last executing test programs:

38.657897571s ago: executing program 1 (id=2):
bpf$MAP_CREATE(0x0, 0x0, 0x50)
socket$nl_generic(0x10, 0x3, 0x10)
recvmsg$inet_nvme(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000300), 0x80, &(0x7f00000001c0)}, 0x12001)
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='memory.events.local\x00', 0x275a, 0x0)
socket$packet(0x11, 0x3, 0x300)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, &(0x7f00000000c0)={'aio_iiro_16\x00', [0x4f27, 0x8, 0x10000, 0x10000004, 0x8, 0xfffffbf9, 0x3, 0x0, 0x800000, 0x100, 0x2, 0x1, 0x1, 0xfffffffe, 0x4, 0xe1cb, 0x0, 0x0, 0x3, 0x40000003, 0x89, 0xfffffffd, 0x0, 0x20001e56, 0xb, 0xfff, 0x3c, 0x7fffffff, 0x7, 0x8000000, 0xfffffff8]})
read$FUSE(r0, &(0x7f0000003e40)={0x2020, 0x0, <r4=>0x0}, 0x2020)
write$FUSE_LK(r0, &(0x7f00000006c0)={0x28, 0x0, r4, {{0x9, 0x101, 0x2}}}, 0x28)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x3, &(0x7f0000000040)=[{0x45, 0x0, 0x1, 0xfffffffc}, {}, {0x6, 0x0, 0x0, 0x7fff0000}]})

35.98986512s ago: executing program 1 (id=7):
r0 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_LEAVE(r0, 0x10f, 0x88)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, 0x0, 0x840)
sendmsg(r2, 0x0, 0x4)
ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205649, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r4 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x1, 0x0)
ioctl$TIOCMSET(r4, 0x5418, &(0x7f0000000140)=0xfffffdfb)
unshare(0x4a010500)
r5 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00')
r6 = socket(0x80000000000000a, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
setsockopt$inet6_group_source_req(r6, 0x29, 0x2e, 0x0, 0x0)
preadv(r5, &(0x7f0000001ac0)=[{&(0x7f0000000580)=""/4096, 0x1000}, {&(0x7f0000001580)=""/214, 0xd6}, {0x0}, {&(0x7f0000001840)=""/212, 0xd4}, {0x0}, {&(0x7f0000001a80)=""/13, 0xd}], 0x6, 0x5f, 0xfffffffc)
syz_open_dev$usbfs(&(0x7f0000000080), 0x76, 0x101301)
socketpair$tipc(0x1e, 0x1, 0x0, 0x0)
r7 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000001c0), 0x5d5240)
ioctl$SNDRV_TIMER_IOCTL_PVERSION(r7, 0x80045400, 0x0)
getsockopt$inet_tcp_int(0xffffffffffffffff, 0x10f, 0x3, 0x0, 0x0)
r8 = syz_io_uring_setup(0x1538, &(0x7f00000003c0)={0x0, 0xed32, 0x2, 0x1, 0x394}, &(0x7f0000000440), &(0x7f0000ffe000))
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r8, 0x2, &(0x7f0000000180), 0xfe)

