af44464330fcc7ae05bc1319a403f17320384adf670171b10572b7a3c29224327d4da0cc98605adb69b143b75f495c3ee34b0e2df6119cdecfc9c14adac77c00225ba394a33c2031f7fd6fd5c51603133fd282b714d0206a61dcbfd9826847751c0828c7258b75739fc0f26cb4f5037652f608bfd156660b8ca43069fdfd27dc658b768b0842a71bd2191064e7c343710b26b4f94900dea847881b9269a250b165aa5b32cb02e853e01df7283f5aae557f555cdd110ffa52c5c702cb214934c5aa8a99c87b2ec9dd6717693827029ad477fa822c84c83303d04a6db313af73b83ef53d0caae2a0de16e13746d092a2e6260638245c57bf2904740ef4d4385b3fd888ea17795c712dbce6a559c71a8425deab805f99ec9f16cf268c5c6cb6cbbefe71115e62c85e9a0940b96a19a49b4a9373250c5b7a2446b4393aaa144ba32a9a0fff5cffc515d48691911a84ef869af3c3b08db4d8e44279b8ecf0753e88e5405897b4050db08c254cf0ff5b69a045bc62049218a573c6a395148454953a72768ddbd4326a0d247a0a4571ea894875a2f899f47487c3d2b62e51d8239633d3421fd79b0c32d05b99256614accf64ee6e2d51a3bdd221e79d6475e6ac68159923977200feba975e290d768d7255416a06c8f161fa39f7a04c4651d420f1d96703cb3773bd2a2a0c37b1603151c4cc47f0699900849509534f8ec5131cfee5d96d598e28d571328ca037a34ba31aa5e6d51fe2604f8316545f129f0ae8e0856888d3315ed22f6246852df12d67e3a64e7891df946b81495189341e9401406037cfb31490fcff4fc0406f2f70e2cabcd0fb8adeec4be909526dfa252a5aee0435df3a07e0897b86eaff8dd190f466b2a81e8a37ffb577bfb5feddefb292809c1d925c2f9cf27380dc78e74d74ceb1d31ebe84bbd2e6ce48dded3c55203966896ad1458d3d3095b9bacf250416ee27aa73a5c5d6ec6b2c9c323759ffe97df44481f796f4762e3245c0a88fd129dbafde688f2c57445665c623025a76748a9931a7f67c53faa4a155c9ba5caa38986462e48db7c580749bd372955244c9d4a17631f24b9b64036de9e97147b7056dcb54652fca36a037d0c3f754a303c594d8e04f706fe75e8f19607e6cc94ac60d83b4fc620a00b52605323391f3e005dcdb9be443b59d89760b605f32c07bef27a326863e07d770e7bb2853354f6404a83d099559e5a25849bd16c6381354ec45df14e3e16099a0cc299256118be93e47c025b01a2fe899c81411c8f6b74808562ecb2f91b8688b1617b93516b29162bf71db6e2dbee1ba98fba3cf6e7f56d90fbf017d2d81d2411515d73272bc167a55770deacb3d79dcfa1cb9c27e27585b521d3900e4fb280c1ba1f9e956bd1326bf162255f66b0189ae648a402e48cc61fdd20fd3a09070c88167730bf80b34cecfcb37a4046552d1b345f66c97fb67f1993990e55e43ee58372455864de62d636d836477fca1ca355bce2eed04ca30751ad642e61862d1e29886b9acc5be9d6ab7e6eab7c89a7ebde051116ae5f12432caa8228c4dddb5221f7f5fafeef8d397ee0c7d94dfcd2fade21947c98bd89b071f4e24dfb43b46f1db5f1276d8d71e3cccca479cb612be6bd02e6f188403b85022ed0e9d42f9c4531a11659bfd144b4a49b6659be2a548658a66d7faa44622742d7c42d7f90caa2ca3a24d10c993a9b1c814f4e0b735615cbd9c00d6bf444d0ae1071f2b74023d2e53b9d2b79f6ddaeadcef3bcc5d13971b7f9c7e72d1a431e1d79234e1dab13ee758f741777d836905c7873de0192ecda15d3a224331fc2222f6793edd69da51befe4f772ec696e4e4e5deba877b52b91d8b7de4fd151e1009134cebf4a353e6219b21f131487b3fba0f4b7e39626c5c7583ed5073086ff735ce19cb786e8d1bf359b4c3a7bc29bbf9d441d914d7e842b88f0868d0f6a6fd41624271ad5e166d677ea5109b6c8e9d2fdfff9e944e9c9ad50b3cde7e3f229e2bbf81c6aaa7b7c8e5700362000b6509942bbed25253e0833a5f7a71975b780472ed6f3da3a2ba162f20b3b90d4a084acbb137129bbd9b65f3e9ba6886241d80ee90dcf7d64050d52e8550f21262a88395ca06b83a5b5d9c05426582c86fe7753019a71ecc84c59fae3239d195246306f153b301629fbc6bd6e3fbc6aff7d35d79c5c8046b61ec70e2b7356c9400477778990364091be2b74bdab711f5561ff137021fdf9e82a35fd5bf85673bbb2944cf1f36a2e25fa4dd948525621f7a14dc3c8d1e1f1ec9d334dddcf7f9487f3d3ec60106becfddc15ece3850215aa3231a543264263757c6417adde58eb6b624096ac5c7b96e4e294cc935ad9315669d03b80522e5b7f6207e325cc5e9a33cdd8d5512aa388e452674a936826d47f23097d33c4e4a1f2f0802a2b9be2a608f2f0ff27f6b041d70d268f848687d45e6e510691ad516c7d7038d4153fb30415e425a4cb9d879aee8ffbca65df46876151af9a583d9a3fb331fb1b616a8007fddba31bee77e420172cd2a2a140a3376db47d7336d958bfa6f4ae80f78310c9043a184258dbaa9bba0c2482d7eb70c2bd94d52587fb92fd80c58110b05ad6eb1623009cd263deb3cb219bfde713ef738dfed0b1c6254177d939e8c358cc69ddfa3e31aa4c3cbfe384d96749217ff3b2b45a15f34403fe327aa2f805d1eaf7ee7f187070032eceba18a11e4ccf7c2e3a4d5c72d1db7b0bb5dc2354ae7eb27dedb91a5571203835b482353950220ad39f21334135c6fdd22a71c6119ce5dfa292a71ad296b141663210872c192aa228e21068d717235f1186234de39e69e5904ead38314ef69b86a656371d9987d327a7064fc6e1acd7f822165b1e42da9bff573db1eaf2563552bf6dbb6591031883f5cf7e22d1f2e2522e5bb88fc4bdece187d7f2612886a7f314895d43dd2c9e1b731aec39014028590ea0c76f1cd7d71c96ed45ce31d5e38f38a36a95d54708875dd99d8612275450a700251c7f21742d31b9be6de5fcf63b7b639ff746f31537694b3005ddf6cc8375f25bd782bc784943b72bd19f938a449fe0a617b5b1430a4d506e3bf0a1f118b6e45e9e6a3515efd9ecd1a964c5459921b01a0cacf0d4e4659f06ee2e53123a2241b583072f91af6b82f51fa14622ead00697b2f511e7f54cc4e8b015bd03b4ebae849ec9f7738d945450ff8363aee60678b80a86e93326f6a87d73b1a114f6f6186e2a4365d66d5b74df15280c4060ec847da5a1baf1706e7a373f2ec73ad755bffdd5813cf5ce8cf8b07d4ac8b324293b7248145b35b13fe638f902c5e8147084c221591cefa221573080f49ed7b3479e9c81c4ec2e5e8df89ce0266f6023327aae85f74fc70085398ca9749a1b8467d3d2d7bdcfc4bb9af62721a4cf55a5d2600210eeda03de3b9353725eb991583d7226debf7e3d4b06d89c41599b3687d56571c6c810882e1060510b0e6480b4e3d8705c858e24897dd8bd936f9a16bd626b98dd55696aa2dea3c0a12a6b12f5befba90ea487134453b5a8e863b5446565730e9d84e019d664654568c3448bbddd8cccc15e4615addae0d732dafe6f54b229cd5689396720d0010dfea3f9e6d9793b51be5c4e39659e8eb604ec15ee7ae2a2961a8b815d9417795cdde0702d6cf7dcdc16f02365d7eee5dfc7a0a9ea3957672f00a209fb845e782777ef9e5c9e7aa7926bb93c3486a8612e222ddc9709d9a2acef6c60db859c4fd39f365bb22f90edd04f891fd3ccdff35c5eac56ec49d02063a7859aa14c938d575fb85cc26a3f3fb3ef4d8ce576e927dc54c27702aff904e133a6869ac4384ca6ce273d1a7f3b4ffb570dd097e607ade8eb8ca1d436733262b527c508e4ff7e09bb56432c36a38065c582210252efc06aa0d3fe0ea99e97e6ee88f80ad33bcb2cd0570b8f97488bfe09d4560b9ab44ec7ea5726d291460ab46d32922c1b37067425ff9abc8a4bf810879114dc266a575e1ddcbfd6ef2c51b624091b3ebe68ededfd94f883ae674b1f00be817a559b3c6376aa68f039628ae425191b7c7ba60e73b0fa3c4fe5533b4f8fe0b21f61a5f9e520e22cdbebd929048552b6d8d1d5c18fa9900b7786462e7e4d738e57485e9a6dd14a0fd37f0256613317df8ec3518c7eee50c59070a7276f8b0575426887f2cb5be122cc766a25a07132ef01611d0c2d3f16de29a8c0f39a3a5a3e9596b61fdd3dff97b95ff67b4798ddbc4b14e518bcc52cdd2d87605ce9d9c5f2a6d4e11d2f94575b0d5de72d0b97d0a2cf32b5465c6a4ddb62d61b97f2331341c9d448ec775180f858394f2c0b2ee982b9f867d73f97d0e0e3b275ef49c7c262c4d6f5fac787edafaa8b79410b1288a0b52afd93c8584ff9d61eddfa0cada98bd3c200fc708078098764bbe304c44d62eff132415a917c022c9f7466318017da7b4649eb0fae58fcb716a1f295d84dd9ec14218beb0372c041aaa4421a8f75eaef5115f0f32aca8fd30fde0e9e08972e23faf5381eb18c626c0ce920261461c3dfe7f1e8b35ca16f7283de3af4bba5c384e256cd369568214101a8e27c94531a81fe4fba595a4455f8724eebea716d1a4940b3d787fc4bd6ad8aa403fceb74f316fb5a816890646338efb6f13aba195f127aa1b1107bf303b1f997c74d6f4f664d708f58c3b3ca063825405ad7a61260debf4b220443b6537f5ae94820ec62901944cc9023e655f82e0e31a13f351ed0336cbcfda8ae0b20025fb33e49f011f6aa708140cffefbd06f9b90fefc6f9d79f67495ff0b1a2f1ff075eda3fdd800088fc0583dc0e1e9f7f02673da61cc4466a2559d70cd90e453b11449442eb11f444e1203bc38754f7ad0d93bb91e40f9cd490d2dd5d7e2571c460718f94d4c61751c119fedbbbd28d7716ccb6aaa8ba", 0x1004}, {&(0x7f0000000540)="43d277a60fa64e9f2d07c86300000000", 0x10}], 0x2, &(0x7f0000000840)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x81}], 0x1, 0x20041001)
recvmsg(r5, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000002c40)=""/4088, 0xff8}, {0x0}], 0x2}, 0x2)

316.574587ms ago: executing program 6 (id=1497):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000120000007f00000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000680)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000300), &(0x7f0000000340)=r0}, 0x20)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000200)=@bpf_lsm={0x6, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r1, <r3=>0xffffffffffffffff}, &(0x7f0000000240), &(0x7f0000000280)='%pS    \x00'}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000001380)={r1, &(0x7f00000004c0)}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000002380)={{r2}, &(0x7f0000001f40), &(0x7f0000002340)}, 0x20)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000001080)={0x200000, 0x200000, 0x0, 0x3, 0x0, 0x4})
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000040), 0x6)
ioctl$sock_bt_hci(r4, 0x800448d7, &(0x7f0000000080))
syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={r1, 0x58, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r5=>0x0}}, 0x10)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000380)={0x2, 0x4, 0x8, 0x1, 0x80, r3, 0x3, '\x00', r5, 0xffffffffffffffff, 0x3, 0x4, 0x4}, 0x50)

315.31305ms ago: executing program 4 (id=1498):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="fc010000190001000000000000000000fc0200000000000000000000000000000000000000000000000000000000000000000003000000000a00000087000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000090000000500000000000000000000000400000000000000000000000000000000000000000000000000000000000000fdffffffffffffff0000000000000000000000030000000044010500ac1414bb000000000000000000000000000000003200000000000000ac14141d000000000000000000000000000000000200ff00000000000400000001000000fe800000000000000000000000000025000000003200000000000000ffffffff000000000000000000000000e2ff000000010000fcffffff0200000000000000ac1414aa000000000000000000000000000000003c00000002000000fe880000000000000000000000000101000000000103"], 0x1fc}}, 0x4004000)

219.820716ms ago: executing program 4 (id=1499):
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$inet(0x2, 0x1, 0x100)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r4 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
tkill(r4, 0xb)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r5, 0x560a, &(0x7f00000006c0)={0x4, 0x0, 0x0, 0x0, 0x132, 0x3})
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000018a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r7, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000400)="b9ff03076804268c989e14f088a8", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x5}, 0x50)

218.976831ms ago: executing program 6 (id=1500):
socket$kcm(0x10, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
add_key$user(0x0, 0x0, 0x0, 0x0, 0x0)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, 0x0, &(0x7f0000000140))
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r1 = socket$alg(0x26, 0x5, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6})
r3 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, r4, <r5=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r3, 0xc06864ce, &(0x7f0000000340)={r5, 0x0, 0x0, 0x0, 0x1, [<r6=>0x0], [0x0, 0x7], [0x0, 0x80000002, 0x2], [0x0, 0x0, 0x1, 0x1]})
ioctl$DRM_IOCTL_GEM_FLINK(r2, 0xc008640a, &(0x7f0000000000)={r6})
r7 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r7, 0x0, 0x0, 0x0)
sendmsg$IPSET_CMD_LIST(r7, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x8018)
connect$x25(0xffffffffffffffff, 0x0, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
r8 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0xaa544, 0x0)
ioctl$COMEDI_DEVCONFIG(r8, 0x40946400, &(0x7f0000000080)={'c6xdigio\x00', [0x401, 0x181, 0x2, 0x3, 0x14000000, 0x0, 0xfffffffc, 0x2, 0xffd, 0x7ffe, 0x3, 0x723, 0x404, 0x2, 0x8000013, 0xa7, 0xffffffa7, 0x8000b, 0x34d, 0x6e, 0x0, 0x4000009, 0x200, 0xe2df, 0x9, 0x20000001, 0x4, 0x505e, 0x7, 0xf58, 0x6]})

0s ago: executing program 3 (id=1501):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
getsockopt$IP_VS_SO_GET_DAEMON(r0, 0x0, 0x487, &(0x7f0000000100), &(0x7f0000000200)=0x30)
getsockopt$sock_buf(r0, 0x1, 0x19, 0x0, &(0x7f0000003080)=0x29)

kernel console output (not intermixed with test programs):

turn code = -71
[  321.536431][ T5873] Philips webcam 4-1:0.0: probe with driver Philips webcam failed with error -71
[  321.549846][ T9229] vfat: Bad value for 'utf8'
[  321.621902][ T5873] usb 4-1: USB disconnect, device number 21
[  321.885584][ T9245] netlink: 16 bytes leftover after parsing attributes in process `syz.5.884'.
[  321.904489][ T9252] netlink: 212 bytes leftover after parsing attributes in process `syz.3.886'.
[  322.465850][ T9270] netlink: 32 bytes leftover after parsing attributes in process `syz.4.888'.
[  322.475778][ T9270] netlink: 32 bytes leftover after parsing attributes in process `syz.4.888'.
[  323.205291][ T9276] netlink: 8 bytes leftover after parsing attributes in process `syz.4.890'.
[  323.272656][ T9277] netlink: 8 bytes leftover after parsing attributes in process `syz.1.891'.
[  324.429731][ T9288] vfat: Bad value for 'utf8'
[  325.426347][ T9295] ceph: No mds server is up or the cluster is laggy
[  325.433768][ T5948] libceph: connect (1)[c::]:6789 error -101
[  325.456381][ T5948] libceph: mon0 (1)[c::]:6789 connect error
[  325.707003][ T9307] tipc: New replicast peer: 255.255.255.255
[  325.717958][ T9307] tipc: Enabled bearer <udp:syz2>, priority 10
[  325.729749][ T9307] netlink: 12 bytes leftover after parsing attributes in process `syz.0.900'.
[  325.748149][ T9307] tipc: Disabling bearer <udp:syz2>
[  326.056518][ T9316] netlink: 32 bytes leftover after parsing attributes in process `syz.3.901'.
[  326.066801][ T9316] netlink: 32 bytes leftover after parsing attributes in process `syz.3.901'.
[  326.858224][ T9331] cgroup2: Unknown parameter 'nsdEæelegate'
[  328.226536][ T5925] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  328.474797][ T5925] usb 2-1: config 0 has an invalid interface number: 255 but max is 0
[  328.519395][ T9343] netlink: 96 bytes leftover after parsing attributes in process `syz.0.910'.
