last executing test programs:

3m57.613948221s ago: executing program 3 (id=543):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="180300000005000000000000000000001801000011af000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000d5030000020000838500000071000000180100002020752500000000806020207b1af8ff00000000bfa100000000000007010000f8ffffffb7020000080000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
open(0x0, 0x1612c2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000001c0)='sched_switch\x00', r5}, 0x10)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000540)=ANY=[@ANYRESHEX=r6])
newfstatat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, <r7=>0x0}, 0x6000)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000380)={[{@max_batch_time={'max_batch_time', 0x3d, 0x8}}, {@abort}, {@resuid}, {@norecovery}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x8}}, {@jqfmt_vfsold}, {@delalloc}, {@data_err_abort}, {@acl}], [{@appraise_type}, {@uid_eq={'uid', 0x3d, r7}}, {@defcontext={'defcontext', 0x3d, 'user_u'}}]}, 0x1, 0x5d8, &(0x7f0000001200)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
quotactl$Q_SETQUOTA(0xffffffff80000801, &(0x7f0000000240)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000100)={0x3e, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89d})

3m55.160936701s ago: executing program 3 (id=548):
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000200)='./file0\x00', 0x0, &(0x7f0000000240), 0x1, 0x526, &(0x7f0000001b40)="$eJzs3d9rZFcdAPDvvTOTZndTM1WRWrEttrJbdGeSxrZBpK0g6ktBre9pTCYhZJIJmUndhKIp/gGCiAo++eSL4B8gSP8EEQr6LiqK6FafRPfKnbkxm2QmmTY/Zjf5fOBmzrm/vufc3Xvm3rmHewK4sp6OiFcjohQRz0XEZDE/Laa5PLPbW++9u28t5FMSWfb635NIinl7+8rz5Yi40dskxiPiG1+J+FZyNG57e2d1vtlsbBb5emdto97e3rm9sja/3FhurM/MTL84+9LsC7NTWeFU9axGxMtf+vOPvv/zL7/8689++w9zf731nbxYX/hY8omieAunCjBAb9+V7rHYkx+jzfMINgKloj6V0qhLAgDAMPJr/A9HxKe61/+TUepezQEAAACXSfbKRPwnicgAAACASyuNiIlI0lrRF2Ai0rRW6/Xh/WhcT5utduczS62t9cV8WUQ1KunSSrMxVfQVrkYlyfPTRR/bvfzzh/IzEfFYRPxw8lo3X1toNRdH/eMHAAAAXBE3njp4//+vybSbBgAAAC6Z6sAMAAAAcFm45QcAAIDL7d/FiwD259w73UhbAAAAwIPma6+9lk/Z3jjei29ub6223ry92Giv1ta2FmoLrc2N2nKrtdx9Z9/aSftrtlobn4v1rTv1TqPdqbe3d+bWWlvrnbmVA0NgAwAAABfosafe+X0SEbufv9adongPIMABfxp1AYCzVDrzFYGHRTn/88aoSwGMQuXENcoXUg5gdJITlg/svPObsy8LAABwPm5+/Ojz/7Fi2cm/DQAPM319AODq8XQPrq5KlNzmwxX3od7HI4OWv//n/4evLDKvFQUAgBGb6Pb8TdJa8SxwItK0Vot4tDssYCVZWmk2por7g99NVh7J89PdLZMT+wwDAAAAAAAAAAAAAAAAAAAAAAAAAD1ZlkQGAAAAXGoR6V+6IwBExM3JZycO/jpwaNSvn77+4zvznc7mdMRY8o/JfNZYRHR+Usx/PjMkAAAAADwAevfpxef0qEsDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwGXz3t23FvamAwvGzzfu374YEdV+8ctF6PGoRMT1fyZRvm+7JCJKZxB/9+2IeLxf/CTuZVlWLUrRL/61c45f7R6a/vHTiLhxBvHhKnsnb39e7Xf+pfF097P/+VcuptMa3P6l/2//SsX5fr+8/Xl0yBhPvPvL+sD4b0c8Ue7f/uzFT3r1Tw7Hf2bI+G98c2dn0LLsZxE3+37/JAdi1TtrG/X29s7tlbX55cZyY31mZvrF2ZdmX5idqi+tNBvF374xfvDJX907rv7XB8SvHqz/kfb/2SHr/99379z9SC9Z6Rf/1jP9v38fHxA/Lb77Pl2k8+U399K7vfT9nvzFb588rv6LA+q//++f9a3/rSHr/9zXv/fHIVcFAC5Ae3tndb7ZbGwekxgfYp0LTrxycbEmLr6CD+ABP+9E9t3e/8fT7eeUmx9JZCesMxbHbF6OMyjG2Ps4T882McpWCQAAOA/7F/15LktGXR4AAAAAAAAAAAAAAAAAAAC4ij7gG8LGI2LolQ/H3N1Prnz1gusLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADDI/wIAAP//dGLgdw==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendmsg$inet(r0, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, 0x0, 0x0, 0x0, 0x38}, 0x0)
r1 = getpid()
getrlimit(0xf, &(0x7f00000001c0))
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_script(r2, 0x0, 0x0)
write$vga_arbiter(r2, &(0x7f0000000040)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00'], 0x9)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$lock(r6, 0x6, &(0x7f0000002000)={0x1})

3m52.925306393s ago: executing program 3 (id=554):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
close(r1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100))
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000140)={0x2, &(0x7f0000000080)=[{0x28, 0x0, 0x0, 0xfffff00c}, {0x80000006}]}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000440)=ANY=[], 0xfdef)

3m44.976203982s ago: executing program 3 (id=569):
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000d00)='sched_switch\x00'}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={0xffffffffffffffff, 0xe0, &(0x7f00000006c0)={0x0, <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000100)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, &(0x7f0000000300)=[0x0, 0x0, 0x0], 0x0, 0xf9, &(0x7f0000000340)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000380), &(0x7f00000003c0), 0x8, 0xd1, 0x8, 0x8, &(0x7f0000000480)}}, 0x10)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000600)={r3}, 0x4)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f00000013c0)=0x80000000001, 0x4)
connect$inet6(r4, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x20, &(0x7f0000000280)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x800, 0x0, 0x103, 0x1}, 0x20)
setsockopt$inet6_int(r6, 0x29, 0x1000000000021, &(0x7f0000000040)=0x1, 0x4)
sendmsg$inet6(r6, &(0x7f0000000080)={&(0x7f00000000c0)={0xa, 0x4e21, 0x80000, @private0, 0x10001}, 0x1c, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000290000000b0000005c00000000000000345508e982294e2cbf029b532500004befe07b43e8b320a6acd8a19bb615fb7cc76a02a6fa6c792cc9cc92f76a16d2f059070000000000000016cf086caa6eb385616f384898d907281e"], 0x18}, 0x0)
dup3(r4, r5, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r5, 0x0)
sendto$inet6(r4, &(0x7f0000000640)="35015ccd14ecc7ce4ca4fb70ccd12a569190a87d0e66741b5396c35ef82a3323fcc60e4d8a47cbe0207c0d52db382c377bb041ac2d48bd6bdb", 0x39, 0x1, &(0x7f0000000680)={0xa, 0x4e21, 0x3, @mcast1, 0x1}, 0x1c)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r5, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, &(0x7f0000001f00)=""/4106, 0xfffffffffffffccb, 0x0, 0x0}, &(0x7f0000000080)=0x40)
process_vm_readv(0x0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)

3m37.976472725s ago: executing program 3 (id=589):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000002380)='./bus\x00', 0x20081e, &(0x7f0000002400)={[{@nodelalloc}, {@grpid}, {@grpjquota}, {@grpjquota}, {@minixdf}]}, 0x1, 0x4ef, &(0x7f00000003c0)="$eJzs3U1vW1kZAODXzpeTyUwywywAAVOGgYKqOonbRlUXUFYIoUqILkFqQ+JGUew4ip3ShC7S/4BEJVaw5Aew7oo9GwQ7NmWBxEcEaiqxMLrXN6mb2k1oEjuKn0e6uvfcY/s9J849x36d+AQwsC5FxE5EjEbE/YiYys7nsi1ut7bkdi92Hy/u7T5ezEWzefefubQ+ORdt90m8lz1mISJ+9L2In+bejFvf2l5dqFTKG63i+Eyjuj5T39q+ulJdWC4vl9dKpfm5+dmb126UTq2vn1RHs6MvP//Dzrd+njRrMjvT3o/T1Or6yEGcxHBE/OAsgvXBUNaf0X43hHeSj4iPIuLT9PqfiqH02QQALrJmcyqaU+1lAOCiy6c5sFy+mOUCJiOfLxZbObyPYyJfqdUbVx7UNteWWrmy6RjJP1iplGezXOF0jOSS8lx6/KpcOlS+FhEfRsQvxsbTcnGxVlnq5wsfABhg7x2a//8z1pr/AYALrtDvBgAAPWf+B4DBY/4HgMFj/geAwWP+B4DBY/4HgMFj/geAgfLDO3eSrbmXff/10sOtzdXaw6tL5fpqsbq5WFysbawXl2u15fQ7e6pHPV6lVlufux6bj6a/vV5vzNS3tu9Va5trjXvp93rfK4/0pFcAwNt8+MmzP+ciYufWeLpF21oO5mq42PL9bgDQN0P9bgDQN1b7gsF1gvf40gNwQXRYovc1hYgYP3yy2Ww2z65JwBm7/AX5fxhUbfl/fwUMA0b+HwaX/D8MrmYzd9w1/+O4NwQAzjc5fqDL5/8fZfvfZh8O/GTp8C2enmWrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4HzbX/+3mK0FPhn5fLEY8X5ETMdI7sFKpTwbER9ExJ/GRsaS8lyf2wwAnFT+b7ls/a/LU59NHq4dzb0cS/cR8bNf3f3lo4VGY+OPyfl/HZxvPM3Ol/rRfgDgKPvzdLpveyP/Yvfx4v7Wy/b8/bsRUWjF39sdjb2D+MMxnO4LMRIRE//OZeWWXFvu4iR2nkTE5zv1PxeTaQ6ktfLp4fhJ7Pd7Gj//Wvx8WtfaJz+Lz51CW2DQPEvGn9udrr98XEr3na//QjpCnVw2/iUPtbiXjoGv4u+Pf0Ndxr9Lx41x/fffbx2Nv1n3JOKLwxH7sffaxp/9+Lku8T87Zvy/fOkrn3ara/464nJ0jt8ea6ZRXZ+pb21fXakuLJeXy2ul0vzc/OzNazdKM2mOeqb7bPCPW1c+6FaX9H+iS/zCEf3/+jH7/5v/3v/xV98S/5tf6xQ/Hx+/JX4yJ37jmPEXJn5X6FaXxF/q0v+jnv8rx4z//K/bbywbDgD0T31re3WhUilv9PJg/4VET4M6uAAHyW/NOWhGx4Pv9CrWaPxf92o23ylWtxHjNLJuwHlwcNFHxMt+NwYAAAAAAAAAAAAAAOioF/+x1O8+AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcHH9LwAA//89fM7W")
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_DAEMON(r0, 0x0, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='mnt\x00', 0x4, &(0x7f00000000c0)={[{@max_batch_time={'max_batch_time', 0x3d, 0x2}}, {@nombcache}, {@resgid}, {@nogrpid}, {@nomblk_io_submit}, {@test_dummy_encryption_v1}, {@delalloc}, {@acl}]}, 0x0, 0x23d, &(0x7f00000024c0)="$eJzs3TFoM2UcBvDnLom13xfkUxdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDioELlcK9VGFFNz4v1+cMldcu/93+PueS/LSwK01rUk80k6SWaS9JIU53e4o16unW5uT+8vJ4PBo98Xw/3q7dpZu6tJtpLcn2SvLPJ8N9nYffLox4OH735tvXfXO7tPTE/0JE8dHx0+cvL24qvvL9y38enn3y4WmU//d+d1+YoRn3WL5KZ/o9h/RNFtugf8HUsvv/dFlfubk9w5zH8vZeqL9/radXu93PvWn7V947vPbp1kX4HLNxj0qmfg1gBonTJJP0U5m6ReL8vZ2fo3/JedK+ULq2svzTy3ur7ybNMjFXBZ+snhQx9OfXD1D/n/plPnH/j/qvL/2NLOV9X6Safp3gCTVOV/5unNeyL/0DryD+0l/9Be8g/tJf/QXvIP7SX/0F7yD+0l/9BaU5F/aK3zz38AoF0GU03PQAaa0vT4AwAAAAAAAAAAAAAAAAAAXLQ9vb98tkyq5sdvJscPJumOqt8Z/h9xcv3w9coPRbXbb4q62Vieun3MA4zp3YZnX9/wdbP1P7ltUpWKX0bNdt9cSbZeSTLX7V68/4rT+++fu/Evvu89M2aBMT3weLP1f95ptv7CQfJRNf7MjRp/ytwyfB89/vSr6zdm/Rd/GvMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATMyvAQAA///X+HQb")
mkdirat(0xffffffffffffff9c, &(0x7f0000000640)='mnt/encrypted_dir\x00', 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
io_submit(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000080)='./file0/../file0/../file0\x00', &(0x7f0000000100)='devpts\x00', 0x2000080, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, &(0x7f00000006c0)=@v2={0x2, @aes256, 0x0, '\x00', @a})
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000100)='./file0/../file0\x00', 0x0, 0x89101a, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000002440)=@bloom_filter={0x1e, 0x7, 0x800, 0x6, 0x8012, 0xffffffffffffffff, 0x59, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2, 0x0, 0xc, @value, @void, @void, @value}, 0x50)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x12f451, 0x0)
mount$bind(&(0x7f00000000c0)='.\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x80700a, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r2, &(0x7f0000000300)={0x2020}, 0x2020)
timer_create(0x0, 0x0, 0x0)

3m36.066517408s ago: executing program 3 (id=596):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000ffff0000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000300)={0x0, r0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r1}, 0x18)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"})

3m34.847529183s ago: executing program 2 (id=598):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10c4, 0xea90, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000003b810100850000006d000000850000005000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000100)={0x0, 0x0, 0x8, {0x8, 0x0, "392cdaab4a73"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000500)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x20, 0x1, 0x3, "c282fe"}, 0x0})
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000540)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x20, 0x1, 0xe, "ea6aafaabfc5926708627c6c0963"}, 0x0})

3m31.216155109s ago: executing program 2 (id=612):
r0 = socket(0xa, 0x3, 0x3a)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
getsockopt$nfc_llcp(r0, 0x3a, 0x1, 0x0, 0x20000000)