32.0283255s ago: executing program 1 (id=11):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sendto(r0, &(0x7f0000000500)="e5c3551f95bdbdc7c289103ffe167bb47796047e5d887420a5e88b4613a6729a72716eb563d2198cfc5765e0f4", 0x2d, 0x44014, &(0x7f0000000740)=@rxrpc=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x4e24, @rand_addr=0x64010101}}, 0x80)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x4)
syz_mount_image$bcachefs(&(0x7f0000000100), &(0x7f0000000040)='./file1\x00', 0x2800000, &(0x7f0000000080)=ANY=[@ANYRES64, @ANYRES32=0x0], 0xfd, 0x5b45, &(0x7f0000005e00)="$eJzs3X+QHFd9IPDXM7Pa2V39WMkmFjaW1sK6OAailX8VP1Kg5BJI2YQSRYpYPoG9tlaOQJJV+hHbggQ5Z3OobChIkUpM8odDGe4AhXIVXLDiwvjHST4wqHzhXFfGdThn+IMrx2dVbAsXxbGpnek3O9MzvT07OytL8udT0vb0m55vf/v1m55+r3t3AgAAAK8JR+/Yc+J95/7e9/588uVP/P4/7rgtjJRr5dW4wGg6veXVypCTabCysjbNtotf/9hXfzp2w+98977hL71yZMsFW3/0u2fd8MBHrjx89988/NKSb/7q2aK4sT1dPDOfPJ+EUP328b/85JHHz5kuS5ZO/ywdCGF5suLh5UkItzeHGP9FCGFLOrMyE/8bL1+6tRYjU74sM6+9n5nKXS5XTdvI/hM3vyn8+Lc33f6D1V//+4FDzx2YWSSpNrWnEJZe1/z6gRDCUPp/2mA6je1xbTrdGEIYbnrdWwvyemMXeU9blymP8+el00XpdCQnTiXz/JrMfCmzfHY+GshMh2fJvR/y8uh1uSKLM/PZ48p85eUZy5en02+l04vnGL+cbkM5CaUkVBrpb09m2kho2m9JSGr7stqYLzX2bUi3PzOfZOZLmfnyQGa7autNG1o5SVrL43KZ8ng4rqTlFzQfqzv4QNPj5uVeH8vSN+or2WUyQUfaHsxsR2jK6/gsuZwMpaZjUKfyxo5Pd8ZIWjaSrGh7zVQH8bkjm+5aW978yNHRnDyS+5I0ftJT/P3fX774w187uC/7ud6If10pjV/Kj39ufvxnrjr2wjUHv/iF3PifjfHLPeV/yYPDz1/16B1rcuvneKyfSk/xJ5597NOrz77+UG7+98T41Z7ibzh8bHDJiQcfys1/PNbPUE/xn37Hu3/ylSfvfy43fojxh3uKv/nwrs8MrjpxUW78h2L9jPQU/5kXD13x1KpVPxvLi/9EjL+kp/hfPjD49nuX3Xll7v7dGOtntKf4773wgdsXn7j//LxjZ3JPvz45AV6bzkrPsT6Vzvfaz5yvpv7CX49V6ud8i9P/S/q5oszJZ7afAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD98Lo3/ff3/J8Pjj5fSecH0wdPl+rTWL4ohGQohLBn78Tuvdt23jj2kZv27d45sX1sYu/Y5M69u28du+zNY7snd22fuHX62fG3XFp/3YqQ1KfJ+W3rHpyamiqNtpbF9f37Cw/9eO1b/++/hDD+uh+uquTmv+7uHfee3eFnRrJh6l079r3vh5f/Xbpdo2leox3ympqamgo5ef2/q395718c/+lFIYz/2mx5Pfb0O7/TklCtYCZOqjQY6gkNJsMd82hkneYT66uyddv2yfHZ63f69eWc7fgPH3vuF1tv+dwv6/Vbzd2OLut3aMPU9tJfbXrv//+rj9cLivJ6tfb7dH2Xc2JO5xW3IuYX66+a1vfSdLuW5mxXJWe77vjBQ09++9yDLx0I45UXV7fv66LtGkgbwEDy+q7WG9cwnCxvKa+my8c9Hl+3bu+OXev23Lr/Ldt2TNw4eePkzretv2z9FeOXX3H5utqWr+vz9sf1/7sut//ktKdlf3LgW/Fnd+2pNa9Fc66P6byK66M5o7z3X/KBT37+bXc/+r56QdFxZThdunE8SafD0/t5fWhqb+111Wm7ivZPCGGsUz288NKV4Zz/te32ouNQ855p/pmRbJh6fM2//t1b/3blb9ULTspxvjmhHo/zjaxn8qnVVzXdH1OnaP0OpkfTwWSkY17rH3904K6j//KnjfwWLQq3TOzdu3t9/efiNNPFyXkd88qWxu1aXftZDmm1hEYz7dBepw2Een7Z42dcPFurI+lzI8mKjtuVFZ87sumuteXNjxzNq+nkvvoah8KS+jR5Q86S2zMvLDcS7rT+U/X9V9Q+Vr3nb7/5wW/+w2Vt7eOS+s+i7UpytuvrT37581/63H/6h/5t13veeWz0X//3H6+tF5yE40qY13GlXE+kkXWaT9J8XLkkhKL33+rQeTty33+lzttT9P7Lrmdm+c7xxjLzI6Hc0/v1kgeHn7/q0TvW5L5fj8/2fm3e2I+3vK5c8H6dV/v56PSj/nwuZd9fSaU1j4V7f7U0lGTD1Hc/ddaBhz+x8dx6QdHnZWPpTu360i76Hznb9Z1rnlp109h//J/9O2589c3fuPZHExv+rF7Q+36PufRnv1fT+q3m1G8j69jvbK7f37zhpu1b6uVF9Xzyzn+HM+e/6bSg/xMPJXtu3f/Rie3bJ3fv6W67pl+XdNiu7OdpXE+2lnv9PI1HtxUF21Vq266Fe9BNfXX7fov5b+m5vlrfbyMh6elzYf/3ly/+8NcO7htte1W6outKafxST/GfuerYC9cc/OIXcuN/Nsav9BR/4tnHPr367OsP5ca/J0njV4vjLw1t8TccPja45MSDD+XGH4/5D/WU/9PvePdPvvLk/c/lxg8x/khv9f/ioSueWrXqZ7nxn0jS9UyfI4XwjZcv3VqfT8JA+n6LeQy05BWy80lmvpSZLzfPl+IoQrqCcpK0lsfl0vILmnLp5I9yyuNZWHVlffpKnA/ZB7OXn2pKTcf+TuVF56kAAGe6eP0/noPG6/+T6YlS/kgDzJhvP2xlTtzYD5sZz2m9xroyjR9fH8cBV/1mGJ+e3jZWP9Gf63WE+H7IjnPG9Vz0xtYYHccnDjevpLb+tnHOovH3NZn5mFd9vLzS1A9NtfdrKqGL8ff29cw+/p7Z/OLrWWOfaktrrGncKrv/BtIRs073O2TyrUxHyGsf2XGxeD/HqqVhY219XbaP7H00cT9k76OJ6zk3c+Ds9T6avPYx2l4PLXnF9hGXm6V91FLuvP8WNz1u339hlvqd2X9t68vmXdt/c9jf1enl53l9tlR0fbYP44YdD2knb9xwYa+HnRLjkh3in+RxycVt8dM32Kk+bhjLYz1VuhxP/GB9MpAt79d4YjxcxLyOz5LLyWA8EThTxf5//IyY7v9Pn4D/PLNcUT8le9Yf4+XeJ5RzE3ZRv6P9Pr3hnj7HNx/e9ZnBVScuyj3Peajb+/R2tcwNF9z3U1SPazPzhfWYM0BT1N/Lrie/3uvbn70vYyQs6anev3zg7rffu+zOK3PrfWP9g7S43j/fmmVBvS/0/Zyn/30G+gsd458m9zEUjZ/l90fKjTwWpD+S3vi0UP2RP8wpn2t/ZLjtQWO7ak7d/sjMB2lLf6SthwYAUBf7/43rZ2n//5/jiUV6HlHUb704Mx/jrf55esKa7bfmnJ/k9Vv/IJ3ekll+JP2NirmeN7/3wgduX3zi/vNz+y33dNsP/S8tc6OF/dD59Ztz+xEb+3O/eG4/otHPml8/MTf/Rj9xfv30nMu0Tf30+fWjc+un0Y9uHQf4/LGZnsZs8dNxgE6XGurxG+MAfezn/mpmoZPXzy0Yr8usLM52O17XdT96ILN/e+xHT5cMLG3dztZ+8XB/+tHpr88uVD/6Aznlc+1Hj7Q9aGxXzanbj24tT6aW1Quad4Y+NQBwBoj9/3gaV+v/D4bwaFxgKD6Y33X23H5By3n7i0NNTw11Ez+et2f/Hkgj/hML0q+cid+n67+5/Y4+Xf8t7rcudL+++3GJ5lsauh+XON2v/y70uNBo7Q94LtQ42at2v+uC9Iv/ufGo635xutIzvl8cC/SFAQBOS7H/Hzvb8fr/o5nl5ts/aeu/DdRPIWf6J6df/7x5udO4f351OCn3DVRDMng6989PxvhX7/d/F49/Lex9MmdW/3/GnK+L1w+kr0ydwf3/Ws76/wAAp6XY/4+/9hj//t9/S+ezf7e+y376PdnbeV1HP4nX0Z97c1v818519NO9n97ncbYYv/k+gNN4HKA8/3GAoZN+f3zTXU1n0jhAzUAwGAAAcBoYqPWU2n/P/kPpNPt79nm/l39NzvLdqqSnx9fv3T05ee2+XVsm9k5eu/OmLZN7rr1597a9eycb587z6zfm9lvSfuNAqKT10Xm5bL9tWfr3EJbl/D2E7PIx7Hm1B+1/xy+72qGCvyMws/+6yzdv/5VmWb5T+8jb33nx/yhn+aix/2/440uu3brn2m07t+3dNrF92/7J1uVGa79JPdv3Zrb+KeZ4nXJO3+Od/lj0nfitmRmluX9/Z9w9veTxzkYepbY8BtL6yPt+9iSTx/I0k+V533+Qk/f3/sdf/MmFU7/8Sgjjryu/Ya55t4bcMPVfr578g71Hf7hrOv/SrPk3lkzzKvq+0uzycXsq22/as/dNW2/atzP7jZK9ieMZpcZ8znjGUGO+t/sa0rd/ucvxic055XP9/f1y24NTU9fjEwAAtIjX/+P5bLx++Ln0BCqWF/bTd9aXm+/149x++nh3/fTs95IV9dOzy8ft7bafXp1nPz27/qJ+eqflO/XT8/rdefH/MGf5jMJeQfftpMv7PMpNv2dRSevhawf35baT67prJ9nvMyhqJ9nl59pOknm2k+z6i9pJp+U7tZO8/Z4X//05y+cpag+VRnuY3305ue3hs921h9/IzBe1h+zyc20PpXm2h+z6i9pDp+U7tYe8/dsev/VQ0J/x3+mGUWsXk9fefNPujzYtt9DffxHab8noJr9FM69d2O//6FX39buw933NP/8QNtRK8vKP1wcWzSn/bu8rm3/+RfU/h/vKloa2+8py839ifiNh3eff5e8PlmsFt8Xnuv1+l4y8xdtf3+147cx8b+O1abMruv+sNo6b+1d+Q9iUUz7XcdxFbQ9OTcZx4dUT+//xbC72/+9Mp/2+DHT6f09aD78nH4/Bvscsv/67PI85JT/Pc3IO/fg8z15y93kOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcEYYrKysTY/esefE+879ve/9+eTLn/j9f9xx269/7Ks/Hbvhd7573/CXXjmy5YKtP/rds2544CNXHr77bx5+ack3f/VsYeDR2s/KxelsNYTk+SSE6reP/+Unjzx+znRZEkIoJ6MHQlierHh4eZKJMP6LEMKWRp6tT37j5Uu3Tk9vu3OwpXxZJkh2u8JIOebTnGcItxRuEaehatrO9p+4+U3hx7+96fYfrP763w8ceu7AzCJJtak9hbD0uubXD4QQhtL/02JrWxlfnE43hhCGm1731oK83thl/uty5s9Lp4vS6UhBnPj8msx8KbNcdj4amJnW3mJN2xqrplqQwpzk5dHrckUWZ+azB6P5ysszli9Pp99KpxfPMX45/k9CKQmVRvrbk1obmZqamqrNx/2WhKS2T6uN+VJjH4d0+zPzSWa+lJkvD2S2q9Y204ZWTpLW8rhcpjwejitp+QUFDesDOeWvT6fV9I36SpwP2Qd1I20PGttVE/M6Pksuqf/cubhS/MoulJqOQZ3KGzs+3RkjadlIsqLtNVMdxOeObLprbXnzI0dHW5aceW1yX5LGT3qKv//7yxd/+GsH963M2c7kulIav9RT/GeuOvbCNQe/+IXc+J+N8cs9xb/kweHnr3r0jjWjefGPx/qp9BR/4tnHPr367OsP5eZ/T4xf7Sn+hsPHBpecePCh3PzHY/0M9RT/6Xe8+ydfefL+53Ljhxh/uKf4mw/v+szgqhMX5cZ/KNbPSG/t58VDVzy1atXPxvLiPxHjL+kp/pcP3P32e5fdeWXu/t0Y62e0p/jvvfCB2xefuP/8vGNnck+/PjkBXpvOSs+xPpXO99rPzDHUbR5N/YW/HqvUz/kWp/+XdL01cze9nqULGB8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDPTP338sg9d/a73b6okISQ5y0x1EJ8rL9qwYayH9U48+9inV599/aHmspU9xAEAAACKxX54qVFSDSvDzclQOK/j8nGM4Lw4l7SWZ8cQYpzsGEGvcUod4pR6iFPuUz6VPsUZ6FOcRX2KM9inONWCONXQXZyhWeJUpltAl/kMz5pP93FG+hRncZ/iLMmE6DXO0j7ls6xPcUZnjdN9O1zepzgr+hTnrD7FObtPcV7Xpzi/1qc45/QpTnZMea7tcEm65Ll5cWoPyoVxKkm58USn8fRz0vWcP8/1jBSsZ0nR53GX6xnqcj1vzLyuNMf1VLtcz2XzXE/S5Xp+Y57rKRWsJ7bbW7L5xfXEuZn1ZD8aa2KcW7uP0zHfGGd/Tpwk88KiOB/rTz7Z08Cet+tP+xTnz/oU5xOh9eR0rnEAuhX7/zP9vdEwWPmtMJwecbKjALG/u7r2s/3zLu+AFOO9IVO+qChetqOeibd6rvm1fXK0xluTKR9oiVdp9EdmiVdtjrc28+Rs2/uODZ1za453caZ8cJZ4LRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACfBP338sg9d/a73bwpJmP7X0VQH8bnyog0bxnpY75FNd60tb37kaHPZYKWHQAAAAECeRlc/9sMHGk9Vw2BlfRhMFrW8oJqOA1Trs6XyaP3BqqVhYy3gWKk2P5wsn+11oZK+bt3eHbvW7bl1/1u27Zi4cfLGyZ1vW3/Z+ivGL7/i8nVbt22fHK//DGGwIF4IoTb8sOfW/R+d2L59cveeemE2/5Xp61b+G7t2FyNXWT4A/DkzszPDQv/sX76Ghi6TUggqYqmLASXsSUwk4aNhQ2Jm0ZU0UiJxoQ20BHGFGgEhGhNIE1LDhTVIBIk3fAgx8pEmGERJ3NoYIMqFXmhAMUC4MJAxuztnvnams47IlvL7Xcx75nmf933OeyBNnjPbegCL68bPjI0L47ca9/+RAfVyy+r97y4O/p8QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADef/NzEzO1yanp0SQi6ZNT7yGbyxfTtDpE3S89sf37pfG3T2+PlQpDbAQAAAAMlPXhI81IOUqFfOTjxMVv66NtIlp9PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8OEzPzcxU5ucmj4yiUj65NR7yObyxTStDlH3lTcf+vSL4+N/bY9VhtgHAAAAGCzrw3PNSDkqcUqMJCcudP7NaPZuYG3X+qW8lmyfdSvM63530C/vlBXmnbbCvI8OyNvcGG8MAAAA+ODL+v9CMzIWpcKaZf1w1v8P6uuzvJO78vKNsdqedFDFlSQBAAAAK5D1/6VmpBKlQqXZr6+031/fCi3+dJ6tH/S7fbb+1K68bP2g3/MvaYx+pwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAD475uYmZ2uTUdD6JSPrk1HvI5vLFNK0OUXfTk6N/v2jfbevbY6XCEBsBAAAAA2V9eKv1LkepMBojceRi3z9+wb2PfOGRxyYiYqnNLxbjxi07dly3aeEzNmV5Zz2/b+R7z772zWV5Zy19rtoBAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA98z83MRMbXJq+ogkIumTU+8hm8sX07Q6RN2XP/v5Pz9w4PFX22OVIfYBAAAABsv68FbvX45KFKMYxy9+a+/1F+S61vd7ZwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcPq7/+k1f2zI7u/U6F6tzUc9HHAK38V9eZP87HSr388G/KK/2bazuv0sAAMB77+RIov4fOuHS1b5rAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgUDA/NzFTm5yaLicRSZ+ceqbUCmRz+WKaVoeomz7xQmnN208+3R6rDLEPAAAAMFjWh7d6/3JUYiRG4rjFb73eCdTb+n8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgw2d+bmKmNjk1vSaJSPrk1HvI5vLFNK0OUff+XXs+c9/R372wPVYqDLERAAAAMFDWhxebkXKUCh+LUpzU+D7buSDJN8be7wVa67Z3LBtd8bq5jnX5g61LChHNdXd0nazQOM3SunK239jS2KxXba3LNdZV29ZVolm+2ly3+LB2d1RbM+B8y588AAAAvH+y/r/UjIxFqVBq6/9/0hiPaIz9+tzc+3vjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAhZ35uYqY2OTWdJBFJn5x6D9lcvpim1SHq3vSb/z/qyz+9c2d7rDLEPgAAAMBgWR/e6v3LUYl18X+xbrHvj7HO/CzvH7V37rv7n385PWLj8fvHC93b/jC7+NXL5z/V/RGR68zORRzdqJf0qffr3919w4b6Ow9EbDwuf9KyenHwep1bpvVHa1sv2fHs/u0DHg4AAAAcJrL+f6QZGYtS4dq+/X/WeQ/o/5sWG/Cjb9j182Mbn42OvGtFbqxRL9en3uc2PPSnU8/522sL/f/yep9oXn1yzzX3HdtRcCnSJUnrk9fs3Lz/7L257NRL9fNd9bPn8sVvvPqvq268652l+uUoN+Jru25lqdryz67ykdZnc/dMX/xuLTrrF/qc/7bfPn3gl2vvfGuh/psnjzbrnxa96i+dvNC3fhyR1kcvu333uXv2be6sHxHVXvVff+vCOOEPV9/aff7RONCxcfuTb//sfgBp/fn1b+w9597KeZ31k6762fP/2YH7d//4ru88ltXP/lbk9FNihfVzXfWfu+OYXc/ccunazvq5Pud/6vIXx7dVv/377vNf2bFroe9dLD//g2c8fMVLW9Kbu6cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOL/NzEzO1yanpXBKR9Mmp95DN5YtpWh2i7isXvfD65Xf+6AftscoQ+wAAAACDZX14q/cvRyWKUYzRxb7/0drWS3Y8u397jC3NJo2xMLvt+h0fv2rbzmuvXKU7BwAAAFbqlYuSxf6/0IyMRamwIUYa/f/kNTs37z97by7r/3MLYxIRV109u3VjNPOeu+OYXc/ccuna5nuCiMU/Cygv5H2qlXfB+S+MvfHHr57aM29TK+/59W/sPefeynlZXrTnnRXN9xMPnvHwFS9tSW9u3l973plf2TbbeD2R7Tt62e27z92zb3Mue4/RGEcb+2Z5s7l7pi9+95653FiUFubzjbxy49wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwHLzcxMztcmp6chHJH1y6u0agWwuX0zT6hB1L97wi1uPevvxde2xUmGIjQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP7NDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFfbrJjSuqo8D8DkzSTPNJG3SvvBWxTatilIXLQoiulFRkVak4KpSpNrahSgIIkpdmEojlqq4EaxuiqigRilUsLFYWiURv4obFyooVBdCKQY0Q3GhMpNzJ8nN3Ew61oX6PDCcOefe+7v/OffMnbkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPyj9HStarQTIw/X7rjwlk+fvG/qidvef3DP5Y+/+ePQjps+OdT72tnxnWt3fXPzyh1H7980duDlE7/2v/v7qbbBj00361O3EkI8E0OofDD5wlPjn/2/PhZDCOU4MBzCYFxxYjDmEjb+FkLY2axz7sbDU1fvqrd79vfMGV+eC5kY6Q4hzHyuUC1n9UwbmFsv/y6VtM521x69Mnx349a9X6x55+3u0dPDM7vE+j7ltJ5CWLZ99vH11bM0veqy1bYqOzi1W0IIvbOOu7ZNXZcssv4NIdRy/YaLUrsktdU2Odn2dbl+Kbdfvp/pzrW9Lfda2qaKxSuqo+1+HZbQl+vHJZ3lFGnWuaH1+GBq30vt+nPML2evGEoxdDXvpQ/EmTUSZl23GGLjWlaa/VLz2oa0rnP9mOuXcv1yd+5zNc6bFlo5xrnj2X658ex23JXG186+V7dwZ8H4BamtpC/q2awf8m+mVee9aX6uhqyuyQVqaWGxy/icAnsWGG9e+HQxqmmsGlfMO+aPFrJt41ufuay87cOJgYI64qGY8mNH+bs/H+y7+619j6wqyt9eSvmljvK/33zy57v2vfJSYf7zWX65ML/VSbLhq471ntn80ci6wvmZnPk7s5j6Y+pn2+459fGza/5372ira93IPJjNf2WR81NpjGTbbhg72dNfO3a8sP6N2fws7Wj+v73+1h/e+OrI6cL8kOX3dpS/beyh53pW164ozD8+/VWoNlZoB+vnl9Frvl69+qehovwvs/nvb5Ef2+a/PnzguleX799UuD63ZPMzkPLn/7AtlH/7pUf39tWOXFx074wHz/utCeA/ZWX6j/V06rd7zjw8VWr5nPlXzXpeeHGoa/oXqC+9+s/niXLq51n2N+YDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwJztwQAIAAAAg6P/rdgQKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwVAAAAP//AtcFPw==")
symlink(&(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000900)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
ioctl$sock_inet_SIOCSIFADDR(r0, 0x891c, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0x18808, 0x0, 0xf7, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000000)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x10000, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
pwritev2(r1, &(0x7f0000000180)=[{&(0x7f0000000200)="d2", 0x1}], 0x1, 0x100dfd, 0xffffffff, 0x4)
linkat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file1\x00', 0xffffffffffffff9c, &(0x7f00000003c0)='./file0/file2\x00', 0x1000)
socket$inet_sctp(0x2, 0x1, 0x84)

