last executing test programs:

2m32.416633196s ago: executing program 0 (id=77):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r0, &(0x7f0000000300)={{0x6, @rose, 0x1}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]}, 0x48)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
bind$netrom(r1, 0x0, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$packet(0x11, 0x3, 0x300)
openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$pppl2tp(0x18, 0x1, 0x1)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0xfffffffffffffffc, 0x3, 0xfffffffffffffffd}, 0x0, 0x0, 0x0, 0x0)

2m30.991143346s ago: executing program 0 (id=84):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
r1 = getpid()
prlimit64(r1, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r5 = socket$phonet_pipe(0x23, 0x5, 0x2)
close(r5)

2m28.657618617s ago: executing program 0 (id=95):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x204c00, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$can_raw(0x1d, 0x3, 0x1)
bind$can_raw(r2, &(0x7f0000000000), 0x10)
setsockopt$CAN_RAW_FILTER(r2, 0x65, 0x1, &(0x7f00000000c0), 0xf00)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x100820, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x90, 0x0, 0x101, {0x6, 0x3, 0x8, 0x8, 0x81, 0x0, {0x1, 0xfffffffffffffffd, 0x80000000000, 0x80000000004, 0x400000000001, 0x6, 0x3, 0xfffffffd, 0x1, 0xc000, 0x4000000, 0x0, 0x0, 0x0, 0x5}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0xc73})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$inet(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)='u', 0x1}], 0x1}, 0x4040001)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x40000)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r5, 0xc058534f, &(0x7f0000000300)={{0x7f, 0x3}, 0x0, 0x3ff, 0x7, {0x9e}, 0xd, 0x401})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @payload={{0xc}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_OFFSET={0x8, 0x3, 0x1, 0x0, 0xae}, @NFTA_PAYLOAD_BASE={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x7c}}, 0x40)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r8 = fsopen(&(0x7f0000000300)='tmpfs\x00', 0x0)
splice(r8, 0x0, r7, 0x0, 0x8, 0x8)
recvmsg$unix(r3, &(0x7f00000038c0)={&(0x7f0000000280)=@abs, 0x6e, &(0x7f0000000140)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9}, 0x40010163)
r9 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2000000002)
r10 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x56a, 0x331, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x80, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x4f8}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0x4}}}}}]}}]}}, 0x0)
syz_usb_connect(0x0, 0x0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0xf8, &(0x7f0000000180)={0x5, 0xf, 0xf8, 0x5, [@generic={0x3f, 0x10, 0xb, "eedc571fea64e6abe4121012a67f842ebdcbf639b4515e11d28fead2fec3d7233511f98e3281badfa5fe76caa5d29d4363647a5585ac057e51b50ece"}, @ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0x7, "a7b9895ae3e2c90154d3107ac3f5add5"}, @wireless={0xb, 0x10, 0x1, 0x8, 0x0, 0xfe, 0x80, 0x401, 0x8}, @generic={0x92, 0x10, 0x4, "bc19731245444e4668797b99ac1500fd2b92647a263b7e468b90666b262fba372f602dbb594db9af22e29a905d385e0cfba441159de731482de50802cef4bc06f3ec6e1d47ab00f63b0b87df3b7674bda129338545ddfcd4feaf45abaf87ccb86b7a191beb1475062515ecd0cb3aea56310dbe31995d99609d78cab05464759e3a53ae6291640a4036d8792c0c0be2"}]}})
syz_usb_control_io(r10, 0x0, 0x0)
syz_usb_control_io$hid(r10, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0)
ioctl$KVM_SET_CPUID2(r9, 0x4008ae90, &(0x7f0000000000)=ANY=[@ANYBLOB="02000000000000000d000000010700000000000000000000c3ec0000038000000000000000000000000000000000000001"])

2m25.970549121s ago: executing program 0 (id=108):
r0 = syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x800700, &(0x7f0000000680)={[{@minixdf}, {@stripe={'stripe', 0x3d, 0x3}}, {@norecovery}, {@noinit_itable}, {@max_batch_time={'max_batch_time', 0x3d, 0x6}}, {@minixdf}, {@usrjquota}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@errors_continue}, {@dioread_lock}, {@noblock_validity}, {@noquota}]}, 0x3, 0x465, &(0x7f0000000f00)="$eJzs3M9vFFUcAPDvzLYgP1sRf4CoVWJs/NHSgsrBi0YTDxhN9IDH2hZCWKihNRFCpBqDFxND1LPxaOJf4M2LUU8mXvVuSIhyAT3VzOwM7C67pYXtLnQ/n2SX92Ze+963b97Mm3m7BNC3RrK3JGJrRPwREUO1bGOBkdo/Vy+fnf738tnpJJaW3v47yctduXx2uixa/tyWIjOaRqSfJkUljeZPnzk+Va3Oniry4wsn3h+fP33muWMnpo7OHp09OXnw4IH9Ey++MPn8Mq3fuOI4s7iu7P5obs+u19+98Mb04Qvv/fJ91t6txf76ODplJAv8n6Vc3eYvs7cnO11Zj22rSycDPWwIq1KJiKy7BvPxPxSVuN55Q/HaJz1tHLCmsmvTMlfRxSVgHUtihcViZQWBu0V5oc/uf8tXl6Yed4RLL9dugLK4rxav2p6BSIsyg033t500EhGHF//7JnvFGj2HAACo9/n014fi2VbzvzQeqCu3vVhDGY6IeyNiR0TcFxE7I+L+iLzsgxHxUNuaNrTc2rw0dOP8J714y8GtQDb/e6lY22qc/5Wzv8pwpchty+MfTI4cq87uK/4mozG4MctPLFPHj6/+/kW7ffXzv+yV1V/OBYt2XBxoekA3M7UwlU9KO+DSxxG7B1rFn1xbCchu/XdFxO7V/ertZeLY09/taVfo5vEvowPrTEvfRjxV6//FaIq/lCy/Pjl+T1Rn942XR8WNfv3t/Fvt6r+t+Dsg6//Njcd/c5HhpH69dn71dZz/87O29zS3evxvSN7J+6U8q3w4tbBwaiJiQ3Iozzdsn7z+s2W+LJ/FP7q39fjfUUtsyt4ejojsIH4kIh6NiMeKtj8eEU9ExN5l4v/5lfb77oT+n2l5/rt2/Df1/+oTleM//dCu/pX1/4E8NVpsyc9/N7HSBt7O3w4AAADuFmn+GfgkHbuWTtOxsdpn+HfG5rQ6N7/wzJG5D07O1D4rPxyDafmka6jueehEslj8xlp+snhWXO7fXzw3/qqyKc+PTc9VZ3ocO/S7LW3Gf+avSq9bB6y5Vutoky3Xaxu+yAasA83jP23Mnnuzm40Busr3taF/3WT8p91qB9B9rv/Qv1qN/3NNeWsBsD65/kP/Mv6hfxn/0L+Mf+hLt/O9/n5OZKfMO6AZ1aGiH7tfe6S9jl1iLRKt/58mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAu9X/AQAA//9l+OT1")
chdir(&(0x7f0000000400)='./file0\x00')
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, 0x0, &(0x7f0000000300)='syzkaller\x00'}, 0x94)
syz_open_dev$vbi(0x0, 0x3, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeec, 0x13, r1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r5, 0x29, 0x3b, &(0x7f00000002c0)=ANY=[], 0x8)
bind$inet6(r5, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r5, &(0x7f0000001c00)=[{{0x0, 0x0, 0x0}, 0xbac00000}], 0x1, 0x2b, 0x0)
setsockopt$inet6_int(r5, 0x29, 0x5, &(0x7f0000000040)=0x7, 0x4)
setsockopt$inet6_int(r5, 0x29, 0x4, &(0x7f0000000000)=0x1, 0x4)
sendto$inet6(r5, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x50, &(0x7f0000000100), 0x48)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r6, &(0x7f0000000100)={0x4, 0x8, 0xfa00, {0xffffffffffffffff, 0x4}}, 0x10)
r7 = creat(&(0x7f0000000140)='./bus\x00', 0x80)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000180)='./bus\x00', 0x0, 0x63d014, 0x0)
r8 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r8, 0x0)
syz_mount_image$squashfs(&(0x7f00000000c0), &(0x7f00000001c0)='./file1\x00', 0x8000, &(0x7f0000001380)=ANY=[@ANYRES64=r8, @ANYBLOB="322d6825fe8cf7050cedffff3c57c86c0b18fa14eb854c5c2e26da314f1cae655aa13f05abe701b22a5d7801c560ffcaa7a9dd43edce1570072b0ef862679690e41a47e87f451affc318d2e01fa6e062186de79664ac21bb4786923b19c25c8a11b176a7a3ef1425b6d5e0c9ef15bd14e3c9d30fb24d50b512afb6ab04794571f1b53ae1a1d0f87c76239c9f6700ed8f08cbdb137cad2901209b2c77c46608d398435233cdf13d5d7a7f68304cc8956bda78a62e3872bcee78cfeee8c6051bbe2470c9646cfe9343a022b0618ce422f210c254b51f86f9f3290a0ff8bd1ba812836252179d3656536b3a23ac27bb810f78ecba4a277ad5540a767bb07151ed892973dfd0eb7ba7f8f7ec0821927a58787096a95b010ebc1df715150bfa78e63eed7e8eb33f0ea0277fb3eb31c9cd233c14ab7fc9c7957dfbb865082a", @ANYRES64, @ANYBLOB="a92fe8de136908e852768595aa546296821087e5b1bbc32156ada61f7c8a700880fe17c721514fd66f6d073702603f43f39d10ed62b784f0ea603a459b42f61a2174a30374bec0296612104179832730d5741398231d9ffd1e9995a06bb5ada99b9f2d4a71c580fe19a6dea2485a8ef6042e0d96839465522c03ac9b1e3e4be07bd09a1568add843860228063e6e4a59adc27ad98e26260605e1df1bd5e5dcc1735af362ce57237d4455a267daeea0b2368f8c69ed577f4849d608dcd60b0dabe1d6dada51feb6b1751dfa136da4ab1a73a25bcfba9ba846676558290f27b2a256c2257003da000000", @ANYRES16=r7, @ANYRESHEX, @ANYRES16=0x0, @ANYRES64=r0, @ANYRESHEX, @ANYRES32=r8, @ANYRESOCT, @ANYRESOCT], 0x10, 0x1da, &(0x7f0000000440)="$eJzslb1uE0EQx39zXscOICW0tEQkDdg+Gl4AkQfgAbCcI0Rc+MhZAlspDpo0FIiXiMRTUCBBT4EQEk0oQIIilJFQ0O7OHpvEBR+OINL9JWv+85+d2Q/vzd4q7hct4Pvu5oB5HIQzvBfBAIvitb0Zb7+p3Vd8Mt7vqf5c7Ue1xWj85omn49v9PM82itEEQj8f+FHkIjBpjJK5I8rEin9OXj8+qAiHyfTm+jsybOiRHQk9PaC0Jo3RXP75LqZHGoe3k4Q79XnaczWvHvd2oFLkF7LePfNb/V/+i2MiyW9lFWj7Kq49SvjqnLe7mwNLbmgXs9qK/4VPwo2xzstozDkDJUiD/aqOcd0SFoHOcP1epxiNL66t91ez1exOmlJ2X53WG5h1OzfX8qwr0TLc9TRUsN/pbBRvAh9+xksiSLQ0i1Mgca7tv6E5L52PEmchiXLjGr7ui6pGSzV7FNe5QBt4UNpwquoCtprBbW0Z4ewczumZaJ2wR0LbBS4N7uYrWwgS0rYxVY3eDk3rSAlZqo6LXL7SDkvcUrugdlntttodteHtCm+ScQf4Rb2lEmZ42B8ON9zj5VmlpZWWzlcHn+is4TWUsJIWNWrUqFGjRo0aJwQ/AgAA//+/e0w4")

2m25.008660386s ago: executing program 0 (id=115):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x1, 0x7fe2, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$KDSKBLED(0xffffffffffffffff, 0x4b65, 0x796)
r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
write$UHID_CREATE2(r1, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x8031, r1, 0x1000)
r2 = syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042)
r3 = dup(r2)
write$FUSE_ENTRY(r3, 0x0, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)

2m23.580468706s ago: executing program 0 (id=119):
socket$netlink(0x10, 0x3, 0x0)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="140100003900010000000000ffdbdf25020100800c000200060000000000000014000100fc01000000000000000000000000000050bb2d6f67def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99c079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c"], 0x114}], 0x1}, 0x8000)

2m22.481290335s ago: executing program 32 (id=119):
socket$netlink(0x10, 0x3, 0x0)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="140100003900010000000000ffdbdf25020100800c000200060000000000000014000100fc01000000000000000000000000000050bb2d6f67def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99c079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c"], 0x114}], 0x1}, 0x8000)

2m9.008162092s ago: executing program 1 (id=160):
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x3, 0xb, &(0x7f0000000040)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x9b}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bind$rds(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_SEC_LEVEL(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x14, r6, 0x1, 0x70bd2b, 0x0, {0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x20004074}, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
write$binfmt_script(r7, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r7, 0x0)
preadv(r7, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r8 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r7, 0x6, 0xd, &(0x7f0000000280)='yeah', 0x4)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0)

2m8.144715117s ago: executing program 1 (id=164):
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffe99)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = fsopen(0x0, 0x1)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))

2m6.952938914s ago: executing program 1 (id=167):
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f00000005c0)='./file1\x00', 0x1018ed8, &(0x7f0000000180)={[{@sysvgroups}, {@noload}, {@nobh}, {@noload}, {@journal_dev={'journal_dev', 0x3d, 0x4}}, {@norecovery}, {@errors_continue}, {@quota}]}, 0x1, 0x644, &(0x7f00000006c0)="$eJzs3c9rHG0dAPDvzCZ5kzS+6SsiNigGPLQgTZNarHqxrQd7KFiwBxEPDU1SQ7c/SFKwtdAEPCgoiHgt0ov/gHfp3ZsI6s2zUEUqFrR0ZWZnm81mN7ttsrtJ5vOBzT7zzLN5nm9mn8wzM/vsBFBas9mPNOJUxNubScR007qpqK+cLcq9+teTW9kjiVrtu/9MIinyGuWT4vlEsTAeEX+8EvHpyu561x89vrNYrdU9jTi3cffBufVHj8+u3l28vXx7+d7C+a9duDj/9YULC00N/XAniuer177z+V/85IdfXflT9WwSl+LG6I+XoiWOgzIbs/G2CLE5fyQiLmaJNn+Xo+YYhFBqleL9OBoRn43pqORLddOx+vOhNg7oq1olora3pFsB4KjSvaGsGuOAxrF9b8fBN/o8Khmcl5frB0C74x8pTjmM58dGk6+SpiOj+rmNkwdQf1bHmyfjz948mXkWO85DvH63dUYOoJ5ONrci4nPt4k/ytp3MI83iT3cc6ycRMR8RY0X7vrWPNiRN6X6ch9lLj/FXsvibt0MaEZeK5yz/ygfW33paa9DxA1BOLy4XO/LNbGl7/5eNPRrjn9ge/zxtvG5q/5dkcsPe/3Ue/zX29+P5uCdtGYdlY5br7X/laGvG33529Ved6q+P/2aeNR5Z/Y2x4CC83IqYaYn/p1mwxfgniz9pM/7Nity81Fsd3/7zP652Wjfs+GvPI063Pf7ZHpVmqT2uT55bWa0uz9d/tq3j93/4wW871d8+/o/6EGl72faf7BB/0/ZPW1+X/U0etP+VW60Zv7v+/G6n+qe6bv/072NJ/XhzrMj50dbGxtpCxFhyrShS5C9ubKyd3zveepnXtfx5oR7/mS+17/873v8tUU00/mX24MH37rzqtO5D3v9NF5Pf1npsQydZ/Evdt/+u/p/l/bLHOv7z/Ydf6LSuffzJvmICAAAAAACAskrza7BJOvcunaZzc/X5sp+JybR6f33jyyv3H95bijiTfx5yNI00yT8yMl1fTlZWq8sLxedhG8vnW5a/EhGfRMSvKxP58tyt+9WlYQcPAAAAAAAAAAAAAAAAAAAAh8SJYv5/4z7V/67U5/8DJdH9BnO77v8AHBP9vMEkcLjl/X+vXfzHg2sLMFj2/1Be+j+Ul/4P5aX/Q3np/1Be+j+Ul/4P5aX/AwAAAMCx9MkXX/w1iYjNb0zkj8xYsc6kXzjeRt+rdKVv7QAGT4+G8np36d9gH0qnp/H/f4svB+x/c4AhSNpl5oOD2t6d/0XbV27b2n/bAAAAAAAAAAAAAIC606c6z/9/v7nBwFFj2h+U1z7m//vqADjifPU/lJdjfKDLLP4Y77Si2/x/AAAAAAAAAAAAAODATOWPJJ0r5gJPRZrOzUV8KiJOxmiyslpdno+IjyPiL5XRj7LlhWE3GgAAAAAAAAAAAAAAAAAAAI6Z9UeP7yxWq8trzYn/7co53onGXVC7F671UGbPxDfjPV8VyeD/LBMRMfSN0rfESFNOErGZbflD0bC19TgczcgTQ/7HBAAAAAAAAAAAAAAAAAAAJdQ097i9md8MuEUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMHjb9//vkliarL+gp8I7E8OOEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4mv4fAAD//6AzO/k=")
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
quotactl$Q_SETQUOTA(0xffffffff80000800, &(0x7f0000002540)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000140)={0x0, 0x2, 0x7fffffff, 0x7ec, 0x8002000010300, 0x2000000000002, 0x3, 0x0, 0x10d3})

2m5.06346218s ago: executing program 1 (id=172):
r0 = syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x800700, &(0x7f0000000680)={[{@minixdf}, {@stripe={'stripe', 0x3d, 0x3}}, {@norecovery}, {@noinit_itable}, {@max_batch_time={'max_batch_time', 0x3d, 0x6}}, {@minixdf}, {@usrjquota}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@errors_continue}, {@dioread_lock}, {@noblock_validity}, {@noquota}]}, 0x3, 0x465, &(0x7f0000000f00)="$eJzs3M9vFFUcAPDvzLYgP1sRf4CoVWJs/NHSgsrBi0YTDxhN9IDH2hZCWKihNRFCpBqDFxND1LPxaOJf4M2LUU8mXvVuSIhyAT3VzOwM7C67pYXtLnQ/n2SX92Ze+963b97Mm3m7BNC3RrK3JGJrRPwREUO1bGOBkdo/Vy+fnf738tnpJJaW3v47yctduXx2uixa/tyWIjOaRqSfJkUljeZPnzk+Va3Oniry4wsn3h+fP33muWMnpo7OHp09OXnw4IH9Ey++MPn8Mq3fuOI4s7iu7P5obs+u19+98Mb04Qvv/fJ91t6txf76ODplJAv8n6Vc3eYvs7cnO11Zj22rSycDPWwIq1KJiKy7BvPxPxSVuN55Q/HaJz1tHLCmsmvTMlfRxSVgHUtihcViZQWBu0V5oc/uf8tXl6Yed4RLL9dugLK4rxav2p6BSIsyg033t500EhGHF//7JnvFGj2HAACo9/n014fi2VbzvzQeqCu3vVhDGY6IeyNiR0TcFxE7I+L+iLzsgxHxUNuaNrTc2rw0dOP8J714y8GtQDb/e6lY22qc/5Wzv8pwpchty+MfTI4cq87uK/4mozG4MctPLFPHj6/+/kW7ffXzv+yV1V/OBYt2XBxoekA3M7UwlU9KO+DSxxG7B1rFn1xbCchu/XdFxO7V/ertZeLY09/taVfo5vEvowPrTEvfRjxV6//FaIq/lCy/Pjl+T1Rn942XR8WNfv3t/Fvt6r+t+Dsg6//Njcd/c5HhpH69dn71dZz/87O29zS3evxvSN7J+6U8q3w4tbBwaiJiQ3Iozzdsn7z+s2W+LJ/FP7q39fjfUUtsyt4ejojsIH4kIh6NiMeKtj8eEU9ExN5l4v/5lfb77oT+n2l5/rt2/Df1/+oTleM//dCu/pX1/4E8NVpsyc9/N7HSBt7O3w4AAADuFmn+GfgkHbuWTtOxsdpn+HfG5rQ6N7/wzJG5D07O1D4rPxyDafmka6jueehEslj8xlp+snhWXO7fXzw3/qqyKc+PTc9VZ3ocO/S7LW3Gf+avSq9bB6y5Vutoky3Xaxu+yAasA83jP23Mnnuzm40Busr3taF/3WT8p91qB9B9rv/Qv1qN/3NNeWsBsD65/kP/Mv6hfxn/0L+Mf+hLt/O9/n5OZKfMO6AZ1aGiH7tfe6S9jl1iLRKt/58mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAu9X/AQAA//9l+OT1")
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="6c07a9d47564656661756c7420757365723a"], 0x2a, 0x0)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
r1 = socket$netlink(0x10, 0x3, 0xf)
bind$netlink(r1, &(0x7f0000000a40)={0x10, 0x0, 0x25dfdbfb, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r1, 0x10e, 0x5, &(0x7f00000000c0)=0x535e, 0x4)
syz_mount_image$vfat(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x1008081, &(0x7f00000002c0)=ANY=[], 0xfd, 0x2f5, &(0x7f0000000a40)="$eJzs3M9rE1sUwPGTNG3TlDZZPB68J9KLbnQztHGvBGlBDCi1EX+AMG0mGjImIRMqEbERF279NwxddlfQ+gd0486VG3HTjeCmoHUkmamd1kk7KaZpyPcD5Z7MvaczN3cmnARmtu68flzIWVpOr0pUlIRF6rIjkmhGXiEJOc2I8zrqNHW5OP7t41klIql0enZeqbnUwqWkUmpy6u2TZ6vnNqrjt9cm10dlM/Fg62vy8+a/m/9t/Vx4lLdU3lLFUlXparH0qaovmobK5q2CptRN09AtQ+WLllFx+ktVd7dSLteUXsxOxMoVw7KUXqypglFT1ZKqjonIQz1fVJqmqYmYDI7tqVZTFtu2O8nLNObn9dQxd7p0zDz8dRuH9lYquxfP+wNnR6bRvWMCAACnlbf+D0fd+n97f/0fEqf2D3vrf1dd6s36/9bde9cD1P/rI23q/1Lb+v+Ktz9nlg6p/ys1pQ9m/R9I9M9NmcbQ8et/9InKmEhjVfau6Bf3V6dbAfU/AAAAAAAAAAAAAAAAAAAAAAD9YNu247Ztx5ttWJy4+Tfq3jCy+7rXx4nu8K6/s9aR5qqz/gPCc+NeVMR8tZxZzjit05/KSV5MMWRa4vKjdT64nHjuWno2pFoS8s5ccfNXljND+/NnJC4J//wZJ1/tzx+WmDc/KXH5xz8/6Zs/IhfOe/I1icuHJSmJKdnWeb2X/3xGqas30gfyxyTrc8ccAAAAAAD9SFO/+X5/17R2/U5+kN8Hpn2/n0fk/0hv5w4AAAAAwKCwak8LumkalSODN27GkYO/uAMD/2f/4GXgwcMBZxHq+DBCHbw/JxuE3De583T355mV0zCLvggizZPesyXWdvDkkLsqgXcx6j6Vubllxz4w5vLame9dn6Dd7jo98Y8iAAAAAF22V/T3+kgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABhcJ/EEtV7PEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgtfgUAAP//WEUfcw==")
chdir(&(0x7f0000000400)='./file0\x00')
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{0x1, <r2=>0xffffffffffffffff}, &(0x7f0000000200), &(0x7f0000000280)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1f, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="18120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70300200000850000000c000000b700000000000000182400000300"/46], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x15, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
creat(&(0x7f0000000140)='./bus\x00', 0x80)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000180)='./bus\x00', 0x0, 0x63d014, 0x0)
r3 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r3, 0x0)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
getsockopt(r4, 0x400000000000003a, 0x1, 0x0, 0x0)
syz_mount_image$squashfs(&(0x7f00000000c0), &(0x7f00000001c0)='./file2\x00', 0x8000, &(0x7f0000000780)=ANY=[@ANYRESOCT, @ANYBLOB="322d6825fe8cf7050cedffff3c57c86c0b18fa14eb854c5c2e26da314f1cae655aa13f05abe701b22a5d7801c560ffcaa7a9dd43edce1570072b0ef862679690e41a47e87f451affc318d2e01fa6e062186de79664ac21bb4786923b19c25c8a11b176a7a3ef1425b6d5e0c9ef15bd14e3c9d30fb24d50b512afb6ab04794571f1b53ae1a1d0f87c76239c9f6700ed8f08cbdb137cad2901209b2c77c46608d398435233cdf13d5d7a7f68304cc8956bda78a62e3872bcee78cfeee8c6051bbe2470c9646cfe9343a022b0618ce422f210c275b35df1507d54b51f86f9f3290a0ff8bd1ba812836252179d3656536b3a23ac27bb810f78ecba4a277ad5540a767bb07151ed892973dfd0eb7ba7f8f7ec0821927a58787096a95b010ebc1df715150bfa78e63eed7e8eb33f0ea0277fb3eb31c9cd233c14ab7fc9c7957dfbb865082a", @ANYRES64, @ANYBLOB="a92fe8de136908e852768595aa546296821087e5b1bbc32156ada61f7c8a700880fe17c721514fd66f6d073702603f43f39d10ed62b784f0ea603a459b42f61a2174a30374bec0296612104179832730d5741398231d9ffd1e9995a06bb5ada99b9f2d4a71c580fe19a6dea2485a8ef6042e0d96839465522c03ac9b1e3e4be07bd09a1568add843860228063e6e4a59adc27ad98e26260605e1df1bd5e5dcc1735af362ce57237d4455a267daeea0b2368f8c69ed577f4849d608dcd60b0dabe1d6dada51feb6b1751dfa136da4ab1a73a25bcfba9ba846676558290f27b2a256c2257003da000000", @ANYRES64=r1, @ANYRESHEX, @ANYRES16=0x0, @ANYRES64=r0, @ANYRESHEX=r4, @ANYRES32=r3, @ANYRESOCT, @ANYRESOCT], 0x10, 0x1da, &(0x7f0000000440)="$eJzslb1uE0EQx39zXscOICW0tEQkDdg+Gl4AkQfgAbCcI0Rc+MhZAlspDpo0FIiXiMRTUCBBT4EQEk0oQIIilJFQ0O7OHpvEBR+OINL9JWv+85+d2Q/vzd4q7hct4Pvu5oB5HIQzvBfBAIvitb0Zb7+p3Vd8Mt7vqf5c7Ue1xWj85omn49v9PM82itEEQj8f+FHkIjBpjJK5I8rEin9OXj8+qAiHyfTm+jsybOiRHQk9PaC0Jo3RXP75LqZHGoe3k4Q79XnaczWvHvd2oFLkF7LePfNb/V/+i2MiyW9lFWj7Kq49SvjqnLe7mwNLbmgXs9qK/4VPwo2xzstozDkDJUiD/aqOcd0SFoHOcP1epxiNL66t91ez1exOmlJ2X53WG5h1OzfX8qwr0TLc9TRUsN/pbBRvAh9+xksiSLQ0i1Mgca7tv6E5L52PEmchiXLjGr7ui6pGSzV7FNe5QBt4UNpwquoCtprBbW0Z4ewczumZaJ2wR0LbBS4N7uYrWwgS0rYxVY3eDk3rSAlZqo6LXL7SDkvcUrugdlntttodteHtCm+ScQf4Rb2lEmZ42B8ON9zj5VmlpZWWzlcHn+is4TWUsJIWNWrUqFGjRo0aJwQ/AgAA//+/e0w4")
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
setsockopt$ARPT_SO_SET_REPLACE(r5, 0x0, 0x60, &(0x7f0000001040)={'filter\x00', 0x10, 0x4, 0x418, 0x220, 0x220, 0x220, 0x330, 0x330, 0x330, 0x8000000, 0x0, {[{{@uncond, 0xc0, 0xe0}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@remote, @empty, @multicast2, @multicast2, 0x1, 0xffffffff}}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@dev={'\xaa\xaa\xaa\xaa\xaa', 0x3a}, @mac=@remote, @rand_addr=0x64010102, @local, 0x4, 0x1}}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@dev={'\xaa\xaa\xaa\xaa\xaa', 0x1a}, @empty, @loopback, @empty, 0x1, 0x1}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x468)
mmap$xdp(&(0x7f000044f000/0x2000)=nil, 0x2000, 0x9, 0x10, r3, 0x180000000)
unlink(&(0x7f0000000180)='./file1\x00')