3m30.989076868s ago: executing program 2 (id=613):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000000)='./bus\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='uid=', @ANYRESHEX=0x0, @ANYBLOB="2c73686f72746e616d653d6c6f7765722c757466383d302c726f6469722c757466383d302c726f6469722c696f636861727365743d6d6163726f6d616e2c73686f77657865632c73686f72746e616d653d77696e39352c756e695f786c6174653d302c73686f72746e616d653d77696e39352c73686f72746e616d653d77696e39352c00f395f574a499af5e6cdfaa1a85f1ed7bd2a302c79bac684196a181472941f3e8d5f0c25b6b1c813a1a585c9a4b2e13d0e6703ebf775aedddb03cfe9b5b41dbb7f281b7a692d1565d86f1141aeb77ef42aecc9119695ebc164be81adcb319b0a2625908bc71d4ed437b3a8a4bb41531458712657ad8b2849b1b9667bd67ae74df4e33d4f2e6346539944f4a70793058926800"/288], 0x3, 0x36c, &(0x7f00000006c0)="$eJzs3T2IXFUUAOAzefuXYNwthKAgjHaCLknEQm02yAaC26gM/hTiYDYqM2tkBweTIpOtxEoES63sLFSwsBYLETsLW1NIVCw0XSDBK+9nfnc22Yi7ifh9RTg595y59+08dt6+2bn7ykq0Ts/GmStXLsfCQi1mVp5aiau1WIosIuYidzG2K0ciTRkCAO5wV1OKP1Nply21PV4SALDHitf/1w6PZL6460b1yas/APznVT//H5zMl6/zteLfhZ2az+7x4gCAPbHt/v+DY8Nzw7f6czPFbwW8td+LBAD+Vc+9+NLTJ9Yinq3XFyI23u02uo14Yjh+4ky8Ee1Yj6OxGNcj8uuE96v3APL45Km11aP1er0XvyxFI892GxEbvW4jK/uzon8+jsViLJU9/auNlFJ28su11WP1QkRc7BXzx0at25iNQ9X8Px2K9Tge9bhnrH+2mODU2urxlMoHaGz0+3sRW8P7Fvn6l2Mxfng1zkY7Thdr71/WrK1eOPZkFQ/7u435oq604x0QAAAAAAAAAAAAAAAAAAAAAAD4R5brA0uD/XPScP+e5eUp48X+OGV/tT/QVrk/UJpPkdIf7zzSeC8b3x9ocn+ebmMmDtzeQwcAAAAAAAAAAAAAAAAAAIA7RufcXDTb7fXNzrnzrdGgt9k5dyAi8syb3332zcHYXnOTYKaaY2SoXqXOt5op6xenbKymCrJ88n7m068GKx6tmR8cxdRlzO881G4ffuDnj4aZ+7P+I/81rMli+gFmE8sYDTbuLpd0K1+oQXD8JjWXUko7tV94eXtX1CJmbv2Ju3GQ8uDby6/f+2jnyGNF5utUeujhxecvffjJb61mO585imdwbrNzPbWa1f+nn2w7B9nI+VOLMqiNngkzN2rfGs80sx9/f+G+D77f3expNPP2lJqsPJzPJ4fmyiBf5sTQwfEzvAxmp5z8exAc+Xglf45+3W3XyDcJG3UAAAAAAAAAAAAAAAAAAMC+GPmseKX6sO9sbVvt7CB6/Jl9Wh4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7Ivh3/8fCbYGmQNV2WTNtespTXZd68VEptVsz69vdiLmbvNRAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwf/d3AAAA//9Q9GiN")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)

3m29.663238333s ago: executing program 2 (id=619):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NL802154_CMD_SET_TX_POWER(0xffffffffffffffff, 0x0, 0x4090)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = gettid()
add_key(&(0x7f0000002c40)='logon\x00', 0x0, &(0x7f0000002cc0)="3be5c7", 0x3, 0xfffffffffffffffe)
timer_create(0x8, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0xde02})
preadv(r0, &(0x7f00000002c0)=[{&(0x7f0000000300)=""/133, 0x85}], 0x1, 0x0, 0x0)
syz_usb_connect(0x0, 0x4b, &(0x7f00000004c0)=ANY=[@ANYBLOB="120100003f9aab106d04f0080d500102030109023900010000164709040000030806620009"], 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

3m24.318331662s ago: executing program 2 (id=633):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000002380)='./bus\x00', 0x20081e, &(0x7f0000002400)={[{@nodelalloc}, {@grpid}, {@grpjquota}, {@grpjquota}, {@minixdf}]}, 0x1, 0x4ef, &(0x7f00000003c0)="$eJzs3U1vW1kZAODXzpeTyUwywywAAVOGgYKqOonbRlUXUFYIoUqILkFqQ+JGUew4ip3ShC7S/4BEJVaw5Aew7oo9GwQ7NmWBxEcEaiqxMLrXN6mb2k1oEjuKn0e6uvfcY/s9J849x36d+AQwsC5FxE5EjEbE/YiYys7nsi1ut7bkdi92Hy/u7T5ezEWzefefubQ+ORdt90m8lz1mISJ+9L2In+bejFvf2l5dqFTKG63i+Eyjuj5T39q+ulJdWC4vl9dKpfm5+dmb126UTq2vn1RHs6MvP//Dzrd+njRrMjvT3o/T1Or6yEGcxHBE/OAsgvXBUNaf0X43hHeSj4iPIuLT9PqfiqH02QQALrJmcyqaU+1lAOCiy6c5sFy+mOUCJiOfLxZbObyPYyJfqdUbVx7UNteWWrmy6RjJP1iplGezXOF0jOSS8lx6/KpcOlS+FhEfRsQvxsbTcnGxVlnq5wsfABhg7x2a//8z1pr/AYALrtDvBgAAPWf+B4DBY/4HgMFj/geAwWP+B4DBY/4HgMFj/geAgfLDO3eSrbmXff/10sOtzdXaw6tL5fpqsbq5WFysbawXl2u15fQ7e6pHPV6lVlufux6bj6a/vV5vzNS3tu9Va5trjXvp93rfK4/0pFcAwNt8+MmzP+ciYufWeLpF21oO5mq42PL9bgDQN0P9bgDQN1b7gsF1gvf40gNwQXRYovc1hYgYP3yy2Ww2z65JwBm7/AX5fxhUbfl/fwUMA0b+HwaX/D8MrmYzd9w1/+O4NwQAzjc5fqDL5/8fZfvfZh8O/GTp8C2enmWrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4HzbX/+3mK0FPhn5fLEY8X5ETMdI7sFKpTwbER9ExJ/GRsaS8lyf2wwAnFT+b7ls/a/LU59NHq4dzb0cS/cR8bNf3f3lo4VGY+OPyfl/HZxvPM3Ol/rRfgDgKPvzdLpveyP/Yvfx4v7Wy/b8/bsRUWjF39sdjb2D+MMxnO4LMRIRE//OZeWWXFvu4iR2nkTE5zv1PxeTaQ6ktfLp4fhJ7Pd7Gj//Wvx8WtfaJz+Lz51CW2DQPEvGn9udrr98XEr3na//QjpCnVw2/iUPtbiXjoGv4u+Pf0Ndxr9Lx41x/fffbx2Nv1n3JOKLwxH7sffaxp/9+Lku8T87Zvy/fOkrn3ara/464nJ0jt8ea6ZRXZ+pb21fXakuLJeXy2ul0vzc/OzNazdKM2mOeqb7bPCPW1c+6FaX9H+iS/zCEf3/+jH7/5v/3v/xV98S/5tf6xQ/Hx+/JX4yJ37jmPEXJn5X6FaXxF/q0v+jnv8rx4z//K/bbywbDgD0T31re3WhUilv9PJg/4VET4M6uAAHyW/NOWhGx4Pv9CrWaPxf92o23ylWtxHjNLJuwHlwcNFHxMt+NwYAAAAAAAAAAAAAAOioF/+x1O8+AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcHH9LwAA//89fM7W")
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_DAEMON(r0, 0x0, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='mnt\x00', 0x4, &(0x7f00000000c0)={[{@max_batch_time={'max_batch_time', 0x3d, 0x2}}, {@nombcache}, {@resgid}, {@nogrpid}, {@nomblk_io_submit}, {@test_dummy_encryption_v1}, {@delalloc}, {@acl}]}, 0x0, 0x23d, &(0x7f00000024c0)="$eJzs3TFoM2UcBvDnLom13xfkUxdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDioELlcK9VGFFNz4v1+cMldcu/93+PueS/LSwK01rUk80k6SWaS9JIU53e4o16unW5uT+8vJ4PBo98Xw/3q7dpZu6tJtpLcn2SvLPJ8N9nYffLox4OH735tvXfXO7tPTE/0JE8dHx0+cvL24qvvL9y38enn3y4WmU//d+d1+YoRn3WL5KZ/o9h/RNFtugf8HUsvv/dFlfubk9w5zH8vZeqL9/radXu93PvWn7V947vPbp1kX4HLNxj0qmfg1gBonTJJP0U5m6ReL8vZ2fo3/JedK+ULq2svzTy3ur7ybNMjFXBZ+snhQx9OfXD1D/n/plPnH/j/qvL/2NLOV9X6Safp3gCTVOV/5unNeyL/0DryD+0l/9Be8g/tJf/QXvIP7SX/0F7yD+0l/9BaU5F/aK3zz38AoF0GU03PQAaa0vT4AwAAAAAAAAAAAAAAAAAAXLQ9vb98tkyq5sdvJscPJumOqt8Z/h9xcv3w9coPRbXbb4q62Vieun3MA4zp3YZnX9/wdbP1P7ltUpWKX0bNdt9cSbZeSTLX7V68/4rT+++fu/Evvu89M2aBMT3weLP1f95ptv7CQfJRNf7MjRp/ytwyfB89/vSr6zdm/Rd/GvMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATMyvAQAA///X+HQb")
mkdirat(0xffffffffffffff9c, &(0x7f0000000640)='mnt/encrypted_dir\x00', 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
io_submit(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000080)='./file0/../file0/../file0\x00', &(0x7f0000000100)='devpts\x00', 0x2000080, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, &(0x7f00000006c0)=@v2={0x2, @aes256, 0x0, '\x00', @a})
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000100)='./file0/../file0\x00', 0x0, 0x89101a, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000002440)=@bloom_filter={0x1e, 0x7, 0x800, 0x6, 0x8012, 0xffffffffffffffff, 0x59, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2, 0x0, 0xc, @value, @void, @void, @value}, 0x50)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x12f451, 0x0)
mount$bind(&(0x7f00000000c0)='.\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x80700a, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r2, &(0x7f0000000300)={0x2020}, 0x2020)
timer_create(0x0, 0x0, 0x0)

3m21.864461502s ago: executing program 2 (id=640):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000001afc180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000090000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
epoll_create(0x9)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000280)={0x0, 0x0})
fcntl$setsig(0xffffffffffffffff, 0xa, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='io.stat\x00', 0x275a, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r5, &(0x7f0000000440), 0x10)
listen(r5, 0x0)
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r6, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)
accept4$unix(r5, 0x0, 0x0, 0x0)
write$binfmt_script(r4, &(0x7f0000000100), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r4, 0x0)

3m21.065768659s ago: executing program 32 (id=596):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000ffff0000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000300)={0x0, r0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r1}, 0x18)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"})

3m6.475468423s ago: executing program 33 (id=640):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000001afc180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000090000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
epoll_create(0x9)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000280)={0x0, 0x0})
fcntl$setsig(0xffffffffffffffff, 0xa, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='io.stat\x00', 0x275a, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r5, &(0x7f0000000440), 0x10)
listen(r5, 0x0)
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r6, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)
accept4$unix(r5, 0x0, 0x0, 0x0)
write$binfmt_script(r4, &(0x7f0000000100), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r4, 0x0)

2m39.217129567s ago: executing program 6 (id=675):
syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000240)='./file1\x00', 0x2000480, &(0x7f00000002c0), 0x1, 0x78e, &(0x7f0000001480)="$eJzs3c1rHOUfAPDvbJKmSfv7JYKg9RQQNFC6MTW2Ch4qHkSwUNCz7bLZhppNtmQ3pQkBW0QQQVDxIOilZ1/qzasvV/0vPEhL1bRY8SCR2eym22Y33bTZ3WA+H5js88zM5nm++8w888zOsBPAnjWW/slEHIqID5OIkdr8JCIGqqn+iBPr691eXcmnUxJra6//nlTXubW6ko+G96QO1DKPR8QP70Yczmwut7y0PJsrFgsLtfxEZe78RHlp+ci5udxMYaYwf2xyauro8eeOH9u5WP/8efng9Y9eefrrE3+/89jVD35M4kQcrC1rjGOnjMVY7TMZSD/Cu7y804X1WNLrCvBA0l2zb30vj0MxEn3VVAtD3awZANApb0fEGgCwxySO/wCwx9S/B7i1upKvT739RqK7brwUEfvX469f31xf0l+7Zre/eh10+FZy15WRJCJGd6D8sYj4/Ns3v0yn6NB1SIBmLl2OiDOjY5v7/2TTPQvb9cxWC9cGqy9j98y+b//3/kNWCtjwXTr+eb7Z+C+zMf6JJuOfwSb77oO4//6fubYDxbSUjv9ebLi37XZD/DWjfbXc/6pjvoHk7LliIe3b/h8R4zEwmOYnq6s2vwtq/OY/N1uV3zj+++Pjt75Iy09f76yRudY/ePd7pnOV3MPGXXfjcsQT/c3iTzbaP2kx/j3VZhmvvvDeZ62WpfGn8danzfF31tqViKeatv+dtky2vD9xoro5TNQ3iia++eXT4VblN7Z/OqXl188FuiFt/+Gt4x9NGu/XLG+/jJ+ujHzfatn942++/e9L3qim99XmXcxVKguTEfuS1zbPP3rnvfV8ff00/vEnm+//W23/6TnhmTbj77/+21cPHn9npfFPb6v9t5+4enu2r1X57bX/VDU1XpvTTv/XbgUf5rMDAAAAAAAAAAAAAAAAAAAAAAAAgHZlIuJgJJnsRjqTyWbXn+H9aAxniqVy5fDZ0uL8dFSflT0aA5n6T12ONPwe6mTt9/Dr+aP35J+NiEci4pPBoWo+my8Vp3sdPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADUHGjx/P/Ur4O9rh0A0DH7W8zv63I9AIDuaXX8BwD+u7Z3/B/qWD0AgO5x/g8Ae0/bx/8zna0HANA9zv8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADosFMnT6bT2l+rK/k0P31haXG2dOHIdKE8m51bzGfzpYXz2ZlSaaZYyOZLcy3/0aX1l2KpdH4q5hcvTlQK5cpEeWn59Fxpcb5y+txcbqZwujDQtcgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoH3lpeXZXLFYWJDYMjG0O6qxaxL9sSuqIdGxRGMvMdS7DgoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgl/s3AAD//4fPK2Y=")
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
sched_setscheduler(0x0, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
sendmmsg$inet6(r1, &(0x7f0000000040), 0x0, 0xc880)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_SOCK_GET(r6, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000001240)={&(0x7f0000001200)={0x14, r5, 0x91200da0502f5fa9}, 0x14}}, 0x0)

2m35.057345711s ago: executing program 6 (id=749):
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10)
listen(r0, 0x0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r1, &(0x7f0000002300)={&(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{}, 0x4}}, 0x10, 0x0}, 0x0)
sendmsg$tipc(r1, &(0x7f00000002c0)={&(0x7f0000000080)=@nameseq={0x1e, 0x2, 0x0, {0x41}}, 0x10, 0x0}, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000048000000000000000000850000000e000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b40)={&(0x7f0000000840)='kmem_cache_free\x00', r2}, 0x10)
accept4(r0, 0x0, 0x0, 0x0)