29.245005128s ago: executing program 1 (id=17):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
r0 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x0, 0x0, 0xfffffff9}, &(0x7f0000000340)=<r1=>0x0, &(0x7f00000002c0))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000240)=0xfffffffb, 0x0, 0x4)
io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0xfffffdcf)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x3, 0xc, 0x105, 0x6, 0x7, 0x6b4, 0x510000000, 0x6, 0x40}, 0x0)
ptrace$pokeuser(0x6, 0x0, 0x5, 0x32bf)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x58, 0x10, 0x40d, 0x0, 0x4, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x14, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x4}, @IFLA_MACVLAN_BC_QUEUE_LEN={0x8, 0x9, 0xffffffff}]}}}, @IFLA_ALT_IFNAME={0x14, 0x35, 'macvlan0\x00'}]}, 0x58}}, 0x8000)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)=<r4=>0x0)
prlimit64(r4, 0x3, &(0x7f0000000200)={0x2, 0xf}, &(0x7f0000000240))
r5 = syz_open_dev$radio(&(0x7f0000000000), 0x1, 0x2)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r6, &(0x7f0000000100)={0x1f, 0x0, @none, 0x4}, 0xe)
socket$nl_generic(0x10, 0x3, 0x10)
r7 = fsopen(&(0x7f0000000000)='jfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r7, 0x1, &(0x7f0000000280)='uid', &(0x7f00000008c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\bb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xd7\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0)
connect$bt_l2cap(r6, &(0x7f00000000c0)={0x1f, 0x80, @any, 0x0, 0x2}, 0xe)
write$binfmt_script(r5, &(0x7f0000005e80)={'#! ', './file0'}, 0xb)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000480)=@newtaction={0x64, 0x30, 0xb, 0x0, 0x0, {}, [{0x50, 0x1, [@m_ct={0x4c, 0x1, 0x0, 0x0, {{0x7}, {0x24, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_NAT_PORT_MIN={0x6}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))

14.009834389s ago: executing program 32 (id=17):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
r0 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x0, 0x0, 0xfffffff9}, &(0x7f0000000340)=<r1=>0x0, &(0x7f00000002c0))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000240)=0xfffffffb, 0x0, 0x4)
io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0xfffffdcf)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x3, 0xc, 0x105, 0x6, 0x7, 0x6b4, 0x510000000, 0x6, 0x40}, 0x0)
ptrace$pokeuser(0x6, 0x0, 0x5, 0x32bf)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x58, 0x10, 0x40d, 0x0, 0x4, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x14, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x4}, @IFLA_MACVLAN_BC_QUEUE_LEN={0x8, 0x9, 0xffffffff}]}}}, @IFLA_ALT_IFNAME={0x14, 0x35, 'macvlan0\x00'}]}, 0x58}}, 0x8000)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)=<r4=>0x0)
prlimit64(r4, 0x3, &(0x7f0000000200)={0x2, 0xf}, &(0x7f0000000240))
r5 = syz_open_dev$radio(&(0x7f0000000000), 0x1, 0x2)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r6, &(0x7f0000000100)={0x1f, 0x0, @none, 0x4}, 0xe)
socket$nl_generic(0x10, 0x3, 0x10)
r7 = fsopen(&(0x7f0000000000)='jfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r7, 0x1, &(0x7f0000000280)='uid', &(0x7f00000008c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\bb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xd7\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0)
connect$bt_l2cap(r6, &(0x7f00000000c0)={0x1f, 0x80, @any, 0x0, 0x2}, 0xe)
write$binfmt_script(r5, &(0x7f0000005e80)={'#! ', './file0'}, 0xb)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000480)=@newtaction={0x64, 0x30, 0xb, 0x0, 0x0, {}, [{0x50, 0x1, [@m_ct={0x4c, 0x1, 0x0, 0x0, {{0x7}, {0x24, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_NAT_PORT_MIN={0x6}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))

12.048335039s ago: executing program 4 (id=57):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000200000000000000000808"], &(0x7f00000002c0)='GPL\x00'}, 0x94)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000580)={'netdevsim0\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000a40)={r0, r2, 0x25, 0x4, @void}, 0x10)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r3, 0xffffffffffffffff, 0x0)

11.954005972s ago: executing program 2 (id=58):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x40, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xc36e5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket$caif_stream(0x25, 0x1, 0x4)
setsockopt$CAIFSO_REQ_PARAM(r5, 0x116, 0x80, 0x0, 0x0)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$sndpcmp(0x0, 0x0, 0x100)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000280)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_GET_MPP(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000002c0)={0x1c, r7, 0x325, 0x70bd2d, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0xd4}, 0x800)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
r9 = socket$netlink(0x10, 0x3, 0x0)
writev(r9, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000000)={0x10000, 0xbf22c86d1a82dad0, 0xd000, 0x1000, &(0x7f0000ffc000/0x1000)=nil})

10.803086674s ago: executing program 2 (id=60):
recvmmsg(0xffffffffffffffff, &(0x7f0000000380)=[{{0x0, 0x0, 0x0}, 0x7fff}], 0x1, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x40, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
syz_io_uring_setup(0x2ddd, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000000), &(0x7f0000000380))
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000002980)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x2000, 0xa68d7c519f800ff1, 0xffbc, 0x6, 0x1d45, 0x0, 0x0, 0x0, 0x40}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f0000008380)="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0x0, 0x68cc, {0x0, 0x14}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0)
writev(r2, &(0x7f0000000280)=[{&(0x7f00000049c0)="a1ff7625c4a67c2ce177", 0xa}], 0x1)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
close(r0)

10.783474537s ago: executing program 4 (id=61):
r0 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0x5ba8, 0xfffffffffffffffd)
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
keyctl$set_timeout(0xf, r0, 0xfc)

9.999191315s ago: executing program 4 (id=62):
arch_prctl$ARCH_SHSTK_DISABLE(0x5002, 0x2)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0x5}, 0x10)
r2 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
sendmmsg(r2, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
recvmmsg$unix(r1, &(0x7f00000043c0)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000002c0)=""/240, 0xf0}], 0x1}}, {{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000480)=""/198, 0xc6}], 0x1}}, {{0x0, 0x0, &(0x7f0000002d00)}}], 0x3, 0x0, 0x0)