[  328.599896][ T5925] usb 2-1: config 0 has no interface number 0
[  328.606096][ T5925] usb 2-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30
[  328.628434][ T5925] usb 2-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  328.658420][ T5925] usb 2-1: config 0 interface 255 has no altsetting 0
[  328.665657][ T5925] usb 2-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b
[  328.707352][   T30] audit: type=1326 audit(1758395185.772:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9348 comm="syz.5.912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb69398ec29 code=0x7ffc0000
[  328.735295][ T9349] I/O error, dev loop5, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  328.738402][ T5925] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  328.776158][ T9349] hfs: can't find a HFS filesystem on dev loop5
[  328.900126][   T30] audit: type=1326 audit(1758395185.782:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9348 comm="syz.5.912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb69398ec29 code=0x7ffc0000
[  328.908185][ T5925] usb 2-1: config 0 descriptor??
[  328.932145][   T30] audit: type=1326 audit(1758395185.782:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9348 comm="syz.5.912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=453 compat=0 ip=0x7fb69398ec29 code=0x7ffc0000
[  329.552694][   T30] audit: type=1326 audit(1758395185.782:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9348 comm="syz.5.912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb69398ec29 code=0x7ffc0000
[  329.574928][   T30] audit: type=1326 audit(1758395185.782:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9348 comm="syz.5.912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb69398ec29 code=0x7ffc0000
[  329.718230][   T30] audit: type=1326 audit(1758395185.782:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9348 comm="syz.5.912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb69398ec29 code=0x7ffc0000
[  329.721254][ T9349] overlay: ./file0 is not a directory
[  329.912958][   T30] audit: type=1326 audit(1758395185.782:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9348 comm="syz.5.912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb69398ec29 code=0x7ffc0000
[  329.958552][ T5925] usb 2-1: can't set config #0, error -71
[  330.277522][   T30] audit: type=1326 audit(1758395185.782:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9348 comm="syz.5.912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fb69398ec29 code=0x7ffc0000
[  330.318146][ T5925] usb 2-1: USB disconnect, device number 30
[  330.410517][   T30] audit: type=1326 audit(1758395185.782:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9348 comm="syz.5.912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb69398ec29 code=0x7ffc0000
[  330.434748][ T9362] netlink: 'syz.4.916': attribute type 1 has an invalid length.
[  330.520815][   T30] audit: type=1326 audit(1758395185.782:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9348 comm="syz.5.912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb69398ec29 code=0x7ffc0000
[  330.781353][ T9376] tipc: New replicast peer: 255.255.255.255
[  330.805691][ T9376] tipc: Enabled bearer <udp:syz2>, priority 10
[  330.979581][ T9380] netlink: 32 bytes leftover after parsing attributes in process `syz.4.918'.
[  330.989841][ T9380] netlink: 32 bytes leftover after parsing attributes in process `syz.4.918'.
[  331.069853][    T9] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  331.469867][ T9378] netlink: 8 bytes leftover after parsing attributes in process `syz.3.921'.
[  331.928517][ T5873] tipc: Node number set to 2886997007
[  331.978662][    T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  332.003288][    T9] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  332.058200][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  332.122134][    T9] usb 1-1: config 0 descriptor??
[  332.147500][ T9390] netlink: 24 bytes leftover after parsing attributes in process `syz.1.926'.
[  332.161456][    T9] pwc: Askey VC010 type 2 USB webcam detected.
[  332.388477][ T5925] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  332.572088][ T5925] usb 6-1: Using ep0 maxpacket: 8
[  332.624990][ T5925] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  332.770328][ T5925] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  332.885084][ T5925] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  332.902250][    T9] pwc: recv_control_msg error -32 req 02 val 2b00
[  332.925425][    T9] pwc: recv_control_msg error -32 req 02 val 2700
[  332.941222][ T9398] ceph: No mds server is up or the cluster is laggy
[  332.949097][ T5982] libceph: connect (1)[c::]:6789 error -101
[  332.951931][    T9] pwc: recv_control_msg error -32 req 02 val 2c00
[  332.964126][ T5982] libceph: mon0 (1)[c::]:6789 connect error
[  332.973998][ T9390] netlink: 4 bytes leftover after parsing attributes in process `syz.1.926'.
[  332.978012][    T9] pwc: recv_control_msg error -32 req 04 val 1000
[  332.988502][ T5925] usb 6-1: New USB device found, idVendor=046d, idProduct=c293, bcdDevice= 0.00
[  333.000029][    T9] pwc: recv_control_msg error -32 req 04 val 1300
[  333.007097][ T5925] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  333.011633][    T9] pwc: recv_control_msg error -32 req 04 val 1400
[  333.036893][    T9] pwc: recv_control_msg error -71 req 02 val 2000
[  333.048836][    T9] pwc: recv_control_msg error -71 req 02 val 2100
[  333.067240][    T9] pwc: recv_control_msg error -71 req 04 val 1500
[  333.080687][    T9] pwc: recv_control_msg error -71 req 02 val 2500
[  333.100186][    T9] pwc: recv_control_msg error -71 req 02 val 2400
[  333.108910][    T9] pwc: recv_control_msg error -71 req 02 val 2600
[  333.143805][    T9] pwc: recv_control_msg error -71 req 02 val 2900
[  333.145234][ T5925] usb 6-1: config 0 descriptor??
[  333.199633][    T9] pwc: recv_control_msg error -71 req 02 val 2800
[  333.209649][    T9] pwc: recv_control_msg error -71 req 04 val 1100
[  333.224670][    T9] pwc: recv_control_msg error -71 req 04 val 1200
[  333.243990][ T9409] debugfs: Bad value for 'gid'
[  333.267063][ T9409] debugfs: Bad value for 'gid'
[  333.273358][    T9] pwc: Registered as video103.
[  333.292539][    T9] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input20
[  333.348462][    T9] usb 1-1: USB disconnect, device number 25
[  333.824141][ T5925] usbhid 6-1:0.0: can't add hid device: -71
[  333.852881][ T5925] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  333.924402][ T5925] usb 6-1: USB disconnect, device number 2
[  333.998948][ T9415] vfat: Bad value for 'utf8'
[  334.161234][ T9419] debugfs: Bad value for 'gid'
[  334.179230][ T9419] debugfs: Bad value for 'gid'
[  334.622062][ T9422] debugfs: Bad value for 'gid'
[  334.626931][ T9422] debugfs: Bad value for 'gid'
[  335.087317][ T9427] EXT4-fs: Ignoring removed nomblk_io_submit option
[  335.094604][ T9427] I/O error, dev loop3, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2
[  335.109420][ T9427] EXT4-fs (loop3): unable to read superblock
[  335.952031][ T9451] netlink: 12 bytes leftover after parsing attributes in process `syz.3.938'.
[  337.194270][ T9463] bond0: (slave ip6gretap0): Enslaving as an active interface with an up link
[  338.703219][ T9476] vfat: Bad value for 'utf8'
[  338.787690][ T9480] debugfs: Bad value for 'gid'
[  338.792916][ T9480] debugfs: Bad value for 'gid'
[  339.555400][ T9488] netlink: 32 bytes leftover after parsing attributes in process `syz.1.946'.
[  339.571475][ T9488] netlink: 32 bytes leftover after parsing attributes in process `syz.1.946'.
[  339.818832][ T5925] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  339.960784][ T9508] netlink: 4 bytes leftover after parsing attributes in process `syz.4.952'.
[  340.000007][ T5925] usb 4-1: Using ep0 maxpacket: 8
[  340.038241][ T5925] usb 4-1: unable to get BOS descriptor or descriptor too short
[  340.112965][ T9518] netlink: 12 bytes leftover after parsing attributes in process `syz.1.951'.
[  340.148466][ T5925] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  340.241940][ T5925] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 5
[  340.410888][ T5925] usb 4-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84
[  340.446950][ T5925] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  340.492284][ T5925] usb 4-1: Product: syz
[  340.513883][ T5925] usb 4-1: Manufacturer: syz
[  340.566712][ T5925] usb 4-1: SerialNumber: syz
[  340.616014][ T5925] usb 4-1: config 0 descriptor??
[  340.627969][ T5925] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  340.803770][ T5925] snd-usb-audio 4-1:0.0: probe with driver snd-usb-audio failed with error -2
[  340.870629][ T8982] udevd[8982]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  340.913895][ T9496] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  340.967861][ T9496] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  340.981552][ T9496] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  341.007055][ T9496] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  341.020890][    T9] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  341.048504][ T5925] usb 4-1: USB disconnect, device number 22
[  341.201718][ T9533] program syz.0.956 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  341.428788][    T9] usb 5-1: Using ep0 maxpacket: 32
[  341.531999][    T9] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9
[  341.547793][    T9] usb 5-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  341.557165][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  341.565701][    T9] usb 5-1: Product: syz
[  341.571119][    T9] usb 5-1: Manufacturer: syz
[  341.583607][    T9] usb 5-1: SerialNumber: syz
[  341.610444][    T9] usb 5-1: config 0 descriptor??
[  341.619311][ T9525] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  341.659006][    T9] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input21
[  341.699839][ T9537] debugfs: Bad value for 'gid'
[  341.738405][ T9537] debugfs: Bad value for 'gid'
[  342.229169][ T9546] FAULT_INJECTION: forcing a failure.
[  342.229169][ T9546] name failslab, interval 1, probability 0, space 0, times 0
[  342.242497][ T9546] CPU: 0 UID: 0 PID: 9546 Comm: syz.4.954 Not tainted syzkaller #0 PREEMPT(full) 
[  342.242521][ T9546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  342.242532][ T9546] Call Trace:
[  342.242539][ T9546]  <TASK>
[  342.242547][ T9546]  dump_stack_lvl+0x189/0x250
[  342.242573][ T9546]  ? __pfx____ratelimit+0x10/0x10
[  342.242595][ T9546]  ? __pfx_dump_stack_lvl+0x10/0x10
[  342.242615][ T9546]  ? __pfx__printk+0x10/0x10
[  342.242640][ T9546]  ? __pfx___might_resched+0x10/0x10
[  342.242660][ T9546]  ? fs_reclaim_acquire+0x7d/0x100
[  342.242680][ T9546]  should_fail_ex+0x414/0x560
[  342.242704][ T9546]  should_failslab+0xa8/0x100
[  342.242723][ T9546]  kmem_cache_alloc_noprof+0x74/0x6e0
[  342.242744][ T9546]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  342.242763][ T9546]  ? getname_flags+0xb8/0x540
[  342.242776][ T9546]  ? __pfx_vfs_write+0x10/0x10
[  342.242798][ T9546]  getname_flags+0xb8/0x540
[  342.242820][ T9546]  do_sys_openat2+0xbc/0x1c0
[  342.242842][ T9546]  ? __pfx_do_sys_openat2+0x10/0x10
[  342.242863][ T9546]  ? ksys_write+0x22a/0x250
[  342.242885][ T9546]  ? __pfx_ksys_write+0x10/0x10
[  342.242917][ T9546]  __x64_sys_openat+0x138/0x170
[  342.242940][ T9546]  do_syscall_64+0xfa/0xfa0
[  342.242958][ T9546]  ? lockdep_hardirqs_on+0x9c/0x150
[  342.242976][ T9546]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  342.242992][ T9546]  ? clear_bhb_loop+0x60/0xb0
[  342.243011][ T9546]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  342.243027][ T9546] RIP: 0033:0x7feb0b38d590
[  342.243042][ T9546] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[  342.243056][ T9546] RSP: 002b:00007feb0c1b1b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  342.243073][ T9546] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007feb0b38d590
[  342.243085][ T9546] RDX: 0000000000000000 RSI: 00007feb0c1b1c10 RDI: 00000000ffffff9c
[  342.243095][ T9546] RBP: 00007feb0c1b1c10 R08: 0000000000000000 R09: 0000000000000000
[  342.243106][ T9546] R10: 0000000000000000 R11: 0000000000000293 R12: cccccccccccccccd
[  342.243117][ T9546] R13: 00007feb0b5d6128 R14: 00007feb0b5d6090 R15: 00007fff204d3268
[  342.243144][ T9546]  </TASK>
[  342.727314][ T9547] netlink: 4768 bytes leftover after parsing attributes in process `syz.3.958'.
[  342.862856][ T9554] binder: BINDER_SET_CONTEXT_MGR already set
[  342.891081][ T9554] binder: 9549:9554 ioctl 4018620d 200000004a80 returned -16
[  343.006778][ T9561] netlink: 32 bytes leftover after parsing attributes in process `syz.1.962'.
[  343.029823][ T9565] random: crng reseeded on system resumption
[  343.036140][ T9561] netlink: 32 bytes leftover after parsing attributes in process `syz.1.962'.
[  343.087330][   T30] kauditd_printk_skb: 56 callbacks suppressed
[  343.087406][   T30] audit: type=1326 audit(1758395200.162:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9562 comm="syz.3.963" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcf24d8ec29 code=0x0
[  343.191869][ T9573] netlink: 280 bytes leftover after parsing attributes in process `syz.3.963'.
[  343.381724][ T9580] openvswitch: netlink: Missing key (keys=40, expected=200000)
[  343.415335][ T9579] netlink: 92 bytes leftover after parsing attributes in process `syz.1.967'.
[  343.465061][ T9579] netlink: 24 bytes leftover after parsing attributes in process `syz.1.967'.
[  343.541747][ T9582] block nbd1: not configured, cannot reconfigure
[  344.140396][ T5925] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  344.168038][    C0] usbtouchscreen 5-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  344.177214][   T10] usb 5-1: USB disconnect, device number 30
[  345.078481][ T5925] usb 2-1: Using ep0 maxpacket: 32
[  345.105435][ T5925] usb 2-1: config 0 has an invalid interface number: 137 but max is 0
[  345.155973][ T5925] usb 2-1: config 0 has no interface number 0
[  345.220610][ T9590] __nla_validate_parse: 1 callbacks suppressed
[  345.220685][ T9590] netlink: 12 bytes leftover after parsing attributes in process `syz.5.968'.
[  345.353138][ T5925] usb 2-1: config 0 interface 137 altsetting 1 endpoint 0x8 has invalid wMaxPacketSize 0
[  345.528047][ T5925] usb 2-1: config 0 interface 137 has no altsetting 0
[  345.591016][ T5925] usb 2-1: New USB device found, idVendor=0c52, idProduct=2861, bcdDevice= 1.37
[  345.601189][ T5925] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  345.629383][ T5925] usb 2-1: Product: syz
[  345.634758][ T5925] usb 2-1: Manufacturer: syz
[  345.639447][ T5925] usb 2-1: SerialNumber: syz
[  345.647744][ T5925] usb 2-1: config 0 descriptor??
[  345.656088][ T5925] ftdi_sio 2-1:0.137: FTDI USB Serial Device converter detected
[  345.668636][ T5925] usb 2-1: Detected SIO
[  345.689665][ T5925] ftdi_sio ttyUSB0: Overriding wMaxPacketSize on endpoint 8
[  345.700259][ T5925] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  345.730659][   T10] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  345.910210][ T9603] mkiss: ax0: crc mode is auto.
[  345.918911][   T10] usb 5-1: Using ep0 maxpacket: 16
[  345.928173][   T10] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00
[  345.959205][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  345.977262][   T10] usb 5-1: config 0 descriptor??
[  345.990790][   T10] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected
[  346.158736][ T9606] netlink: 'syz.0.974': attribute type 10 has an invalid length.
[  346.198629][ T9606] batman_adv: batadv0: Adding interface: wlan0
[  346.205314][ T9606] batman_adv: batadv0: The MTU of interface wlan0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  346.231199][ T9606] batman_adv: batadv0: Not using interface wlan0 (retrying later): interface not active
[  346.556758][ T9605] Bluetooth: hci0: Opcode 0x0401 failed: -22
[  346.720094][   T10] usb 5-1: Detected FT232A
[  346.733805][   T10] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB1
[  347.323403][   T10] usb 5-1: USB disconnect, device number 31
[  347.332411][   T10] ftdi_sio ttyUSB1: FTDI USB Serial Device converter now disconnected from ttyUSB1
[  347.344491][   T10] ftdi_sio 5-1:0.0: device disconnected
[  347.380531][ T9613] netlink: 'syz.0.976': attribute type 13 has an invalid length.
[  347.406838][ T9613] netlink: 4 bytes leftover after parsing attributes in process `syz.0.976'.
[  347.452804][ T9613] netlink: 'syz.0.976': attribute type 13 has an invalid length.
[  347.495625][   T89] usb 2-1: USB disconnect, device number 31
[  347.505937][ T9613] netlink: 4 bytes leftover after parsing attributes in process `syz.0.976'.
[  347.524122][ T9614] netlink: 1 bytes leftover after parsing attributes in process `syz.0.976'.
[  347.551579][   T89] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  347.559167][ T9613] netlink: 28 bytes leftover after parsing attributes in process `syz.0.976'.
[  347.572972][   T89] ftdi_sio 2-1:0.137: device disconnected
[  347.652465][ T9624] netlink: 92 bytes leftover after parsing attributes in process `syz.1.979'.
[  347.686973][ T9624] netlink: 24 bytes leftover after parsing attributes in process `syz.1.979'.
[  347.705967][ T9624] netlink: 24 bytes leftover after parsing attributes in process `syz.1.979'.
[  347.742336][ T9632] random: crng reseeded on system resumption
[  347.762774][   T30] audit: type=1326 audit(1758395204.842:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9631 comm="syz.0.981" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8ae6d8ec29 code=0x0
[  347.875839][ T9637] netlink: 280 bytes leftover after parsing attributes in process `syz.0.981'.