2m34.61747336s ago: executing program 6 (id=750):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_MEDIA_GET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r1], 0x6c}}, 0x0)

2m34.402868809s ago: executing program 6 (id=753):
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
r3 = syz_open_dev$vcsa(&(0x7f0000000380), 0x1, 0x42)
writev(r3, &(0x7f00000002c0)=[{}, {&(0x7f00000003c0)="e4", 0x1}, {&(0x7f0000000100)='O{Y', 0x3}], 0x3)

2m33.173214134s ago: executing program 6 (id=756):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000000)={0x9, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207008502"], 0x10}}, 0x0)

2m30.753132565s ago: executing program 6 (id=759):
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x1000801, &(0x7f00000001c0)=ANY=[], 0x2, 0x1ea, &(0x7f00000003c0)="$eJzsmb2LE0EYxp+Z3eydhyg2FjYWHniit9ndqFxzxQmWgnCKWgZvPU73LpKskAQEg42NpYVga2NpYWFl4V9gq4UKgoUp7YSR+djdyWYT4gdG9P3BzT7z9c68L9yzsAFBEP8tHz98ff/w3NqlUwD2YxkLZvyzo5/i4Oj6d4/vnHy0fv7J87dPX+8duPuyHI/JPWL28z0ArzYcpGCuOXFk93IRNtO4DI4TRl8Bg6/lN6HQnRgM18yam5Zu7TMiif3rrWTrxk4SB7IJZRPJpmGfLy81HDBsAVhUtxOCWfOdXv9WM0nidlnURHbO2NSPimn1U/fb4FhHVj0hOICrD+4PZN/UBgF4Xr8QHKHRDTBsGr2GBfi+X5TEyv+IW8R3Zsl/vuKZEodW/9Sh4Locf0Pu/7Co/ZY4rDwi/6HzkcPDzAPtNZ/mnvvPC2VcAMam3iwlyYVfiOxVFCoXhT9JZz9u+ZMLN/ePerp7u97p9Vd3dpvb8Xa8F0WNs8HpIDgT1ZUR6XaK/y0qf1qy4tcmrPWYh24zTdthF0jbYd6PdGs57uaL1he1hyv/41g5pmMw887KX5QlmPnj6inVilO98t7EnAiCIAiCIAiCIAiCIAiCIKo5Cgb9S5hg5oNoFdFF9YXyewAAAP//L0Rm/Q==")
keyctl$KEYCTL_PKEY_QUERY(0x18, 0x0, 0x0, 0x0, 0x0)
mknod(&(0x7f0000000140)='./file0\x00', 0x8001420, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mount$9p_tcp(&(0x7f0000000500), &(0x7f0000000540)='./file0\x00', &(0x7f0000000580), 0x0, &(0x7f0000000940)=ANY=[@ANYBLOB])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
mount(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f00000001c0)='cgroup\x00', 0x822000, 0x0)
fadvise64(r0, 0xaa1f, 0xff39, 0x3)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ff00b704000023000000850000000300000095000000000000008b31acf164875ffd1e1893b056065f8725b37fda16427e4d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
removexattr(&(0x7f0000000100)='./file0\x00', 0x0)

2m15.053309974s ago: executing program 34 (id=759):
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x1000801, &(0x7f00000001c0)=ANY=[], 0x2, 0x1ea, &(0x7f00000003c0)="$eJzsmb2LE0EYxp+Z3eydhyg2FjYWHniit9ndqFxzxQmWgnCKWgZvPU73LpKskAQEg42NpYVga2NpYWFl4V9gq4UKgoUp7YSR+djdyWYT4gdG9P3BzT7z9c68L9yzsAFBEP8tHz98ff/w3NqlUwD2YxkLZvyzo5/i4Oj6d4/vnHy0fv7J87dPX+8duPuyHI/JPWL28z0ArzYcpGCuOXFk93IRNtO4DI4TRl8Bg6/lN6HQnRgM18yam5Zu7TMiif3rrWTrxk4SB7IJZRPJpmGfLy81HDBsAVhUtxOCWfOdXv9WM0nidlnURHbO2NSPimn1U/fb4FhHVj0hOICrD+4PZN/UBgF4Xr8QHKHRDTBsGr2GBfi+X5TEyv+IW8R3Zsl/vuKZEodW/9Sh4Locf0Pu/7Co/ZY4rDwi/6HzkcPDzAPtNZ/mnvvPC2VcAMam3iwlyYVfiOxVFCoXhT9JZz9u+ZMLN/ePerp7u97p9Vd3dpvb8Xa8F0WNs8HpIDgT1ZUR6XaK/y0qf1qy4tcmrPWYh24zTdthF0jbYd6PdGs57uaL1he1hyv/41g5pmMw887KX5QlmPnj6inVilO98t7EnAiCIAiCIAiCIAiCIAiCIKo5Cgb9S5hg5oNoFdFF9YXyewAAAP//L0Rm/Q==")
keyctl$KEYCTL_PKEY_QUERY(0x18, 0x0, 0x0, 0x0, 0x0)
mknod(&(0x7f0000000140)='./file0\x00', 0x8001420, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mount$9p_tcp(&(0x7f0000000500), &(0x7f0000000540)='./file0\x00', &(0x7f0000000580), 0x0, &(0x7f0000000940)=ANY=[@ANYBLOB])
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
mount(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f00000001c0)='cgroup\x00', 0x822000, 0x0)
fadvise64(r0, 0xaa1f, 0xff39, 0x3)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ff00b704000023000000850000000300000095000000000000008b31acf164875ffd1e1893b056065f8725b37fda16427e4d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
removexattr(&(0x7f0000000100)='./file0\x00', 0x0)

16.207966163s ago: executing program 1 (id=1104):
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
accept4$unix(r2, 0x0, &(0x7f0000000180), 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
recvmsg(r3, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x60ae0}], 0x1, 0x0, 0xd66}, 0x0)
sendmsg$tipc(r4, &(0x7f0000000240)={0x0, 0x2, &(0x7f00000000c0), 0x31}, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040))
getsockopt$IPT_SO_GET_INFO(r5, 0x0, 0x40, 0x0, &(0x7f0000000700))
sendmsg$tipc(r3, &(0x7f0000000340)={0x0, 0x58, 0x0}, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
setrlimit(0xe, &(0x7f0000000300)={0x9, 0x3})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
write(r2, 0x0, 0x640270e0988cb8c2)
r7 = socket(0x10, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r7, 0x89f1, &(0x7f0000002400)={'ip6tnl0\x00', &(0x7f0000000540)={'syztnl2\x00', 0x0, 0x0, 0xc, 0x5, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x4, 0x0}}, @mcast2={0xff, 0x5}, 0x0, 0x40, 0x0, 0xa}})
sched_getparam(r0, &(0x7f0000000740))

13.917072135s ago: executing program 1 (id=1108):
getpid()
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/tcp\x00')
read$FUSE(r0, 0x0, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
listen(r1, 0x0)
read$FUSE(r0, &(0x7f0000004440)={0x2020}, 0x2020)

13.707790534s ago: executing program 1 (id=1111):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0x20, &(0x7f00000003c0)={&(0x7f0000000000)=""/20, 0x14, <r5=>0x0, &(0x7f0000000300)=""/159, 0x9f}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa2000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = epoll_create1(0x0)
r8 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r8, &(0x7f0000000100))
epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f00000000c0))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000180)={0xffffffffffffffff, <r9=>0xffffffffffffffff}, 0x0)
dup(r9)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
getpgid(0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000800)=@raw={'raw\x00', 0x41, 0x3, 0x2b8, 0x0, 0x19, 0x0, 0x0, 0x0, 0x220, 0x1f0, 0x1f0, 0x220, 0x1f0, 0x3, 0x0, {[{{@ip={@private, @dev, 0x0, 0x0, 'wlan1\x00', 'veth1_to_bridge\x00'}, 0x0, 0xe0, 0x140, 0x0, {0x0, 0xffffffffa0028000}, [@common=@unspec=@limit={{0x48}, {0x0, 0x1}}, @common=@inet=@socket1={{0x28}, 0xc}]}, @common=@SET={0x60}}, {{@uncond, 0x0, 0x98, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x318)

11.296853904s ago: executing program 1 (id=1114):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r1, 0x8993, &(0x7f0000002280)={'syzkaller0\x00', @random="110000110002"})

10.364251701s ago: executing program 4 (id=1116):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0xab0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r3}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r2}, 0x10)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000180)={'rose0\x00', 0x112})
ioctl$TUNSETQUEUE(r4, 0x400454d9, &(0x7f0000000100)={'vlan0\x00', 0x400})

10.23287476s ago: executing program 1 (id=1118):
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
accept4$unix(r2, 0x0, &(0x7f0000000180), 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
recvmsg(r3, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x60ae0}], 0x1, 0x0, 0xd66}, 0x0)
sendmsg$tipc(r4, &(0x7f0000000240)={0x0, 0x2, &(0x7f00000000c0), 0x31}, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040))
getsockopt$IPT_SO_GET_INFO(r5, 0x0, 0x40, 0x0, &(0x7f0000000700))
sendmsg$tipc(r3, &(0x7f0000000340)={0x0, 0x58, 0x0}, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
setrlimit(0xe, &(0x7f0000000300)={0x9, 0x3})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
write(r2, 0x0, 0x640270e0988cb8c2)
r7 = socket(0x10, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r7, 0x89f1, &(0x7f0000002400)={'ip6tnl0\x00', &(0x7f0000000540)={'syztnl2\x00', 0x0, 0x0, 0xc, 0x5, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x4, 0x0}}, @mcast2={0xff, 0x5}, 0x0, 0x40, 0x0, 0xa}})
sched_getparam(r0, &(0x7f0000000740))

9.025873886s ago: executing program 7 (id=1121):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x0)
r1 = socket(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x2d)
r7 = socket(0x10, 0x3, 0x0)
setsockopt$MRT_ADD_MFC_PROXY(r7, 0x0, 0xd2, &(0x7f0000000000)={@multicast1, @multicast1, 0xffffffffffffffff, "85bd5c3ad6bd0599b00af1ccec21404779e2c1e8948ceb4dc4d896e720706c12", 0xff, 0x8, 0xd8, 0x40}, 0x3c)
write(r1, &(0x7f0000000000)="2400000011005f0414f9f40700090400810000000d0000000000000008000f0001000000", 0x24)

8.962532075s ago: executing program 5 (id=1122):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendto(r1, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x7e}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41, 0xb00}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0xeeef0000, 0x2000, &(0x7f0000000000/0x2000)=nil})

8.637631274s ago: executing program 4 (id=1123):
socket$pppl2tp(0x18, 0x1, 0x1)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000000000000000000000008500000061000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009b00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

7.777484011s ago: executing program 4 (id=1125):
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x4b, &(0x7f00000004c0)=ANY=[], 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

7.55365961s ago: executing program 0 (id=1126):
syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f00000000c0)='./file2\x00', 0x0, &(0x7f0000000300)={[{@noinline_xattr}, {@noinline_dentry}, {@prjjquota={'prjjquota', 0x3d, 'active_logs=4'}}, {@jqfmt_vfsv1}, {@noinline_data}, {@noheap}, {@checkpoint_diasble}, {@fastboot}, {@fsync_mode_strict}, {@discard_unit_section}]}, 0x21, 0x552d, &(0x7f000000abc0)="$eJzs3EtvG1UUAODjpOmbEiEW7DqoQkqk2qrTh2BXoBUP0aoqsGAFju1abmxPFDtOyIoFS8SCf4JAYsWS38CCNTvEAsQOCeS5E2gKlZDixKT5Pml85t65c+beURTpzFgO4NhazH77pRIX4kxEzEfE+Yhiv1JuhZspvBARFyNi7pGtUvb/1XEyIs5GxIVJ8pSzUh764vL40vWf3/712+9PnTj35Tc/zG7VwKy9FBH99bS/1U8x76T4sOxvjLtF7F8blzEd6K+V7TzFrfZqkWGrsTuuUcSrnTQ+X98cTuKDXqM5iZ3ug6J/fZAuOBx3dvMUJzxsbBTtVnu1iN1hXsTOTprX9k7637YzHKU8rTLfx0X6GI12Y+pvb7fTetbXitgcjMr+lDdvtbcncVzG8nLRzHutYh6r+7nT/2svvtMdbG5n4/bGsJsPsuu1+su1+o1qfSNvtUfta9VGv3XjWrbU6U2GVUftRv9mJ887vXatmfeXs6VOs1mt17OlW+3VbmOQ1eu1q7Ur1evL5d7l7I2772e9VrY0ia91B5ujbm+YPcg3snTGcrZSu/rKcnapnr1751527/7t23fuvffhrQ/uvnrnrdfLQf+YVra0cmVlpVq/Ul2pL+/vBhyp9X9aTnqK64d9qcx6AgBHj/ofmIWDq/837kccfP0f6v+pOFL173Gv/w9g/bAv6n8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgGPrx4Wv3ix2FlP7XNn/TNn1XNmuRMRcRPzxL+bj5J6c82WehSeMX3hsDt9VosgwucapcjsbETfL7fdnD/ouAAAAwNPr608ufp6q9fSxOOsJcZjSQ5u58x9NKV8lIhYWf5pStrnJx/NTSlb8fZ+I7SllKx5gnZ5SsvTI7cS0sv0n83vC6UdCJYW5x8+Y2moBAICZ2VsJHG4VAgAAwGH67IlH1g51HhyySuy+ytx9F1x88/7vl31nUturPwAAADi6KrOeAAAAAHDgivrf7/8BAADA0y39/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH+ycy+5aQNxHID/NrjQl4qq7nuV7uAYPUKXXVYcoJfgCOQKuQBnILscIYIIj4NCRB7EY6xE3yfZgy3zmxkei5mRBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBLV9VydvHv5/+2OZttO3l6AwAAAByzrpaz+sUkXX9u7n9tbn1vrouIKCPi2Nh9EB8OMgdNTvXI89WDNlxG1Am7OkbN8SkifqVjG9+6/hQAAADgXRruTqv5YppG6+k06btVtHbCd5gmbcovvzNVXURENbnOlFbu8n5kCqt/38P4mymtnsAaZwpLU27DXGkvUv/d97N243tFkYry6fdn6zsAAHBGg4PivKMQAAAAzulP3w2gCx+ffaKIu6XM/VLgKBXjgwiLfQAAAPB2FX03AAAAAOhcPf4/Zf+/6Gf/v7ix/x8AAAC8Wtr/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC6tq+VsNV9M2+Zstu3k6Q0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADALfvzjgIhEAZhsHd9ZzL3P6w0aGpqUgXCx98YDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABc7M9LCoRAEETBnPG/k77/YSVBzyBCBDQ8qqhFAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABc7Ny/b9xUHADwZ/t8/QGII6AbghBIDLDQ67W0dEMMoIiBPwEpSq8l9MqPNgOtKqQsbChzFwQjQkigsPUfYOqG1EpdytbhhiKxsByyz845TSUuRLEvyecjPb/vOY7f99lSlK+fEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDR6bxon2aYzieNi373Ht1ay/v4TfebOxoPFrGVxVGfSB8Mr1Q9Rt7lEAAAAODqSsr4PITxMN5eyPu7k9X9aHpPV/N8/N4nLev7Jur/sy9o/a7/9+uilrYE6k3Gyk15aHQ5O70yltX+znG/P/+cRrfzK589ekvyGxB+uvzhK8+sZfXv37vvtPDxWR7YAwP9xquyLoPx9KOv7TSYGwJHRqhTeZf2fdJrNCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAOo/XwTBlHIYTF1jTO3H98a+Vp/Z2NB4tlO3/79kb1nNkp0hDCpdXh4HSNc5l312/cvLI8HA6u1R+8GkJoavR3i+lf+XiGg0No5PrsV/DPeDze1Xcdbz7nPQVxcbPnJZ+DETT4QwkAgEMpLVpW1z9MN5eyfdFCCOMfttf/b1TiMGP9/+iT8/eqY1Xr/35tM5x/vbWrX/Su37j51urV5cuDy4PP3j7Tf6d/9sK5cxd6+bOSnicmAAAA7E27aNX6P17Yuf5/shKHGev/L7/rfz0d6Y98q/7fabro13QmAAAAR9sLr/39V/SU/VG7Hb5aXlu71p9stz6fmWwbSHXXjhWtWv8nC01nBQAAANRhtB5tW/+/WInDjOv/z/748s/VcyYhhBPF+v+plc+HF+ubzlyr48+Jm54jAAAAzTpRtOr6f5q//x9vvfIQhxDefH0SF/8GcKb6P/ngm5+qYyWV9//P1jfFuRR3J9cj77shtLrbvvx7Y4kBAABwKB0vWlbs/5luLn36y8mP2t7/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKjbvwEAAP//E41CoA==")
openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0})
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020641700000000002020007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
renameat2(0xffffffffffffff9c, &(0x7f0000000580)='./file1\x00', 0xffffffffffffff9c, &(0x7f00000005c0)='./file7\x00', 0x5)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x2)