2m3.832386802s ago: executing program 1 (id=178):
mknod(&(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x8000, 0x0)
chmod(&(0x7f0000000040)='.\x00', 0x35e)
setuid(0xee01)
unlink(&(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
mkdir(&(0x7f0000000300)='./file2/file0\x00', 0xc2)
r0 = socket$inet6_dccp(0xa, 0x6, 0x0)
r1 = socket(0xa, 0x1, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f00000001c0)={0x3, {{0xa, 0x4e24, 0x2, @mcast1, 0xff7ffffd}}, {{0xa, 0x4e08, 0x4a3, @local, 0x4f1}}}, 0x108) (async)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f00000001c0)={0x3, {{0xa, 0x4e24, 0x2, @mcast1, 0xff7ffffd}}, {{0xa, 0x4e08, 0x4a3, @local, 0x4f1}}}, 0x108)
setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000001a00)=ANY=[@ANYBLOB="03000000000000000a004e2300000010ff010000000000000000000000000001f8ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b0000000a004e2000000008fe8000000000000000000000000000aa05000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000010000000c0000000000000000000000000000000104000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ad94e2100000073fe8000000000000000000000000000aa09000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e210000000800000000000000000000000000000001"], 0x610)
socket(0xa, 0x1, 0x0) (async)
r2 = socket(0xa, 0x1, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000340)={0x3, {{0xa, 0x4e24, 0x2, @private1, 0x88f}}, {{0xa, 0x5, 0x4a3, @private0, 0x1}}}, 0x108) (async)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000340)={0x3, {{0xa, 0x4e24, 0x2, @private1, 0x88f}}, {{0xa, 0x5, 0x4a3, @private0, 0x1}}}, 0x108)
setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000c00)=ANY=[@ANYBLOB="03000000000000000a004e2300000009ff010000000000000000000000000001"], 0x90)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r3, 0xffffffffffffffff, 0x0)
setsockopt$inet6_dccp_buf(r0, 0x21, 0xc0, &(0x7f0000000000)="8f062d572200e3a68ed6cab203bd0390e1e6add89277cd4459576c324b026e03cc9d92af8d414e6240", 0x29)
userfaultfd(0x80801) (async)
r4 = userfaultfd(0x80801)
unshare(0x4020400)
madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x15)
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./file1\x00', 0x101880a, &(0x7f0000000400)=ANY=[], 0x1, 0x5519, &(0x7f000000cf00)="$eJzs3M1rI2UYAPAn6Xa/XYt48LYDi9DCJjb9WPRWdRc/sEtZ9eBJ0yQN2U0ypUnT2pMHj+LB/0QUPHn0b/Dg2Zt4ULwJSmamutUVFpo27vb3g8kz75s3zzxvWBaemZIAzqy55LdfSnEtLkXETERcjcjOS8WRWcvDCxFxPSLKDx2lYv6vifMRcTkiro2T5zlLxVtf3BzdWP357V+//f7CuStffvPD9HYNTNuLEdHbzs/3enlM23m8X8zXR50s9lZGRczf6D0oxmke91qbWYa9+uG6ehaX2/n6dHt3MI5b3XpjHNudrWx+u59fcDBqH+bJPnC/vpONm63NLHYGaRbbB3ld+wf5/20Hg2Gep1nk+zhLH8PhYcznW/utfD/bD7LY6A+L+Txv2mztj+OoiMXlopF2m1kdm8f5pv/f3un0d/eTUWtn0En7yWq19nK1dqtS20mbrWFrpVLvNW+tJPPt7nhZZdiq99baadrutqqNtLeQzLcbjUqtlszfbm126v2kVqsuVxcrqwvF2c3kjbvvJ91mMj+Or3X6u8NOd5BspTtJ/omFZKm6/MpCcqOWvLu+kWzcu3NnfeO9D29/cPfV9bdeLxb9q6xkfmlxaalSW6ws1RbO0P4/LYqe4P7hWErTLgDgyaP/B6bh5Pr/nXsRJ9//h/5/Io7V/5Yfs/8dX0j//6j9770UMdX9w7Ho/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzqwfZ796MzuZy8dXivlniqnninEpIsoR8ccjzMT5Izlnijyz/7F+9h81fFeKLMP4GheK43JErBXH78+e9LcAAAAAT6+vP7n+ed6t5y9z0y6I05TftClf/WhC+UoRMTv304Sylccvz08oWfbv+1zsTyhbdgPr4oSS5bfczk0q22OZORIuPhRKeSifajkAAMCpONoJnG4XAgAAwGn6bNoFMB2lOHyUefgsOPvL+78fCF46MgIAAACeQKVpFwAAAACcuKz/9/t/AAAA8HTLf/8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5k5/5y04YBOAA7gQz2T0PT3neVvcExdoQ97nHiALsEB+gDvUIvwBnoW49QkYrYTUPVqpVwErX6PikYB/PDRvBgWzIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0Kfraru6/Pfz/4sN6+SZlw/1ebIPDAAAAGjtq+2qebKI9c/p/td063uqFyGEsrMM0DUJH04yJymnemh/0W1fPerDVQhNwvEzZun6FEL4la7bb31/CwAAAPB+7dabZZytx4fF2B1iSHHRpvzyO1NeEUKoFjeZ0spj3o9MYc3vexr+ZkprFrDmmcLikts0V9qrNH/3dtVu3imKWJRPvq3tZLaxAwAAA5qcFMPOQgAAABjSn7E7wDiKcL+V2W4FzmKRtvc+ntQAAACAN6gYuwMAAABA75r5/0Dn/9XO/wMAAIBxxPP/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6NO+2q52683y3JxDfZ48owEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgjv15R4EQCIMw2Lu+M5n7H1YaNDU1qQLh428MBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB487u//J+YGmeSudfG0vNIsnZqbJ0ae+fG0R/G168BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu9uclBUIgCKJgzvjfSd//sJKgZxAhAhoeVdSiAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL7od7/8n5gaZ5K508bS8UiydtXYumrsPWgcPRhv/wYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudu6nNY4yDAD4MzM7W9sqxig5RETBg15suq2tvYkHJXjwIwgh3dbYrX/aILYUMRdvknMvokcRQYm3foeeW+il3nrYQwXPyszOZKdtwNXGmdX8fvDO++wwmfd5ZwjkmXeyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQG781jbNiszCJ02rfrfvX1ov+9kN94cb2neWiFXHSZtL/DS80PyRLEXG0u2QAAAA4GLK6vo+Iu/nOatGnC2X9n9fHFDX/t09N4qqe/6wuWR+u/+vav2i//Hzvud2BFibjFCc9tzEaHn80ld6/Ncd59/RfHtErr3z57CUrb0j67taz47y8nsnXN2++3S/DQ21kCwD8E8fqvgrqv4eKftBlYgAcGL1G4V3X/9lCtzkBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtGG8FUfrOImI5d40Lty+f219r/7G9p3lup2+fn07vpyeszhFHhHnNkbD463OZr5dvnL1wtpoNLzUfvBiRHQ1+pvV9C+8P8PBEZ1cH8E+BWl1s+cln5aC+lf8MX8cAAD2R161oq6/m++sFvuSxYg/vnuw/n+lEceM9f+9D07fao7VrP8Hrc1w/q1sXvxk5fKVq69tXFw7Pzw//Oj1E4M3BifPnDp1ZqV8VrLiiQkAAACPp1+1Zv2fLj66/n+kEceM9f+n3wy+aI6Vqf/3NF306zoTAACAg+2Zl37/Ldljf9Lvx+drm5uXBpPt7ucTk20Hqf5th6rWrP+zxa6zAgAAANow3koeWP8/24hjxvX/J79//sfmObOIOFyt/x9b/3h0tr3pzLU2/hu56zkCAADQrcNVa67/5+X7/+nuKw9pRLz68iSuvgZwpvo/e+erH5pjNd//P9neFOdSujS5HmW/FNFb6jojAAAA/s+eqFpR7P+a76x++NOR9/re/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo258BAAD//zLTP+Q=")
r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x441, 0x104)
ioctl$F2FS_IOC_SEC_TRIM_FILE(r5, 0x800c6613, 0x0)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_CONTINUE(r4, 0xc020aa07, &(0x7f0000000100)={{&(0x7f00001a1000/0x3000)=nil, 0x3000}}) (async)
ioctl$UFFDIO_CONTINUE(r4, 0xc020aa07, &(0x7f0000000100)={{&(0x7f00001a1000/0x3000)=nil, 0x3000}})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000100)='./file1\x00', 0x800000, &(0x7f0000000000)=ANY=[@ANYBLOB="73686f72746e616d653d6d697865646c696f636861727365743d63703737352c6e6f6e756d7461696c3d302c73686f72746e616d653d77696e39352c636f6465706167653d3836352c756e695f00fe6174653d312c616c6c6f775f7574696d65bd30303030303030303030273030303030303137373737372c756e695f786c6174653d302c756e695f786c6174652d312c757466383d302c756e695f786c6174653d302c757466383d302c00"], 0x25, 0x34c, &(0x7f0000001740)="$eJzs3T9oJGUUAPC3mU12EziTQji0Wu0EOS4RC21MOE44TKEni/8aFy7nn+wqZHEhFtlLo1gqNoJWdldoebVYiNhZ2HqCnIqN1x3c4cjuTHY3mcn9EbOn3u9XhJf3fW++byZDdhKSt6+uxua52Th/9eqVqNcrUV09tRrXKrEUM5FE5kIAAP8n19I0/kgzw8RTN5v90ULMZtHcVHYHAByF4ev/a8fGidrd3A0AMA2Fn//LPVuaffvItgUAHKHC6//D+4YP/Jq/OvqbAADgv+v5l15+Zm094myjUY/ovN9r9prx5Hh87Xy8Ee3YiJOxGDcisgeF7Glh8PHpM+unTzYGflmK5qCi14zo9HvN7ElhLRnW12I5FmMpr09H9cmgfnlY34iIC/3h+tGp9JqzsZCv/+NCbMRKLMb9hfqIM+unVxr5AZqdvfp+xG7U905isP8TsRjfzww/OReD2uxYg8zOcqNxKl3fV9+7WBvOAwAAAAAAAAAAAAAAAAAAAACAo3BiPvLuOY2lUf+btNPvvXc2n9Aojg/7+2TDeX+g3aw/UFrb687zQXKwP9D+/jy9ZjVm7uqZAwAAAAAAAAAAAAAAAAAAwL9Hd3suWu32xlZ3+93NcTDX7k9k3vr2i6/n4+CcN5NxJqrZ4fbNyXMxUZXEqDwdlafJvjl5kETkkyvRunhptOPJObXRWRTKB0GtMFTJ99Rqt4899POnZVV/jjNJjIbqpUtU8vUnhjr3Zamy/dw8qHS3V24x53KapoeV73xSrIp6RLXwhfsngm+uvP7AY93jj3cr1c3WV3nTh0ceXXzh8sef/7bZakd+adrtua3ujfRvr5VM3D+V/DpXSu6E8mB3nNnd6m63kh9+f/HBD787MDkpv3/Sycw7h6/15cHMXBYMtnk7ZzpbcvOXB69cH929d34xj3+22rq089OvexfzVlUT3yQ06gAAAAAAAAAAAAAAAAAAgKmY+F/xO/DEc0e3IwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYvvH7/08Eu4XM7QTX+1Ecqm1sdQ9dfH6qpwoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwD3srwAAAP//JT9zjQ==") (async)
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000100)='./file1\x00', 0x800000, &(0x7f0000000000)=ANY=[@ANYBLOB="73686f72746e616d653d6d697865646c696f636861727365743d63703737352c6e6f6e756d7461696c3d302c73686f72746e616d653d77696e39352c636f6465706167653d3836352c756e695f00fe6174653d312c616c6c6f775f7574696d65bd30303030303030303030273030303030303137373737372c756e695f786c6174653d302c756e695f786c6174652d312c757466383d302c756e695f786c6174653d302c757466383d302c00"], 0x25, 0x34c, &(0x7f0000001740)="$eJzs3T9oJGUUAPC3mU12EziTQji0Wu0EOS4RC21MOE44TKEni/8aFy7nn+wqZHEhFtlLo1gqNoJWdldoebVYiNhZ2HqCnIqN1x3c4cjuTHY3mcn9EbOn3u9XhJf3fW++byZDdhKSt6+uxua52Th/9eqVqNcrUV09tRrXKrEUM5FE5kIAAP8n19I0/kgzw8RTN5v90ULMZtHcVHYHAByF4ev/a8fGidrd3A0AMA2Fn//LPVuaffvItgUAHKHC6//D+4YP/Jq/OvqbAADgv+v5l15+Zm094myjUY/ovN9r9prx5Hh87Xy8Ee3YiJOxGDcisgeF7Glh8PHpM+unTzYGflmK5qCi14zo9HvN7ElhLRnW12I5FmMpr09H9cmgfnlY34iIC/3h+tGp9JqzsZCv/+NCbMRKLMb9hfqIM+unVxr5AZqdvfp+xG7U905isP8TsRjfzww/OReD2uxYg8zOcqNxKl3fV9+7WBvOAwAAAAAAAAAAAAAAAAAAAACAo3BiPvLuOY2lUf+btNPvvXc2n9Aojg/7+2TDeX+g3aw/UFrb687zQXKwP9D+/jy9ZjVm7uqZAwAAAAAAAAAAAAAAAAAAwL9Hd3suWu32xlZ3+93NcTDX7k9k3vr2i6/n4+CcN5NxJqrZ4fbNyXMxUZXEqDwdlafJvjl5kETkkyvRunhptOPJObXRWRTKB0GtMFTJ99Rqt4899POnZVV/jjNJjIbqpUtU8vUnhjr3Zamy/dw8qHS3V24x53KapoeV73xSrIp6RLXwhfsngm+uvP7AY93jj3cr1c3WV3nTh0ceXXzh8sef/7bZakd+adrtua3ujfRvr5VM3D+V/DpXSu6E8mB3nNnd6m63kh9+f/HBD787MDkpv3/Sycw7h6/15cHMXBYMtnk7ZzpbcvOXB69cH929d34xj3+22rq089OvexfzVlUT3yQ06gAAAAAAAAAAAAAAAAAAgKmY+F/xO/DEc0e3IwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYvvH7/08Eu4XM7QTX+1Ecqm1sdQ9dfH6qpwoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwD3srwAAAP//JT9zjQ==")
openat$dir(0xffffffffffffff9c, &(0x7f0000000680)='.\x00', 0x0, 0xc6) (async)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000680)='.\x00', 0x0, 0xc6)
getdents64(r6, &(0x7f0000004040)=""/4112, 0x1010) (async)
getdents64(r6, &(0x7f0000004040)=""/4112, 0x1010)
openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)

2m2.43250521s ago: executing program 1 (id=183):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000200)=ANY=[@ANYBLOB="200000006a0001002abd3000fddbdf25b285548a72f6000000000800010101c74cd9c2c5000084bbc994c90cced1d827eca4de8a31db86e55de40db18c5351a47de469989ca3420000000000000000"], 0x20}, 0x1, 0x0, 0x0, 0x4010}, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r3, 0x4068aea3, &(0x7f0000000000)={0x79})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
ioctl$KVM_SET_MP_STATE(r4, 0x4004ae99, &(0x7f0000000100)=0x4)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, 0x0}], 0x1, 0x60, 0x0, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r4, 0x4008ae93, &(0x7f00000001c0)=0x1fff)
mmap(&(0x7f0000fea000/0x3000)=nil, 0x3000, 0x100000d, 0x102000200032, r4, 0x87f64000)
ioctl$KVM_SET_LAPIC(r4, 0x4400ae8f, &(0x7f0000000740)={"808653769f50df58624295cc7aeae1914d55ba337e30f9a12499193c721e5882fd645f9bb2e2cf88f1c084f6a82522cec7592c4114e068ac3f651dc519c1dc1e763bb8e987153e52c192c5e8652809b057e483fa3281dc50559a0867e1a66e314026cfe30b84c3a1d0bf3db7a748162421014d3fcac3c4cb7e6a22e3938e05c03693bd4a88b47311dd93bede2a46065704f63fd88dacc60ec3004705fe45c8dd154025e7ba8e0e8ebd0e9036ccf370829c44b18e0b759644657724838f714cdffc3937dbf27e0b34eb6d21a0a453b8f9b469e8a61de2c33888e5413a5f884be17c8d210994dedefd3ed29099fb61c4e943a7f2d2af4a47e64d63af12b3b054007d645d4b3e55b34cb894bd58b1d21a45bf9418a78b60c7b5341b9107bf4b0d37fe622a36cd305f2fa2f566786d636838eaf8658e432510170ce247ecc5102e890fb9a6faf4671421b1173995c262bfe6d45c5a0eda06109f0f049a6a1114764b85e7339ffbb22e84b623a686dd5287f23bc09007ba19f515e0b7e649ab8a6474859328a09a561f5ebcd6f9e8f38b7d12d0df01bf147852ed5b090e7baa56720d9ba22f71704704c322650e05a5a9f3351793adbb4f746992f879d990598344ead42b812e9599a20d51bad7ff93bf6104330897a7a34c10f95f60b934b2a864f6936cac5b5a73b628adadebea5ae5906e18c8927eab35e53fa6f016984e376e223363376dbc510810807b69e13e2946f6f8835a97efc8e6d8f78446203eae0bcd3e7f63c88499dc0829c3df2b9900225c7f3074c1fcab2170d8d45e18679d10cdc394ae214960c1655b5f61fcb55dcabe240eab6d7f55d879ed12288be37c89406c28d2f95eb95e72e2a4d11554f2a5c3a03f1bb1d0f554531ecf5f19a435d484569a5c42ea89a1e7d664ad8f6ece582bcdb2d53c8002035fc4d99c12aacfaaf34e88c989d553ca138020f273a4b407c9f11f9c61f34d985a5e2acdf0ab14db335be776b84013153951363180d96fa765eb226b4bf25a652077749e6a8e987f9898f152205b175eee8c1e3fe47ab8ff68edd3453a0721817a29f4b3ea3022c3a5af3daf4d0cb9c4a34e3627e38bbeba0a67e5f142e252956d87a4fff8528b09432f2f5f4c15fbfdd2451925ea73f7a8bf37262580ab47d265ed6bfe3fb3e4e19feaa13a089fdba86043686d59792b865375b5665d6b91470ec80b7115ac095e4822815aeac232a1900daa6bd95efec249d485cf5e5a266e938d74ab9060622aa426cb76e9e22f24f6498448cc7c0c6ebf7dbc289f68faa0aeca1d51739f9d5868e573adc9a49523b476fe6f5e746ab57e50a996a38fe5f3d9181a8a03881aff8cb124bf981421d24e7d04b0aa43330616f4ebee30d23629f6f1387fdc0b3de32df913c205a211b921f7715c91f60bab4f7799b16798ae04baf89b9ae93becc59b"})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
msync(&(0x7f0000952000/0x4000)=nil, 0x4000, 0x0)
r5 = syz_open_dev$loop(&(0x7f0000000080), 0x9, 0x80080)
ioctl$BLKBSZSET(r5, 0x40081271, 0x0)
r6 = dup(r0)
ioctl$TIOCL_SETSEL(r6, 0x541c, &(0x7f0000001900)={0x2, {0x2, 0x300, 0x23, 0x501}})

2m2.010462731s ago: executing program 33 (id=183):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000200)=ANY=[@ANYBLOB="200000006a0001002abd3000fddbdf25b285548a72f6000000000800010101c74cd9c2c5000084bbc994c90cced1d827eca4de8a31db86e55de40db18c5351a47de469989ca3420000000000000000"], 0x20}, 0x1, 0x0, 0x0, 0x4010}, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r3, 0x4068aea3, &(0x7f0000000000)={0x79})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
ioctl$KVM_SET_MP_STATE(r4, 0x4004ae99, &(0x7f0000000100)=0x4)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, 0x0}], 0x1, 0x60, 0x0, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r4, 0x4008ae93, &(0x7f00000001c0)=0x1fff)
mmap(&(0x7f0000fea000/0x3000)=nil, 0x3000, 0x100000d, 0x102000200032, r4, 0x87f64000)
ioctl$KVM_SET_LAPIC(r4, 0x4400ae8f, &(0x7f0000000740)={"808653769f50df58624295cc7aeae1914d55ba337e30f9a12499193c721e5882fd645f9bb2e2cf88f1c084f6a82522cec7592c4114e068ac3f651dc519c1dc1e763bb8e987153e52c192c5e8652809b057e483fa3281dc50559a0867e1a66e314026cfe30b84c3a1d0bf3db7a748162421014d3fcac3c4cb7e6a22e3938e05c03693bd4a88b47311dd93bede2a46065704f63fd88dacc60ec3004705fe45c8dd154025e7ba8e0e8ebd0e9036ccf370829c44b18e0b759644657724838f714cdffc3937dbf27e0b34eb6d21a0a453b8f9b469e8a61de2c33888e5413a5f884be17c8d210994dedefd3ed29099fb61c4e943a7f2d2af4a47e64d63af12b3b054007d645d4b3e55b34cb894bd58b1d21a45bf9418a78b60c7b5341b9107bf4b0d37fe622a36cd305f2fa2f566786d636838eaf8658e432510170ce247ecc5102e890fb9a6faf4671421b1173995c262bfe6d45c5a0eda06109f0f049a6a1114764b85e7339ffbb22e84b623a686dd5287f23bc09007ba19f515e0b7e649ab8a6474859328a09a561f5ebcd6f9e8f38b7d12d0df01bf147852ed5b090e7baa56720d9ba22f71704704c322650e05a5a9f3351793adbb4f746992f879d990598344ead42b812e9599a20d51bad7ff93bf6104330897a7a34c10f95f60b934b2a864f6936cac5b5a73b628adadebea5ae5906e18c8927eab35e53fa6f016984e376e223363376dbc510810807b69e13e2946f6f8835a97efc8e6d8f78446203eae0bcd3e7f63c88499dc0829c3df2b9900225c7f3074c1fcab2170d8d45e18679d10cdc394ae214960c1655b5f61fcb55dcabe240eab6d7f55d879ed12288be37c89406c28d2f95eb95e72e2a4d11554f2a5c3a03f1bb1d0f554531ecf5f19a435d484569a5c42ea89a1e7d664ad8f6ece582bcdb2d53c8002035fc4d99c12aacfaaf34e88c989d553ca138020f273a4b407c9f11f9c61f34d985a5e2acdf0ab14db335be776b84013153951363180d96fa765eb226b4bf25a652077749e6a8e987f9898f152205b175eee8c1e3fe47ab8ff68edd3453a0721817a29f4b3ea3022c3a5af3daf4d0cb9c4a34e3627e38bbeba0a67e5f142e252956d87a4fff8528b09432f2f5f4c15fbfdd2451925ea73f7a8bf37262580ab47d265ed6bfe3fb3e4e19feaa13a089fdba86043686d59792b865375b5665d6b91470ec80b7115ac095e4822815aeac232a1900daa6bd95efec249d485cf5e5a266e938d74ab9060622aa426cb76e9e22f24f6498448cc7c0c6ebf7dbc289f68faa0aeca1d51739f9d5868e573adc9a49523b476fe6f5e746ab57e50a996a38fe5f3d9181a8a03881aff8cb124bf981421d24e7d04b0aa43330616f4ebee30d23629f6f1387fdc0b3de32df913c205a211b921f7715c91f60bab4f7799b16798ae04baf89b9ae93becc59b"})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
msync(&(0x7f0000952000/0x4000)=nil, 0x4000, 0x0)
r5 = syz_open_dev$loop(&(0x7f0000000080), 0x9, 0x80080)
ioctl$BLKBSZSET(r5, 0x40081271, 0x0)
r6 = dup(r0)
ioctl$TIOCL_SETSEL(r6, 0x541c, &(0x7f0000001900)={0x2, {0x2, 0x300, 0x23, 0x501}})

6.715171928s ago: executing program 4 (id=587):
r0 = syz_open_dev$cec(&(0x7f00000001c0), 0x0, 0x400300)
ioctl$CEC_RECEIVE(r0, 0xc0386106, &(0x7f0000000240)={0x9, 0x35d1b51a, 0x1, 0x9, 0xfffffffb, 0xf4ec, "7073e7274d638d3259d028b6ac84f8dd", 0x9, 0xc, 0x7, 0x7, 0x40, 0x8, 0x60})
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f1ea3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b2213fdc2881e1a6ec9d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232f0485a2ca9f37fc9c3d2688efcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdcdeb2af1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f925f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5c49209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378ad8f6afb0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3826ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3577], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10)
syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x2002)
r2 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x0, 0xb}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0, 0x2}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x800}, @TCA_FLOWER_KEY_IP_PROTO={0x5, 0x9, 0x11}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x24008040}, 0x24000000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e0000000800000000001800038014000380100001"], 0x44}}, 0x0)

6.49665322s ago: executing program 4 (id=590):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x100, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff3, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0xff, 0x7, 0x6361, 0x0, 0xfffffffd, 0x40000006}, [@TCA_NETEM_JITTER64={0xc, 0xb, 0x7}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x2000c040}, 0x0)
r8 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56f41, 0x1070b923, 0x80000, {0x0, 0x0, 0x0, r7, {0x0, 0xfff3}, {0x8, 0xb}, {0xd, 0xf}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x4008004)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

6.310433848s ago: executing program 6 (id=591):
r0 = socket$inet6(0xa, 0x2, 0x0)
syz_open_dev$dri(&(0x7f0000000080), 0x6, 0x69c483)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000200)={@initdev={0xfe, 0x88, '\x00', 0xfc, 0x0}, 0x800, 0x0, 0x3, 0x1, 0x0, 0x4}, 0x20)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00'}, 0x18)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket(0x10, 0x3, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$inet6_int(r0, 0x29, 0x13, &(0x7f0000000180)=0x9, 0x4)