[  347.948499][   T10] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  347.963001][ T9640] tipc: New replicast peer: 255.255.255.255
[  347.973660][ T9640] tipc: Enabled bearer <udp:syz2>, priority 10
[  347.981193][ T9640] netlink: 12 bytes leftover after parsing attributes in process `syz.4.983'.
[  347.991141][ T9640] tipc: Disabling bearer <udp:syz2>
[  348.101100][   T89] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  348.403808][   T10] usb 6-1: config 0 has an invalid interface number: 9 but max is 0
[  348.416631][   T10] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  348.437180][   T10] usb 6-1: config 0 has no interface number 0
[  348.477186][   T10] usb 6-1: New USB device found, idVendor=0421, idProduct=0302, bcdDevice=45.e8
[  348.494547][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  348.515955][   T10] usb 6-1: config 0 descriptor??
[  348.538583][   T89] usb 2-1: Using ep0 maxpacket: 32
[  348.549961][   T89] usb 2-1: config 0 has an invalid interface number: 137 but max is 0
[  348.558201][   T89] usb 2-1: config 0 has no interface number 0
[  348.572088][   T10] rndis_host 6-1:0.9: More than one union descriptor, skipping ...
[  348.599204][   T89] usb 2-1: config 0 interface 137 altsetting 1 endpoint 0x8 has invalid wMaxPacketSize 0
[  348.612582][   T10] usb 6-1: bad CDC descriptors
[  348.618631][ T5868] Bluetooth: hci0: command tx timeout
[  348.622645][   T10] cdc_acm 6-1:0.9: More than one union descriptor, skipping ...
[  348.631752][   T89] usb 2-1: config 0 interface 137 has no altsetting 0
[  348.641800][   T89] usb 2-1: New USB device found, idVendor=0c52, idProduct=2861, bcdDevice= 1.37
[  348.660523][   T89] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  348.669924][   T89] usb 2-1: Product: syz
[  348.675270][   T89] usb 2-1: Manufacturer: syz
[  348.680056][   T89] usb 2-1: SerialNumber: syz
[  348.689342][   T89] usb 2-1: config 0 descriptor??
[  348.699168][   T89] ftdi_sio 2-1:0.137: FTDI USB Serial Device converter detected
[  348.742057][   T89] usb 2-1: Detected SIO
[  348.747414][   T89] ftdi_sio ttyUSB0: Overriding wMaxPacketSize on endpoint 8
[  348.761729][   T89] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  348.781426][   T10] usb 6-1: USB disconnect, device number 3
[  349.001235][ T5948] usb 2-1: USB disconnect, device number 32
[  349.010494][ T5948] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  349.022072][ T5948] ftdi_sio 2-1:0.137: device disconnected
[  349.674276][ T9658] netlink: 'syz.1.989': attribute type 1 has an invalid length.
[  349.853314][ T9658] vlan2: entered allmulticast mode
[  349.859051][ T9658] bridge0: entered allmulticast mode
[  349.875335][ T9658] bond3: (slave vlan2): making interface the new active one
[  349.883869][ T9658] bond3: (slave vlan2): Enslaving as an active interface with an up link
[  350.772141][ T9672] netlink: 4 bytes leftover after parsing attributes in process `syz.1.993'.
[  350.835547][ T9676] netlink: 4 bytes leftover after parsing attributes in process `syz.1.993'.
[  354.460411][ T9689] netlink: 'syz.1.998': attribute type 29 has an invalid length.
[  354.767145][ T9692] program syz.5.999 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  354.786681][ T9695] netlink: 'syz.1.998': attribute type 29 has an invalid length.
[  354.932656][ T9698] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1000'.
[  354.975632][ T9696] netlink: 500 bytes leftover after parsing attributes in process `syz.1.998'.
[  355.027222][ T9696] unsupported nla_type 58
[  355.873412][ T9710] bond0: (slave ip6gretap0): Error: Device can not be enslaved while up
[  356.040737][ T9711] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1003'.
[  356.172417][ T9716] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1005'.
[  356.181649][ T9716] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1005'.
[  356.235419][ T9717] netlink: 'syz.3.1005': attribute type 1 has an invalid length.
[  356.243613][ T9717] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1005'.
[  356.561565][ T9714] netlink: 'syz.1.1004': attribute type 5 has an invalid length.
[  356.736624][ T9714] udf: Unknown parameter 'z'
[  357.680569][ T9732] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1010'.
[  357.775473][ T9738] vfat: Bad value for 'utf8'
[  357.810264][ T9739] debugfs: Bad value for 'gid'
[  357.844605][ T9739] debugfs: Bad value for 'gid'
[  357.921875][ T9744] EXT4-fs: Ignoring removed nomblk_io_submit option
[  357.950639][ T9744] I/O error, dev loop3, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2
[  357.989121][ T9744] EXT4-fs (loop3): unable to read superblock
[  358.113212][ T9748] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  358.142034][ T9748] process 'syz.5.1014' launched '/dev/fd/10' with NULL argv: empty string added
[  358.178913][ T9748] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  358.512928][ T9760] bond0: (slave ip6gretap0): Error: Device is in use and cannot be enslaved
[  358.782412][ T9769] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1019'.
[  358.931099][ T9771] TCP: tcp_parse_options: Illegal window scaling value 53 > 14 received
[  360.769089][ T5948] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  361.208627][ T5948] usb 5-1: Using ep0 maxpacket: 16
[  361.323860][ T5948] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  361.406765][ T9800] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1028'.
[  361.422796][ T5948] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  361.486150][ T5948] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  361.555300][ T5948] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  361.967950][ T5948] usb 5-1: Product: syz
[  361.984232][ T5948] usb 5-1: Manufacturer: syz
[  361.992292][ T5948] usb 5-1: SerialNumber: syz
[  362.355842][ T5948] usb 5-1: 0:2 : does not exist
[  362.609107][ T5948] usb 5-1: USB disconnect, device number 32
[  363.024974][ T5870] udevd[5870]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  363.670224][ T9822] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1035'.
[  363.966639][ T9822] bond_slave_1: entered promiscuous mode
[  364.205361][ T9822] bond_slave_1: left promiscuous mode
[  364.252361][ T9831] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1033'.
[  364.338443][    T9] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  364.508437][ T5948] usb 2-1: new full-speed USB device number 33 using dummy_hcd
[  364.508456][    T9] usb 5-1: Using ep0 maxpacket: 32
[  364.519607][    T9] usb 5-1: config 0 has an invalid interface number: 225 but max is 0
[  364.536586][    T9] usb 5-1: config 0 has no interface number 0
[  364.893506][    T9] usb 5-1: New USB device found, idVendor=0856, idProduct=ac30, bcdDevice=7e.79
[  364.935879][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  364.995912][    T9] usb 5-1: Product: syz
[  365.018595][    T9] usb 5-1: Manufacturer: syz
[  365.020666][ T9837] bond0: (slave ip6gretap0): Enslaving as an active interface with an up link
[  365.023219][    T9] usb 5-1: SerialNumber: syz
[  365.159776][ T9838] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1038'.
[  366.119484][    T9] usb 5-1: config 0 descriptor??
[  366.855002][   T43] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  367.215766][   T43] usb 6-1: too many configurations: 89, using maximum allowed: 8
[  367.551320][    T9] mos7840 5-1:0.225: required endpoints missing
[  367.553866][   T43] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  367.578552][    T9] usb 5-1: USB disconnect, device number 33
[  367.706225][   T43] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  367.722633][   T43] usb 6-1: Product: syz
[  367.726825][   T43] usb 6-1: Manufacturer: syz
[  367.732133][   T43] usb 6-1: SerialNumber: syz
[  367.745206][   T43] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  368.196726][ T5925] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  368.601426][ T9866] trusted_key: syz.4.1045 sent an empty control message without MSG_MORE.
[  368.732480][    T9] usb 6-1: USB disconnect, device number 4
[  368.735829][ T5925] usb 6-1: ath9k_htc: Unable to allocate URBs
[  369.111570][    T9] usb 6-1: ath9k_htc: USB layer deinitialized
[  369.235594][ T9871] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1047'.
[  370.760782][ T9885] EXT4-fs: Ignoring removed nomblk_io_submit option
[  370.886256][ T9885] I/O error, dev loop1, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2
[  370.905236][ T5868] block nbd0: Receive control failed (result -32)
[  370.982296][ T9887] rdma_rxe: rxe_newlink: failed to add ip6gretap0
[  371.002958][ T9885] EXT4-fs (loop1): unable to read superblock
[  371.491266][ T9877] nbd0: detected capacity change from 0 to 127
[  371.533933][ T5870] block nbd0: Dead connection, failed to find a fallback
[  371.550090][ T5870] block nbd0: shutting down sockets
[  371.569392][ T5870] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  371.608245][ T5870] Buffer I/O error on dev nbd0, logical block 0, async page read
[  371.633023][ T5870] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  371.703035][ T5870] Buffer I/O error on dev nbd0, logical block 1, async page read
[  371.847775][ T5870] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  371.857602][ T5870] Buffer I/O error on dev nbd0, logical block 2, async page read
[  371.867015][ T5870] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  371.889097][ T5870] Buffer I/O error on dev nbd0, logical block 3, async page read
[  371.897146][ T5870] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  371.907040][ T9897] IPv6: addrconf: prefix option has invalid lifetime
[  372.607087][ T9899] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  373.117601][ T5870] Buffer I/O error on dev nbd0, logical block 0, async page read
[  373.290220][ T5870] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  373.308413][ T5870] Buffer I/O error on dev nbd0, logical block 1, async page read
[  373.318555][ T5870] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  373.327607][ T5870] Buffer I/O error on dev nbd0, logical block 2, async page read
[  373.332144][ T9908] debugfs: Bad value for 'gid'
[  373.360795][ T9908] debugfs: Bad value for 'gid'
[  373.465356][ T9911] netlink: 7 bytes leftover after parsing attributes in process `syz.5.1057'.
[  374.353987][ T5870] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  374.363635][ T5870] Buffer I/O error on dev nbd0, logical block 3, async page read
[  374.377517][ T5870] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  374.387342][ T5870] Buffer I/O error on dev nbd0, logical block 0, async page read
[  374.470045][ T5870] Buffer I/O error on dev nbd0, logical block 1, async page read
[  374.507819][ T9917] cgroup2: Unknown parameter 'favordyn‚ods'
[  374.541545][ T5870] ldm_validate_partition_table(): Disk read failed.
[  374.626183][ T9923] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1061'.
[  374.996874][ T5870] Dev nbd0: unable to read RDB block 0
[  375.054690][ T9925] FAULT_INJECTION: forcing a failure.
[  375.054690][ T9925] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  375.072062][ T5870]  nbd0: unable to read partition table
[  375.090403][ T9925] CPU: 0 UID: 0 PID: 9925 Comm: syz.0.1062 Not tainted syzkaller #0 PREEMPT(full) 
[  375.090426][ T9925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  375.090440][ T9925] Call Trace:
[  375.090448][ T9925]  <TASK>
[  375.090455][ T9925]  dump_stack_lvl+0x189/0x250
[  375.090481][ T9925]  ? __pfx____ratelimit+0x10/0x10
[  375.090500][ T9925]  ? __pfx_dump_stack_lvl+0x10/0x10
[  375.090520][ T9925]  ? __pfx__printk+0x10/0x10
[  375.090555][ T9925]  should_fail_ex+0x414/0x560
[  375.090582][ T9925]  _copy_to_user+0x31/0xb0
[  375.090602][ T9925]  video_usercopy+0xe32/0x1450
[  375.090636][ T9925]  ? __pfx___video_do_ioctl+0x10/0x10
[  375.090657][ T9925]  ? __pfx_video_usercopy+0x10/0x10
[  375.090693][ T9925]  ? __fget_files+0x3a0/0x420
[  375.090713][ T9925]  v4l2_ioctl+0x18d/0x1e0
[  375.090736][ T9925]  ? __pfx_v4l2_ioctl+0x10/0x10
[  375.090756][ T9925]  __se_sys_ioctl+0xfc/0x170
[  375.090781][ T9925]  do_syscall_64+0xfa/0xfa0
[  375.090799][ T9925]  ? lockdep_hardirqs_on+0x9c/0x150
[  375.090824][ T9925]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  375.090840][ T9925]  ? clear_bhb_loop+0x60/0xb0
[  375.090861][ T9925]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  375.090880][ T9925] RIP: 0033:0x7f8ae6d8ec29
[  375.090896][ T9925] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  375.090911][ T9925] RSP: 002b:00007f8ae4ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  375.090929][ T9925] RAX: ffffffffffffffda RBX: 00007f8ae6fd5fa0 RCX: 00007f8ae6d8ec29
[  375.090942][ T9925] RDX: 0000200000000580 RSI: 00000000c0d05605 RDI: 0000000000000003
[  375.090953][ T9925] RBP: 00007f8ae4ff6090 R08: 0000000000000000 R09: 0000000000000000
[  375.090963][ T9925] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  375.090974][ T9925] R13: 00007f8ae6fd6038 R14: 00007f8ae6fd5fa0 R15: 00007ffce88227a8
[  375.091004][ T9925]  </TASK>
[  375.407809][ T5870] ldm_validate_partition_table(): Disk read failed.
[  375.416635][ T5870] Dev nbd0: unable to read RDB block 0
[  375.429869][ T5870]  nbd0: unable to read partition table
[  375.574585][ T9937] EXT4-fs: Ignoring removed nomblk_io_submit option
[  375.599523][ T9937] EXT4-fs (loop1): unable to read superblock
[  375.622377][ T9934] ip6gretap0 speed is unknown, defaulting to 1000
[  375.896817][ T9942] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1068'.
[  376.852795][ T9916] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1059'.
[  377.259333][ T9967] FAULT_INJECTION: forcing a failure.
[  377.259333][ T9967] name failslab, interval 1, probability 0, space 0, times 0
[  377.272287][ T9967] CPU: 1 UID: 0 PID: 9967 Comm: syz.3.1073 Not tainted syzkaller #0 PREEMPT(full) 
[  377.272310][ T9967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  377.272320][ T9967] Call Trace:
[  377.272327][ T9967]  <TASK>
[  377.272335][ T9967]  dump_stack_lvl+0x189/0x250
[  377.272360][ T9967]  ? __pfx____ratelimit+0x10/0x10
[  377.272379][ T9967]  ? __pfx_dump_stack_lvl+0x10/0x10
[  377.272398][ T9967]  ? __pfx__printk+0x10/0x10
[  377.272426][ T9967]  ? __pfx___might_resched+0x10/0x10
[  377.272448][ T9967]  ? fs_reclaim_acquire+0x7d/0x100
[  377.272470][ T9967]  should_fail_ex+0x414/0x560
[  377.272496][ T9967]  should_failslab+0xa8/0x100
[  377.272516][ T9967]  kmem_cache_alloc_node_noprof+0x77/0x710
[  377.272541][ T9967]  ? __alloc_skb+0x112/0x2d0
[  377.272557][ T9967]  ? netlink_autobind+0xdb/0x300
[  377.272580][ T9967]  __alloc_skb+0x112/0x2d0
[  377.272602][ T9967]  netlink_sendmsg+0x5c6/0xb30
[  377.272631][ T9967]  ? __pfx_netlink_sendmsg+0x10/0x10
[  377.272648][ T9967]  ? aa_sock_msg_perm+0xf1/0x1d0
[  377.272666][ T9967]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  377.272680][ T9967]  ? __pfx_netlink_sendmsg+0x10/0x10
[  377.272694][ T9967]  __sock_sendmsg+0x21c/0x270
[  377.272716][ T9967]  ____sys_sendmsg+0x505/0x830
[  377.272735][ T9967]  ? __pfx_____sys_sendmsg+0x10/0x10
[  377.272757][ T9967]  ? import_iovec+0x74/0xa0
[  377.272775][ T9967]  ___sys_sendmsg+0x21f/0x2a0
[  377.272792][ T9967]  ? __pfx____sys_sendmsg+0x10/0x10
[  377.272834][ T9967]  ? __fget_files+0x2a/0x420
[  377.272847][ T9967]  ? __fget_files+0x3a0/0x420
[  377.272868][ T9967]  __x64_sys_sendmsg+0x19b/0x260
[  377.272885][ T9967]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  377.272908][ T9967]  ? __pfx_ksys_write+0x10/0x10
[  377.272929][ T9967]  ? do_syscall_64+0xbe/0xfa0
[  377.272947][ T9967]  do_syscall_64+0xfa/0xfa0
[  377.272960][ T9967]  ? lockdep_hardirqs_on+0x9c/0x150
[  377.272975][ T9967]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  377.272987][ T9967]  ? clear_bhb_loop+0x60/0xb0
[  377.273003][ T9967]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  377.273016][ T9967] RIP: 0033:0x7fcf24d8ec29
[  377.273028][ T9967] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  377.273040][ T9967] RSP: 002b:00007fcf22ff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  377.273054][ T9967] RAX: ffffffffffffffda RBX: 00007fcf24fd6180 RCX: 00007fcf24d8ec29
[  377.273064][ T9967] RDX: 0000000000000080 RSI: 0000200000000480 RDI: 0000000000000009
[  377.273072][ T9967] RBP: 00007fcf22ff6090 R08: 0000000000000000 R09: 0000000000000000
[  377.273081][ T9967] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  377.273089][ T9967] R13: 00007fcf24fd6218 R14: 00007fcf24fd6180 R15: 00007ffd8f90b4b8
[  377.273112][ T9967]  </TASK>
[  377.547042][    C1] vkms_vblank_simulate: vblank timer overrun
[  378.062699][ T9972] FAULT_INJECTION: forcing a failure.