7.5530259s ago: executing program 5 (id=1127):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2c}}, 0x10)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg$inet(r0, &(0x7f0000004540)=[{{&(0x7f0000000040)={0x2, 0x4e22, @multicast1}, 0x10, 0x0}, 0xee0000b0}, {{0x0, 0x0, &(0x7f00000012c0)=[{&(0x7f0000001100)="15b26f226e2966667482d50903b0a8d92ccd9e69d5cc4cb3d467a670b237a9225fb56c0f7ea725dee27c4bb43bb50c6748c83b71d59f0537405dfab648c096607340fac939a2efd31cbe2f8ca29c409e87ea0974b7bceff9afef5d07d691575f5115f2f961ad488e3386036913e98181a6034febaab853a3e928b9035b0e3a8e1cb393c70f6d0448970e0af2476f8b923ee09c19deca55d58f70e8eeff55dda6381cb96afe97196c0af0a8fd450a1447a1a521e2c211fb84cbcf4aebd31298972ec6bea1764fbde5500fa30c5f2459cff4d7f123ab94cfd5762d586ec7a28abc2f8c9e608f8f964b96ecb0883d60d444f317834a3d734cb304051a60d1a084a84da8f9a23a1b9d4951c0a81985c63ae193f40e9deb358b2f08553324fd6086be9e70e5061568abefebcda50e70f4dab2e4dc0cf6d85aced044d7005326922886194895267165f7f592036ebe11dcf1cad98f5cda766eaea90fb4cb5e793525126c7594f8599055192d63a81d3cd26aadd50983f1c3f1d4655c1b5f59e80f733e3abc4792b760729fd26298ef15141cf76cc4", 0x192}, {&(0x7f0000000d80)="7d68e6de85f9b0cbc9d710267f321ec64eab043ecad9af7e01e9463218ec45924a99867163e468d36a682fadd749caa325e685d75559a87139e02fae7271be8f55671cfd32a09896278d1941370174720838039d0989bc3394b8a4c4f4a30f0496be313d6d60fe47966c634a3ee1f659e8ef310647725bda0130d5de5028220a4cf5fc808a75694738ee26cb21302b4bba4265b845a5", 0x96}, {&(0x7f0000000380)="73fd71361e8d6c80ae1bc9953e2a4aeac7a314273066fc7f65a51969b46df1774bb0be94ccd4824f2d57ad2cd37242b1258402395481f9f07e067652e52aa8ccefcd0962ba0c48757b68d493f3ad702e65d4daa7dfc1605a173185472ae12470eea64c70ef4e64793b8a830447de0f423bef3964934eef4243cac42939ba6fa68d821b9373b5f3e2c26e7ca75ed8fb3203aef3a6637cecdd0251532b99537e02f604058f50e66c8a657d59beeed127695475f082d3d2b9790181fc987ad000ac00887d1506be89f388ecb405660b4ea196ee8f5a92b12ec43bbf49567db613d478ebe2358364f7600bf4f80ef4b2756fb13416c4fa22880cc96a03f07888575aedb001d5a74bb2f906797912b5ac080a0a3d361425f1a92ab03bbe65d5dcb235f43b5ad1162a16ebdc647baac013bf076945126cdd5a080853976a97ad55184601102fbb8df86b21aa8162858d74465c5fb7dc766602a3567f6eaf441f85ec50ca7fb3a4fdb450d1420531da25d01a412958a5e3895c59542238cf8e188e7fb5641eb24a5f1819bf8d2e9dd6c1d0e93564d723e311db9cd268bb1e477036e822b135cdbaf40f812aa7db01d22c829ab01ae24997dae96ddeed49e62d285701d5419e3f94a8b95790cf5a296ed15bffae1f71470c6a6eda872528844a2df42590d898630263cab5cccec57b7cea365ad8c91bfbe7cb419635ce6bf340a56115c0ad922b6fade9538e543bc5def2a85d35ab16d20c219c4733837be2c14ba4d3d32c3a6882ce6857626f55109b4cdcb634425d710bf3108f9b31b4af0cc17a58e49e871a56126dd8bed08e038ba64008587237b3442d28032e52fc9fae1a5784ba59d0edfa03d38352724903ed6f6970b3f4dfa6e40bf933b6765c6ee648174765f1e8ec71b80cac86abd065a3005b40a43a665707cc590997c5048183006a9dd8026d39def05950183b3d4f12f4e1644ef78cddac7c5569985c2c232bb350f28857675339e53f63a868704d2e0b38993dc57a02d3e297fc9a5b9384622841018c303a05bac25d509df5a2d0e3232927283fcc3ec67e4fa7b71d22f115cf693851dcceab4bce38cbfbb32829e211cdcb6a359e14fe416663541050d340aef2555dbd292bd9cbab8fcf20378149cc994569c2bc95fb33fd2d9321b8ac8e5160b02e202492f470eb719a8f2ac3a4be37ea0918b54b14789b7aa228d47f7b13fd9af608740c5a8fe02109a7cc0e555b22628ef790e513ecadfd338d30aed8ca219e64ee4fb0bd0e21e5101bf2072ffa071eb1aa0454caccc015ff1e166813f819a142b56a22e4ff387bb319288a0ef747c6fc8fdee3a0e193b0d086eb816e97e0322fcdaa30da61cd26ac9d8d0748fccd911ce0fd4adc953e9486e137fe66bc8aedfd5b78c562ebfc578ac9f96a453311766564541e16955e30b95914e9411a0b4cd95e0d8732d5ff7a4f921ef41d986a195334266585353b16b9449955523913a30c087532bcb899f733af3abea59baea174cf04359547a633b5f8a582ae3ef12a1d0125bef8c6e8c9fb589d3597c5ab3879491b0c5e3607203f06836a6805d3f7979c4325f9fecb2aceddedb272237132460cda812ef7d613a585898d59f92ef68ec95f12b47b440f6d899ecbfab48055e0c1605ba4cd9dbc17c4cbfec8a953ebbd38c45a6737a57ee58e21a20e530171137968ae4f0d0366cdb0b9d6a4667b011fcd7cd9e77364e5221989d8f0d80793260e748e3bd394849c090c744f6044328304cd6f02e941c5405647daffc1fd2f2864b37f92bbf4931c8e4a7c6bafd0ea79d39d330e70e6776bf6a926de227e5a43653bba04883e98d67bb64aa86e8bf271ba87604bc598e47f2992c7618ad25068860a481554b53352c7339de7e79c3bd1aed5bef8f398432858c888a5d8651969ea40eb3d486e9fe61d49b20500fdfd1548f567da970103d36730657c35d03d2c36b142665f62203b1fb12d616478cfef6f38b34cda87a634dd06d359f33e98b94a5e5b46b2a8d73126352d1d5b65af75055455cc903e384c41876fbdff935d047284d9d203b147a6ba0e9cb50beef7798886c33d2f2f0c0d9abe0e32c7c809f8b0b28fc59471987353c862a311776b8275bf319d5cb9a59f8f103b6e567ef5dd8859973cc3fe41e356bf5bd3186240e49286977eca36a8ad44185973b276cd7958b73e14a221b7fd567818bebf54ad27ee95161bd2aeeb356482ff467500a7d36f0464f58a591ec6b728f984ec78d0abe14c6d3411ac3ffc4c3179d1f95d029f26cceb545723519d3d4209a2b1243e78767273c13dc2bd320512674b6f1a50313bae7b9d16aebb476dbc829e8fd8dd46a1696efaff5795cf75de57c90f05ed9ef4a5cdfbf20d3d9ed95fb4114b1d5c9ade0856212e7ba330ce5bccf2c993dff89112b28bd3b17d3fcfacef7590f62bf948977dd79e2d8025946c80bf263e34035409b5ba1443d4929727180761bd56d258c3670a0aa4de21111fc3172367582de2d164ff3a18d0696b8dd8e5c1423b2ea1e2c0cfe141e4cf04f8cdaed48976b94c40d6a581300458661bbdbfeeb4969af6319eb1798843d0872f68f0c6537bbc9c7dd1e9b0564bf442d8d25f8aa884aba1df074d374f99750d9227bb821ba0355f60de2829a5c8cd47c89d29a2e3d7d53d59db5c3ace8f484664202c210c68a3b33076fb00d59938e84fbad6d6618c0bb89cf94035fa2de4da351e0d71df416450ea7ec3af33aa5c0313c63e654bd79c73b39dc1933636956761058d76648746daca469f8fce62c17a8160cdefc6a927eef9ec4a8dd684e46f35282546ce2362ab8afedd39bf699fd7c2cde538f52ea43c08558f42ba77b2986b800c45fa76a130b30919b3e1d504573e3c1e7dd2dc5d81379df53d736511f1da4ad8791e46adb27bb5c38129e89edda0aed99dcc03fe400f7d05d48e3e9e17744e8487f8ac464c86f7332211fb9799e9d27a6832d5f17ccd1a2da255f6da047e4728dd80860c04391bca4b7833f0346866401ec20033bcf6dfa85fd1520de5a03b4f9f6f5d2f8d7b6e7d7df1cbe5c05e23e080cf335639c94c48aaeb0bfebbe79530d67d35fb101c91839954c0e50dd4b90a86428b22b0be1e906fee30f68d7ce4bf9c68eafe695f07f5e4e4d473d77104b7b1b5dcfeb84e8c83624c0068d4e1cccfe740f8e5d5699603f8481ef2a1f2d4b8fd2314c5cb1985fe34cf8ede7d2e8bddea269422490903489c7f5951114d7ccb29a19455a987d538955712a460243105b25ccb6e6f34c370a6bbb234bee150dbcea5188e45305253f1014f7c0b5d60d517d2d05707f5ca9249a921d6c5307caf41deca0509b49102d801320db65c00f6e1c05fb8c2e1cc554673bf6168dd64086b19af28eec508fd0c304837e802173ac9947c4d73929c61d9632ab929a25f2a04350954612c2de705c1c25215284fe933fc8ccfd30ab3fc9ff5e04dd68d4720d95a29d6da176ac9d332c9ce77358f3c262777ea828fe6473638bc77be2aa586a3733e275744bc42c3742c1ad8f89d25c31958902f2f498c58fc85e9b78fb7a331734cb081cfa9ccfd262df927c0ff46983f8765af4add3532de2b91f2436df028", 0x9fd}], 0x3}}, {{0x0, 0x0, &(0x7f00000017c0)=[{&(0x7f0000001700)="a6", 0x1}], 0x1}}], 0x3, 0x0)

7.290360269s ago: executing program 5 (id=1128):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, 0x0, &(0x7f00000000c0)='GPL\x00', 0x0, 0x100a, &(0x7f0000001400)=""/4106, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
mknod(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB="34000000100001f8ffffff000000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000000c002b8008000100", @ANYRES32=r1, @ANYBLOB="08001b"], 0x34}}, 0x4004010)

6.216978954s ago: executing program 7 (id=1129):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x4801})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r2, 0x0, 0x60, 0x0, 0x0)
close(r1)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200))
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
write$cgroup_devices(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="1b2388a8"], 0xffdd)

6.156412795s ago: executing program 5 (id=1130):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = dup(0xffffffffffffffff)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3])

5.261104201s ago: executing program 0 (id=1131):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de00000000000000001801000020a0702500000000002020207b1af8ff0000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00"/13], 0x48)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0x20, &(0x7f00000003c0)={&(0x7f0000000000)=""/20, 0x14, <r5=>0x0, &(0x7f0000000300)=""/159, 0x9f}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f60000178500"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = epoll_create1(0x0)
r8 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r8, &(0x7f0000000100))
epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f00000000c0))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000180), 0x0)
getpgid(0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000800)=@raw={'raw\x00', 0x41, 0x3, 0x2b8, 0x0, 0x19, 0x0, 0x0, 0x0, 0x220, 0x1f0, 0x1f0, 0x220, 0x1f0, 0x3, 0x0, {[{{@ip={@private, @dev, 0x0, 0x0, 'wlan1\x00', 'veth1_to_bridge\x00'}, 0x0, 0xe0, 0x140, 0x0, {0x0, 0xffffffffa0028000}, [@common=@unspec=@limit={{0x48}, {0x0, 0x1}}, @common=@inet=@socket1={{0x28}, 0xc}]}, @common=@SET={0x60}}, {{@uncond, 0x0, 0x98, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x318)

4.712072549s ago: executing program 7 (id=1132):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet6(0xa, 0x3, 0x1)
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000340)={{{@in=@loopback, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x0, 0x0, 0x0, 0x0, 0xa, 0x20}, {0x8000000000004, 0x0, 0x3, 0x0, 0xfffffffffffffffc}, {}, 0x0, 0x0, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0x23}, 0xfffffffd, 0x33}, 0x0, @in6=@dev={0xfe, 0x80, '\x00', 0x6}, 0x0, 0x3, 0x0, 0xfd}}, 0xe8)
sendmmsg(r1, &(0x7f0000000480), 0x21, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000000580)=""/102392, 0x18ff8)
socket$nl_xfrm(0x10, 0x3, 0x6)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r5, 0x560a, &(0x7f00000006c0)={0x0, 0x0, 0x2c, 0x2, 0x104, 0x2})
preadv(r0, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000080)={'team_slave_1\x00', &(0x7f0000000040)=@ethtool_cmd={0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa4, 0xfffffffd}})