6.29508263s ago: executing program 2 (id=592):
r0 = socket$nl_route(0x10, 0x3, 0x0)
set_mempolicy(0x1, &(0x7f00000000c0)=0xa, 0x4)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfec9}, &(0x7f0000000240)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0xc, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x842a}})
io_uring_enter(r2, 0xdb4, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4044080)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/mem_sleep', 0x100, 0xa4)
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0x18, 0x30, 0xffff, 0x70bd2b, 0x0, {}, [{0x4}]}, 0x18}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000580)=@newlink={0x38, 0x10, 0xc3b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10, 0x21800}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ip6gre={{0xb}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0)

6.029019556s ago: executing program 4 (id=594):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x1, 0x7fe2, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$KDSKBLED(0xffffffffffffffff, 0x4b65, 0x796)
r1 = syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042)
dup(r1)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f00000003c0)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r2, @ANYBLOB="05", @ANYRES16=r2, @ANYRES64=r2], 0x0)

5.952452243s ago: executing program 2 (id=595):
r0 = socket$inet6(0xa, 0x2, 0x0)
syz_open_dev$dri(&(0x7f0000000080), 0x6, 0x69c483)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000200)={@initdev={0xfe, 0x88, '\x00', 0xfc, 0x0}, 0x800, 0x0, 0x3, 0x1, 0x0, 0x4}, 0x20)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket(0x10, 0x3, 0x0)
write(r5, &(0x7f0000000140)="fc0000001a000708ab092504090007000aab0700a90100001d60369321000100fe800000000000000000000000039815fa2c1ec28656aaa79bb94b46fe000000bc00030026000000140000270400117c22ebc205214000000000008934d07302ade01720d7d5bbc91a3e3280772c05defd5a32e280fc83ab82f605f70c9ddef2fe082038f4f8b29d3ef3d92c83170e5bba4a46d284a710af333ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dd16b17e583df150c3b880f411f46a6b567b4d5715587e658a1ad0a4f01731d05b0350b0041f0d48a99c03f080548deac270e33429fd3000175e63fb8d38a87", 0x148)

5.590387709s ago: executing program 3 (id=596):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = socket$phonet_pipe(0x23, 0x5, 0x2)
close(r4)

5.112456026s ago: executing program 6 (id=598):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000580)=@bpf_lsm={0x4, 0x7, &(0x7f0000000040)=@framed={{}, [@jmp={0x5, 0x0, 0x0, 0x0, 0x0, 0x2}, @call, @call, @jmp={0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}]}, &(0x7f00000003c0)='GPL\x00', 0x5, 0xff9, &(0x7f0000000a80)=""/4089}, 0x78)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0xffffffffffffffff, 0x4000000}, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
mmap(&(0x7f00005e8000/0x1000)=nil, 0x1000, 0x2000003, 0x28011, r0, 0xffff8000)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000580)=ANY=[@ANYBLOB="e80100000001050500000000000000000a0000003c0002802c00018014000300ff01000000000000000000000000000114000400ff0200000000000000000000000000010c00028005000100000000003c0001800c00028005000100000000002c00018014000300ff020d40f799000000000000000000011400040020010000000000000000000000000001080007400000000010000d800c000380060002004e210000080007400000000da800068004000380080002006401010124000380060001004e230000060001004e230000060001004e210000060002004e24000008000200e000000234000380060002004e230000060002004e2400fa050001"], 0x1e8}, 0x1, 0x0, 0x0, 0x48091}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000006c0f00000a"], 0x48)
r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='fdinfo/3\x00')
open(&(0x7f0000000100)='.\x00', 0x0, 0x0)
r7 = socket$inet6(0xa, 0x80002, 0x88)
setsockopt$SO_BINDTODEVICE(r7, 0x1, 0x19, 0x0, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2)
syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/devices.allow\x00', 0x2, 0xc8)
open_by_handle_at(r8, &(0x7f0000000040)=@ceph_nfs_confh={0x10, 0x2, {0xca, 0xffffffffffffffff}}, 0x1c7041)
read$qrtrtun(r6, &(0x7f00000004c0)=""/57, 0x39)
r9 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_BT_SNDMTU(r9, 0x112, 0xc, &(0x7f0000000080)=0x5, 0x2)
syz_mount_image$nilfs2(&(0x7f0000000a40), &(0x7f0000000a80)='./file0\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00a717cf64394a00dc299b573660f498c4d99aac48af10923f703f53e58070c2bf4575228d0e471df7101ac03b8d48a1b0fc276e395f25b63e9a27cd2ab98888989eec154d97b4dbcf"], 0x1, 0xa09, &(0x7f0000001540)="$eJzs3UuMHEfdAPDq2Z31M5/H+WyyOCaxCSThkd14vZiHBXEUX7DiiFukiIvlOMHCMQhHgkQ52D5xI1FkrjzEKZcIEBK5ICsnLpGIJS45BQ4csIwUiQME7EW7WzU7+/eMemZt73h2fj+ptqa6aqaqZ3t6erq7qhIwthpLf+fnp6uULr3z5tG/P/y3LYtLnmiXaC39nexINVNKVU5Phtf7cGI5vv7Raye7xVWaW/pb0umZa+3nbkspnU/70uXUSnsuXXnjvbmnj184dnH/+28dvnpn1h4AAMbLty4fnt/9lz/dv/Pjtx84kja1l5fj81ZOb8/H/UfygX85/m+k1emqI3SaCuUmc2iEchNdynXW0wzlJnvUPxVet9mj3Kaa+ic6lnVbbxhlZTtupaoxsyrdaMzMLP8mT0u/66eqmbOnz7xwbkgNBW67fz6YUtonCMI4hoUdw94DASyL1wtvcj6eWbg17Veb7K/+a082uj8fboP13v7VP1r1/+qCPQ63z0bdmsp6lc/R9pyO1xHi/UuDfv7L68XrEc0+29nrOsKoXF/o1c6JdW7HWvVqf9wuNqqv57i8D98I+Z2fn/g/HZX/MdDdv5z/F4SxDQvD3gEBd61439xCVvLjfX0xf1NN/uaa/C01+Vtr8rfV5MM4++3LP0mvVyu/8+Nv+kHPh5XzbPfk+P8GbE88Hzlo/fG+30Hdav3xfmK4m/3+xLOnvvL8c1eW7/+v2tv/jby978vpVv5sXc4FyvnCeF69fe9/a3U9jR7l7g3tuadL+aXHu1aXq3atvE7q2M/c1I7p1c/b0avc3tXlWqHclhw2h/bG45Ot4Xnl+KPsV8v7NRnWtxnWYyq0o+xXduY4tgPWomyPve7/L9vndGpWL5w+c+rxnC7b6R8nmpsWlx9Y53YDt67f/j/TaXX/n+3t5c1G535hx8ryqnO/0ArL53osP5jT5XvuOxNblpbPnPzemedv98rDmDv3yqvfPXHmzKkfeOCBBx60Hwx7zwTcabMvv/T92XOvvPrY6ZdOvHjqxVNnDx46dHBu7tBXD87PLh3Xz3Ye3QMbycqX/rBbAgAAAAAAAAAAAPTrh8eOXvnzu1/+YLn//0r/v9L/v9z5W/r//zj0/4/95Es/+NIPcGeX/KUyYYDVqVCumcP/h/buCvXsDs/7RI7b8/jl/v+lujiua2nPfWF5HL+3lAvDCdw0XspUGIMkzhf46RxfzPEvEwxRtaX74hzXjW9dtvUyPoVxKUZT+b+VraGMY1L6f/ca16ns/3euQxu5/dajO+Gw1xHo7h/G/xaEsQ0LC2bxAO4Ow57/s5z3LPHZP3xz82Ioxa49uXp/GccvhVtxt88/qf6NNf9ne/67vvd/Yca81trq/ffPrn7QUW3a02/9cf3LONC7Bqv/41x/WZtHUn/1L/wi1B8vCPXpP6H+rX3Wf9P6711b/f/N9Ze37dGH+q1/ucVVY3U74nnjcv0vnjcurof1L2N7Drz+a5yo8UauH8bZqMwzO6hRmf+3l3gfxpdyuuwIy30Ocb6TQdtf7q8o3wO7w+tXNd9v5v8dbV/Lcd3nocz/W7bHVpd0oyPd7PLebtR9DYyqD13/E4SxDQsLC3f2hFaNoVbO0N//Yf9OGHb9w37/68T5f+MxfJz/N+bH+X9jfpz/N+bH+fVifpz/N76fcf7fmH9feN04P/B0Tf4na/L31OTfX5O/tyb/UzX5+2vyH6jJf7Am/96a/Idq8j9Tk//ZmvyHa/Ifrcn/XE3+Rlf6o4zr+sM4i/3zfP5hfJTrP70+/7tq8oHR9dO3Dzz13G++3Vru/z/VPh9SruMdyelm/u38o5yO171TR3ox792c/mvIv9vPd8A4ieNnxO/3R2rygdFV7vPy+YYxVHUfsaffcat6HeczWj6f4y/k+Is5fizHMzmezfGBHM+tU/u4M5769e8Ov16t/N7fEfL7vZ889geK40Qd7LM98fzAoPezx3H8BnWr9a+xOxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDQNJb+zs9PVyldeufNo88ePz27uOSJdonW0t/JjlSz/byUHs/xRI5/nh9c/+i1k53xjcV4KqUqzaUqVe3l6Zlr7Zq2pZTOp33pcmqlPZeuvPHe3NPHLxy7uP/9tw5fvYNvAQAAAGx4/wsAAP//2XsNow==")

4.988486428s ago: executing program 2 (id=599):
r0 = io_uring_setup(0x7982, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
io_uring_register$IORING_REGISTER_FILES_UPDATE2(r0, 0xe, &(0x7f0000001800)={0xffff0001, 0x0, 0x0, 0x0}, 0x20)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2c, &(0x7f00000000c0)=0xbfe, 0x4)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000040000000a"], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x1000, r1}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c01250000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10)

4.606364876s ago: executing program 5 (id=600):
r0 = syz_open_dev$cec(&(0x7f00000001c0), 0x0, 0x400300)
ioctl$CEC_RECEIVE(r0, 0xc0386106, &(0x7f0000000240)={0x9, 0x35d1b51a, 0x1, 0x9, 0xfffffffb, 0xf4ec, "7073e7274d638d3259d028b6ac84f8dd", 0x9, 0xc, 0x7, 0x7, 0x40, 0x8, 0x60})
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f1ea3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b2213fdc2881e1a6ec9d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232f0485a2ca9f37fc9c3d2688efcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdcdeb2af1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f925f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5c49209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378ad8f6afb0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3826ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3577], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10)
syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x2002)
r2 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x0, 0xb}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0, 0x2}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x800}, @TCA_FLOWER_KEY_IP_PROTO={0x5, 0x9, 0x11}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x24008040}, 0x24000000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e0000000800000000001800038014000380100001"], 0x44}}, 0x0)

4.473315149s ago: executing program 3 (id=601):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
close(r2)

3.417623363s ago: executing program 3 (id=602):
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffe99)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))

3.412321044s ago: executing program 6 (id=603):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c6572"], 0x38}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=@newqdisc={0x64, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r5, {0x0, 0xb}, {0xffff, 0xffff}, {0x10, 0xf}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x38, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x44, 0x0, 0x6, 0x6, 0x3, 0x2}, {0x3, 0x2, 0x7, 0x4, 0x0, 0x6}, 0x90000000, 0x82b8ca3e, 0x1d24}}, @TCA_TBF_PRATE64={0xc, 0x5, 0x9b4e7c312ffd1ff5}]}}]}, 0x64}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x100, 0x0)
close(r6)
r7 = socket$unix(0x1, 0x1, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56f41, 0x1070b923, 0x80000, {0x0, 0x0, 0x0, r9, {0x0, 0xe}, {0x8, 0xb}, {0xd, 0xd}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x4008000)
ioctl$SIOCSIFHWADDR(r6, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

3.405921534s ago: executing program 5 (id=604):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000380)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x2c2b01, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=@newqdisc={0x84, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x8000000, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x54, 0x2, {{0x1000100, 0x7, 0x6361, 0x805, 0x9, 0x6}, [@TCA_NETEM_SLOT={0x2c, 0xc, {0xb0, 0x5, 0x8}}, @TCA_NETEM_LATENCY64={0xc, 0xa, 0x1}]}}}]}, 0x84}, 0x1, 0x0, 0x0, 0x20008050}, 0x0)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

3.316266693s ago: executing program 2 (id=605):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x100, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff3, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0xff, 0x7, 0x6361, 0x0, 0xfffffffd, 0x40000006}, [@TCA_NETEM_JITTER64={0xc, 0xb, 0x7}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x2000c040}, 0x0)
r8 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56f41, 0x1070b923, 0x80000, {0x0, 0x0, 0x0, r7, {0x0, 0xfff3}, {0x8, 0xb}, {0xd, 0xf}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x4008004)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

3.009396743s ago: executing program 5 (id=606):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
setgroups(0x0, 0x0)

2.973771177s ago: executing program 2 (id=607):
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffe99)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = fsopen(0x0, 0x1)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f00000000c0)='source', 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x2, 0x8}}, 0x20)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r5, 0x560a, &(0x7f0000000240)={0x0, 0x0, 0x1, 0x1ffd, 0x6, 0x2})
chdir(&(0x7f0000000080)='./file1\x00')
open(0x0, 0x0, 0x0)
r6 = open(&(0x7f00000000c0)='.\x00', 0x101800, 0x0)
symlinkat(&(0x7f00000000c0)='./file1\x00', r6, &(0x7f0000000100)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x40, 0x0)

2.916767892s ago: executing program 4 (id=608):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}}, 0x24}}, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r5)
sendmsg$TIPC_CMD_ENABLE_BEARER(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x305200, 0x0)
close(r7)
socket$unix(0x1, 0x1, 0x0)
ioctl$SIOCSIFHWADDR(r7, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

2.814843312s ago: executing program 5 (id=609):
r0 = socket$inet6(0xa, 0x2, 0x0)
syz_open_dev$dri(&(0x7f0000000080), 0x6, 0x69c483)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000200)={@initdev={0xfe, 0x88, '\x00', 0xfc, 0x0}, 0x800, 0x0, 0x3, 0x1, 0x0, 0x4}, 0x20)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00'}, 0x18)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket(0x10, 0x3, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$inet6_int(r0, 0x29, 0x13, &(0x7f0000000180)=0x9, 0x4)

2.773377477s ago: executing program 6 (id=610):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.current\x00', 0x275a, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="16000000000000000400000007"], 0x48)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000000000000081, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x18)
socket$key(0xf, 0x3, 0x2)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r3, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8822d55593a2179}, 0xc)
r4 = socket$inet6(0xa, 0x3, 0x84)
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000280)={{{@in6=@empty, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x4e24, 0x0, 0x4e23, 0x0, 0xa}, {0x0, 0x4, 0x0, 0x0, 0x0, 0x9, 0x0, 0x40000000000000}, {0xcb29, 0x1000000000, 0x53e5, 0x20}, 0x0, 0x1, 0x1, 0x0, 0x2, 0x1}, {{@in=@empty, 0x0, 0x6c}, 0x2, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1502, 0x4, 0x2, 0x0, 0x0, 0xfffffffd}}, 0xe8)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x1c)
eventfd2(0x0, 0x0)
lseek(r1, 0x7fffffffffffffff, 0x0)
r5 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r6=>0x0}, &(0x7f0000001280)=0x8)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x45)
accept4(r7, 0x0, 0x0, 0x0)
r8 = socket$inet6(0xa, 0x2, 0x0)
r9 = dup2(r7, r8)
bind$alg(r9, &(0x7f0000000300)={0x26, 'aead\x00', 0x0, 0x0, 'echainiv(authenc(sha3-384-generic,pcbc(fcrypt-generic)))\x00'}, 0x58)
getsockopt$inet_sctp_SCTP_CONTEXT(r5, 0x84, 0x11, &(0x7f0000000080)={r6}, &(0x7f0000000100)=0x8)
getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x73, &(0x7f0000000180)={r6, 0x38f, 0x20, 0x4, 0x2}, &(0x7f00000001c0)=0x18)
sendmsg$netlink(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000380)=ANY=[@ANYBLOB="140100001e0001000000000000000000030100800c00010008000000000000000c000000215c245d2e145e0050bb2d6f67d29d6fabadb107d0def49c88ee04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750471dc076eb47d96219c08c029d1608a487f26fbe816b89f7cb81bff81a8b7a82565856555ee923c65973deb0a99b962b020094a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875cf0d972df9e99f07976773f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fdc2f4393c05a007d12b505a84dfdb98d568175b62421d726d1e5331e1ddfd4d770b57e09100b2b76ff364f7b54dc3f6c511c771e1bdb96bd6603db9972cb48a71896e73aa58b07d4680d7cef04c91476e7ee88c72d54a4f9ccdcf29e9de541f0d97b86cbbeb2bfb7ff377d26505146269f444bceef6bef43ff3162a7c10489f2198499f22ee8a34e1df4d7305dc7d62aaa120b0d0ce4dbe7fb3520e6d6a72b827d7944cd879d694837fd513a3c11a6bccbdea66"], 0x114}], 0x1}, 0x0)

2.483157905s ago: executing program 3 (id=611):
r0 = socket$inet6(0xa, 0x2, 0x0)
syz_open_dev$dri(&(0x7f0000000080), 0x6, 0x69c483)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000200)={@initdev={0xfe, 0x88, '\x00', 0xfc, 0x0}, 0x800, 0x0, 0x3, 0x1, 0x0, 0x4}, 0x20)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket(0x10, 0x3, 0x0)
write(r3, &(0x7f0000000140)="fc0000001a000708ab092504090007000aab0700a90100001d60369321000100fe800000000000000000000000039815fa2c1ec28656aaa79bb94b46fe000000bc00030026000000140000270400117c22ebc205214000000000008934d07302ade01720d7d5bbc91a3e3280772c05defd5a32e280fc83ab82f605f70c9ddef2fe082038f4f8b29d3ef3d92c83170e5bba4a46d284a710af333ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dd16b17e583df150c3b880f411f46a6b567b4d5715587e658a1ad0a4f01731d05b0350b0041f0d48a99c03f080548deac270e33429fd3000175e63fb8d38a87", 0x148)

2.377081785s ago: executing program 4 (id=612):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = socket$phonet_pipe(0x23, 0x5, 0x2)
close(r4)

2.348418378s ago: executing program 6 (id=613):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$phonet_pipe(0x23, 0x5, 0x2)
close(r3)

1.792007963s ago: executing program 2 (id=614):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000580)=@bpf_lsm={0x4, 0x7, &(0x7f0000000040)=@framed={{}, [@jmp={0x5, 0x0, 0x0, 0x0, 0x0, 0x2}, @call, @call, @jmp={0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}]}, &(0x7f00000003c0)='GPL\x00', 0x5, 0xff9, &(0x7f0000000a80)=""/4089}, 0x78)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0xffffffffffffffff, 0x4000000}, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
mmap(&(0x7f00005e8000/0x1000)=nil, 0x1000, 0x2000003, 0x28011, r0, 0xffff8000)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000580)=ANY=[@ANYBLOB="e80100000001050500000000000000000a0000003c0002802c00018014000300ff01000000000000000000000000000114000400ff0200000000000000000000000000010c00028005000100000000003c0001800c00028005000100000000002c00018014000300ff020d40f799000000000000000000011400040020010000000000000000000000000001080007400000000010000d800c000380060002004e210000080007400000000da800068004000380080002006401010124000380060001004e230000060001004e230000060001004e210000060002004e24000008000200e000000234000380060002004e230000060002004e2400fa050001"], 0x1e8}, 0x1, 0x0, 0x0, 0x48091}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000006c0f00000a"], 0x48)
r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='fdinfo/3\x00')
open(&(0x7f0000000100)='.\x00', 0x0, 0x0)
r7 = socket$inet6(0xa, 0x80002, 0x88)
setsockopt$SO_BINDTODEVICE(r7, 0x1, 0x19, 0x0, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2)
syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/devices.allow\x00', 0x2, 0xc8)
open_by_handle_at(r8, &(0x7f0000000040)=@ceph_nfs_confh={0x10, 0x2, {0xca, 0xffffffffffffffff}}, 0x1c7041)
read$qrtrtun(r6, &(0x7f00000004c0)=""/57, 0x39)
r9 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_BT_SNDMTU(r9, 0x112, 0xc, &(0x7f0000000080)=0x5, 0x2)
syz_mount_image$nilfs2(&(0x7f0000000a40), &(0x7f0000000a80)='./file0\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00a717cf64394a00dc299b573660f498c4d99aac48af10923f703f53e58070c2bf4575228d0e471df7101ac03b8d48a1b0fc276e395f25b63e9a27cd2ab98888989eec154d97b4dbcf"], 0x1, 0xa09, &(0x7f0000001540)="$eJzs3UuMHEfdAPDq2Z31M5/H+WyyOCaxCSThkd14vZiHBXEUX7DiiFukiIvlOMHCMQhHgkQ52D5xI1FkrjzEKZcIEBK5ICsnLpGIJS45BQ4csIwUiQME7EW7WzU7+/eMemZt73h2fj+ptqa6aqaqZ3t6erq7qhIwthpLf+fnp6uULr3z5tG/P/y3LYtLnmiXaC39nexINVNKVU5Phtf7cGI5vv7Raye7xVWaW/pb0umZa+3nbkspnU/70uXUSnsuXXnjvbmnj184dnH/+28dvnpn1h4AAMbLty4fnt/9lz/dv/Pjtx84kja1l5fj81ZOb8/H/UfygX85/m+k1emqI3SaCuUmc2iEchNdynXW0wzlJnvUPxVet9mj3Kaa+ic6lnVbbxhlZTtupaoxsyrdaMzMLP8mT0u/66eqmbOnz7xwbkgNBW67fz6YUtonCMI4hoUdw94DASyL1wtvcj6eWbg17Veb7K/+a082uj8fboP13v7VP1r1/+qCPQ63z0bdmsp6lc/R9pyO1xHi/UuDfv7L68XrEc0+29nrOsKoXF/o1c6JdW7HWvVqf9wuNqqv57i8D98I+Z2fn/g/HZX/MdDdv5z/F4SxDQvD3gEBd61439xCVvLjfX0xf1NN/uaa/C01+Vtr8rfV5MM4++3LP0mvVyu/8+Nv+kHPh5XzbPfk+P8GbE88Hzlo/fG+30Hdav3xfmK4m/3+xLOnvvL8c1eW7/+v2tv/jby978vpVv5sXc4FyvnCeF69fe9/a3U9jR7l7g3tuadL+aXHu1aXq3atvE7q2M/c1I7p1c/b0avc3tXlWqHclhw2h/bG45Ot4Xnl+KPsV8v7NRnWtxnWYyq0o+xXduY4tgPWomyPve7/L9vndGpWL5w+c+rxnC7b6R8nmpsWlx9Y53YDt67f/j/TaXX/n+3t5c1G535hx8ryqnO/0ArL53osP5jT5XvuOxNblpbPnPzemedv98rDmDv3yqvfPXHmzKkfeOCBBx60Hwx7zwTcabMvv/T92XOvvPrY6ZdOvHjqxVNnDx46dHBu7tBXD87PLh3Xz3Ye3QMbycqX/rBbAgAAAAAAAAAAAPTrh8eOXvnzu1/+YLn//0r/v9L/v9z5W/r//zj0/4/95Es/+NIPcGeX/KUyYYDVqVCumcP/h/buCvXsDs/7RI7b8/jl/v+lujiua2nPfWF5HL+3lAvDCdw0XspUGIMkzhf46RxfzPEvEwxRtaX74hzXjW9dtvUyPoVxKUZT+b+VraGMY1L6f/ca16ns/3euQxu5/dajO+Gw1xHo7h/G/xaEsQ0LC2bxAO4Ow57/s5z3LPHZP3xz82Ioxa49uXp/GccvhVtxt88/qf6NNf9ne/67vvd/Yca81trq/ffPrn7QUW3a02/9cf3LONC7Bqv/41x/WZtHUn/1L/wi1B8vCPXpP6H+rX3Wf9P6711b/f/N9Ze37dGH+q1/ucVVY3U74nnjcv0vnjcurof1L2N7Drz+a5yo8UauH8bZqMwzO6hRmf+3l3gfxpdyuuwIy30Ocb6TQdtf7q8o3wO7w+tXNd9v5v8dbV/Lcd3nocz/W7bHVpd0oyPd7PLebtR9DYyqD13/E4SxDQsLC3f2hFaNoVbO0N//Yf9OGHb9w37/68T5f+MxfJz/N+bH+X9jfpz/N+bH+fVifpz/N76fcf7fmH9feN04P/B0Tf4na/L31OTfX5O/tyb/UzX5+2vyH6jJf7Am/96a/Idq8j9Tk//ZmvyHa/Ifrcn/XE3+Rlf6o4zr+sM4i/3zfP5hfJTrP70+/7tq8oHR9dO3Dzz13G++3Vru/z/VPh9SruMdyelm/u38o5yO171TR3ox792c/mvIv9vPd8A4ieNnxO/3R2rygdFV7vPy+YYxVHUfsaffcat6HeczWj6f4y/k+Is5fizHMzmezfGBHM+tU/u4M5769e8Ov16t/N7fEfL7vZ889geK40Qd7LM98fzAoPezx3H8BnWr9a+xOxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDQNJb+zs9PVyldeufNo88ePz27uOSJdonW0t/JjlSz/byUHs/xRI5/nh9c/+i1k53xjcV4KqUqzaUqVe3l6Zlr7Zq2pZTOp33pcmqlPZeuvPHe3NPHLxy7uP/9tw5fvYNvAQAAAGx4/wsAAP//2XsNow==")

1.790672083s ago: executing program 3 (id=615):
r0 = io_uring_setup(0x7982, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
io_uring_register$IORING_REGISTER_FILES_UPDATE2(r0, 0xe, &(0x7f0000001800)={0xffff0001, 0x0, 0x0, 0x0}, 0x20)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2c, &(0x7f00000000c0)=0xbfe, 0x4)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000040000000a"], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x1000, r1}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c01250000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10)

1.528739439s ago: executing program 5 (id=616):
r0 = syz_open_dev$cec(&(0x7f00000001c0), 0x0, 0x400300)
ioctl$CEC_RECEIVE(r0, 0xc0386106, &(0x7f0000000240)={0x9, 0x35d1b51a, 0x1, 0x9, 0xfffffffb, 0xf4ec, "7073e7274d638d3259d028b6ac84f8dd", 0x9, 0xc, 0x7, 0x7, 0x40, 0x8, 0x60})
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f1ea3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b2213fdc2881e1a6ec9d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232f0485a2ca9f37fc9c3d2688efcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdcdeb2af1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f925f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5c49209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378ad8f6afb0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3826ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3577], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10)
syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x2002)
r2 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x0, 0xb}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0, 0x2}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x800}, @TCA_FLOWER_KEY_IP_PROTO={0x5, 0x9, 0x11}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x24008040}, 0x24000000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e0000000800000000001800038014000380100001"], 0x44}}, 0x0)