[  378.062699][ T9972] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  378.100517][   T89] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  378.121613][ T9976] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1077'.
[  378.130543][ T9976] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1077'.
[  378.139904][ T9976] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1077'.
[  378.181297][ T9978] netlink: 'syz.0.1078': attribute type 2 has an invalid length.
[  378.206878][ T9972] CPU: 0 UID: 0 PID: 9972 Comm: syz.3.1076 Not tainted syzkaller #0 PREEMPT(full) 
[  378.206903][ T9972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  378.206914][ T9972] Call Trace:
[  378.206921][ T9972]  <TASK>
[  378.206928][ T9972]  dump_stack_lvl+0x189/0x250
[  378.206960][ T9972]  ? __pfx____ratelimit+0x10/0x10
[  378.206979][ T9972]  ? __pfx_dump_stack_lvl+0x10/0x10
[  378.206997][ T9972]  ? __pfx__printk+0x10/0x10
[  378.207032][ T9972]  should_fail_ex+0x414/0x560
[  378.207058][ T9972]  _copy_to_user+0x31/0xb0
[  378.207079][ T9972]  simple_read_from_buffer+0xe1/0x170
[  378.207108][ T9972]  proc_fail_nth_read+0x1b3/0x220
[  378.207132][ T9972]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  378.207156][ T9972]  ? rw_verify_area+0x2a6/0x4d0
[  378.207177][ T9972]  ? __lock_acquire+0xab9/0xd20
[  378.207195][ T9972]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  378.207217][ T9972]  vfs_read+0x200/0xa30
[  378.207238][ T9972]  ? fdget_pos+0x247/0x320
[  378.207259][ T9972]  ? __pfx___mutex_lock+0x10/0x10
[  378.207281][ T9972]  ? __pfx_vfs_read+0x10/0x10
[  378.207302][ T9972]  ? __fget_files+0x2a/0x420
[  378.207322][ T9972]  ? __fget_files+0x3a0/0x420
[  378.207344][ T9972]  ? __fget_files+0x2a/0x420
[  378.207369][ T9972]  ksys_read+0x145/0x250
[  378.207394][ T9972]  ? __pfx_ksys_read+0x10/0x10
[  378.207420][ T9972]  ? do_syscall_64+0xbe/0xfa0
[  378.207442][ T9972]  do_syscall_64+0xfa/0xfa0
[  378.207460][ T9972]  ? lockdep_hardirqs_on+0x9c/0x150
[  378.207479][ T9972]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  378.207495][ T9972]  ? clear_bhb_loop+0x60/0xb0
[  378.207515][ T9972]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  378.207531][ T9972] RIP: 0033:0x7fcf24d8d63c
[  378.207547][ T9972] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  378.207561][ T9972] RSP: 002b:00007fcf25b50030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  378.207579][ T9972] RAX: ffffffffffffffda RBX: 00007fcf24fd5fa0 RCX: 00007fcf24d8d63c
[  378.207591][ T9972] RDX: 000000000000000f RSI: 00007fcf25b500a0 RDI: 0000000000000004
[  378.207600][ T9972] RBP: 00007fcf25b50090 R08: 0000000000000000 R09: 0000000000000000
[  378.207611][ T9972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  378.207621][ T9972] R13: 00007fcf24fd6038 R14: 00007fcf24fd5fa0 R15: 00007ffd8f90b4b8
[  378.207652][ T9972]  </TASK>
[  378.533440][ T9981] F2FS-fs: Conflicting test_dummy_encryption options
[  378.539737][   T89] usb 2-1: device descriptor read/64, error -71
[  378.553643][ T9982] EXT4-fs: Ignoring removed nomblk_io_submit option
[  378.575282][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  378.582828][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  378.749048][ T9982] blk_print_req_error: 140 callbacks suppressed
[  378.749065][ T9982] I/O error, dev loop3, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2
[  378.777516][ T9982] EXT4-fs (loop3): unable to read superblock
[  378.799386][   T89] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  378.941616][   T89] usb 2-1: device descriptor read/64, error -71
[  379.326014][   T89] usb usb2-port1: attempt power cycle
[  379.413124][ T9988] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1082'.
[  379.426330][ T9988] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1082'.
[  379.437835][ T9988] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1082'.
[  379.519963][ T9989] block nbd3: not configured, cannot reconfigure
[  379.748465][ T5939] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  379.816371][   T89] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  379.831566][ T5925] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  379.840509][   T89] usb 2-1: device descriptor read/8, error -71
[  379.920534][ T5939] usb 6-1: Using ep0 maxpacket: 32
[  379.960072][T10000] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1084'.
[  379.970591][T10000] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1084'.
[  380.032054][ T5939] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  380.235682][ T5939] usb 6-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0
[  380.282600][ T5925] usb 4-1: Using ep0 maxpacket: 32
[  380.353716][ T5925] usb 4-1: config 0 has an invalid interface number: 137 but max is 0
[  380.364094][ T5939] usb 6-1: config 0 interface 0 has no altsetting 0
[  380.375521][ T5925] usb 4-1: config 0 has no interface number 0
[  380.386414][ T5939] usb 6-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  380.398585][ T5925] usb 4-1: config 0 interface 137 altsetting 1 endpoint 0x8 has invalid wMaxPacketSize 0
[  380.409148][ T5939] usb 6-1: New USB device strings: Mfr=229, Product=1, SerialNumber=3
[  380.417806][ T5925] usb 4-1: config 0 interface 137 has no altsetting 0
[  380.427158][ T5939] usb 6-1: Product: syz
[  380.433035][T10004] netlink: 'syz.1.1087': attribute type 10 has an invalid length.
[  380.441929][ T5939] usb 6-1: Manufacturer: syz
[  380.447102][ T5939] usb 6-1: SerialNumber: syz
[  380.453992][ T5925] usb 4-1: New USB device found, idVendor=0c52, idProduct=2861, bcdDevice= 1.37
[  380.467135][ T5939] usb 6-1: config 0 descriptor??
[  380.479280][ T5925] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  380.481513][T10004] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  380.489119][ T5925] usb 4-1: Product: syz
[  380.598147][ T5925] usb 4-1: Manufacturer: syz
[  380.603139][ T5925] usb 4-1: SerialNumber: syz
[  380.611102][ T5925] usb 4-1: config 0 descriptor??
[  380.652842][ T5925] ftdi_sio 4-1:0.137: FTDI USB Serial Device converter detected
[  380.708217][ T5925] usb 4-1: Detected SIO
[  380.719825][ T5925] ftdi_sio ttyUSB0: Overriding wMaxPacketSize on endpoint 8
[  380.733838][ T5925] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  380.747870][T10009] netlink: 248 bytes leftover after parsing attributes in process `syz.4.1088'.
[  380.907662][ T5939] gs_usb 6-1:0.0: Configuring for 243 interfaces
[  380.939883][ T5939] gs_usb 6-1:0.0: Driver cannot handle more that 3 CAN interfaces
[  380.947743][ T5939] gs_usb 6-1:0.0: probe with driver gs_usb failed with error -22
[  381.069262][ T5925] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  381.113346][ T5873] usb 6-1: USB disconnect, device number 5
[  381.155045][T10015] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1089'.
[  381.163972][T10015] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1089'.
[  381.172925][T10015] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1089'.
[  381.222838][ T5925] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE8, changing to 0x88
[  381.253387][ T5925] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7
[  381.284917][ T5925] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  381.313901][ T5925] usb 5-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49
[  381.334620][ T5925] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  381.345474][ T5925] usb 5-1: Product: syz
[  381.352654][ T5925] usb 5-1: Manufacturer: syz
[  381.377715][ T5925] usb 5-1: SerialNumber: syz
[  381.391298][ T5925] usb 5-1: config 0 descriptor??
[  381.414517][ T5925] iguanair 5-1:0.0: probe with driver iguanair failed with error -12
[  381.543410][T10027] EXT4-fs: Ignoring removed nomblk_io_submit option
[  381.578857][T10027] I/O error, dev loop1, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2
[  381.606139][T10027] EXT4-fs (loop1): unable to read superblock
[  381.608035][ T5873] usb 5-1: USB disconnect, device number 34
[  381.764274][ T5939] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  381.777240][T10034] debugfs: Bad value for 'gid'
[  381.803293][T10034] debugfs: Bad value for 'gid'
[  381.821300][ T5939] hid-generic 0000:0000:0000.0006: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  382.417042][ T5939] usb 4-1: USB disconnect, device number 23
[  382.453326][ T5939] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  382.518781][ T5939] ftdi_sio 4-1:0.137: device disconnected
[  382.812064][T10049] bond6: entered promiscuous mode
[  382.817240][T10049] bond6: entered allmulticast mode
[  382.832429][T10049] 8021q: adding VLAN 0 to HW filter on device bond6
[  383.418143][T10049] bond6 (unregistering): Released all slaves
[  383.974703][T10080] EXT4-fs: Ignoring removed nomblk_io_submit option
[  383.995425][ T8901] Bluetooth: hci5: Frame reassembly failed (-84)
[  384.014772][   T43] kernel write not supported for file bpf-prog (pid: 43 comm: kworker/1:1)
[  384.027762][T10080] I/O error, dev loop3, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2
[  384.042555][T10080] EXT4-fs (loop3): unable to read superblock
[  384.308772][   T43] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  384.563559][T10098] ntfs3(loop3): try to read out of volume at offset 0x0
[  384.853464][   T43] usb 5-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[  384.862775][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  384.871181][   T43] usb 5-1: Product: syz
[  384.875441][   T43] usb 5-1: Manufacturer: syz
[  384.883208][   T43] usb 5-1: SerialNumber: syz
[  385.644914][T10106] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  385.662571][T10106] buffer_io_error: 138 callbacks suppressed
[  385.662588][T10106] Buffer I/O error on dev nbd0, logical block 0, async page read
[  385.685468][T10106] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  385.705004][T10106] Buffer I/O error on dev nbd0, logical block 1, async page read
[  385.715375][T10106] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  385.736005][T10106] Buffer I/O error on dev nbd0, logical block 2, async page read
[  385.750292][T10106] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  385.784850][T10106] Buffer I/O error on dev nbd0, logical block 3, async page read
[  385.803177][T10106] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  385.817114][T10106] Buffer I/O error on dev nbd0, logical block 0, async page read
[  385.826184][T10106] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  385.838630][T10106] Buffer I/O error on dev nbd0, logical block 1, async page read
[  385.848169][T10106] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  385.857734][T10106] Buffer I/O error on dev nbd0, logical block 2, async page read
[  385.866801][T10106] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  385.879427][T10106] Buffer I/O error on dev nbd0, logical block 3, async page read
[  385.889094][T10106] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  385.899970][T10106] Buffer I/O error on dev nbd0, logical block 0, async page read
[  385.929981][T10106] Buffer I/O error on dev nbd0, logical block 1, async page read
[  386.059994][ T5866] Bluetooth: hci5: command 0x1003 tx timeout
[  386.066741][ T5868] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  386.371526][T10085] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  386.381470][T10106] ldm_validate_partition_table(): Disk read failed.
[  386.411964][T10085] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  386.447785][T10085] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  386.471177][T10106] Dev nbd0: unable to read RDB block 0
[  386.499818][T10085] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  386.519236][T10085] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  386.532580][T10085] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  386.587695][T10106]  nbd0: unable to read partition table
[  386.645189][   T43] rtl8150 5-1:1.0: couldn't reset the device
[  386.662843][   T43] rtl8150 5-1:1.0: probe with driver rtl8150 failed with error -5
[  386.688146][   T43] usb 5-1: USB disconnect, device number 35
[  386.923321][T10129] Driver unsupported XDP return value 0 on prog  (id 233) dev N/A, expect packet loss!
[  387.364886][T10132] netlink: 'syz.1.1118': attribute type 1 has an invalid length.
[  387.372791][T10132] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1118'.
[  387.389508][ T5873] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  387.818632][ T5873] usb 6-1: device descriptor read/64, error -71
[  387.856556][T10140] FAT-fs (loop4): unable to read boot sector
[  388.062236][ T5873] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  388.078688][T10141] tipc: Cannot configure node identity twice
[  388.153976][T10144] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1122'.
[  388.187500][T10145] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1122'.
[  388.286826][ T5873] usb 6-1: device descriptor read/64, error -71
[  388.378546][   T43] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  388.432719][ T5873] usb usb6-port1: attempt power cycle
[  388.528586][   T43] usb 5-1: Using ep0 maxpacket: 16
[  388.794020][   T89] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  388.819280][   T43] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  388.887545][   T43] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  388.898577][ T5873] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  388.916028][   T43] usb 5-1: config 0 interface 0 has no altsetting 0
[  388.929196][   T43] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  388.937855][T10159] netlink: 212 bytes leftover after parsing attributes in process `syz.3.1128'.
[  388.948148][   T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  388.950459][ T5873] usb 6-1: device descriptor read/8, error -71
[  388.977932][   T43] usb 5-1: config 0 descriptor??
[  389.059296][   T89] usb 1-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[  389.069297][T10161] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  389.079113][   T89] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  389.087161][   T89] usb 1-1: Product: syz
[  389.112391][   T89] usb 1-1: Manufacturer: syz
[  389.122536][   T89] usb 1-1: SerialNumber: syz
[  389.157059][   T89] usb 1-1: config 0 descriptor??
[  389.238801][ T5873] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  389.345964][T10164] EXT4-fs: EXT4-fs: inode_readahead_blks must be 0 or a power of 2 smaller than 2^31
[  389.445447][ T5873] usb 6-1: device descriptor read/8, error -71
[  389.521062][T10154] bpq0: entered promiscuous mode
[  389.755294][ T5873] usb usb6-port1: unable to enumerate USB device
[  389.905429][   T89] usb-storage 1-1:0.0: USB Mass Storage device detected
[  389.979886][   T89] usb 1-1: USB disconnect, device number 26
[  390.328206][T10181] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1133'.
[  390.366924][T10181] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1133'.
[  390.764772][T10181] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1133'.
[  390.934605][   T43] usbhid 5-1:0.0: can't add hid device: -71
[  390.968558][   T43] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  391.123536][   T43] usb 5-1: USB disconnect, device number 36
[  391.263296][T10195] binder: 10187:10195 ioctl 40045569 b returned -22
[  391.283791][T10194] syzkaller1: entered promiscuous mode
[  391.300533][T10194] syzkaller1: entered allmulticast mode
[  391.894279][T10207] netlink: 212 bytes leftover after parsing attributes in process `syz.5.1139'.
[  392.034833][T10170] F2FS-fs: inline encryption not supported
[  392.073639][T10170] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  392.125751][T10170] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  392.146801][T10170] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  392.159007][T10170] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[  392.298699][   T43] usb 6-1: new full-speed USB device number 10 using dummy_hcd
[  393.012490][T10227] blk_print_req_error: 56 callbacks suppressed
[  393.012502][T10227] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  393.033976][T10223] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1146'.
[  393.058594][T10227] FAT-fs (loop4): unable to read boot sector
[  393.270187][   T43] usb 6-1: config 0 interface 0 altsetting 5 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  393.295156][   T43] usb 6-1: config 0 interface 0 has no altsetting 0
[  393.302390][   T43] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2dbe, bcdDevice= 0.00
[  393.314741][   T43] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  393.327811][T10233] tipc: Cannot configure node identity twice
[  393.396266][T10232] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1147'.
[  393.405226][T10232] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1147'.
[  393.414197][T10232] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1147'.
[  393.469980][   T43] usb 6-1: config 0 descriptor??
[  393.475555][T10210] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  394.248657][ T5939] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  394.773803][T10248] netlink: 212 bytes leftover after parsing attributes in process `syz.0.1151'.
[  394.774189][   T43] konepure 0003:1E7D:2DBE.0007: unknown main item tag 0x0
[  394.791840][ T5939] usb 5-1: Using ep0 maxpacket: 16
[  394.799191][   T43] konepure 0003:1E7D:2DBE.0007: unknown main item tag 0x0
[  394.811585][ T5939] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  394.826076][   T43] konepure 0003:1E7D:2DBE.0007: hidraw0: USB HID v80.00 Device [HID 1e7d:2dbe] on usb-dummy_hcd.5-1/input0
[  394.837818][ T5939] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  394.847701][ T5939] usb 5-1: config 0 interface 0 has no altsetting 0
[  394.865088][ T5939] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  394.884817][ T5939] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  395.030289][ T5939] usb 5-1: config 0 descriptor??
[  395.818701][ T5939] usb 5-1: can't set config #0, error -71
[  395.854112][ T5939] usb 5-1: USB disconnect, device number 37
[  395.887422][    T9] usb 6-1: USB disconnect, device number 10
[  396.856882][T10280] rdma_rxe: rxe_newlink: failed to add ip6gretap0
[  397.343488][T10281] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1160'.
[  397.352614][T10281] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1160'.
[  397.361703][T10281] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1160'.
[  398.546162][T10295] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1162'.
[  398.555354][T10295] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1162'.