4.581121828s ago: executing program 4 (id=1133):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1e7d, 0x2cf6, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000400)={0x2c, &(0x7f0000000280)={0x40, 0x9, 0x7, {0x7, 0x23, "3d7da32915"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000001000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
syz_usb_control_io(r0, 0x0, &(0x7f0000001040)={0x84, &(0x7f0000000700)={0x20, 0x15}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_pidfd_open(0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)

2.990051672s ago: executing program 7 (id=1134):
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @multicast2}, 0x2}}, 0x2e)
syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f0000000080)='./file1\x00', 0x8, &(0x7f0000000680)={[{@fat=@errors_remount}, {@fat=@errors_continue}, {}, {@dots}, {@dots}, {@nodots}, {@nodots}, {@nodots}, {@dots}, {@dots}, {@nodots}, {@nodots}, {@dots}, {@fat=@discard}, {@dots}, {@dots}, {@fat=@tz_utc}, {@fat=@errors_continue}, {@nodots}, {@fat=@sys_immutable}, {@fat=@quiet}, {@dots}]}, 0xfd, 0x1bf, &(0x7f0000000840)="$eJzs3TGL02AYB/Cn9bzmnG4TRCHg4nSon+BEThADgtJBJ4XT5SqCt0SX9mP4Af0A0qmLRGrSxkaHWmxS6++39En/edvnHZp26ZNXN99dnL+/fPvl+udIkl70T+M0Zr04jn4sTAIA2CezooivRanrXgCAdqzx/f+t5ZYAgC17/uLlkwdZdvYsTZOI6SQf5sPyscwfPc7O7qY/HNerpnk+vLLM76XN3w7z/Gpcq/L75fp0NT+MO7fLfJ49fJo18kGcb3frAAAAAAAAAAAAAAAAAAAAAADQmVuRLvx2vs/JSTM/qvLy6Kf5QI35PQdx46A6rMcDFeM2NgUAAAAAAAAAAAAAAAAAAAD/mMuPny5ej0ZvPtTFICJWn/mTole98IbL2y76sRNtKP5qke5GG6MNPwWHEbGtxmZFUax1cn2NGHR1cQIAAAAAAAAAAAAAAAAAgP9M/affX7Oki4YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAP1/f83KMYRscbJyzc76nSrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7LHvAQAA///DgjXa")
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r0}, 0x10)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000f80)=@can_newroute={0x134, 0x18, 0x821, 0x0, 0x25dfdbfd, {0x1d, 0x1, 0x2}, [@CGW_CS_CRC8={0x11e, 0x6, {0x0, 0x33, 0x0, 0x0, 0x0, "eb6d1c4f28cf20017a13585466a7140953a8197ba559b346ad5b29290c90d2968e731fd9e4f3388bb08a9cbd0b4da9b324178252c8c8e94b70abdddd02f39c5851b2424d3c7b2cdd337e60604e9d6ab35e5c0c0ee937c3b80c76fcbe30aadc890e828d4dc899909673d51a20f021f9d91750de2c00001dd38b27435f28bc2b61ce9475a1d973323ea21bc82580d4bcdbdd1f57227d225f0b688118eda805ad141c3dbe57b99fde6d2be5724535168ba6b684cbe75d6673119157c5af56cd26529f962e550e99f93e10bf9de9d67baf43cec0204ede44f961ef8591fd0f41fe84a05787dea0eff9ecd4581000d68da6f3352b00", 0x2, "80d6584e0214d700"}}]}, 0x134}}, 0x20040044)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@newlink={0x38, 0x10, 0x403, 0x0, 0x8000000, {0x0, 0x0, 0x0, 0x0, 0x1e8f7}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gre={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_IKEY={0x8, 0x4, 0x8}]}}}]}, 0x38}}, 0x0)
ptrace$ARCH_SHSTK_DISABLE(0x1e, r1, 0x2, 0x5002)

2.988375872s ago: executing program 0 (id=1135):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
rename(0x0, 0x0)

2.773214481s ago: executing program 0 (id=1136):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendto(r1, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x7e}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41, 0xb00}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0xeeef0000, 0x2000, &(0x7f0000000000/0x2000)=nil})

2.720210301s ago: executing program 5 (id=1137):
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000800000000005e002200850000006d00000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r4, 0xffffffffffffffff, 0x0)

2.51356012s ago: executing program 0 (id=1138):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2c}}, 0x10)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg$inet(r0, &(0x7f0000004540)=[{{&(0x7f0000000040)={0x2, 0x4e22, @multicast1}, 0x10, 0x0}, 0xee0000b0}, {{0x0, 0x0, &(0x7f00000012c0)=[{&(0x7f0000001100)="15b26f226e2966667482d50903b0a8d92ccd9e69d5cc4cb3d467a670b237a9225fb56c0f7ea725dee27c4bb43bb50c6748c83b71d59f0537405dfab648c096607340fac939a2efd31cbe2f8ca29c409e87ea0974b7bceff9afef5d07d691575f5115f2f961ad488e3386036913e98181a6034febaab853a3e928b9035b0e3a8e1cb393c70f6d0448970e0af2476f8b923ee09c19deca55d58f70e8eeff55dda6381cb96afe97196c0af0a8fd450a1447a1a521e2c211fb84cbcf4aebd31298972ec6bea1764fbde5500fa30c5f2459cff4d7f123ab94cfd5762d586ec7a28abc2f8c9e608f8f964b96ecb0883d60d444f317834a3d734cb304051a60d1a084a84da8f9a23a1b9d4951c0a81985c63ae193f40e9deb358b2f08553324fd6086be9e70e5061568abefebcda50e70f4dab2e4dc0cf6d85aced044d7005326922886194895267165f7f592036ebe11dcf1cad98f5cda766eaea90fb4cb5e793525126c7594f8599055192d63a81d3cd26aadd50983f1c3f1d4655c1b5f59e80f733e3abc4792b760729fd26298ef15141cf76cc4", 0x192}, {&(0x7f0000000d80)="7d68e6de85f9b0cbc9d710267f321ec64eab043ecad9af7e01e9463218ec45924a99867163e468d36a682fadd749caa325e685d75559a87139e02fae7271be8f55671cfd32a09896278d1941370174720838039d0989bc3394b8a4c4f4a30f0496be313d6d60fe47966c634a3ee1f659e8ef310647725bda0130d5de5028220a4cf5fc808a75694738ee26cb21302b4bba4265b845a5", 0x96}, {&(0x7f0000000380)="73fd71361e8d6c80ae1bc9953e2a4aeac7a314273066fc7f65a51969b46df1774bb0be94ccd4824f2d57ad2cd37242b1258402395481f9f07e067652e52aa8ccefcd0962ba0c48757b68d493f3ad702e65d4daa7dfc1605a173185472ae12470eea64c70ef4e64793b8a830447de0f423bef3964934eef4243cac42939ba6fa68d821b9373b5f3e2c26e7ca75ed8fb3203aef3a6637cecdd0251532b99537e02f604058f50e66c8a657d59beeed127695475f082d3d2b9790181fc987ad000ac00887d1506be89f388ecb405660b4ea196ee8f5a92b12ec43bbf49567db613d478ebe2358364f7600bf4f80ef4b2756fb13416c4fa22880cc96a03f07888575aedb001d5a74bb2f906797912b5ac080a0a3d361425f1a92ab03bbe65d5dcb235f43b5ad1162a16ebdc647baac013bf076945126cdd5a080853976a97ad55184601102fbb8df86b21aa8162858d74465c5fb7dc766602a3567f6eaf441f85ec50ca7fb3a4fdb450d1420531da25d01a412958a5e3895c59542238cf8e188e7fb5641eb24a5f1819bf8d2e9dd6c1d0e93564d723e311db9cd268bb1e477036e822b135cdbaf40f812aa7db01d22c829ab01ae24997dae96ddeed49e62d285701d5419e3f94a8b95790cf5a296ed15bffae1f71470c6a6eda872528844a2df42590d898630263cab5cccec57b7cea365ad8c91bfbe7cb419635ce6bf340a56115c0ad922b6fade9538e543bc5def2a85d35ab16d20c219c4733837be2c14ba4d3d32c3a6882ce6857626f55109b4cdcb634425d710bf3108f9b31b4af0cc17a58e49e871a56126dd8bed08e038ba64008587237b3442d28032e52fc9fae1a5784ba59d0edfa03d38352724903ed6f6970b3f4dfa6e40bf933b6765c6ee648174765f1e8ec71b80cac86abd065a3005b40a43a665707cc590997c5048183006a9dd8026d39def05950183b3d4f12f4e1644ef78cddac7c5569985c2c232bb350f28857675339e53f63a868704d2e0b38993dc57a02d3e297fc9a5b9384622841018c303a05bac25d509df5a2d0e3232927283fcc3ec67e4fa7b71d22f115cf693851dcceab4bce38cbfbb32829e211cdcb6a359e14fe416663541050d340aef2555dbd292bd9cbab8fcf20378149cc994569c2bc95fb33fd2d9321b8ac8e5160b02e202492f470eb719a8f2ac3a4be37ea0918b54b14789b7aa228d47f7b13fd9af608740c5a8fe02109a7cc0e555b22628ef790e513ecadfd338d30aed8ca219e64ee4fb0bd0e21e5101bf2072ffa071eb1aa0454caccc015ff1e166813f819a142b56a22e4ff387bb319288a0ef747c6fc8fdee3a0e193b0d086eb816e97e0322fcdaa30da61cd26ac9d8d0748fccd911ce0fd4adc953e9486e137fe66bc8aedfd5b78c562ebfc578ac9f96a453311766564541e16955e30b95914e9411a0b4cd95e0d8732d5ff7a4f921ef41d986a195334266585353b16b9449955523913a30c087532bcb899f733af3abea59baea174cf04359547a633b5f8a582ae3ef12a1d0125bef8c6e8c9fb589d3597c5ab3879491b0c5e3607203f06836a6805d3f7979c4325f9fecb2aceddedb272237132460cda812ef7d613a585898d59f92ef68ec95f12b47b440f6d899ecbfab48055e0c1605ba4cd9dbc17c4cbfec8a953ebbd38c45a6737a57ee58e21a20e530171137968ae4f0d0366cdb0b9d6a4667b011fcd7cd9e77364e5221989d8f0d80793260e748e3bd394849c090c744f6044328304cd6f02e941c5405647daffc1fd2f2864b37f92bbf4931c8e4a7c6bafd0ea79d39d330e70e6776bf6a926de227e5a43653bba04883e98d67bb64aa86e8bf271ba87604bc598e47f2992c7618ad25068860a481554b53352c7339de7e79c3bd1aed5bef8f398432858c888a5d8651969ea40eb3d486e9fe61d49b20500fdfd1548f567da970103d36730657c35d03d2c36b142665f62203b1fb12d616478cfef6f38b34cda87a634dd06d359f33e98b94a5e5b46b2a8d73126352d1d5b65af75055455cc903e384c41876fbdff935d047284d9d203b147a6ba0e9cb50beef7798886c33d2f2f0c0d9abe0e32c7c809f8b0b28fc59471987353c862a311776b8275bf319d5cb9a59f8f103b6e567ef5dd8859973cc3fe41e356bf5bd3186240e49286977eca36a8ad44185973b276cd7958b73e14a221b7fd567818bebf54ad27ee95161bd2aeeb356482ff467500a7d36f0464f58a591ec6b728f984ec78d0abe14c6d3411ac3ffc4c3179d1f95d029f26cceb545723519d3d4209a2b1243e78767273c13dc2bd320512674b6f1a50313bae7b9d16aebb476dbc829e8fd8dd46a1696efaff5795cf75de57c90f05ed9ef4a5cdfbf20d3d9ed95fb4114b1d5c9ade0856212e7ba330ce5bccf2c993dff89112b28bd3b17d3fcfacef7590f62bf948977dd79e2d8025946c80bf263e34035409b5ba1443d4929727180761bd56d258c3670a0aa4de21111fc3172367582de2d164ff3a18d0696b8dd8e5c1423b2ea1e2c0cfe141e4cf04f8cdaed48976b94c40d6a581300458661bbdbfeeb4969af6319eb1798843d0872f68f0c6537bbc9c7dd1e9b0564bf442d8d25f8aa884aba1df074d374f99750d9227bb821ba0355f60de2829a5c8cd47c89d29a2e3d7d53d59db5c3ace8f484664202c210c68a3b33076fb00d59938e84fbad6d6618c0bb89cf94035fa2de4da351e0d71df416450ea7ec3af33aa5c0313c63e654bd79c73b39dc1933636956761058d76648746daca469f8fce62c17a8160cdefc6a927eef9ec4a8dd684e46f35282546ce2362ab8afedd39bf699fd7c2cde538f52ea43c08558f42ba77b2986b800c45fa76a130b30919b3e1d504573e3c1e7dd2dc5d81379df53d736511f1da4ad8791e46adb27bb5c38129e89edda0aed99dcc03fe400f7d05d48e3e9e17744e8487f8ac464c86f7332211fb9799e9d27a6832d5f17ccd1a2da255f6da047e4728dd80860c04391bca4b7833f0346866401ec20033bcf6dfa85fd1520de5a03b4f9f6f5d2f8d7b6e7d7df1cbe5c05e23e080cf335639c94c48aaeb0bfebbe79530d67d35fb101c91839954c0e50dd4b90a86428b22b0be1e906fee30f68d7ce4bf9c68eafe695f07f5e4e4d473d77104b7b1b5dcfeb84e8c83624c0068d4e1cccfe740f8e5d5699603f8481ef2a1f2d4b8fd2314c5cb1985fe34cf8ede7d2e8bddea269422490903489c7f5951114d7ccb29a19455a987d538955712a460243105b25ccb6e6f34c370a6bbb234bee150dbcea5188e45305253f1014f7c0b5d60d517d2d05707f5ca9249a921d6c5307caf41deca0509b49102d801320db65c00f6e1c05fb8c2e1cc554673bf6168dd64086b19af28eec508fd0c304837e802173ac9947c4d73929c61d9632ab929a25f2a04350954612c2de705c1c25215284fe933fc8ccfd30ab3fc9ff5e04dd68d4720d95a29d6da176ac9d332c9ce77358f3c262777ea828fe6473638bc77be2aa586a3733e275744bc42c3742c1ad8f89d25c31958902f2f498c58fc85e9b78fb7a331734cb081cfa9ccfd262df927c0ff46983f8765af4add3532de2b91f2436df028", 0x9fd}], 0x3}}, {{0x0, 0x0, &(0x7f00000017c0)=[{&(0x7f0000001700)="a6", 0x1}], 0x1}}], 0x3, 0x0)