1.060442985s ago: executing program 6 (id=617):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000380)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x2c2b01, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=@newqdisc={0x84, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x8000000, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x54, 0x2, {{0x1000100, 0x7, 0x6361, 0x805, 0x9, 0x6}, [@TCA_NETEM_SLOT={0x2c, 0xc, {0xb0, 0x5, 0x8}}, @TCA_NETEM_LATENCY64={0xc, 0xa, 0x1}]}}}]}, 0x84}, 0x1, 0x0, 0x0, 0x20008050}, 0x0)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

863.042655ms ago: executing program 4 (id=618):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, 0x0, 0x100, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff3, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0xff, 0x7, 0x6361, 0x0, 0xfffffffd, 0x40000006}, [@TCA_NETEM_JITTER64={0xc, 0xb, 0x7}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x2000c040}, 0x0)
r8 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56f41, 0x1070b923, 0x80000, {0x0, 0x0, 0x0, r7, {0x0, 0xfff3}, {0x8, 0xb}, {0xd, 0xf}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x4008004)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

275.963802ms ago: executing program 5 (id=619):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x1, 0x7fe2, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$KDSKBLED(0xffffffffffffffff, 0x4b65, 0x796)
r1 = syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042)
dup(r1)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f00000003c0)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r2, @ANYBLOB="05", @ANYRES16=r2, @ANYRES64=r2], 0x0)

0s ago: executing program 3 (id=620):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c6572"], 0x38}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=@newqdisc={0x64, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r5, {0x0, 0xb}, {0xffff, 0xffff}, {0x10, 0xf}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x38, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x44, 0x0, 0x6, 0x6, 0x3, 0x2}, {0x3, 0x2, 0x7, 0x4, 0x0, 0x6}, 0x90000000, 0x82b8ca3e, 0x1d24}}, @TCA_TBF_PRATE64={0xc, 0x5, 0x9b4e7c312ffd1ff5}]}}]}, 0x64}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x100, 0x0)
close(r6)
r7 = socket$unix(0x1, 0x1, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56f41, 0x1070b923, 0x80000, {0x0, 0x0, 0x0, r9, {0x0, 0xe}, {0x8, 0xb}, {0xd, 0xd}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x4008000)
ioctl$SIOCSIFHWADDR(r6, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

kernel console output (not intermixed with test programs):