[  398.715355][T10303] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  398.739828][T10303] FAT-fs (loop1): unable to read boot sector
[  398.923356][T10310] debugfs: Bad value for 'gid'
[  398.942175][T10310] debugfs: Bad value for 'gid'
[  399.174880][T10319] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1167'.
[  400.099475][   T43] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  400.340986][   T43] usb 2-1: Using ep0 maxpacket: 16
[  400.396071][   T43] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  400.432027][   T43] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  400.461659][   T43] usb 2-1: config 0 interface 0 has no altsetting 0
[  400.490996][T10328] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1172'.
[  400.518470][   T43] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  400.540975][   T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  400.562684][   T43] usb 2-1: config 0 descriptor??
[  400.607814][T10342] block device autoloading is deprecated and will be removed.
[  400.648767][    T9] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  400.718687][  T898] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  400.752137][T10347] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1178'.
[  400.798472][    T9] usb 4-1: device descriptor read/64, error -71
[  400.852933][T10352] binder: 10345:10352 ioctl 4018620d 0 returned -22
[  401.566685][  T898] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  401.576741][  T898] usb 6-1: config 0 interface 0 has no altsetting 0
[  401.578599][    T9] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  401.586374][  T898] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  401.613935][  T898] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  401.623066][  T898] usb 6-1: Product: syz
[  401.627313][  T898] usb 6-1: Manufacturer: syz
[  401.634214][  T898] usb 6-1: SerialNumber: syz
[  401.654145][  T898] usb 6-1: config 0 descriptor??
[  401.669799][  T898] usb 6-1: selecting invalid altsetting 0
[  401.728905][T10359] random: crng reseeded on system resumption
[  401.823313][   T43] usbhid 2-1:0.0: can't add hid device: -71
[  401.836678][   T43] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  401.872295][   T43] usb 2-1: USB disconnect, device number 38
[  401.884306][   T30] audit: type=1326 audit(1758395258.962:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10358 comm="syz.4.1181" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7feb0b38ec29 code=0x0
[  401.896643][    T9] usb 4-1: device descriptor read/64, error -71
[  402.056427][T10360] netlink: 280 bytes leftover after parsing attributes in process `syz.4.1181'.
[  402.142125][    T9] usb usb4-port1: attempt power cycle
[  402.738835][    T9] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  403.219099][    T9] usb 4-1: device descriptor read/8, error -71
[  403.468518][    T9] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  403.553313][T10380] vfat: Bad value for 'utf8'
[  403.633247][ T8900] dummy0: left allmulticast mode
[  403.656294][ T8900] bridge0: port 3(dummy0) entered disabled state
[  403.686748][ T8900] bridge_slave_1: left allmulticast mode
[  403.688625][    T9] usb 4-1: device not accepting address 27, error -71
[  403.693970][ T8900] bridge_slave_1: left promiscuous mode
[  403.739227][    T9] usb usb4-port1: unable to enumerate USB device
[  403.831432][  T898] usb 6-1: USB disconnect, device number 11
[  403.838582][ T8900] bridge0: port 2(bridge_slave_1) entered disabled state
[  403.872033][T10389] netlink: 92 bytes leftover after parsing attributes in process `syz.5.1192'.
[  403.893141][ T8900] bridge_slave_0: left allmulticast mode
[  403.901555][T10389] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1192'.
[  403.922033][ T8900] bridge_slave_0: left promiscuous mode
[  403.927798][ T8900] bridge0: port 1(bridge_slave_0) entered disabled state
[  403.946653][T10389] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1192'.
[  404.024304][T10389] block nbd5: not configured, cannot reconfigure
[  404.027882][T10395] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  404.040725][T10396] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  404.073100][T10396] FAT-fs (loop4): unable to read boot sector
[  404.340254][T10395] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  404.348726][ T5939] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  404.376447][T10395] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  404.392822][T10395] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  404.399616][ T8900] bond0 (unregistering): (slave ip6gretap0): Releasing backup interface
[  404.404832][T10395] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  404.421653][T10395] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  404.460682][ T5925] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  404.472498][T10395] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  404.504013][T10395] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  404.519613][ T5939] usb 2-1: Using ep0 maxpacket: 8
[  404.524909][T10395] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  404.546141][T10395] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  404.563984][ T5939] usb 2-1: New USB device found, idVendor=0763, idProduct=2081, bcdDevice=d0.ab
[  404.577235][ T5866] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  404.599732][ T5939] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  404.608033][ T5939] usb 2-1: Product: syz
[  404.613788][ T5866] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  404.620847][ T5925] usb 6-1: Using ep0 maxpacket: 32
[  404.627106][ T5866] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  404.635634][ T5925] usb 6-1: config 0 has an invalid interface number: 137 but max is 0
[  404.644271][ T5939] usb 2-1: Manufacturer: syz
[  404.660731][ T5866] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  404.672427][ T5925] usb 6-1: config 0 has no interface number 0
[  404.682519][ T5866] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  404.700962][  T898] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  404.708881][ T5939] usb 2-1: SerialNumber: syz
[  404.724905][ T5925] usb 6-1: config 0 interface 137 altsetting 1 endpoint 0x8 has invalid wMaxPacketSize 0
[  404.736086][ T5939] usb 2-1: config 0 descriptor??
[  404.794962][ T5925] usb 6-1: config 0 interface 137 has no altsetting 0
[  404.809365][ T5925] usb 6-1: New USB device found, idVendor=0c52, idProduct=2861, bcdDevice= 1.37
[  404.819266][ T5925] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  404.828444][ T5925] usb 6-1: Product: syz
[  404.832630][ T5925] usb 6-1: Manufacturer: syz
[  404.837247][ T5925] usb 6-1: SerialNumber: syz
[  404.869097][    T9] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  404.871788][ T5925] usb 6-1: config 0 descriptor??
[  404.887393][ T5925] ftdi_sio 6-1:0.137: FTDI USB Serial Device converter detected
[  404.898006][ T5925] usb 6-1: Detected SIO
[  404.904480][ T5925] ftdi_sio ttyUSB0: Overriding wMaxPacketSize on endpoint 8
[  404.919901][ T5925] usb 6-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  404.938452][  T898] usb 4-1: Using ep0 maxpacket: 32
[  404.944061][ T8900] dvmrp1 (unregistering): left allmulticast mode
[  405.048402][    T9] usb 5-1: Using ep0 maxpacket: 16
[  405.055374][  T898] usb 4-1: config 0 has an invalid interface number: 16 but max is 0
[  405.120843][    T9] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  405.134821][  T898] usb 4-1: config 0 has no interface number 0
[  405.154534][    T9] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  405.156414][  T898] usb 4-1: config 0 interface 16 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  405.201259][  T898] usb 4-1: config 0 interface 16 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  405.237334][ T5939] usb 2-1: USB disconnect, device number 39
[  405.247472][  T898] usb 4-1: New USB device found, idVendor=0499, idProduct=102a, bcdDevice=85.2d
[  405.262431][  T898] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  405.274271][    T9] usb 5-1: config 0 interface 0 has no altsetting 0
[  405.291274][  T898] usb 4-1: Product: syz
[  405.295625][  T898] usb 4-1: Manufacturer: syz
[  405.303339][  T898] usb 4-1: SerialNumber: syz
[  405.359225][ T5870] udevd[5870]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  405.361167][  T898] usb 4-1: config 0 descriptor??
[  405.412869][    T9] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  405.423972][  T898] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  405.466359][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  405.513066][  T898] snd-usb-audio 4-1:0.16: probe with driver snd-usb-audio failed with error -2
[  405.523811][    T9] usb 5-1: config 0 descriptor??
[  405.565379][T10399] udevd[10399]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.16/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  405.755896][ T8900] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  405.779910][ T8900] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  405.796781][ T8900] bond0 (unregistering): Released all slaves
[  405.812617][T10400] tipc: Cannot configure node identity twice
[  405.893888][ T8900] tipc: Left network mode
[  405.899887][T10404] ip6gretap0 speed is unknown, defaulting to 1000
[  406.052100][ T8900] mac80211_hwsim hwsim7 wlan0 (unregistering): left allmulticast mode
[  406.072301][ T8900] mac80211_hwsim hwsim7 wlan0 (unregistering): left promiscuous mode
[  406.127499][ T8900] batman_adv: batadv0: Removing interface: wlan0
[  406.653783][ T8900] hsr_slave_0: left promiscuous mode
[  406.660713][ T8900] hsr_slave_1: left promiscuous mode
[  406.674091][ T8900] batman_adv: batadv0: Removing interface: batadv_slave_0
[  406.683331][ T8900] batman_adv: batadv0: Removing interface: batadv_slave_1
[  406.781498][ T5866] Bluetooth: hci2: command tx timeout
[  406.920717][   T10] usb 6-1: USB disconnect, device number 12
[  407.071741][    T9] usbhid 5-1:0.0: can't add hid device: -71
[  407.078003][    T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  407.087257][   T10] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  407.125975][   T89] usb 4-1: USB disconnect, device number 28
[  407.141505][   T10] ftdi_sio 6-1:0.137: device disconnected
[  407.180728][    T9] usb 5-1: USB disconnect, device number 38
[  407.644085][T10440] vfat: Bad value for 'utf8'
[  408.144526][T10447] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  408.152382][T10447] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  408.160937][T10447] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  408.168685][T10447] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock
[  408.938407][ T5866] Bluetooth: hci2: command tx timeout
[  409.324551][T10454] EXT4-fs: Ignoring removed nomblk_io_submit option
[  409.391268][T10454] I/O error, dev loop1, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2
[  409.750274][T10454] EXT4-fs (loop1): unable to read superblock
[  410.110867][T10469] netlink: 92 bytes leftover after parsing attributes in process `syz.1.1208'.
[  410.128410][T10469] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1208'.
[  410.145061][T10469] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1208'.
[  410.240562][ T8900] team0 (unregistering): Port device team_slave_1 removed
[  410.252936][T10471] block nbd1: not configured, cannot reconfigure
[  410.288479][   T43] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  410.298144][ T8900] team0 (unregistering): Port device team_slave_0 removed
[  410.429362][   T43] usb 6-1: device descriptor read/64, error -71
[  410.568451][ T5939] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  410.688583][   T43] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  410.748412][ T5939] usb 2-1: Using ep0 maxpacket: 32
[  410.756278][ T5939] usb 2-1: config 0 has an invalid interface number: 137 but max is 0
[  410.765172][ T5939] usb 2-1: config 0 has no interface number 0
[  410.774107][ T5939] usb 2-1: config 0 interface 137 altsetting 1 endpoint 0x8 has invalid wMaxPacketSize 0
[  410.785368][ T5939] usb 2-1: config 0 interface 137 has no altsetting 0
[  410.796125][ T5939] usb 2-1: New USB device found, idVendor=0c52, idProduct=2861, bcdDevice= 1.37
[  410.809576][ T5939] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  410.817705][ T5939] usb 2-1: Product: syz
[  410.822630][ T5939] usb 2-1: Manufacturer: syz
[  410.827372][ T5939] usb 2-1: SerialNumber: syz
[  410.832172][   T43] usb 6-1: device descriptor read/64, error -71
[  410.867191][ T5939] usb 2-1: config 0 descriptor??
[  410.880088][ T5939] ftdi_sio 2-1:0.137: FTDI USB Serial Device converter detected
[  410.897694][ T5939] usb 2-1: Detected SIO
[  410.902228][ T5939] ftdi_sio ttyUSB0: Overriding wMaxPacketSize on endpoint 8
[  410.923511][ T5939] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  410.950486][   T43] usb usb6-port1: attempt power cycle
[  411.019225][ T5866] Bluetooth: hci2: command tx timeout
[  411.252026][T10404] chnl_net:caif_netlink_parms(): no params data found
[  411.317689][   T43] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  411.405841][   T43] usb 6-1: device descriptor read/8, error -71
[  411.540952][T10404] bridge0: port 1(bridge_slave_0) entered blocking state
[  411.549611][T10404] bridge0: port 1(bridge_slave_0) entered disabled state
[  411.558099][T10404] bridge_slave_0: entered allmulticast mode
[  411.580569][T10404] bridge_slave_0: entered promiscuous mode
[  411.597190][T10486] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1209'.
[  411.611687][T10404] bridge0: port 2(bridge_slave_1) entered blocking state
[  411.620113][T10404] bridge0: port 2(bridge_slave_1) entered disabled state
[  411.628964][T10404] bridge_slave_1: entered allmulticast mode
[  411.650417][T10404] bridge_slave_1: entered promiscuous mode
[  411.668681][   T43] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  411.711368][   T43] usb 6-1: device descriptor read/8, error -71
[  411.802064][T10404] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  411.815126][T10404] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  411.842854][   T43] usb usb6-port1: unable to enumerate USB device
[  411.892566][T10404] team0: Port device team_slave_0 added
[  411.912016][T10404] team0: Port device team_slave_1 added
[  411.974584][T10404] batman_adv: batadv0: Adding interface: batadv_slave_0
[  411.982796][T10404] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  412.009788][    T9] usb 5-1: new full-speed USB device number 39 using dummy_hcd
[  412.017609][T10404] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  412.035516][T10404] batman_adv: batadv0: Adding interface: batadv_slave_1
[  412.043849][T10404] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  412.072634][T10404] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  412.136876][T10404] hsr_slave_0: entered promiscuous mode
[  412.145920][T10404] hsr_slave_1: entered promiscuous mode
[  412.152418][T10404] debugfs: 'hsr0' already exists in 'hsr'
[  412.158246][T10404] Cannot create hsr debugfs directory
[  412.168444][   T89] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  412.182728][    T9] usb 5-1: config index 0 descriptor too short (expected 32, got 18)
[  412.191734][    T9] usb 5-1: config 0 has an invalid descriptor of length 241, skipping remainder of the config
[  412.203147][    T9] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  412.215295][    T9] usb 5-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=c7.76
[  412.224611][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  412.232792][    T9] usb 5-1: Product: syz
[  412.237769][    T9] usb 5-1: Manufacturer: syz
[  412.242708][    T9] usb 5-1: SerialNumber: syz
[  412.253749][    T9] usb 5-1: config 0 descriptor??
[  412.318688][   T89] usb 4-1: Using ep0 maxpacket: 8
[  412.327891][   T89] usb 4-1: too many configurations: 255, using maximum allowed: 8
[  412.341873][   T89] usb 4-1: invalid descriptor for config index 0: type = 0x2, length = 255
[  412.351675][   T89] usb 4-1: can't read configurations, error -22
[  412.441374][T10404] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  412.454990][T10404] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  412.482599][T10404] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  412.489686][   T89] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  412.507996][T10404] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  412.646442][T10404] 8021q: adding VLAN 0 to HW filter on device bond0
[  412.648564][   T89] usb 4-1: Using ep0 maxpacket: 8
[  412.673420][   T89] usb 4-1: too many configurations: 255, using maximum allowed: 8
[  412.674938][T10404] 8021q: adding VLAN 0 to HW filter on device team0
[  412.689013][   T89] usb 4-1: invalid descriptor for config index 0: type = 0x2, length = 255
[  412.703316][ T8902] bridge0: port 1(bridge_slave_0) entered blocking state
[  412.704887][   T89] usb 4-1: can't read configurations, error -22
[  412.710530][ T8902] bridge0: port 1(bridge_slave_0) entered forwarding state
[  412.731516][   T89] usb usb4-port1: attempt power cycle
[  412.737907][ T8902] bridge0: port 2(bridge_slave_1) entered blocking state
[  412.745121][ T8902] bridge0: port 2(bridge_slave_1) entered forwarding state
[  413.058454][ T5939] usb 2-1: USB disconnect, device number 40
[  413.074729][ T5939] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  413.090289][   T89] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  413.098845][ T5866] Bluetooth: hci2: command tx timeout
[  413.124247][ T5939] ftdi_sio 2-1:0.137: device disconnected
[  413.140799][   T89] usb 4-1: Using ep0 maxpacket: 8
[  413.151904][   T89] usb 4-1: too many configurations: 255, using maximum allowed: 8
[  413.162055][   T89] usb 4-1: invalid descriptor for config index 0: type = 0x2, length = 255
[  413.182955][T10533] vfat: Bad value for 'utf8'
[  413.187661][   T89] usb 4-1: can't read configurations, error -22
[  413.200457][T10404] 8021q: adding VLAN 0 to HW filter on device batadv0
[  413.231071][T10537] input: syz1 as /devices/virtual/input/input24
[  413.338923][   T89] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  413.391126][   T89] usb 4-1: Using ep0 maxpacket: 8
[  413.399648][   T89] usb 4-1: too many configurations: 255, using maximum allowed: 8
[  413.433067][   T89] usb 4-1: invalid descriptor for config index 0: type = 0x2, length = 255
[  413.467896][   T89] usb 4-1: can't read configurations, error -22
[  413.492535][   T89] usb usb4-port1: unable to enumerate USB device
[  413.699049][ T5939] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  413.797206][T10404] veth0_vlan: entered promiscuous mode
[  413.837616][T10404] veth1_vlan: entered promiscuous mode
[  413.869470][ T5939] usb 2-1: Using ep0 maxpacket: 32
[  413.885191][ T5939] usb 2-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c
[  413.889298][T10404] veth0_macvtap: entered promiscuous mode
[  413.915441][ T5939] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  413.926877][ T5939] usb 2-1: Product: syz
[  413.930963][T10404] veth1_macvtap: entered promiscuous mode
[  413.937003][ T5939] usb 2-1: Manufacturer: syz
[  413.942153][ T5939] usb 2-1: SerialNumber: syz
[  413.966419][ T5939] usb 2-1: config 0 descriptor??
