last executing test programs:

13.811775274s ago: executing program 4 (id=333):
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, 0x0, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x15, &(0x7f00000000c0)=0x80000000, 0x4)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', <r3=>0x0})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x3, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r3}, 0x94)
close(r1)

13.228315s ago: executing program 4 (id=334):
r0 = syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed0044, &(0x7f0000000100)={[{@noblock_validity}, {@resuid}, {@grpquota}, {@noload}, {@nobarrier}, {@lazytime}]}, 0xfe, 0x472, &(0x7f0000000940)="$eJzs3MtvG8UfAPDvOk6a9PFLfyU8GloIFETEI2nSBz1wAYHEAQQSHIo4BSetQt0GNUGiVQSBQxDigCpxRxyR+As4wQUBJySucEeVEMqlhZPR2rtp4tohDydO8ecjbTuzu+7Md2fHnp2xG0DHGkr/SCL2R8SvEdEfEcX6E4Zqf91cmi/9tTRfSqJSee3PJH1Z3FiaL2X/RHVL7avtqFSy/J4G5S6+GTFRLk9dzvKjcxffGZ29cvWp6YsT56fOT10aP3Pm5ImjPafHT7UkzjSuG4Pvzxw5/OIb114unb321o9fp/Xdnx3P42ilodrVbejRVhfWZgdWpJNiGyvChhzI+nt3tf/3R1f0LR/rjxc+amvlgG1VqVQqjT6fMwsV4D8siXbXAGiP/IM+ff7Ntx0aeuwKfzxbewBK476ZbbUjxShk53TXPd+2Um9EnF34+4t0i22ahwAAWOnbdPzzZKPxXyHuWXHe/7I1lIMR8f+IOBQRd0XEQETcHVE9996IuG+D5devkNw+/ilc31Rg65SO/57J1rZWj//y0V8c7MpyB6rxdyfnpstTx7NrMhzde9L82KqXrPbd8798Vr/v02yafWjF+C/d0vLzsWBWj+vFugm6yYm5iZYEn8b/YcRgsVH8yfI6YBIRhyNicJNlTD/+1ZFmx/49/jW0YJ2p8mXEY7X2X4i6+HNJ0/XJsadPj58a7Y3y1PHR/K643U8/L77arPwtxd8CafvvbXj/1+JPnxGT3ojZK1cvVNdrZzdexuJvH5eSJscGNnn/9ySvV9M92b73JubmLo9F9CQvpdm+VfvHb702z+fnp/EPH2vc/w/VHs+qV+L+iEhv4qMR8UBEPJi13UMR8XBEHFsj/h+ee+TtZseat/8as/ItlMY/uUb7p295aepW+2880XXh+2+alV9ZV/ufrKaGsz3ref9bbwW3cu0AAADgTlGofgc+KYwspwuFkZHad/gHYm+hPDM798S5mXcvTda+K38wugv5TFf/ivnQsWxuOM+P1+VPZPPGn3f1VfMjpZnyZLuDhw63r0n/T/3e1e7aAdvO77Wgc+n/0Ln0f+hc+j90Lv0fOlRP490f7HQ9gLbY+Od/77bUA9h5xv/QufR/6Fz6P3Skpr+NL2zpJ/93aqK4O6rRMNG3O6qRJ6KwK6rRusQrn9S6xG6pT54orvs/s9hkYk/DQ+1+ZwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGiNfwIAAP//RwfmeQ==")
r1 = socket(0x1e, 0x4, 0x0)
syz_emit_ethernet(0x56, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaae4aaad9191452a99a048d494efaaaaffffffffffff86dd60b8ff03000068dd0000000000000000000020000000325b3b7237410e1c0000000000000002047988e10000000000003116461e964f8380d23437be1692529d83e1698fd412231cba9ba45215de76da696f53b18ac721e4a7b97a948902f1158fb73e4c8f967caf275ca85de58f219cf3f03d992b3f7dcc781ca4cc27ae129e7e0bc7b90bfbac6b32ad14886c7aecffa339adf96a8699f4e842fbe3b0324a8cce927c4f1fa353045dd9a6b72cff840db20bcbedf2a40fc3361565"], 0x0)
setsockopt$TIPC_DEST_DROPPABLE(r1, 0x10f, 0x81, &(0x7f0000000480), 0x4)
r2 = syz_usb_connect$uac1(0x2, 0xa6, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000106b1d01010000000003010902940003010040000904000000010100000a2401000000020102132406000006000000281ab0ab2c90619b34000000000000000000000924030000000000000924050000f8211cfd0924030500000004000724050401"], 0x0)
syz_usb_control_io(r2, &(0x7f00000002c0)={0x2c, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="000315000000150300696a2dc185ad8755beb30bcdd896f0e1ec48d14177f7c9d3a269c833b9e4"], 0x0, 0x0, 0x0}, 0x0)
sendmsg$tipc(r1, 0x0, 0x0)
r3 = syz_open_dev$video4linux(&(0x7f0000000000), 0x17, 0x8000)
syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r1)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_INTERVAL(r3, 0xc040564b, &(0x7f00000000c0)={0x7, 0x0, 0x2011, 0x26, 0x1979, {0x386, 0x5}})
syz_mount_image$msdos(&(0x7f00000000c0), &(0x7f0000000040)='./file0\x00', 0x1aca429, &(0x7f0000000000)=ANY=[@ANYRESHEX=r0], 0xb, 0x0, &(0x7f0000000000))
socket$packet(0x11, 0x3, 0x300)
syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x40900)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000000c0)='sched_switch\x00'}, 0x18)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r7 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r7, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="0203f3021600000000000000000000000200090008000000e9000000000000000300060000000000020000000000000000000000000000000200010000000000000003fdff000020030005000000000002000000ac1414aa00000000000000000a00080008"], 0xb0}, 0x1, 0x7}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94)

11.292181238s ago: executing program 0 (id=336):
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000000)=ANY=[])
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r0 = open(&(0x7f0000000180)='./bus\x00', 0x189a7c, 0x113)
r1 = open(&(0x7f0000000040)='./bus\x00', 0x4e142, 0x0)
pwritev2(r1, &(0x7f0000000680)=[{&(0x7f0000000200)="05", 0x6a000}], 0x1, 0x6000000, 0x0, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x37fffee, 0x4002011, r0, 0x0)

10.188927778s ago: executing program 2 (id=339):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000000c0)="98a591c63a6efdecc4194d99634ff4eb90c266e83fff7dfbd3568c", 0x1b}, {&(0x7f0000000200)="da467702e2520108dcebc5560e4f93142974b51221138c2cdf5b4d5781b800c423ace69c1eba8d0c505baa2acdddff4bc6e17bd735b3576550a4b33160cad82f3df56db53fbf5fbad6125c8b79", 0x4d}], 0x2, 0x0, 0x0, 0x4000}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000040)={0x0, 0x0, 0x0, 'queue0\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f00000001c0)={0x0, 0x80, 0x0, 'queue0\x00'})
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f40600", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

9.909836971s ago: executing program 3 (id=342):
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x14, 0x16, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x10000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe}, 0x94)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x19})
r1 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000100)={0x3, 0x2, 0x1})
bind$alg(0xffffffffffffffff, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000140), 0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r2 = syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
openat(0xffffffffffffff9c, &(0x7f00000001c0)='.\x00', 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

9.772245326s ago: executing program 2 (id=343):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000800)=@delchain={0x4c, 0x65, 0x2, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0xb}, {0x0, 0x3}, {0xa, 0xb}}, [@TCA_RATE={0x6, 0x5, {0x4, 0xc}}, @TCA_CHAIN={0x8, 0xb, 0x6}, @TCA_RATE={0x6, 0x5, {0x7, 0x26}}, @filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x81}, 0xc0)
r0 = openat$sysfs(0xffffff9c, &(0x7f00000003c0)='/sys/power/pm_trace_dev_match', 0x20800, 0x2)
finit_module(r0, 0x0, 0x3)
socket(0x10, 0x803, 0x0)
fsetxattr(r0, &(0x7f0000000080)=@known='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
sendmmsg(r4, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), 0xffffffffffffffff)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r5 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r5, 0x0, 0x23, &(0x7f0000000100)={@multicast2, @loopback}, 0xc)
r6 = socket$netlink(0x10, 0x3, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, &(0x7f0000000340)=0x10001)
writev(r6, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r6, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)
setsockopt$inet_mreqsrc(r5, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc)

9.36633318s ago: executing program 4 (id=344):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x100, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff1, 0xe}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r7, {0x0, 0xe}, {0x2, 0xb}, {0xd, 0xd}}, [@qdisc_kind_options=@q_pfifo_head_drop={{0x14}, {0x8, 0x2, 0x7}}]}, 0x40}}, 0x4008000)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

9.36471135s ago: executing program 3 (id=345):
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_procfs(0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x15)
writev(r3, &(0x7f0000000280)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025", 0x1d}, {&(0x7f0000000580)="fa21bd2b5c40cc420740358ffc7f9f4b6e68fc8d1aa2597e7b484f", 0x1b}], 0x2)
syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0xffffffffffffff2b)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
bind$rxrpc(0xffffffffffffffff, &(0x7f0000000000)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e20, 0x3, @empty, 0xd}}, 0x24)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f00000000c0)="ff07000000000000ab5becdc7da9", 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

8.555098426s ago: executing program 4 (id=346):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet6(0x10, 0x80000, 0x3)
r2 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_G_SELECTION(r2, 0xc040565e, &(0x7f00000000c0)={0x5, 0x0, 0x0, {0xffff, 0x3, 0xb0c, 0x8}})
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[], 0x50)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r3, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={<r4=>0x0, 0x20, &(0x7f0000000040)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in={0x2, 0x4e24, @remote}]}, &(0x7f0000000080)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f00000000c0)={r4, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0xce024d}, 0x9c)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0xe, &(0x7f0000000900)=ANY=[@ANYBLOB="b7020000f7ffffffbfa70000000000002402000020fe29817a0af0fff8ffffff69a4f0ff00000000b70600000018d1fe2d6405000000000075040000000000400704000000000000b7040000100000206a0700fe000000008500000005000000b70000000a00000095000000000000000000c2c62f6004ad13aa957e2af5e49a53c2868f0399d909a63796c113a80c19aab9d607000000b6c9483be3f0d3253730e714c46cc4f79fd2b316da4f0de8163f6242fa7323f1740637c48468766af540439fce41f144631ac262dcae18c3d1a1fbe96dc86035b44174f7c0620254ab6d285e6b343185089a0f119e31975e551558050800000000000000125d67857f290870093f38153608561a2128a79cce912d1f05de330800a9f5422bee8ca49166f6a587f2f593775afcd071efc5a972f757521b7b38ec273c2ad3e406f8c124f7dc1c4553229a69df4b2780e6da4420d71489fe383e0b5ce08b750502f2b8add8d2dddde19ac050537e973782b4053150580035fb2c579e1b2100000033d1ee8cab6d236f05b1f7b9f78fd5abfe033eb79f7a0b498366f5edfe311258016fbf47d9c85bf5325bf61419372be377022433e20900a262b20bb8b36de7b0e6c5ebfc5baec1ebe58d4af587d33e2935ad68da6e0fea5c21301f5d002b51a5b60fc741cb2c5d4cd5e896774f9293a6435558795043404ac6eafc8310fbcacca7f971b260fd06d4590ded8429fcd1c9a8dbbdedb32675388df363c0bc536e00448208b72405ebf27ddb402e5a2d675aaad92e183cef1eadc1661140fb567b55c72907a1aca75277a5f0022b1e957ba737f10f1161c5ae6e2cc64072ff3b4e76084922242e63d4b7806e30f786cff147e4bc819060678319a0e5534f5a0db52526c30000000000000000000000a63705b1a60525620acca06d57c055059df7651768310c9085c5f86be6ab819506961ad51f18b35fdc3fd4d0a0dbbdcd494ef168931f27748787bee95d739fef7ee67dd21c34647de82707e41d7db6d981a4fcf0bbd3d38ebb7a2489e28c6b28c0f70092ffb016b7766399555f3e6b538c2c862d17e53eaeb2036f9f0ab6e95e71bda4b5bbf53344264ad93bac1207b31d6e9c78181c7fe204c0b7582d1c762857f2a2e0c60f4a4855591a4f70f94df9629e470701103c40c8f6d3a3068091d62b58999e0a046f9509cb8ddc2a9ad4e0f1f85e5f076218b4b931acdff0c34fc5bdbad17ec481f1c9b17727c14e053e315d0d8d03c24ddaba65c5ce5b1aa04d1f767e25662b155d49460ec720d54044ac2856c11407835f341e2614bcae270000000001000000df7f736aab5d713240b2f40ec7be8251eba969686b2670ddc1a84df6ab12ab3e0cf8747837062233935704ebbd943ef0c5fef29513c7c1d6d2611796dccb45bdfd9e6533ad3574be5b9ea70e0c3b41a32067c03f5f8ed147cd0655c90d656f66eaed18a3c284c4f19417b5d91431759356db5d45ea40c9866957105b6252b0c028c672049ce163126f143f5758faf2a43f4c4f45a69b4e9113f85ae531085c11c75edbdee5af454757cdaff396c15ab9b210c202ffaea96d1bac60c6d6c56a4babc659858789bd479334e13e1c7876f95429431e61400815788c1397b260600d78e7513c58d9ac9474d392cc06f789753e1e7ebf5f1b55e2a64b9150c6580bf48e7bff763034801cccf403108d127b959ffc425a563ea2b90fbe779fd7d2ebfe94"], &(0x7f0000000280)='GPL\x00'}, 0x48)
r5 = socket$kcm(0x11, 0x2, 0x300)
r6 = socket$kcm(0x2, 0x1000000000000002, 0x0)
sendmsg$inet(r6, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0xf}, @multicast2}}}], 0x20}, 0x1)
unshare(0x42000000)
setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x53aad4dcc29324f7, &(0x7f0000000200)=0x20, 0x4)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
socket$isdn(0x22, 0x3, 0x4)
ioctl$CEC_ADAP_G_LOG_ADDRS(0xffffffffffffffff, 0x805c6103, &(0x7f0000000780))
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001300)=@newqdisc={0x434, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0x10}, {0xffff, 0xffff}, {0xffe0, 0xf}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x408, 0x2, [@TCA_TBF_PTAB={0x404, 0x3, [0xfb, 0x2, 0x101, 0x5, 0x2, 0xa28, 0x4, 0x9, 0xf, 0xffff6d77, 0xe4, 0x280, 0x107, 0x8001, 0x2, 0x0, 0x7, 0xff, 0x4, 0x401, 0x9, 0x5, 0x3, 0x1, 0xfffffff5, 0x5, 0xb8, 0x7, 0x5, 0x1, 0x157, 0x26553de0, 0x4, 0x7810, 0x80, 0x4, 0x1, 0x5, 0x1, 0x4, 0xf, 0x1000, 0x9, 0x6, 0xfff, 0x42, 0x44, 0x9, 0x6, 0x1, 0x7f, 0x9, 0x9, 0x6, 0x40, 0xffff, 0x0, 0x3, 0x9, 0x3, 0x7, 0xd61a, 0x1, 0x4, 0x8000, 0x5400000, 0x8000, 0x6, 0x400, 0x8000, 0x401, 0x4, 0xffffffff, 0x5, 0x8000, 0x1000, 0xb5, 0x6, 0x7, 0x0, 0x800, 0x1, 0x7fff, 0x401, 0x0, 0x2, 0x6e9, 0x8, 0x6, 0x5, 0xfffffffa, 0xffffff83, 0x7f, 0x9, 0x5feecc8, 0xb, 0x1a48dadd, 0xa3b, 0xfffffffa, 0x4, 0xffff, 0xc5, 0xbfa, 0x80000001, 0x8, 0x6, 0xacc, 0x7, 0x9, 0x1, 0x8001, 0x9, 0xcd4d, 0x5, 0x0, 0x7ff, 0x5, 0x5fd, 0x8, 0x8001, 0x9, 0xfffffff7, 0x76, 0x400, 0x4, 0x5, 0x9, 0x6, 0x17, 0x6, 0x2, 0x4, 0x400000, 0x10001, 0xd17, 0x1, 0x89, 0x4, 0x4, 0x8, 0x8, 0x10000, 0x9, 0x1, 0xce3, 0x4, 0x9, 0x96, 0x4, 0x6, 0x9, 0x8001, 0xc, 0x3, 0x2, 0x8969, 0x100, 0x100, 0x101, 0x7, 0x10000, 0x0, 0xc, 0x9, 0xfffffff1, 0x1, 0x1, 0x6, 0x7, 0x34a00, 0x45, 0x800800, 0x2, 0x2, 0x7, 0x3800, 0x8, 0x6, 0x4, 0xfffffffb, 0x4, 0xb, 0xc, 0x5, 0x2, 0x4, 0x2000000, 0x2, 0x2, 0x5, 0x5, 0xfffffff8, 0xda, 0x9, 0x8, 0x2, 0x1, 0x4, 0x8, 0x7, 0x36a3, 0x2, 0x5, 0xa1, 0x94, 0x4a9b, 0x9, 0x5, 0x0, 0x3, 0x3, 0x4, 0xe, 0xd, 0xfffffff2, 0x10001, 0x8, 0x0, 0x200, 0x7d, 0x2, 0x4, 0x1, 0x7fff, 0x3, 0x6, 0x3ff, 0x10000, 0x10, 0x0, 0x6, 0x8, 0x6, 0x8, 0x8, 0xf, 0x81, 0x4, 0x400, 0x3, 0xc, 0x8, 0x3, 0x6, 0x2c, 0x8, 0x25, 0x0, 0xb9, 0x3, 0x330c, 0xfffffffe, 0xc, 0x3a8b, 0x9, 0x1]}]}}]}, 0x434}}, 0x0)
syz_emit_ethernet(0x31a, &(0x7f00000003c0)={@multicast, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d9a", 0x2e4, 0x3a, 0xff, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, '\x00'/12}, {0x18, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0xe, "06aa85616177c41bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e2718"}, {0x2, 0xb, "17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4610001394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f003"}, {0x21, 0x7, "000000000000000200000000000000000000000000008879e66485201a0015ca837400000000000000000000001c0000000000000000"}, {0x0, 0x14, "5e14f0e7e72d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fa632dbf04542188b196e213408c"}, {0x3}]}}}}}}, 0x0)

8.298206661s ago: executing program 0 (id=348):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000027c0)={0x11, 0x4, &(0x7f0000000a40)=ANY=[@ANYBLOB="1801000000050000000000000000ea0485000000d000000095"], &(0x7f0000000a00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0, r0}, 0x18)
r1 = getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setlease(0xffffffffffffffff, 0x400, 0x0)
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
r4 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=<r5=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r5, 0x0, &(0x7f00000002c0)=@IORING_OP_STATX={0x15, 0x54, 0x0, 0xffffffffffffffff, &(0x7f0000000480), &(0x7f0000000300)='./file0\x00', 0x400, 0x400, 0x1})
io_uring_enter(r4, 0x627, 0x4c1, 0x43, 0x0, 0x0)

7.764526558s ago: executing program 1 (id=349):
r0 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r0, 0x0, 0x27, 0x0, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2, 0x0, @private, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x2, 0x7f000001}}}}}, 0x0)

7.712223938s ago: executing program 4 (id=350):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f)
r0 = open(&(0x7f0000000180)='./bus\x00', 0x189a7c, 0x113)
r1 = open(&(0x7f0000000040)='./bus\x00', 0x4e142, 0x0)
pwritev2(r1, &(0x7f0000000680)=[{&(0x7f0000000200)="05", 0x6a000}], 0x1, 0x6000000, 0x0, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x37fffee, 0x4002011, r0, 0x0)

7.65382229s ago: executing program 1 (id=351):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff85000000040000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f0000000140)=0x7, 0x4)
socket(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000700)={0x0, 0x1e5, &(0x7f00000006c0)={&(0x7f0000000440)=@deltaction={0x28, 0x31, 0x101, 0x0, 0x0, {}, [@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}]}]}, 0x28}}, 0x0)