big, clamped from 46 to 4294967286. macoff=82
[  112.228065][ T4734] loop2: detected capacity change from 0 to 32768
[  112.257397][ T4762] sch_tbf: burst 2 is lower than device syzkaller0 mtu (1514) !
[  112.281651][ T4762] device syzkaller0 entered promiscuous mode
[  112.503861][ T1108] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  112.912239][ T4775] netlink: 'syz.1.125': attribute type 3 has an invalid length.
[  112.954524][ T4775] netlink: 'syz.1.125': attribute type 1 has an invalid length.
[  112.963087][ T4775] netlink: 4300 bytes leftover after parsing attributes in process `syz.1.125'.
[  113.125713][ T1108] usb 4-1: Using ep0 maxpacket: 16
[  113.696008][ T4764] chnl_net:caif_netlink_parms(): no params data found
[  113.761233][ T1108] usb 4-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0
[  113.780475][ T4778] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  113.787403][ T1108] usb 4-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0
[  113.814372][ T4780] device syzkaller0 entered promiscuous mode
[  113.828825][ T1108] usb 4-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  113.856503][ T1108] usb 4-1: config 1 interface 0 has no altsetting 0
[  113.885274][ T4778] tipc: Resetting bearer <eth:syzkaller0>
[  113.967883][ T4777] tipc: Resetting bearer <eth:syzkaller0>
[  114.001834][ T4777] tipc: Disabling bearer <eth:syzkaller0>
[  114.021033][ T1108] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  114.040118][ T4764] bridge0: port 1(bridge_slave_0) entered blocking state
[  114.041085][ T1108] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  114.059810][ T4764] bridge0: port 1(bridge_slave_0) entered disabled state
[  114.066206][ T1108] usb 4-1: Product: syz
[  114.078545][ T4764] device bridge_slave_0 entered promiscuous mode
[  114.086500][ T1108] usb 4-1: Manufacturer: syz
[  114.089061][ T4764] bridge0: port 2(bridge_slave_1) entered blocking state
[  114.095327][ T1108] usb 4-1: SerialNumber: syz
[  114.099363][ T4764] bridge0: port 2(bridge_slave_1) entered disabled state
[  114.112218][ T4764] device bridge_slave_1 entered promiscuous mode
[  114.200189][ T4764] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  114.235216][ T4764] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  114.302818][ T4764] team0: Port device team_slave_0 added
[  114.317664][ T4786] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  114.387110][ T4787] device syzkaller0 entered promiscuous mode
[  114.418856][ T4764] team0: Port device team_slave_1 added
[  114.425693][ T1108] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 3 if 0 alt 255 proto 1 vid 0x0525 pid 0xA4A8
[  114.448366][ T4786] tipc: Resetting bearer <eth:syzkaller0>
[  114.513138][ T4764] batman_adv: batadv0: Adding interface: batadv_slave_0
[  114.530748][ T4764] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  114.545723][ T1108] Bluetooth: hci1: command 0x0409 tx timeout
[  114.598696][ T1108] usb 4-1: USB disconnect, device number 3
[  114.609796][ T4764] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  114.647611][ T4785] tipc: Resetting bearer <eth:syzkaller0>
[  114.705392][ T4785] tipc: Disabling bearer <eth:syzkaller0>
[  114.724663][ T4764] batman_adv: batadv0: Adding interface: batadv_slave_1
[  114.741904][ T4764] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  114.773911][ T4764] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  114.873729][ T4764] device hsr_slave_0 entered promiscuous mode
[  114.891833][ T4764] device hsr_slave_1 entered promiscuous mode
[  114.914022][ T4764] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  114.930843][ T4764] Cannot create hsr debugfs directory
[  114.942984][ T1108] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  114.968356][ T4791] device syzkaller0 entered promiscuous mode
[  114.981959][ T1108] hid-generic 0000:0000:0000.0005: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  115.001199][ T4791] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready
[  115.252796][ T4798] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  115.387771][ T4764] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  115.421227][ T4764] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  115.464020][ T4764] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  115.499727][ T4764] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  115.627463][ T4795] hid-generic 0000:0000:0000.0005: pid 4795 passed too short report
[  115.710165][ T4761] loop3: detected capacity change from 0 to 40427
[  115.727588][ T4815] loop2: detected capacity change from 0 to 1024
[  115.746426][ T4817] netlink: 40 bytes leftover after parsing attributes in process `syz.4.133'.
[  115.781724][ T4761] F2FS-fs (loop3): invalid crc value
[  115.787526][ T4817] netlink: 4 bytes leftover after parsing attributes in process `syz.4.133'.
[  115.812086][ T4764] 8021q: adding VLAN 0 to HW filter on device bond0
[  115.841908][ T4761] F2FS-fs (loop3): Found nat_bits in checkpoint
[  115.882553][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  115.909663][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  115.951857][ T4764] 8021q: adding VLAN 0 to HW filter on device team0
[  116.006968][ T4303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  116.038979][ T4303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  116.084183][ T4303] bridge0: port 1(bridge_slave_0) entered blocking state
[  116.091912][ T4303] bridge0: port 1(bridge_slave_0) entered forwarding state
[  116.124317][ T4815] attempt to access beyond end of device
[  116.124317][ T4815] loop2: rw=0, want=5780, limit=1024
[  116.135273][ T4303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  116.168910][ T4303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  116.180331][ T4815] attempt to access beyond end of device
[  116.180331][ T4815] loop2: rw=0, want=5780, limit=1024
[  116.212551][ T4303] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  116.225487][ T4815] attempt to access beyond end of device
[  116.225487][ T4815] loop2: rw=0, want=5780, limit=1024
[  116.240199][ T4303] bridge0: port 2(bridge_slave_1) entered blocking state
[  116.249242][ T4303] bridge0: port 2(bridge_slave_1) entered forwarding state
[  116.252196][ T4814] attempt to access beyond end of device
[  116.252196][ T4814] loop2: rw=0, want=5780, limit=1024
[  116.262935][ T4303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  116.297325][ T4761] usblp0: removed
[  116.303132][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  116.316932][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  116.341372][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  116.365709][ T4825] sch_tbf: burst 2 is lower than device syzkaller0 mtu (1514) !
[  116.376793][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  116.436925][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  116.462834][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  116.481846][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  116.501725][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  116.544910][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  116.595031][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  116.626170][ T4826] device syzkaller0 entered promiscuous mode
[  116.632894][ T2303] Bluetooth: hci1: command 0x041b tx timeout
[  116.678772][ T4764] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  117.063310][ T4840] netlink: 148 bytes leftover after parsing attributes in process `syz.3.135'.
[  117.074726][ T4840] netlink: 56 bytes leftover after parsing attributes in process `syz.3.135'.
[  117.083942][ T4840] netlink: 'syz.3.135': attribute type 1 has an invalid length.
[  117.211046][ T4840] loop3: detected capacity change from 0 to 2048
[  117.222052][   T23] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  117.284196][ T4840] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[  117.294807][ T4840] NILFS (loop3): mounting unchecked fs
[  117.450250][ T4840] NILFS (loop3): recovery complete
[  117.471046][   T23] usb 3-1: Using ep0 maxpacket: 32
[  117.577310][ T4841] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  117.652570][   T23] usb 3-1: config 0 has an invalid interface number: 12 but max is 0
[  117.702584][   T23] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  117.741916][   T23] usb 3-1: config 0 has no interface number 0
[  117.756382][   T23] usb 3-1: config 0 interface 12 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  117.839077][   T23] usb 3-1: config 0 interface 12 has no altsetting 0
[  117.911686][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  117.950258][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  117.988731][ T4764] 8021q: adding VLAN 0 to HW filter on device batadv0
[  118.035660][   T23] usb 3-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  118.080897][   T23] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  118.115894][   T23] usb 3-1: Product: syz
[  118.130862][   T23] usb 3-1: Manufacturer: syz
[  118.159386][   T23] usb 3-1: SerialNumber: syz
[  118.205389][   T23] usb 3-1: config 0 descriptor??
[  118.348137][ T4849] autofs4:pid:4849:autofs_fill_super: called with bogus options
[  118.863671][ T4255] Bluetooth: hci1: command 0x040f tx timeout
[  119.115566][ T4853] netlink: 'syz.4.139': attribute type 1 has an invalid length.
[  119.133583][ T4853] netlink: 232 bytes leftover after parsing attributes in process `syz.4.139'.
[  119.154891][ T4857] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  119.165220][ T4857] device syzkaller0 entered promiscuous mode
[  119.206055][ T4857] tipc: Resetting bearer <eth:syzkaller0>
[  119.272904][ T4856] tipc: Resetting bearer <eth:syzkaller0>
[  119.302273][   T23] f81534 3-1:0.12: required endpoints missing
[  119.313627][ T4856] tipc: Disabling bearer <eth:syzkaller0>
[  119.348642][ T4839] loop1: detected capacity change from 0 to 40427
[  119.371340][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  119.381723][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  119.406308][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  119.424418][ T4839] F2FS-fs (loop1): Invalid log_blocksize (0), supports only 12
[  119.439985][ T4839] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  119.440330][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  119.504185][ T4839] F2FS-fs (loop1): invalid crc value
[  119.534269][ T4764] device veth0_vlan entered promiscuous mode
[  119.551961][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  119.586388][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  119.612253][ T4764] device veth1_vlan entered promiscuous mode
[  119.653371][ T4839] F2FS-fs (loop1): Found nat_bits in checkpoint
[  120.112433][ T4255] usb 3-1: USB disconnect, device number 4
[  120.347419][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  120.398480][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  120.445216][ T4839] F2FS-fs (loop1): Start checkpoint disabled!
[  120.455839][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  120.466276][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  120.499355][ T4764] device veth0_macvtap entered promiscuous mode
[  120.576621][ T4764] device veth1_macvtap entered promiscuous mode
[  120.599695][ T4764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  120.611112][ T4764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  120.624558][ T4764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  120.635705][ T4764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  120.649864][ T4764] batman_adv: batadv0: Interface activated: batadv_slave_0
[  120.671043][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  120.703019][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  120.722175][ T4368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  120.754319][ T4764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  120.813875][ T4764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  120.844569][ T4764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  120.866584][ T4764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  120.928907][ T4764] batman_adv: batadv0: Interface activated: batadv_slave_1
[  120.941000][ T1108] Bluetooth: hci1: command 0x0419 tx timeout
[  120.959836][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  120.980509][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  121.005800][ T4764] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  121.021397][ T4764] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  121.067177][ T4764] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  121.088253][ T4764] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  121.289712][ T4869] loop3: detected capacity change from 0 to 32768
[  121.303377][ T4878] sch_tbf: burst 2 is lower than device syzkaller0 mtu (1514) !
[  121.337972][ T4878] device syzkaller0 entered promiscuous mode
[  121.438575][ T4880] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  121.449777][ T4869] ocfs2: Mounting device (7,3) on (node local, slot 0) with writeback data mode.
[  121.474375][ T4881] device syzkaller0 entered promiscuous mode
[  121.487418][ T4382] (kworker/u4:10,4382,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #72: rec_len % 4 != 0 - offset=16, inode=66, rec_len=491, name_len=2
[  121.551268][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  121.559730][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  121.619104][ T4869] (syz.3.143,4869,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #72: rec_len % 4 != 0 - offset=16, inode=66, rec_len=491, name_len=2
[  121.623243][ T4880] tipc: Resetting bearer <eth:syzkaller0>
[  121.658948][ T4869] (syz.3.143,4869,0):ocfs2_prepare_dir_for_insert:4311 ERROR: status = -2
[  121.701781][ T4869] (syz.3.143,4869,0):__ocfs2_prepare_orphan_dir:2168 ERROR: status = -2
[  121.719982][ T4869] (syz.3.143,4869,0):ocfs2_prepare_orphan_dir:2210 ERROR: status = -2
[  121.743306][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  121.760850][ T4869] (syz.3.143,4869,0):ocfs2_prepare_orphan_dir:2226 ERROR: status = -2
[  121.771404][ T4869] (syz.3.143,4869,0):ocfs2_unlink:964 ERROR: status = -2
[  121.784881][ T4879] tipc: Resetting bearer <eth:syzkaller0>
[  121.815871][ T4879] tipc: Disabling bearer <eth:syzkaller0>
[  121.841916][ T4190] ocfs2: Unmounting device (7,3) on (node local)
[  121.848828][ T4887] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  121.857753][ T1277] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  121.890665][ T4888] device syzkaller0 entered promiscuous mode
[  121.898732][ T1277] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  121.963173][ T1277] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  121.998778][ T4887] tipc: Resetting bearer <eth:syzkaller0>
[  122.088219][ T4886] tipc: Resetting bearer <eth:syzkaller0>
[  122.148035][ T4886] tipc: Disabling bearer <eth:syzkaller0>
[  122.345119][ T4896] autofs4:pid:4896:autofs_fill_super: called with bogus options
[  122.940611][ T4899] loop5: detected capacity change from 0 to 512
[  123.151538][ T4904] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22
[  123.169478][ T4899] EXT4-fs error (device loop5): ext4_orphan_get:1427: comm syz.5.122: bad orphan inode 11862016
[  123.174914][ T4904] netdevsim netdevsim2: Direct firmware load for . failed with error -22
[  123.199569][ T4904] netdevsim netdevsim2: Falling back to sysfs fallback for: .
[  123.212505][ T4908] loop3: detected capacity change from 0 to 128
[  123.229002][ T4909] loop2: detected capacity change from 0 to 256
[  123.253997][ T4899] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  123.282123][ T4899] ext4 filesystem being mounted at /0/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  123.327968][ T4908] EXT4-fs (loop3): mounted filesystem without journal. Opts: usrquota,nodelalloc,,errors=continue. Quota mode: writeback.
[  123.372076][ T4908] ext4 filesystem being mounted at /31/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  123.389578][   T26] audit: type=1804 audit(1760447722.630:5): pid=4899 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.122" name="/newroot/0/file1/file1" dev="loop5" ino=18 res=1 errno=0
[  123.395734][ T4899] FAULT_INJECTION: forcing a failure.
[  123.395734][ T4899] name failslab, interval 1, probability 0, space 0, times 1
[  123.472740][ T4899] CPU: 0 PID: 4899 Comm: syz.5.122 Not tainted syzkaller #0
[  123.484276][ T4899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  123.497249][ T4899] Call Trace:
[  123.500938][ T4899]  <TASK>
[  123.504183][ T4899]  dump_stack_lvl+0x168/0x230
[  123.509457][ T4899]  ? show_regs_print_info+0x20/0x20
[  123.515782][ T4899]  ? load_image+0x3b0/0x3b0
[  123.520779][ T4899]  ? __might_sleep+0xf0/0xf0
[  123.526145][ T4899]  ? __lock_acquire+0x7c60/0x7c60
[  123.532231][ T4899]  ? mark_lock+0x94/0x320
[  123.537320][ T4899]  should_fail+0x38c/0x4c0
[  123.541992][ T4899]  should_failslab+0x5/0x20
[  123.546974][ T4899]  slab_pre_alloc_hook+0x51/0xc0
[  123.552319][ T4899]  __kmalloc+0x6b/0x330
[  123.556606][ T4899]  ? tomoyo_realpath_from_path+0x118/0x610
[  123.563162][ T4899]  tomoyo_realpath_from_path+0x118/0x610
[  123.569290][ T4899]  tomoyo_path_number_perm+0x1d5/0x5d0
[  123.575684][ T4899]  ? verify_lock_unused+0x140/0x140
[  123.581101][ T4899]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  123.586841][ T4899]  ? ksys_write+0x1c7/0x250
[  123.591620][ T4899]  security_file_ioctl+0x6c/0xa0
[  123.596716][ T4899]  __se_sys_ioctl+0x48/0x170
[  123.602048][ T4899]  do_syscall_64+0x4c/0xa0
[  123.606953][ T4899]  ? clear_bhb_loop+0x30/0x80
[  123.612594][ T4899]  ? clear_bhb_loop+0x30/0x80
[  123.618616][ T4899]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  123.626020][ T4899] RIP: 0033:0x7fa3c3ce2ec9
[  123.632445][ T4899] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  123.663475][ T4899] RSP: 002b:00007fa3c1f4a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  123.676615][ T4899] RAX: ffffffffffffffda RBX: 00007fa3c3f39fa0 RCX: 00007fa3c3ce2ec9
[  123.686466][ T4899] RDX: 0000200000000540 RSI: 000000000000890b RDI: 0000000000000007
[  123.695927][ T4899] RBP: 00007fa3c1f4a090 R08: 0000000000000000 R09: 0000000000000000
[  123.704957][ T4899] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  123.714450][ T4899] R13: 00007fa3c3f3a038 R14: 00007fa3c3f39fa0 R15: 00007ffc6933cc68
[  123.723775][ T4899]  </TASK>
[  123.737771][ T4899] ERROR: Out of memory at tomoyo_realpath_from_path.
[  123.779341][ T4909] FAT-fs (loop2): Directory bread(block 64) failed
[  123.811065][ T4909] FAT-fs (loop2): Directory bread(block 65) failed
[  123.824834][ T4909] FAT-fs (loop2): Directory bread(block 66) failed
[  123.854795][ T4909] FAT-fs (loop2): Directory bread(block 67) failed
[  123.869011][ T4909] FAT-fs (loop2): Directory bread(block 68) failed
[  123.879861][ T4909] FAT-fs (loop2): Directory bread(block 69) failed
[  123.888650][ T4909] FAT-fs (loop2): Directory bread(block 70) failed
[  123.899532][ T1326] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  123.941177][ T4909] FAT-fs (loop2): Directory bread(block 71) failed
[  123.948466][ T4909] FAT-fs (loop2): Directory bread(block 72) failed
[  123.991752][ T4909] FAT-fs (loop2): Directory bread(block 73) failed
[  124.095150][ T4893] loop1: detected capacity change from 0 to 32768
[  124.107053][ T4919] sock: sock_set_timeout: `syz.2.152' (pid 4919) tries to set negative timeout
[  124.194578][ T4893] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.151 (4893)
[  124.604471][ T4893] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  124.654003][ T4893] BTRFS info (device loop1): use zlib compression, level 3
[  124.695600][ T4893] BTRFS info (device loop1): using free space tree
[  124.787986][ T4893] BTRFS info (device loop1): has skinny extents
[  124.920338][ T4928] FAULT_INJECTION: forcing a failure.
[  124.920338][ T4928] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  124.973484][ T4928] CPU: 0 PID: 4928 Comm: syz.2.157 Not tainted syzkaller #0
[  124.981015][ T4928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  124.991296][ T4928] Call Trace:
[  124.994613][ T4928]  <TASK>
[  124.997575][ T4928]  dump_stack_lvl+0x168/0x230
[  125.002301][ T4928]  ? show_regs_print_info+0x20/0x20
[  125.007900][ T4928]  ? load_image+0x3b0/0x3b0
[  125.012802][ T4928]  ? __lock_acquire+0x7c60/0x7c60
[  125.018149][ T4928]  should_fail+0x38c/0x4c0
[  125.022695][ T4928]  _copy_to_user+0x2e/0x130
[  125.027337][ T4928]  simple_read_from_buffer+0xe3/0x150
[  125.033025][ T4928]  proc_fail_nth_read+0x19a/0x210
[  125.038619][ T4928]  ? proc_fault_inject_write+0x2f0/0x2f0
[  125.044490][ T4928]  ? fsnotify_perm+0x254/0x560
[  125.049521][ T4928]  ? proc_fault_inject_write+0x2f0/0x2f0
[  125.055287][ T4928]  vfs_read+0x2f6/0xcf0
[  125.059489][ T4928]  ? __secure_computing+0x2f0/0x2f0
[  125.064731][ T4928]  ? kernel_read+0x1e0/0x1e0
[  125.069747][ T4928]  ? __fget_files+0x40f/0x480
[  125.074784][ T4928]  ? mutex_lock_nested+0x17/0x20
[  125.079867][ T4928]  ? __fdget_pos+0x2bf/0x370
[  125.084631][ T4928]  ? ksys_read+0x71/0x250
[  125.089354][ T4928]  ksys_read+0x14d/0x250
[  125.093729][ T4928]  ? vfs_write+0xd00/0xd00
[  125.098491][ T4928]  do_syscall_64+0x4c/0xa0
[  125.103050][ T4928]  ? clear_bhb_loop+0x30/0x80
[  125.108066][ T4928]  ? clear_bhb_loop+0x30/0x80
[  125.112962][ T4928]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  125.118978][ T4928] RIP: 0033:0x7ff3d19af8dc
[  125.123609][ T4928] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  125.144200][ T4928] RSP: 002b:00007ff3cfc18030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  125.152748][ T4928] RAX: ffffffffffffffda RBX: 00007ff3d1c07fa0 RCX: 00007ff3d19af8dc
[  125.161035][ T4928] RDX: 000000000000000f RSI: 00007ff3cfc180a0 RDI: 0000000000000008
[  125.169509][ T4928] RBP: 00007ff3cfc18090 R08: 0000000000000000 R09: 0000000000000000
[  125.177713][ T4928] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  125.185722][ T4928] R13: 00007ff3d1c08038 R14: 00007ff3d1c07fa0 R15: 00007ffe6e9aa548
[  125.194204][ T4928]  </TASK>
[  125.332893][ T1326] usb 5-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[  125.370759][ T1326] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  125.381134][ T1326] usb 5-1: Product: syz
[  125.385756][ T1326] usb 5-1: Manufacturer: syz
[  125.390444][ T1326] usb 5-1: SerialNumber: syz
[  125.399069][ T4893] BTRFS error (device loop1): open_ctree failed: -12
[  125.479726][ T1326] usb 5-1: config 0 descriptor??
[  125.675828][ T4918] loop5: detected capacity change from 0 to 32768
[  125.695076][ T4669] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by udevd (4669)
[  125.749911][ T4918] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 scanned by syz.5.155 (4918)
[  126.003005][ T1326] hso 5-1:0.0: Can't find BULK IN endpoint
[  126.371240][ T1326] usb-storage 5-1:0.0: USB Mass Storage device detected
[  126.376751][ T4974] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  126.444199][ T4918] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm
[  126.501566][ T4974] device syzkaller0 entered promiscuous mode
[  126.515695][ T4918] BTRFS info (device loop5): enabling disk space caching
[  126.539433][ T1326] usb 5-1: USB disconnect, device number 2
[  126.541811][ T4974] tipc: Resetting bearer <eth:syzkaller0>
[  126.562798][ T4918] BTRFS info (device loop5): use no compression
[  126.569614][ T4918] BTRFS info (device loop5): force clearing of disk cache
[  126.613610][ T4973] tipc: Resetting bearer <eth:syzkaller0>
[  126.619673][ T4918] BTRFS info (device loop5): disabling disk space caching
[  126.665260][ T4918] BTRFS info (device loop5): has skinny extents
[  126.675470][ T4973] tipc: Disabling bearer <eth:syzkaller0>
[  127.033140][ T4989] autofs4:pid:4989:autofs_fill_super: called with bogus options
[  127.934724][ T4997] loop3: detected capacity change from 0 to 2048
[  127.971888][ T5005] loop1: detected capacity change from 0 to 1024
[  128.113921][ T5007] netlink: 'syz.4.166': attribute type 3 has an invalid length.
[  128.229173][ T5007] netlink: 'syz.4.166': attribute type 1 has an invalid length.
[  128.237801][ T5007] netlink: 4300 bytes leftover after parsing attributes in process `syz.4.166'.
[  128.868882][ T5009] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  128.884003][ T4997] NILFS error (device loop3): nilfs_lookup: deleted inode referenced: 12
[  128.959323][ T5005] EXT4-fs (loop1): Ignoring removed nobh option
[  128.970779][ T4997] Remounting filesystem read-only
[  128.997532][ T5005] EXT4-fs error (device loop1): ext4_ext_check_inode:501: inode #11: comm syz.1.167: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[  129.107192][ T5005] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.167: couldn't read orphan inode 11 (err -117)
[  129.145283][ T5005] EXT4-fs (loop1): mounted filesystem without journal. Opts: sysvgroups,noload,nobh,noload,journal_dev=0x0000000000000004,norecovery,errors=continue,quota,,errors=continue. Quota mode: writeback.
[  129.145364][ T4615] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 scanned by udevd (4615)
[  129.170929][ T4918] BTRFS error (device loop5): open_ctree failed: -12
[  129.239864][ T5005] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:476: comm syz.1.167: Invalid block bitmap block 0 in block_group 0
[  129.340102][ T5005] Quota error (device loop1): write_blk: dquota write failed
[  129.428983][ T5005] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  129.442794][ T5025] device syzkaller0 entered promiscuous mode
[  129.492480][ T5005] EXT4-fs error (device loop1): ext4_acquire_dquot:6209: comm syz.1.167: Failed to acquire dquot type 0
[  129.705675][ T5031] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  129.859894][ T5036] loop1: detected capacity change from 0 to 512
[  130.049615][ T5036] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.172: inode #1: comm syz.1.172: iget: illegal inode #
[  130.097612][ T5036] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.172: error while reading EA inode 1 err=-117
[  130.139637][ T5028] netlink: 8 bytes leftover after parsing attributes in process `syz.3.171'.
[  130.190423][ T5036] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.172: inode #1: comm syz.1.172: iget: illegal inode #
[  130.331299][ T5036] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.172: error while reading EA inode 1 err=-117
[  130.389378][ T5036] EXT4-fs (loop1): 1 orphan inode deleted
[  130.409014][ T5036] EXT4-fs (loop1): mounted filesystem without journal. Opts: minixdf,stripe=0x0000000000000003,norecovery,noinit_itable,max_batch_time=0x0000000000000006,minixdf,usrjquota=,debug_want_extra_isize=0x000000000000005c,errors=continue,dioread_lock,noblock_validity,noquota,,errors=continue. Quota mode: none.
[  130.464302][ T5047] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  130.481564][ T5047] device syzkaller0 entered promiscuous mode
[  130.507845][ T5047] tipc: Resetting bearer <eth:syzkaller0>
[  130.536243][ T5046] tipc: Resetting bearer <eth:syzkaller0>
[  130.541726][  T150] block nbd0: Possible stuck request ffff8880209a0000: control (read@0,4096B). Runtime 30 seconds
[  130.545716][ T5029] loop5: detected capacity change from 0 to 32768
[  130.599903][ T5036] trusted_key: encrypted_key: master key parameter 'user:' is invalid
[  130.656158][ T5046] tipc: Disabling bearer <eth:syzkaller0>
[  130.732321][ T5029] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm
[  130.769767][ T5050] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  130.792071][ T5029] BTRFS info (device loop5): use zlib compression, level 3
[  130.800542][ T5050] device syzkaller0 entered promiscuous mode
[  130.820563][ T5029] BTRFS info (device loop5): using free space tree
[  130.825282][ T4184] EXT4-fs error (device loop1): ext4_readdir:263: inode #2: block 13: comm syz-executor: path /34/file0: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0
[  130.840764][ T5029] BTRFS info (device loop5): has skinny extents
[  130.887931][ T5050] tipc: Resetting bearer <eth:syzkaller0>
[  130.910567][ T5049] tipc: Resetting bearer <eth:syzkaller0>
[  131.083356][ T5049] tipc: Disabling bearer <eth:syzkaller0>
[  131.186457][ T5062] autofs4:pid:5062:autofs_fill_super: called with bogus options
[  131.897837][ T5066] loop3: detected capacity change from 0 to 1024
[  131.985126][ T5068] loop2: detected capacity change from 0 to 8192
[  132.001173][ T5066] EXT4-fs (loop3): Ignoring removed nobh option
[  132.083348][ T5066] EXT4-fs error (device loop3): ext4_ext_check_inode:501: inode #11: comm syz.3.179: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[  132.153965][ T5066] EXT4-fs error (device loop3): ext4_orphan_get:1406: comm syz.3.179: couldn't read orphan inode 11 (err -117)
[  132.215529][ T5029] BTRFS info (device loop5): enabling ssd optimizations
[  132.233745][ T5066] EXT4-fs (loop3): mounted filesystem without journal. Opts: sysvgroups,noload,nobh,noload,nolazytime,norecovery,errors=continue,quota,,errors=continue. Quota mode: writeback.
[  132.345521][ T5066] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:476: comm syz.3.179: Invalid block bitmap block 0 in block_group 0
[  132.404132][ T5066] Quota error (device loop3): write_blk: dquota write failed
[  132.417902][ T4368] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.452395][ T5081] loop4: detected capacity change from 0 to 4096
[  132.483010][ T5066] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  132.526943][ T5081] ntfs3: loop4: Different NTFS' sector size (1024) and media sector size (512)
[  132.556061][ T5066] EXT4-fs error (device loop3): ext4_acquire_dquot:6209: comm syz.3.179: Failed to acquire dquot type 0
[  132.645638][ T4368] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.651165][ T4319] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  132.837706][ T4368] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  133.012494][ T4368] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  133.104877][ T1423] ieee802154 phy0 wpan0: encryption failed: -22
[  133.114976][ T4319] usb 4-1: New USB device found, idVendor=046d, idProduct=08b6, bcdDevice=ca.8e
[  133.129034][ T1423] ieee802154 phy1 wpan1: encryption failed: -22
[  133.150842][ T4319] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  133.213518][ T4319] pwc: Logitech/Cisco VT Camera webcam detected.
[  133.373720][ T5090] syz.4.182 (5090) used greatest stack depth: 20752 bytes left
[  133.491041][ T4959] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  133.510790][ T4319] pwc: Failed to set LED on/off time (-71)
[  133.544788][ T4319] pwc: send_video_command error -71
[  133.581929][ T4319] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  133.633205][ T4319] Philips webcam: probe of 4-1:127.0 failed with error -71
[  133.647631][ T4319] usb 4-1: USB disconnect, device number 4
[  133.745379][ T5096] chnl_net:caif_netlink_parms(): no params data found
[  133.761348][ T4959] usb 3-1: Using ep0 maxpacket: 32
[  133.884266][ T4959] usb 3-1: config 0 has no interfaces?
[  133.890208][ T4959] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  133.920749][ T4959] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  133.941791][ T4959] usb 3-1: config 0 descriptor??
[  135.075587][ T5136] FAULT_INJECTION: forcing a failure.
[  135.075587][ T5136] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  135.110346][ T5136] CPU: 0 PID: 5136 Comm: syz.3.190 Not tainted syzkaller #0
[  135.117934][ T5136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  135.118770][ T4368] tipc: Left network mode
[  135.128273][ T5136] Call Trace:
[  135.128283][ T5136]  <TASK>
[  135.128292][ T5136]  dump_stack_lvl+0x168/0x230
[  135.128324][ T5136]  ? show_regs_print_info+0x20/0x20
[  135.128348][ T5136]  ? load_image+0x3b0/0x3b0
[  135.128372][ T5136]  ? __lock_acquire+0x7c60/0x7c60
[  135.128403][ T5136]  should_fail+0x38c/0x4c0
[  135.128432][ T5136]  _copy_from_user+0x2e/0x170
[  135.128454][ T5136]  iovec_from_user+0x142/0x370
[  135.128481][ T5136]  __import_iovec+0x70/0x490
[  135.128509][ T5136]  import_iovec+0x6f/0xa0
[  135.128534][ T5136]  ___sys_sendmsg+0x1b9/0x260
[  135.128565][ T5136]  ? __sys_sendmsg+0x250/0x250
[  135.128599][ T5136]  ? vfs_write+0x84d/0xd00
[  135.128635][ T5136]  ? __fdget+0x18b/0x210
[  135.128657][ T5136]  __se_sys_sendmsg+0x190/0x250
[  135.128682][ T5136]  ? __x64_sys_sendmsg+0x80/0x80
[  135.128703][ T5136]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  135.128739][ T5136]  ? lockdep_hardirqs_on+0x94/0x140
[  135.128765][ T5136]  do_syscall_64+0x4c/0xa0
[  135.128783][ T5136]  ? clear_bhb_loop+0x30/0x80
[  135.128803][ T5136]  ? clear_bhb_loop+0x30/0x80
[  135.128825][ T5136]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  135.128846][ T5136] RIP: 0033:0x7f979528eec9
[  135.128866][ T5136] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  135.128883][ T5136] RSP: 002b:00007f97934f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  135.128907][ T5136] RAX: ffffffffffffffda RBX: 00007f97954e5fa0 RCX: 00007f979528eec9