9.688527838s ago: executing program 3 (id=64):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}}, 0x4044004)
recvmmsg(r0, &(0x7f0000005dc0)=[{{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, 0x0}, 0x10003}, {{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000240)=""/180, 0xb4}, {&(0x7f00000060c0)=""/4129, 0x1021}, {&(0x7f00000017c0)=""/220, 0xdc}, {&(0x7f0000000b40)=""/221, 0xdd}, {&(0x7f00000008c0)=""/234, 0xea}], 0x5}, 0x80000002}], 0x3, 0x0, 0x0)

9.419441994s ago: executing program 3 (id=65):
syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x2082)
syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x22c01)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x2)
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000000)=ANY=[@ANYRES32=0x1, @ANYBLOB="000200"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="040000000500"/28], 0x50)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'team0\x00', <r2=>0x0})
r3 = socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffdffffffffff, 0xfa11, 0xffffffff}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r6], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10)
sendmsg(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="e8000000000000000b210000ff3f7c081e0f315b91fcaec7bf495d5c618332756cbb1bb9ce6d12b9d976d1f33aca41e50a3342bcd67c311f7885a05c3fcf2ae21f1498ec481e7ca2c3ca4c7b3bf94448f62e111e5a79929b9182cc977ba6ae766ce37bdaac6da997fbc15f0c79f42155b99a280667b51fdc7902d7be5ef41f953fedb32aceeada13250626957e2013d5b12cc916541ccbeb0d4060a4dd89664eaba2f6b4ede0c9e3dc1c9446d9284ebe0e46eee7bc145ff0a2779c025553298812978ea53a8c60f254f23344a80a0aac7b141787bad6b0ba090000005f2f3158f0d200000000000070000000000000000701000040000000afbb30c2946e41ef3167d1f6ed47aa1f52bad114a89dbed741f74a23cd8d915e2dcc74a4932646b90f90a9d3956d5cadb642ac79fcb0aae3654482188263abd27e9d57cc28032453dc75f333e1f367ab38b7e7719805a454e79802d07ec60c00b0000000000000000100000001"], 0x208}, 0x0)
socketpair(0x1, 0x5, 0x0, &(0x7f0000000240)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
sendmsg(r8, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[], 0x208}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r9, &(0x7f0000001dc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=""/188, 0xbc, 0xdf0e}}], 0x1800, 0x2002, 0x0)
setsockopt$MRT6_ADD_MIF(r3, 0x29, 0xca, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="1b000000000071053c5a7787ca81000000000000", @ANYRES32=r1, @ANYBLOB='\a\x00'/20, @ANYRES32=r2, @ANYRES32, @ANYBLOB="04000000010000000500"/28], 0x50)
ioctl$KDGKBDIACR(r0, 0x4bfa, &(0x7f00000000c0)=""/239)

9.310742166s ago: executing program 2 (id=66):
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
timer_settime(0x0, 0x0, 0x0, 0x0)
bind$unix(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000003c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000002140)=[{&(0x7f0000000180)=""/25, 0x19}], 0x1, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000940)=ANY=[@ANYBLOB="e80100000001050500000000000000000a0000003c0002802c00018014000300ff01000000000000000000000000000114000400ff0200000000000000000000000000010c00028005000100000000003c0001800c00028005000100000000002c00018014000300ff020d40f799000000000000000000011400040020010000000000000000000000000001080007400000000010000d800c000380060002004e210000080007400000000da800068004000380080002006401010124000380060001004e230000060001004e230000060001004e210000060002004e24000008000200e0000002340003ec060002004e230000060002004e240000060001004e200000060002004e200000060002004e230000060001004e200000340004000000000000000000000000000000000008000200ac1414aa140005000000000000000000000000000000000008000100e000000284000e801400018008000100ac141409080002000a0101010600034000000000060003400001000006000340000300000c000280050001009f0000000c00028005000100000000002c00018014000300fe80000000000000000000000000002d14000400fc"], 0x1e8}}, 0x0)

8.358832237s ago: executing program 2 (id=67):
r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x7, 0x0)
ioctl$VIDIOC_G_CTRL(r0, 0xc008561b, &(0x7f0000000040)={0x5, 0x4})

7.807244259s ago: executing program 2 (id=68):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb47, 0x9, 0x8, 0x80000001, 0x3}, 0x0)
syz_open_dev$vim2m(&(0x7f0000000040), 0xa, 0x2)
r2 = memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x2)
ftruncate(r2, 0x80079a0)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r2, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
lseek(r2, 0x0, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x1, 0x2, &(0x7f0000000140)=@raw=[@ldst={0x1, 0x2, 0x4, 0x0, 0x1, 0xba}, @exit], &(0x7f00000000c0)='GPL\x00'}, 0x90)
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r2, 0x40182103, &(0x7f00000003c0)={0x0, 0x1, r2, 0x4, 0x80000})
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/bus/input/devices\x00', 0x0, 0x0)
read$FUSE(r3, &(0x7f0000004100)={0x2020}, 0x2020)
r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000000000207d1e5a2d000000000001090224000100"], 0x0)
syz_usb_control_io$hid(r4, 0x0, 0x0)
syz_usb_control_io$hid(r4, &(0x7f0000000140)={0x24, 0x0, 0x0, &(0x7f0000001240)=ANY=[@ANYBLOB="002208000000a20100c3"], 0x0}, 0x0)
syz_open_dev$hiddev(&(0x7f0000000000), 0x0, 0x880)
chdir(&(0x7f0000000480)='./cgroup\x00')

6.511587613s ago: executing program 0 (id=69):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_PROG_DETACH(0x8, 0x0, 0x10)
close(0xffffffffffffffff)
sched_setaffinity(0x0, 0x0, 0x0)
prlimit64(0x0, 0x7, &(0x7f00000000c0)={0x5, 0x8}, 0x0)
syz_open_dev$loop(&(0x7f0000000440), 0x7, 0x0)
socket$kcm(0x21, 0x2, 0x2)

5.220230043s ago: executing program 0 (id=70):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000200000000000000000808"], &(0x7f00000002c0)='GPL\x00'}, 0x94)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000580)={'netdevsim0\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000a40)={r0, r2, 0x25, 0x4, @void}, 0x10)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r3, 0xffffffffffffffff, 0x0)

4.98588734s ago: executing program 4 (id=71):
syz_emit_ethernet(0x36, &(0x7f0000000100)={@local, @empty, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, '\x00', 0x0, 0x73, 0x0, @dev, @local}}}}, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xc36e5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
unshare(0x8000000)
semget$private(0x0, 0x4000, 0x555)
semtimedop(0x0, &(0x7f0000000280)=[{0x0, 0x0, 0x1000}], 0x1, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_CHANNELS_GET(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000001c0)=ANY=[@ANYRES32=r5, @ANYRES16=r5, @ANYBLOB="010326bd6000000000002d"], 0x20}, 0x1, 0x0, 0x0, 0x40904}, 0x20040814)
syz_usb_connect(0x0, 0x36, &(0x7f0000000300)={{0x12, 0x1, 0x0, 0x82, 0x3a, 0x59, 0x40, 0x763, 0x1011, 0x72a7, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0xf, 0x0, 0x0, 0xf, [{{0x9, 0x4, 0xc0, 0x3, 0x2, 0xff, 0xea, 0xb0, 0x9, [], [{{0x9, 0x5, 0x7, 0x2, 0x400, 0x40, 0x6, 0x8}}, {{0x9, 0x5, 0x8, 0x3, 0x200, 0x1, 0x7, 0x6}}]}}]}}]}}, 0x0)

4.922035949s ago: executing program 0 (id=72):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)={{0x14}, [@NFT_MSG_NEWRULE={0x78, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@NFTA_RULE_EXPRESSIONS={0x4c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x16}, @NFTA_CT_DIRECTION={0x5}]}}}, {0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xd}, @NFTA_CT_SREG={0x8, 0x4, 0x1, 0x0, 0xc}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0xa0}, 0x1, 0x0, 0x0, 0x840}, 0x0)

3.547309878s ago: executing program 0 (id=73):
sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x40004)
io_uring_setup(0x3aba, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000840)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb)
io_uring_enter(0xffffffffffffffff, 0x4687, 0xda48, 0x67, 0x0, 0x0)
r2 = add_key(&(0x7f00000003c0)='dns_resolver\x00', &(0x7f0000000400)={'syz', 0x3}, &(0x7f0000000080)='\x00\x00', 0x2, r1)
syz_usb_connect(0x3, 0x24, &(0x7f00000001c0)={{0x12, 0x1, 0x0, 0xd8, 0x57, 0xe0, 0x40, 0xdfc, 0x1, 0xc19, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x3, [{{0x9, 0x4, 0xe5, 0x0, 0x0, 0x25, 0x7d, 0x27}}]}}]}}, 0x0)
keyctl$read(0xb, r2, &(0x7f0000000280)=""/90, 0x5a)

3.345867534s ago: executing program 3 (id=74):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}}, 0x4044004)
recvmmsg(r0, &(0x7f0000005dc0)=[{{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, 0x0}, 0x10003}, {{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000240)=""/180, 0xb4}, {&(0x7f00000060c0)=""/4129, 0x1021}, {&(0x7f00000017c0)=""/220, 0xdc}, {&(0x7f0000000b40)=""/221, 0xdd}, {&(0x7f00000008c0)=""/234, 0xea}], 0x5}, 0x80000002}], 0x3, 0x0, 0x0)

2.767925849s ago: executing program 3 (id=75):
recvmmsg(0xffffffffffffffff, &(0x7f0000000380)=[{{0x0, 0x0, 0x0}, 0x7fff}], 0x1, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x40, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
syz_io_uring_setup(0x2ddd, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000000), &(0x7f0000000380))
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000002980)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x2000, 0xa68d7c519f800ff1, 0xffbc, 0x6, 0x1d45, 0x0, 0x0, 0x0, 0x40}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f0000008380)="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0x0, 0x68cc, {0x0, 0x14}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0)
writev(r2, &(0x7f0000000280)=[{&(0x7f00000049c0)="a1ff7625c4a67c2ce177", 0xa}], 0x1)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
close(r0)

2.595224024s ago: executing program 2 (id=76):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @multicast2}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000480)={{r2}, 0x0, &(0x7f0000000180)='%pK    \x00'}, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000d8d60b007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x16, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10)
r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000003040), 0xffffffffffffffff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000003140)={&(0x7f0000003080)={0x28, r6, 0xe6e964277ae08d57, 0x70bd2d, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @loopback}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x8040000}, 0x40080)

2.224400849s ago: executing program 3 (id=77):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
socket$inet_sctp(0x2, 0x1, 0x84)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, 0x0, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xf0667000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
getpgrp(0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_CLOCK(r5, 0x4030ae7b, &(0x7f0000000000)={0x8001, 0x0, 0x5, 0x8})