7.338863675s ago: executing program 2 (id=352):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x77, 0x4)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0)

6.021296473s ago: executing program 1 (id=353):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x8031, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x19})
r1 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0)
syz_genetlink_get_family_id$netlbl_unlabel(0x0, 0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='.\x00', 0x0, 0x0)
renameat(r3, 0x0, r3, &(0x7f0000000500)='./cgroup.net/cgroup.procs\x00')
ioctl$KVM_S390_VCPU_FAULT(r3, 0x4004ae52, &(0x7f0000000080)=0xfffffffffffffffb)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000010000/0x1000)=nil, 0x1000}, 0x5})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
close(r0)

5.963109006s ago: executing program 0 (id=354):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWCHAIN={0x3c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_TYPE={0x8, 0x7, 'nat\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_HOOK_PRIORITY={0x8}]}]}], {0x14}}, 0x64}}, 0x0)

5.79379341s ago: executing program 2 (id=355):
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x880, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000200)={0x1, 0x0, [{0x400000f3, 0x0, 0x9}]})
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x2, &(0x7f0000001c40)=ANY=[@ANYBLOB="85000000a800000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x13}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0x66)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0c000000040000000400000009"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000024c0), &(0x7f0000001280), 0xffffffff, r7}, 0x38)

5.04444879s ago: executing program 0 (id=356):
setsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000900)={0x0, 0x0, 0x8, 0x207, 0x1ffd, 0x2}, 0x14)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000000c0)="98a591c63a6efdecc4194d99634ff4eb90c266e83fff7dfbd3568c", 0x1b}, {&(0x7f0000000200)="da467702e2520108dcebc5560e4f93142974b51221138c2cdf5b4d5781b800c423ace69c1eba8d0c505baa2acdddff4bc6e17bd735b3576550a4b33160cad82f3df56db53fbf5fbad6125c8b7932af43ba88cd499a6c421696d57ff38d5231dc712a114aaeae76812b1375a1b59f2b669bcf1f5a39f4241eef5d48ba4a16fb354031b55dd47512d0b1c6d02dce620d1cd5bad3ff8d69fe0a9e", 0x99}], 0x2, 0x0, 0x0, 0x4000}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000004c0), 0x48100)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000040)={0x0, 0x0, 0x0, 'queue0\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r2, 0xc08c5335, &(0x7f00000001c0)={0x0, 0x80, 0x0, 'queue0\x00'})
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

4.992061111s ago: executing program 3 (id=357):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000800)=@delchain={0x4c, 0x65, 0x2, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0xb}, {0x0, 0x3}, {0xa, 0xb}}, [@TCA_RATE={0x6, 0x5, {0x4, 0xc}}, @TCA_CHAIN={0x8, 0xb, 0x6}, @TCA_RATE={0x6, 0x5, {0x7, 0x26}}, @filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x81}, 0xc0)
r0 = openat$sysfs(0xffffff9c, &(0x7f00000003c0)='/sys/power/pm_trace_dev_match', 0x20800, 0x2)
finit_module(r0, 0x0, 0x3)
socket(0x10, 0x803, 0x0)
fsetxattr(r0, &(0x7f0000000080)=@known='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, 0x0, 0x0, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
sendmmsg(r4, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), 0xffffffffffffffff)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r5 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r5, 0x0, 0x23, &(0x7f0000000100)={@multicast2, @loopback}, 0xc)
r6 = socket$netlink(0x10, 0x3, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, &(0x7f0000000340)=0x10001)
writev(r6, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r6, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)

4.929951049s ago: executing program 0 (id=358):
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x44, 0x30, 0x2, 0x0, 0x0, {}, [{0x30, 0x1, [@m_ct={0x2c, 0x800, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
r3 = socket$packet(0x11, 0x2, 0x300)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="30000000100001000000ce6bb9092919507f3400", @ANYRES32=0x0, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
recvmmsg(r3, &(0x7f0000000480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=""/11, 0x17}}], 0x400000000000179, 0x0, 0x0)

2.85631546s ago: executing program 3 (id=359):
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x15)
writev(r3, &(0x7f0000000280)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025", 0x1d}, {&(0x7f0000000580)="fa21bd2b5c40cc420740358ffc7f9f4b6e68fc8d1aa2597e7b484f301f11e35f22", 0x21}], 0x2)
r4 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x54, 0x12, 0x301, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x7ffd}, 0xf0ffffff}, [@INET_DIAG_REQ_BYTECODE={0x8, 0x3, "11000000"}]}, 0x54}}, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
bind$rxrpc(0xffffffffffffffff, &(0x7f0000000000)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e20, 0x3, @empty, 0xd}}, 0x24)
write$6lowpan_enable(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f00000000c0)="ff07000000000000ab5becdc7da9", 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

2.763074007s ago: executing program 1 (id=360):
setfsgid(0xee00)
r0 = syz_clone(0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r1)
munmap(&(0x7f0000901000/0x3000)=nil, 0x3000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ftruncate(0xffffffffffffffff, 0x10001)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x800000, 0x0)
r5 = syz_open_procfs(r0, 0x0)
pread64(r5, &(0x7f0000000280)=""/3, 0x3, 0xfffffffa)

2.761901902s ago: executing program 4 (id=361):
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000000)=ANY=[])
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r0 = open(&(0x7f0000000180)='./bus\x00', 0x189a7c, 0x113)
r1 = open(&(0x7f0000000040)='./bus\x00', 0x4e142, 0x0)
pwritev2(r1, &(0x7f0000000680)=[{&(0x7f0000000200)="05", 0x6a000}], 0x1, 0x6000000, 0x0, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x37fffee, 0x4002011, r0, 0x0)

2.717509669s ago: executing program 0 (id=362):
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
socket$igmp(0x2, 0x3, 0x2)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
add_key$user(&(0x7f00000002c0), &(0x7f0000000180)={'syz', 0x2}, &(0x7f0000000280)="85952b177328da2f8757", 0xa, 0xfffffffffffffffd)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
ioctl$RFKILL_IOCTL_NOINPUT(0xffffffffffffffff, 0x5218)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x262)
sendto$inet(r1, 0x0, 0x0, 0x400c806, &(0x7f0000000180)={0x2, 0x4e21, @multicast2}, 0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in6={{0xa, 0x4e21, 0x1f0268bc, @empty, 0x6}}, 0x0, 0x0, 0x3fc, 0x1, 0x12, 0x4}, 0x9c)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x100, 0x300, 0x0, 0x0, 0x54}, 0x9c)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)