[  135.128923][ T5136] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003
[  135.128936][ T5136] RBP: 00007f97934f6090 R08: 0000000000000000 R09: 0000000000000000
[  135.128949][ T5136] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  135.128962][ T5136] R13: 00007f97954e6038 R14: 00007f97954e5fa0 R15: 00007ffd6ad1f398
[  135.128991][ T5136]  </TASK>
[  135.341083][   T23] Bluetooth: hci0: command 0x0409 tx timeout
[  135.349507][ T5096] bridge0: port 1(bridge_slave_0) entered blocking state
[  135.360220][ T4256] usb 3-1: USB disconnect, device number 5
[  135.382336][ T5096] bridge0: port 1(bridge_slave_0) entered disabled state
[  135.404807][ T5096] device bridge_slave_0 entered promiscuous mode
[  135.444925][ T5096] bridge0: port 2(bridge_slave_1) entered blocking state
[  135.485219][ T5096] bridge0: port 2(bridge_slave_1) entered disabled state
[  135.515105][ T5096] device bridge_slave_1 entered promiscuous mode
[  136.390439][ T5096] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  136.432099][ T5147] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  136.461453][ T5096] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  136.481994][ T5152] netlink: 'syz.2.193': attribute type 1 has an invalid length.
[  136.505554][ T5152] netlink: 232 bytes leftover after parsing attributes in process `syz.2.193'.
[  136.538182][ T5147] tipc: Disabling bearer <eth:syzkaller0>
[  136.584694][ T5096] team0: Port device team_slave_0 added
[  136.621372][ T5096] team0: Port device team_slave_1 added
[  136.664696][ T5138] loop4: detected capacity change from 0 to 32768
[  136.771435][ T5138] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  136.830415][ T5138] BTRFS info (device loop4): enabling auto defrag
[  136.846286][ T5096] batman_adv: batadv0: Adding interface: batadv_slave_0
[  136.872557][ T5096] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  136.911981][ T5138] BTRFS error (device loop4): unrecognized mount option 'max_inline='
[  136.979409][ T5138] BTRFS error (device loop4): open_ctree failed: -22
[  137.002567][ T5096] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  137.015243][ T4615] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 scanned by udevd (4615)
[  137.097046][ T5138] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
[  137.125483][ T5096] batman_adv: batadv0: Adding interface: batadv_slave_1
[  137.143521][ T5096] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  137.319624][ T5096] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  137.347174][ T5173] loop2: detected capacity change from 0 to 4096
[  138.025184][ T5173] ntfs: volume version 3.1.
[  138.090583][ T4959] Bluetooth: hci0: command 0x041b tx timeout
[  138.267259][ T5191] netlink: 40 bytes leftover after parsing attributes in process `syz.5.201'.
[  138.331116][ T5191] netlink: 4 bytes leftover after parsing attributes in process `syz.5.201'.
[  138.362695][ T5096] device hsr_slave_0 entered promiscuous mode
[  138.425297][ T5096] device hsr_slave_1 entered promiscuous mode
[  138.453632][ T5096] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  138.512751][ T5096] Cannot create hsr debugfs directory
[  138.565690][ T5161] loop3: detected capacity change from 0 to 40427
[  138.614000][ T5161] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  138.632448][ T5161] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  138.722843][ T5161] F2FS-fs (loop3): Found nat_bits in checkpoint
[  138.948686][ T5161] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  138.968472][ T5205] loop2: detected capacity change from 0 to 1024
[  138.975692][ T5161] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  139.023511][ T5161] netlink: 'syz.3.197': attribute type 1 has an invalid length.
[  139.121997][ T5161] fscrypt (loop3, inode 3): Error -61 getting encryption context
[  139.414984][   T23] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  140.192058][ T4960] Bluetooth: hci0: command 0x040f tx timeout
[  140.240847][   T23] usb 5-1: Using ep0 maxpacket: 32
[  140.360938][   T23] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 36
[  140.463868][ T4368] device hsr_slave_0 left promiscuous mode
[  140.485818][ T4368] device hsr_slave_1 left promiscuous mode
[  140.545631][   T23] usb 5-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  140.562639][ T4368] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  140.564711][   T23] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  140.579291][   T23] usb 5-1: Product: syz
[  140.591053][ T4368] batman_adv: batadv0: Removing interface: batadv_slave_0
[  140.609100][   T23] usb 5-1: Manufacturer: syz
[  140.615866][   T23] usb 5-1: SerialNumber: syz
[  140.632035][ T4368] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  140.639710][ T4368] batman_adv: batadv0: Removing interface: batadv_slave_1
[  140.646111][   T23] usb 5-1: config 0 descriptor??
[  140.691099][ T5203] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  140.699426][ T4368] device bridge_slave_1 left promiscuous mode
[  140.713008][ T4368] bridge0: port 2(bridge_slave_1) entered disabled state
[  140.731689][   T23] hub 5-1:0.0: bad descriptor, ignoring hub
[  140.740276][   T23] hub: probe of 5-1:0.0 failed with error -5
[  140.768029][   T23] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input5
[  140.788749][ T4368] device bridge_slave_0 left promiscuous mode
[  140.845853][ T4368] bridge0: port 1(bridge_slave_0) entered disabled state
[  140.985825][ T4256] usb 5-1: USB disconnect, device number 3
[  140.990769][    C1] usbtouchscreen 5-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  141.036412][ T4368] device bond0 left promiscuous mode
[  141.069352][ T4368] device bond_slave_0 left promiscuous mode
[  141.075814][ T4368] device bond_slave_1 left promiscuous mode
[  141.094202][ T4368] device veth1_macvtap left promiscuous mode
[  141.106079][ T4368] device veth0_macvtap left promiscuous mode
[  141.114494][ T4368] device veth1_vlan left promiscuous mode
[  141.126039][ T4368] device veth0_vlan left promiscuous mode
[  141.436795][ T4368] team0 (unregistering): Port device team_slave_1 removed
[  141.453882][ T4368] team0 (unregistering): Port device team_slave_0 removed
[  141.476061][ T4368] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  141.493074][ T4368] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  141.622001][ T4368] bond0 (unregistering): Released all slaves
[  141.699849][ T5218] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  141.707146][ T5219] device syzkaller0 entered promiscuous mode
[  141.707589][ T5232] netlink: 'syz.5.207': attribute type 1 has an invalid length.
[  141.742217][ T5232] netlink: 232 bytes leftover after parsing attributes in process `syz.5.207'.
[  141.820762][ T5234] netlink: 48 bytes leftover after parsing attributes in process `syz.4.209'.
[  141.843863][ T5218] tipc: Resetting bearer <eth:syzkaller0>
[  141.956499][ T5218] tipc: Disabling bearer <eth:syzkaller0>
[  142.003159][ T5096] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  142.025027][ T5096] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  142.041742][ T5096] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  142.070230][ T5096] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  142.121453][ T5243] tipc: Started in network mode
[  142.151546][ T5243] tipc: Node identity 7e85d51bbc68, cluster identity 4711
[  142.159270][ T5243] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  142.266842][ T4960] Bluetooth: hci0: command 0x0419 tx timeout
[  142.877356][ T5238] tipc: Resetting bearer <eth:syzkaller0>
[  142.915924][ T5237] tipc: Disabling bearer <eth:syzkaller0>
[  142.990840][ T5258] sch_tbf: burst 2 is lower than device syzkaller0 mtu (1514) !
[  143.034091][ T5258] device syzkaller0 entered promiscuous mode
[  143.171308][ T5261] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  143.230261][ T5263] device syzkaller0 entered promiscuous mode
[  143.318771][ T5271] loop2: detected capacity change from 0 to 2048
[  143.352447][ T5261] tipc: Resetting bearer <eth:syzkaller0>
[  143.372956][ T5275] FAT-fs (loop3): Unrecognized mount option "iocharset<cp860" or missing value
[  143.451826][ T5257] tipc: Resetting bearer <eth:syzkaller0>
[  143.485889][ T5257] tipc: Disabling bearer <eth:syzkaller0>
[  143.494664][ T5271] UDF-fs: bad mount option "gid=¥ªÉ€ŸÚñAѨ´÷˜�
[  143.494664][ T5271] !2J�Ô©»=ÔÒAi" or missing value
[  143.583261][ T5096] 8021q: adding VLAN 0 to HW filter on device bond0
[  143.713897][ T4381] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  143.745510][ T4381] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  143.757940][ T5287] netlink: 'syz.3.220': attribute type 1 has an invalid length.
[  143.804851][ T5096] 8021q: adding VLAN 0 to HW filter on device team0
[  143.821577][ T5287] netlink: 232 bytes leftover after parsing attributes in process `syz.3.220'.
[  143.867167][ T4381] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  143.886928][ T4381] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  143.940911][ T4381] bridge0: port 1(bridge_slave_0) entered blocking state
[  143.948378][ T4381] bridge0: port 1(bridge_slave_0) entered forwarding state
[  144.012223][ T5291] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  144.032416][ T5292] device syzkaller0 entered promiscuous mode
[  144.066730][ T4381] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  144.092440][ T4381] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  144.124506][ T4381] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  144.170356][ T4381] bridge0: port 2(bridge_slave_1) entered blocking state
[  144.177946][ T4381] bridge0: port 2(bridge_slave_1) entered forwarding state
[  144.252541][ T4381] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  144.272994][ T4381] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  144.323224][ T4381] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  144.368958][ T4381] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  144.414400][ T4381] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  144.438161][ T5279] loop5: detected capacity change from 0 to 32768
[  144.443603][ T4381] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  144.489311][ T5096] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  144.511152][ T5096] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  144.545826][ T5292] tipc: Resetting bearer <eth:syzkaller0>
[  144.601752][ T5279] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop5 scanned by syz.5.219 (5279)
[  144.648187][ T5292] tipc: Disabling bearer <eth:syzkaller0>
[  144.670323][ T5279] BTRFS info (device loop5): using blake2b (blake2b-256-generic) checksum algorithm
[  144.681081][ T5279] BTRFS info (device loop5): using free space tree
[  144.696989][ T4381] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  144.706333][ T4381] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  144.720946][ T5279] BTRFS info (device loop5): has skinny extents
[  144.756882][ T4381] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  144.774182][ T4381] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  144.783584][ T4381] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  144.793064][ T4381] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  144.934919][ T5279] BTRFS info (device loop5): enabling ssd optimizations
[  144.979069][ T5279] BTRFS warning (device loop5): can't set the mixed_backref feature bit while mounted
[  145.570948][ T5330] netlink: 'syz.4.225': attribute type 3 has an invalid length.
[  145.671219][ T5330] netlink: 'syz.4.225': attribute type 1 has an invalid length.
[  145.679665][ T5330] netlink: 4300 bytes leftover after parsing attributes in process `syz.4.225'.
[  146.608063][ T5336] loop4: detected capacity change from 0 to 128
[  146.809559][ T4850] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  146.846869][ T4850] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  146.899061][ T5096] 8021q: adding VLAN 0 to HW filter on device batadv0
[  147.234167][ T5342] autofs4:pid:5342:autofs_fill_super: called with bogus options
[  148.000899][ T5356] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  148.013519][ T5370] loop5: detected capacity change from 0 to 64
[  148.022893][ T5129] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  148.059955][ T5129] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  148.132134][ T4850] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  148.152021][ T4850] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  148.203846][ T5096] device veth0_vlan entered promiscuous mode
[  148.226687][ T5356] usb 4-1: device descriptor read/64, error -71
[  148.248633][ T4850] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  148.262565][ T4850] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  148.305340][ T5096] device veth1_vlan entered promiscuous mode
[  148.357407][ T5370] trusted_key: encrypted_key: master key parameter 'trusted:' is invalid
[  148.381006][ T5378] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  148.412318][ T5378] device syzkaller0 entered promiscuous mode
[  148.432746][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  148.444915][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  148.454466][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  148.464840][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  148.485140][ T5096] device veth0_macvtap entered promiscuous mode
[  148.502149][ T5356] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  148.527660][ T5096] device veth1_macvtap entered promiscuous mode
[  148.561307][   T23] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  148.603235][ T5377] tipc: Resetting bearer <eth:syzkaller0>
[  148.778635][ T5377] tipc: Disabling bearer <eth:syzkaller0>
[  148.846420][ T5356] usb 4-1: device descriptor read/64, error -71
[  148.971294][   T23] usb 5-1: Using ep0 maxpacket: 16
[  148.978305][ T5356] usb usb4-port1: attempt power cycle
[  149.001564][ T5390] netlink: 'syz.5.235': attribute type 3 has an invalid length.
[  149.039234][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  149.292063][   T23] usb 5-1: New USB device found, idVendor=1a0a, idProduct=0104, bcdDevice=dd.d4
[  149.309919][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  149.346666][   T23] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  149.819363][ T5356] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  149.935458][ T5096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  149.949719][   T23] usb 5-1: Product: syz
[  149.965699][   T23] usb 5-1: Manufacturer: syz
[  149.971858][ T5096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  149.986212][   T23] usb 5-1: SerialNumber: syz
[  150.004717][   T23] usb 5-1: config 0 descriptor??
[  150.011515][ T5096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  150.056073][   T23] usb_ehset_test: probe of 5-1:0.0 failed with error -32
[  150.063574][ T5096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  150.073855][ T5096] batman_adv: batadv0: Interface activated: batadv_slave_0
[  150.203781][ T5356] usb 4-1: device not accepting address 7, error -71
[  150.231877][ T5096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  150.333074][ T5096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  150.350752][ T5096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  150.843781][ T5405] autofs4:pid:5405:autofs_fill_super: called with bogus options
[  150.943549][ T5096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  150.981464][ T5361] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  151.004863][ T5096] batman_adv: batadv0: Interface activated: batadv_slave_1
[  151.036754][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  151.050311][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  151.075218][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  151.102960][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  151.133378][ T5399] netlink: 48 bytes leftover after parsing attributes in process `syz.3.237'.
[  151.155966][ T5096] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  151.177234][ T5096] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  151.286819][ T5096] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  151.296658][ T5096] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  151.311017][ T5361] usb 6-1: Using ep0 maxpacket: 16
[  151.320048][ T4959] usb 5-1: USB disconnect, device number 4
[  151.359052][ T5408] sch_tbf: burst 2 is lower than device syzkaller0 mtu (1514) !
[  151.394782][ T5410] netlink: 'syz.2.240': attribute type 3 has an invalid length.
[  151.430549][ T5408] device syzkaller0 entered promiscuous mode
[  151.440954][ T5361] usb 6-1: config 0 has an invalid interface number: 105 but max is 0
[  151.456900][ T5361] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  151.472327][ T5361] usb 6-1: config 0 has no interface number 0
[  151.521682][ T5412] netlink: 'syz.4.241': attribute type 1 has an invalid length.
[  151.559774][ T5412] netlink: 232 bytes leftover after parsing attributes in process `syz.4.241'.
[  151.661394][ T5361] usb 6-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  151.694135][ T5361] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  151.714821][ T4850] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  151.743705][ T4850] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  151.756046][ T5361] usb 6-1: Product: syz
[  151.760632][ T5361] usb 6-1: Manufacturer: syz
[  151.794208][ T5361] usb 6-1: SerialNumber: syz
[  151.804809][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  151.817788][ T5361] usb 6-1: config 0 descriptor??
[  151.925615][ T4303] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  151.980894][ T4303] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  152.043164][ T5361] usb 6-1: Found UVC 0.00 device syz (046d:08f3)
[  152.061749][ T5361] usb 6-1: No valid video chain found.
[  152.088638][ T4431] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  152.903665][ T5437] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  152.931424][ T5439] FAULT_INJECTION: forcing a failure.
[  152.931424][ T5439] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  152.934696][   T23] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  152.969203][ T5441] device syzkaller0 entered promiscuous mode
[  152.972739][ T5439] CPU: 0 PID: 5439 Comm: syz.6.184 Not tainted syzkaller #0
[  152.983969][ T5439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  152.994795][ T5439] Call Trace:
[  152.998282][ T5439]  <TASK>
[  153.001750][ T5439]  dump_stack_lvl+0x168/0x230
[  153.007602][ T5439]  ? show_regs_print_info+0x20/0x20
[  153.013953][ T5439]  ? load_image+0x3b0/0x3b0
[  153.019911][ T5439]  ? __lock_acquire+0x7c60/0x7c60
[  153.026510][ T5439]  should_fail+0x38c/0x4c0
[  153.031356][ T5439]  _copy_from_user+0x2e/0x170
[  153.036824][ T5439]  __copy_msghdr_from_user+0xaf/0x5e0
[  153.042786][ T5439]  ? verify_lock_unused+0x140/0x140
[  153.048840][ T5439]  ? __ia32_sys_shutdown+0x1d0/0x1d0
[  153.054553][ T5439]  ___sys_sendmsg+0x156/0x260
[  153.060812][ T5439]  ? __sys_sendmsg+0x250/0x250
[  153.067791][ T5439]  ? vfs_write+0x84d/0xd00
[  153.074667][ T5439]  ? __fdget+0x18b/0x210
[  153.079532][ T5439]  __se_sys_sendmsg+0x190/0x250
[  153.085496][ T5439]  ? __x64_sys_sendmsg+0x80/0x80
[  153.090019][ T5430] loop4: detected capacity change from 0 to 8192
[  153.091681][ T5439]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  153.091731][ T5439]  ? lockdep_hardirqs_on+0x94/0x140
[  153.091757][ T5439]  do_syscall_64+0x4c/0xa0
[  153.091775][ T5439]  ? clear_bhb_loop+0x30/0x80
[  153.091794][ T5439]  ? clear_bhb_loop+0x30/0x80
[  153.091816][ T5439]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  153.091837][ T5439] RIP: 0033:0x7fc28b265ec9
[  153.137477][ T5439] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  153.158822][ T5439] RSP: 002b:00007fc2894cd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  153.168251][ T5439] RAX: ffffffffffffffda RBX: 00007fc28b4bcfa0 RCX: 00007fc28b265ec9
[  153.176961][ T5439] RDX: 0000000000008000 RSI: 0000200000000040 RDI: 0000000000000005
[  153.185786][ T5439] RBP: 00007fc2894cd090 R08: 0000000000000000 R09: 0000000000000000
[  153.194237][ T5439] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  153.202334][ T5439] R13: 00007fc28b4bd038 R14: 00007fc28b4bcfa0 R15: 00007ffd62bd1d98
[  153.210835][ T5439]  </TASK>
[  153.223775][ T5434] tipc: Resetting bearer <eth:syzkaller0>
[  153.281843][ T5434] tipc: Disabling bearer <eth:syzkaller0>
[  153.357014][   T23] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  153.386887][   T23] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  153.409873][   T23] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  153.449482][   T23] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  153.475166][   T23] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  153.501739][ T1111] usb 6-1: USB disconnect, device number 2
[  153.576716][   T23] usb 4-1: config 0 descriptor??
[  153.788397][ T5454] autofs4:pid:5454:autofs_fill_super: called with bogus options
[  153.935566][ T5463] netlink: 'syz.5.252': attribute type 3 has an invalid length.
[  154.009761][ T5464] netlink: 148 bytes leftover after parsing attributes in process `syz.2.250'.
[  154.020608][ T5464] netlink: 56 bytes leftover after parsing attributes in process `syz.2.250'.
[  154.030497][ T5464] netlink: 'syz.2.250': attribute type 1 has an invalid length.
[  154.169377][ T5464] loop2: detected capacity change from 0 to 2048
[  154.249880][   T23] plantronics 0003:047F:FFFF.0006: unbalanced delimiter at end of report description
[  154.335731][ T5464] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024)
[  154.346029][ T5464] NILFS (loop2): mounting unchecked fs
[  154.424477][ T5420] udc-core: couldn't find an available UDC or it's busy
[  154.464669][ T5464] NILFS (loop2): recovery complete
[  154.612226][ T5420] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  154.618016][ T5465] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  154.632330][   T23] plantronics 0003:047F:FFFF.0006: parse failed
[  154.638977][   T23] plantronics: probe of 0003:047F:FFFF.0006 failed with error -22
[  154.643078][ T5461] netlink: 'syz.6.251': attribute type 1 has an invalid length.
[  154.703429][ T5461] netlink: 232 bytes leftover after parsing attributes in process `syz.6.251'.
[  155.030224][   T23] usb 4-1: USB disconnect, device number 9
[  155.136344][ T5475] netlink: 'syz.5.254': attribute type 3 has an invalid length.
[  155.154963][ T5475] netlink: 'syz.5.254': attribute type 1 has an invalid length.
[  155.163623][ T5475] netlink: 4300 bytes leftover after parsing attributes in process `syz.5.254'.
[  155.954893][ T5482] loop6: detected capacity change from 0 to 8
[  156.045251][ T5482] squashfs: Unknown parameter ''
[  156.146127][ T5495] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  156.407827][ T5494] loop3: detected capacity change from 0 to 4096
[  157.517397][ T5494] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  157.575825][ T5515] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  157.656140][ T5519] device syzkaller0 entered promiscuous mode
[  157.740031][   T23] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  157.804359][ T5494] fs-verity: sha256 using implementation "sha256-avx2"
[  157.832222][ T5515] tipc: Resetting bearer <eth:syzkaller0>
[  157.946446][ T5513] tipc: Resetting bearer <eth:syzkaller0>
[  158.100037][ T5513] tipc: Disabling bearer <eth:syzkaller0>
[  158.730870][   T23] usb 7-1: Using ep0 maxpacket: 16
[  158.946605][ T5485] loop5: detected capacity change from 0 to 32768
[  159.021690][   T23] usb 7-1: config 0 has an invalid interface number: 105 but max is 0
[  159.086554][ T5534] netlink: 148 bytes leftover after parsing attributes in process `syz.2.263'.
[  159.099143][ T5534] netlink: 56 bytes leftover after parsing attributes in process `syz.2.263'.
[  159.111248][ T5534] netlink: 'syz.2.263': attribute type 1 has an invalid length.
[  159.267517][ T5534] loop2: detected capacity change from 0 to 2048
[  159.414694][ T5534] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024)
[  159.425005][ T5534] NILFS (loop2): mounting unchecked fs
[  159.582869][ T5534] NILFS (loop2): recovery complete
[  159.668472][ T5535] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  159.713818][   T23] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  159.886843][   T23] usb 7-1: config 0 has no interface number 0
[  160.204747][   T23] usb 7-1: string descriptor 0 read error: -71
[  160.239944][   T23] usb 7-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  160.328606][ T5550] netlink: 'syz.6.270': attribute type 1 has an invalid length.
[  160.387062][ T5550] netlink: 232 bytes leftover after parsing attributes in process `syz.6.270'.
[  160.481217][   T23] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  160.501891][   T23] usb 7-1: config 0 descriptor??
[  160.521532][   T23] usb 7-1: can't set config #0, error -71
[  160.551184][   T23] usb 7-1: USB disconnect, device number 2
[  160.994296][ T5552] netlink: 'syz.2.268': attribute type 3 has an invalid length.
[  161.003540][ T5552] netlink: 'syz.2.268': attribute type 1 has an invalid length.
[  161.012856][ T5552] netlink: 4300 bytes leftover after parsing attributes in process `syz.2.268'.
[  161.089375][  T150] block nbd0: Possible stuck request ffff8880209a0000: control (read@0,4096B). Runtime 60 seconds
[  161.407873][ T5567] loop6: detected capacity change from 0 to 8
[  161.436169][ T5571] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  161.473988][ T5571] device syzkaller0 entered promiscuous mode
[  161.627696][ T5571] tipc: Resetting bearer <eth:syzkaller0>
[  161.675445][ T5570] tipc: Resetting bearer <eth:syzkaller0>
[  162.134392][ T5586] netlink: 148 bytes leftover after parsing attributes in process `syz.2.279'.
[  162.145254][ T5586] netlink: 56 bytes leftover after parsing attributes in process `syz.2.279'.
[  162.155372][ T5586] netlink: 'syz.2.279': attribute type 1 has an invalid length.
[  162.198143][ T5586] loop2: detected capacity change from 0 to 2048
[  162.293773][ T5586] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024)
[  162.306178][ T5586] NILFS (loop2): mounting unchecked fs
[  162.953423][ T5589] loop5: detected capacity change from 0 to 128
[  162.962409][ T5570] tipc: Disabling bearer <eth:syzkaller0>
[  162.971064][ T5586] NILFS (loop2): recovery complete
[  162.990084][ T5590] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  163.329325][ T5589] FAT-fs (loop5): error, corrupted directory (invalid entries)
[  163.340760][ T5589] FAT-fs (loop5): Filesystem has been set read-only
[  165.081330][ T5623] netlink: 'syz.3.286': attribute type 3 has an invalid length.
[  165.181509][ T5624] autofs4:pid:5624:autofs_fill_super: called with bogus options
[  165.190197][ T5623] netlink: 'syz.3.286': attribute type 1 has an invalid length.
[  165.198145][ T5623] netlink: 4300 bytes leftover after parsing attributes in process `syz.3.286'.
[  165.797736][ T1111] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  165.825243][ T5613] netlink: 'syz.6.283': attribute type 1 has an invalid length.
[  165.901167][ T5613] netlink: 232 bytes leftover after parsing attributes in process `syz.6.283'.
[  167.054723][ T1111] usb 3-1: Using ep0 maxpacket: 16
[  167.121098][ T1111] usb 3-1: device descriptor read/all, error -71
[  167.152271][ T5636] device syzkaller0 entered promiscuous mode
[  167.168869][ T5649] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  167.201759][ T5649] device syzkaller0 entered promiscuous mode
[  167.288340][ T5649] tipc: Resetting bearer <eth:syzkaller0>
[  167.349617][ T5641] tipc: Resetting bearer <eth:syzkaller0>
[  167.434595][ T5641] tipc: Disabling bearer <eth:syzkaller0>
[  167.462290][ T5654] netlink: 148 bytes leftover after parsing attributes in process `syz.2.292'.
[  167.475479][ T5654] netlink: 56 bytes leftover after parsing attributes in process `syz.2.292'.
[  167.487755][ T5654] netlink: 'syz.2.292': attribute type 1 has an invalid length.
[  167.636583][ T5654] loop2: detected capacity change from 0 to 2048
[  167.776523][ T5654] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024)
[  167.791487][ T5654] NILFS (loop2): mounting unchecked fs
[  168.115282][ T5654] NILFS (loop2): recovery complete
[  168.129750][ T5656] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  168.316342][ T5662] sch_tbf: burst 2 is lower than device syzkaller0 mtu (1514) !
[  168.332267][ T5659] loop3: detected capacity change from 0 to 8
[  168.398240][ T5662] device syzkaller0 entered promiscuous mode
[  169.116448][ T5672] loop2: detected capacity change from 0 to 512
[  169.866695][ T5672] EXT4-fs (loop2): Ignoring removed nobh option
[  169.873681][ T5672] EXT4-fs (loop2): Ignoring removed mblk_io_submit option
[  169.902150][ T5672] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2
[  169.914889][ T5672] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.297: invalid indirect mapped block 256 (level 1)
[  169.935132][ T5672] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.297: invalid indirect mapped block 2683928664 (level 1)
[  169.957012][ T5672] EXT4-fs (loop2): 1 truncate cleaned up
[  169.963163][ T5672] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,dioread_lock,nobh,noinit_itable,acl,usrjquota=.grpquota,nodiscard,jqfmt=vfsv0,mblk_io_submit,,,errors=continue. Quota mode: writeback.
[  170.275908][ T5685] autofs4:pid:5685:autofs_fill_super: called with bogus options
[  170.296704][ T5683] loop6: detected capacity change from 0 to 1024
[  170.304810][ T5687] device syzkaller0 entered promiscuous mode
[  170.399859][ T5690] loop3: detected capacity change from 0 to 1024
[  170.425621][ T5694] netlink: 'syz.2.302': attribute type 11 has an invalid length.
[  170.483305][ T5683] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  170.493061][ T5690] attempt to access beyond end of device
[  170.493061][ T5690] loop3: rw=0, want=5780, limit=1024
[  170.508246][ T5690] attempt to access beyond end of device
[  170.508246][ T5690] loop3: rw=0, want=5780, limit=1024
[  170.521581][ T5690] attempt to access beyond end of device
[  170.521581][ T5690] loop3: rw=0, want=5780, limit=1024
[  170.620218][ T5689] attempt to access beyond end of device
[  170.620218][ T5689] loop3: rw=0, want=5780, limit=1024
[  170.993902][ T5710] loop3: detected capacity change from 0 to 512
[  171.796163][ T5710] EXT4-fs (loop3): Ignoring removed bh option
[  171.810900][ T5710] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  171.829085][ T5722] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  171.872839][ T5710] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  171.916613][ T5722] device syzkaller0 entered promiscuous mode
[  171.991862][ T5721] sch_tbf: burst 2 is lower than device syzkaller0 mtu (1514) !
[  171.999790][ T5710] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem
[  172.064296][ T5710] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended
[  172.114998][ T5721] device syzkaller0 entered promiscuous mode
[  172.115195][ T5710] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006]
[  172.141427][ T5721] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready
[  172.152936][ T5710] EXT4-fs (loop3): mounted filesystem without journal. Opts: discard,bh,noblock_validity,,errors=continue. Quota mode: none.
[  172.214203][ T5710] netlink: 16 bytes leftover after parsing attributes in process `syz.3.304'.
[  172.237128][ T5722] tipc: Resetting bearer <eth:syzkaller0>
[  172.294617][ T5731] loop6: detected capacity change from 0 to 8
[  172.310508][ T5719] tipc: Resetting bearer <eth:syzkaller0>
[  172.358966][ T5719] tipc: Disabling bearer <eth:syzkaller0>
[  172.491641][ T5731] cramfs: Unknown parameter '@
'
[  172.564576][ T4669] udevd[4669]: incorrect cramfs checksum on /dev/loop6
[  173.222392][ T5746] loop5: detected capacity change from 0 to 8
[  173.404623][ T5731] loop6: detected capacity change from 0 to 512
[  173.492895][ T5731] EXT4-fs (loop6): Test dummy encryption mode enabled
[  173.505342][ T5731] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  173.571001][ T5731] EXT4-fs (loop6): invalid inodes per group: 825360416
[  173.571001][ T5731] 
[  173.584170][ T5758] device syzkaller0 entered promiscuous mode
[  173.723687][ T5769] FAULT_INJECTION: forcing a failure.
[  173.723687][ T5769] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  173.760804][ T5769] CPU: 0 PID: 5769 Comm: syz.3.317 Not tainted syzkaller #0
[  173.769233][ T5769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  173.781266][ T5769] Call Trace:
[  173.784843][ T5769]  <TASK>
[  173.788853][ T5769]  dump_stack_lvl+0x168/0x230
[  173.794540][ T5769]  ? show_regs_print_info+0x20/0x20
[  173.801466][ T5769]  ? load_image+0x3b0/0x3b0
[  173.806843][ T5769]  ? __lock_acquire+0x7c60/0x7c60
[  173.812297][ T5769]  should_fail+0x38c/0x4c0