[  413.986071][ T5939] gspca_main: gspca_topro-2.14.0 probing 06a2:0003
[  413.994408][T10404] batman_adv: batadv0: Interface activated: batadv_slave_0
[  414.021883][T10404] batman_adv: batadv0: Interface activated: batadv_slave_1
[  414.068601][ T8901] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  414.101999][ T8901] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  414.112016][ T8901] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  414.134425][ T8901] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  414.236335][ T7336] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  414.270483][ T7336] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  414.313325][ T7332] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  414.324883][ T7332] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  415.013108][T10548] (unnamed net_device) (uninitialized): option active_slave: mode dependency failed, not supported in mode 802.3ad(4)
[  415.063702][T10585] binder: 10584:10585 ioctl 40046210 0 returned -14
[  415.109747][ T5939] gspca_topro: reg_w err -110
[  415.110177][   T89] usb 5-1: USB disconnect, device number 39
[  415.156177][ T5939] gspca_topro: Sensor soi763a
[  415.212123][T10594] tunl0: entered promiscuous mode
[  415.217311][T10594] tunl0: entered allmulticast mode
[  415.323479][T10598] erofs (device loop6): cannot find valid erofs superblock
[  416.204916][T10608] ceph: No mds server is up or the cluster is laggy
[  416.215796][ T5939] libceph: connect (1)[c::]:6789 error -101
[  416.249853][ T5939] libceph: mon0 (1)[c::]:6789 connect error
[  416.520313][ T5939] usb 2-1: USB disconnect, device number 41
[  416.955509][T10623] fuse: Unknown parameter 'use'
[  416.969292][T10624] fuse: Unknown parameter 'use'
[  417.045274][T10623] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1233'.
[  417.249282][T10623] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1233'.
[  417.284037][T10628] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  417.312875][T10628] FAT-fs (loop6): unable to read boot sector
[  417.319364][ T5939] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  417.468893][T10633] vfat: Bad value for 'utf8'
[  417.513943][ T5939] usb 2-1: config 5 has an invalid interface number: 1 but max is 0
[  417.551059][ T5939] usb 2-1: config 5 has no interface number 0
[  417.569298][ T5939] usb 2-1: config 5 interface 1 has no altsetting 0
[  417.643607][T10641] tipc: Started in network mode
[  417.648620][T10641] tipc: Node identity 4, cluster identity 4711
[  417.654769][T10641] tipc: Node number set to 4
[  418.130851][ T5939] usb 2-1: New USB device found, idVendor=15ba, idProduct=002b, bcdDevice=d5.66
[  418.160961][ T5939] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  418.191047][ T5939] usb 2-1: Product: syz
[  418.200371][ T5939] usb 2-1: Manufacturer: syz
[  418.204998][ T5939] usb 2-1: SerialNumber: syz
[  418.338440][  T898] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  419.023896][  T898] usb 7-1: Using ep0 maxpacket: 16
[  419.035009][ T5939] ftdi_sio 2-1:5.1: FTDI USB Serial Device converter detected
[  419.150011][  T898] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  419.199876][ T5939] ftdi_sio ttyUSB0: unknown device type: 0xd566
[  419.219325][ T5939] usb 2-1: USB disconnect, device number 42
[  419.225426][  T898] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  419.258000][  T898] usb 7-1: config 0 interface 0 has no altsetting 0
[  419.266209][ T5939] ftdi_sio 2-1:5.1: device disconnected
[  419.658533][  T898] usb 7-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  419.694854][  T898] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  419.851314][  T898] usb 7-1: config 0 descriptor??
[  420.305529][  T898] usb 7-1: can't set config #0, error -71
[  420.426087][  T898] usb 7-1: USB disconnect, device number 2
[  421.682732][T10689] vfat: Bad value for 'utf8'
[  421.880568][T10694] I/O error, dev loop4, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2
[  421.891964][T10694] EXT4-fs (loop4): unable to read superblock
[  422.241765][T10710] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  422.254567][T10711] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  422.271205][   T30] audit: type=1800 audit(1758395279.302:244): pid=10710 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1256" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[  422.360198][T10711] FAT-fs (loop5): unable to read boot sector
[  422.369777][T10710] netlink: 88 bytes leftover after parsing attributes in process `syz.1.1256'.
[  422.401419][T10713] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1254'.
[  422.410546][T10713] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1254'.
[  422.707164][T10719] tipc: Started in network mode
[  422.712314][T10719] tipc: Node identity 4, cluster identity 4711
[  422.718552][T10719] tipc: Node number set to 4
[  423.142866][T10720] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1258'.
[  423.579086][T10723] evm: overlay not supported
[  423.589581][  T898] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  423.595130][T10726] vfat: Bad value for 'utf8'
[  423.754703][T10730] I/O error, dev loop3, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2
[  423.795799][T10730] EXT4-fs (loop3): unable to read superblock
[  423.829740][  T898] usb 6-1: Using ep0 maxpacket: 16
[  423.850352][  T898] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  424.013801][T10737] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1261'.
[  424.025446][T10737] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1261'.
[  424.038377][T10737] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1261'.
[  424.076098][T10738] exFAT-fs (loop3): mounting with "discard" option, but the device does not support discard
[  424.086485][T10738] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  424.096175][T10738] exFAT-fs (loop3): unable to read boot sector
[  424.102449][T10738] exFAT-fs (loop3): failed to read boot sector
[  424.108829][T10738] exFAT-fs (loop3): failed to recognize exfat type
[  424.119739][  T898] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  424.282277][  T898] usb 6-1: config 0 interface 0 has no altsetting 0
[  424.364592][  T898] usb 6-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  424.443641][  T898] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  424.544853][  T898] usb 6-1: config 0 descriptor??
[  425.078640][T10744] nvme_fabrics: missing parameter 'transport=%s'
[  425.085655][T10744] nvme_fabrics: missing parameter 'nqn=%s'
[  425.860516][  T898] usbhid 6-1:0.0: can't add hid device: -71
[  425.888808][  T898] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  425.921064][  T898] usb 6-1: USB disconnect, device number 17
[  426.323705][T10779] vfat: Bad value for 'utf8'
[  428.203581][T10795] EXT4-fs: Ignoring removed nomblk_io_submit option
[  428.212272][T10795] I/O error, dev loop4, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2
[  428.261736][T10795] EXT4-fs (loop4): unable to read superblock
[  429.598018][T10822] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(4)
[  429.604578][T10822] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  429.664316][T10822] vhci_hcd vhci_hcd.0: Device attached
[  429.711023][T10825] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1282'.
[  429.720019][T10825] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1282'.
[  429.728936][T10825] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1282'.
[  429.918461][   T10] usb 41-1: new low-speed USB device number 2 using vhci_hcd
[  430.521809][T10826] vhci_hcd: connection reset by peer
[  430.600986][ T8900] vhci_hcd: stop threads
[  430.798777][ T8900] vhci_hcd: release socket
[  430.851535][ T8900] vhci_hcd: disconnect device
[  431.026205][T10840] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  431.138153][T10840] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  431.168495][T10840] FAT-fs (loop1): unable to read boot sector
[  432.825776][T10866] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1291'.
[  432.933022][T10868] netlink: 277 bytes leftover after parsing attributes in process `syz.3.1292'.
[  433.025600][T10873] program syz.3.1292 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  433.454169][T10873] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  433.729877][T10881] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1294'.
[  433.744076][T10881] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1294'.
[  433.754549][T10881] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1294'.
[  435.008789][   T10] vhci_hcd: vhci_device speed not set
[  436.008771][ T5948] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  436.274232][ T5948] usb 6-1: config 252 has an invalid interface number: 254 but max is 0
[  436.428263][ T5948] usb 6-1: config 252 has no interface number 0
[  436.445302][ T5948] usb 6-1: config 252 interface 254 altsetting 1 endpoint 0x6 has invalid wMaxPacketSize 0
[  436.463558][ T5948] usb 6-1: config 252 interface 254 altsetting 1 bulk endpoint 0x6 has invalid maxpacket 0
[  436.504329][ T5948] usb 6-1: config 252 interface 254 altsetting 1 endpoint 0x8 has invalid wMaxPacketSize 0
[  436.516376][ T5948] usb 6-1: config 252 interface 254 has no altsetting 0
[  436.530048][ T5948] usb 6-1: New USB device found, idVendor=057c, idProduct=2200, bcdDevice=46.29
[  436.541131][ T5948] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  436.549904][ T5948] usb 6-1: Product: syz
[  436.554645][ T5948] usb 6-1: Manufacturer: syz
[  436.574886][ T5948] usb 6-1: SerialNumber: syz
[  436.715570][ T5948] bfusb 6-1:252.254: probe with driver bfusb failed with error -5
[  437.340091][T10924] netlink: 'syz.4.1303': attribute type 1 has an invalid length.
[  437.426024][T10924] bond6: (slave gretap1): making interface the new active one
[  439.199098][T10924] bond6: (slave gretap1): Enslaving as an active interface with an up link
[  440.003834][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  440.015146][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  440.080716][T10938] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  440.432266][    T9] usb 6-1: USB disconnect, device number 18
[  440.558554][   T10] usb 2-1: new full-speed USB device number 43 using dummy_hcd
[  440.731211][T10946] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1307'.
[  440.740146][T10946] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1307'.
[  440.749068][T10946] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1307'.
[  441.127650][T10959] overlayfs: missing 'lowerdir'
[  441.598450][    T9] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  441.893512][    T9] usb 5-1: Using ep0 maxpacket: 32
[  441.900738][T10973] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1315'.
[  441.909831][T10973] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1315'.
[  441.980879][    T9] usb 5-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac
[  442.418155][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  442.469628][    T9] usb 5-1: Product: syz
[  442.474271][    T9] usb 5-1: Manufacturer: syz
[  442.480158][    T9] usb 5-1: SerialNumber: syz
[  442.492544][    T9] usb 5-1: config 0 descriptor??
[  442.502421][    T9] gspca_main: sunplus-2.14.0 probing 055f:c230
[  442.631168][T10979] random: crng reseeded on system resumption
[  442.713953][T10984] I/O error, dev loop5, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  442.760147][T10984] MINIX-fs: unable to read superblock
[  442.786172][   T30] audit: type=1326 audit(1758395299.852:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10978 comm="syz.3.1317" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcf24d8ec29 code=0x0
[  442.833443][T10984] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  442.843741][T10984] tipc: Enabled bearer <eth:gre0>, priority 10
[  442.892854][   T30] audit: type=1326 audit(1758395299.852:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10985 comm="syz.1.1319" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ffb4178ec29 code=0x0
[  443.116878][    T9] gspca_sunplus: reg_r err -71
[  443.330287][    T9] sunplus 5-1:0.0: probe with driver sunplus failed with error -71
[  443.467159][    T9] usb 5-1: USB disconnect, device number 40
[  444.175656][T11016] futex_wake_op: syz.6.1324 tries to shift op by -1; fix this program
[  444.220835][T11017] I/O error, dev loop5, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  444.251423][T11017] hfs: can't find a HFS filesystem on dev loop5
[  444.373374][T11019] vfat: Bad value for 'utf8'
[  444.501930][T11026] sp0: Synchronizing with TNC
[  444.758479][    T9] usb 4-1: new full-speed USB device number 33 using dummy_hcd
[  445.319084][T11035] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1330'.
[  445.401542][    T9] usb 4-1: config 8 has an invalid interface number: 8 but max is 1
[  445.409776][    T9] usb 4-1: config 8 has no interface number 1
[  445.427674][    T9] usb 4-1: config 8 interface 8 has no altsetting 0
[  445.438521][    T9] usb 4-1: config 8 interface 0 has no altsetting 0
[  445.457015][    T9] usb 4-1: New USB device found, idVendor=1199, idProduct=68a2, bcdDevice=33.93
[  445.477705][T11039] bond0: (slave ip6gretap0): Error: Device can not be enslaved while up
[  445.487010][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  445.500796][    T9] usb 4-1: Product: syz
[  445.509539][    T9] usb 4-1: Manufacturer: syz
[  445.604420][T11042] netlink: 'syz.6.1333': attribute type 1 has an invalid length.
[  446.111787][T11042] 8021q: adding VLAN 0 to HW filter on device bond1
[  446.975718][    T9] usb 4-1: SerialNumber: syz
[  447.447848][    T9] qmi_wwan 4-1:8.8: probe with driver qmi_wwan failed with error -22
[  447.466416][    T9] usb 4-1: selecting invalid altsetting 0
[  447.472509][    T9] usb 4-1: Could not set interface, error -22
[  447.500204][    T9] usb 4-1: USB disconnect, device number 33
[  447.840861][T11061] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1338'.
[  447.859567][T11061] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1338'.
[  447.868537][T11061] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1338'.
[  447.877701][ T5925] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  448.061353][ T5925] usb 7-1: Using ep0 maxpacket: 32
[  448.069110][ T5925] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9
[  448.135074][ T5925] usb 7-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  448.145645][ T5925] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  448.168677][T11074] I/O error, dev loop3, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  448.190053][ T5925] usb 7-1: Product: syz
[  448.194341][ T5925] usb 7-1: Manufacturer: syz
[  448.208741][ T5925] usb 7-1: SerialNumber: syz
[  448.223663][T11074] isofs_fill_super: bread failed, dev=loop3, iso_blknum=16, block=32
[  448.240503][ T5925] usb 7-1: config 0 descriptor??
[  448.254182][T11056] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  448.353959][ T5925] input: syz syz as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/input/input25
[  448.727021][T11084] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  448.736600][T11084] FAT-fs (loop3): unable to read boot sector
[  450.019674][T11091] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  450.030421][T11091] FAT-fs (loop5): unable to read boot sector
[  451.404432][   T89] usb 7-1: USB disconnect, device number 3
[  451.404536][    C1] usbtouchscreen 7-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  451.446444][T11102] bond0: (slave ip6gretap0): Error: Device can not be enslaved while up
[  451.681286][T11109] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1349'.
[  452.010644][T11105] netlink: 'syz.5.1348': attribute type 1 has an invalid length.
[  452.796397][T11105] 8021q: adding VLAN 0 to HW filter on device bond1
[  454.879899][T11131] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1352'.
[  455.714537][   T30] audit: type=1326 audit(1758395312.792:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11142 comm="syz.4.1358" exe="/root/syz-executor" sig=31 arch=c000003e syscall=317 compat=0 ip=0x7feb0b38ec29 code=0x0
[  457.038539][    T9] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  457.076910][T11161] I/O error, dev loop4, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  457.097755][T11161] MINIX-fs: unable to read superblock
[  457.217259][    T9] usb 4-1: Using ep0 maxpacket: 32
[  457.240067][    T9] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9
[  457.252152][T11166] netlink: 'syz.4.1363': attribute type 4 has an invalid length.
[  457.271568][    T9] usb 4-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  457.294766][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  457.318388][    T9] usb 4-1: Product: syz
[  457.336054][    T9] usb 4-1: Manufacturer: syz
[  457.354900][    T9] usb 4-1: SerialNumber: syz
[  457.379608][    T9] usb 4-1: config 0 descriptor??
[  457.398756][T11152] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  457.437052][    T9] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input26
[  457.537167][T11174] bond0: (slave ip6gretap0): Error: Device can not be enslaved while up
[  457.800711][T11174] netlink: 'syz.1.1367': attribute type 1 has an invalid length.
[  457.827255][T11174] 8021q: adding VLAN 0 to HW filter on device bond4
[  457.907335][T11180] binder: BINDER_SET_CONTEXT_MGR already set
[  457.913503][T11180] binder: 11172:11180 ioctl 4018620d 200000000040 returned -16
[  457.922352][T11180] binder: 11172:11180 ioctl c0306201 2000000001c0 returned -14
[  457.995049][T11180] I/O error, dev loop4, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  458.006242][T11180] I/O error, dev loop4, sector 256 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  458.015997][T11180] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  458.026443][T11180] I/O error, dev loop4, sector 512 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  458.036058][T11180] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=512, location=512
[  458.045796][T11180] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found
[  458.053574][T11180] UDF-fs: Scanning with blocksize 512 failed
[  458.061748][T11180] I/O error, dev loop4, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  458.071725][T11180] I/O error, dev loop4, sector 512 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  458.081406][T11180] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  458.092822][T11180] I/O error, dev loop4, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  458.102646][T11180] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=512, location=512
[  458.113059][T11180] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found
[  458.120970][T11180] UDF-fs: Scanning with blocksize 1024 failed
[  458.128596][T11180] I/O error, dev loop4, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  458.139090][T11180] I/O error, dev loop4, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  458.148831][T11180] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  458.158950][T11180] I/O error, dev loop4, sector 2048 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  458.168704][T11180] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=512, location=512
[  458.178447][T11180] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found
[  458.186194][T11180] UDF-fs: Scanning with blocksize 2048 failed
[  458.195341][T11180] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  458.205595][T11180] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=512, location=512
[  458.215543][T11180] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found
[  458.223634][T11180] UDF-fs: Scanning with blocksize 4096 failed
[  458.229842][T11180] UDF-fs: warning (device loop4): udf_fill_super: No partition found (1)
[  458.714558][T11186] netlink: 92 bytes leftover after parsing attributes in process `syz.5.1370'.
[  458.724893][T11186] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1370'.
[  458.734103][T11186] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1370'.