1.852994434s ago: executing program 2 (id=363):
r0 = syz_io_uring_setup(0x112, &(0x7f0000000140)={0x0, 0x6c2c, 0x80, 0x4000001}, &(0x7f0000000240)=<r1=>0x0, &(0x7f00000004c0)=<r2=>0x0)
r3 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r3, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0xc)
setsockopt$inet_msfilter(r3, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e0000002ac1414aa"], 0x14)
syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2, 0x0, @private, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x2, 0x7f000001}}}}}, 0x0)
syz_mount_image$jfs(&(0x7f0000000000), &(0x7f0000005d40)='./file0\x00', 0x4000, &(0x7f0000001e40)=ANY=[@ANYRES8=0x0], 0xfb, 0x5e54, &(0x7f0000005d80)="$eJzs3U9vHGcdB/Df/vH6T2kbVagKEQc3hdJSmv8JlH9NOXCAA0ioZxK5bhVIASUB0SoirnJAXICXAJdeOPQt8AL6GhAvgEg2px4og8Z+nmQ8XmcdEu/s+vl8JGfmN8+O95l8PZ5dz8w+AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADED77/k7O9iLjym7TgWMTnYhDRj1iu69WoZy7nxw8j4nhsN8fzETFYjKjX3/7n2YgLEfHJMxGbW7fX6sXnDtiPi2du3fjsh9/7x+//dPf4z97+6Uft9h9//vzHf7gTcexHr3/82Z0ns+0AAABQiqqqql56m38ivb/vd90pAGAq8vG/SvJytVqtVj/R+o/92eqPutC6qRrvTrOIiI3mOvVrBqfjAWDObMSnXXeBDsm/aMOIeKrrTgAzrdd1BzgUm1u313op317zeLC6057/Trkr/43e/fs79ptO0r7GZFo/X3djEM/t05/lKfVhluT8++38r+y0j9LjDjv/adkv/9HOrU/FyfkP2vm37Mr/zxExt/n3x+Zfqpz/8FHy3xjM8f4vfwAAAAAAjr789/9jHZ//XXz8TTmQh53/XZ1SHwAAAAAAAADgSXvc8f/uM/4fAAAAzKz6vXrtL888WLbfZ7HVy9/qRTzdejxQmNXGhwMCAAAAAAAAAAAAANMxjFhJ1/UvRMTTKytVVdVfTe36UT3u+vOu9O2HknX9Sx4AAHZ88kzrXv5exFJEvJU+629hZWWlqpaWV6qVankxv54dLS5Vy433tXlaL1scHeAF8XBU1d9sqbFe06T3y5Pa29+vfq5RNThAx6ajw8ABICJ2jkabjkhHTFU9G12/ymE+2P+PHvs/B9H1zykAAABw+Kqqqnrp47xPpHP+/a47BQBMRT7+t88LqNVqtVqtPnp1UzXenWYRERvNderXDIbjB4A5sxGfdt0FOiT/og0j4njXnQBmWq/rDnAoNrdur/VSvr3m8WB1pz1fC7Ir/43e9np5/XHTSdrXmEzr5+tuDOK5ffrz/JT6MEty/v12/ld22vMQ/4ed/7Tsl3+9ncc66E/Xcv6Ddv4tRyf//tj8S5XzHz5S/gP5AwAAAADADMt//z/m/G/eZAAAAAAAAACYO5tbt9fyfa/5/P8Xxzyu15xz/+eRkfPvHTh/9/8eJTn/fjv/1gU5g8b8vTcf5P/vrdtrH9361xfydObzXxiM6ude6PUHw3TNT7XwTlyL67EeZ/Y8frir/eye9oVd7ecmtJ/f0z6q25dz+6lYi1/G9Xj7fvvihAujlia0VxPac/4D+3+Rcv7Dxled/0pq77WmtXsf9vfs983puOe5/Lf/vLR375q+uzG4v21N9fad7KA/2/8nT43i1zfXb5z67dVbt26cjTTZtfRcpMkTlvNfSF85/5df3GnPv/eb++u9D0ePnP+suBvDffN/sTFfb+8rU+5bF3L+o/SV889HoPH7/zznv//+/2oH/QEAAAAAAAAAAAAAAICHqapq+xbRyxFxKd3/09W9mQDAdOXjf5Xk5Wq1Wq1Wq49e3VSN90aziIi/N9epXzP8btw3AwBm2X8j4p9dd4LOyL9g+fP+6umXuu4MMFU33//g51evX1+/cbPrngAAAAAAAAAA/688/udqY/zn7euAWuNG7xr/9c1YndvxP/ujwfZY52mDXoiHj/99Mh4+/vdwwvMtTGgfTWhfnNC+NKF97I0eDTn/F1LGOf8TacNKGv/15Q7607Wc/8k01nPO/yutxzXzr/46z/n3d+V/+tZ7vzp98/0PXrv23tV3199d/8XZM5cunL944fzFi6ffuXZ9/czOvx32+HDl/PPY164DLUvOP2cu/7Lk/L+cavmXJef/UqrlX5acf369J/+y5Pzzex/5lyXn/0qq5V+WnP9XUy3/suT8X021/MuS8/9aquVflpz/a6mWf1ly/qdSLf+y5PxPp1r+Zcn55zNc8i9Lzj9f2SD/suT8z6Va/mXJ+Z9PtfzLkvO/kGr5lyXnfzHV8i9Lzv9SquVflpz/11Mt/7Lk/L+RavmXJef/eqrlX5ac/zdTLf+y5Py/lWr5lyXn/+1Uy78sOf/vpFr+Zcn5fzfV8i9Lzv+NVMu/LA8+/9+MGTNm8kzXv5kAAAAAAAAAAAAAgLZpXE7c9TYCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPA/duBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrADBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFvXuLkfOszwD+7dFrJxCXhBCCIbZzwJBNdtenxAQnDhCahh7SQGhpQx1jrx2DT/Wuc1LULE3aBhGpkdqL9KIUEEVIbZWoQiqVUhSpSO1duSrKDWolLnyRVCaCSlQkW30z7/vuzOzszPow9sz3/n6R/ffOfDPzzjffzO6z0TMDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANNr08dk/GyqKovxT+2t9UVxe/nttsaf8cmHnpV4hAAAAcL7eqv3991ekE/as4kIN2/zbB/7ju4uLi4vFF948/fZfLC6mMzYWxciaoqidF/37L36+2LhN8EwxMTTc8PVwl5sf6XL+aJfzx7qcP97l/DVdzp/ocv6yHbDM2vrvY2pXdkPtn+vru7S4qhirnXdDm0s9M7RmeDj+LqdmqHaZxbGDxeHiSDFbTC+7zFDtv6J4ZVN5W/cW8baGG25rQ1EUZ3761P64hqGwj28omm6spvGxe+PuYuObP31q/7fnX39vu9l1NyxbaVFs2Vyu89miWPp1VTFUrEn7JK5zuGGdG9qsc6RpnUO1y5X/bl3nmVWuM97vibDOH3ZY54Zw2uPXF0WxUKy4TatniuFiXcutpv09UT8iyusoH8p3FaNndZxsWsVxUl7mJ9c3Hyetx2Tc/5vCPhldYQ2ND8cbXx5ftt/P9Tgp73U/HKvldd9f3ujEROOvVpuO1XKbp25c+Rho+9i1OQbSsdxwDGzudgwMj4/UjoHhpTVvbjoGZpZdZrgYqt3W6Rs7HwNT80dPTM098eQth4/uOzR7aPbYzPTO7dt2bN+2Y8fUwcNHZqfrf5/dLh0g64rhdAxuDq818Rj8YMu2jYfk4jcu3PNgok+eB+V9/8xN5YIuHy5WOMbLbZ7dcv7Pg/R9v+F5MNrwPGj7mtrmeTC6iudBuc2ZLav7njna8KfdGnr1Wri+4Ri4lN8Py9t86EMrvxZuCOt67sNn+/1wZNkxEO/WUHjulaekn/cmbg/7ZflxcW15xmXjxam52ZO3Pr5vfv7kTBHGRXFlw2PVerysa7hPxbLjZfisj5c9f/fLm65tc/r6sK8mbu78WJXbbJ/s/FjVXt3b78+mU7cWYVxgF3t/tvtuVu7PlCU67M9ym2dvOf+fBVMuaXj9G+v2+jcyNlp//RtJe2Os6fVv+UMzUltZUZy5ZXWvf2Phz8V+/buqT17/yn310K2dj4Fym+emzvYYGO34+nd9mENhPR8KiWGiIfe/XTt/oX6YNjyWXY+b0dGxcNyMxltsPm62LbtMeW3lbW+ZPrfjZsv1zY9V088tFTxuyn31l9Odj5tym1dnzv+1Y238Z8Nrx3i3Y2BsZLxc71g6COqvd4tr4zFwa7G/OF4cKQ6ky5SPcnlbk1tXdwyMhz8X+7Xjmj45Bsp99eLWzsdAuc0Ptl3Yn522hFPSNg0/O7X+fmGlzH/t6NL1te62C535y3V+Ynvn3w2V27y+/WxzRuf9dHM45bI2+6n1+bPSMX2guDj76ZqwziM7Ov9uqtzmqp2rPJ72FEXx2sxrtd93hd/v/uOp//xu0+992/1O+bWZ1+6beuBHZ7N+AADO3du1vxfG6z9rNvwf69X8/38AAABgIMTcPxxmIv8DAABAZcTcPxJmIv8DAABAZcTcPxpmkkn+f+T2XS+99XSR3g1wMYjnx91w/5317WLHeyF8vXFxSXn6x7419tJXnl7dbQ8XRfHL+97XdvtH7ozrqjsR1/mR5tOXuea6Vd3+ww8ubdf4/glndtWvP96f1R4Gsav8ytTW2vVufGKmNl+9r6jNBxaee6Z+/fWv4/ant9W3/+vwpiV7Dg41XX5LWM8NYW4M7ylz/56l/VDOeLmXNnzgX6/87NLtxcsNbX5n7W6++Ef1643vEfXClfXt4/1eaf3/8tXvvFRu//iN7df/9HD79Z8O1/uTMH+xu7594z7/SsP6/ySsP95evNyt3/x+2/W//J769i+H4+LrYbau/+4/f/9b7R6veDt77qhfLt7+9P9ur10uXl+8/tb1Tzw907Q/Wq//1Tfr17P70Z+NNG4fT4+3Ez18R/PxPRQe36YeeVEU3/nTomk/Fx+tX+6fW9Yfr+/EHe3Xf3PLOk8MXVe7/NL9Wd90v772t1vb3t+4nj3/sL7p/rxwT9h/b079oLze0w+E4zGc/38/rF9f63uZvnxP8+tN3P7r6+vP23h9Uy3rf6Fl/QvXlfuu+/rvfbO+/pfvWtO0/j2fDMfTvfXZbf2H/uaKpst/49v1x+PkY5PHjs+dOnygYa82Po/XTKxdd9nl73jnFeG1tPXrvcfnH5k9uXF643RRbBzAtwzs9fq/Geb/1MfChb+Fuh/9rH7cPf+p+vetD/68/vUL4fSHw+MZvz9+7a/Gmo7X1sd94a76PN/1fzisY7Xe89X/vm5VG57+/Cun/umPX2/9uSDenxPvnqjdvxc3XV07b+jV+vmtr1fd/Ne7m5/XPx6drs3vhf26GN6ZefPV9dtrvf743iTPf7r+/I0/ycXLFy3vJ7J+pPl+nO/6fxx+jvn+Nc2vf/H4+N7TLe/mvL4YKpewEF4fioX6+XGruL+fP3N129uL78NTLLz3bJa5orkn5qaOHD526vGp+dm5+am5J57ce/T4qWPze2vvXbr3i90uv/T8Xld7fh+Y3bm9qD3bj9dHj13q9Z94cP+B26ZvOjB7cN+pg/MPnpg9eWj/3Nz+2QNzN+07eHD2sW6XP3xg98zWXdtu2zp56PCB3bfv2rVt1+ThY8fLZdQX1cXO6S9NHju5t3aRud3bd83s2LF9evLo8QOzu2+bnp481e3yte9Nk+WlH508OXtk3/zho7OTc4efnN09s2vnzq1d3/3x6ImDcxunTp46NnVqbvbkVP2+bJyvnVx+7+t2efIwdzy83rUYCj+df+7mnen9cUvf+vKKV1XfpPnH0+KN8F5Q8ftbt69j7h8LM8kk/wMAAEAOYu4Pb/y/dIb8DwAAAJURc/+aMBP5HwAAACoj5v6JMJNM8r/+v/6//r/+v/6//n8v6f/r/3ei/6//P8jr1//X/6e7fuv/x9y/tiiyzP8AAACQg5j714WZyP8AAABQGTH3XxZmIv8DAABAZcTcf3mYSR75f6z1n/r/+v/6/439/7it/n+h/6//f470//X/O9H/1/8f5PX3Yf9/be/7/0vHtP4/q7Gq/v/40um97v/H3P+OMJM88j8AAABkIeb+d4aZyP8AAABQGTH3XxFmIv8DAABAZcTcvz7MJJP87/P/9f/1/33+v/6//n8v6f/r/3ei/6//P8jr78P+v8//p+/02+f/x9z/K2EmmeR/AAAAyEHM/e8KM5H/AQAAoDJi7r8yzET+BwAAgMqIuf+qMJNM8r/+v/6//r/+v/6//n8v6f/r/3ei/6//P8jr1//X/6e7fuv/x9z/7jCTTPI/AAAA5CDm/qvDTOR/AAAAqIyY+98TZiL/AwAAQGXE3H9NmEkm+V//X/9f/1//X/9f/7+X9P/1/zvR/9f/H+T16//r/9Ndv/X/Y+5/b5hJJvkfAAAAchBz/7VhJvI/AAAAVEbM/e8LM5H/AQAAoDJi7t8QZpJJ/tf/1//X/9f/1//X/++lwer/D694jv5/nf5/M/1//X/9f/1/Ouu3/n/M/e8PM8kk/wMAAEAOYu7/QJiJ/A8AAACVEXP/dWEm8j8AAABURsz9G8NMMsn/+v/6//r/+v/6//r/vTRY/f+V6f/X6f830//X/9f/1/+ns37r/8fcvynMJJP8DwAAADmIuX9zmIn8DwAAAJURc//1YSbyPwAAAFRGzP03hJlkkv/1//X/9f/1//X/9f97Sf9f/78T/X/9/0Fev/7/6vr/492uiErrt/5/zP03hplkkv8BAAAgBzH33xRmIv8DAABAZcTc/8EwE/kfAAAAKiPm/i1hJpnkf/1//X/9f/1//X/9/17S/9f/70T/X/9/kNev/+/z/+mu3/r/Mfd/KMwkk/wPAAAAOYi5/8NhJvI/AAAAVEbM/TeHmcj/AAAAUBkx90+GmWSS//X/9f/1//X/9f/1/3upqv3/9Dqq/6//r/+v/6//r//Pivqt/x9z/y1hJpnkfwAAAMhBzP23hpnI/wAAAFAZMfdPhZnI/wAAAFAZMfdPh5lkkv/1//X/9f/1//X/9f97qar9f5//r/9f6P/r/+v/6//TVb/1/2PunwkzyST/AwAAQA5i7t8aZiL/AwAAQGXE3L8tzET+BwAAgMqIuX97mEkm+V///xz7/2uav9T/b79+/X/9f/1//X/9f/3/TvT/9f8Hef36//r/NBtuc1q/9f9j7t8RZpJJ/gcAAIAcxNy/M8xE/gcAAIDKiLn/tjAT+R8AAAAqI+b+28NMMsn/+v8+/1//X/9f/39Q+//jxSDQ/9f/70T/X/9/kNev/6//T3f91v+PuX9XmEkm+R8AAAByEHP/R8JM5H8AAACojJj77wgzkf8BAABgoLT7HMIo5v6Phplkkv/1/6ve/19co/+v/6//33n9g9v/Hwz6//r/nej/6/8P8vr1//X/6a7f+v8x9+8OM8kk/wMAAEAOYu6/M8xE/gcAAIDKiLn/rjAT+R8AAAAqI+b+PWEmmeR//f+q9/99/r/+/+D0/8fi46r/r/9/FvT/9f8L/f9zdq79+fBji/5/H/X/y2NI/59+1G/9/5j77w4zyST/AwAAQA5i7v9YmIn8DwAAAJURc//Hw0zkfwAAAKiMmPs/EWaSSf7X/9f/1//X/++X/n+k/6//fzb0//X/C/3/c3ap+/ODvv5+6v/7/H/6Vb/1/2PuvyfMJJP8DwAAADmIuf+TYSbyPwAAAFRGzP2/GmYi/wMAAEBlxNx/b5hJJvlf/1//X/9f/1//X/+/l/T/9f870f/X/x/k9ev/6//TXb/1/2Pu/7Uwk0zyPwAAAOQg5v77wkzkfwAAAKiMmPs/FWYi/wMAAEBlxNz/62EmmeR//f+L0/8fTtev/6//r/+v/6//fyHp/+v/F/r/5+xS9+cHff36//r/dNdv/f+Y+38jzCST/A8AAAA5iLn/N8NM5H8AAACojJj7fyvMRP4HAACAyoi5//4wk0zyv/6/z//X/9f/1//X/+8l/X/9/070//X/B3n9+v/6/3TXb/3/mPt/O8wkk/wPAAAAOYi5/4EwE/kfAAAAKiPm/k+Hmcj/AAAAUBkx938mzCST/K//r/+v/6//r/+v/99L+v/6/53o/+v/D/L69f/1/+mu3/r/Mfc/GGaSSf4HAACAHMTc/9kwE/kfAAAAKiPm/t8JM5H/AQAAoDJi7v/dMJNM8r/+v/6//r/+v/6//n8v6f8v7/+Xr2GXsv8/vpoN9f9XRf9f/1//X/+fzvqt/x9z/+fCTDLJ/wAAAJCDmPt/L8xE/gcAAIDKiLn/98NM5H8AAACojJj7HwozyST/6//r/+v/6//r/+v/95L+v8//70T/X/9/kNev/6//T3f91v+Puf/zYSaZ5H8AAADIQcz9fxBmIv8DAABAZcTcvzfMRP4HAACAyoi5/+Ewk0zyv/6//r/+v/6//r/+fy/p/+v/d6L/r/8/yOvX/9f/p7t+6//H3L8vzCST/A8AAAA5iLn/C2Em8j8AAABURsz9+8NM5H8AAACojJj7D4SZZJL/9f/1//X/9f/1//X/e0n/X/+/E/1//f9BXr/+v/4/3fVb/z/m/tkwk0zyPwAAAOQg5v6DYSbyPwAAAFRGzP2HwkzkfwAAAKiMmPsfCTPJJP/r/+v/6//r/+v/6//3kv6//n8n+v/6/4O8fv1//X+667f+f8z9h8NMMsn/AAAAkIOY+78YZiL/AwAAQGXE3P+lMBP5HwAAACoj5v4jYSaZ5H/9f/1//X/9f/1//f9e0v/X/+9E/1//f5DXr/+v/093/db/j7n/aJhJJvkfAAAAchBz/7EwE/kfAAAAKiPm/uNhJvI/AAAAVEbM/SfCTDLJ//r/+v/6//r/+v/6/72k/7+8/z8erlP/X/9f/3+w16//r/9Pd/3W/4+5/w/DTDLJ/wAAAJCDmPtPhpnI/wAAAFAZMffPhZnI/wAAAFAZMffPh5lkkv/1//X/9f/1//X/9f97Sf/f5/93ov+v/z/I69f/1/+nu37r/8fcfyrMJJP8DwAAADmIuf/RMBP5HwAAACoj5v7HwkzkfwAAAKiMmPsfDzPJJP/r//8/e3e961t5xHF406aWpum19Ap6Cb2GXkbdhbq7u7u7u1N3d1rqmtCEPTOQAmudA/zY75p5nn+mhZ3whk1IviGfLP2//n+Z/v+889P/6//1/5dF/3+79//X/SOv/z+n/9f/6//1/2xbrf/P3X+/uGXI/gcAAIAJcvffP26x/wEAAKCN3P0PiFvsfwAAAGgjd/8D45Yh+1//r//X/y/T//v+f/5e9f/6/8ug//f9/zP9/y120f380d+v/9f/s2+1/j93/4PiliH7HwAAACbI3f/guMX+BwAAgDZy9z8kbrH/AQAAoI3c/Q+NW4bsf/2//l//r//X/+v/T0n/r//fov/X/x/5/fp//T/7Vuv/c/c/LG4Zsv8BAABggtz9D49b7H8AAABoI3f/I+IW+x8AAADayN3/yLhlyP7X/+v/9f/6f/2//v+U9P/6/y36f/3/kd+v/9f/s2+1/j93/6PiliH7HwAAACbI3f/ouMX+BwAAgDZy9z8mbrH/AQAAoI3c/Y+NW4bsf/2//l//r//X/+v/T0n/r//fov/X/x/5/fp//T/7Tt7/3+fK6+6l9v+5+6+MW4bsfwAAAJggd//j4hb7HwAAANrI3f/4uMX+BwAAgDZy9z8hbhmy//X/+v/r+/9rr9D/6//1/9f/cf3/bUP/r//fov9ftf+/tL8T+n/9v/6fPSfv/3d6/////7n7nxi3DNn/AAAAMEHu/ifFLfY/AAAAtJG7/8lxi/0PAAAAbeTuf0rcMmT/H6X/v1v+D/2/7//r//X/+v9D0f/r/7fo/1ft/33//9b2//e+hPfr/5lgtf4/d/9T45Yh+x8AAAAmyN3/tLjF/gcAAIA2cvc/PW6x/wEAAKCN3P3PiFuG7P+j9P++/6//v6n36//1/2f6/+Xp//X/W/T/+v8jv9/3//X/7Fut/8/d/8y4Zcj+BwAAgAly9z8rbrH/AQAAoI3c/c+OW+x/AAAAaCN3/3PiliH7X/+v/9f/6/9vVf9/R/2//n+b/l//v0X/r/8/8vv1//p/9q3W/+fuf27cMmT/AwAAwAS5+58Xt9j/AAAA0Ebu/ufHLfY/AAAAtJG7/wVxy5D9r//X/+v/9f++/6//PyX9f7v+/wr9//X0//p//b/+n22r9f+5+18YtwzZ/wAAADBB7v4XxS32PwAAALSRu//FcYv9DwAAAG3k7n9J3DJk/+v/9f/6f/2//l//f0r6/3b9v+//34D+X/+v/9f/s221/j93/0vjliH7HwAAACbI3f+yuMX+BwAAgDZy9788brH/AQAAoI3c/a+IW4bsf/2//l//r//X/+v/T0n/r//fov+/6f7/rjfz19P/r/V+/b/+n32r9f+5+18ZtwzZ/wAAADBB7v5XxS32PwAAALSRu//VcYv9DwAAAG3k7n9N3DJk/99c/3/N3c//vP7/0uj/b/r9+n/9v/5f/6//1/9v0f/7/v+R36//1/+zb7X+P3f/a+OWIfsfAAAAJsjd/7q4xf4HAACANnL3vz5usf8BAACgjdz9b4hbhux/3//X/+v/9f/6f/3/Ken/9f9b9P/6/yO/X/+v/2ffav1/7v43xi1D9j8AAABMkLv/TXGL/Q8AAABt5O5/c9xi/wMAAEAbufvfErcM2f/6f/3/hff/d9D/J/1//F71//r/y6D/1/+f6f9vsYvu54/+fv2//p99q/X/ufvfGrcM2f8AAAAwQe7+t8Ut9j8AAAC0kbv/7XGL/Q8AAABt5O5/R9wyZP/r//X/F97/+/5/0f/H71X/r/+/DPp//f+Z/v8Wu+h+/ujv1//r/9m3Wv+fu/+dccuQ/Q8AAAAT5O5/V9xi/wMAAEAbufvfHbfY/wAAANBG7v73xC1D9r/+X/+v/9f/6//1/6ek/9f/b9H/6/+P/H79v/6ffav1/7n73xu3DNn/AAAAMEHu/vfFLfY/AAAAtJG7//1xi/0PAAAAbeTu/0DcMmT/6/+P3v/f9+p4gf5f/6//1/8vSf+v/9+i/9f/H/n9+n/9P/tW6/9z938wbhmy/wEAAGCC3P0filvsfwAAAGgjd/+H4xb7HwAAANrI3f+RuGXI/p/R/9/pRj/Wp//3/X/9v/5f/782/b/+f4v+X/9/5Pfr//X/7Fut/8/d/9G4Zcj+BwAAgAly938sbrH/AQAAoI3c/R+PW+x/AAAAaCN3/yfiliH7f0b/f2P6/3O3ef9/7T31//r/ov/X/5/p//X/O/T/+v8jv1//r/9n32r9f+7+T8YtQ/Y/AAAATJC7/1Nxi/0PAAAAbeTu/3TcYv8DAABAG7n7PxM33OseF/ek25X+X//v+//6f/2//v+U9P/6/y36f/3/kd+v/9f/s2+1/j93/2fjFv/9HwAAANrI3f+5uMX+BwAAgDZy938+brH/AQAAoI3c/V+IW4bsf/2//l//r//X/+v/T0n/r//fov/X/x/5/fp//T/7Vuv/c/d/MW4Zsv8BAABggtz9X4pb7H8AAABoI3f/l+MW+x8AAADayN3/lbhlyP7X/+v/9f/6f/2//v+U9P/6/y36f/3/kd+v/9f/s2+1/j93/1fjliH7HwAAACbI3f+1uMX+BwAAgDZy918Vt9j/AAAA0Ebu/q/HLUP2v/5f/6//1//r//X/p6T/1/9v0f/foP/Pf5no/w/zfv2//p99q/X/ufu/EbcM2f8AAAAwQe7+b8Yt9j8AAAC0kbv/W3GL/Q8AAABt5O7/dtwyZP937v+3fkz/f07/r/8/0//r/09M/6//36L/9/3/I79f/6//Z99q/X/u/u/ELUP2PwAAAEyQu/+7cYv9DwAAAG3k7v9e3GL/AwAAQBu5+78ftwzZ/537/y36/3P6f/3/mf5f/39i+n/9/xb9v/7/yO/X/+v/2bda/5+7/wdxy5D9DwAAABPk7v9h3GL/AwAAQBu5+38Ut9j/AAAA0Ebu/h/HLUP2v/5f/6//1//r//X/p6T/1/9v0f/r/4/8fv2//p99q/X/uft/ErcM2f8AAAAwQe7+n8Yt9j8AAAC0kbv/Z3GL/Q8AAABt5O7/edwyZP/r//X/+n/9v/5f/39K+n/9/xb9v/7/yO/X/+v/2bda/5+7/xdxy5D9DwAAABPk7v9l3GL/AwAAQBu5+38Vt9j/AAAA0Ebu/l/HLUP2v/5f/6//1//r//X/p6T/1/9v0f/r/4/8fv2//p99q/X/uft/E7cM2f8AAAAwQe7+38Yt9j8AAAC0kbv/d3GL/Q8AAABt5O7/fdwyZP/r//X/+n/9v/5f/39K+n/9/xb9v/7/yO/X/+v/2bda/5+7/+q4Zcj+BwAAgAly9/8hbrH/AQAAoI3c/X+MW+x/AAAAaCN3/zVxy5D937n/v+rON/9j+v9zbfv/u+j/9f/6/1Xo//X/W/T/+v8jv1//r/9n32r9f+7+P8UtQ/Y/AAAATJC7/89xi/0PAAAAbeTu/0vcYv8DAABAG7n7/xq3DNn/nfv/Lfr/c237f9//1//r/5eh/9f/b9H/6/+P/H79v/6ffav1/7n7/xa3DNn/AAAAMEHu/r/HLfY/AAAAtJG7/x9xi/0PAAAAbeTu/2fcMmT/6//1//p//b/+X/9/Svp//f8W/b/+/8jv1//r/9m3Wv+fu/9fccuQ/Q8AAAAT5O7/d9xi/wMAAEAbufv/E7fY/wAAANBG7v7/xi1D9r/+X/+v/9f/6//1/6ek/9f/b9H/6/+P/H79v/6ffav1/7n7/xcAAP//mdcmSQ==")
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xc4042, 0xb9cbbe05c791f09e)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x2000, 0x0)
sendfile(r4, r5, 0x0, 0xff7e82)
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x22201, 0xa9)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0xe, 0x0, 0x1be, 0x0, 0x0, 0x0, 0x0, 0x1, {0x1, r6}})
io_uring_enter(r0, 0x47f6, 0xb277, 0x0, 0x0, 0x0)
r8 = syz_open_dev$sg(&(0x7f0000000100), 0x7, 0x101000)
ioctl$SG_NEXT_CMD_LEN(r8, 0x2283, &(0x7f00000001c0)=0xc7)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r9, &(0x7f0000000140)='2', 0xfdef, 0x8000c61)
ioctl$USBDEVFS_FREE_STREAMS(r9, 0x8008551d, &(0x7f0000000000)={0x612c, 0x1e, [{0xc, 0x1}, {0x4, 0x1}, {0xe, 0x1}, {0x8, 0x1}, {0x2, 0x1}, {0xb}, {0x7}, {0x8, 0x1}, {}, {0x7, 0x1}, {0x4}, {0x8, 0x1}, {0xc}, {0x8, 0x1}, {0x9, 0x1}, {0x1, 0x1}, {0xa}, {0xe}, {0xc}, {0x0, 0x1}, {0x4, 0x1}, {0xa}, {0x2}, {0xe, 0x1}, {0x4}, {0x0, 0x1}, {0x9}, {0x5, 0x1}, {0xd, 0x1}, {0x2}]})