885.995587ms ago: executing program 0 (id=78):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x5, 0x1000086}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
r1 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r1, 0x0, 0x0)
socket$qrtr(0x2a, 0x2, 0x0)
sendmsg$NFQNL_MSG_VERDICT_BATCH(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000340)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x40048d0}, 0x20040811)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$unix(0xffffffffffffffff, 0x0, 0x4000)
recvmsg$unix(0xffffffffffffffff, 0x0, 0x1a0)
bind$unix(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(twofish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b", 0x2f}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e", 0xc2}], 0x3, &(0x7f0000000380)=[@op={0x18}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000540)=""/81, 0x51}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x0)

885.430342ms ago: executing program 4 (id=79):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}}, 0x0, 0x0, 0x1, 0x0, "6606ca7ce41b346ac33e74fc00d9165a44e86835fec0b518269fd4c21a897da3d787c09dcb8216a272aea67961649d1590065253e07bd0b461b349eb64746d76c42fb2623034078188f0009f9f10d5f0"}, 0xd8)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, 0x0, 0x0)

554.366986ms ago: executing program 3 (id=80):
r0 = openat$btrfs_control(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r0, 0x50009404, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56441, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r5, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x3c, 0x2c, 0xd3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0xb, 0xfff3}, {}, {0x8, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0xc, 0x2, [@TCA_BASIC_CLASSID={0x8, 0x1, {0x1, 0xa}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00'})
socket(0x10, 0x80002, 0x0)

7.249306ms ago: executing program 4 (id=81):
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = syz_io_uring_setup(0x10a, &(0x7f0000000140)={0x0, 0x5883, 0x0, 0x0, 0xfffffdfc}, 0x0, &(0x7f0000000280)=<r1=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
close(0x3)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r2, &(0x7f0000000300)={{0x6, @rose, 0x1}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]}, 0x48)
r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
bind$netrom(r3, &(0x7f00000004c0)={{0x6, @rose, 0x1}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}, 0x48)
listen(r3, 0x80)
accept$netrom(r3, 0x0, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0, 0x0, 0x0, 0x0, {0x3}})
io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0)

0s ago: executing program 0 (id=82):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f00000008c0), 0xb, 0x80a00)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, r3, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000340)={r4, 0x0, 0x0, 0x0, 0x1, [<r5=>0x0], [0x0, 0x7], [0x0, 0x80000002, 0x2], [0x0, 0x0, 0x1, 0x1]})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0x806})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000080)={r5, 0x0, <r6=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r6})