[  458.813271][T11187] block nbd5: not configured, cannot reconfigure
[  459.162308][ T6000] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  459.286137][ T5939] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  459.473224][ T5939] usb 6-1: Using ep0 maxpacket: 32
[  459.521475][ T5939] usb 6-1: config 0 has an invalid interface number: 137 but max is 0
[  459.564469][ T5939] usb 6-1: config 0 has no interface number 0
[  459.591976][ T5939] usb 6-1: config 0 interface 137 altsetting 1 endpoint 0x8 has invalid wMaxPacketSize 0
[  459.624305][ T5939] usb 6-1: config 0 interface 137 has no altsetting 0
[  459.638464][ T5939] usb 6-1: New USB device found, idVendor=0c52, idProduct=2861, bcdDevice= 1.37
[  459.653855][ T5939] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  459.685881][ T5939] usb 6-1: Product: syz
[  459.696595][ T5939] usb 6-1: Manufacturer: syz
[  459.701970][ T5939] usb 6-1: SerialNumber: syz
[  459.726541][ T5939] usb 6-1: config 0 descriptor??
[  459.750649][ T5939] ftdi_sio 6-1:0.137: FTDI USB Serial Device converter detected
[  459.765047][ T5939] usb 6-1: Detected SIO
[  459.773356][ T5939] ftdi_sio ttyUSB0: Overriding wMaxPacketSize on endpoint 8
[  459.788697][ T5939] usb 6-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  459.938574][ T5939] usb 4-1: USB disconnect, device number 34
[  459.938737][    C0] usbtouchscreen 4-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  459.989935][T11199] vfat: Bad value for 'utf8'
[  460.028740][ T6000] usb 2-1: Using ep0 maxpacket: 32
[  460.046889][ T6000] usb 2-1: too many configurations: 107, using maximum allowed: 8
[  460.077941][ T6000] usb 2-1: unable to read config index 0 descriptor/start: -61
[  460.096031][ T6000] usb 2-1: can't read configurations, error -61
[  460.618636][ T6000] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  460.754216][T11211] bridge0: port 2(bridge_slave_1) entered disabled state
[  460.761734][T11211] bridge0: port 1(bridge_slave_0) entered disabled state
[  460.833912][ T6000] usb 2-1: Using ep0 maxpacket: 32
[  460.847296][ T6000] usb 2-1: too many configurations: 107, using maximum allowed: 8
[  460.858823][ T6000] usb 2-1: unable to read config index 0 descriptor/start: -61
[  460.877740][ T6000] usb 2-1: can't read configurations, error -61
[  460.903123][ T6000] usb usb2-port1: attempt power cycle
[  461.028632][ T5925] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  461.179927][T11211] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  461.258993][ T6000] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[  461.845181][ T6000] usb 2-1: Using ep0 maxpacket: 32
[  461.864957][ T6000] usb 2-1: too many configurations: 107, using maximum allowed: 8
[  461.883639][ T5939] usb 6-1: USB disconnect, device number 19
[  461.903749][ T5939] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  461.910153][ T6000] usb 2-1: unable to read config index 0 descriptor/start: -71
[  461.923352][ T5925] usb 4-1: Using ep0 maxpacket: 32
[  461.937269][ T6000] usb 2-1: can't read configurations, error -71
[  461.952671][T11211] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  461.974256][ T5925] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  461.988957][ T5939] ftdi_sio 6-1:0.137: device disconnected
[  462.480463][ T5925] usb 4-1: config 0 has no interface number 0
[  462.527918][ T5925] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  462.570395][ T5925] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  462.592520][ T5925] usb 4-1: Product: syz
[  462.603479][ T5925] usb 4-1: Manufacturer: syz
[  462.616118][ T5925] usb 4-1: SerialNumber: syz
[  462.637222][ T5925] usb 4-1: config 0 descriptor??
[  462.660594][ T5925] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  462.958416][T11225] netlink: 'syz.5.1381': attribute type 4 has an invalid length.
[  462.993271][ T5925] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  463.028660][ T6957] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  463.049629][ T6957] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  463.082581][ T6957] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  463.115047][ T6957] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  463.191413][T11234] bond0: (slave ip6gretap0): Error: Device can not be enslaved while up
[  463.191830][ T5925] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  463.266262][T11240] blk_print_req_error: 3 callbacks suppressed
[  463.266280][T11240] I/O error, dev loop1, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2
[  463.380618][T11240] EXT4-fs (loop1): unable to read superblock
[  463.497181][T11240] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1386'.
[  463.506411][T11240] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1386'.
[  463.515504][T11240] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1386'.
[  463.570125][T11240] exFAT-fs (loop1): mounting with "discard" option, but the device does not support discard
[  463.580756][T11240] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  463.590036][T11240] exFAT-fs (loop1): unable to read boot sector
[  463.596186][T11240] exFAT-fs (loop1): failed to read boot sector
[  463.602386][T11240] exFAT-fs (loop1): failed to recognize exfat type
[  464.583127][T11254] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1388'.
[  465.298554][   T10] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[  465.314455][    C1] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71
[  465.314923][    T9] usb 4-1: USB disconnect, device number 35
[  465.343433][    T9] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  465.448662][   T10] usb 2-1: device descriptor read/64, error -71
[  465.484150][    T9] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  465.536097][T11264] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1391'.
[  465.555790][    T9] quatech2 4-1:0.51: device disconnected
[  465.590749][T11264] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1391'.
[  465.605026][T11264] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1391'.
[  465.688117][T11264] block nbd3: not configured, cannot reconfigure
[  465.698417][   T10] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[  465.910354][   T10] usb 2-1: device descriptor read/64, error -71
[  466.548919][   T10] usb usb2-port1: attempt power cycle
[  466.698987][  T898] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  466.878482][  T898] usb 4-1: Using ep0 maxpacket: 32
[  466.932608][  T898] usb 4-1: config 0 has an invalid interface number: 137 but max is 0
[  466.958856][   T10] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[  466.962474][  T898] usb 4-1: config 0 has no interface number 0
[  467.064112][T11281] netlink: 'syz.6.1395': attribute type 9 has an invalid length.
[  467.078724][  T898] usb 4-1: config 0 interface 137 altsetting 1 endpoint 0x8 has invalid wMaxPacketSize 0
[  467.089068][  T898] usb 4-1: config 0 interface 137 has no altsetting 0
[  467.110616][  T898] usb 4-1: New USB device found, idVendor=0c52, idProduct=2861, bcdDevice= 1.37
[  467.129948][   T10] usb 2-1: device descriptor read/8, error -71
[  467.142942][  T898] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  467.262323][  T898] usb 4-1: Product: syz
[  467.267043][  T898] usb 4-1: Manufacturer: syz
[  467.271732][  T898] usb 4-1: SerialNumber: syz
[  467.281655][  T898] usb 4-1: config 0 descriptor??
[  467.290575][  T898] ftdi_sio 4-1:0.137: FTDI USB Serial Device converter detected
[  467.299547][  T898] usb 4-1: Detected SIO
[  467.303722][  T898] ftdi_sio ttyUSB0: Overriding wMaxPacketSize on endpoint 8
[  467.915438][  T898] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  468.196966][T11292] I/O error, dev loop4, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2
[  468.237508][T11291] ip6gretap0 speed is unknown, defaulting to 1000
[  468.254892][T11292] EXT4-fs (loop4): unable to read superblock
[  468.319081][T11297] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1397'.
[  468.328118][T11297] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1397'.
[  469.190955][ T6000] usb 4-1: USB disconnect, device number 36
[  469.293551][T11292] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1398'.
[  469.302604][T11292] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1398'.
[  469.311528][T11292] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1398'.
[  469.328057][T11292] exFAT-fs (loop4): mounting with "discard" option, but the device does not support discard
[  469.338479][T11292] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  469.347632][T11292] exFAT-fs (loop4): unable to read boot sector
[  469.353824][T11292] exFAT-fs (loop4): failed to read boot sector
[  469.360044][T11292] exFAT-fs (loop4): failed to recognize exfat type
[  469.398232][ T6000] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  469.448692][ T6000] ftdi_sio 4-1:0.137: device disconnected
[  469.463659][T11303] bond0: (slave ip6gretap0): Error: Device can not be enslaved while up
[  472.356302][T11318] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  472.562677][T11326] netlink: 212 bytes leftover after parsing attributes in process `syz.1.1406'.
[  472.714274][ T5925] libceph: connect (1)[c::]:6789 error -101
[  472.747261][T11327] ceph: No mds server is up or the cluster is laggy
[  472.771807][ T5925] libceph: mon0 (1)[c::]:6789 connect error
[  473.182921][ T5925] libceph: connect (1)[c::]:6789 error -101
[  473.204040][ T5925] libceph: mon0 (1)[c::]:6789 connect error
[  473.250154][T11333] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1409'.
[  473.303982][T11310] rdma_rxe: rxe_newlink: failed to add ip6gretap0
[  474.200728][T11346] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1412'.
[  474.211522][T11346] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1412'.
[  474.362132][T11349] vfat: Bad value for 'utf8'
[  474.375565][T11347] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.1408'.
[  474.385119][T11347] openvswitch: netlink: Message has 512 unknown bytes.
[  474.401710][T11347] hfsplus: Unknown parameter 'no¯ZDúe'
[  474.662649][T11353] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  474.672174][T11353] FAT-fs (loop5): unable to read boot sector
[  475.718658][ T5939] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  476.048058][T11361] netlink: 92 bytes leftover after parsing attributes in process `syz.1.1417'.
[  476.068441][ T5939] usb 6-1: Using ep0 maxpacket: 16
[  476.078901][T11361] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1417'.
[  476.087949][T11361] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1417'.
[  476.089890][ T5939] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  476.158487][ T5939] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  476.191414][ T5939] usb 6-1: config 0 interface 0 has no altsetting 0
[  476.208407][ T5939] usb 6-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  476.226088][ T5939] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  476.262914][ T5939] usb 6-1: config 0 descriptor??
[  476.338912][   T10] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[  476.388608][ T5868] Bluetooth: hci2: command 0x0405 tx timeout
[  476.619548][   T10] usb 2-1: Using ep0 maxpacket: 32
[  476.734359][   T10] usb 2-1: config 0 has an invalid interface number: 137 but max is 0
[  476.743785][   T10] usb 2-1: config 0 has no interface number 0
[  476.870791][   T10] usb 2-1: config 0 interface 137 altsetting 1 endpoint 0x8 has invalid wMaxPacketSize 0
[  476.916330][   T10] usb 2-1: config 0 interface 137 has no altsetting 0
[  476.945209][   T10] usb 2-1: New USB device found, idVendor=0c52, idProduct=2861, bcdDevice= 1.37
[  476.970600][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  476.992323][   T10] usb 2-1: Product: syz
[  477.002848][   T10] usb 2-1: Manufacturer: syz
[  477.017121][   T10] usb 2-1: SerialNumber: syz
[  477.041162][   T10] usb 2-1: config 0 descriptor??
[  477.073731][   T10] ftdi_sio 2-1:0.137: FTDI USB Serial Device converter detected
[  477.096417][   T10] usb 2-1: Detected SIO
[  477.108663][   T10] ftdi_sio ttyUSB0: Overriding wMaxPacketSize on endpoint 8
[  477.128485][   T10] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  477.263090][   T10] usb 2-1: USB disconnect, device number 52
[  477.303921][   T10] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  477.343161][   T10] ftdi_sio 2-1:0.137: device disconnected
[  477.396141][T11375] netlink: 'syz.4.1422': attribute type 6 has an invalid length.
[  477.434888][T11377] rdma_rxe: rxe_newlink: failed to add ip6gretap0
[  477.499952][T11375] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.1422'.
[  477.847648][ T5939] usbhid 6-1:0.0: can't add hid device: -71
[  477.853829][ T5939] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  477.881800][ T5939] usb 6-1: USB disconnect, device number 20
[  478.493090][T11380] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1423'.
[  480.650706][T11403] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1427'.
[  480.987804][T11400] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1430'.
[  481.119088][T11415] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  481.138431][T11415] FAT-fs (loop1): unable to read boot sector
[  482.188488][   T10] usb 2-1: new high-speed USB device number 53 using dummy_hcd
[  482.358739][   T10] usb 2-1: Using ep0 maxpacket: 16
[  482.418983][   T10] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  482.433069][   T10] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  482.454591][   T10] usb 2-1: config 0 interface 0 has no altsetting 0
[  482.484131][   T10] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  482.510759][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  482.539445][   T10] usb 2-1: config 0 descriptor??
[  482.553781][T11430] vfat: Bad value for 'utf8'
[  483.018458][ T5868] Bluetooth: hci4: command 0x0406 tx timeout
[  483.341353][T11440] rdma_rxe: rxe_newlink: failed to add ip6gretap0
[  483.528588][ T5948] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  484.196230][   T10] usbhid 2-1:0.0: can't add hid device: -71
[  484.204101][   T10] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  484.248543][ T5948] usb 7-1: Using ep0 maxpacket: 32
[  484.289594][ T5948] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  484.715424][   T10] usb 2-1: USB disconnect, device number 53
[  485.249619][T11448] comedi comedi3: c6xdigio: I/O port conflict (0x401,3)
[  485.293634][ T5948] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  485.354680][ T5948] usb 7-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  485.391423][T11451] netlink: 212 bytes leftover after parsing attributes in process `syz.3.1442'.
[  485.418661][ T5948] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  485.448266][ T5948] usb 7-1: config 0 descriptor??
[  485.454398][T11439] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  485.491608][ T5948] hub 7-1:0.0: USB hub found
[  486.041683][T11461] netlink: 'syz.1.1444': attribute type 2 has an invalid length.
[  486.059089][T11439] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  486.090173][T11439] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  486.186458][ T5948] hub 7-1:0.0: config failed, can't read hub descriptor (err -22)
[  486.440974][T11439] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1438'.
[  486.451919][ T5948] usbhid 7-1:0.0: can't add hid device: -32
[  486.465272][ T5948] usbhid 7-1:0.0: probe with driver usbhid failed with error -32
[  486.541585][ T5948] usb 7-1: USB disconnect, device number 4
[  488.309177][  T898] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[  488.318140][T11473] input: syz0 as /devices/virtual/input/input27
[  488.648640][  T898] usb 2-1: Using ep0 maxpacket: 32
[  488.970422][  T898] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9
[  489.059435][    T9] usb 7-1: new full-speed USB device number 5 using dummy_hcd
[  489.070731][T11483] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  489.079376][T11483] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  489.121283][  T898] usb 2-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  489.145180][  T898] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  489.154049][  T898] usb 2-1: Product: syz
[  489.164619][  T898] usb 2-1: Manufacturer: syz
[  489.169702][  T898] usb 2-1: SerialNumber: syz
[  489.247513][  T898] usb 2-1: config 0 descriptor??
[  489.259765][T11482] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  489.568910][  T898] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input28
[  490.003897][T11500] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1455'.
[  491.076520][T11508] random: crng reseeded on system resumption
[  491.136485][   T10] usb 2-1: USB disconnect, device number 54
[  491.136492][    C1] usbtouchscreen 2-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  491.225900][   T30] audit: type=1326 audit(1758395348.302:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11507 comm="syz.4.1460" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7feb0b38ec29 code=0x0
[  492.113690][T11520] IPVS: Error joining to the multicast group
[  493.528563][   T89] usb 6-1: new full-speed USB device number 21 using dummy_hcd
[  494.287101][   T89] usb 6-1: New USB device found, idVendor=0b48, idProduct=3007, bcdDevice=4f.64
[  494.383145][   T89] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  494.674187][T11541] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  494.682017][T11541] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  494.690268][T11541] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  494.697969][T11541] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[  494.716823][T11544] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1468'.
[  494.789144][   T89] usb 6-1: Product: syz
[  494.796876][   T89] usb 6-1: Manufacturer: syz
[  494.804641][   T89] usb 6-1: SerialNumber: syz
[  495.084095][   T89] usb 6-1: config 0 descriptor??
[  495.244031][   T89] dvb-usb: found a 'Technotrend TT Connect S2-3600' in warm state.
[  495.298764][   T89] pctv452e: pctv452e_power_ctrl: 1
[  495.298764][   T89] 
[  495.336254][   T89] usb 6-1: selecting invalid altsetting 3
[  495.343421][   T89] pctv452e: pctv452e_power_ctrl: Warning set interface returned: -22
[  495.343421][   T89] 
[  495.355455][   T89] dvb-usb: bulk message failed: -22 (5/0)
[  495.527654][T11549] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1469'.
[  495.798509][   T89] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  495.860965][   T89] dvb-usb: Technotrend TT Connect S2-3600 error while loading driver (-19)
[  495.889633][T11552] netlink: 'syz.5.1470': attribute type 10 has an invalid length.
[  495.910735][T11552] netlink: 152 bytes leftover after parsing attributes in process `syz.5.1470'.
[  495.968619][   T89] usb 6-1: USB disconnect, device number 21
[  496.080738][T11559] I/O error, dev loop5, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2
[  496.186182][T11561] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000).
[  496.200979][T11561] qnx6: wrong signature (magic) in superblock #1.
[  496.209548][T11561] qnx6: unable to read the first superblock
[  496.243295][T11559] EXT4-fs (loop5): unable to read superblock
[  496.482761][T11561] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1472'.
[  496.740221][T11559] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1473'.
[  496.750462][T11559] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1473'.
[  496.759457][T11559] netlink: 72 bytes leftover after parsing attributes in process `syz.5.1473'.