1.744883807s ago: executing program 3 (id=364):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet6(0x10, 0x80000, 0x3)
r2 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_G_SELECTION(r2, 0xc040565e, &(0x7f00000000c0)={0x5, 0x0, 0x0, {0xffff, 0x3, 0xb0c, 0x8}})
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[], 0x50)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r3, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={<r4=>0x0, 0x20, &(0x7f0000000040)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in={0x2, 0x4e24, @remote}]}, &(0x7f0000000080)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f00000000c0)={r4, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0xce024d}, 0x9c)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x1, 0x2a, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0xe, &(0x7f0000000900)=ANY=[@ANYBLOB="b7020000f7ffffffbfa70000000000002402000020fe29817a0af0fff8ffffff69a4f0ff00000000b70600000018d1fe2d6405000000000075040000000000400704000000000000b7040000100000206a0700fe000000008500000005000000b70000000a00000095000000000000000000c2c62f6004ad13aa957e2af5e49a53c2868f0399d909a63796c113a80c19aab9d607000000b6c9483be3f0d3253730e714c46cc4f79fd2b316da4f0de8163f6242fa7323f1740637c48468766af540439fce41f144631ac262dcae18c3d1a1fbe96dc86035b44174f7c0620254ab6d285e6b343185089a0f119e31975e551558050800000000000000125d67857f290870093f38153608561a2128a79cce912d1f05de330800a9f5422bee8ca49166f6a587f2f593775afcd071efc5a972f757521b7b38ec273c2ad3e406f8c124f7dc1c4553229a69df4b2780e6da4420d71489fe383e0b5ce08b750502f2b8add8d2dddde19ac050537e973782b4053150580035fb2c579e1b2100000033d1ee8cab6d236f05b1f7b9f78fd5abfe033eb79f7a0b498366f5edfe311258016fbf47d9c85bf5325bf61419372be377022433e20900a262b20bb8b36de7b0e6c5ebfc5baec1ebe58d4af587d33e2935ad68da6e0fea5c21301f5d002b51a5b60fc741cb2c5d4cd5e896774f9293a6435558795043404ac6eafc8310fbcacca7f971b260fd06d4590ded8429fcd1c9a8dbbdedb32675388df363c0bc536e00448208b72405ebf27ddb402e5a2d675aaad92e183cef1eadc1661140fb567b55c72907a1aca75277a5f0022b1e957ba737f10f1161c5ae6e2cc64072ff3b4e76084922242e63d4b7806e30f786cff147e4bc819060678319a0e5534f5a0db52526c30000000000000000000000a63705b1a60525620acca06d57c055059df7651768310c9085c5f86be6ab819506961ad51f18b35fdc3fd4d0a0dbbdcd494ef168931f27748787bee95d739fef7ee67dd21c34647de82707e41d7db6d981a4fcf0bbd3d38ebb7a2489e28c6b28c0f70092ffb016b7766399555f3e6b538c2c862d17e53eaeb2036f9f0ab6e95e71bda4b5bbf53344264ad93bac1207b31d6e9c78181c7fe204c0b7582d1c762857f2a2e0c60f4a4855591a4f70f94df9629e470701103c40c8f6d3a3068091d62b58999e0a046f9509cb8ddc2a9ad4e0f1f85e5f076218b4b931acdff0c34fc5bdbad17ec481f1c9b17727c14e053e315d0d8d03c24ddaba65c5ce5b1aa04d1f767e25662b155d49460ec720d54044ac2856c11407835f341e2614bcae270000000001000000df7f736aab5d713240b2f40ec7be8251eba969686b2670ddc1a84df6ab12ab3e0cf8747837062233935704ebbd943ef0c5fef29513c7c1d6d2611796dccb45bdfd9e6533ad3574be5b9ea70e0c3b41a32067c03f5f8ed147cd0655c90d656f66eaed18a3c284c4f19417b5d91431759356db5d45ea40c9866957105b6252b0c028c672049ce163126f143f5758faf2a43f4c4f45a69b4e9113f85ae531085c11c75edbdee5af454757cdaff396c15ab9b210c202ffaea96d1bac60c6d6c56a4babc659858789bd479334e13e1c7876f95429431e61400815788c1397b260600d78e7513c58d9ac9474d392cc06f789753e1e7ebf5f1b55e2a64b9150c6580bf48e7bff763034801cccf403108d127b959ffc425a563ea2b90fbe779fd7d2ebfe94"], &(0x7f0000000280)='GPL\x00'}, 0x48)
r5 = socket$kcm(0x11, 0x2, 0x300)
r6 = socket$kcm(0x2, 0x1000000000000002, 0x0)
sendmsg$inet(r6, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0xf}, @multicast2}}}], 0x20}, 0x1)
unshare(0x42000000)
setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x53aad4dcc29324f7, &(0x7f0000000200)=0x20, 0x4)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
socket$isdn(0x22, 0x3, 0x4)
ioctl$CEC_ADAP_G_LOG_ADDRS(0xffffffffffffffff, 0x805c6103, &(0x7f0000000780))
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001300)=@newqdisc={0x434, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0x10}, {0xffff, 0xffff}, {0xffe0, 0xf}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x408, 0x2, [@TCA_TBF_PTAB={0x404, 0x3, [0xfb, 0x2, 0x101, 0x5, 0x2, 0xa28, 0x4, 0x9, 0xf, 0xffff6d77, 0xe4, 0x280, 0x107, 0x8001, 0x2, 0x0, 0x7, 0xff, 0x4, 0x401, 0x9, 0x5, 0x3, 0x1, 0xfffffff5, 0x5, 0xb8, 0x7, 0x5, 0x1, 0x157, 0x26553de0, 0x4, 0x7810, 0x80, 0x4, 0x1, 0x5, 0x1, 0x4, 0xf, 0x1000, 0x9, 0x6, 0xfff, 0x42, 0x44, 0x9, 0x6, 0x1, 0x7f, 0x9, 0x9, 0x6, 0x40, 0xffff, 0x0, 0x3, 0x9, 0x3, 0x7, 0xd61a, 0x1, 0x4, 0x8000, 0x5400000, 0x8000, 0x6, 0x400, 0x8000, 0x401, 0x4, 0xffffffff, 0x5, 0x8000, 0x1000, 0xb5, 0x6, 0x7, 0x0, 0x800, 0x1, 0x7fff, 0x401, 0x0, 0x2, 0x6e9, 0x8, 0x6, 0x5, 0xfffffffa, 0xffffff83, 0x7f, 0x9, 0x5feecc8, 0xb, 0x1a48dadd, 0xa3b, 0xfffffffa, 0x4, 0xffff, 0xc5, 0xbfa, 0x80000001, 0x8, 0x6, 0xacc, 0x7, 0x9, 0x1, 0x8001, 0x9, 0xcd4d, 0x5, 0x0, 0x7ff, 0x5, 0x5fd, 0x8, 0x8001, 0x9, 0xfffffff7, 0x76, 0x400, 0x4, 0x5, 0x9, 0x6, 0x17, 0x6, 0x2, 0x4, 0x400000, 0x10001, 0xd17, 0x1, 0x89, 0x4, 0x4, 0x8, 0x8, 0x10000, 0x9, 0x1, 0xce3, 0x4, 0x9, 0x96, 0x4, 0x6, 0x9, 0x8001, 0xc, 0x3, 0x2, 0x8969, 0x100, 0x100, 0x101, 0x7, 0x10000, 0x0, 0xc, 0x9, 0xfffffff1, 0x1, 0x1, 0x6, 0x7, 0x34a00, 0x45, 0x800800, 0x2, 0x2, 0x7, 0x3800, 0x8, 0x6, 0x4, 0xfffffffb, 0x4, 0xb, 0xc, 0x5, 0x2, 0x4, 0x2000000, 0x2, 0x2, 0x5, 0x5, 0xfffffff8, 0xda, 0x9, 0x8, 0x2, 0x1, 0x4, 0x8, 0x7, 0x36a3, 0x2, 0x5, 0xa1, 0x94, 0x4a9b, 0x9, 0x5, 0x0, 0x3, 0x3, 0x4, 0xe, 0xd, 0xfffffff2, 0x10001, 0x8, 0x0, 0x200, 0x7d, 0x2, 0x4, 0x1, 0x7fff, 0x3, 0x6, 0x3ff, 0x10000, 0x10, 0x0, 0x6, 0x8, 0x6, 0x8, 0x8, 0xf, 0x81, 0x4, 0x400, 0x3, 0xc, 0x8, 0x3, 0x6, 0x2c, 0x8, 0x25, 0x0, 0xb9, 0x3, 0x330c, 0xfffffffe, 0xc, 0x3a8b, 0x9, 0x1]}]}}]}, 0x434}}, 0x0)
syz_emit_ethernet(0x31a, &(0x7f00000003c0)={@multicast, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d9a", 0x2e4, 0x3a, 0xff, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, '\x00'/12}, {0x18, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0xe, "06aa85616177c41bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e2718"}, {0x2, 0xb, "17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4610001394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f003"}, {0x21, 0x7, "000000000000000200000000000000000000000000008879e66485201a0015ca837400000000000000000000001c0000000000000000"}, {0x0, 0x14, "5e14f0e7e72d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fa632dbf04542188b196e213408c"}, {0x3}]}}}}}}, 0x0)

1.017702565s ago: executing program 1 (id=365):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000000c0)="98a591c63a6efdecc4194d99634ff4eb90c266e83fff7dfbd3568c030612b423a36dbc", 0x23}, {&(0x7f0000000200)="da467702e2520108dcebc5560e4f93142974b51221138c2cdf5b4d5781b800c423ace69c1eba8d0c505baa2acdddff4bc6e17bd735b3576550a4b33160cad82f3df56db53fbf5fbad6125c8b79", 0x4d}], 0x2, 0x0, 0x0, 0x4000}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f00000001c0)={0x0, 0x80, 0x0, 'queue0\x00'})
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r3, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

438.00322ms ago: executing program 1 (id=366):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet6(0x10, 0x80000, 0x3)
r2 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_G_SELECTION(r2, 0xc040565e, &(0x7f00000000c0)={0x5, 0x0, 0x0, {0xffff, 0x3, 0xb0c, 0x8}})
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[], 0x50)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r3, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={<r4=>0x0, 0x20, &(0x7f0000000040)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in={0x2, 0x4e24, @remote}]}, &(0x7f0000000080)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f00000000c0)={r4, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0xce024d}, 0x9c)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x1, 0x2a, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0xe, &(0x7f0000000900)=ANY=[@ANYBLOB="b7020000f7ffffffbfa70000000000002402000020fe29817a0af0fff8ffffff69a4f0ff00000000b70600000018d1fe2d6405000000000075040000000000400704000000000000b7040000100000206a0700fe000000008500000005000000b70000000a00000095000000000000000000c2c62f6004ad13aa957e2af5e49a53c2868f0399d909a63796c113a80c19aab9d607000000b6c9483be3f0d3253730e714c46cc4f79fd2b316da4f0de8163f6242fa7323f1740637c48468766af540439fce41f144631ac262dcae18c3d1a1fbe96dc86035b44174f7c0620254ab6d285e6b343185089a0f119e31975e551558050800000000000000125d67857f290870093f38153608561a2128a79cce912d1f05de330800a9f5422bee8ca49166f6a587f2f593775afcd071efc5a972f757521b7b38ec273c2ad3e406f8c124f7dc1c4553229a69df4b2780e6da4420d71489fe383e0b5ce08b750502f2b8add8d2dddde19ac050537e973782b4053150580035fb2c579e1b2100000033d1ee8cab6d236f05b1f7b9f78fd5abfe033eb79f7a0b498366f5edfe311258016fbf47d9c85bf5325bf61419372be377022433e20900a262b20bb8b36de7b0e6c5ebfc5baec1ebe58d4af587d33e2935ad68da6e0fea5c21301f5d002b51a5b60fc741cb2c5d4cd5e896774f9293a6435558795043404ac6eafc8310fbcacca7f971b260fd06d4590ded8429fcd1c9a8dbbdedb32675388df363c0bc536e00448208b72405ebf27ddb402e5a2d675aaad92e183cef1eadc1661140fb567b55c72907a1aca75277a5f0022b1e957ba737f10f1161c5ae6e2cc64072ff3b4e76084922242e63d4b7806e30f786cff147e4bc819060678319a0e5534f5a0db52526c30000000000000000000000a63705b1a60525620acca06d57c055059df7651768310c9085c5f86be6ab819506961ad51f18b35fdc3fd4d0a0dbbdcd494ef168931f27748787bee95d739fef7ee67dd21c34647de82707e41d7db6d981a4fcf0bbd3d38ebb7a2489e28c6b28c0f70092ffb016b7766399555f3e6b538c2c862d17e53eaeb2036f9f0ab6e95e71bda4b5bbf53344264ad93bac1207b31d6e9c78181c7fe204c0b7582d1c762857f2a2e0c60f4a4855591a4f70f94df9629e470701103c40c8f6d3a3068091d62b58999e0a046f9509cb8ddc2a9ad4e0f1f85e5f076218b4b931acdff0c34fc5bdbad17ec481f1c9b17727c14e053e315d0d8d03c24ddaba65c5ce5b1aa04d1f767e25662b155d49460ec720d54044ac2856c11407835f341e2614bcae270000000001000000df7f736aab5d713240b2f40ec7be8251eba969686b2670ddc1a84df6ab12ab3e0cf8747837062233935704ebbd943ef0c5fef29513c7c1d6d2611796dccb45bdfd9e6533ad3574be5b9ea70e0c3b41a32067c03f5f8ed147cd0655c90d656f66eaed18a3c284c4f19417b5d91431759356db5d45ea40c9866957105b6252b0c028c672049ce163126f143f5758faf2a43f4c4f45a69b4e9113f85ae531085c11c75edbdee5af454757cdaff396c15ab9b210c202ffaea96d1bac60c6d6c56a4babc659858789bd479334e13e1c7876f95429431e61400815788c1397b260600d78e7513c58d9ac9474d392cc06f789753e1e7ebf5f1b55e2a64b9150c6580bf48e7bff763034801cccf403108d127b959ffc425a563ea2b90fbe779fd7d2ebfe94"], &(0x7f0000000280)='GPL\x00'}, 0x48)
r5 = socket$kcm(0x11, 0x2, 0x300)
r6 = socket$kcm(0x2, 0x1000000000000002, 0x0)
sendmsg$inet(r6, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0xf}, @multicast2}}}], 0x20}, 0x1)
unshare(0x42000000)
setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x53aad4dcc29324f7, &(0x7f0000000200)=0x20, 0x4)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
socket$isdn(0x22, 0x3, 0x4)
ioctl$CEC_ADAP_G_LOG_ADDRS(0xffffffffffffffff, 0x805c6103, &(0x7f0000000780))
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001300)=@newqdisc={0x434, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0x10}, {0xffff, 0xffff}, {0xffe0, 0xf}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x408, 0x2, [@TCA_TBF_PTAB={0x404, 0x3, [0xfb, 0x2, 0x101, 0x5, 0x2, 0xa28, 0x4, 0x9, 0xf, 0xffff6d77, 0xe4, 0x280, 0x107, 0x8001, 0x2, 0x0, 0x7, 0xff, 0x4, 0x401, 0x9, 0x5, 0x3, 0x1, 0xfffffff5, 0x5, 0xb8, 0x7, 0x5, 0x1, 0x157, 0x26553de0, 0x4, 0x7810, 0x80, 0x4, 0x1, 0x5, 0x1, 0x4, 0xf, 0x1000, 0x9, 0x6, 0xfff, 0x42, 0x44, 0x9, 0x6, 0x1, 0x7f, 0x9, 0x9, 0x6, 0x40, 0xffff, 0x0, 0x3, 0x9, 0x3, 0x7, 0xd61a, 0x1, 0x4, 0x8000, 0x5400000, 0x8000, 0x6, 0x400, 0x8000, 0x401, 0x4, 0xffffffff, 0x5, 0x8000, 0x1000, 0xb5, 0x6, 0x7, 0x0, 0x800, 0x1, 0x7fff, 0x401, 0x0, 0x2, 0x6e9, 0x8, 0x6, 0x5, 0xfffffffa, 0xffffff83, 0x7f, 0x9, 0x5feecc8, 0xb, 0x1a48dadd, 0xa3b, 0xfffffffa, 0x4, 0xffff, 0xc5, 0xbfa, 0x80000001, 0x8, 0x6, 0xacc, 0x7, 0x9, 0x1, 0x8001, 0x9, 0xcd4d, 0x5, 0x0, 0x7ff, 0x5, 0x5fd, 0x8, 0x8001, 0x9, 0xfffffff7, 0x76, 0x400, 0x4, 0x5, 0x9, 0x6, 0x17, 0x6, 0x2, 0x4, 0x400000, 0x10001, 0xd17, 0x1, 0x89, 0x4, 0x4, 0x8, 0x8, 0x10000, 0x9, 0x1, 0xce3, 0x4, 0x9, 0x96, 0x4, 0x6, 0x9, 0x8001, 0xc, 0x3, 0x2, 0x8969, 0x100, 0x100, 0x101, 0x7, 0x10000, 0x0, 0xc, 0x9, 0xfffffff1, 0x1, 0x1, 0x6, 0x7, 0x34a00, 0x45, 0x800800, 0x2, 0x2, 0x7, 0x3800, 0x8, 0x6, 0x4, 0xfffffffb, 0x4, 0xb, 0xc, 0x5, 0x2, 0x4, 0x2000000, 0x2, 0x2, 0x5, 0x5, 0xfffffff8, 0xda, 0x9, 0x8, 0x2, 0x1, 0x4, 0x8, 0x7, 0x36a3, 0x2, 0x5, 0xa1, 0x94, 0x4a9b, 0x9, 0x5, 0x0, 0x3, 0x3, 0x4, 0xe, 0xd, 0xfffffff2, 0x10001, 0x8, 0x0, 0x200, 0x7d, 0x2, 0x4, 0x1, 0x7fff, 0x3, 0x6, 0x3ff, 0x10000, 0x10, 0x0, 0x6, 0x8, 0x6, 0x8, 0x8, 0xf, 0x81, 0x4, 0x400, 0x3, 0xc, 0x8, 0x3, 0x6, 0x2c, 0x8, 0x25, 0x0, 0xb9, 0x3, 0x330c, 0xfffffffe, 0xc, 0x3a8b, 0x9, 0x1]}]}}]}, 0x434}}, 0x0)
syz_emit_ethernet(0x31a, &(0x7f00000003c0)={@multicast, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d9a", 0x2e4, 0x3a, 0xff, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, '\x00'/12}, {0x18, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0xe, "06aa85616177c41bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e2718"}, {0x2, 0xb, "17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4610001394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f003"}, {0x21, 0x7, "000000000000000200000000000000000000000000008879e66485201a0015ca837400000000000000000000001c0000000000000000"}, {0x0, 0x14, "5e14f0e7e72d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fa632dbf04542188b196e213408c"}, {0x3}]}}}}}}, 0x0)

213.712655ms ago: executing program 3 (id=367):
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendmsg$802154_raw(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)="c774e1", 0x3}, 0x1, 0x0, 0x0, 0x8000}, 0x40)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="12000000040000000800", @ANYRES32, @ANYBLOB="0000001f4761ad9339e3c77ccf018b6990478b000000dfae276499d2459c68ac32c91871618c0bedbddb663de945dfcdff2e51abe10460fa0ebc0057badb6e316506900864fc08197deb314c738ceee309af6ed5e161fe14a5dec3c03a00e48f75ee482c368be40d49a416004d91f4c666161fa5d0f55847b0708dfdf9772f7fdf230fcd82dbf4c8dc3898b73a2d3bdb07e1f7a26036fdd73b0611502d651565758e43c6047d68c4713540b276e94dacb6be93be1248027373f21e3f5be31e65ad9062ee6ea3098e", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_TYPE={0x8, 0x7, 'nat\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_HOOK_PRIORITY={0x8}]}]}, @NFT_MSG_NEWCHAIN={0x14}], {0x14}}, 0xa4}}, 0x0)