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.53' (ED25519) to the list of known hosts.
[   88.632195][ T5846] cgroup: Unknown subsys name 'net'
[   88.802167][ T5846] cgroup: Unknown subsys name 'cpuset'
[   88.811290][ T5846] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   90.520302][ T5846] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   95.486523][ T5870] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   95.511210][ T5870] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   95.521062][ T5870] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   95.561888][ T5878] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   95.567589][ T5880] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   95.577041][ T5880] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   95.578449][ T5878] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   95.584928][ T5880] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   95.599016][ T5870] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   95.606904][ T5880] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   95.614443][ T5880] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   95.616067][ T5878] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   95.624701][ T5880] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   95.633323][ T5881] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   95.643426][ T5878] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   95.643523][ T5880] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   95.651974][ T5878] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   95.658845][ T5870] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   95.674045][ T5870] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   95.682338][ T5870] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   95.682593][ T5872] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   95.697613][ T5872] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   95.706549][ T5872] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   95.707107][ T5870] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   95.719471][ T5872] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   96.487437][ T5863] chnl_net:caif_netlink_parms(): no params data found
[   96.512582][ T5873] chnl_net:caif_netlink_parms(): no params data found
[   96.635765][ T5869] chnl_net:caif_netlink_parms(): no params data found
[   96.650602][ T5861] chnl_net:caif_netlink_parms(): no params data found
[   96.707847][ T5862] chnl_net:caif_netlink_parms(): no params data found
[   96.788681][ T5863] bridge0: port 1(bridge_slave_0) entered blocking state
[   96.796599][ T5863] bridge0: port 1(bridge_slave_0) entered disabled state
[   96.804643][ T5863] bridge_slave_0: entered allmulticast mode
[   96.812295][ T5863] bridge_slave_0: entered promiscuous mode
[   96.855912][ T5863] bridge0: port 2(bridge_slave_1) entered blocking state
[   96.863967][ T5863] bridge0: port 2(bridge_slave_1) entered disabled state
[   96.871651][ T5863] bridge_slave_1: entered allmulticast mode
[   96.880205][ T5863] bridge_slave_1: entered promiscuous mode
[   96.977015][ T5873] bridge0: port 1(bridge_slave_0) entered blocking state
[   96.985208][ T5873] bridge0: port 1(bridge_slave_0) entered disabled state
[   96.993071][ T5873] bridge_slave_0: entered allmulticast mode
[   97.001871][ T5873] bridge_slave_0: entered promiscuous mode
[   97.057955][ T5873] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.065320][ T5873] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.073613][ T5873] bridge_slave_1: entered allmulticast mode
[   97.082866][ T5873] bridge_slave_1: entered promiscuous mode
[   97.093732][ T5863] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   97.160620][  T981] cfg80211: failed to load regulatory.db
[   97.183367][ T5863] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   97.222330][ T5861] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.229623][ T5861] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.236907][ T5861] bridge_slave_0: entered allmulticast mode
[   97.244893][ T5861] bridge_slave_0: entered promiscuous mode
[   97.253288][ T5869] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.260696][ T5869] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.268092][ T5869] bridge_slave_0: entered allmulticast mode
[   97.276105][ T5869] bridge_slave_0: entered promiscuous mode
[   97.298525][ T5862] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.305693][ T5862] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.314188][ T5862] bridge_slave_0: entered allmulticast mode
[   97.321880][ T5862] bridge_slave_0: entered promiscuous mode
[   97.332467][ T5862] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.339703][ T5862] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.347000][ T5862] bridge_slave_1: entered allmulticast mode
[   97.354642][ T5862] bridge_slave_1: entered promiscuous mode
[   97.364077][ T5873] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   97.377691][ T5873] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   97.403065][ T5863] team0: Port device team_slave_0 added
[   97.412153][ T5861] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.419820][ T5861] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.427123][ T5861] bridge_slave_1: entered allmulticast mode
[   97.434766][ T5861] bridge_slave_1: entered promiscuous mode
[   97.442889][ T5869] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.450489][ T5869] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.457803][ T5869] bridge_slave_1: entered allmulticast mode
[   97.466130][ T5869] bridge_slave_1: entered promiscuous mode
[   97.519054][ T5863] team0: Port device team_slave_1 added
[   97.573365][ T5862] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   97.584438][ T5873] team0: Port device team_slave_0 added
[   97.593875][ T5873] team0: Port device team_slave_1 added
[   97.647406][ T5862] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   97.688521][ T5861] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   97.700927][ T5869] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   97.714385][ T5869] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   97.729054][ T5872] Bluetooth: hci2: command tx timeout
[   97.759886][ T5863] batman_adv: batadv0: Adding interface: batadv_slave_0
[   97.767042][ T5863] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   97.793989][ T5863] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   97.805277][ T5872] Bluetooth: hci4: command tx timeout
[   97.810956][ T5870] Bluetooth: hci3: command tx timeout
[   97.811088][ T5870] Bluetooth: hci1: command tx timeout
[   97.811193][ T5870] Bluetooth: hci0: command tx timeout
[   97.816655][ T5861] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   97.818759][ T5863] batman_adv: batadv0: Adding interface: batadv_slave_1
[   97.844151][ T5863] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   97.871198][ T5863] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   97.912029][ T5862] team0: Port device team_slave_0 added
[   97.919809][ T5873] batman_adv: batadv0: Adding interface: batadv_slave_0
[   97.926788][ T5873] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   97.953215][ T5873] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   97.967344][ T5873] batman_adv: batadv0: Adding interface: batadv_slave_1
[   97.974608][ T5873] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.001173][ T5873] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   98.050621][ T5862] team0: Port device team_slave_1 added
[   98.096755][ T5869] team0: Port device team_slave_0 added
[   98.106313][ T5869] team0: Port device team_slave_1 added
[   98.144512][ T5861] team0: Port device team_slave_0 added
[   98.193774][ T5869] batman_adv: batadv0: Adding interface: batadv_slave_0
[   98.202534][ T5869] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.229495][ T5869] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   98.241925][ T5862] batman_adv: batadv0: Adding interface: batadv_slave_0
[   98.249206][ T5862] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.275579][ T5862] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   98.288944][ T5861] team0: Port device team_slave_1 added
[   98.300397][ T5863] hsr_slave_0: entered promiscuous mode
[   98.307062][ T5863] hsr_slave_1: entered promiscuous mode
[   98.328716][ T5869] batman_adv: batadv0: Adding interface: batadv_slave_1
[   98.335694][ T5869] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.361895][ T5869] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   98.381563][ T5862] batman_adv: batadv0: Adding interface: batadv_slave_1
[   98.388606][ T5862] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.415252][ T5862] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   98.476726][ T5873] hsr_slave_0: entered promiscuous mode
[   98.483583][ T5873] hsr_slave_1: entered promiscuous mode
[   98.490138][ T5873] debugfs: 'hsr0' already exists in 'hsr'
[   98.496171][ T5873] Cannot create hsr debugfs directory
[   98.537163][ T5861] batman_adv: batadv0: Adding interface: batadv_slave_0
[   98.544401][ T5861] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.571149][ T5861] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   98.585264][ T5861] batman_adv: batadv0: Adding interface: batadv_slave_1
[   98.592671][ T5861] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.618693][ T5861] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   98.664397][ T5869] hsr_slave_0: entered promiscuous mode
[   98.671172][ T5869] hsr_slave_1: entered promiscuous mode
[   98.677601][ T5869] debugfs: 'hsr0' already exists in 'hsr'
[   98.684069][ T5869] Cannot create hsr debugfs directory
[   98.882539][ T5862] hsr_slave_0: entered promiscuous mode
[   98.889656][ T5862] hsr_slave_1: entered promiscuous mode
[   98.895953][ T5862] debugfs: 'hsr0' already exists in 'hsr'
[   98.901982][ T5862] Cannot create hsr debugfs directory
[   98.922171][ T5861] hsr_slave_0: entered promiscuous mode
[   98.929947][ T5861] hsr_slave_1: entered promiscuous mode
[   98.936145][ T5861] debugfs: 'hsr0' already exists in 'hsr'
[   98.942472][ T5861] Cannot create hsr debugfs directory
[   99.447007][ T5873] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   99.461947][ T5873] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   99.483550][ T5873] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   99.504933][ T5873] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   99.552653][ T5863] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   99.578277][ T5863] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   99.602287][ T5863] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   99.613210][ T5863] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   99.704040][ T5869] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   99.716122][ T5869] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   99.739928][ T5869] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   99.753247][ T5869] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   99.798724][ T5872] Bluetooth: hci2: command tx timeout
[   99.878333][ T5872] Bluetooth: hci0: command tx timeout
[   99.878384][ T5180] Bluetooth: hci1: command tx timeout
[   99.884348][ T5870] Bluetooth: hci4: command tx timeout
[   99.890303][ T5876] Bluetooth: hci3: command tx timeout
[   99.934935][ T5863] 8021q: adding VLAN 0 to HW filter on device bond0
[   99.949369][ T5861] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   99.963095][ T5861] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   99.975301][ T5861] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   99.987740][ T5861] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  100.053398][ T5873] 8021q: adding VLAN 0 to HW filter on device bond0
[  100.093696][ T5863] 8021q: adding VLAN 0 to HW filter on device team0
[  100.143111][ T5862] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  100.163289][ T5862] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  100.177697][ T5862] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  100.194917][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.202652][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  100.221617][ T5873] 8021q: adding VLAN 0 to HW filter on device team0
[  100.233103][ T5862] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  100.264298][ T3492] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.271473][ T3492] bridge0: port 1(bridge_slave_0) entered forwarding state
[  100.298022][ T3492] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.305256][ T3492] bridge0: port 2(bridge_slave_1) entered forwarding state
[  100.345832][ T3492] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.353044][ T3492] bridge0: port 2(bridge_slave_1) entered forwarding state
[  100.443959][ T5869] 8021q: adding VLAN 0 to HW filter on device bond0
[  100.517548][ T5863] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  100.585414][ T5862] 8021q: adding VLAN 0 to HW filter on device bond0
[  100.626567][ T5861] 8021q: adding VLAN 0 to HW filter on device bond0
[  100.653916][ T5869] 8021q: adding VLAN 0 to HW filter on device team0
[  100.707266][   T37] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.714681][   T37] bridge0: port 1(bridge_slave_0) entered forwarding state
[  100.757274][   T37] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.764603][   T37] bridge0: port 2(bridge_slave_1) entered forwarding state
[  100.783309][ T5861] 8021q: adding VLAN 0 to HW filter on device team0
[  100.796933][ T5862] 8021q: adding VLAN 0 to HW filter on device team0
[  100.843222][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.850489][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  100.925181][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.932983][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  100.954840][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.962101][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  100.994931][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.002171][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  101.112814][ T5873] 8021q: adding VLAN 0 to HW filter on device batadv0
[  101.200432][ T5863] 8021q: adding VLAN 0 to HW filter on device batadv0
[  101.340633][ T5873] veth0_vlan: entered promiscuous mode
[  101.413855][ T5873] veth1_vlan: entered promiscuous mode
[  101.535499][ T5863] veth0_vlan: entered promiscuous mode
[  101.544803][ T5873] veth0_macvtap: entered promiscuous mode