2.34466761s ago: executing program 0 (id=1139):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x0)
r1 = socket(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x2d)
r7 = socket(0x10, 0x3, 0x0)
setsockopt$MRT_ADD_MFC_PROXY(r7, 0x0, 0xd2, &(0x7f0000000000)={@multicast1, @multicast1, 0xffffffffffffffff, "85bd5c3ad6bd0599b00af1ccec21404779e2c1e8948ceb4dc4d896e720706c12", 0xff, 0x8, 0xd8, 0x40}, 0x3c)
write(r1, &(0x7f0000000000)="2400000011005f0414f9f40700090400810000000d0000000000000008000f0001000000", 0x24)

1.613076377s ago: executing program 5 (id=1140):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="06000000040000000800000005"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000001007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
close(r1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
write$cgroup_subtree(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="8fedcb5d07081175f37538e486dd"], 0xfdef)

1.241517786s ago: executing program 1 (id=1141):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, 0x0, &(0x7f00000000c0)='GPL\x00', 0x0, 0x100a, &(0x7f0000001400)=""/4106, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
mknod(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB="34000000100001f8ffffff000000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000000c002b8008000100", @ANYRES32=r1, @ANYBLOB="08001b"], 0x34}}, 0x4004010)

1.240023465s ago: executing program 7 (id=1142):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="160000000000000004000000fb"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)

904.252524ms ago: executing program 7 (id=1143):
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x4b, &(0x7f00000004c0)=ANY=[], 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

279.077201ms ago: executing program 4 (id=1144):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000d7c900000900000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000005000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r6, 0xffffffffffffffff, 0x0)

0s ago: executing program 4 (id=1145):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet6(0xa, 0x3, 0x1)
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000340)={{{@in=@loopback, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x0, 0x0, 0x0, 0x0, 0xa, 0x20}, {0x8000000000004, 0x0, 0x3, 0x0, 0xfffffffffffffffc}, {}, 0x0, 0x0, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0x23}, 0xfffffffd, 0x33}, 0x0, @in6=@dev={0xfe, 0x80, '\x00', 0x6}, 0x0, 0x3, 0x0, 0xfd}}, 0xe8)
sendmmsg(r1, &(0x7f0000000480), 0x21, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000000580)=""/102392, 0x18ff8)
socket$nl_xfrm(0x10, 0x3, 0x6)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r5, 0x560a, &(0x7f00000006c0)={0x0, 0x0, 0x2c, 0x2, 0x104, 0x2})
preadv(r0, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000080)={'team_slave_1\x00', &(0x7f0000000040)=@ethtool_cmd={0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa4, 0xfffffffd}})

kernel console output (not intermixed with test programs):