0s ago: executing program 2 (id=368):
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x14, 0x16, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x10000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe}, 0x94)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x19})
r1 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000100)={0x3, 0x2, 0x1})
bind$alg(0xffffffffffffffff, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000140), 0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, 0x0, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
openat(0xffffffffffffff9c, &(0x7f00000001c0)='.\x00', 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.106' (ED25519) to the list of known hosts.
[   67.818858][ T5845] cgroup: Unknown subsys name 'net'
[   67.962366][ T5845] cgroup: Unknown subsys name 'cpuset'
[   67.970253][ T5845] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   69.248217][ T5845] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   71.251996][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[   71.258302][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[   72.907196][ T5862] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   72.918397][ T5872] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   72.926151][ T5872] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   72.933760][ T5872] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   72.941285][ T5870] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   72.980108][ T5875] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   72.987489][ T5870] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   73.000059][ T5870] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   73.005406][ T5872] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   73.011003][ T5873] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   73.014715][ T5872] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   73.021749][ T5870] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   73.028584][ T5876] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   73.042358][ T5872] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   73.043735][ T5876] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   73.050157][ T5870] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   73.056908][ T5876] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   73.063397][ T5872] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   73.071161][ T5876] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   73.085063][ T5872] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   73.085837][ T5876] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   73.099410][ T5872] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   73.101467][ T5876] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   73.113795][   T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   73.121532][   T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   73.443901][ T5874] chnl_net:caif_netlink_parms(): no params data found
[   73.490564][ T5855] chnl_net:caif_netlink_parms(): no params data found
[   73.521530][ T5856] chnl_net:caif_netlink_parms(): no params data found
[   73.599991][ T5858] chnl_net:caif_netlink_parms(): no params data found
[   73.647386][ T5874] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.654632][ T5874] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.662186][ T5874] bridge_slave_0: entered allmulticast mode
[   73.668929][ T5874] bridge_slave_0: entered promiscuous mode
[   73.697419][ T5855] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.704603][ T5855] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.711949][ T5855] bridge_slave_0: entered allmulticast mode
[   73.718625][ T5855] bridge_slave_0: entered promiscuous mode
[   73.725748][ T5874] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.733330][ T5874] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.740762][ T5874] bridge_slave_1: entered allmulticast mode
[   73.747451][ T5874] bridge_slave_1: entered promiscuous mode
[   73.768708][ T5856] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.775990][ T5856] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.783315][ T5856] bridge_slave_0: entered allmulticast mode
[   73.790037][ T5856] bridge_slave_0: entered promiscuous mode
[   73.796939][ T5855] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.804154][ T5855] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.811588][ T5855] bridge_slave_1: entered allmulticast mode
[   73.818234][ T5855] bridge_slave_1: entered promiscuous mode
[   73.852469][ T5856] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.859628][ T5856] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.867177][ T5856] bridge_slave_1: entered allmulticast mode
[   73.874027][ T5856] bridge_slave_1: entered promiscuous mode
[   73.900010][ T5874] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   73.924273][ T5855] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   73.936184][ T5855] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   73.961059][ T5874] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   73.981736][ T5856] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   74.024318][ T5857] chnl_net:caif_netlink_parms(): no params data found
[   74.035338][ T5874] team0: Port device team_slave_0 added
[   74.043594][ T5856] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   74.054338][ T5855] team0: Port device team_slave_0 added
[   74.062392][ T5855] team0: Port device team_slave_1 added
[   74.079482][ T5874] team0: Port device team_slave_1 added
[   74.115075][ T5858] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.123257][ T5858] bridge0: port 1(bridge_slave_0) entered disabled state
[   74.130756][ T5858] bridge_slave_0: entered allmulticast mode
[   74.137376][ T5858] bridge_slave_0: entered promiscuous mode
[   74.148587][ T5858] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.156075][ T5858] bridge0: port 2(bridge_slave_1) entered disabled state
[   74.163614][ T5858] bridge_slave_1: entered allmulticast mode
[   74.170801][ T5858] bridge_slave_1: entered promiscuous mode
[   74.186456][ T5856] team0: Port device team_slave_0 added
[   74.215064][ T5874] batman_adv: batadv0: Adding interface: batadv_slave_0
[   74.222207][ T5874] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.248926][ T5874] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   74.261204][ T5874] batman_adv: batadv0: Adding interface: batadv_slave_1
[   74.268187][ T5874] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.294227][ T5874] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   74.307402][ T5856] team0: Port device team_slave_1 added
[   74.313790][ T5855] batman_adv: batadv0: Adding interface: batadv_slave_0
[   74.321804][ T5855] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.347735][ T5855] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   74.379194][ T5855] batman_adv: batadv0: Adding interface: batadv_slave_1
[   74.386252][ T5855] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.412207][ T5855] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   74.428036][ T5858] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   74.458337][ T5858] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   74.476096][ T5856] batman_adv: batadv0: Adding interface: batadv_slave_0
[   74.483219][ T5856] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.509303][ T5856] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   74.521482][ T5856] batman_adv: batadv0: Adding interface: batadv_slave_1
[   74.528499][ T5856] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.554759][ T5856] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   74.611143][ T5857] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.618291][ T5857] bridge0: port 1(bridge_slave_0) entered disabled state
[   74.625912][ T5857] bridge_slave_0: entered allmulticast mode
[   74.632835][ T5857] bridge_slave_0: entered promiscuous mode
[   74.641073][ T5858] team0: Port device team_slave_0 added
[   74.658168][ T5874] hsr_slave_0: entered promiscuous mode
[   74.664481][ T5874] hsr_slave_1: entered promiscuous mode
[   74.677357][ T5857] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.684925][ T5857] bridge0: port 2(bridge_slave_1) entered disabled state
[   74.692317][ T5857] bridge_slave_1: entered allmulticast mode
[   74.698948][ T5857] bridge_slave_1: entered promiscuous mode
[   74.706600][ T5858] team0: Port device team_slave_1 added
[   74.732330][ T5855] hsr_slave_0: entered promiscuous mode
[   74.738472][ T5855] hsr_slave_1: entered promiscuous mode
[   74.744639][ T5855] debugfs: 'hsr0' already exists in 'hsr'
[   74.750412][ T5855] Cannot create hsr debugfs directory
[   74.788590][ T5856] hsr_slave_0: entered promiscuous mode
[   74.795249][ T5856] hsr_slave_1: entered promiscuous mode
[   74.801955][ T5856] debugfs: 'hsr0' already exists in 'hsr'
[   74.807743][ T5856] Cannot create hsr debugfs directory
[   74.822863][ T5857] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   74.832384][ T5858] batman_adv: batadv0: Adding interface: batadv_slave_0
[   74.839355][ T5858] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.865460][ T5858] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   74.897284][ T5857] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   74.907164][ T5858] batman_adv: batadv0: Adding interface: batadv_slave_1
[   74.914476][ T5858] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.940788][ T5858] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   75.005892][ T5857] team0: Port device team_slave_0 added
[   75.035953][ T5857] team0: Port device team_slave_1 added
[   75.091199][ T5858] hsr_slave_0: entered promiscuous mode
[   75.097361][ T5858] hsr_slave_1: entered promiscuous mode
[   75.103580][ T5858] debugfs: 'hsr0' already exists in 'hsr'
[   75.109319][ T5858] Cannot create hsr debugfs directory
[   75.136305][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_0
[   75.143535][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   75.169697][ T5857] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   75.170020][ T5876] Bluetooth: hci2: command tx timeout
[   75.181983][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_1
[   75.185782][ T5862] Bluetooth: hci1: command tx timeout
[   75.192710][ T5867] Bluetooth: hci0: command tx timeout
[   75.198109][ T5862] Bluetooth: hci4: command tx timeout
[   75.203480][ T5875] Bluetooth: hci3: command tx timeout
[   75.214462][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   75.240610][ T5857] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   75.343990][ T5857] hsr_slave_0: entered promiscuous mode
[   75.350509][ T5857] hsr_slave_1: entered promiscuous mode
[   75.356536][ T5857] debugfs: 'hsr0' already exists in 'hsr'
[   75.362577][ T5857] Cannot create hsr debugfs directory
[   75.435669][ T5874] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   75.463979][ T5874] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   75.473416][ T5874] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   75.498968][ T5874] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   75.560226][ T5855] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   75.581440][ T5855] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   75.594049][ T5855] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   75.611961][ T5855] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   75.646800][ T5856] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   75.663947][ T5856] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   75.681220][ T5856] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   75.690438][ T5856] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   75.741540][ T5858] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   75.769170][ T5858] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   75.799340][ T5874] 8021q: adding VLAN 0 to HW filter on device bond0
[   75.807509][ T5858] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   75.826594][ T5858] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   75.838378][ T5857] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   75.852471][ T5874] 8021q: adding VLAN 0 to HW filter on device team0
[   75.866274][ T5857] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   75.883113][ T5857] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   75.892955][ T5857] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   75.913383][  T304] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.920550][  T304] bridge0: port 1(bridge_slave_0) entered forwarding state
[   75.945300][  T304] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.952421][  T304] bridge0: port 2(bridge_slave_1) entered forwarding state
[   76.025237][ T5855] 8021q: adding VLAN 0 to HW filter on device bond0
[   76.066270][ T5855] 8021q: adding VLAN 0 to HW filter on device team0
[   76.101071][  T304] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.108221][  T304] bridge0: port 1(bridge_slave_0) entered forwarding state
[   76.131965][ T5856] 8021q: adding VLAN 0 to HW filter on device bond0
[   76.140775][ T3023] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.147980][ T3023] bridge0: port 2(bridge_slave_1) entered forwarding state
[   76.185404][ T5858] 8021q: adding VLAN 0 to HW filter on device bond0
[   76.203834][ T5856] 8021q: adding VLAN 0 to HW filter on device team0
[   76.236400][ T1155] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.243558][ T1155] bridge0: port 1(bridge_slave_0) entered forwarding state
[   76.254481][ T1155] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.261673][ T1155] bridge0: port 2(bridge_slave_1) entered forwarding state
[   76.278553][ T5857] 8021q: adding VLAN 0 to HW filter on device bond0
[   76.336680][ T5858] 8021q: adding VLAN 0 to HW filter on device team0
[   76.357893][  T304] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.365106][  T304] bridge0: port 1(bridge_slave_0) entered forwarding state
[   76.377839][  T304] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.384995][  T304] bridge0: port 2(bridge_slave_1) entered forwarding state
[   76.401919][ T5857] 8021q: adding VLAN 0 to HW filter on device team0
[   76.413737][ T5874] 8021q: adding VLAN 0 to HW filter on device batadv0
[   76.442819][ T1155] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.449968][ T1155] bridge0: port 1(bridge_slave_0) entered forwarding state
[   76.482747][ T3023] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.489893][ T3023] bridge0: port 2(bridge_slave_1) entered forwarding state
[   76.548505][ T5858] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   76.564763][ T5858] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   76.603471][ T5874] veth0_vlan: entered promiscuous mode
[   76.614155][ T5855] 8021q: adding VLAN 0 to HW filter on device batadv0
[   76.637397][ T5874] veth1_vlan: entered promiscuous mode
[   76.662627][ T5857] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   76.698374][ T5874] veth0_macvtap: entered promiscuous mode
[   76.734665][ T5874] veth1_macvtap: entered promiscuous mode
[   76.752423][ T5855] veth0_vlan: entered promiscuous mode
[   76.769236][ T5856] 8021q: adding VLAN 0 to HW filter on device batadv0
[   76.787945][ T5855] veth1_vlan: entered promiscuous mode
[   76.830180][ T5874] batman_adv: batadv0: Interface activated: batadv_slave_0
[   76.854687][ T5874] batman_adv: batadv0: Interface activated: batadv_slave_1
[   76.874863][ T5855] veth0_macvtap: entered promiscuous mode
[   76.894183][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   76.909100][ T5855] veth1_macvtap: entered promiscuous mode
[   76.926717][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   76.948890][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   76.976795][ T5855] batman_adv: batadv0: Interface activated: batadv_slave_0
[   77.016980][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   77.035432][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.057426][ T5857] 8021q: adding VLAN 0 to HW filter on device batadv0
[   77.066550][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.067580][ T5855] batman_adv: batadv0: Interface activated: batadv_slave_1
[   77.089281][ T5858] 8021q: adding VLAN 0 to HW filter on device batadv0
[   77.122646][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.132184][   T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   77.142308][   T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   77.150150][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.167742][   T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   77.178357][   T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   77.250095][   T51] Bluetooth: hci3: command tx timeout
[   77.255562][ T5875] Bluetooth: hci0: command tx timeout
[   77.262423][ T5867] Bluetooth: hci4: command tx timeout
[   77.267856][ T5867] Bluetooth: hci2: command tx timeout
[   77.272783][ T5862] Bluetooth: hci1: command tx timeout
[   77.284403][ T5874] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   77.305243][ T5858] veth0_vlan: entered promiscuous mode
[   77.316489][ T5858] veth1_vlan: entered promiscuous mode
[   77.341535][ T5857] veth0_vlan: entered promiscuous mode
[   77.358753][ T5857] veth1_vlan: entered promiscuous mode
[   77.434919][ T5856] veth0_vlan: entered promiscuous mode
[   77.441949][ T1166] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.459878][ T1166] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.492284][ T5856] veth1_vlan: entered promiscuous mode
[   77.540886][ T5858] veth0_macvtap: entered promiscuous mode
[   77.562237][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   77.578144][ T5856] veth0_macvtap: entered promiscuous mode
[   77.605888][ T5856] veth1_macvtap: entered promiscuous mode
[   77.615512][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.623788][ T5858] veth1_macvtap: entered promiscuous mode
[   77.714504][ T5856] batman_adv: batadv0: Interface activated: batadv_slave_0
[   77.725454][ T5857] veth0_macvtap: entered promiscuous mode
[   77.761994][ T5856] batman_adv: batadv0: Interface activated: batadv_slave_1
[   77.778073][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_0
[   77.790112][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   77.800047][    T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!!
[   77.806183][ T5857] veth1_macvtap: entered promiscuous mode
[   77.842479][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_1
[   77.885775][   T13] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   77.895618][   T13] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   77.909333][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_0
[   77.951555][   T13] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   77.960764][   T30] audit: type=1804 audit(1755607124.890:2): pid=5986 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.4" name="/newroot/0/bus/bus" dev="overlay" ino=27 res=1 errno=0
[   77.989614][   T13] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   78.023280][   T30] audit: type=1804 audit(1755607124.950:3): pid=5986 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.4" name="/newroot/0/bus/bus" dev="overlay" ino=27 res=1 errno=0
[   78.705347][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_1
[   78.774025][   T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   78.891240][   T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   78.941192][ T1155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   78.955210][ T1155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   79.007290][   T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   79.007312][ T1166] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   79.007330][ T1166] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   79.056907][   T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   79.107208][ T1166] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   79.116053][ T1166] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   79.139682][   T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   79.205933][ T1155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   79.217025][ T1155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   79.238334][   T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   79.274023][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   79.283611][   T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   79.292954][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   79.301824][   T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   79.329957][ T5876] Bluetooth: hci1: command tx timeout
[   79.330255][ T5862] Bluetooth: hci3: command tx timeout
[   79.335394][ T5876] Bluetooth: hci2: command tx timeout
[   79.335419][ T5876] Bluetooth: hci0: command tx timeout
[   79.340913][ T5862] Bluetooth: hci4: command tx timeout
[   79.425923][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   79.488674][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   79.613565][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   79.623817][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   79.837664][ T6003] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   80.006446][   T30] audit: type=1804 audit(1755607126.940:4): pid=6008 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.6" name="/newroot/1/bus/bus" dev="overlay" ino=32 res=1 errno=0
[   80.027876][   T30] audit: type=1804 audit(1755607126.980:5): pid=6008 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.6" name="/newroot/1/bus/bus" dev="overlay" ino=32 res=1 errno=0
[   80.695405][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   80.790115][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   80.799395][    T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!!
[   80.808702][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   80.817368][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   80.949016][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   81.410826][ T5876] Bluetooth: hci0: command tx timeout