[  497.198229][T11559] exFAT-fs (loop5): mounting with "discard" option, but the device does not support discard
[  497.208598][T11559] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  497.217749][T11559] exFAT-fs (loop5): unable to read boot sector
[  497.224346][T11559] exFAT-fs (loop5): failed to read boot sector
[  497.230870][T11559] exFAT-fs (loop5): failed to recognize exfat type
[  497.867065][T11574] netlink: 92 bytes leftover after parsing attributes in process `syz.6.1479'.
[  497.888547][T11574] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1479'.
[  497.897516][T11574] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1479'.
[  499.058571][T11585] EXT4-fs: Ignoring removed bh option
[  499.083339][T11585] I/O error, dev loop1, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2
[  499.096674][T11585] EXT4-fs (loop1): unable to read superblock
[  499.122463][   T89] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  499.546778][   T89] usb 7-1: Using ep0 maxpacket: 32
[  499.561306][   T89] usb 7-1: config 0 has an invalid interface number: 137 but max is 0
[  499.583877][   T89] usb 7-1: config 0 has no interface number 0
[  499.597998][   T89] usb 7-1: config 0 interface 137 altsetting 1 endpoint 0x8 has invalid wMaxPacketSize 0
[  499.649028][   T89] usb 7-1: config 0 interface 137 has no altsetting 0
[  499.658254][   T89] usb 7-1: New USB device found, idVendor=0c52, idProduct=2861, bcdDevice= 1.37
[  499.705226][   T89] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  499.718396][   T89] usb 7-1: Product: syz
[  499.722602][   T89] usb 7-1: Manufacturer: syz
[  499.737500][   T89] usb 7-1: SerialNumber: syz
[  499.758514][   T89] usb 7-1: config 0 descriptor??
[  499.777209][   T89] ftdi_sio 7-1:0.137: FTDI USB Serial Device converter detected
[  499.805296][   T89] usb 7-1: Detected SIO
[  499.818468][   T89] ftdi_sio ttyUSB0: Overriding wMaxPacketSize on endpoint 8
[  499.837836][   T89] usb 7-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  500.556999][T11601] netlink: 92 bytes leftover after parsing attributes in process `syz.1.1485'.
[  500.619513][T11601] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1485'.
[  500.638368][T11601] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1485'.
[  500.651405][   T89] usb 7-1: USB disconnect, device number 6
[  500.717942][   T89] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  500.729702][T11605] netlink: 212 bytes leftover after parsing attributes in process `syz.5.1486'.
[  500.751538][   T89] ftdi_sio 7-1:0.137: device disconnected
[  501.014085][T11613] rdma_rxe: rxe_newlink: failed to add ip6gretap0
[  501.426601][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  501.433272][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  501.539197][  T898] usb 2-1: new high-speed USB device number 55 using dummy_hcd
[  501.798591][  T898] usb 2-1: Using ep0 maxpacket: 32
[  502.396771][  T898] usb 2-1: config 0 has an invalid interface number: 137 but max is 0
[  502.405589][  T898] usb 2-1: config 0 has no interface number 0
[  502.413204][  T898] usb 2-1: config 0 interface 137 altsetting 1 endpoint 0x8 has invalid wMaxPacketSize 0
[  502.424022][  T898] usb 2-1: config 0 interface 137 has no altsetting 0
[  502.431285][T11622] random: crng reseeded on system resumption
[  502.470972][  T898] usb 2-1: New USB device found, idVendor=0c52, idProduct=2861, bcdDevice= 1.37
[  502.485576][  T898] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  502.502647][  T898] usb 2-1: Product: syz
[  502.506894][  T898] usb 2-1: Manufacturer: syz
[  502.513700][  T898] usb 2-1: SerialNumber: syz
[  502.648984][  T898] usb 2-1: config 0 descriptor??
[  502.668080][   T30] audit: type=1326 audit(1758395359.742:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11621 comm="syz.3.1492" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcf24d8ec29 code=0x0
[  502.691838][  T898] ftdi_sio 2-1:0.137: FTDI USB Serial Device converter detected
[  502.775247][  T898] usb 2-1: Detected SIO
[  502.780253][  T898] ftdi_sio ttyUSB0: Overriding wMaxPacketSize on endpoint 8
[  502.789819][  T898] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  503.022662][T11630] netlink: 32 bytes leftover after parsing attributes in process `syz.6.1494'.
[  503.031867][T11630] netlink: 32 bytes leftover after parsing attributes in process `syz.6.1494'.
[  504.040824][T11643] comedi comedi3: c6xdigio: I/O port conflict (0x401,3)
[  504.048210][T11643] ==================================================================
[  504.056286][T11643] BUG: KASAN: slab-use-after-free in sysfs_remove_file_ns+0x3d/0x70
[  504.064276][T11643] Read of size 8 at addr ffff8880294aa430 by task syz.6.1500/11643
[  504.072172][T11643] 
[  504.074501][T11643] CPU: 0 UID: 0 PID: 11643 Comm: syz.6.1500 Not tainted syzkaller #0 PREEMPT(full) 
[  504.074524][T11643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  504.074542][T11643] Call Trace:
[  504.074551][T11643]  <TASK>
[  504.074558][T11643]  dump_stack_lvl+0x189/0x250
[  504.074583][T11643]  ? __virt_addr_valid+0x1c8/0x5c0
[  504.074603][T11643]  ? rcu_is_watching+0x15/0xb0
[  504.074628][T11643]  ? __pfx_dump_stack_lvl+0x10/0x10
[  504.074647][T11643]  ? rcu_is_watching+0x15/0xb0
[  504.074671][T11643]  ? lock_release+0x4b/0x3e0
[  504.074692][T11643]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[  504.074713][T11643]  ? __virt_addr_valid+0x1c8/0x5c0
[  504.074731][T11643]  ? __virt_addr_valid+0x4a5/0x5c0
[  504.074750][T11643]  print_report+0xca/0x240
[  504.074767][T11643]  ? sysfs_remove_file_ns+0x3d/0x70
[  504.074783][T11643]  kasan_report+0x118/0x150
[  504.074798][T11643]  ? sysfs_remove_file_ns+0x3d/0x70
[  504.074819][T11643]  sysfs_remove_file_ns+0x3d/0x70
[  504.074837][T11643]  bus_remove_driver+0x198/0x2f0
[  504.074857][T11643]  comedi_device_detach_locked+0x178/0x750
[  504.074886][T11643]  comedi_device_attach+0x5d4/0x720
[  504.074912][T11643]  comedi_unlocked_ioctl+0x5ff/0x1020
[  504.074935][T11643]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  504.074978][T11643]  ? __fget_files+0x2a/0x420
[  504.074996][T11643]  ? __fget_files+0x3a0/0x420
[  504.075009][T11643]  ? __fget_files+0x2a/0x420
[  504.075026][T11643]  ? bpf_lsm_file_ioctl+0x9/0x20
[  504.075044][T11643]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  504.075061][T11643]  __se_sys_ioctl+0xfc/0x170
[  504.075083][T11643]  do_syscall_64+0xfa/0xfa0
[  504.075102][T11643]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  504.075118][T11643]  ? asm_sysvec_call_function_single+0x1a/0x20
[  504.075135][T11643]  ? clear_bhb_loop+0x60/0xb0
[  504.075153][T11643]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  504.075170][T11643] RIP: 0033:0x7f84b418ec29
[  504.075185][T11643] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  504.075202][T11643] RSP: 002b:00007f84b5004038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  504.075220][T11643] RAX: ffffffffffffffda RBX: 00007f84b43d6090 RCX: 00007f84b418ec29
[  504.075233][T11643] RDX: 0000200000000080 RSI: 0000000040946400 RDI: 0000000000000007
[  504.075245][T11643] RBP: 00007f84b4211e41 R08: 0000000000000000 R09: 0000000000000000
[  504.075257][T11643] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  504.075268][T11643] R13: 00007f84b43d6128 R14: 00007f84b43d6090 R15: 00007ffdb51b4788
[  504.075289][T11643]  </TASK>
[  504.075295][T11643] 
[  504.330025][T11643] Allocated by task 6225:
[  504.334358][T11643]  kasan_save_track+0x3e/0x80
[  504.339034][T11643]  __kasan_kmalloc+0x93/0xb0
[  504.343624][T11643]  __kmalloc_cache_noprof+0x3d5/0x6f0
[  504.349003][T11643]  bus_add_driver+0x162/0x640
[  504.353686][T11643]  driver_register+0x23a/0x320
[  504.358437][T11643]  c6xdigio_attach+0x94/0x890
[  504.363103][T11643]  comedi_device_attach+0x51f/0x720
[  504.368312][T11643]  comedi_unlocked_ioctl+0x5ff/0x1020
[  504.373690][T11643]  __se_sys_ioctl+0xfc/0x170
[  504.378272][T11643]  do_syscall_64+0xfa/0xfa0
[  504.382856][T11643]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  504.388820][T11643] 
[  504.391132][T11643] Freed by task 11448:
[  504.395172][T11643]  kasan_save_track+0x3e/0x80
[  504.399834][T11643]  __kasan_save_free_info+0x46/0x50
[  504.405014][T11643]  __kasan_slab_free+0x5c/0x80
[  504.409755][T11643]  kfree+0x19a/0x6d0
[  504.413635][T11643]  kobject_put+0x22b/0x480
[  504.418032][T11643]  bus_remove_driver+0x245/0x2f0
[  504.422949][T11643]  comedi_device_detach_locked+0x178/0x750
[  504.428739][T11643]  comedi_device_attach+0x5d4/0x720
[  504.433918][T11643]  comedi_unlocked_ioctl+0x5ff/0x1020
[  504.439268][T11643]  __se_sys_ioctl+0xfc/0x170
[  504.443839][T11643]  do_syscall_64+0xfa/0xfa0
[  504.448330][T11643]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  504.454201][T11643] 
[  504.456502][T11643] The buggy address belongs to the object at ffff8880294aa400
[  504.456502][T11643]  which belongs to the cache kmalloc-256 of size 256
[  504.470548][T11643] The buggy address is located 48 bytes inside of
[  504.470548][T11643]  freed 256-byte region [ffff8880294aa400, ffff8880294aa500)
[  504.484248][T11643] 
[  504.486557][T11643] The buggy address belongs to the physical page:
[  504.492965][T11643] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880294aa000 pfn:0x294aa
[  504.503036][T11643] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  504.511518][T11643] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[  504.520022][T11643] page_type: f5(slab)
[  504.523985][T11643] raw: 00fff00000000240 ffff88801ac41b40 ffffea0001e54910 ffffea000093c390
[  504.532552][T11643] raw: ffff8880294aa000 000000000010000c 00000000f5000000 0000000000000000
[  504.541118][T11643] head: 00fff00000000240 ffff88801ac41b40 ffffea0001e54910 ffffea000093c390
[  504.549773][T11643] head: ffff8880294aa000 000000000010000c 00000000f5000000 0000000000000000
[  504.558425][T11643] head: 00fff00000000001 ffffea0000a52a81 00000000ffffffff 00000000ffffffff
[  504.567074][T11643] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[  504.575722][T11643] page dumped because: kasan: bad access detected
[  504.582124][T11643] page_owner tracks the page as allocated
[  504.587827][T11643] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5874, tgid 5874 (syz-executor), ts 78580157790, free_ts 78518959132
[  504.609178][T11643]  post_alloc_hook+0x240/0x2a0
[  504.613942][T11643]  get_page_from_freelist+0x21e4/0x22c0
[  504.619486][T11643]  __alloc_frozen_pages_noprof+0x181/0x370
[  504.625275][T11643]  alloc_pages_mpol+0x232/0x4a0
[  504.630106][T11643]  allocate_slab+0x96/0x3a0
[  504.634597][T11643]  ___slab_alloc+0xe94/0x1920
[  504.639258][T11643]  __slab_alloc+0x65/0x100
[  504.643657][T11643]  __kmalloc_noprof+0x471/0x7f0
[  504.648494][T11643]  __register_sysctl_table+0xba1/0x1340
[  504.654028][T11643]  __addrconf_sysctl_register+0x328/0x4c0
[  504.659728][T11643]  addrconf_sysctl_register+0x168/0x1c0
[  504.665259][T11643]  ipv6_add_dev+0xd64/0x1380
[  504.669836][T11643]  addrconf_notify+0x794/0x1010
[  504.674667][T11643]  notifier_call_chain+0x1b6/0x3e0
[  504.679758][T11643]  register_netdevice+0x1608/0x1ae0
[  504.684939][T11643]  veth_newlink+0x5cc/0xa50
[  504.689425][T11643] page last free pid 15 tgid 15 stack trace:
[  504.695379][T11643]  __free_frozen_pages+0xbc4/0xd30
[  504.700475][T11643]  rcu_core+0xcab/0x1770
[  504.704704][T11643]  handle_softirqs+0x286/0x870
[  504.709458][T11643]  run_ksoftirqd+0x9b/0x100
[  504.713948][T11643]  smpboot_thread_fn+0x542/0xa60
[  504.718872][T11643]  kthread+0x711/0x8a0
[  504.722930][T11643]  ret_from_fork+0x4bc/0x870
[  504.727504][T11643]  ret_from_fork_asm+0x1a/0x30
[  504.732251][T11643] 
[  504.734556][T11643] Memory state around the buggy address:
[  504.740599][T11643]  ffff8880294aa300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  504.748642][T11643]  ffff8880294aa380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  504.756685][T11643] >ffff8880294aa400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  504.764722][T11643]                                      ^
[  504.770335][T11643]  ffff8880294aa480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  504.778462][T11643]  ffff8880294aa500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  504.786499][T11643] ==================================================================
[  504.795561][    C0] vkms_vblank_simulate: vblank timer overrun
[  504.932586][   T89] usb 2-1: USB disconnect, device number 55
[  505.003554][T11643] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  505.010773][T11643] CPU: 0 UID: 0 PID: 11643 Comm: syz.6.1500 Not tainted syzkaller #0 PREEMPT(full) 
[  505.020125][T11643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  505.030248][T11643] Call Trace:
[  505.033514][T11643]  <TASK>
[  505.036427][T11643]  dump_stack_lvl+0x99/0x250
[  505.041010][T11643]  ? __asan_memcpy+0x40/0x70
[  505.045610][T11643]  ? __pfx_dump_stack_lvl+0x10/0x10
[  505.050791][T11643]  ? __pfx__printk+0x10/0x10
[  505.055396][T11643]  vpanic+0x237/0x6d0
[  505.059362][T11643]  ? __pfx_vpanic+0x10/0x10
[  505.063841][T11643]  ? preempt_schedule+0xae/0xc0
[  505.068677][T11643]  ? __pfx_preempt_schedule+0x10/0x10
[  505.074029][T11643]  panic+0xb9/0xc0
[  505.077729][T11643]  ? __pfx_panic+0x10/0x10
[  505.082123][T11643]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  505.087992][T11643]  ? is_module_address+0x17/0xf0
[  505.092904][T11643]  ? sysfs_remove_file_ns+0x3d/0x70
[  505.098084][T11643]  check_panic_on_warn+0x89/0xb0
[  505.103001][T11643]  ? sysfs_remove_file_ns+0x3d/0x70
[  505.108206][T11643]  end_report+0x78/0x160
[  505.112444][T11643]  kasan_report+0x129/0x150
[  505.116968][T11643]  ? sysfs_remove_file_ns+0x3d/0x70
[  505.122213][T11643]  sysfs_remove_file_ns+0x3d/0x70
[  505.127230][T11643]  bus_remove_driver+0x198/0x2f0
[  505.132154][T11643]  comedi_device_detach_locked+0x178/0x750
[  505.137944][T11643]  comedi_device_attach+0x5d4/0x720
[  505.143125][T11643]  comedi_unlocked_ioctl+0x5ff/0x1020
[  505.148482][T11643]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  505.154279][T11643]  ? __fget_files+0x2a/0x420
[  505.158849][T11643]  ? __fget_files+0x3a0/0x420
[  505.163503][T11643]  ? __fget_files+0x2a/0x420
[  505.168071][T11643]  ? bpf_lsm_file_ioctl+0x9/0x20
[  505.172992][T11643]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  505.178779][T11643]  __se_sys_ioctl+0xfc/0x170
[  505.183356][T11643]  do_syscall_64+0xfa/0xfa0
[  505.187847][T11643]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  505.193895][T11643]  ? asm_sysvec_call_function_single+0x1a/0x20
[  505.200032][T11643]  ? clear_bhb_loop+0x60/0xb0
[  505.204693][T11643]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  505.210590][T11643] RIP: 0033:0x7f84b418ec29
[  505.214985][T11643] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  505.234591][T11643] RSP: 002b:00007f84b5004038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  505.243024][T11643] RAX: ffffffffffffffda RBX: 00007f84b43d6090 RCX: 00007f84b418ec29
[  505.251065][T11643] RDX: 0000200000000080 RSI: 0000000040946400 RDI: 0000000000000007
[  505.259034][T11643] RBP: 00007f84b4211e41 R08: 0000000000000000 R09: 0000000000000000
[  505.266985][T11643] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  505.274933][T11643] R13: 00007f84b43d6128 R14: 00007f84b43d6090 R15: 00007ffdb51b4788
[  505.282898][T11643]  </TASK>
[  505.286172][T11643] Kernel Offset: disabled
[  505.290521][T11643] Rebooting in 86400 seconds..