v06xx: st6422 sensor detected
[  269.488583][ T6397] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  269.520390][ T6397] EXT4-fs: test_dummy_encryption requires encrypt feature
[  269.708595][ T6397] syz.4.595 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  269.853359][ T6401] xt_socket: unknown flags 0xc
[  270.586136][ T6405] 9p: Unknown access argument 01777777777777777777777: -34
[  270.951941][ T4288] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  271.147488][ T4288] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  271.171318][ T4288] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  271.207014][ T4288] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  271.236536][ T4288] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  271.271572][ T4288] usb 3-1: config 0 descriptor??
[  271.622469][ T4291] STV06xx: probe of 2-1:0.0 failed with error -71
[  271.631154][ T4291] usb 2-1: USB disconnect, device number 7
[  272.534026][ T4288] cp2112 0003:10C4:EA90.000F: unknown main item tag 0x0
[  272.644629][ T4288] cp2112 0003:10C4:EA90.000F: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.2-1/input0
[  272.722532][ T4288] cp2112 0003:10C4:EA90.000F: Part Number: 0x82 Device Version: 0xFE
[  272.739152][ T6424] loop4: detected capacity change from 0 to 256
[  272.990648][ T6430] loop1: detected capacity change from 0 to 512
[  273.083526][ T4665] usb 1-1: new full-speed USB device number 10 using dummy_hcd
[  273.270086][ T6430] EXT4-fs error (device loop1): ext4_do_update_inode:5224: inode #3: comm syz.1.610: corrupted inode contents
[  273.319805][ T4665] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  273.380389][ T6430] EXT4-fs error (device loop1): ext4_dirty_inode:6089: inode #3: comm syz.1.610: mark_inode_dirty error
[  273.429170][ T4665] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  273.538003][ T6430] EXT4-fs error (device loop1): ext4_do_update_inode:5224: inode #3: comm syz.1.610: corrupted inode contents
[  273.617831][ T4665] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 576, setting to 64
[  273.650388][ T4665] usb 1-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 20
[  273.671589][ T6430] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #3: comm syz.1.610: mark_inode_dirty error
[  273.704702][ T6430] Quota error (device loop1): write_blk: dquota write failed
[  273.720498][ T4665] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  273.740342][ T6430] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  273.745849][ T4288] cp2112 0003:10C4:EA90.000F: error setting SMBus config
[  273.768660][ T4665] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  273.772239][ T4288] cp2112: probe of 0003:10C4:EA90.000F failed with error -71
[  273.791635][ T6430] EXT4-fs error (device loop1): ext4_acquire_dquot:6794: comm syz.1.610: Failed to acquire dquot type 0
[  273.791720][ T4665] usb 1-1: SerialNumber: syz
[  273.814707][ T4288] usb 3-1: USB disconnect, device number 9
[  273.845619][ T6422] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  273.846419][ T6430] EXT4-fs (loop1): 1 orphan inode deleted
[  273.858749][ T6430] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  273.858989][ T6422] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  273.882321][   T75] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  273.892341][ T6430] ext4 filesystem being mounted at /137/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  273.911651][   T75] EXT4-fs error (device loop1): ext4_release_dquot:6817: comm kworker/u4:4: Failed to release dquot type 1
[  273.927355][ T4665] cdc_acm 1-1:1.0: Control and data interfaces are not separated!
[  274.246381][ T4665] cdc_acm 1-1:1.0: ttyACM0: USB ACM device
[  274.274492][ T4665] usb 1-1: USB disconnect, device number 10
[  275.022320][ T6442] loop2: detected capacity change from 0 to 256
[  275.098761][ T4250] EXT4-fs (loop1): unmounting filesystem.
[  275.162855][ T6442] FAT-fs (loop2): Directory bread(block 64) failed
[  275.179935][ T6442] FAT-fs (loop2): Directory bread(block 65) failed
[  275.197249][ T6442] FAT-fs (loop2): Directory bread(block 66) failed
[  275.236925][ T6442] FAT-fs (loop2): Directory bread(block 67) failed
[  275.281244][ T6442] FAT-fs (loop2): Directory bread(block 68) failed
[  275.288724][ T6442] FAT-fs (loop2): Directory bread(block 69) failed
[  275.309412][ T6442] FAT-fs (loop2): Directory bread(block 70) failed
[  275.326408][ T6442] FAT-fs (loop2): Directory bread(block 71) failed
[  275.337912][   T26] audit: type=1326 audit(1734293991.193:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6445 comm="syz.0.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3504585d19 code=0x7ffc0000
[  275.371030][ T6442] FAT-fs (loop2): Directory bread(block 72) failed
[  275.381462][ T6442] FAT-fs (loop2): Directory bread(block 73) failed
[  275.422490][   T26] audit: type=1326 audit(1734293991.193:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6445 comm="syz.0.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3504585d19 code=0x7ffc0000
[  275.491599][   T26] audit: type=1326 audit(1734293991.223:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6445 comm="syz.0.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3504585d19 code=0x7ffc0000
[  275.580142][   T26] audit: type=1326 audit(1734293991.223:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6445 comm="syz.0.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3504585d19 code=0x7ffc0000
[  275.661826][   T26] audit: type=1326 audit(1734293991.223:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6445 comm="syz.0.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3504585d19 code=0x7ffc0000
[  275.750481][   T26] audit: type=1326 audit(1734293991.233:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6445 comm="syz.0.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3504585d19 code=0x7ffc0000
[  275.809427][   T26] audit: type=1326 audit(1734293991.233:436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6445 comm="syz.0.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3504585d19 code=0x7ffc0000
[  275.939984][ T6451] xt_CT: No such helper "syz0"
[  276.048580][ T6462] loop0: detected capacity change from 0 to 256
[  276.872359][ T4665] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  277.136468][ T4665] usb 3-1: Using ep0 maxpacket: 16
[  277.147855][ T4665] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  277.211633][ T4665] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  277.290235][ T4665] usb 3-1: New USB device found, idVendor=046d, idProduct=08f0, bcdDevice=50.0d
[  277.357195][ T4665] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  277.396031][ T4665] usb 3-1: Product: syz
[  277.415322][ T4665] usb 3-1: Manufacturer: syz
[  277.425171][ T4665] usb 3-1: SerialNumber: syz
[  277.608894][ T4665] usb 3-1: config 0 descriptor??
[  277.617416][ T4665] gspca_main: STV06xx-2.14.0 probing 046d:08f0
[  277.624495][ T4665] gspca_stv06xx: st6422 sensor detected
[  277.637876][ T6471] loop4: detected capacity change from 0 to 512
[  278.382521][ T6471] EXT4-fs error (device loop4): ext4_do_update_inode:5224: inode #3: comm syz.4.625: corrupted inode contents
[  278.435715][ T6471] EXT4-fs error (device loop4): ext4_dirty_inode:6089: inode #3: comm syz.4.625: mark_inode_dirty error
[  278.473322][ T6471] EXT4-fs error (device loop4): ext4_do_update_inode:5224: inode #3: comm syz.4.625: corrupted inode contents
[  278.592348][ T6471] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #3: comm syz.4.625: mark_inode_dirty error
[  278.622283][ T6471] EXT4-fs error (device loop4): ext4_acquire_dquot:6794: comm syz.4.625: Failed to acquire dquot type 0
[  278.697531][ T6471] EXT4-fs (loop4): 1 orphan inode deleted
[  278.717944][ T4580] __quota_error: 9 callbacks suppressed
[  278.717959][ T4580] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  278.755176][ T6471] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  278.810002][ T4580] EXT4-fs error (device loop4): ext4_release_dquot:6817: comm kworker/u4:13: Failed to release dquot type 1
[  278.870243][ T6482] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  278.891239][ T6482] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  278.900480][ T6482] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  278.928976][ T6471] ext4 filesystem being mounted at /121/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  278.953529][ T6482] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  279.446647][   T26] audit: type=1326 audit(1734293995.303:444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6483 comm="syz.1.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9fe1585d19 code=0x7ffc0000
[  279.553931][   T26] audit: type=1326 audit(1734293995.333:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6483 comm="syz.1.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9fe1585d19 code=0x7ffc0000
[  279.603523][   T26] audit: type=1326 audit(1734293995.333:446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6483 comm="syz.1.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f9fe1585d19 code=0x7ffc0000
[  279.626045][   T26] audit: type=1326 audit(1734293995.353:447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6483 comm="syz.1.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9fe1585d19 code=0x7ffc0000
[  279.650120][   T26] audit: type=1326 audit(1734293995.353:448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6483 comm="syz.1.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9fe1585d19 code=0x7ffc0000
[  279.673947][   T26] audit: type=1326 audit(1734293995.363:449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6483 comm="syz.1.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=289 compat=0 ip=0x7f9fe1585d19 code=0x7ffc0000
[  280.414872][   T26] audit: type=1326 audit(1734293995.363:450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6483 comm="syz.1.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9fe1585d19 code=0x7ffc0000
[  280.456639][ T4246] EXT4-fs (loop4): unmounting filesystem.
[  280.600841][   T26] audit: type=1326 audit(1734293995.363:451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6483 comm="syz.1.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9fe1585d19 code=0x7ffc0000
[  280.604878][ T4665] STV06xx: probe of 3-1:0.0 failed with error -71
[  280.665926][ T4665] usb 3-1: USB disconnect, device number 10
[  280.679709][ T6492] loop1: detected capacity change from 0 to 8192
[  280.701815][   T26] audit: type=1326 audit(1734293995.363:452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6483 comm="syz.1.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9fe1585d19 code=0x7ffc0000
[  280.818300][ T6496] device pim6reg1 entered promiscuous mode
[  281.160313][ T6502] xt_socket: unknown flags 0xc
[  281.732908][ T6504] loop2: detected capacity change from 0 to 512
[  281.820864][ T6504] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  281.863450][ T6506] loop0: detected capacity change from 0 to 256
[  282.040303][ T6504] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  282.088848][ T6504] ext4 filesystem being mounted at /128/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  283.174539][ T6518] loop1: detected capacity change from 0 to 2048
[  283.279316][ T6518] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  283.512816][ T4255] EXT4-fs error (device loop2): ext4_readdir:260: inode #12: block 32: comm syz-executor: path /128/bus/file0/file0/file0/file0/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  283.615355][ T6529] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  283.631387][ T6529] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  283.639859][ T6529] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  283.666373][ T6529] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check.
[  284.921841][ T4665] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  285.211798][ T4665] usb 1-1: Using ep0 maxpacket: 16
[  285.228186][ T4665] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  285.429239][ T4665] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  285.580134][ T4665] usb 1-1: New USB device found, idVendor=046d, idProduct=08f0, bcdDevice=50.0d
[  285.595739][ T4665] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  285.604523][ T4665] usb 1-1: Product: syz
[  285.608711][ T4665] usb 1-1: Manufacturer: syz
[  285.614317][ T4665] usb 1-1: SerialNumber: syz
[  285.620640][ T4665] usb 1-1: config 0 descriptor??
[  285.639274][ T4253] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  285.649312][ T4253] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  285.663643][ T4665] gspca_main: STV06xx-2.14.0 probing 046d:08f0
[  285.669889][ T4665] gspca_stv06xx: st6422 sensor detected
[  285.675589][ T4253] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  285.683502][ T4253] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  285.691062][ T4253] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  285.699645][ T4253] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  285.956959][ T4257] EXT4-fs (loop3): unmounting filesystem.
[  286.055286][   T33] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  286.293662][   T33] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  286.369044][ T6551] xt_socket: unknown flags 0xc
[  287.245498][   T33] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  287.367628][ T6544] chnl_net:caif_netlink_parms(): no params data found
[  287.473063][   T33] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  287.682149][ T6544] bridge0: port 1(bridge_slave_0) entered blocking state
[  287.714084][ T6544] bridge0: port 1(bridge_slave_0) entered disabled state
[  287.741975][   T48] Bluetooth: hci5: command 0x0409 tx timeout
[  287.757074][ T6544] device bridge_slave_0 entered promiscuous mode
[  287.847262][ T6544] bridge0: port 2(bridge_slave_1) entered blocking state
[  287.863644][ T4250] EXT4-fs (loop1): unmounting filesystem.
[  287.869948][ T6544] bridge0: port 2(bridge_slave_1) entered disabled state
[  287.879231][ T6544] device bridge_slave_1 entered promiscuous mode
[  288.034771][   T33] tipc: Left network mode
[  288.088217][ T6544] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  288.106771][ T6544] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  288.248917][ T6544] team0: Port device team_slave_0 added
[  288.299425][ T4665] STV06xx: probe of 1-1:0.0 failed with error -71
[  288.308730][ T4665] usb 1-1: USB disconnect, device number 11
[  288.563879][ T6544] team0: Port device team_slave_1 added
[  288.587240][ T6544] batman_adv: batadv0: Adding interface: batadv_slave_0
[  288.594249][ T6544] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  288.640828][ T6544] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  289.029439][ T6573] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  289.046601][ T6573] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  289.055061][ T6573] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  289.093477][ T6573] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check.
[  289.347462][ T6544] batman_adv: batadv0: Adding interface: batadv_slave_1
[  289.362341][ T6544] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  289.467629][ T6544] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  289.534460][ T6579] loop1: detected capacity change from 0 to 1024
[  289.700047][ T6579] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  289.712453][ T6544] device hsr_slave_0 entered promiscuous mode
[  289.764114][ T6544] device hsr_slave_1 entered promiscuous mode
[  289.812791][ T6544] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  289.823591][   T48] Bluetooth: hci5: command 0x041b tx timeout
[  289.883480][ T6544] Cannot create hsr debugfs directory
[  290.525709][ T6600] xt_socket: unknown flags 0xc
[  290.671736][   T26] kauditd_printk_skb: 20 callbacks suppressed
[  290.671795][   T26] audit: type=1804 audit(1734294006.513:473): pid=6602 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.654" name="/newroot/148/file2/bus" dev="loop1" ino=18 res=1 errno=0
[  290.971578][   T26] audit: type=1804 audit(1734294006.663:474): pid=6579 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.654" name="/newroot/148/file2/bus" dev="loop1" ino=18 res=1 errno=0
[  291.005570][ T6601] netlink: 4 bytes leftover after parsing attributes in process `syz.4.658'.
[  291.134997][ T4250] EXT4-fs (loop1): unmounting filesystem.
[  291.301914][ T6606] loop4: detected capacity change from 0 to 2048
[  291.365397][ T6606] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  291.896388][ T6544] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  291.903380][   T48] Bluetooth: hci5: command 0x040f tx timeout
[  291.983831][ T6544] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  292.204917][ T6544] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  292.236433][ T6544] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  292.300138][   T33] device hsr_slave_0 left promiscuous mode
[  292.326159][   T33] device hsr_slave_1 left promiscuous mode
[  292.343481][   T33] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  292.362880][   T33] batman_adv: batadv0: Removing interface: batadv_slave_0
[  292.421683][   T33] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  292.429130][   T33] batman_adv: batadv0: Removing interface: batadv_slave_1
[  292.497977][   T33] device veth1_macvtap left promiscuous mode
[  292.515073][   T33] device veth0_macvtap left promiscuous mode
[  292.521218][   T33] device veth1_vlan left promiscuous mode
[  292.542107][   T33] device veth0_vlan left promiscuous mode
[  292.952461][ T6635] loop1: detected capacity change from 0 to 128
[  293.044763][ T6635] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  293.093671][ T6635] ext4 filesystem being mounted at /152/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  293.360402][ T4250] EXT4-fs (loop1): unmounting filesystem.
[  293.871791][ T4665] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  293.981636][   T48] Bluetooth: hci5: command 0x0419 tx timeout
[  294.080083][ T4665] usb 2-1: Using ep0 maxpacket: 16
[  294.094334][ T4665] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  294.123535][ T4665] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  294.173656][ T4665] usb 2-1: New USB device found, idVendor=046d, idProduct=08f0, bcdDevice=50.0d
[  294.201605][ T4665] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  294.221992][ T4665] usb 2-1: Product: syz
[  294.229648][ T4665] usb 2-1: Manufacturer: syz
[  294.246572][ T4665] usb 2-1: SerialNumber: syz
[  294.253395][ T4665] usb 2-1: config 0 descriptor??
[  294.284186][ T4665] gspca_main: STV06xx-2.14.0 probing 046d:08f0
[  294.290559][ T4665] gspca_stv06xx: st6422 sensor detected
[  294.420271][   T33] team0 (unregistering): Port device team_slave_1 removed
[  294.542038][   T33] team0 (unregistering): Port device team_slave_0 removed
[  294.646625][   T33] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  294.752497][   T33] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  295.519695][   T33] bond0 (unregistering): Released all slaves
[  295.585941][ T6631] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  295.660956][ T4665] STV06xx: probe of 2-1:0.0 failed with error -71
[  295.685812][ T4665] usb 2-1: USB disconnect, device number 8
[  295.926712][ T6544] 8021q: adding VLAN 0 to HW filter on device bond0
[  295.932441][ T4246] EXT4-fs (loop4): unmounting filesystem.
[  295.992676][ T4580] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  296.021059][ T4580] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  296.088769][ T6544] 8021q: adding VLAN 0 to HW filter on device team0
[  296.157255][ T4736] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  296.169246][ T4736] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  296.186761][ T4736] bridge0: port 1(bridge_slave_0) entered blocking state
[  296.195040][ T4736] bridge0: port 1(bridge_slave_0) entered forwarding state
[  296.286836][ T4736] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  296.339434][ T4736] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  296.368656][ T4736] bridge0: port 2(bridge_slave_1) entered blocking state
[  296.375844][ T4736] bridge0: port 2(bridge_slave_1) entered forwarding state
[  296.430257][ T6661] loop4: detected capacity change from 0 to 256
[  296.440424][ T4736] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  296.515152][ T6661] FAT-fs (loop4): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1)
[  296.552293][ T4736] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  296.561099][ T4736] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  296.631885][ T4736] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  296.641895][ T4736] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  296.653209][ T4736] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  296.905991][ T4345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  297.119749][ T4345] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  297.342443][ T4345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  297.370752][ T4345] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  297.403918][ T6668] netlink: 4 bytes leftover after parsing attributes in process `syz.0.669'.
[  297.413005][ T6668] device bridge_slave_1 left promiscuous mode
[  297.419385][ T6668] bridge0: port 2(bridge_slave_1) entered disabled state
[  297.434810][ T6668] device bridge_slave_0 left promiscuous mode
[  297.441091][ T6668] bridge0: port 1(bridge_slave_0) entered disabled state
[  297.535332][ T6544] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  297.605696][ T6544] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  297.630293][ T4736] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  297.648436][ T4736] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  299.120173][ T6393] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  299.142220][ T6393] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  299.168673][ T6544] 8021q: adding VLAN 0 to HW filter on device batadv0
[  299.557191][ T6706] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  299.588846][ T6679] xt_socket: unknown flags 0xc
[  299.634061][ T6706] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  299.682472][ T6706] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  299.751453][ T6706] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check.
[  299.965491][   T48] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  299.975412][   T48] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  299.992749][   T48] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  300.003395][   T48] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  300.010932][   T48] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  300.018763][   T48] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  300.058218][ T4255] EXT4-fs (loop2): unmounting filesystem.
[  300.295744][ T4345] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  300.443691][ T4345] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  300.482041][ T6698] loop4: detected capacity change from 0 to 40427
[  300.493040][   T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  300.521901][ T6698] F2FS-fs (loop4): build fault injection attr: rate: 690, type: 0x3ffff
[  300.532105][   T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  300.540547][ T6698] F2FS-fs (loop4): build fault injection attr: rate: 0, type: 0x2
[  300.570247][ T6698] F2FS-fs (loop4): invalid crc value
[  300.585995][ T6544] device veth0_vlan entered promiscuous mode
[  300.600116][   T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  300.619943][ T6698] F2FS-fs (loop4): Found nat_bits in checkpoint
[  300.622651][   T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  300.689222][ T4345] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  300.721803][ T6698] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  300.729642][   T47] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  300.742269][   T47] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  300.790065][ T6544] device veth1_vlan entered promiscuous mode
[  300.927577][ T4345] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  301.217873][ T4736] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  301.240400][ T4736] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  301.276531][ T4736] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  301.286639][ T4246] syz-executor: attempt to access beyond end of device
[  301.286639][ T4246] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  301.303377][ T4736] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  301.315301][ T6544] device veth0_macvtap entered promiscuous mode
[  301.379646][ T6544] device veth1_macvtap entered promiscuous mode
[  301.402723][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  301.422233][ T4343] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  301.547421][ T6544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  301.574442][ T6544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  301.595292][ T6544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  301.621620][ T6544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  301.651595][ T6544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  301.701597][ T6544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  301.758615][ T6544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  301.791615][ T6544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  301.828547][ T6544] batman_adv: batadv0: Interface activated: batadv_slave_0