[   81.420988][ T5876] Bluetooth: hci4: command tx timeout
[   81.421634][   T51] Bluetooth: hci3: command tx timeout
[   81.426422][ T5876] Bluetooth: hci2: command tx timeout
[   81.426446][ T5876] Bluetooth: hci1: command tx timeout
[   82.121434][   T30] audit: type=1804 audit(1755607129.040:6): pid=6016 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.8" name="/newroot/1/bus/bus" dev="overlay" ino=32 res=1 errno=0
[   82.164254][ T6017] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[   82.170915][ T6017] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[   82.224159][   T30] audit: type=1804 audit(1755607129.050:7): pid=6016 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.8" name="/newroot/1/bus/bus" dev="overlay" ino=32 res=1 errno=0
[   82.266693][ T6017] vhci_hcd vhci_hcd.0: Device attached
[   82.818450][ T5928] usb 40-1: SetAddress Request (2) to port 0
[   83.025102][ T5928] usb 40-1: new SuperSpeed USB device number 2 using vhci_hcd
[   83.025340][ T6018] vhci_hcd: connection closed
[   83.051815][ T6019] vhci_hcd: sendmsg failed!, ret=-32 for 48
[   83.340680][   T12] vhci_hcd: stop threads
[   83.345008][   T12] vhci_hcd: release socket
[   83.361268][   T12] vhci_hcd: disconnect device
[   84.766844][ T6026] loop0: detected capacity change from 0 to 32768
[   84.835772][   T30] audit: type=1800 audit(1755607131.780:8): pid=6026 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.11" name="file1" dev="loop0" ino=4 res=0 errno=0
[   84.875207][ T6032] loop2: detected capacity change from 0 to 32768
[   85.005614][   T30] audit: type=1800 audit(1755607131.950:9): pid=6032 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.12" name="file1" dev="loop2" ino=4 res=0 errno=0
[   85.781025][ T6050] netlink: 'syz.1.14': attribute type 4 has an invalid length.
[   86.614651][ T1210] cfg80211: failed to load regulatory.db
[   86.654228][ T5950] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   86.997469][   T30] audit: type=1804 audit(1755607133.930:10): pid=6063 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.18" name="/newroot/3/bus/bus" dev="overlay" ino=53 res=1 errno=0
[   87.695442][   T30] audit: type=1804 audit(1755607133.930:11): pid=6063 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.18" name="/newroot/3/bus/bus" dev="overlay" ino=53 res=1 errno=0
[   87.716581][ T5950] usb 3-1: Using ep0 maxpacket: 32
[   87.723167][ T5950] usb 3-1: config 0 has an invalid interface number: 184 but max is 0
[   87.737992][ T5950] usb 3-1: config 0 has no interface number 0
[   87.892630][ T5950] usb 3-1: config 0 interface 184 has no altsetting 0
[   87.970960][   T30] audit: type=1804 audit(1755607134.030:12): pid=6064 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.19" name="/newroot/3/bus/bus" dev="overlay" ino=53 res=1 errno=0
[   87.992456][ T5950] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[   88.007227][ T5950] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   88.025562][ T5950] usb 3-1: Product: syz
[   88.031058][ T5950] usb 3-1: Manufacturer: syz
[   88.035769][   T30] audit: type=1804 audit(1755607134.040:13): pid=6064 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.19" name="/newroot/3/bus/bus" dev="overlay" ino=53 res=1 errno=0
[   88.068277][ T5950] usb 3-1: SerialNumber: syz
[   88.090988][ T5950] usb 3-1: config 0 descriptor??
[   88.103272][ T5950] smsc75xx v1.0.0
[   88.129925][ T5928] usb 40-1: device descriptor read/8, error -110
[   88.598165][ T5928] usb usb40-port1: attempt power cycle
[   88.712856][ T5950] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[   88.727813][ T5950] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[   89.470705][ T5928] usb usb40-port1: unable to enumerate USB device
[   90.262404][ T5950] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32
[   90.274613][ T5950] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -32
[   90.305106][ T5950] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -32
[   90.357283][ T5950] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -32
[   90.630000][   T30] audit: type=1804 audit(1755607137.530:14): pid=6088 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.23" name="/newroot/4/bus/bus" dev="overlay" ino=47 res=1 errno=0
[   90.731921][ T6089] netlink: 4 bytes leftover after parsing attributes in process `syz.0.24'.
[   90.782064][   T30] audit: type=1804 audit(1755607137.550:15): pid=6088 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.23" name="/newroot/4/bus/bus" dev="overlay" ino=47 res=1 errno=0
[   91.374970][ T5928] usb 3-1: USB disconnect, device number 2
[   93.108216][   T30] audit: type=1804 audit(1755607140.050:16): pid=6104 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.28" name="/newroot/5/bus" dev="tmpfs" ino=55 res=1 errno=0
[   93.305690][ T6108] loop3: detected capacity change from 0 to 512
[   93.312660][ T6108] =======================================================
[   93.312660][ T6108] WARNING: The mand mount option has been deprecated and
[   93.312660][ T6108]          and is ignored by this kernel. Remove the mand
[   93.312660][ T6108]          option from the mount to silence this warning.
[   93.312660][ T6108] =======================================================
[   93.409549][ T6108] EXT4-fs error (device loop3): ext4_read_inode_bitmap:139: comm syz.3.30: Invalid inode bitmap blk 4 in block_group 0
[   93.428351][ T6108] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   93.529877][ T5861] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   93.918325][ T5861] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[   93.929897][ T5861] usb 3-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[   93.939046][ T5861] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   93.997424][ T5861] usb 3-1: config 0 descriptor??
[   94.295744][ T5861] usb 3-1: USB disconnect, device number 3
[   94.641313][ T6110] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 7969 vs 220 free clusters
[   95.271765][ T6127] netlink: 'syz.2.34': attribute type 4 has an invalid length.
[   95.428735][ T6128] netlink: 'syz.2.34': attribute type 4 has an invalid length.
[   98.025579][ T5855] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   98.062394][ T6145] loop1: detected capacity change from 0 to 512
[   98.123376][ T6145] EXT4-fs error (device loop1): ext4_read_inode_bitmap:139: comm syz.1.39: Invalid inode bitmap blk 4 in block_group 0
[   98.257546][ T6145] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   98.864212][ T6154] loop3: detected capacity change from 0 to 512
[   98.880996][ T6154] EXT4-fs: Ignoring removed orlov option
[   98.886731][ T6154] ext4: Unknown parameter 'pcr'
[   98.909296][   T30] audit: type=1804 audit(1755607145.130:17): pid=6151 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.40" name="/newroot/7/bus/bus" dev="overlay" ino=83 res=1 errno=0
[   98.932517][ T6153] syzkaller0: entered promiscuous mode
[   98.938017][ T6153] syzkaller0: entered allmulticast mode
[   98.950727][   T30] audit: type=1804 audit(1755607145.140:18): pid=6151 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.40" name="/newroot/7/bus/bus" dev="overlay" ino=83 res=1 errno=0
[   99.759892][ T1210] usb 2-1: new full-speed USB device number 2 using dummy_hcd
[   99.911478][ T1210] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   99.921932][ T1210] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[   99.948741][ T1210] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00
[   99.958005][ T1210] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  100.037622][ T1210] usb 2-1: SerialNumber: syz
[  100.057872][ T1210] usb 2-1: 0:2 : does not exist
[  100.379903][   T24] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  100.751011][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  100.804848][   T24] usb 5-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[  101.170340][ T6150] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 7969 vs 220 free clusters
[  101.202408][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  101.220883][   T24] usb 5-1: config 0 descriptor??
[  101.880171][ T5987] usb 5-1: USB disconnect, device number 2
[  102.258709][ T5935] usb 2-1: USB disconnect, device number 2
[  102.326287][ T5857] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  103.356647][ T5935] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  103.571435][ T5935] usb 3-1: Using ep0 maxpacket: 16
[  103.589897][ T6189] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  103.596435][ T6189] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  103.620256][ T6189] vhci_hcd vhci_hcd.0: Device attached
[  103.639860][ T5935] usb 3-1: config 0 has no interfaces?
[  103.661943][ T6193] loop3: detected capacity change from 0 to 512
[  103.668607][ T5935] usb 3-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  103.688184][ T5935] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  103.729923][ T5935] usb 3-1: Product: syz
[  103.742602][ T5935] usb 3-1: Manufacturer: syz
[  103.747242][ T5935] usb 3-1: SerialNumber: syz
[  103.764399][ T6193] EXT4-fs error (device loop3): ext4_read_inode_bitmap:139: comm syz.3.51: Invalid inode bitmap blk 4 in block_group 0
[  103.781113][ T5935] usb 3-1: config 0 descriptor??
[  103.930805][ T6193] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  103.959855][   T24] usb 42-1: SetAddress Request (2) to port 0
[  103.981357][   T24] usb 42-1: new SuperSpeed USB device number 2 using vhci_hcd
[  104.318291][ T6190] vhci_hcd: connection reset by peer
[  104.419199][ T1155] vhci_hcd: stop threads
[  104.423648][ T1155] vhci_hcd: release socket
[  104.438830][ T1155] vhci_hcd: disconnect device
[  104.929913][ T6195] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 7969 vs 220 free clusters
[  106.038473][ T5987] usb 3-1: USB disconnect, device number 4
[  106.629838][ T5950] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  106.714761][ T5855] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.854248][ T6231] loop3: detected capacity change from 0 to 128
[  106.875104][ T5950] usb 1-1: Using ep0 maxpacket: 16
[  106.898019][ T5950] usb 1-1: config 0 has no interfaces?
[  106.908153][ T6231] vfat: Unknown parameter 'ÿ'
[  106.930690][ T5950] usb 1-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  106.950561][ T5950] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  107.059837][ T5950] usb 1-1: Product: syz
[  107.064050][ T5950] usb 1-1: Manufacturer: syz
[  107.087054][ T5950] usb 1-1: SerialNumber: syz
[  107.159549][ T5950] usb 1-1: config 0 descriptor??
[  107.438160][ T6238] netlink: 'syz.3.62': attribute type 4 has an invalid length.
[  107.628769][ T6220] loop2: detected capacity change from 0 to 32768
[  108.101071][   T30] audit: type=1800 audit(1755607154.610:19): pid=6220 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.58" name="file1" dev="loop2" ino=4 res=0 errno=0
[  108.343453][ T6244] netlink: 'syz.3.62': attribute type 4 has an invalid length.
[  109.169931][   T24] usb 42-1: device descriptor read/8, error -110
[  109.264365][ T5935] usb 1-1: USB disconnect, device number 2
[  110.330205][   T24] usb usb42-port1: attempt power cycle
[  110.357286][   T30] audit: type=1800 audit(1755607157.290:20): pid=6246 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.58" name="file1" dev="loop2" ino=4 res=0 errno=0
[  111.040574][   T24] usb usb42-port1: unable to enumerate USB device
[  111.076216][ T6275] loop1: detected capacity change from 0 to 512
[  111.151422][ T6278] netlink: 'syz.4.73': attribute type 10 has an invalid length.
[  111.201299][ T6275] EXT4-fs error (device loop1): ext4_read_inode_bitmap:139: comm syz.1.72: Invalid inode bitmap blk 4 in block_group 0
[  111.227891][ T6278] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  111.647084][ T6275] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  111.754322][ T6282] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  111.892755][ T6282] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  111.955330][ T6282] bond0 (unregistering): (slave netdevsim0): Releasing backup interface
[  111.974373][ T6282] bond0 (unregistering): Released all slaves
[  112.011826][ T6285] lo speed is unknown, defaulting to 1000
[  112.017944][ T6285] lo speed is unknown, defaulting to 1000
[  112.024301][ T6285] lo speed is unknown, defaulting to 1000
[  112.034628][ T6285] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  112.046787][ T6285] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  112.068814][ T6285] lo speed is unknown, defaulting to 1000
[  112.075518][ T6285] lo speed is unknown, defaulting to 1000
[  112.082223][ T6285] lo speed is unknown, defaulting to 1000
[  112.088866][ T6285] lo speed is unknown, defaulting to 1000
[  112.095533][ T6285] lo speed is unknown, defaulting to 1000
[  112.585788][ T6298] overlayfs: failed to resolve './file0': -2
[  112.641654][   T30] audit: type=1804 audit(1755607159.580:21): pid=6298 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.75" name="/newroot/19/bus/bus" dev="tmpfs" ino=129 res=1 errno=0
[  113.290106][ T6303] loop4: detected capacity change from 0 to 512
[  113.361371][ T6303] EXT4-fs: Ignoring removed orlov option
[  113.369327][ T6303] ext4: Unknown parameter 'pcr'
[  114.134243][ T5857] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  116.647991][ T6334] syzkaller0: entered promiscuous mode
[  116.663775][ T6334] syzkaller0: entered allmulticast mode
[  116.694312][ T6337] netlink: 'syz.0.87': attribute type 10 has an invalid length.
[  116.724149][ T6337] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  116.945589][ T6341] lo speed is unknown, defaulting to 1000
[  117.070372][ T6344] loop4: detected capacity change from 0 to 512
[  117.193971][ T6344] EXT4-fs error (device loop4): ext4_read_inode_bitmap:139: comm syz.4.89: Invalid inode bitmap blk 4 in block_group 0
[  117.237951][ T6344] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  118.927317][ T6358] loop0: detected capacity change from 0 to 32768
[  119.037181][   T30] audit: type=1800 audit(1755607165.980:22): pid=6358 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.92" name="file1" dev="loop0" ino=4 res=0 errno=0
[  119.110158][ T6347] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 7969 vs 220 free clusters
[  119.818382][ T6372] lo speed is unknown, defaulting to 1000
[  120.341785][ T5856] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  120.784247][ T6384] tipc: Started in network mode
[  120.789179][ T6384] tipc: Node identity c6faf48e910f, cluster identity 4711
[  120.806621][ T6384] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  120.902937][ T6378] tipc: Resetting bearer <eth:syzkaller0>
[  120.926161][ T6377] tipc: Disabling bearer <eth:syzkaller0>
[  121.660696][ T6399] netlink: 'syz.4.102': attribute type 4 has an invalid length.
[  121.757685][ T6401] netlink: 'syz.4.102': attribute type 4 has an invalid length.
[  123.759222][ T6419] loop0: detected capacity change from 0 to 512
[  123.856346][ T6419] EXT4-fs error (device loop0): ext4_read_inode_bitmap:139: comm syz.0.109: Invalid inode bitmap blk 4 in block_group 0
[  123.872877][ T6419] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  124.046352][ T6427] netlink: 8 bytes leftover after parsing attributes in process `syz.2.108'.
[  124.174678][ T6425] netlink: 'syz.4.110': attribute type 72 has an invalid length.
[  124.387691][ T6433] tipc: Started in network mode
[  124.392939][ T6433] tipc: Node identity 760d6c499e59, cluster identity 4711
[  124.420416][ T6433] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  124.433097][ T6433] tipc: Resetting bearer <eth:syzkaller0>
[  124.440711][ T6432] tipc: Disabling bearer <eth:syzkaller0>
[  124.966259][ T6444] netlink: 1624 bytes leftover after parsing attributes in process `syz.4.117'.
[  125.001816][ T6446] overlayfs: failed to resolve './file0': -2
[  125.096882][   T30] audit: type=1804 audit(1755607172.030:23): pid=6446 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.116" name="/newroot/22/bus/bus" dev="tmpfs" ino=134 res=1 errno=0
[  126.824412][ T5874] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  127.363071][ T6463] netlink: 'syz.0.120': attribute type 4 has an invalid length.
[  127.400685][ T6463] netlink: 'syz.0.120': attribute type 4 has an invalid length.
[  127.487764][ T6465] netlink: 1624 bytes leftover after parsing attributes in process `syz.2.122'.
[  127.565340][ T6467] netlink: 'syz.2.123': attribute type 72 has an invalid length.
[  128.446479][ T6476] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  128.482733][ T6476] tipc: Resetting bearer <eth:syzkaller0>
[  128.508849][ T6475] tipc: Disabling bearer <eth:syzkaller0>
[  128.533925][ T6474] fuse: Unknown parameter 'use00000000000000000000'
[  129.145984][ T6485] netlink: 8 bytes leftover after parsing attributes in process `syz.4.128'.
[  129.358468][ T6491] siw: device registration error -23
[  129.832123][   T30] audit: type=1804 audit(1755607176.780:24): pid=6489 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.131" name="/newroot/26/bus/bus" dev="tmpfs" ino=160 res=1 errno=0
[  129.864900][ T6490] netlink: 'syz.0.129': attribute type 4 has an invalid length.
[  129.928162][ T6490] netlink: 'syz.0.129': attribute type 4 has an invalid length.
[  130.430327][ T6500] loop4: detected capacity change from 0 to 512
[  130.437426][ T6500] EXT4-fs: Ignoring removed orlov option
[  130.459168][ T6500] ext4: Unknown parameter 'pcr'
[  131.744383][ T6509] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.136'.
[  131.892993][ T6511] netlink: 1624 bytes leftover after parsing attributes in process `syz.3.137'.
[  132.305290][ T6521] netlink: 'syz.4.138': attribute type 4 has an invalid length.
[  132.330103][ T5935] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  132.356276][ T6521] netlink: 'syz.4.138': attribute type 4 has an invalid length.
[  132.529869][ T5935] usb 4-1: Using ep0 maxpacket: 16
[  132.539301][ T5935] usb 4-1: config 0 has no interfaces?
[  132.553273][ T5935] usb 4-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  132.701627][ T5935] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  132.727560][ T5935] usb 4-1: Product: syz
[  132.732673][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  132.750675][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  132.777244][ T5935] usb 4-1: Manufacturer: syz
[  132.853786][ T5935] usb 4-1: SerialNumber: syz
[  132.891685][ T5935] usb 4-1: config 0 descriptor??
[  133.768399][ T6527] tipc: Started in network mode
[  133.797443][ T6527] tipc: Node identity d2f2fcaa0532, cluster identity 4711
[  133.814319][ T6527] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  133.827468][ T6527] syzkaller0: entered promiscuous mode
[  133.833646][ T6527] syzkaller0: entered allmulticast mode
[  133.855511][ T6526] tipc: Resetting bearer <eth:syzkaller0>
[  133.871331][ T6526] tipc: Disabling bearer <eth:syzkaller0>
[  134.038735][ T6532] netlink: 8 bytes leftover after parsing attributes in process `syz.1.144'.
[  134.062279][    T9] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  134.125227][ T6534] bridge_slave_0: left allmulticast mode
[  134.133242][ T6534] bridge_slave_0: left promiscuous mode
[  134.138981][ T6534] bridge0: port 1(bridge_slave_0) entered disabled state
[  134.154051][ T6534] bridge_slave_1: left allmulticast mode
[  134.159857][ T6534] bridge_slave_1: left promiscuous mode
[  134.165635][ T6534] bridge0: port 2(bridge_slave_1) entered disabled state
[  134.181913][ T6534] bond0: (slave bond_slave_0): Releasing backup interface
[  134.222393][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  134.234016][ T6534] bond0: (slave bond_slave_1): Releasing backup interface
[  134.246495][    T9] usb 5-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[  134.264886][ T6534] team0: Port device team_slave_0 removed
[  134.269223][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  134.284822][ T6534] team0: Port device team_slave_1 removed
[  134.287924][    T9] usb 5-1: config 0 descriptor??
[  134.311385][ T6534] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  134.319018][ T6534] batman_adv: batadv0: Removing interface: batadv_slave_0
[  134.329594][ T6534] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  134.337346][ T6534] batman_adv: batadv0: Removing interface: batadv_slave_1
[  134.361981][ T5950] lo speed is unknown, defaulting to 1000
[  134.365325][ T6541] team0: Mode changed to "activebackup"
[  134.384518][ T6537] vlan0: entered promiscuous mode
[  134.396691][ T6537] team0: Port device vlan0 added
[  134.402921][ T6542] tipc: Enabled bearer <eth:team0>, priority 0
[  134.742813][ T6547] netlink: 'syz.2.147': attribute type 4 has an invalid length.
[  134.868006][ T6550] netlink: 'syz.2.147': attribute type 4 has an invalid length.
[  134.876296][ T5988] lo speed is unknown, defaulting to 1000
[  134.912085][ T5988] syz0: Port: 1 Link DOWN
[  135.105191][ T5988] usb 4-1: USB disconnect, device number 2
[  135.192519][ T6553] loop0: detected capacity change from 0 to 512
[  135.216564][ T6554] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.150'.
[  135.220727][ T6553] EXT4-fs: Ignoring removed orlov option
[  135.325853][ T6553] ext4: Unknown parameter 'pcr'
[  135.529965][ T5987] tipc: Node number set to 3619749034
[  135.950819][ T5935] lo speed is unknown, defaulting to 1000
[  135.956692][ T5935] syz0: Port: 1 Link ACTIVE
[  136.331219][ T5987] usb 5-1: USB disconnect, device number 3
[  137.732879][ T6573] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  137.740635][ T6573] syzkaller0: entered promiscuous mode
[  137.746115][ T6573] syzkaller0: entered allmulticast mode
[  138.007642][ T6572] tipc: Resetting bearer <eth:syzkaller0>
[  138.166232][ T6579] overlayfs: failed to resolve './file0': -2
[  138.182225][ T6572] tipc: Disabling bearer <eth:syzkaller0>
[  138.233306][   T30] audit: type=1804 audit(1755607185.140:25): pid=6579 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.157" name="/newroot/32/bus/bus" dev="tmpfs" ino=215 res=1 errno=0
[  138.603244][ T6587] netlink: 'syz.0.154': attribute type 4 has an invalid length.