[  101.588941][ T5873] veth1_macvtap: entered promiscuous mode
[  101.614696][ T5863] veth1_vlan: entered promiscuous mode
[  101.663805][ T5869] 8021q: adding VLAN 0 to HW filter on device batadv0
[  101.736826][ T5873] batman_adv: batadv0: Interface activated: batadv_slave_0
[  101.770880][ T5861] 8021q: adding VLAN 0 to HW filter on device batadv0
[  101.790789][ T5862] 8021q: adding VLAN 0 to HW filter on device batadv0
[  101.800775][ T5873] batman_adv: batadv0: Interface activated: batadv_slave_1
[  101.843652][ T3492] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  101.884207][ T5876] Bluetooth: hci2: command tx timeout
[  101.891113][ T3492] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  101.902800][ T3492] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  101.935399][ T3492] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  101.960554][ T5876] Bluetooth: hci0: command tx timeout
[  101.962925][ T5863] veth0_macvtap: entered promiscuous mode
[  101.966098][ T5876] Bluetooth: hci4: command tx timeout
[  101.979281][ T5180] Bluetooth: hci3: command tx timeout
[  101.979362][ T5872] Bluetooth: hci1: command tx timeout
[  101.995980][ T5863] veth1_macvtap: entered promiscuous mode
[  102.012431][ T5869] veth0_vlan: entered promiscuous mode
[  102.076738][ T5869] veth1_vlan: entered promiscuous mode
[  102.114121][ T5863] batman_adv: batadv0: Interface activated: batadv_slave_0
[  102.172902][ T5863] batman_adv: batadv0: Interface activated: batadv_slave_1
[  102.224947][ T5862] veth0_vlan: entered promiscuous mode
[  102.236498][ T3492] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  102.269037][ T3492] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  102.285663][ T3492] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  102.325259][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  102.328950][ T3492] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  102.344725][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  102.357770][ T5869] veth0_macvtap: entered promiscuous mode
[  102.374692][ T5862] veth1_vlan: entered promiscuous mode
[  102.419582][ T3492] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  102.427443][ T3492] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  102.457632][ T5869] veth1_macvtap: entered promiscuous mode
[  102.532703][ T5873] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  102.556004][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  102.580163][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  102.594442][ T5869] batman_adv: batadv0: Interface activated: batadv_slave_0
[  102.616335][ T5862] veth0_macvtap: entered promiscuous mode
[  102.656701][ T5869] batman_adv: batadv0: Interface activated: batadv_slave_1
[  102.685828][ T5862] veth1_macvtap: entered promiscuous mode
[  102.727787][ T5861] veth0_vlan: entered promiscuous mode
[  102.737099][ T1001] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  102.744643][ T5862] batman_adv: batadv0: Interface activated: batadv_slave_0
[  102.750557][ T1001] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  102.765567][   T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  102.792315][   T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  102.801509][   T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  102.817784][ T5862] batman_adv: batadv0: Interface activated: batadv_slave_1
[  102.827090][ T5861] veth1_vlan: entered promiscuous mode
[  102.855775][   T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  102.925049][   T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  102.936455][   T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  103.055472][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[  103.067313][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  103.113778][   T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  103.163057][   T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  103.564781][ T5987] netlink: 'syz.2.3': attribute type 1 has an invalid length.
[  103.574214][ T5987] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3'.
[  103.965156][ T5872] Bluetooth: hci2: command tx timeout
[  104.041125][ T5872] Bluetooth: hci4: command tx timeout
[  104.042671][ T5876] Bluetooth: hci1: command tx timeout
[  104.047224][ T5872] Bluetooth: hci3: command tx timeout
[  104.062580][ T5180] Bluetooth: hci0: command tx timeout
[  104.122677][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.143112][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.164980][ T5861] veth0_macvtap: entered promiscuous mode
[  104.197764][ T5861] veth1_macvtap: entered promiscuous mode
[  104.402324][ T5861] batman_adv: batadv0: Interface activated: batadv_slave_0
[  104.501714][ T5861] batman_adv: batadv0: Interface activated: batadv_slave_1
[  104.693688][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  105.000525][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[  105.009718][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  105.513021][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  105.529929][ T5993] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  105.630339][ T1151] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  105.655431][ T5993] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  105.664368][ T1151] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  105.666170][ T5993] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  106.282032][ T5993] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  106.333186][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[  106.343354][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  106.559401][ T1001] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  106.578151][ T1001] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  106.593816][ T5993] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  106.632546][ T5993] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  106.913674][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  106.940420][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.443461][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  107.458200][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[  108.288591][ T1001] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.392023][ T1001] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.448557][   T24] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  108.792297][ T6012] netlink: 'syz.0.1': attribute type 9 has an invalid length.
[  108.861708][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  108.922661][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  109.036462][   T24] usb 3-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[  109.058833][ T6024] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  109.124872][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  109.187249][   T24] usb 3-1: config 0 descriptor??
[  109.709271][ T6027] loop1: detected capacity change from 0 to 32768
[  110.262559][ T6027] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  110.262592][ T6027]   allowing incompatible features above 0.0: (unknown version)
[  110.262607][ T6027]   features: lz4
[  110.297053][ T6027] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0
[  110.305595][ T6027] bcachefs (loop1): initializing new filesystem
[  110.320638][ T6027] bcachefs (loop1): going read-write
[  110.629076][ T6027] bcachefs (loop1): marking superblocks
[  110.656546][ T6027] bcachefs (loop1): initializing freespace
[  110.667863][ T6027] bcachefs (loop1): done initializing freespace
[  110.680398][ T6027] bcachefs (loop1): reading snapshots table
[  110.686430][ T6027] bcachefs (loop1): reading snapshots done
[  110.751838][ T6027] bcachefs (loop1): done starting filesystem
[  110.885628][ T6041] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  111.196103][ T6044] bcachefs (loop1): requested incompat feature 1.16: reflink_p_may_update_opts currently not enabled, allowed up to 1.16: reflink_p_may_update_opts
[  111.196103][ T6044]   set version_upgrade=incompat to enable
[  111.830824][ T6027] syz.1.11 (6027) used greatest stack depth: 15672 bytes left
[  113.026941][ T6056] fuse: Bad value for 'fd'
[  113.127864][ T5873] bcachefs (loop1): shutting down
[  113.198723][ T5873] bcachefs (loop1): going read-only
[  113.223040][ T5873] bcachefs (loop1): finished waiting for writes to stop
[  113.340570][ T5873] bcachefs (loop1): flushing journal and stopping allocators, journal seq 6
[  114.004148][   T24] usbhid 3-1:0.0: can't add hid device: -71
[  114.569797][   T24] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  114.584529][   T24] usb 3-1: USB disconnect, device number 2
[  114.600766][ T5870] Bluetooth: hci1: command tx timeout
[  114.713441][ T5873] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 10
[  114.847741][ T5873] bcachefs (loop1): clean shutdown complete, journal seq 11
[  114.857691][ T5873] bcachefs (loop1): marking filesystem clean
[  115.880547][ T5873] bcachefs (loop1): shutdown complete
[  117.533774][  T981] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  118.934038][  T981] usb 3-1: Using ep0 maxpacket: 32
[  119.816867][  T981] usb 3-1: device descriptor read/all, error -71
[  120.181193][ T6105] netlink: 'syz.3.28': attribute type 4 has an invalid length.
[  120.735022][ T6109] fuse: Bad value for 'fd'
[  121.536663][   T10] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  121.744952][   T10] usb 4-1: config 0 has an invalid interface number: 229 but max is 0
[  122.410436][   T10] usb 4-1: config 0 has no interface number 0
[  122.420740][   T10] usb 4-1: New USB device found, idVendor=0dfc, idProduct=0001, bcdDevice= c.19
[  122.432854][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  122.580186][   T10] usb 4-1: config 0 descriptor??
[  122.836028][   T10] usb 4-1: USB disconnect, device number 2
[  123.624961][ T6150] fuse: Bad value for 'fd'
[  123.978093][  T887] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  124.242897][  T887] usb 1-1: Using ep0 maxpacket: 32
[  124.274711][  T887] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  124.330339][  T887] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  124.376612][  T887] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  124.427363][  T887] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  124.449156][  T887] usb 1-1: config 0 descriptor??
[  125.897709][ T6172] tipc: Started in network mode
[  125.903189][ T6172] tipc: Node identity 4, cluster identity 4711
[  125.909570][ T6172] tipc: Node number set to 4
[  129.008880][ T5943] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  129.124778][   T24] usb 1-1: USB disconnect, device number 2
[  129.229815][ T5943] usb 4-1: config 0 has an invalid interface number: 229 but max is 0
[  129.293071][ T5943] usb 4-1: config 0 has no interface number 0
[  129.346560][ T5943] usb 4-1: New USB device found, idVendor=0dfc, idProduct=0001, bcdDevice= c.19
[  129.369905][ T5943] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  129.477766][ T5943] usb 4-1: config 0 descriptor??
[  129.663713][ T5870] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  129.674047][ T5870] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  129.683740][ T5870] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  129.692304][ T5870] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  129.758961][ T6201] netlink: 'syz.2.58': attribute type 4 has an invalid length.
[  130.348181][ T5870] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  130.514328][ T5943] usb 4-1: USB disconnect, device number 3
[  132.114086][ T6199] chnl_net:caif_netlink_parms(): no params data found
[  132.435488][ T6230] netlink: 16 bytes leftover after parsing attributes in process `syz.2.66'.
[  132.440193][ T6230] netlink: 4 bytes leftover after parsing attributes in process `syz.2.66'.
[  132.441660][ T6230] netlink: 16 bytes leftover after parsing attributes in process `syz.2.66'.
[  132.868127][ T5870] Bluetooth: hci5: command tx timeout
[  133.554242][ T6199] bridge0: port 1(bridge_slave_0) entered blocking state
[  133.734752][ T6199] bridge0: port 1(bridge_slave_0) entered disabled state
[  133.754568][ T6199] bridge_slave_0: entered allmulticast mode
[  133.854867][ T6199] bridge_slave_0: entered promiscuous mode
[  134.287528][ T6199] bridge0: port 2(bridge_slave_1) entered blocking state
[  134.308654][ T6199] bridge0: port 2(bridge_slave_1) entered disabled state
[  134.348082][ T6199] bridge_slave_1: entered allmulticast mode
[  134.393941][ T6199] bridge_slave_1: entered promiscuous mode
[  134.862822][ T6107] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  135.068826][ T5872] Bluetooth: hci5: command tx timeout
[  135.088194][  T887] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  136.092174][ T6199] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  136.117626][ T6199] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  136.229706][  T887] usb 3-1: Using ep0 maxpacket: 32
[  136.272920][  T887] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  136.325451][  T887] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  136.355796][  T887] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  136.405438][  T887] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  136.605225][  T887] usb 3-1: config 0 descriptor??
[  137.068445][  T981] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  137.108306][ T5872] Bluetooth: hci5: command tx timeout
[  137.567897][ T6107] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  137.602462][  T981] usb 5-1: config 15 has an invalid interface number: 192 but max is 0
[  137.633774][  T981] usb 5-1: config 15 has no interface number 0
[  137.647118][  T981] usb 5-1: config 15 interface 192 altsetting 3 bulk endpoint 0x7 has invalid maxpacket 1024
[  137.663641][ T6199] team0: Port device team_slave_0 added
[  137.676604][  T981] usb 5-1: config 15 interface 192 has no altsetting 0
[  137.733133][  T981] usb 5-1: New USB device found, idVendor=0763, idProduct=1011, bcdDevice=72.a7
[  137.803729][ T6199] team0: Port device team_slave_1 added
[  137.820388][  T981] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  137.847344][  T981] usb 5-1: Product: syz
[  137.861657][  T981] usb 5-1: Manufacturer: syz
[  137.875523][  T981] usb 5-1: SerialNumber: syz
[  137.909896][ T6259] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  137.951549][ T6107] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  138.098126][ T5907] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  138.139294][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  138.187654][ T6107] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  138.230606][ T6199] batman_adv: batadv0: Adding interface: batadv_slave_0