[  173.817048][ T5769]  _copy_from_iter+0x22a/0x1150
[  173.822143][ T5769]  ? __lock_acquire+0x7c60/0x7c60
[  173.827240][ T5769]  ? copy_mc_pipe_to_iter+0x7d0/0x7d0
[  173.833731][ T5769]  ? __virt_addr_valid+0x3c6/0x470
[  173.839019][ T5769]  ? __phys_addr+0xb6/0x170
[  173.843941][ T5769]  ? __phys_addr_symbol+0x2b/0x70
[  173.849171][ T5769]  ? __check_object_size+0x30c/0x410
[  173.854484][ T5769]  netlink_sendmsg+0x749/0xbc0
[  173.859277][ T5769]  ? netlink_getsockopt+0x560/0x560
[  173.864501][ T5769]  ? aa_sock_msg_perm+0x94/0x150
[  173.869543][ T5769]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  173.875049][ T5769]  ? security_socket_sendmsg+0x7c/0xa0
[  173.880844][ T5769]  ? netlink_getsockopt+0x560/0x560
[  173.886408][ T5769]  ____sys_sendmsg+0x5a2/0x8c0
[  173.891843][ T5769]  ? memset+0x1e/0x40
[  173.896380][ T5769]  ? __sys_sendmsg_sock+0x30/0x30
[  173.902361][ T5769]  ? import_iovec+0x6f/0xa0
[  173.908741][ T5769]  ___sys_sendmsg+0x1f0/0x260
[  173.913903][ T5769]  ? __sys_sendmsg+0x250/0x250
[  173.920250][ T5769]  ? vfs_write+0x84d/0xd00
[  173.926042][ T5769]  ? __fdget+0x18b/0x210
[  173.930832][ T5769]  __se_sys_sendmsg+0x190/0x250
[  173.935812][ T5769]  ? __x64_sys_sendmsg+0x80/0x80
[  173.941072][ T5769]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  173.947703][ T5769]  ? lockdep_hardirqs_on+0x94/0x140
[  173.953154][ T5769]  do_syscall_64+0x4c/0xa0
[  173.957898][ T5769]  ? clear_bhb_loop+0x30/0x80
[  173.962610][ T5769]  ? clear_bhb_loop+0x30/0x80
[  173.967598][ T5769]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  173.973621][ T5769] RIP: 0033:0x7f979528eec9
[  173.978072][ T5769] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  173.999239][ T5769] RSP: 002b:00007f97934f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  174.008527][ T5769] RAX: ffffffffffffffda RBX: 00007f97954e5fa0 RCX: 00007f979528eec9
[  174.017387][ T5769] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  174.025475][ T5769] RBP: 00007f97934f6090 R08: 0000000000000000 R09: 0000000000000000
[  174.033968][ T5769] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  174.042459][ T5769] R13: 00007f97954e6038 R14: 00007f97954e5fa0 R15: 00007ffd6ad1f398
[  174.050876][ T5769]  </TASK>
[  174.091214][ T5770] netlink: 40 bytes leftover after parsing attributes in process `syz.4.315'.
[  174.352343][ T5778] netlink: 'syz.2.318': attribute type 3 has an invalid length.
[  174.612492][ T5782] autofs4:pid:5782:autofs_fill_super: called with bogus options
[  174.645591][ T5786] capability: warning: `syz.3.321' uses 32-bit capabilities (legacy support in use)
[  174.665777][ T5784] loop4: detected capacity change from 0 to 512
[  174.710978][ T5784] EXT4-fs (loop4): Journaled quota options ignored when QUOTA feature is enabled
[  174.746729][ T5784] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock
[  174.793871][ T5784] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock
[  174.829963][ T5784] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 1 overlaps superblock
[  174.880228][ T5784] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  174.911016][ T5784] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c042e01c, mo2=0000]
[  174.924688][ T5784] EXT4-fs (loop4): orphan cleanup on readonly fs
[  175.242898][ T5784] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.320: bg 0: block 34: padding at end of block bitmap is not set
[  175.449672][ T5784] Quota error (device loop4): write_blk: dquota write failed
[  175.555705][ T5784] Quota error (device loop4): qtree_write_dquot: Error -28 occurred while creating quota
[  175.828990][ T5784] EXT4-fs error (device loop4): ext4_acquire_dquot:6209: comm syz.4.320: Failed to acquire dquot type 1
[  176.112691][ T5784] EXT4-fs (loop4): 1 truncate cleaned up
[  176.137780][ T5784] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpid,usrjquota=./file0,barrier=0x0000000000000003,noblock_validity,,errors=continue. Quota mode: writeback.
[  176.383175][ T5824] loop5: detected capacity change from 0 to 512
[  176.470475][ T5829] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  176.525884][   T23] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  176.544053][ T5835] device syzkaller0 entered promiscuous mode
[  176.552172][   T23] hid-generic 0000:0000:0000.0007: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  176.566507][ T5824] EXT4-fs error (device loop5): ext4_orphan_get:1427: comm syz.5.329: bad orphan inode 11862016
[  176.599885][ T5824] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  176.610847][ T5361] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  176.658776][ T5824] ext4 filesystem being mounted at /33/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  176.686948][ T5829] tipc: Resetting bearer <eth:syzkaller0>
[  176.744020][ T5827] tipc: Resetting bearer <eth:syzkaller0>
[  176.811903][ T5827] tipc: Disabling bearer <eth:syzkaller0>
[  176.887922][   T26] audit: type=1804 audit(1760447776.130:6): pid=5824 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.329" name="/newroot/33/file1/file1" dev="loop5" ino=18 res=1 errno=0
[  176.971373][ T5361] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  176.990913][ T5361] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  177.005529][ T5842] sch_tbf: burst 2 is lower than device syzkaller0 mtu (1514) !
[  177.025924][ T5842] device syzkaller0 entered promiscuous mode
[  177.030915][ T5361] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  177.060747][ T5361] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  177.184239][ T5361] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  177.199497][ T5361] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  177.228994][ T5361] usb 3-1: Manufacturer: syz
[  177.249842][ T5361] usb 3-1: config 0 descriptor??
[  178.121026][ T5008] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  178.181654][ T5862] device syzkaller0 entered promiscuous mode
[  178.205604][ T5361] appleir 0003:05AC:8243.0008: unknown main item tag 0x0
[  178.229018][ T5361] appleir 0003:05AC:8243.0008: No inputs registered, leaving
[  178.520287][ T5361] appleir 0003:05AC:8243.0008: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0
[  178.543516][ T5864] autofs4:pid:5864:autofs_fill_super: called with bogus options
[  178.585879][ T5008] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  178.616628][ T5008] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  178.675726][ T5361] usb 3-1: USB disconnect, device number 8
[  178.741017][ T5008] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  178.776092][ T5008] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  178.806819][ T5880] fido_id[5880]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  178.819923][ T5008] usb 4-1: SerialNumber: syz
[  179.071796][ T5884] netlink: 'syz.4.337': attribute type 3 has an invalid length.
[  179.168294][ T5890] loop2: detected capacity change from 0 to 2048
[  179.237314][ T5896] loop5: detected capacity change from 0 to 1024
[  179.350268][ T5008] usb 4-1: 0:2 : does not exist
[  179.367997][ T5896] EXT4-fs (loop5): Ignoring removed orlov option
[  179.380805][ T5008] usb 4-1: USB disconnect, device number 10
[  179.980320][ T5890] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  180.073472][ T5890] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  180.156336][ T5908] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  180.193677][ T5896] EXT4-fs (loop5): mounted filesystem without journal. Opts: nolazytime,auto_da_alloc,sysvgroups,norecovery,jqfmt=vfsv0,orlov,nogrpid,noauto_da_alloc,grpid,,errors=continue. Quota mode: none.
[  180.198325][ T5914] sch_tbf: burst 2 is lower than device syzkaller0 mtu (1514) !
[  180.226179][ T5914] device syzkaller0 entered promiscuous mode
[  180.321875][ T4615] udevd[4615]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  180.350956][ T5905] device syzkaller0 entered promiscuous mode
[  180.363139][   T26] audit: type=1800 audit(1760447779.610:7): pid=5920 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.342" name="file1" dev="loop5" ino=15 res=0 errno=0
[  180.447087][ T5921] EXT4-fs (loop5): shut down requested (2)
[  180.454371][ T5905] tipc: Resetting bearer <eth:syzkaller0>
[  180.498556][ T5921] netlink: 48 bytes leftover after parsing attributes in process `syz.5.342'.
[  180.512824][ T5919] mmap: syz.2.341 (5919): VmData 176140288 exceed data ulimit 7. Update limits or use boot option ignore_rlimit_data.
[  180.566348][ T5904] tipc: Resetting bearer <eth:syzkaller0>
[  180.615682][ T5925] loop6: detected capacity change from 0 to 512
[  180.624383][ T5904] tipc: Disabling bearer <eth:syzkaller0>
[  180.760295][ T5925] EXT4-fs error (device loop6): ext4_orphan_get:1427: comm syz.6.345: bad orphan inode 11862016
[  180.788270][ T5925] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  180.855430][ T5925] ext4 filesystem being mounted at /15/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  181.751176][   T26] audit: type=1804 audit(1760447780.990:8): pid=5925 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.345" name="/newroot/15/file1/file1" dev="loop6" ino=18 res=1 errno=0
[  181.868877][ T5947] autofs4:pid:5947:autofs_fill_super: called with bogus options
[  182.096384][ T5956] device syzkaller0 entered promiscuous mode
[  182.366637][ T5964] netlink: 'syz.2.354': attribute type 3 has an invalid length.
[  182.379761][ T5966] bond0: option packets_per_slave: invalid value (16779898)
[  182.433435][ T5966] bond0: option packets_per_slave: allowed values 0 - 65535
[  182.463860][ T5969] sch_tbf: burst 2 is lower than device syzkaller0 mtu (1514) !
[  182.497706][ T5969] device syzkaller0 entered promiscuous mode
[  182.648408][ T5976] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  182.666242][ T5008] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  182.674409][ T5981] device syzkaller0 entered promiscuous mode
[  182.686666][ T5008] hid-generic 0000:0000:0000.0009: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  182.747359][ T5973] tipc: Resetting bearer <eth:syzkaller0>
[  182.809043][ T5973] tipc: Disabling bearer <eth:syzkaller0>
[  183.218469][ T5991] netlink: 'syz.5.361': attribute type 3 has an invalid length.
[  183.363607][ T5994] device syzkaller0 entered promiscuous mode
[  184.404655][ T6005] loop5: detected capacity change from 0 to 512
[  184.495859][ T6005] EXT4-fs (loop5): Journaled quota options ignored when QUOTA feature is enabled
[  184.581214][ T1326] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  184.618651][ T6005] EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock
[  184.654101][ T6005] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock
[  184.719881][ T6019] netlink: 148 bytes leftover after parsing attributes in process `syz.3.366'.
[  184.730726][ T6019] netlink: 56 bytes leftover after parsing attributes in process `syz.3.366'.
[  184.739851][ T6019] netlink: 'syz.3.366': attribute type 1 has an invalid length.
[  184.877674][ T6019] loop3: detected capacity change from 0 to 2048
[  185.038177][ T6005] EXT4-fs (loop5): ext4_check_descriptors: Inode table for group 1 overlaps superblock
[  185.070645][ T6019] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[  185.081094][ T6019] NILFS (loop3): mounting unchecked fs
[  185.172277][ T6019] NILFS (loop3): recovery complete
[  185.309982][ T6020] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  185.357330][ T6005] EXT4-fs (loop5): revision level too high, forcing read-only mode
[  185.368990][ T6005] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c042e01c, mo2=0000]
[  185.383324][ T6005] EXT4-fs (loop5): orphan cleanup on readonly fs
[  185.395520][ T6005] EXT4-fs error (device loop5): ext4_validate_block_bitmap:438: comm syz.5.365: bg 0: block 34: padding at end of block bitmap is not set
[  185.485757][ T6005] Quota error (device loop5): write_blk: dquota write failed
[  185.504426][ T6005] Quota error (device loop5): qtree_write_dquot: Error -28 occurred while creating quota
[  185.581392][ T6005] EXT4-fs error (device loop5): ext4_acquire_dquot:6209: comm syz.5.365: Failed to acquire dquot type 1
[  185.621128][ T1326] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  185.651592][ T6005] EXT4-fs (loop5): 1 truncate cleaned up
[  185.669514][ T1326] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  185.680515][ T6033] tmpfs: Unknown parameter '00000000000000000000003'
[  185.684311][ T6035] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  185.733748][ T6005] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpid,usrjquota=./file0,barrier=0x0000000000000003,noblock_validity,,errors=continue. Quota mode: writeback.
[  185.746414][ T6029] netlink: 'syz.2.369': attribute type 1 has an invalid length.
[  185.820869][ T6029] netlink: 232 bytes leftover after parsing attributes in process `syz.2.369'.
[  185.871133][ T1326] usb 7-1: string descriptor 0 read error: -71
[  185.885241][ T1326] usb 7-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  185.937681][ T1326] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  186.011073][ T1326] usb 7-1: can't set config #1, error -71
[  186.046259][ T1326] usb 7-1: USB disconnect, device number 3
[  186.156967][ T6052] loop5: detected capacity change from 0 to 512
[  186.215626][ T6048] sch_tbf: burst 2 is lower than device syzkaller0 mtu (1514) !
[  186.318633][ T6051] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  186.381618][ T6057] device syzkaller0 entered promiscuous mode
[  186.459037][ T6055] device syzkaller0 entered promiscuous mode
[  186.474956][ T6052] EXT4-fs error (device loop5): ext4_orphan_get:1427: comm syz.5.374: bad orphan inode 11862016
[  186.494686][ T6052] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  186.651407][ T6052] ext4 filesystem being mounted at /44/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  187.112595][ T6049] tipc: Resetting bearer <eth:syzkaller0>
[  187.313888][ T6049] tipc: Disabling bearer <eth:syzkaller0>
[  187.432376][   T26] audit: type=1804 audit(1760447786.670:9): pid=6052 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.374" name="/newroot/44/file1/file1" dev="loop5" ino=18 res=1 errno=0
[  187.798427][ T6082] device syzkaller0 entered promiscuous mode
[  188.100604][ T6091] netlink: 148 bytes leftover after parsing attributes in process `syz.5.379'.
[  188.110412][ T6091] netlink: 56 bytes leftover after parsing attributes in process `syz.5.379'.
[  188.120600][ T6091] netlink: 'syz.5.379': attribute type 1 has an invalid length.
[  188.152729][ T6091] loop5: detected capacity change from 0 to 2048
[  188.192609][ T6088] autofs4:pid:6088:autofs_fill_super: called with bogus options
[  188.938323][ T6089] netlink: 'syz.2.382': attribute type 1 has an invalid length.
[  188.961883][ T6089] netlink: 232 bytes leftover after parsing attributes in process `syz.2.382'.
[  188.998938][ T6091] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024)
[  189.012524][ T6091] NILFS (loop5): mounting unchecked fs
[  189.043608][ T6091] NILFS (loop5): recovery complete
[  189.095923][ T6096] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  189.431469][ T6103] netlink: 'syz.3.385': attribute type 3 has an invalid length.
[  190.132853][ T4960] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  190.268656][ T4960] hid-generic 0000:0000:0000.000A: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  190.468016][ T6115] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  190.495431][ T6115] device syzkaller0 entered promiscuous mode
[  191.171517][ T6115] tipc: Resetting bearer <eth:syzkaller0>
[  191.245118][ T1326] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  191.346866][  T150] block nbd0: Possible stuck request ffff8880209a0000: control (read@0,4096B). Runtime 90 seconds
[  191.377814][ T6113] tipc: Resetting bearer <eth:syzkaller0>
[  191.437191][ T6120] netlink: 'syz.4.383': attribute type 3 has an invalid length.
[  191.594453][ T4256] tipc: Node number set to 3270366491
[  191.618906][ T6113] tipc: Disabling bearer <eth:syzkaller0>
[  191.700270][ T6123] tipc: Started in network mode
[  191.705827][ T6123] tipc: Node identity 5621a90d722f, cluster identity 4711
[  191.745100][ T6123] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  191.779550][ T6127] tipc: Disabling bearer <eth:syzkaller0>
[  191.796430][ T1326] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  191.820889][ T1326] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  191.879826][ T6129] sch_tbf: burst 2 is lower than device syzkaller0 mtu (1514) !
[  191.898656][ T6129] device syzkaller0 entered promiscuous mode
[  191.927008][ T6131] device syzkaller0 entered promiscuous mode
[  191.954889][ T1326] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  191.972664][ T6133] device syzkaller0 entered promiscuous mode
[  191.980380][ T1326] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  191.989436][ T1326] usb 3-1: SerialNumber: syz
[  192.188881][ T6136] autofs4:pid:6136:autofs_fill_super: called with bogus options
[  192.373631][ T1326] usb 3-1: 0:2 : does not exist
[  192.387090][ T6142] netlink: 'syz.5.398': attribute type 1 has an invalid length.
[  192.400866][ T6142] netlink: 232 bytes leftover after parsing attributes in process `syz.5.398'.
[  192.599710][ T6144] netlink: 148 bytes leftover after parsing attributes in process `syz.3.397'.
[  192.608959][ T6144] netlink: 56 bytes leftover after parsing attributes in process `syz.3.397'.
[  192.618347][ T6144] netlink: 'syz.3.397': attribute type 1 has an invalid length.
[  192.649464][ T6144] loop3: detected capacity change from 0 to 2048
[  193.429594][ T6146] sched: RT throttling activated
[  193.837095][ T1326] usb 3-1: USB disconnect, device number 9
[  193.851419][ T6144] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[  193.861510][ T6144] NILFS (loop3): mounting unchecked fs
[  193.925526][ T6144] NILFS (loop3): recovery complete
[  193.991034][ T6151] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  194.684590][ T4615] udevd[4615]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  194.770789][ T1423] ieee802154 phy0 wpan0: encryption failed: -22
[  194.777631][ T1423] ieee802154 phy1 wpan1: encryption failed: -22
[  195.129661][ T6164] netlink: 'syz.6.403': attribute type 3 has an invalid length.
[  195.929157][ T6170] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  196.040448][ T6170] device syzkaller0 entered promiscuous mode
[  196.055929][ T6184] autofs4:pid:6184:autofs_fill_super: called with bogus options
[  196.094340][ T6179] device syzkaller0 entered promiscuous mode
[  196.107432][ T6176] device syzkaller0 entered promiscuous mode
[  196.130214][ T6180] tipc: Resetting bearer <eth:syzkaller0>
[  196.160481][ T6165] tipc: Resetting bearer <eth:syzkaller0>
[  196.188071][ T6165] tipc: Disabling bearer <eth:syzkaller0>
[  196.194622][ T5361] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  196.208015][ T6188] device syzkaller0 entered promiscuous mode
[  196.996925][ T6200] netlink: 148 bytes leftover after parsing attributes in process `syz.2.412'.
[  197.006485][ T6200] netlink: 56 bytes leftover after parsing attributes in process `syz.2.412'.
[  197.015896][ T6200] netlink: 'syz.2.412': attribute type 1 has an invalid length.
[  197.048506][ T6200] loop2: detected capacity change from 0 to 2048
[  198.703155][ T1326] Bluetooth: hci4: command 0x0406 tx timeout
[  198.730861][ T1326] Bluetooth: hci3: command 0x0406 tx timeout
[  198.739318][ T1326] Bluetooth: hci2: command 0x0406 tx timeout
[  198.801597][ T6200] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024)
[  198.810917][ T5361] usb 4-1: Using ep0 maxpacket: 8
[  198.815497][ T6200] NILFS (loop2): mounting unchecked fs
[  198.853738][ T6203] netlink: 'syz.6.414': attribute type 1 has an invalid length.
[  198.891055][ T6203] netlink: 232 bytes leftover after parsing attributes in process `syz.6.414'.
[  198.902205][ T6200] NILFS (loop2): recovery complete
[  198.915439][ T6209] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  198.943128][ T5361] usb 4-1: device descriptor read/all, error -71
[  199.001326][ T5362] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  199.113342][ T5362] hid-generic 0000:0000:0000.000B: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  200.240793][ T6225] autofs4:pid:6225:autofs_fill_super: called with bogus options
[  200.269824][ T6227] sch_tbf: burst 2 is lower than device syzkaller0 mtu (1514) !
[  200.336872][ T6231] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  200.345204][ T6227] device syzkaller0 entered promiscuous mode
[  200.380557][ T6231] device syzkaller0 entered promiscuous mode
[  200.390344][ T6229] device syzkaller0 entered promiscuous mode
[  200.423445][ T6231] tipc: Resetting bearer <eth:syzkaller0>
[  200.461392][ T6230] tipc: Resetting bearer <eth:syzkaller0>
[  200.495941][ T6230] tipc: Disabling bearer <eth:syzkaller0>
[  200.600794][ T5361] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  200.619592][ T6233] netlink: 'syz.6.418': attribute type 3 has an invalid length.
[  201.769587][ T6243] device syzkaller0 entered promiscuous mode
[  202.669221][ T5361] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  202.683390][ T5361] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  202.730995][ T5361] usb 4-1: string descriptor 0 read error: -71
[  202.737760][ T5361] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  202.759042][ T5361] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  202.790909][ T5361] usb 4-1: can't set config #1, error -71
[  202.801043][ T5361] usb 4-1: USB disconnect, device number 13
[  203.209156][ T6255] netlink: 148 bytes leftover after parsing attributes in process `syz.4.430'.
[  203.223042][ T6255] netlink: 56 bytes leftover after parsing attributes in process `syz.4.430'.
[  203.236170][ T6255] netlink: 'syz.4.430': attribute type 1 has an invalid length.
[  203.599414][ T6255] loop4: detected capacity change from 0 to 2048
[  203.896718][ T6255] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024)
[  203.908049][ T6255] NILFS (loop4): mounting unchecked fs
[  203.950860][ T6255] NILFS (loop4): recovery complete
[  203.964656][ T6258] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  204.001340][ T6257] netlink: 'syz.5.432': attribute type 1 has an invalid length.
[  204.016851][ T6257] netlink: 232 bytes leftover after parsing attributes in process `syz.5.432'.
[  205.192976][ T6268] sch_tbf: burst 2 is lower than device syzkaller0 mtu (1514) !
[  205.226007][ T6264] autofs4:pid:6264:autofs_fill_super: called with bogus options
[  205.251856][ T6268] device syzkaller0 entered promiscuous mode
[  205.287305][ T6272] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  205.335041][ T6274] device syzkaller0 entered promiscuous mode
[  205.399434][ T6272] device syzkaller0 entered promiscuous mode
[  205.439709][ T6278] tipc: Resetting bearer <eth:syzkaller0>
[  205.456345][ T6277] device syzkaller0 entered promiscuous mode
[  205.487487][ T6271] tipc: Resetting bearer <eth:syzkaller0>
[  205.745591][ T6271] tipc: Disabling bearer <eth:syzkaller0>
[  206.683925][ T6301] netlink: 'syz.6.446': attribute type 1 has an invalid length.
[  206.692627][ T6301] netlink: 232 bytes leftover after parsing attributes in process `syz.6.446'.
[  206.835294][ T6303] FAULT_INJECTION: forcing a failure.
[  206.835294][ T6303] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  206.866280][ T5362] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[  206.882310][ T5362] hid-generic 0000:0000:0000.000C: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  206.903953][ T6303] CPU: 1 PID: 6303 Comm: syz.5.448 Not tainted syzkaller #0
[  206.913577][ T6303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  206.926101][ T6303] Call Trace:
[  206.930643][ T6303]  <TASK>
[  206.935181][ T6303]  dump_stack_lvl+0x168/0x230
[  206.940798][ T6303]  ? show_regs_print_info+0x20/0x20
[  206.947477][ T6303]  ? load_image+0x3b0/0x3b0
[  206.952814][ T6303]  ? __lock_acquire+0x7c60/0x7c60
[  206.959177][ T6303]  ? __lock_acquire+0x12d9/0x7c60
[  206.964826][ T6303]  ? verify_lock_unused+0x140/0x140
[  206.970246][ T6303]  should_fail+0x38c/0x4c0
[  206.974702][ T6303]  prepare_alloc_pages+0x1e4/0x5f0
[  206.980056][ T6303]  __alloc_pages+0x10e/0x470
[  206.984787][ T6303]  ? zone_statistics+0x170/0x170
[  206.989777][ T6303]  ? count_memcg_event_mm+0x311/0x360
[  206.995275][ T6303]  ? remove_device_exclusive_entry+0xa70/0xa70
[  207.001676][ T6303]  alloc_pages_vma+0x393/0x7c0
[  207.006570][ T6303]  handle_mm_fault+0x2382/0x43c0
[  207.011988][ T6303]  ? get_page+0xe0/0xe0
[  207.018376][ T6303]  ? vmacache_find+0x238/0x590
[  207.023369][ T6303]  ? find_vma+0xd2/0x230
[  207.028008][ T6303]  do_user_addr_fault+0x489/0xc80
[  207.033997][ T6303]  exc_page_fault+0x60/0x100
[  207.039236][ T6303]  asm_exc_page_fault+0x22/0x30
[  207.044415][ T6303] RIP: 0033:0x7fa3c3ba4c03
[  207.049063][ T6303] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c
[  207.069518][ T6303] RSP: 002b:00007fa3c1f494a0 EFLAGS: 00010202
[  207.075782][ T6303] RAX: 0000000000004000 RBX: 00007fa3c1f49540 RCX: 00007fa3b9b2a000
[  207.083992][ T6303] RDX: 00007fa3c1f496e0 RSI: 0000000000000007 RDI: 00007fa3c1f495e0
[  207.092093][ T6303] RBP: 00000000000000e7 R08: 0000000000000008 R09: 00000000000000a3
[  207.100109][ T6303] R10: 00000000000000c4 R11: 00007fa3c1f49540 R12: 0000000000000001
[  207.108182][ T6303] R13: 00007fa3c3d81b80 R14: 000000000000000b R15: 00007fa3c1f495e0
[  207.116396][ T6303]  </TASK>
[  207.244962][ T6303] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  207.258888][ T6303] loop5: detected capacity change from 0 to 512
[  207.533794][ T6305] netlink: 'syz.6.447': attribute type 3 has an invalid length.
[  208.452696][ T6303] EXT4-fs (loop5): Journaled quota options ignored when QUOTA feature is enabled
[  208.463791][ T6303] EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock
[  208.523562][ T6303] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock
[  208.544281][ T6303] EXT4-fs (loop5): ext4_check_descriptors: Inode table for group 1 overlaps superblock
[  208.591667][ T6303] EXT4-fs (loop5): revision level too high, forcing read-only mode
[  208.600050][ T6303] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c042e01c, mo2=0000]
[  208.652749][ T6303] EXT4-fs (loop5): orphan cleanup on readonly fs
[  208.717309][ T6303] EXT4-fs error (device loop5): ext4_validate_block_bitmap:438: comm syz.5.448: bg 0: block 34: padding at end of block bitmap is not set
[  208.823291][ T6303] Quota error (device loop5): write_blk: dquota write failed
[  208.828926][ T6321] sch_tbf: burst 2 is lower than device syzkaller0 mtu (1514) !
[  208.847710][ T6303] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota
[  208.867643][ T6321] device syzkaller0 entered promiscuous mode
[  208.882323][ T6303] EXT4-fs error (device loop5): ext4_acquire_dquot:6209: comm syz.5.448: Failed to acquire dquot type 1
[  208.930349][ T6303] EXT4-fs (loop5): 1 truncate cleaned up
[  208.961936][ T6303] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpid,usrjquota=./file0,barrier=0x0000000000000003,noblock_validity,,errors=continue. Quota mode: writeback.
[  209.098172][ T6324] autofs4:pid:6324:autofs_fill_super: called with bogus options
[  209.150914][ T1326] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  210.214164][ T6339] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  210.251168][ T1326] usb 3-1: device descriptor read/all, error -71
[  210.277859][ T6339] device syzkaller0 entered promiscuous mode
[  210.327692][ T6337] device syzkaller0 entered promiscuous mode
[  210.389743][ T6341] device syzkaller0 entered promiscuous mode
[  210.408653][ T6339] tipc: Resetting bearer <eth:syzkaller0>
[  210.505570][ T6346] netlink: 'syz.2.458': attribute type 1 has an invalid length.
[  210.518171][ T6346] netlink: 232 bytes leftover after parsing attributes in process `syz.2.458'.
[  210.535597][ T6338] tipc: Resetting bearer <eth:syzkaller0>
[  210.609627][ T6338] tipc: Disabling bearer <eth:syzkaller0>
[  211.087912][ T6355] netlink: 148 bytes leftover after parsing attributes in process `syz.4.459'.
[  211.097112][ T6355] netlink: 56 bytes leftover after parsing attributes in process `syz.4.459'.
[  211.107177][ T6355] netlink: 'syz.4.459': attribute type 1 has an invalid length.
[  211.138568][ T6355] loop4: detected capacity change from 0 to 2048
[  213.085660][ T6360] sch_tbf: burst 2 is lower than device syzkaller0 mtu (1514) !
[  213.108396][ T6355] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024)
[  213.122271][ T6355] NILFS (loop4): mounting unchecked fs
[  213.131030][ T6367] netlink: 'syz.5.462': attribute type 3 has an invalid length.
[  213.205336][ T6366] device syzkaller0 entered promiscuous mode
[  213.252128][ T6355] NILFS (loop4): recovery complete
[  213.425723][ T6370] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  213.929786][ T6377] netlink: 8 bytes leftover after parsing attributes in process `syz.6.466'.
[  214.080982][ T6376] autofs4:pid:6376:autofs_fill_super: called with bogus options
[  214.172196][ T6377] netlink: 24 bytes leftover after parsing attributes in process `syz.6.466'.
[  214.204384][ T5362] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[  214.233741][ T5362] hid-generic 0000:0000:0000.000D: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  214.286461][ T6372] loop5: detected capacity change from 0 to 7
[  214.683758][ T6372] Dev loop5: unable to read RDB block 7
[  214.777137][ T6382] loop6: detected capacity change from 0 to 1024
[  214.882861][ T6372]  loop5: unable to read partition table
[  214.889384][ T6372] loop5: partition table beyond EOD, truncated
[  214.921622][ T6372] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5)
[  215.002482][ T6387] netlink: 'syz.3.471': attribute type 1 has an invalid length.
[  215.020025][ T6382] hfsplus: unable to parse mount options
[  215.041039][ T6387] netlink: 232 bytes leftover after parsing attributes in process `syz.3.471'.
[  215.081543][ T6391] device syzkaller0 entered promiscuous mode
[  215.471305][ T6395] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  215.598296][ T6395] device syzkaller0 entered promiscuous mode
[  215.656292][ T6395] tipc: Resetting bearer <eth:syzkaller0>
[  215.670003][ T6400] device syzkaller0 entered promiscuous mode
[  215.698606][ T6394] tipc: Resetting bearer <eth:syzkaller0>
[  215.753850][ T6394] tipc: Disabling bearer <eth:syzkaller0>
[  215.810765][ T4256] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  216.261132][ T4256] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  216.294305][ T4256] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  216.411612][ T4256] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  216.449702][ T4256] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  216.655860][ T4256] usb 5-1: SerialNumber: syz
[  216.886926][ T6417] netlink: 148 bytes leftover after parsing attributes in process `syz.2.479'.
[  216.896270][ T6417] netlink: 56 bytes leftover after parsing attributes in process `syz.2.479'.
[  216.905544][ T6417] netlink: 'syz.2.479': attribute type 1 has an invalid length.
[  216.937022][ T6417] loop2: detected capacity change from 0 to 2048
[  217.399837][ T6417] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024)
[  217.410250][ T6417] NILFS (loop2): mounting unchecked fs
[  217.531562][ T6417] NILFS (loop2): recovery complete
[  217.610794][ T6418] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  217.851064][ T6421] sch_tbf: burst 2 is lower than device syzkaller0 mtu (1514) !
[  217.872472][ T4256] usb 5-1: 0:2 : does not exist
[  217.878139][ T4256] usb 5-1: unit 4 not found!
[  217.911291][ T6421] device syzkaller0 entered promiscuous mode
[  218.167405][ T4256] usb 5-1: USB disconnect, device number 5
[  218.857903][ T6428] autofs4:pid:6428:autofs_fill_super: called with bogus options
[  218.915327][ T4615] udevd[4615]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  218.919473][ T6433] device syzkaller0 entered promiscuous mode
[  219.004875][ T6435] netlink: 'syz.4.484': attribute type 1 has an invalid length.
[  219.019886][ T6435] netlink: 232 bytes leftover after parsing attributes in process `syz.4.484'.
[  219.188562][ T6438] netlink: 'syz.3.483': attribute type 3 has an invalid length.
[  219.352988][ T6441] device syzkaller0 entered promiscuous mode
[  219.366845][ T6443] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  220.087517][ T6448] device syzkaller0 entered promiscuous mode
[  220.305353][ T6450] tipc: Resetting bearer <eth:syzkaller0>
[  220.307753][ T6457] FAULT_INJECTION: forcing a failure.
[  220.307753][ T6457] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  220.357130][ T6457] CPU: 1 PID: 6457 Comm: syz.6.492 Not tainted syzkaller #0
[  220.364859][ T6457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  220.375017][ T6457] Call Trace:
[  220.378312][ T6457]  <TASK>
[  220.381264][ T6457]  dump_stack_lvl+0x168/0x230
[  220.386232][ T6457]  ? show_regs_print_info+0x20/0x20
[  220.391886][ T6457]  ? load_image+0x3b0/0x3b0