[  138.635162][ T6587] netlink: 'syz.0.154': attribute type 4 has an invalid length.
[  139.166286][ T6591] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  139.172933][ T6591] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  139.211609][ T6591] vhci_hcd vhci_hcd.0: Device attached
[  139.484835][   T24] usb 40-1: SetAddress Request (6) to port 0
[  139.508590][   T24] usb 40-1: new SuperSpeed USB device number 6 using vhci_hcd
[  139.809680][ T6592] vhci_hcd: connection reset by peer
[  139.816217][ T1155] vhci_hcd: stop threads
[  139.849835][ T1155] vhci_hcd: release socket
[  139.858157][ T1155] vhci_hcd: disconnect device
[  141.385890][ T6606] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.163'.
[  142.003350][ T6611] loop0: detected capacity change from 0 to 512
[  142.057525][ T6611] EXT4-fs error (device loop0): ext4_read_inode_bitmap:139: comm syz.0.165: Invalid inode bitmap blk 4 in block_group 0
[  142.177511][ T6611] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  142.559844][ T5935] usb 1-1: new full-speed USB device number 3 using dummy_hcd
[  143.060672][ T6624] ieee802154 phy0 wpan0: encryption failed: -22
[  143.085535][ T5935] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  143.196312][ T5935] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  143.206924][ T5935] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00
[  143.218858][ T5935] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  143.227414][ T5935] usb 1-1: SerialNumber: syz
[  144.324870][ T5935] usb 1-1: 0:2 : does not exist
[  144.420709][ T6635] team0: Port device vlan0 removed
[  144.438565][   T13] tipc: Resetting bearer <eth:team0>
[  144.459377][ T6637] overlayfs: failed to resolve './file0': -2
[  144.510555][ T6639] team0: Unable to change to the same mode the team is in
[  144.517310][   T30] audit: type=1804 audit(1755607191.450:26): pid=6637 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.170" name="/newroot/29/bus/bus" dev="tmpfs" ino=193 res=1 errno=0
[  144.582877][ T6639] team0: Port device vlan0 added
[  144.610086][   T24] usb 40-1: device descriptor read/8, error -110
[  144.629703][ T6639] tipc: Enabling of bearer <eth:team0> rejected, already enabled
[  144.629839][ T1210] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  144.781379][ T1210] usb 5-1: Using ep0 maxpacket: 16
[  144.797854][ T1210] usb 5-1: config 0 has no interfaces?
[  144.929902][ T1210] usb 5-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  144.947466][ T1210] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  145.122654][   T24] usb usb40-port1: attempt power cycle
[  145.428454][ T1210] usb 5-1: Product: syz
[  145.448458][ T1210] usb 5-1: Manufacturer: syz
[  145.469328][ T1210] usb 5-1: SerialNumber: syz
[  145.510505][ T1210] usb 5-1: config 0 descriptor??
[  145.820038][ T6615] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 7969 vs 220 free clusters
[  146.044196][   T24] usb usb40-port1: unable to enumerate USB device
[  146.369694][ T6654] netlink: 'syz.2.174': attribute type 4 has an invalid length.
[  146.394069][ T6654] netlink: 'syz.2.174': attribute type 4 has an invalid length.
[  146.438843][   T24] lo speed is unknown, defaulting to 1000
[  146.445063][   T24] lo speed is unknown, defaulting to 1000
[  146.498168][   T24] usb 1-1: USB disconnect, device number 3
[  146.514817][ T5874] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  146.588513][ T6657] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  146.596027][ T6657] syzkaller0: entered promiscuous mode
[  146.603031][ T6657] syzkaller0: entered allmulticast mode
[  146.707869][ T6656] tipc: Resetting bearer <eth:syzkaller0>
[  146.728728][ T6656] tipc: Disabling bearer <eth:syzkaller0>
[  146.770558][ T6660] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  147.159966][ T5987] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  147.432938][ T5861] usb 5-1: USB disconnect, device number 4
[  147.439055][ T5987] usb 2-1: Using ep0 maxpacket: 16
[  147.451280][ T5987] usb 2-1: config 0 has no interfaces?
[  147.467663][ T5987] usb 2-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  147.490062][ T5987] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  147.498096][ T5987] usb 2-1: Product: syz
[  147.534542][ T5987] usb 2-1: Manufacturer: syz
[  147.987461][ T5987] usb 2-1: SerialNumber: syz
[  148.006319][ T5987] usb 2-1: config 0 descriptor??
[  150.275334][ T6688] loop0: detected capacity change from 0 to 512
[  150.285036][ T6688] EXT4-fs: Ignoring removed orlov option
[  150.356847][ T6688] ext4: Unknown parameter 'pcr'
[  150.418585][ T5935] usb 2-1: USB disconnect, device number 3
[  151.028718][ T6690] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  151.054734][ T6690] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  151.083328][ T6690] bond0 (unregistering): Released all slaves
[  151.380130][ T6702] siw: device registration error -23
[  151.657461][ T6703] process 'syz.1.188' launched '/dev/fd/3' with NULL argv: empty string added
[  152.578648][ T5988] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  152.870105][ T5988] usb 2-1: Using ep0 maxpacket: 16
[  152.881088][ T5988] usb 2-1: config 0 has no interfaces?
[  152.892489][ T5988] usb 2-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  152.948727][ T5988] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  152.997593][ T5988] usb 2-1: Product: syz
[  153.005158][   T30] audit: type=1804 audit(1755607199.950:27): pid=6720 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.193" name="/newroot/41/bus/bus" dev="tmpfs" ino=240 res=1 errno=0
[  153.010146][ T5988] usb 2-1: Manufacturer: syz
[  153.108842][ T5988] usb 2-1: SerialNumber: syz
[  153.141998][ T5988] usb 2-1: config 0 descriptor??
[  153.262524][ T6722] netlink: 'syz.3.191': attribute type 4 has an invalid length.
[  153.294869][ T6722] netlink: 'syz.3.191': attribute type 4 has an invalid length.
[  155.295745][ T5861] usb 2-1: USB disconnect, device number 4
[  156.042518][ T5861] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  156.119280][ T6740] ieee802154 phy0 wpan0: encryption failed: -22
[  156.229815][ T5861] usb 2-1: Using ep0 maxpacket: 16
[  156.246805][ T5861] usb 2-1: config 0 has no interfaces?
[  156.655767][ T5861] usb 2-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  156.666937][ T5861] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  156.712595][ T5861] usb 2-1: Product: syz
[  156.725608][ T5861] usb 2-1: Manufacturer: syz
[  156.753344][ T5861] usb 2-1: SerialNumber: syz
[  156.779106][ T5861] usb 2-1: config 0 descriptor??
[  156.885592][ T6745] loop2: detected capacity change from 0 to 512
[  156.927639][ T6745] EXT4-fs: Ignoring removed orlov option
[  157.031375][ T6745] ext4: Unknown parameter 'pcr'
[  157.760295][ T6751] siw: device registration error -23
[  158.952105][ T5935] usb 2-1: USB disconnect, device number 5
[  159.184438][ T6769] overlayfs: failed to resolve './file0': -2
[  159.859542][   T30] audit: type=1804 audit(1755607206.250:28): pid=6771 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.204" name="/newroot/38/bus/bus" dev="tmpfs" ino=227 res=1 errno=0
[  160.046736][ T6772] lo speed is unknown, defaulting to 1000
[  161.083464][ T6780] overlayfs: failed to resolve './file1': -2
[  161.151963][   T30] audit: type=1804 audit(1755607208.090:29): pid=6780 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.207" name="/newroot/45/bus/bus" dev="tmpfs" ino=268 res=1 errno=0
[  161.661611][ T6789] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  161.812460][ T6789] syzkaller0: entered promiscuous mode
[  161.818209][ T6789] syzkaller0: entered allmulticast mode
[  161.883389][ T6789] tipc: Resetting bearer <eth:syzkaller0>
[  161.920048][ T6788] tipc: Resetting bearer <eth:syzkaller0>
[  162.045634][ T6788] tipc: Disabling bearer <eth:syzkaller0>
[  162.141468][ T6797] siw: device registration error -23
[  163.812682][ T6807] loop1: detected capacity change from 0 to 512
[  163.862100][ T6807] EXT4-fs: Ignoring removed orlov option
[  163.867852][ T6807] ext4: Unknown parameter 'pcr'
[  164.658462][ T6808] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  164.665023][ T6808] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  164.674138][ T6808] vhci_hcd vhci_hcd.0: Device attached
[  164.709902][ T6809] vhci_hcd: connection closed
[  164.719781][   T49] vhci_hcd: stop threads
[  164.794089][   T49] vhci_hcd: release socket
[  164.815955][   T49] vhci_hcd: disconnect device
[  165.044476][ T6817] fuse: Unknown parameter 'use00000000000000000000'
[  165.688289][ T6826] netlink: 'syz.1.219': attribute type 4 has an invalid length.
[  165.700144][ T6826] netlink: 'syz.1.219': attribute type 4 has an invalid length.
[  168.049065][ T6847] siw: device registration error -23
[  168.775778][ T6856] overlayfs: missing 'lowerdir'
[  168.823242][   T30] audit: type=1804 audit(1755607215.760:30): pid=6856 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.229" name="/newroot/39/bus/bus" dev="tmpfs" ino=258 res=1 errno=0
[  168.918978][ T6859] overlayfs: failed to resolve './file1': -2
[  168.920000][ T1210] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  168.932656][ T5988] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  168.959793][   T30] audit: type=1804 audit(1755607215.900:31): pid=6859 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.230" name="/newroot/47/bus/bus" dev="tmpfs" ino=274 res=1 errno=0
[  169.101080][ T5988] usb 2-1: Using ep0 maxpacket: 16
[  169.116218][ T1210] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  169.134368][ T5988] usb 2-1: config 0 has no interfaces?
[  169.148583][ T5988] usb 2-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  169.162841][ T1210] usb 1-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[  169.193759][ T5988] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  169.208827][ T1210] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  169.218200][ T5988] usb 2-1: Product: syz
[  169.225733][ T5988] usb 2-1: Manufacturer: syz
[  169.242897][ T1210] usb 1-1: config 0 descriptor??
[  169.257809][ T5988] usb 2-1: SerialNumber: syz
[  169.303293][ T5988] usb 2-1: config 0 descriptor??
[  170.663882][ T1210] usb 1-1: USB disconnect, device number 4
[  170.759828][    T9] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  170.949775][    T9] usb 5-1: Using ep0 maxpacket: 16
[  170.960151][    T9] usb 5-1: unable to get BOS descriptor or descriptor too short
[  171.072311][    T9] usb 5-1: config 15 has an invalid interface number: 174 but max is 1
[  171.096543][    T9] usb 5-1: config 15 has an invalid interface number: 5 but max is 1
[  171.110154][    T9] usb 5-1: config 15 has no interface number 0
[  171.117860][    T9] usb 5-1: config 15 has no interface number 1
[  171.132165][    T9] usb 5-1: config 15 interface 174 altsetting 1 bulk endpoint 0x8 has invalid maxpacket 32
[  171.150866][    T9] usb 5-1: config 15 interface 174 altsetting 1 endpoint 0x2 has invalid maxpacket 1023, setting to 64
[  171.162171][    T9] usb 5-1: config 15 interface 174 altsetting 1 has a duplicate endpoint with address 0xC, skipping
[  171.175702][    T9] usb 5-1: config 15 interface 174 altsetting 1 endpoint 0xE has invalid maxpacket 1023, setting to 64
[  171.187043][    T9] usb 5-1: config 15 interface 174 altsetting 1 has an endpoint descriptor with address 0xB7, changing to 0x87
[  171.198998][    T9] usb 5-1: config 15 interface 5 altsetting 128 has a duplicate endpoint with address 0x8, skipping
[  171.211200][    T9] usb 5-1: config 15 interface 5 altsetting 128 has a duplicate endpoint with address 0x8, skipping
[  171.223849][    T9] usb 5-1: config 15 interface 174 has no altsetting 0
[  171.232207][    T9] usb 5-1: config 15 interface 5 has no altsetting 0
[  171.251565][    T9] usb 5-1: language id specifier not provided by device, defaulting to English
[  171.275508][    T9] usb 5-1: New USB device found, idVendor=1199, idProduct=6859, bcdDevice=fd.7d
[  171.287107][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  171.299355][    T9] usb 5-1: Product: syz
[  171.314051][    T9] usb 5-1: Manufacturer: syz
[  171.328645][    T9] usb 5-1: SerialNumber: syz
[  171.349625][ T6866] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  171.394172][ T6877] netlink: 'syz.2.233': attribute type 4 has an invalid length.
[  171.573051][ T1210] lo speed is unknown, defaulting to 1000
[  171.579805][    T9] sierra 5-1:15.174: Sierra USB modem converter detected
[  171.591660][    T9] usb 5-1: Sierra USB modem converter now attached to ttyUSB0
[  171.601045][    T9] usb 5-1: Sierra USB modem converter now attached to ttyUSB1
[  171.621190][    T9] sierra 5-1:15.5: Sierra USB modem converter detected
[  171.639039][ T1210] syz0: Port: 1 Link DOWN
[  171.647374][    T9] usb 5-1: Sierra USB modem converter now attached to ttyUSB2
[  171.677860][ T6881] netlink: 'syz.0.235': attribute type 4 has an invalid length.
[  171.735248][ T5861] usb 2-1: USB disconnect, device number 6
[  172.690985][    T9] usb 5-1: USB disconnect, device number 5
[  172.699514][    T9] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0
[  172.717616][ T6886] netlink: 'syz.0.235': attribute type 4 has an invalid length.
[  172.740311][    T9] sierra ttyUSB1: Sierra USB modem converter now disconnected from ttyUSB1
[  172.749538][    T9] sierra 5-1:15.174: device disconnected
[  172.768750][    T9] sierra ttyUSB2: Sierra USB modem converter now disconnected from ttyUSB2
[  172.788266][    T9] sierra 5-1:15.5: device disconnected
[  173.279236][ T6898] lo speed is unknown, defaulting to 1000
[  175.156817][ T6914] netlink: 'syz.0.241': attribute type 4 has an invalid length.
[  175.474199][ T6921] netlink: 'syz.0.241': attribute type 4 has an invalid length.
[  175.544256][ T6920] overlayfs: missing 'lowerdir'
[  175.640070][ T6923] loop2: detected capacity change from 0 to 512
[  175.680776][   T30] audit: type=1804 audit(1755607222.610:32): pid=6920 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.244" name="/newroot/41/bus/bus" dev="tmpfs" ino=273 res=1 errno=0
[  175.755110][ T6923] EXT4-fs error (device loop2): ext4_read_inode_bitmap:139: comm syz.2.245: Invalid inode bitmap blk 4 in block_group 0
[  175.793069][ T6923] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  176.809845][ T6926] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 7969 vs 220 free clusters
[  178.330508][    T9] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  178.490991][    T9] usb 2-1: Using ep0 maxpacket: 16
[  178.497849][    T9] usb 2-1: config 0 has no interfaces?
[  178.506678][    T9] usb 2-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  178.558269][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  178.575246][ T6946] netlink: 'syz.0.247': attribute type 4 has an invalid length.
[  178.695106][ T5858] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  178.828981][    T9] usb 2-1: Product: syz
[  178.844631][    T9] usb 2-1: Manufacturer: syz
[  178.863747][    T9] usb 2-1: SerialNumber: syz
[  178.905957][    T9] usb 2-1: config 0 descriptor??
[  179.166123][ T6950] lo speed is unknown, defaulting to 1000
[  180.297751][ T6956] netlink: 'syz.3.252': attribute type 4 has an invalid length.
[  180.311033][ T6956] netlink: 'syz.3.252': attribute type 4 has an invalid length.
[  180.991771][ T6965] siw: device registration error -23
[  181.246084][ T1210] usb 2-1: USB disconnect, device number 7
[  181.948104][ T6978] netlink: 'syz.1.256': attribute type 4 has an invalid length.
[  182.132248][ T5861] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  182.449879][ T5861] usb 1-1: Using ep0 maxpacket: 16
[  182.503507][ T5861] usb 1-1: config 0 has no interfaces?
[  182.511085][ T5861] usb 1-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  182.520652][ T5861] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  182.528651][ T5861] usb 1-1: Product: syz
[  182.533271][ T5861] usb 1-1: Manufacturer: syz
[  182.543170][ T5861] usb 1-1: SerialNumber: syz
[  182.604255][ T5861] usb 1-1: config 0 descriptor??
[  183.144881][ T6986] loop2: detected capacity change from 0 to 512
[  183.723272][ T6986] EXT4-fs error (device loop2): ext4_read_inode_bitmap:139: comm syz.2.261: Invalid inode bitmap blk 4 in block_group 0
[  183.737308][ T6986] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  184.434617][ T6994] overlayfs: missing 'lowerdir'
[  184.507099][   T30] audit: type=1804 audit(1755607231.450:33): pid=6994 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.262" name="/newroot/55/bus/bus" dev="tmpfs" ino=336 res=1 errno=0
[  184.842726][ T1210] usb 1-1: USB disconnect, device number 5
[  184.890016][ T6998] loop0: detected capacity change from 0 to 512
[  184.897306][ T6998] EXT4-fs: Ignoring removed orlov option
[  184.904545][ T6998] ext4: Unknown parameter 'pcr'
[  185.603534][ T7002] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  185.610094][ T7002] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  185.618376][ T7002] vhci_hcd vhci_hcd.0: Device attached
[  185.872435][ T7003] vhci_hcd: connection closed
[  185.876007][   T12] vhci_hcd: stop threads
[  185.899540][   T12] vhci_hcd: release socket
[  185.906205][   T12] vhci_hcd: disconnect device
[  185.940224][ T1210] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  186.069841][ T1210] usb 1-1: device descriptor read/64, error -71
[  186.199526][ T5858] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  186.220642][ T7006] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  186.227170][ T7006] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  186.235551][ T7006] vhci_hcd vhci_hcd.0: Device attached
[  186.336720][ T1210] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  186.529254][ T7007] vhci_hcd: connection closed
[  186.543604][   T13] vhci_hcd: stop threads
[  186.562731][   T13] vhci_hcd: release socket
[  186.572918][   T13] vhci_hcd: disconnect device
[  186.580115][ T5928] usb 36-1: enqueue for inactive port 0
[  186.599955][ T1210] usb 1-1: device descriptor read/64, error -71
[  186.731082][ T1210] usb usb1-port1: attempt power cycle
[  186.789836][ T5935] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  186.960579][ T5935] usb 3-1: Using ep0 maxpacket: 32
[  186.966985][ T5935] usb 3-1: config 0 has an invalid interface number: 184 but max is 0
[  186.988675][ T5935] usb 3-1: config 0 has no interface number 0
[  187.002097][ T5935] usb 3-1: config 0 interface 184 has no altsetting 0
[  187.030662][ T5935] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  187.219791][ T5987] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  187.369798][ T5928] usb usb36-port1: attempt power cycle
[  187.393149][ T1210] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  187.413922][ T5935] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  188.227283][ T5935] usb 3-1: Product: syz
[  188.257745][ T5935] usb 3-1: Manufacturer: syz
[  188.275764][ T1210] usb 1-1: device descriptor read/8, error -71
[  188.286984][ T5935] usb 3-1: SerialNumber: syz
[  188.299013][ T5935] usb 3-1: config 0 descriptor??
[  188.313456][ T5935] smsc75xx v1.0.0
[  188.319972][ T5987] usb 5-1: Using ep0 maxpacket: 16
[  188.338248][ T5987] usb 5-1: config 0 has no interfaces?
[  188.380350][ T5987] usb 5-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  188.406729][ T5987] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  188.429110][ T5987] usb 5-1: Product: syz
[  188.437320][ T5987] usb 5-1: Manufacturer: syz
[  188.443919][ T5987] usb 5-1: SerialNumber: syz
[  188.462307][ T5987] usb 5-1: config 0 descriptor??
[  188.830463][ T5928] usb usb36-port1: unable to enumerate USB device
[  188.928582][ T5935] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  189.299126][ T5935] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  190.352123][ T5987] usb 5-1: USB disconnect, device number 6
[  190.427606][ T5935] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[  190.469557][ T5935] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -61
[  190.580412][ T5935] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -61
[  190.615127][ T5935] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -61
[  190.636886][ T7041] loop1: detected capacity change from 0 to 512
[  191.032667][ T7041] EXT4-fs error (device loop1): ext4_read_inode_bitmap:139: comm syz.1.275: Invalid inode bitmap blk 4 in block_group 0
[  191.062157][ T7041] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  191.861845][   T30] audit: type=1804 audit(1755607238.790:34): pid=7054 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.276" name="/newroot/58/bus/bus" dev="overlay" ino=362 res=1 errno=0
[  191.872481][ T5928] usb 3-1: USB disconnect, device number 5
[  191.924492][   T30] audit: type=1804 audit(1755607238.860:35): pid=7055 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.276" name="/newroot/58/bus/bus" dev="overlay" ino=362 res=1 errno=0
[  192.065396][ T7059] overlayfs: failed to resolve './file1': -2
[  192.139244][   T30] audit: type=1804 audit(1755607239.060:36): pid=7059 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.277" name="/newroot/56/bus/bus" dev="tmpfs" ino=325 res=1 errno=0
[  193.299322][ T7046] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 7969 vs 220 free clusters
[  193.561749][ T5857] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  194.140280][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  194.146668][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  194.345513][ T7073] overlayfs: failed to resolve './file1': -2
[  194.401542][   T30] audit: type=1804 audit(1755607241.320:37): pid=7073 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.282" name="/newroot/56/bus/bus" dev="tmpfs" ino=324 res=1 errno=0
[  195.134707][ T5861] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  195.373641][ T5861] usb 5-1: Using ep0 maxpacket: 16
[  195.496723][ T5861] usb 5-1: config 0 has no interfaces?
[  195.680967][ T5861] usb 5-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  195.749913][ T7084] ieee802154 phy0 wpan0: encryption failed: -22