[  138.245628][ T6199] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  138.287137][ T5907] usb 1-1: config 0 has an invalid interface number: 229 but max is 0
[  138.303795][ T5907] usb 1-1: config 0 has no interface number 0
[  138.310996][ T6199] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  138.317339][  T887] usb 3-1: can't set config #0, error -71
[  138.325280][ T5907] usb 1-1: New USB device found, idVendor=0dfc, idProduct=0001, bcdDevice= c.19
[  138.340627][  T887] usb 3-1: USB disconnect, device number 5
[  138.344377][ T6199] batman_adv: batadv0: Adding interface: batadv_slave_1
[  138.355371][ T5907] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  138.365535][ T6199] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  138.424064][ T6199] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  138.429608][ T5907] usb 1-1: config 0 descriptor??
[  138.684580][ T5907] usb 1-1: USB disconnect, device number 3
[  138.737502][ T6199] hsr_slave_0: entered promiscuous mode
[  138.751524][ T6199] hsr_slave_1: entered promiscuous mode
[  138.781931][ T6199] debugfs: 'hsr0' already exists in 'hsr'
[  138.807601][ T6199] Cannot create hsr debugfs directory
[  139.158419][ T5872] Bluetooth: hci5: command tx timeout
[  140.421842][  T981] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  140.498314][ T6107] bridge_slave_1: left allmulticast mode
[  140.548355][ T6107] bridge_slave_1: left promiscuous mode
[  140.569763][ T6107] bridge0: port 2(bridge_slave_1) entered disabled state
[  141.290017][ T6107] bridge_slave_0: left allmulticast mode
[  141.323244][ T6107] bridge_slave_0: left promiscuous mode
[  141.366929][ T6107] bridge0: port 1(bridge_slave_0) entered disabled state
[  141.385125][  T981] snd-usb-audio 5-1:15.192: probe with driver snd-usb-audio failed with error -2
[  141.408249][  T981] usb 5-1: USB disconnect, device number 2
[  141.511623][ T5884] udevd[5884]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:15.192/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  141.554583][ T6292] ==================================================================
[  141.562710][ T6292] BUG: KASAN: slab-out-of-bounds in change_page_attr_set_clr+0x625/0xfc0
[  141.571191][ T6292] Read of size 8 at addr ffff88805b639408 by task syz.0.82/6292
[  141.578850][ T6292] 
[  141.581231][ T6292] CPU: 1 UID: 0 PID: 6292 Comm: syz.0.82 Not tainted syzkaller #0 PREEMPT(full) 
[  141.581262][ T6292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  141.581285][ T6292] Call Trace:
[  141.581295][ T6292]  <TASK>
[  141.581306][ T6292]  dump_stack_lvl+0x189/0x250
[  141.581339][ T6292]  ? __kasan_check_byte+0x12/0x40
[  141.581376][ T6292]  ? __pfx_dump_stack_lvl+0x10/0x10
[  141.581405][ T6292]  ? lock_release+0x4b/0x3e0
[  141.581441][ T6292]  ? __virt_addr_valid+0x4a5/0x5c0
[  141.581470][ T6292]  print_report+0xca/0x240
[  141.581492][ T6292]  ? change_page_attr_set_clr+0x625/0xfc0
[  141.581525][ T6292]  kasan_report+0x118/0x150
[  141.581560][ T6292]  ? change_page_attr_set_clr+0x625/0xfc0
[  141.581605][ T6292]  change_page_attr_set_clr+0x625/0xfc0
[  141.581643][ T6292]  ? __pfx_change_page_attr_set_clr+0x10/0x10
[  141.581676][ T6292]  ? __pfx_pagerange_is_ram_callback+0x10/0x10
[  141.581705][ T6292]  ? memtype_reserve+0x874/0xb30
[  141.581741][ T6292]  _set_pages_array+0x145/0x270
[  141.581779][ T6292]  drm_gem_shmem_get_pages_locked+0x2d0/0x440
[  141.581811][ T6292]  ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10
[  141.581846][ T6292]  drm_gem_shmem_pin_locked+0x22c/0x460
[  141.581877][ T6292]  ? __pfx_drm_gem_shmem_pin_locked+0x10/0x10
[  141.581908][ T6292]  ? ww_mutex_lock+0x3f/0x1c0
[  141.581936][ T6292]  drm_gem_map_attach+0x19c/0x1f0
[  141.581966][ T6292]  dma_buf_dynamic_attach+0x1ea/0x3d0
[  141.582002][ T6292]  ? __fget_files+0x3a0/0x420
[  141.582036][ T6292]  ? __pfx_drm_gem_shmem_prime_import_no_map+0x10/0x10
[  141.582068][ T6292]  drm_gem_shmem_prime_import_no_map+0xc1/0x2f0
[  141.582099][ T6292]  ? drm_gem_prime_fd_to_handle+0x185/0x4d0
[  141.582129][ T6292]  ? __pfx_drm_gem_shmem_prime_import_no_map+0x10/0x10
[  141.582160][ T6292]  drm_gem_prime_fd_to_handle+0x196/0x4d0
[  141.582192][ T6292]  drm_ioctl_kernel+0x2cc/0x390
[  141.582216][ T6292]  ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10
[  141.582245][ T6292]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  141.582274][ T6292]  drm_ioctl+0x67f/0xb10
[  141.582299][ T6292]  ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10
[  141.582332][ T6292]  ? __pfx_drm_ioctl+0x10/0x10
[  141.582361][ T6292]  ? __fget_files+0x3a0/0x420
[  141.582392][ T6292]  ? __fget_files+0x2a/0x420
[  141.582425][ T6292]  ? bpf_lsm_file_ioctl+0x9/0x20
[  141.582452][ T6292]  ? __pfx_drm_ioctl+0x10/0x10
[  141.582473][ T6292]  __se_sys_ioctl+0xf9/0x170
[  141.582499][ T6292]  do_syscall_64+0xfa/0xfa0
[  141.582521][ T6292]  ? lockdep_hardirqs_on+0x9c/0x150
[  141.582543][ T6292]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.582572][ T6292]  ? clear_bhb_loop+0x60/0xb0
[  141.582598][ T6292]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.582620][ T6292] RIP: 0033:0x7f70e2b8ebe9
[  141.582647][ T6292] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  141.582667][ T6292] RSP: 002b:00007f70e3a52038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  141.582692][ T6292] RAX: ffffffffffffffda RBX: 00007f70e2dc5fa0 RCX: 00007f70e2b8ebe9
[  141.582709][ T6292] RDX: 0000200000000300 RSI: 00000000c00c642e RDI: 0000000000000006
[  141.582724][ T6292] RBP: 00007f70e2c11e19 R08: 0000000000000000 R09: 0000000000000000
[  141.582739][ T6292] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  141.582752][ T6292] R13: 00007f70e2dc6038 R14: 00007f70e2dc5fa0 R15: 00007ffcc883e668
[  141.582779][ T6292]  </TASK>
[  141.582788][ T6292] 
[  141.916860][ T6292] Allocated by task 6292:
[  141.921729][ T6292]  kasan_save_track+0x3e/0x80
[  141.926459][ T6292]  __kasan_kmalloc+0x93/0xb0
[  141.931067][ T6292]  __kvmalloc_node_noprof+0x5cd/0x910
[  141.936456][ T6292]  drm_gem_get_pages+0x166/0xa20
[  141.941758][ T6292]  drm_gem_shmem_get_pages_locked+0x201/0x440
[  141.947842][ T6292]  drm_gem_shmem_pin_locked+0x22c/0x460
[  141.953408][ T6292]  drm_gem_map_attach+0x19c/0x1f0
[  141.958466][ T6292]  dma_buf_dynamic_attach+0x1ea/0x3d0
[  141.964180][ T6292]  drm_gem_shmem_prime_import_no_map+0xc1/0x2f0
[  141.970547][ T6292]  drm_gem_prime_fd_to_handle+0x196/0x4d0
[  141.976299][ T6292]  drm_ioctl_kernel+0x2cc/0x390
[  141.981360][ T6292]  drm_ioctl+0x67f/0xb10
[  141.985705][ T6292]  __se_sys_ioctl+0xf9/0x170
[  141.990304][ T6292]  do_syscall_64+0xfa/0xfa0
[  141.994835][ T6292]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.000751][ T6292] 
[  142.003079][ T6292] The buggy address belongs to the object at ffff88805b639000
[  142.003079][ T6292]  which belongs to the cache kmalloc-2k of size 2048
[  142.017350][ T6292] The buggy address is located 0 bytes to the right of
[  142.017350][ T6292]  allocated 1032-byte region [ffff88805b639000, ffff88805b639408)
[  142.032650][ T6292] 
[  142.034991][ T6292] The buggy address belongs to the physical page:
[  142.041421][ T6292] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5b638
[  142.050213][ T6292] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  142.058721][ T6292] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  142.066720][ T6292] page_type: f5(slab)
[  142.070713][ T6292] raw: 00fff00000000040 ffff88801a842000 0000000000000000 dead000000000001
[  142.079919][ T6292] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[  142.088520][ T6292] head: 00fff00000000040 ffff88801a842000 0000000000000000 dead000000000001
[  142.097229][ T6292] head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[  142.106003][ T6292] head: 00fff00000000003 ffffea00016d8e01 00000000ffffffff 00000000ffffffff
[  142.114691][ T6292] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  142.123377][ T6292] page dumped because: kasan: bad access detected
[  142.129856][ T6292] page_owner tracks the page as allocated
[  142.135592][ T6292] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5863, tgid 5863 (syz-executor), ts 99931915046, free_ts 31790394799
[  142.157246][ T6292]  post_alloc_hook+0x240/0x2a0
[  142.162045][ T6292]  get_page_from_freelist+0x21e4/0x22c0
[  142.167613][ T6292]  __alloc_frozen_pages_noprof+0x181/0x370
[  142.173447][ T6292]  alloc_pages_mpol+0x232/0x4a0
[  142.178410][ T6292]  allocate_slab+0x8a/0x330
[  142.182937][ T6292]  ___slab_alloc+0xbd1/0x13f0
[  142.187937][ T6292]  __slab_alloc+0x55/0xa0
[  142.192383][ T6292]  __kmalloc_node_track_caller_noprof+0x5c7/0x800
[  142.198843][ T6292]  kmalloc_reserve+0x136/0x290
[  142.203637][ T6292]  pskb_expand_head+0x18e/0x1150
[  142.208589][ T6292]  netlink_trim+0x1d5/0x2e0
[  142.213116][ T6292]  netlink_broadcast_filtered+0xd6/0x1000
[  142.218856][ T6292]  nlmsg_notify+0xf0/0x1a0
[  142.223453][ T6292]  rtnetlink_event+0x224/0x270
[  142.228433][ T6292]  notifier_call_chain+0x1b3/0x3e0
[  142.233678][ T6292]  netif_set_mac_address+0x37c/0x4c0
[  142.239071][ T6292] page last free pid 1 tgid 1 stack trace:
[  142.244903][ T6292]  __free_frozen_pages+0xbc4/0xd30
[  142.250033][ T6292]  free_contig_range+0x1bd/0x4a0
[  142.254983][ T6292]  destroy_args+0x69/0x660
[  142.259606][ T6292]  debug_vm_pgtable+0x39f/0x3b0
[  142.264463][ T6292]  do_one_initcall+0x233/0x820
[  142.269243][ T6292]  do_initcall_level+0x104/0x190
[  142.274196][ T6292]  do_initcalls+0x59/0xa0
[  142.278554][ T6292]  kernel_init_freeable+0x334/0x4b0
[  142.283771][ T6292]  kernel_init+0x1d/0x1d0
[  142.288117][ T6292]  ret_from_fork+0x47c/0x820
[  142.292812][ T6292]  ret_from_fork_asm+0x1a/0x30
[  142.297591][ T6292] 
[  142.299925][ T6292] Memory state around the buggy address:
[  142.305556][ T6292]  ffff88805b639300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  142.313620][ T6292]  ffff88805b639380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  142.321692][ T6292] >ffff88805b639400: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  142.330190][ T6292]                       ^
[  142.334528][ T6292]  ffff88805b639480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  142.342594][ T6292]  ffff88805b639500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  142.350830][ T6292] ==================================================================
[  142.418504][ T6292] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  142.425774][ T6292] CPU: 0 UID: 0 PID: 6292 Comm: syz.0.82 Not tainted syzkaller #0 PREEMPT(full) 
[  142.435093][ T6292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  142.445183][ T6292] Call Trace:
[  142.448678][ T6292]  <TASK>
[  142.451729][ T6292]  dump_stack_lvl+0x99/0x250
[  142.456367][ T6292]  ? __asan_memcpy+0x40/0x70
[  142.461100][ T6292]  ? __pfx_dump_stack_lvl+0x10/0x10
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  142.466350][ T6292]  ? __pfx__printk+0x10/0x10
[  142.471012][ T6292]  vpanic+0x237/0x6d0
[  142.475035][ T6292]  ? __pfx_vpanic+0x10/0x10
[  142.479673][ T6292]  ? preempt_schedule+0xae/0xc0
[  142.484661][ T6292]  ? __pfx_preempt_schedule+0x10/0x10
[  142.490256][ T6292]  panic+0xb9/0xc0
[  142.494017][ T6292]  ? __pfx_panic+0x10/0x10
[  142.498475][ T6292]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  142.504603][ T6292]  ? change_page_attr_set_clr+0x625/0xfc0
[  142.510377][ T6292]  check_panic_on_warn+0x89/0xb0
[  142.515368][ T6292]  ? change_page_attr_set_clr+0x625/0xfc0
[  142.521136][ T6292]  end_report+0x78/0x160
[  142.525412][ T6292]  kasan_report+0x129/0x150
[  142.529945][ T6292]  ? change_page_attr_set_clr+0x625/0xfc0
[  142.535690][ T6292]  change_page_attr_set_clr+0x625/0xfc0
[  142.541370][ T6292]  ? __pfx_change_page_attr_set_clr+0x10/0x10
[  142.547631][ T6292]  ? __pfx_pagerange_is_ram_callback+0x10/0x10
[  142.553801][ T6292]  ? memtype_reserve+0x874/0xb30
[  142.558772][ T6292]  _set_pages_array+0x145/0x270
[  142.563645][ T6292]  drm_gem_shmem_get_pages_locked+0x2d0/0x440
[  142.569734][ T6292]  ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10
[  142.576344][ T6292]  drm_gem_shmem_pin_locked+0x22c/0x460
[  142.581912][ T6292]  ? __pfx_drm_gem_shmem_pin_locked+0x10/0x10
[  142.588010][ T6292]  ? ww_mutex_lock+0x3f/0x1c0
[  142.592714][ T6292]  drm_gem_map_attach+0x19c/0x1f0
[  142.597762][ T6292]  dma_buf_dynamic_attach+0x1ea/0x3d0
[  142.603161][ T6292]  ? __fget_files+0x3a0/0x420
[  142.607951][ T6292]  ? __pfx_drm_gem_shmem_prime_import_no_map+0x10/0x10
[  142.614827][ T6292]  drm_gem_shmem_prime_import_no_map+0xc1/0x2f0
[  142.621176][ T6292]  ? drm_gem_prime_fd_to_handle+0x185/0x4d0
[  142.627101][ T6292]  ? __pfx_drm_gem_shmem_prime_import_no_map+0x10/0x10
[  142.633964][ T6292]  drm_gem_prime_fd_to_handle+0x196/0x4d0
[  142.639701][ T6292]  drm_ioctl_kernel+0x2cc/0x390
[  142.644563][ T6292]  ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10
[  142.651000][ T6292]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  142.656384][ T6292]  drm_ioctl+0x67f/0xb10
[  142.660724][ T6292]  ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10
[  142.667155][ T6292]  ? __pfx_drm_ioctl+0x10/0x10
[  142.671935][ T6292]  ? __fget_files+0x3a0/0x420
[  142.676631][ T6292]  ? __fget_files+0x2a/0x420
[  142.681258][ T6292]  ? bpf_lsm_file_ioctl+0x9/0x20
[  142.686213][ T6292]  ? __pfx_drm_ioctl+0x10/0x10
[  142.691001][ T6292]  __se_sys_ioctl+0xf9/0x170
[  142.695639][ T6292]  do_syscall_64+0xfa/0xfa0
[  142.700286][ T6292]  ? lockdep_hardirqs_on+0x9c/0x150
[  142.705502][ T6292]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.711578][ T6292]  ? clear_bhb_loop+0x60/0xb0
[  142.716339][ T6292]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.722332][ T6292] RIP: 0033:0x7f70e2b8ebe9
[  142.726769][ T6292] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  142.746483][ T6292] RSP: 002b:00007f70e3a52038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  142.754919][ T6292] RAX: ffffffffffffffda RBX: 00007f70e2dc5fa0 RCX: 00007f70e2b8ebe9
[  142.762903][ T6292] RDX: 0000200000000300 RSI: 00000000c00c642e RDI: 0000000000000006
[  142.770891][ T6292] RBP: 00007f70e2c11e19 R08: 0000000000000000 R09: 0000000000000000
[  142.778868][ T6292] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  142.786856][ T6292] R13: 00007f70e2dc6038 R14: 00007f70e2dc5fa0 R15: 00007ffcc883e668
[  142.794856][ T6292]  </TASK>
[  142.798043][ T6292] Kernel Offset: disabled
[  142.802375][ T6292] Rebooting in 86400 seconds..