[  220.396884][ T6457]  ? __lock_acquire+0x7c60/0x7c60
[  220.402155][ T6457]  should_fail+0x38c/0x4c0
[  220.407060][ T6457]  _copy_from_user+0x2e/0x170
[  220.412192][ T6457]  iovec_from_user+0x142/0x370
[  220.417213][ T6457]  __import_iovec+0x70/0x490
[  220.422406][ T6457]  import_iovec+0x6f/0xa0
[  220.426927][ T6457]  ___sys_sendmsg+0x1b9/0x260
[  220.432033][ T6457]  ? __sys_sendmsg+0x250/0x250
[  220.437724][ T6457]  ? vfs_write+0x84d/0xd00
[  220.442268][ T6457]  ? __fdget+0x18b/0x210
[  220.446661][ T6457]  __se_sys_sendmsg+0x190/0x250
[  220.452236][ T6457]  ? __x64_sys_sendmsg+0x80/0x80
[  220.457276][ T6457]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  220.463390][ T6457]  ? lockdep_hardirqs_on+0x94/0x140
[  220.468998][ T6457]  do_syscall_64+0x4c/0xa0
[  220.473657][ T6457]  ? clear_bhb_loop+0x30/0x80
[  220.478553][ T6457]  ? clear_bhb_loop+0x30/0x80
[  220.483251][ T6457]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  220.489244][ T6457] RIP: 0033:0x7fc28b265ec9
[  220.493674][ T6457] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  220.513714][ T6457] RSP: 002b:00007fc2894cd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  220.522264][ T6457] RAX: ffffffffffffffda RBX: 00007fc28b4bcfa0 RCX: 00007fc28b265ec9
[  220.530650][ T6457] RDX: 0000000000008000 RSI: 0000200000000040 RDI: 0000000000000005
[  220.539652][ T6457] RBP: 00007fc2894cd090 R08: 0000000000000000 R09: 0000000000000000
[  220.548478][ T6457] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  220.557212][ T6457] R13: 00007fc28b4bd038 R14: 00007fc28b4bcfa0 R15: 00007ffd62bd1d98
[  220.565920][ T6457]  </TASK>
[  220.570895][ T6440] tipc: Resetting bearer <eth:syzkaller0>
[  220.617348][ T6440] tipc: Disabling bearer <eth:syzkaller0>
[  221.493161][ T6463] netlink: 148 bytes leftover after parsing attributes in process `syz.4.493'.
[  221.504659][ T6463] netlink: 56 bytes leftover after parsing attributes in process `syz.4.493'.
[  221.515985][ T6463] netlink: 'syz.4.493': attribute type 1 has an invalid length.
[  221.817588][ T6463] loop4: detected capacity change from 0 to 2048
[  221.959648][  T150] block nbd0: Possible stuck request ffff8880209a0000: control (read@0,4096B). Runtime 120 seconds
[  222.199497][ T5356] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0
[  222.461325][ T5356] hid-generic 0000:0000:0000.000E: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  222.578295][ T6463] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024)
[  222.588585][ T6463] NILFS (loop4): mounting unchecked fs
[  222.650175][ T6463] NILFS (loop4): recovery complete
[  222.668371][ T6481] device syzkaller0 entered promiscuous mode
[  222.675996][ T6483] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  222.913200][ T5356] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  223.212450][ T6491] netlink: 'syz.3.499': attribute type 1 has an invalid length.
[  223.316768][ T6492] autofs4:pid:6492:autofs_fill_super: called with bogus options
[  223.331497][ T6491] netlink: 232 bytes leftover after parsing attributes in process `syz.3.499'.
[  223.511514][ T6495] netlink: 'syz.6.501': attribute type 3 has an invalid length.
[  223.718393][ T5356] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  223.731111][ T5356] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  224.485233][ T5356] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  224.504079][ T5356] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  224.565616][ T5356] usb 3-1: SerialNumber: syz
[  224.657721][ T6506] loop3: detected capacity change from 0 to 64
[  224.675489][ T6508] device syzkaller0 entered promiscuous mode
[  224.829445][ T6506] bridge_slave_1: mtu less than device minimum
[  224.861432][ T6510] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  224.883708][ T5356] usb 3-1: 0:2 : does not exist
[  224.935489][ T5356] usb 3-1: USB disconnect, device number 12
[  225.013596][ T6510] device syzkaller0 entered promiscuous mode
[  225.263973][ T4615] udevd[4615]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  225.339609][ T6514] tipc: Resetting bearer <eth:syzkaller0>
[  225.724433][ T6514] tipc: Disabling bearer <eth:syzkaller0>
[  225.808575][ T6521] tipc: Enabling of bearer <eth:syzk> rejected, failed to enable media
[  226.805291][ T6527] netlink: 148 bytes leftover after parsing attributes in process `syz.6.510'.
[  226.815023][ T6527] netlink: 56 bytes leftover after parsing attributes in process `syz.6.510'.
[  226.824621][ T6527] netlink: 'syz.6.510': attribute type 1 has an invalid length.
[  227.917868][ T6527] loop6: detected capacity change from 0 to 2048
[  228.287367][ T6527] NILFS (loop6): broken superblock, retrying with spare superblock (blocksize = 1024)
[  228.299109][ T6527] NILFS (loop6): mounting unchecked fs
[  228.378951][ T6527] NILFS (loop6): recovery complete
[  228.466300][ T6534] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  228.846263][ T6537] netlink: 'syz.2.513': attribute type 1 has an invalid length.
[  228.957660][ T6537] netlink: 232 bytes leftover after parsing attributes in process `syz.2.513'.
[  228.969816][ T6541] device syzkaller0 entered promiscuous mode
[  229.090222][ T6540] autofs4:pid:6540:autofs_fill_super: called with bogus options
[  229.331123][ T6549] netlink: 'syz.5.515': attribute type 3 has an invalid length.
[  229.636772][ T6556] device syzkaller0 entered promiscuous mode
[  229.780107][ T6559] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  229.809602][ T6559] device syzkaller0 entered promiscuous mode
[  229.847091][ T6559] tipc: Resetting bearer <eth:syzkaller0>
[  229.875479][ T6558] tipc: Resetting bearer <eth:syzkaller0>
[  230.028590][ T6558] tipc: Disabling bearer <eth:syzkaller0>
[  231.462946][ T6572] netlink: 148 bytes leftover after parsing attributes in process `syz.4.524'.
[  231.472142][ T6572] netlink: 56 bytes leftover after parsing attributes in process `syz.4.524'.
[  231.481103][ T6572] netlink: 'syz.4.524': attribute type 1 has an invalid length.
[  231.512055][ T6572] loop4: detected capacity change from 0 to 2048
[  232.234511][ T5008] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[  232.264312][ T6572] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024)
[  232.274573][ T6572] NILFS (loop4): mounting unchecked fs
[  232.328162][ T6572] NILFS (loop4): recovery complete
[  232.338924][ T5008] hid-generic 0000:0000:0000.000F: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  232.363686][ T6576] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  232.630929][ T5017] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  233.181093][ T5017] usb 4-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[  233.202087][ T6582] tipc: Enabling of bearer <eth:syzk> rejected, failed to enable media
[  233.227110][ T5017] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  233.375371][ T6585] device syzkaller0 entered promiscuous mode
[  233.420887][ T5017] usb 4-1: string descriptor 0 read error: -71
[  233.433840][ T5017] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  233.448159][ T6588] netlink: 'syz.6.529': attribute type 1 has an invalid length.
[  233.481937][ T5017] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  233.496714][ T6588] netlink: 232 bytes leftover after parsing attributes in process `syz.6.529'.
[  233.562237][ T5017] usb 4-1: can't set config #1, error -71
[  233.581765][ T5017] usb 4-1: USB disconnect, device number 14
[  233.717499][ T6599] device syzkaller0 entered promiscuous mode
[  234.013473][ T6608] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  234.156121][ T6611] netlink: 'syz.3.534': attribute type 3 has an invalid length.
[  234.237476][ T6608] device syzkaller0 entered promiscuous mode
[  234.297725][ T6612] tipc: Resetting bearer <eth:syzkaller0>
[  234.323706][ T6607] tipc: Resetting bearer <eth:syzkaller0>
[  234.390051][ T6607] tipc: Disabling bearer <eth:syzkaller0>
[  234.416192][ T6601] autofs4:pid:6601:autofs_fill_super: called with bogus options
[  235.600837][ T6622] netlink: 148 bytes leftover after parsing attributes in process `syz.5.538'.
[  235.613573][ T6622] netlink: 56 bytes leftover after parsing attributes in process `syz.5.538'.
[  235.623126][ T6622] netlink: 'syz.5.538': attribute type 1 has an invalid length.
[  236.142819][ T6621] loop5: detected capacity change from 0 to 2048
[  236.336726][ T5361] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0
[  236.549008][ T6621] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024)
[  236.559829][ T6621] NILFS (loop5): mounting unchecked fs
[  236.593975][ T6621] NILFS (loop5): recovery complete
[  236.840963][ T5021] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  236.914094][ T6631] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  237.221339][ T5361] hid-generic 0000:0000:0000.0010: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  237.262957][ T6635] tipc: Enabling of bearer <eth:syzk> rejected, failed to enable media
[  237.340301][ T6644] netlink: 'syz.2.545': attribute type 1 has an invalid length.
[  237.355649][ T6644] netlink: 232 bytes leftover after parsing attributes in process `syz.2.545'.
[  237.371479][ T6642] device syzkaller0 entered promiscuous mode
[  237.421038][ T5021] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  237.450773][ T5021] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  237.551425][ T5021] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  237.583791][ T5021] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  237.630273][ T5021] usb 5-1: SerialNumber: syz
[  237.661593][ T6651] device syzkaller0 entered promiscuous mode
[  237.754293][ T6653] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  237.806385][ T6653] device syzkaller0 entered promiscuous mode
[  237.976389][ T6653] tipc: Resetting bearer <eth:syzkaller0>
[  237.993502][ T5021] usb 5-1: 0:2 : does not exist
[  238.033135][ T6660] netlink: 'syz.5.550': attribute type 3 has an invalid length.
[  238.182780][ T6662] autofs4:pid:6662:autofs_fill_super: called with bogus options
[  238.222867][ T5021] usb 5-1: USB disconnect, device number 6
[  238.267062][ T6652] tipc: Resetting bearer <eth:syzkaller0>
[  238.357443][ T6652] tipc: Disabling bearer <eth:syzkaller0>
[  238.381186][ T5361] Bluetooth: hci1: command 0x0406 tx timeout
[  238.544089][ T4615] udevd[4615]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  240.480831][ T6679] netlink: 148 bytes leftover after parsing attributes in process `syz.5.554'.
[  240.490237][ T6679] netlink: 56 bytes leftover after parsing attributes in process `syz.5.554'.
[  240.499289][ T6679] netlink: 'syz.5.554': attribute type 1 has an invalid length.
[  241.084542][ T6673] loop5: detected capacity change from 0 to 2048
[  241.188122][ T6673] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024)
[  241.198263][ T6673] NILFS (loop5): mounting unchecked fs
[  241.271529][ T6678] netlink: 'syz.6.556': attribute type 1 has an invalid length.
[  241.327105][ T6683] loop2: detected capacity change from 0 to 1024
[  241.445364][ T6673] NILFS (loop5): recovery complete
[  241.478770][ T6686] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  241.497870][ T6678] netlink: 232 bytes leftover after parsing attributes in process `syz.6.556'.
[  241.584481][ T6683] EXT4-fs (loop2): Ignoring removed orlov option
[  241.681563][ T6683] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option
[  241.899025][ T6683] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  242.033821][ T6693] tipc: Enabling of bearer <eth:syzkall> rejected, failed to enable media
[  242.186788][ T6700] device syzkaller0 entered promiscuous mode
[  242.227109][ T6683] EXT4-fs error (device loop2): ext4_map_blocks:629: inode #2: block 16: comm syz.2.557: lblock 0 mapped to illegal pblock 16 (length 1)
[  242.291596][ T6707] device syzkaller0 entered promiscuous mode
[  242.454406][ T6683] netlink: 32 bytes leftover after parsing attributes in process `syz.2.557'.
[  242.636693][ T6716] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  242.839070][ T6716] device syzkaller0 entered promiscuous mode
[  242.925391][ T6716] tipc: Resetting bearer <eth:syzkaller0>
[  242.936035][ T6715] tipc: Resetting bearer <eth:syzkaller0>
[  243.008151][ T6723] netlink: 'syz.6.565': attribute type 3 has an invalid length.
[  243.108249][ T6715] tipc: Disabling bearer <eth:syzkaller0>
[  243.191583][ T5021] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  243.437115][ T6728] autofs4:pid:6728:autofs_fill_super: called with bogus options
[  244.490907][ T5021] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  244.558713][ T5021] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  244.658938][ T6741] netlink: 'syz.3.570': attribute type 1 has an invalid length.
[  244.670908][ T6741] netlink: 232 bytes leftover after parsing attributes in process `syz.3.570'.
[  244.701300][ T5021] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  244.720739][ T5021] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  244.738453][ T5021] usb 3-1: SerialNumber: syz
[  244.870513][ T6746] tipc: Enabling of bearer <eth:syzkall> rejected, failed to enable media
[  244.915800][ T6749] device syzkaller0 entered promiscuous mode
[  244.931205][ T6746] sch_tbf: burst 2 is lower than device syzkaller0 mtu (1514) !
[  244.980481][ T6746] device syzkaller0 entered promiscuous mode
[  245.048332][ T5021] usb 3-1: 0:2 : does not exist
[  245.087251][ T5021] usb 3-1: USB disconnect, device number 13
[  245.110065][ T6753] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  245.133227][ T6753] tipc: Resetting bearer <eth:syzkaller0>
[  245.155197][ T6752] tipc: Disabling bearer <eth:syzkaller0>
[  245.279694][ T6761] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  245.376394][ T6761] device syzkaller0 entered promiscuous mode
[  245.447545][ T6761] tipc: Resetting bearer <eth:syzkaller0>
[  245.477130][ T6760] tipc: Resetting bearer <eth:syzkaller0>
[  245.543439][ T6760] tipc: Disabling bearer <eth:syzkaller0>
[  245.581820][ T4615] udevd[4615]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  245.942277][ T6770] netlink: 'syz.6.580': attribute type 3 has an invalid length.
[  246.696593][ T6779] netlink: 'syz.5.583': attribute type 1 has an invalid length.
[  246.739591][ T6779] netlink: 232 bytes leftover after parsing attributes in process `syz.5.583'.
[  246.888149][ T6784] netlink: 148 bytes leftover after parsing attributes in process `syz.2.582'.
[  246.898591][ T6784] netlink: 56 bytes leftover after parsing attributes in process `syz.2.582'.
[  246.908357][ T6784] netlink: 'syz.2.582': attribute type 1 has an invalid length.
[  247.218089][ T6784] loop2: detected capacity change from 0 to 2048
[  247.616300][ T6784] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024)
[  247.626394][ T6784] NILFS (loop2): mounting unchecked fs
[  247.714392][ T6784] NILFS (loop2): recovery complete
[  247.737886][ T6788] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  248.068803][ T6791] tipc: Enabling of bearer <eth:syzkall> rejected, failed to enable media
[  248.102891][ T6791] sch_tbf: burst 2 is lower than device syzkaller0 mtu (1514) !
[  248.166874][ T6796] device syzkaller0 entered promiscuous mode
[  248.173974][ T6775] autofs4:pid:6775:autofs_fill_super: called with bogus options
[  248.257135][ T6797] device syzkaller0 entered promiscuous mode
[  248.312361][ T6800] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  248.409316][ T6800] tipc: Resetting bearer <eth:syzkaller0>
[  248.527198][ T6798] tipc: Disabling bearer <eth:syzkaller0>
[  248.718131][ T6809] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  248.759974][ T6809] device syzkaller0 entered promiscuous mode
[  248.806015][ T6809] tipc: Resetting bearer <eth:syzkaller0>
[  248.871216][ T6807] tipc: Resetting bearer <eth:syzkaller0>
[  248.936333][ T6807] tipc: Disabling bearer <eth:syzkaller0>
[  249.020917][ T5008] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  249.030906][ T6814] netlink: 'syz.2.595': attribute type 3 has an invalid length.
[  249.404115][ T6818] netlink: 'syz.5.597': attribute type 1 has an invalid length.
[  249.439428][ T6818] netlink: 232 bytes leftover after parsing attributes in process `syz.5.597'.
[  250.453316][ T6831] netlink: 148 bytes leftover after parsing attributes in process `syz.6.598'.
[  250.462783][ T6831] netlink: 56 bytes leftover after parsing attributes in process `syz.6.598'.
[  250.472543][ T6831] netlink: 'syz.6.598': attribute type 1 has an invalid length.
[  250.502670][ T6831] loop6: detected capacity change from 0 to 2048
[  250.588380][ T6831] NILFS (loop6): broken superblock, retrying with spare superblock (blocksize = 1024)
[  250.598321][ T6831] NILFS (loop6): mounting unchecked fs
[  250.713273][ T6831] NILFS (loop6): recovery complete
[  250.968859][ T6833] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  251.269388][ T5008] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  251.279952][ T5008] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  251.375506][ T6837] device syzkaller0 entered promiscuous mode
[  251.382891][ T5008] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  251.410576][ T6839] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  251.410724][ T5008] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  251.432375][ T6839] tipc: Resetting bearer <eth:syzkaller0>
[  251.461001][ T5008] usb 5-1: SerialNumber: syz
[  251.469576][ T6841] tipc: Enabling of bearer <eth:syzkaller> rejected, failed to enable media
[  251.488640][ T6838] tipc: Disabling bearer <eth:syzkaller0>
[  251.588318][ T6841] sch_tbf: burst 2 is lower than device syzkaller0 mtu (1514) !
[  251.603118][ T6842] device syzkaller0 entered promiscuous mode
[  251.723704][ T5008] usb 5-1: 0:2 : does not exist
[  251.739019][ T6835] autofs4:pid:6835:autofs_fill_super: called with bogus options
[  251.785771][ T5008] usb 5-1: USB disconnect, device number 7
[  251.857839][ T6850] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  251.933779][ T6850] device syzkaller0 entered promiscuous mode
[  251.987701][ T6850] tipc: Resetting bearer <eth:syzkaller0>
[  252.006743][ T6847] tipc: Resetting bearer <eth:syzkaller0>
[  252.121848][ T4615] udevd[4615]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  252.140901][  T150] block nbd0: Possible stuck request ffff8880209a0000: control (read@0,4096B). Runtime 150 seconds
[  252.161675][ T6847] tipc: Disabling bearer <eth:syzkaller0>
[  252.176788][ T6855] netlink: 'syz.6.610': attribute type 1 has an invalid length.
[  252.235967][ T6855] netlink: 232 bytes leftover after parsing attributes in process `syz.6.610'.
[  252.520371][ T6860] netlink: 'syz.3.611': attribute type 3 has an invalid length.
[  253.779740][ T6878] device syzkaller0 entered promiscuous mode
[  253.967509][ T6885] netlink: 148 bytes leftover after parsing attributes in process `syz.2.614'.
[  253.977228][ T6885] netlink: 56 bytes leftover after parsing attributes in process `syz.2.614'.
[  253.986224][ T6885] netlink: 'syz.2.614': attribute type 1 has an invalid length.
[  254.114791][ T6885] loop2: detected capacity change from 0 to 2048
[  254.701122][   T27] INFO: task udevd:4175 blocked for more than 144 seconds.
[  254.708869][   T27]       Not tainted syzkaller #0
[  254.717015][ T6885] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024)
[  254.728026][ T6885] NILFS (loop2): mounting unchecked fs
[  254.748557][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  254.760313][ T6885] NILFS (loop2): recovery complete
[  254.778514][   T27] task:udevd           state:D stack:25312 pid: 4175 ppid:  3562 flags:0x00004002
[  254.788568][ T6892] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  254.809968][   T27] Call Trace:
[  254.817398][   T27]  <TASK>
[  254.825001][   T27]  __schedule+0x11bb/0x4390
[  254.834900][   T27]  ? release_firmware_map_entry+0x190/0x190
[  254.841566][   T27]  ? preempt_schedule+0xa7/0xb0
[  254.848150][   T27]  ? release_firmware_map_entry+0x190/0x190
[  254.861706][   T27]  ? preempt_schedule+0xa7/0xb0
[  254.866822][   T27]  ? schedule_preempt_disabled+0x20/0x20
[  254.884078][   T27]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  254.890553][   T27]  ? lock_chain_count+0x20/0x20
[  254.898254][   T27]  schedule+0x11b/0x1e0
[  254.903861][   T27]  io_schedule+0x7c/0xd0
[  254.908466][   T27]  wait_on_page_bit_common+0x815/0xe00
[  254.914757][   T27]  ? wait_on_page_bit+0x50/0x50
[  254.920021][   T27]  ? blkdev_fallocate+0x4d0/0x4d0
[  255.008505][   T27]  ? rcu_lock_release+0x20/0x20
[  255.015950][   T27]  ? add_to_page_cache_lru+0x2a8/0x4a0
[  255.020961][ T5362] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  255.022252][   T27]  do_read_cache_page+0xb05/0x1030
[  255.036866][   T27]  read_part_sector+0xd4/0x4f0
[  255.042388][   T27]  ? string+0x26d/0x2b0
[  255.046596][   T27]  adfspart_check_ICS+0xbf/0xe00
[  255.051639][   T27]  ? vsnprintf+0x1905/0x1a00
[  255.056499][   T27]  ? adfspart_check_ADFS+0x830/0x830
[  255.062064][   T27]  ? snprintf+0xd7/0x120
[  255.066801][   T27]  ? vscnprintf+0x80/0x80
[  255.071251][   T27]  bdev_disk_changed+0x917/0x16b0
[  255.076349][   T27]  ? blkdev_get_by_dev+0x157/0xa60
[  255.081911][   T27]  ? blk_drop_partitions+0x1a0/0x1a0
[  255.088063][   T27]  ? _atomic_dec_and_lock+0x8f/0x110
[  255.093893][   T27]  blkdev_get_whole+0x2f9/0x390
[  255.099093][   T27]  blkdev_get_by_dev+0x2d0/0xa60
[  255.104625][   T27]  blkdev_open+0x12d/0x2c0
[  255.110139][   T27]  ? block_ioctl+0xf0/0xf0
[  255.114994][   T27]  do_dentry_open+0x7ff/0xf80
[  255.119837][   T27]  path_openat+0x2682/0x2f30
[  255.126940][   T27]  ? __kasan_slab_alloc+0xb3/0xd0
[  255.132124][   T27]  ? __kasan_slab_alloc+0x9c/0xd0
[  255.138223][   T27]  ? slab_post_alloc_hook+0x4c/0x380
[  255.143632][   T27]  ? verify_lock_unused+0x140/0x140
[  255.149747][   T27]  ? __x64_sys_openat+0x135/0x160
[  255.155122][   T27]  ? do_filp_open+0x3e0/0x3e0
[  255.160317][   T27]  do_filp_open+0x1b3/0x3e0
[  255.164939][   T27]  ? vfs_tmpfile+0x300/0x300
[  255.169905][   T27]  ? _raw_spin_unlock+0x24/0x40
[  255.175307][   T27]  ? alloc_fd+0x598/0x630
[  255.179698][   T27]  do_sys_openat2+0x142/0x4a0
[  255.184747][   T27]  ? __lock_acquire+0x7c60/0x7c60
[  255.190132][   T27]  ? do_sys_open+0xe0/0xe0
[  255.194652][   T27]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  255.201578][   T27]  ? lock_chain_count+0x20/0x20
[  255.207140][   T27]  ? vtime_user_exit+0x2dc/0x400
[  255.212577][   T27]  __x64_sys_openat+0x135/0x160
[  255.217764][   T27]  do_syscall_64+0x4c/0xa0
[  255.222275][   T27]  ? clear_bhb_loop+0x30/0x80
[  255.226991][   T27]  ? clear_bhb_loop+0x30/0x80
[  255.234449][   T27]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  255.241321][   T27] RIP: 0033:0x7fc786698407
[  255.245800][   T27] RSP: 002b:00007ffd3da00690 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[  255.254885][   T27] RAX: ffffffffffffffda RBX: 00007fc7865aa880 RCX: 00007fc786698407
[  255.263650][   T27] RDX: 00000000000a0800 RSI: 000055f7b7a634d0 RDI: ffffffffffffff9c
[  255.271958][   T27] RBP: 000055f7b7a62910 R08: 0000000000000000 R09: 0000000000000000
[  255.280138][   T27] R10: 0000000000000000 R11: 0000000000000202 R12: 000055f7b7a74b20
[  255.288291][   T27] R13: 000055f7b7a7a410 R14: 0000000000000000 R15: 000055f7b7a74b20
[  255.296687][   T27]  </TASK>
[  255.299878][   T27] 
[  255.299878][   T27] Showing all locks held in the system:
[  255.308806][   T27] 1 lock held by khungtaskd/27:
[  255.314420][   T27]  #0: ffffffff8c11c660 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30
[  255.324900][   T27] 3 locks held by kworker/u4:4/1277:
[  255.330536][   T27]  #0: ffff888016879138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x760/0x1000
[  255.348366][   T27]  #1: ffffc900047a7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000
[  255.362976][   T27]  #2: ffffffff8d238308 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xa/0x50
[  255.373180][   T27] 2 locks held by getty/3949:
[  255.378160][   T27]  #0: ffff88802bdf6098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70
[  255.389198][   T27]  #1: ffffc90002cf62e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x5ba/0x1a30
[  255.400373][ T5362] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  255.401694][   T27] 1 lock held by udevd/4175:
[  255.411522][ T5362] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  255.422727][   T27]  #0: ffff88802077b518 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0x157/0xa60
[  255.436170][   T27] 2 locks held by syz-executor/4191:
[  255.442498][   T27]  #0: ffff888020273d18 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_put+0xf9/0x7d0
[  255.455196][   T27]  #1: ffff8881471d0468 (&lo->lo_mutex){+.+.}-{3:3}, at: __loop_clr_fd+0xaa/0xb90
[  255.465445][   T27] 3 locks held by kworker/1:22/5362:
[  255.471111][   T27]  #0: ffff88801b72ed38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x760/0x1000
[  255.482210][   T27]  #1: ffffc90002dafd00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000
[  255.493925][   T27]  #2: ffff88802409a220 (&dev->mutex){....}-{3:3}, at: hub_event+0x1a7/0x5560
[  255.501108][ T5362] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  255.503750][   T27] 2 locks held by syz.6.617/6876:
[  255.516697][ T5362] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  255.518521][   T27]  #0: ffffffff8d238308 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3d/0x1b0
[  255.527194][ T5362] usb 6-1: SerialNumber: syz
[  255.535712][   T27]  #1: ffffffff8c1210e8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x347/0x6b0
[  255.553709][   T27] 1 lock held by syz.4.618/6884:
[  255.558789][   T27]  #0: ffffffff8d238308 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x974/0xe60
[  255.570856][   T27] 3 locks held by syz.4.618/6886:
[  255.575908][   T27]  #0: ffffffff8d294f90 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40
[  255.584928][   T27]  #1: ffffffff8d294de8 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x137/0xf40
[  255.594144][   T27]  #2: ffffffff8d238308 (rtnl_mutex){+.+.}-{3:3}, at: tipc_nl_compat_doit+0x20c/0x5f0
[  255.604785][   T27] 1 lock held by syz.4.618/6887:
[  255.609968][   T27]  #0: ffffffff8d238308 (rtnl_mutex){+.+.}-{3:3}, at: __tun_chr_ioctl+0x3ab/0x1e70
[  255.620043][   T27] 1 lock held by syz.3.620/6891:
[  255.625059][   T27]  #0: ffffffff8d238308 (rtnl_mutex){+.+.}-{3:3}, at: __tun_chr_ioctl+0x3ab/0x1e70
[  255.635348][   T27] 1 lock held by syz.3.620/6893:
[  255.640428][   T27]  #0: ffffffff8d238308 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3d/0x1b0
[  255.651032][   T27] 2 locks held by syz.3.620/6895:
[  255.656489][   T27]  #0: ffffffff8d294f90 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40
[  255.665443][   T27]  #1: ffffffff8d294de8 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x137/0xf40
[  255.676321][   T27] 
[  255.678691][   T27] =============================================
[  255.678691][   T27] 
[  255.678917][ T6886] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  255.687315][   T27] NMI backtrace for cpu 0
[  255.687332][   T27] CPU: 0 PID: 27 Comm: khungtaskd Not tainted syzkaller #0
[  255.687353][   T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  255.687364][   T27] Call Trace:
[  255.687371][   T27]  <TASK>
[  255.687379][   T27]  dump_stack_lvl+0x168/0x230
[  255.687411][   T27]  ? show_regs_print_info+0x20/0x20
[  255.687435][   T27]  ? load_image+0x3b0/0x3b0
[  255.687460][   T27]  ? nmi_cpu_backtrace+0x1b6/0x3d0
[  255.687488][   T27]  nmi_cpu_backtrace+0x397/0x3d0
[  255.748535][   T27]  ? nmi_trigger_cpumask_backtrace+0x280/0x280
[  255.755031][   T27]  ? _printk+0xcc/0x110
[  255.759410][   T27]  ? load_image+0x3b0/0x3b0
[  255.764111][   T27]  ? load_image+0x3b0/0x3b0
[  255.768832][   T27]  ? arch_trigger_cpumask_backtrace+0x10/0x10
[  255.775171][   T27]  nmi_trigger_cpumask_backtrace+0x163/0x280
[  255.781275][   T27]  watchdog+0xe0f/0xe50
[  255.785707][   T27]  kthread+0x436/0x520
[  255.790115][   T27]  ? hungtask_pm_notify+0x40/0x40
[  255.795544][   T27]  ? kthread_blkcg+0xd0/0xd0
[  255.800836][   T27]  ret_from_fork+0x1f/0x30
[  255.805308][   T27]  </TASK>
[  255.809278][   T27] Sending NMI from CPU 0 to CPUs 1:
[  255.814903][    C1] NMI backtrace for cpu 1
[  255.814916][    C1] CPU: 1 PID: 9 Comm: kworker/u4:0 Not tainted syzkaller #0
[  255.814934][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  255.814945][    C1] Workqueue: phy12 ieee80211_iface_work
[  255.814968][    C1] RIP: 0010:mark_lock+0xe2/0x320
[  255.814991][    C1] Code: 03 42 0f b6 04 28 84 c0 0f 85 06 02 00 00 83 3d e3 8f af 14 00 74 36 45 31 ff 49 83 c7 50 4c 89 f8 48 c1 e8 03 42 80 3c 28 00 <74> 08 4c 89 ff e8 a4 82 5f 00 b8 01 00 00 00 45 85 27 74 50 48 83
[  255.815006][    C1] RSP: 0018:ffffc90000ce72a0 EFLAGS: 00000046
[  255.815020][    C1] RAX: 1ffffffff1f289fa RBX: ffff88813fed0000 RCX: ffffffff815caf64
[  255.815033][    C1] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8ffbd0c0
[  255.815045][    C1] RBP: 0000000000000008 R08: dffffc0000000000 R09: fffffbfff1ff7a19
[  255.815058][    C1] R10: fffffbfff1ff7a19 R11: 1ffffffff1ff7a18 R12: 0000000000000100
[  255.815070][    C1] R13: dffffc0000000000 R14: ffff88813fed0b68 R15: ffffffff8f944fd0
[  255.815083][    C1] FS:  0000000000000000(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000
[  255.815098][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  255.815110][    C1] CR2: 000000110c3ee99f CR3: 0000000025111000 CR4: 00000000003506e0
[  255.815125][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  255.815135][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  255.815146][    C1] Call Trace:
[  255.815151][    C1]  <TASK>
[  255.815160][    C1]  __lock_acquire+0xd5a/0x7c60
[  255.815190][    C1]  ? verify_lock_unused+0x140/0x140
[  255.815219][    C1]  lock_acquire+0x197/0x3f0
[  255.815237][    C1]  ? debug_check_no_obj_freed+0x136/0x530
[  255.815262][    C1]  ? read_lock_is_recursive+0x10/0x10
[  255.815280][    C1]  ? ieee802_11_parse_elems_crc+0x10c0/0x10c0
[  255.815305][    C1]  ? _raw_spin_lock_irqsave+0x7f/0xf0
[  255.815322][    C1]  ? lockdep_hardirqs_off+0x70/0x100
[  255.815341][    C1]  _raw_spin_lock_irqsave+0xa4/0xf0
[  255.815357][    C1]  ? debug_check_no_obj_freed+0x136/0x530
[  255.815380][    C1]  ? _raw_spin_lock+0x40/0x40
[  255.815399][    C1]  debug_check_no_obj_freed+0x136/0x530
[  255.815424][    C1]  slab_free_freelist_hook+0x8b/0x170
[  255.815443][    C1]  ? ieee80211_bss_info_update+0x86e/0xaa0
[  255.815463][    C1]  kfree+0xef/0x2a0
[  255.815480][    C1]  ieee80211_bss_info_update+0x86e/0xaa0
[  255.815503][    C1]  ? ieee80211_rx_bss_put+0x60/0x60
[  255.815525][    C1]  ? ieee80211_mandatory_rates+0x1c8/0x230
[  255.815548][    C1]  ieee80211_ibss_rx_queued_mgmt+0x16d0/0x29c0
[  255.815576][    C1]  ? ieee80211_ibss_rx_no_sta+0x730/0x730
[  255.815592][    C1]  ? _raw_spin_unlock_irqrestore+0x82/0x100
[  255.815608][    C1]  ? lockdep_hardirqs_on+0x94/0x140
[  255.815626][    C1]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  255.815642][    C1]  ? _raw_spin_unlock+0x40/0x40
[  255.815655][    C1]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  255.815676][    C1]  ? kcov_remote_start+0xea/0x4a0
[  255.815694][    C1]  ieee80211_iface_work+0x70e/0xc60
[  255.815715][    C1]  process_one_work+0x863/0x1000
[  255.815738][    C1]  ? worker_detach_from_pool+0x240/0x240
[  255.815755][    C1]  ? lockdep_hardirqs_off+0x70/0x100
[  255.815773][    C1]  ? _raw_spin_lock_irq+0xab/0xe0
[  255.815788][    C1]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  255.815805][    C1]  ? wq_worker_running+0x97/0x170
[  255.815822][    C1]  worker_thread+0xaa8/0x12a0
[  255.815850][    C1]  kthread+0x436/0x520
[  255.815865][    C1]  ? rcu_lock_release+0x20/0x20
[  255.815881][    C1]  ? kthread_blkcg+0xd0/0xd0
[  255.815896][    C1]  ret_from_fork+0x1f/0x30
[  255.815920][    C1]  </TASK>
[  255.819683][   T27] Kernel panic - not syncing: hung_task: blocked tasks
[  255.844533][ T5362] usb 6-1: 0:2 : does not exist
[  255.848040][   T27] CPU: 0 PID: 27 Comm: khungtaskd Not tainted syzkaller #0
[  256.199383][   T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  256.209972][   T27] Call Trace:
[  256.213264][   T27]  <TASK>
[  256.216211][   T27]  dump_stack_lvl+0x168/0x230
[  256.221265][   T27]  ? show_regs_print_info+0x20/0x20
[  256.226956][   T27]  ? load_image+0x3b0/0x3b0
[  256.231612][   T27]  panic+0x2c9/0x7f0
[  256.236257][   T27]  ? schedule_preempt_disabled+0x20/0x20
[  256.242310][   T27]  ? bpf_jit_dump+0xd0/0xd0
[  256.246965][   T27]  ? nmi_trigger_cpumask_backtrace+0x260/0x280
[  256.253305][   T27]  watchdog+0xe4e/0xe50
[  256.257599][   T27]  kthread+0x436/0x520
[  256.261702][   T27]  ? hungtask_pm_notify+0x40/0x40
[  256.266925][   T27]  ? kthread_blkcg+0xd0/0xd0
[  256.271607][   T27]  ret_from_fork+0x1f/0x30
[  256.276047][   T27]  </TASK>
[  256.279476][   T27] Kernel Offset: disabled
[  256.284669][   T27] Rebooting in 86400 seconds..