[  195.889643][ T5861] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  195.914851][ T5861] usb 5-1: Product: syz
[  195.939303][ T5861] usb 5-1: Manufacturer: syz
[  195.958861][ T5861] usb 5-1: SerialNumber: syz
[  195.974259][ T5861] usb 5-1: config 0 descriptor??
[  196.221097][ T5872] Bluetooth: hci2: command 0x0406 tx timeout
[  196.227252][ T5872] Bluetooth: hci3: command 0x0406 tx timeout
[  196.233755][ T5872] Bluetooth: hci4: command 0x0406 tx timeout
[  196.240766][ T5872] Bluetooth: hci0: command 0x0406 tx timeout
[  196.246898][ T5872] Bluetooth: hci1: command 0x0406 tx timeout
[  197.547270][ T7098] netlink: 'syz.3.287': attribute type 72 has an invalid length.
[  197.827267][ T7102] siw: device registration error -23
[  198.255109][ T5987] usb 5-1: USB disconnect, device number 7
[  198.323613][ T7105] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  198.334429][ T7105] syzkaller0: entered promiscuous mode
[  198.342228][ T7105] syzkaller0: entered allmulticast mode
[  198.357905][ T7105] Zero length message leads to an empty skb
[  198.375768][ T7105] tipc: Resetting bearer <eth:syzkaller0>
[  198.391082][ T7104] tipc: Resetting bearer <eth:syzkaller0>
[  198.505412][ T7104] tipc: Disabling bearer <eth:syzkaller0>
[  198.729821][ T5935] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  198.939776][ T5935] usb 2-1: Using ep0 maxpacket: 16
[  198.973704][ T5935] usb 2-1: config 0 has no interfaces?
[  198.981626][ T5935] usb 2-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  199.000017][ T5935] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  199.018563][ T7118] overlayfs: missing 'lowerdir'
[  199.024387][ T5935] usb 2-1: Product: syz
[  199.040249][ T5935] usb 2-1: Manufacturer: syz
[  199.058090][ T5935] usb 2-1: SerialNumber: syz
[  199.077476][   T30] audit: type=1804 audit(1755607246.020:38): pid=7118 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.296" name="/newroot/61/bus/bus" dev="tmpfs" ino=354 res=1 errno=0
[  199.079209][ T5935] usb 2-1: config 0 descriptor??
[  201.396447][   T30] audit: type=1804 audit(1755607248.090:39): pid=7134 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.297" name="/newroot/60/bus" dev="tmpfs" ino=348 res=1 errno=0
[  201.560117][ T5950] usb 2-1: USB disconnect, device number 8
[  201.806215][ T7137] netlink: 'syz.1.300': attribute type 72 has an invalid length.
[  201.998432][ T5935] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  202.093285][ T7151] loop1: detected capacity change from 0 to 512
[  202.108458][ T7145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  202.212665][ T5935] usb 4-1: Using ep0 maxpacket: 32
[  202.229610][ T5935] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  202.241075][ T5935] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  202.251463][ T7147] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  202.257974][ T7147] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  202.267662][ T5935] usb 4-1: New USB device found, idVendor=0458, idProduct=5013, bcdDevice= 0.00
[  202.279404][ T5935] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  202.307928][ T7151] EXT4-fs error (device loop1): ext4_read_inode_bitmap:139: comm syz.1.303: Invalid inode bitmap blk 4 in block_group 0
[  202.336066][ T7145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  202.416769][ T5935] usb 4-1: config 0 descriptor??
[  202.428248][ T7151] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  202.456666][ T7145] bond0 (unregistering): (slave netdevsim0): Releasing backup interface
[  202.492942][ T7147] vhci_hcd vhci_hcd.0: Device attached
[  202.538959][ T7145] bond0 (unregistering): Released all slaves
[  202.779888][ T5935] usb 42-1: SetAddress Request (6) to port 0
[  202.785966][ T5935] usb 42-1: new SuperSpeed USB device number 6 using vhci_hcd
[  202.859796][ T7156] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm ext4lazyinit: bg 0: block 13: invalid block bitmap
[  202.925462][ T5987] usb 2-1: new full-speed USB device number 9 using dummy_hcd
[  202.966694][ T7148] vhci_hcd: connection reset by peer
[  202.972246][ T3023] vhci_hcd: stop threads
[  202.976633][ T3023] vhci_hcd: release socket
[  202.982825][ T3023] vhci_hcd: disconnect device
[  203.093563][ T5987] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  203.104287][ T5987] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  203.141832][ T7161] ieee802154 phy0 wpan0: encryption failed: -22
[  203.157225][ T5987] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00
[  203.192578][ T5987] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  203.207451][ T5987] usb 2-1: SerialNumber: syz
[  203.255204][ T5987] usb 2-1: 0:2 : does not exist
[  203.485102][ T7164] loop0: detected capacity change from 0 to 512
[  203.625638][ T7164] EXT4-fs: Ignoring removed orlov option
[  203.641889][ T7164] ext4: Unknown parameter 'pcr'
[  204.579506][ T5987] usb 4-1: USB disconnect, device number 3
[  205.536961][ T7176] loop0: detected capacity change from 0 to 512
[  205.576177][ T7176] EXT4-fs: Ignoring removed orlov option
[  205.640275][ T7176] ext4: Unknown parameter 'pcr'
[  206.419844][ T5950] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  206.579823][ T5950] usb 1-1: device descriptor read/64, error -71
[  206.662475][ T5857] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  206.675770][ T1210] usb 2-1: USB disconnect, device number 9
[  206.820541][ T5950] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  206.959860][ T5950] usb 1-1: device descriptor read/64, error -71
[  207.099604][ T7187] overlayfs: missing 'lowerdir'
[  207.211094][ T5950] usb usb1-port1: attempt power cycle
[  207.225677][   T30] audit: type=1804 audit(1755607254.160:40): pid=7189 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.312" name="/newroot/63/bus/bus" dev="tmpfs" ino=368 res=1 errno=0
[  207.969926][ T5950] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  207.978994][ T5935] usb 42-1: device descriptor read/8, error -110
[  207.994731][ T5950] usb 1-1: device descriptor read/8, error -71
[  208.259776][ T5950] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  208.443676][ T5950] usb 1-1: device descriptor read/8, error -71
[  208.510994][ T5935] usb usb42-port1: attempt power cycle
[  208.581284][ T5950] usb usb1-port1: unable to enumerate USB device
[  208.960252][ T5950] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  209.110468][ T5935] usb usb42-port1: unable to enumerate USB device
[  209.169865][ T5950] usb 1-1: Using ep0 maxpacket: 16
[  209.191865][ T5950] usb 1-1: unable to get BOS descriptor or descriptor too short
[  209.201222][ T5950] usb 1-1: config 15 has an invalid interface number: 174 but max is 1
[  209.217155][ T5950] usb 1-1: config 15 has an invalid interface number: 5 but max is 1
[  209.243575][ T5950] usb 1-1: config 15 has no interface number 0
[  209.257012][ T7210] netlink: 'syz.3.315': attribute type 4 has an invalid length.
[  209.310327][ T5950] usb 1-1: config 15 has no interface number 1
[  209.435202][ T5950] usb 1-1: config 15 interface 174 altsetting 1 bulk endpoint 0x8 has invalid maxpacket 32
[  209.466482][ T5950] usb 1-1: config 15 interface 174 altsetting 1 endpoint 0x2 has invalid maxpacket 1023, setting to 64
[  209.480565][ T5950] usb 1-1: config 15 interface 174 altsetting 1 has a duplicate endpoint with address 0xC, skipping
[  209.531942][ T5950] usb 1-1: config 15 interface 174 altsetting 1 endpoint 0xE has invalid maxpacket 1023, setting to 64
[  209.559690][ T5950] usb 1-1: config 15 interface 174 altsetting 1 has an endpoint descriptor with address 0xB7, changing to 0x87
[  209.591450][ T5950] usb 1-1: config 15 interface 5 altsetting 128 has a duplicate endpoint with address 0x8, skipping
[  209.639821][ T5935] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  209.669163][ T5950] usb 1-1: config 15 interface 5 altsetting 128 has a duplicate endpoint with address 0x8, skipping
[  209.722251][ T5950] usb 1-1: config 15 interface 174 has no altsetting 0
[  209.751230][ T5950] usb 1-1: config 15 interface 5 has no altsetting 0
[  209.791356][ T5935] usb 5-1: Using ep0 maxpacket: 32
[  209.865009][ T5935] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  209.877905][ T5935] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  209.899947][ T5935] usb 5-1: New USB device found, idVendor=0458, idProduct=5013, bcdDevice= 0.00
[  209.909007][ T5935] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  209.921887][ T5950] usb 1-1: language id specifier not provided by device, defaulting to English
[  209.962620][ T5950] usb 1-1: New USB device found, idVendor=1199, idProduct=6859, bcdDevice=fd.7d
[  209.980674][ T5950] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  210.000876][ T5935] usb 5-1: config 0 descriptor??
[  210.008118][ T5876] Bluetooth: hci2: unexpected event for opcode 0x2019
[  210.041197][ T5950] usb 1-1: Product: syz
[  210.054682][ T5950] usb 1-1: Manufacturer: syz
[  210.072966][ T5950] usb 1-1: SerialNumber: syz
[  210.087484][ T7199] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  210.478901][ T5950] sierra 1-1:15.174: Sierra USB modem converter detected
[  210.529111][ T5950] usb 1-1: Sierra USB modem converter now attached to ttyUSB0
[  210.615380][ T5950] usb 1-1: Sierra USB modem converter now attached to ttyUSB1
[  210.639899][ T5950] sierra 1-1:15.5: Sierra USB modem converter detected
[  210.668370][ T5950] usb 1-1: Sierra USB modem converter now attached to ttyUSB2
[  210.697337][ T5950] usb 1-1: USB disconnect, device number 14
[  210.740394][ T5950] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0
[  210.844641][ T5950] sierra ttyUSB1: Sierra USB modem converter now disconnected from ttyUSB1
[  210.857067][ T5950] sierra 1-1:15.174: device disconnected
[  210.882145][ T5950] sierra ttyUSB2: Sierra USB modem converter now disconnected from ttyUSB2
[  210.971144][ T5950] sierra 1-1:15.5: device disconnected
[  211.617405][   T30] audit: type=1804 audit(1755607258.460:41): pid=7228 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.321" name="/newroot/58/bus/bus" dev="tmpfs" ino=364 res=1 errno=0
[  212.252712][ T5928] usb 5-1: USB disconnect, device number 8
[  213.982685][ T7253] overlayfs: missing 'workdir'
[  213.993850][   T30] audit: type=1804 audit(1755607260.940:42): pid=7253 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.330" name="/newroot/67/bus/bus" dev="tmpfs" ino=393 res=1 errno=0
[  214.876443][ T7262] loop4: detected capacity change from 0 to 512
[  214.988288][ T7262] EXT4-fs error (device loop4): ext4_read_inode_bitmap:139: comm syz.4.334: Invalid inode bitmap blk 4 in block_group 0
[  215.127913][ T7262] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  215.959784][ T5987] usb 5-1: new full-speed USB device number 9 using dummy_hcd
[  216.296070][ T5987] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  216.493985][ T5987] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  216.513845][ T5987] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00
[  216.533345][ T5987] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  216.559778][ T5987] usb 5-1: SerialNumber: syz
[  216.577980][ T5987] usb 5-1: 0:2 : does not exist
[  216.611935][ T7270] netlink: 'syz.3.335': attribute type 10 has an invalid length.
[  216.889801][   T30] audit: type=1804 audit(1755607263.820:43): pid=7275 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.336" name="/newroot/70/bus/bus" dev="tmpfs" ino=405 res=1 errno=0
[  218.688380][   T24] usb 5-1: USB disconnect, device number 9
[  218.712693][ T5856] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  218.858745][ T7301] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  218.868189][ T7301] syzkaller0: entered promiscuous mode
[  218.878716][ T7301] syzkaller0: entered allmulticast mode
[  218.911109][ T7301] tipc: Resetting bearer <eth:syzkaller0>
[  218.948451][ T7300] tipc: Resetting bearer <eth:syzkaller0>
[  218.965390][ T7300] tipc: Disabling bearer <eth:syzkaller0>
[  219.279802][ T7302] netlink: 'syz.2.343': attribute type 4 has an invalid length.
[  219.291874][ T7302] netlink: 'syz.2.343': attribute type 4 has an invalid length.
[  219.396795][   T24] lo speed is unknown, defaulting to 1000
[  219.404499][   T24] syz0: Port: 1 Link ACTIVE
[  219.726777][ T7307] netlink: 'syz.1.347': attribute type 10 has an invalid length.
[  219.771753][ T7307] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  219.882302][ T7305] lo speed is unknown, defaulting to 1000
[  220.483780][ T7318] overlayfs: missing 'workdir'
[  220.509119][   T30] audit: type=1804 audit(1755607267.450:44): pid=7318 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.350" name="/newroot/70/bus/bus" dev="tmpfs" ino=429 res=1 errno=0
[  223.537466][ T7341] netlink: 'syz.3.357': attribute type 4 has an invalid length.
[  223.790240][ T7342] netlink: 'syz.3.357': attribute type 4 has an invalid length.
[  223.863594][ T7343] netlink: 16 bytes leftover after parsing attributes in process `syz.0.358'.
[  225.509810][   T30] audit: type=1804 audit(1755607272.440:45): pid=7357 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.361" name="/newroot/71/bus/bus" dev="tmpfs" ino=438 res=1 errno=0
[  226.732496][ T7372] lo speed is unknown, defaulting to 1000
[  226.985007][ T7370] loop2: detected capacity change from 0 to 32768
[  227.128376][   T30] audit: type=1800 audit(1755607274.070:46): pid=7370 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.363" name="file1" dev="loop2" ino=4 res=0 errno=0
[  227.938463][ T7386] ieee802154 phy0 wpan0: encryption failed: -22
[  227.988823][ T7383] lo speed is unknown, defaulting to 1000
[  228.127326][  T112] ==================================================================
[  228.135422][  T112] BUG: KASAN: slab-use-after-free in jfs_lazycommit+0x74b/0xa90
[  228.143085][  T112] Read of size 4 at addr ffff888031107c94 by task jfsCommit/112
[  228.150721][  T112] 
[  228.153080][  T112] CPU: 1 UID: 0 PID: 112 Comm: jfsCommit Not tainted syzkaller #0 PREEMPT(full) 
[  228.153098][  T112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  228.153107][  T112] Call Trace:
[  228.153113][  T112]  <TASK>
[  228.153119][  T112]  dump_stack_lvl+0x189/0x250
[  228.153142][  T112]  ? __pfx_dump_stack_lvl+0x10/0x10
[  228.153160][  T112]  ? lock_release+0x4b/0x3e0
[  228.153185][  T112]  ? __virt_addr_valid+0x4a5/0x5c0
[  228.153204][  T112]  print_report+0xca/0x240
[  228.153218][  T112]  ? jfs_lazycommit+0x74b/0xa90
[  228.153233][  T112]  kasan_report+0x118/0x150
[  228.153253][  T112]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[  228.153270][  T112]  ? jfs_lazycommit+0x74b/0xa90
[  228.153288][  T112]  jfs_lazycommit+0x74b/0xa90
[  228.153306][  T112]  ? __pfx_jfs_lazycommit+0x10/0x10
[  228.153322][  T112]  ? __pfx_default_wake_function+0x10/0x10
[  228.153344][  T112]  ? __kthread_parkme+0x7b/0x200
[  228.153359][  T112]  ? __kthread_parkme+0x1a1/0x200
[  228.153376][  T112]  kthread+0x70e/0x8a0
[  228.153395][  T112]  ? __pfx_jfs_lazycommit+0x10/0x10
[  228.153416][  T112]  ? __pfx_kthread+0x10/0x10
[  228.153434][  T112]  ? _raw_spin_unlock_irq+0x23/0x50
[  228.153449][  T112]  ? lockdep_hardirqs_on+0x9c/0x150
[  228.153465][  T112]  ? __pfx_kthread+0x10/0x10
[  228.153483][  T112]  ret_from_fork+0x3f9/0x770
[  228.153498][  T112]  ? __pfx_ret_from_fork+0x10/0x10
[  228.153515][  T112]  ? __switch_to_asm+0x39/0x70
[  228.153533][  T112]  ? __switch_to_asm+0x33/0x70
[  228.153551][  T112]  ? __pfx_kthread+0x10/0x10
[  228.153569][  T112]  ret_from_fork_asm+0x1a/0x30
[  228.153593][  T112]  </TASK>
[  228.153599][  T112] 
[  228.310796][  T112] Allocated by task 7370:
[  228.315122][  T112]  kasan_save_track+0x3e/0x80
[  228.319811][  T112]  __kasan_kmalloc+0x93/0xb0
[  228.324420][  T112]  __kmalloc_cache_noprof+0x230/0x3d0
[  228.329816][  T112]  jfs_fill_super+0xc2/0xd80
[  228.334417][  T112]  get_tree_bdev_flags+0x40e/0x4d0
[  228.339555][  T112]  vfs_get_tree+0x92/0x2b0
[  228.344021][  T112]  do_new_mount+0x2a2/0xa30
[  228.348545][  T112]  __se_sys_mount+0x317/0x410
[  228.353239][  T112]  do_syscall_64+0xfa/0x3b0
[  228.357761][  T112]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  228.363682][  T112] 
[  228.366027][  T112] Freed by task 5858:
[  228.370029][  T112]  kasan_save_track+0x3e/0x80
[  228.374722][  T112]  kasan_save_free_info+0x46/0x50
[  228.379754][  T112]  __kasan_slab_free+0x5b/0x80
[  228.384542][  T112]  kfree+0x18e/0x440
[  228.388447][  T112]  generic_shutdown_super+0x135/0x2c0
[  228.393836][  T112]  kill_block_super+0x44/0x90
[  228.398537][  T112]  deactivate_locked_super+0xb9/0x130
[  228.403941][  T112]  cleanup_mnt+0x425/0x4c0
[  228.408379][  T112]  task_work_run+0x1d1/0x260
[  228.412989][  T112]  exit_to_user_mode_loop+0xec/0x130
[  228.418303][  T112]  do_syscall_64+0x2bd/0x3b0
[  228.422962][  T112]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  228.428867][  T112] 
[  228.431192][  T112] The buggy address belongs to the object at ffff888031107c00
[  228.431192][  T112]  which belongs to the cache kmalloc-256 of size 256
[  228.445232][  T112] The buggy address is located 148 bytes inside of
[  228.445232][  T112]  freed 256-byte region [ffff888031107c00, ffff888031107d00)
[  228.459016][  T112] 
[  228.461331][  T112] The buggy address belongs to the physical page:
[  228.467741][  T112] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x31106
[  228.476490][  T112] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  228.484976][  T112] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  228.492516][  T112] page_type: f5(slab)
[  228.496490][  T112] raw: 00fff00000000040 ffff88801a841b40 ffffea0001f52180 dead000000000004
[  228.505082][  T112] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  228.513658][  T112] head: 00fff00000000040 ffff88801a841b40 ffffea0001f52180 dead000000000004
[  228.522320][  T112] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  228.531067][  T112] head: 00fff00000000001 ffffea0000c44181 00000000ffffffff 00000000ffffffff
[  228.539744][  T112] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[  228.548407][  T112] page dumped because: kasan: bad access detected
[  228.554818][  T112] page_owner tracks the page as allocated
[  228.560532][  T112] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 22455367343, free_ts 0
[  228.580257][  T112]  post_alloc_hook+0x240/0x2a0
[  228.585049][  T112]  get_page_from_freelist+0x21e4/0x22c0
[  228.590602][  T112]  __alloc_frozen_pages_noprof+0x181/0x370
[  228.596400][  T112]  alloc_pages_mpol+0x232/0x4a0
[  228.601244][  T112]  allocate_slab+0x8a/0x370
[  228.605730][  T112]  ___slab_alloc+0xbeb/0x1410
[  228.610390][  T112]  __kmalloc_node_track_caller_noprof+0x2f8/0x4e0
[  228.616798][  T112]  krealloc_node_align_noprof+0x140/0x390
[  228.622513][  T112]  add_sysfs_param+0xd4/0xa30
[  228.627174][  T112]  kernel_add_sysfs_param+0x7f/0xe0
[  228.632371][  T112]  param_sysfs_builtin+0x18a/0x230
[  228.637468][  T112]  param_sysfs_builtin_init+0x23/0x30
[  228.642837][  T112]  do_one_initcall+0x233/0x820
[  228.647598][  T112]  do_initcall_level+0x104/0x190
[  228.652618][  T112]  do_initcalls+0x59/0xa0
[  228.656937][  T112]  kernel_init_freeable+0x334/0x4b0
[  228.662133][  T112] page_owner free stack trace missing
[  228.667491][  T112] 
[  228.669812][  T112] Memory state around the buggy address:
[  228.675426][  T112]  ffff888031107b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  228.683508][  T112]  ffff888031107c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  228.691558][  T112] >ffff888031107c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  228.699608][  T112]                          ^
[  228.704197][  T112]  ffff888031107d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  228.712243][  T112]  ffff888031107d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  228.720289][  T112] ==================================================================
[  228.728352][  T112] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  228.735535][  T112] CPU: 1 UID: 0 PID: 112 Comm: jfsCommit Not tainted syzkaller #0 PREEMPT(full) 
[  228.744626][  T112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  228.754669][  T112] Call Trace:
[  228.757935][  T112]  <TASK>
[  228.760856][  T112]  dump_stack_lvl+0x99/0x250
[  228.765449][  T112]  ? __asan_memcpy+0x40/0x70
[  228.770045][  T112]  ? __pfx_dump_stack_lvl+0x10/0x10
[  228.775236][  T112]  ? __pfx__printk+0x10/0x10
[  228.779827][  T112]  vpanic+0x281/0x750
[  228.783808][  T112]  ? __pfx_print_hex_dump+0x10/0x10
[  228.789027][  T112]  ? __pfx_vpanic+0x10/0x10
[  228.793530][  T112]  panic+0xb9/0xc0
[  228.797262][  T112]  ? __pfx_panic+0x10/0x10
[  228.801666][  T112]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  228.807551][  T112]  ? jfs_lazycommit+0x74b/0xa90
[  228.812389][  T112]  check_panic_on_warn+0x89/0xb0
[  228.817331][  T112]  ? jfs_lazycommit+0x74b/0xa90
[  228.822171][  T112]  end_report+0x78/0x160
[  228.826409][  T112]  kasan_report+0x129/0x150
[  228.830914][  T112]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[  228.836279][  T112]  ? jfs_lazycommit+0x74b/0xa90
[  228.841126][  T112]  jfs_lazycommit+0x74b/0xa90
[  228.845796][  T112]  ? __pfx_jfs_lazycommit+0x10/0x10
[  228.850982][  T112]  ? __pfx_default_wake_function+0x10/0x10
[  228.856780][  T112]  ? __kthread_parkme+0x7b/0x200
[  228.861706][  T112]  ? __kthread_parkme+0x1a1/0x200
[  228.866737][  T112]  kthread+0x70e/0x8a0
[  228.870801][  T112]  ? __pfx_jfs_lazycommit+0x10/0x10
[  228.876018][  T112]  ? __pfx_kthread+0x10/0x10
[  228.880614][  T112]  ? _raw_spin_unlock_irq+0x23/0x50
[  228.885800][  T112]  ? lockdep_hardirqs_on+0x9c/0x150
[  228.890981][  T112]  ? __pfx_kthread+0x10/0x10
[  228.895561][  T112]  ret_from_fork+0x3f9/0x770
[  228.900168][  T112]  ? __pfx_ret_from_fork+0x10/0x10
[  228.905272][  T112]  ? __switch_to_asm+0x39/0x70
[  228.910044][  T112]  ? __switch_to_asm+0x33/0x70
[  228.914803][  T112]  ? __pfx_kthread+0x10/0x10
[  228.919389][  T112]  ret_from_fork_asm+0x1a/0x30
[  228.924155][  T112]  </TASK>
[  228.927529][  T112] Kernel Offset: disabled
[  228.931868][  T112] Rebooting in 86400 seconds..