[  301.892848][   T47] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  301.912459][   T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  301.955569][ T6544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  301.992425][ T6544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  302.007927][ T6544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  302.020587][ T6544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  302.062685][   T48] Bluetooth: hci3: command 0x0409 tx timeout
[  302.070955][ T6544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  302.101732][ T6544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  302.117580][ T6544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  302.128483][ T6544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  302.160451][ T6544] batman_adv: batadv0: Interface activated: batadv_slave_1
[  302.215403][ T4293] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  302.228763][ T6544] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  302.239563][ T6544] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  302.254149][ T6544] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  302.262956][ T6544] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  302.278761][ T6713] chnl_net:caif_netlink_parms(): no params data found
[  302.422196][ T4293] usb 1-1: Using ep0 maxpacket: 16
[  302.452758][ T4293] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  302.638140][ T4293] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  302.836083][ T4293] usb 1-1: New USB device found, idVendor=046d, idProduct=08f0, bcdDevice=50.0d
[  302.921637][ T4736] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  302.925592][ T6751] loop4: detected capacity change from 0 to 512
[  302.930433][ T4736] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  302.942701][ T4293] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  302.970719][ T4293] usb 1-1: Product: syz
[  302.977911][ T6751] Quota error (device loop4): find_tree_dqentry: Cycle in quota tree detected: block 1 index 0
[  302.987093][ T4293] usb 1-1: Manufacturer: syz
[  302.994371][ T6751] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0
[  303.006076][ T4293] usb 1-1: SerialNumber: syz
[  303.008136][ T6751] EXT4-fs error (device loop4): ext4_acquire_dquot:6794: comm syz.4.682: Failed to acquire dquot type 0
[  303.022761][ T6751] EXT4-fs (loop4): Remounting filesystem read-only
[  303.031055][ T6751] Quota error (device loop4): find_tree_dqentry: Cycle in quota tree detected: block 1 index 0
[  303.031217][ T4293] usb 1-1: config 0 descriptor??
[  303.042640][ T6751] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0
[  303.058237][ T6751] EXT4-fs error (device loop4): ext4_acquire_dquot:6794: comm syz.4.682: Failed to acquire dquot type 0
[  303.067680][ T4293] gspca_main: STV06xx-2.14.0 probing 046d:08f0
[  303.087867][ T6751] EXT4-fs (loop4): Remounting filesystem read-only
[  303.089903][ T4293] gspca_stv06xx: st6422 sensor detected
[  303.114716][ T6751] Quota error (device loop4): find_tree_dqentry: Cycle in quota tree detected: block 1 index 0
[  303.126612][ T6751] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0
[  303.136956][ T6751] EXT4-fs error (device loop4): ext4_acquire_dquot:6794: comm syz.4.682: Failed to acquire dquot type 0
[  303.152589][ T6751] EXT4-fs (loop4): Remounting filesystem read-only
[  303.159259][ T6751] EXT4-fs (loop4): 1 orphan inode deleted
[  303.169566][ T6751] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  303.184467][ T6749] netlink: 4 bytes leftover after parsing attributes in process `syz.1.681'.
[  303.184586][ T6751] ext4 filesystem being mounted at /146/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  303.303399][ T6751] Quota error (device loop4): find_tree_dqentry: Cycle in quota tree detected: block 1 index 0
[  303.351728][ T6751] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0
[  303.399995][ T6751] EXT4-fs error (device loop4): ext4_acquire_dquot:6794: comm syz.4.682: Failed to acquire dquot type 0
[  303.438649][ T6751] EXT4-fs (loop4): Remounting filesystem read-only
[  303.612376][ T4246] EXT4-fs (loop4): unmounting filesystem.
[  303.730429][ T6713] bridge0: port 1(bridge_slave_0) entered blocking state
[  303.738368][ T6713] bridge0: port 1(bridge_slave_0) entered disabled state
[  303.750555][ T6713] device bridge_slave_0 entered promiscuous mode
[  303.775030][ T4736] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  303.821767][ T4736] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  303.841854][ T6713] bridge0: port 2(bridge_slave_1) entered blocking state
[  303.849106][ T6713] bridge0: port 2(bridge_slave_1) entered disabled state
[  303.863434][ T4293] STV06xx: probe of 1-1:0.0 failed with error -71
[  303.884392][ T4293] usb 1-1: USB disconnect, device number 12
[  303.899827][ T6713] device bridge_slave_1 entered promiscuous mode
[  303.935809][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  303.987963][ T4580] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  303.994227][ T6713] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  304.010105][ T6713] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  304.030090][ T4580] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  304.098433][ T6104] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  304.141880][ T4253] Bluetooth: hci3: command 0x041b tx timeout
[  304.164600][ T6713] team0: Port device team_slave_0 added
[  304.233611][ T6713] team0: Port device team_slave_1 added
[  304.340415][ T6713] batman_adv: batadv0: Adding interface: batadv_slave_0
[  304.358913][ T6713] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  304.453524][ T6713] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  304.848610][ T6713] batman_adv: batadv0: Adding interface: batadv_slave_1
[  304.901057][ T6713] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  305.565567][ T6713] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  306.070426][ T6796] loop5: detected capacity change from 0 to 256
[  306.110206][ T6796] 9pnet_fd: Insufficient options for proto=fd
[  306.223728][ T4253] Bluetooth: hci3: command 0x040f tx timeout
[  307.264013][ T6796] loop5: detected capacity change from 0 to 512
[  307.844816][ T6713] device hsr_slave_0 entered promiscuous mode
[  307.868566][ T6713] device hsr_slave_1 entered promiscuous mode
[  307.895419][ T6713] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  307.941697][ T6713] Cannot create hsr debugfs directory
[  308.311652][   T48] Bluetooth: hci3: command 0x0419 tx timeout
[  308.337277][ T6791] loop4: detected capacity change from 0 to 40427
[  308.383730][ T6791] F2FS-fs (loop4): build fault injection attr: rate: 690, type: 0x3ffff
[  308.411228][ T6791] F2FS-fs (loop4): build fault injection attr: rate: 0, type: 0x2
[  308.466313][ T6791] F2FS-fs (loop4): invalid crc value
[  308.487576][ T6791] F2FS-fs (loop4): Found nat_bits in checkpoint
[  308.644964][ T6791] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  308.652757][ T4345] device hsr_slave_0 left promiscuous mode
[  308.659436][ T4345] device hsr_slave_1 left promiscuous mode
[  308.675318][ T4345] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  308.718290][ T4345] batman_adv: batadv0: Removing interface: batadv_slave_0
[  308.739057][ T4345] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  308.759030][ T4345] batman_adv: batadv0: Removing interface: batadv_slave_1
[  309.555351][ T4345] device veth1_macvtap left promiscuous mode
[  309.595038][ T4345] device veth0_macvtap left promiscuous mode
[  309.601218][ T4345] device veth1_vlan left promiscuous mode
[  309.625079][ T4345] device veth0_vlan left promiscuous mode
[  309.672126][ T4246] syz-executor: attempt to access beyond end of device
[  309.672126][ T4246] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  311.882598][ T4345] team0 (unregistering): Port device team_slave_1 removed
[  312.302204][ T4345] team0 (unregistering): Port device team_slave_0 removed
[  312.311627][ T4288] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  312.374456][ T4345] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  312.451992][ T4345] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  312.511655][ T4288] usb 5-1: Using ep0 maxpacket: 16
[  312.520431][ T4288] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  312.556670][ T4288] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  312.594230][ T4288] usb 5-1: New USB device found, idVendor=046d, idProduct=08f0, bcdDevice=50.0d
[  312.621540][ T4288] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  312.630105][ T4288] usb 5-1: Product: syz
[  312.638885][ T4288] usb 5-1: Manufacturer: syz
[  312.651543][ T4288] usb 5-1: SerialNumber: syz
[  312.662145][ T4288] usb 5-1: config 0 descriptor??
[  312.684204][ T4288] gspca_main: STV06xx-2.14.0 probing 046d:08f0
[  312.690447][ T4288] gspca_stv06xx: st6422 sensor detected
[  313.394221][ T4345] bond0 (unregistering): Released all slaves
[  313.505133][ T6821] netlink: 4 bytes leftover after parsing attributes in process `syz.1.691'.
[  313.959026][ T6713] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  314.148239][ T6713] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  314.565038][ T4288] STV06xx: probe of 5-1:0.0 failed with error -71
[  314.583696][ T4288] usb 5-1: USB disconnect, device number 9
[  314.698180][ T6713] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  314.789299][ T6713] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  315.344819][ T6713] 8021q: adding VLAN 0 to HW filter on device bond0
[  315.482435][ T4664] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  315.525040][ T4664] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  315.578582][ T6713] 8021q: adding VLAN 0 to HW filter on device team0
[  315.644858][ T4664] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  315.672274][ T4664] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  315.772072][ T4664] bridge0: port 1(bridge_slave_0) entered blocking state
[  315.779203][ T4664] bridge0: port 1(bridge_slave_0) entered forwarding state
[  315.805283][ T6870] loop1: detected capacity change from 0 to 128
[  315.819164][ T4664] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  315.840843][ T4664] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  315.864675][ T4664] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  315.877569][ T4664] bridge0: port 2(bridge_slave_1) entered blocking state
[  315.884726][ T4664] bridge0: port 2(bridge_slave_1) entered forwarding state
[  315.895479][ T4664] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  315.924814][ T6870] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  315.967490][ T4664] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  315.988911][ T6870] ext4 filesystem being mounted at /164/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  316.016715][ T4664] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  316.081438][ T6863] loop0: detected capacity change from 0 to 40427
[  316.101956][ T4664] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  316.118014][ T6863] F2FS-fs (loop0): build fault injection attr: rate: 690, type: 0x3ffff
[  316.122857][ T4664] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  316.147623][ T6863] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x2
[  316.174779][ T6863] F2FS-fs (loop0): invalid crc value
[  316.201051][ T4345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  316.234485][ T4345] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  316.245125][ T6863] F2FS-fs (loop0): Found nat_bits in checkpoint
[  316.274929][ T4345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  316.290903][ T4345] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  316.332959][ T4345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  316.362033][ T4345] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  316.398512][ T6713] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  316.401854][ T6863] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  316.993817][ T4245] syz-executor: attempt to access beyond end of device
[  316.993817][ T4245] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  317.026647][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  317.033012][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  317.195202][ T6898] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  317.205577][ T6898] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  317.213138][ T6898] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  317.223652][ T6898] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  317.325350][ T6901] netlink: 8 bytes leftover after parsing attributes in process `syz.1.705'.
[  317.422268][ T6901] IPv6: ADDRCONF(NETDEV_CHANGE): gre2: link becomes ready
[  317.508024][ T6713] 8021q: adding VLAN 0 to HW filter on device batadv0
[  317.704862][ T4664] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  317.714844][ T4664] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  318.753930][ T6911] xt_socket: unknown flags 0xc
[  319.712774][ T6923] xt_socket: unknown flags 0xc
[  320.303236][   T26] audit: type=1326 audit(1734294036.163:475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6924 comm="syz.4.715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817dd85d19 code=0x7ffc0000
[  320.390516][   T26] audit: type=1326 audit(1734294036.193:476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6924 comm="syz.4.715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817dd85d19 code=0x7ffc0000
[  320.418958][   T26] audit: type=1326 audit(1734294036.193:477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6924 comm="syz.4.715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=290 compat=0 ip=0x7f817dd85d19 code=0x7ffc0000
[  320.537651][ T6930] loop0: detected capacity change from 0 to 256
[  320.547702][   T26] audit: type=1326 audit(1734294036.193:478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6924 comm="syz.4.715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817dd85d19 code=0x7ffc0000
[  320.618896][ T6930] exFAT-fs (loop0): bogus sector size bits : 6
[  320.656266][ T6930] exFAT-fs (loop0): failed to read boot sector
[  320.665142][ T6930] exFAT-fs (loop0): failed to recognize exfat type
[  320.676903][   T26] audit: type=1326 audit(1734294036.193:479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6924 comm="syz.4.715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817dd85d19 code=0x7ffc0000
[  321.276870][ T4250] EXT4-fs (loop1): unmounting filesystem.
[  322.337194][ T5670] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  322.357356][ T5670] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  322.415427][ T5670] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  322.440342][ T5670] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  322.472697][ T6713] device veth0_vlan entered promiscuous mode
[  322.486885][ T5670] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  322.508876][ T5670] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  322.531169][ T6713] device veth1_vlan entered promiscuous mode
[  322.650388][ T5670] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  322.670215][ T5670] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  322.696009][ T5670] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  322.737814][ T5670] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  322.763630][ T6713] device veth0_macvtap entered promiscuous mode
[  322.785004][ T6953] loop1: detected capacity change from 0 to 2048
[  322.813673][ T6713] device veth1_macvtap entered promiscuous mode
[  322.876477][ T6713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  322.907156][ T6713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  322.938308][ T6713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  323.027393][ T6713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  323.057546][ T6713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  323.085489][ T6713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  323.108380][ T6713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  323.137137][ T6713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  323.179510][ T6953]  loop1: p1 < > p4
[  323.183870][ T6713] batman_adv: batadv0: Interface activated: batadv_slave_0
[  323.198499][ T6953] loop1: p4 size 8388608 extends beyond EOD, truncated
[  323.251803][ T6393] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  323.270380][ T6393] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  323.332331][ T6393] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  323.378818][ T6393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  323.441022][ T6713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  323.471587][ T6713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  323.527797][ T6713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  323.595858][ T6713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  323.631466][ T6713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  323.780267][ T6972] loop1: detected capacity change from 0 to 16
[  323.830663][ T6713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  323.831524][ T6972] erofs: (device loop1): mounted with root inode @ nid 36.
[  323.840645][ T6713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  323.859506][ T6713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  323.871233][ T6713] batman_adv: batadv0: Interface activated: batadv_slave_1
[  323.882041][ T4664] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  323.893019][ T4664] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  323.924070][ T6972] syz.1.725: attempt to access beyond end of device
[  323.924070][ T6972] loop1: rw=0, sector=8, nr_sectors = 16 limit=16
[  323.941980][ T6713] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  323.990087][ T6713] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  324.124302][ T6713] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  324.336071][ T6972] syz.1.725: attempt to access beyond end of device
[  324.336071][ T6972] loop1: rw=0, sector=8, nr_sectors = 16 limit=16
[  324.356310][ T6713] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  324.619592][ T6979] syz.1.725: attempt to access beyond end of device
[  324.619592][ T6979] loop1: rw=0, sector=8, nr_sectors = 16 limit=16
[  324.722639][ T6980] erofs: (device loop1): z_erofs_readahead: readahead error at page 24 @ nid 36
[  324.816653][ T6980] erofs: (device loop1): z_erofs_readahead: readahead error at page 19 @ nid 36
[  324.907318][ T6985] syz.1.725: attempt to access beyond end of device
[  324.907318][ T6985] loop1: rw=0, sector=8, nr_sectors = 16 limit=16
[  324.994625][ T6980] erofs: (device loop1): z_erofs_readahead: readahead error at page 18 @ nid 36
[  325.041244][ T6980] erofs: (device loop1): z_erofs_readahead: readahead error at page 17 @ nid 36
[  325.078277][ T6980] erofs: (device loop1): z_erofs_readahead: readahead error at page 16 @ nid 36
[  325.130375][ T6980] erofs: (device loop1): z_erofs_readahead: readahead error at page 12 @ nid 36
[  325.170844][ T6980] syz.1.725: attempt to access beyond end of device
[  325.170844][ T6980] loop1: rw=524288, sector=376, nr_sectors = 16 limit=16
[  325.233383][ T6980] syz.1.725: attempt to access beyond end of device
[  325.233383][ T6980] loop1: rw=524288, sector=384, nr_sectors = 16 limit=16
[  325.287814][ T6980] syz.1.725: attempt to access beyond end of device
[  325.287814][ T6980] loop1: rw=524288, sector=16, nr_sectors = 16 limit=16
[  325.353577][ T6980] syz.1.725: attempt to access beyond end of device
[  325.353577][ T6980] loop1: rw=524288, sector=720, nr_sectors = 16 limit=16
[  325.393817][ T6980] syz.1.725: attempt to access beyond end of device
[  325.393817][ T6980] loop1: rw=524288, sector=728, nr_sectors = 16 limit=16
[  325.792668][ T4296] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  325.806578][ T4296] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  325.836375][ T4296] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  325.869767][ T4344] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  325.904553][ T6992] device pim6reg1 entered promiscuous mode
[  325.910460][ T4344] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  325.950084][ T4296] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  326.268949][   T26] audit: type=1326 audit(1734294042.123:480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7007 comm="syz.4.732" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f817dd85d19 code=0x0
[  326.309055][ T7005] loop6: detected capacity change from 0 to 2048
[  326.338950][ T7010] input: syz1 as /devices/virtual/input/input5
[  326.418648][ T7005] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  326.532942][ T6994] loop1: detected capacity change from 0 to 40427
[  326.557579][ T6994] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x3ffff
[  326.572799][ T6994] F2FS-fs (loop1): build fault injection attr: rate: 0, type: 0x2
[  326.589821][ T6994] F2FS-fs (loop1): invalid crc value
[  326.621307][ T6994] F2FS-fs (loop1): Found nat_bits in checkpoint
[  326.726476][ T6994] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  326.775691][ T4250] syz-executor: attempt to access beyond end of device
[  326.775691][ T4250] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  327.172689][ T7031] netlink: 4 bytes leftover after parsing attributes in process `syz.5.736'.
[  327.181918][ T7031] device bridge_slave_1 left promiscuous mode
[  327.188152][ T7031] bridge0: port 2(bridge_slave_1) entered disabled state
[  327.233143][ T7031] device bridge_slave_0 left promiscuous mode
[  327.239492][ T7031] bridge0: port 1(bridge_slave_0) entered disabled state
[  328.601697][ T4665] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  328.791618][ T4665] usb 2-1: Using ep0 maxpacket: 32
[  328.800495][ T4665] usb 2-1: config 0 has an invalid interface number: 67 but max is 0
[  328.849913][ T4665] usb 2-1: config 0 has no interface number 0
[  328.898609][ T4665] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  328.956349][ T4665] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  328.995096][ T4665] usb 2-1: Product: syz
[  328.999301][ T4665] usb 2-1: Manufacturer: syz
[  329.052235][ T4665] usb 2-1: SerialNumber: syz
[  329.102332][ T4665] usb 2-1: config 0 descriptor??
[  329.140641][ T4665] smsc95xx v2.0.0
[  329.523132][ T4665] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  329.562416][ T4665] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  330.137889][ T7077] xt_socket: unknown flags 0xc
[  330.270970][ T7079] loop4: detected capacity change from 0 to 128
[  330.293156][ T6713] EXT4-fs (loop6): unmounting filesystem.
[  330.359440][ T7079] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  330.406839][ T7079] ext4 filesystem being mounted at /167/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  330.430940][ T4665] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000104: -71
[  330.442233][ T4665] smsc95xx: probe of 2-1:0.67 failed with error -71
[  330.452491][ T4665] usb 2-1: USB disconnect, device number 9
[  330.953474][ T7091] loop1: detected capacity change from 0 to 512
[  331.062175][ T7091] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  331.084258][ T7091] ext4 filesystem being mounted at /170/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  331.099600][ T7092] netlink: 4 bytes leftover after parsing attributes in process `syz.0.751'.
[  331.166896][ T7091] ext4: Unknown parameter '£«±ûåÂæ�ÚöA~Ø£
ú¦õÛö7ÒU-ÿSß­¿ò™#ÿ�]òÙ%ÿ0:Ì®üCvu“ÿû4&`0Üÿa„›•¶ÅòÙ%ÿ0¢þk÷ÔéaòÙÕš'
[  331.166932][ T7073] loop5: detected capacity change from 0 to 40427
[  331.204533][ T7073] F2FS-fs (loop5): build fault injection attr: rate: 690, type: 0x3ffff
[  331.219015][ T7073] F2FS-fs (loop5): build fault injection attr: rate: 0, type: 0x2
[  331.257408][ T7073] F2FS-fs (loop5): invalid crc value
[  331.305917][ T7073] F2FS-fs (loop5): Found nat_bits in checkpoint
[  331.361037][ T4250] EXT4-fs (loop1): unmounting filesystem.
[  332.202172][ T7073] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  332.629945][ T7115] xt_socket: unknown flags 0xc
[  334.537273][ T6544] syz-executor: attempt to access beyond end of device
[  334.537273][ T6544] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  334.590720][ T7120] netlink: 8 bytes leftover after parsing attributes in process `syz.4.748'.
[  334.695322][ T7120] IPv6: ADDRCONF(NETDEV_CHANGE): gre2: link becomes ready
[  334.762270][ T7132] loop6: detected capacity change from 0 to 16
[  334.835233][ T7132] erofs: (device loop6): mounted with root inode @ nid 36.
[  334.933974][ T7137] xt_socket: unknown flags 0xc
[  335.109363][ T7132] syz.6.759: attempt to access beyond end of device
[  335.109363][ T7132] loop6: rw=0, sector=8, nr_sectors = 16 limit=16
[  335.565487][ T7132] syz.6.759: attempt to access beyond end of device
[  335.565487][ T7132] loop6: rw=0, sector=8, nr_sectors = 16 limit=16
[  335.633385][ T7132] syz.6.759: attempt to access beyond end of device
[  335.633385][ T7132] loop6: rw=0, sector=8, nr_sectors = 16 limit=16
[  335.673673][ T7132] erofs: (device loop6): z_erofs_readahead: readahead error at page 24 @ nid 36
[  335.701826][ T7132] erofs: (device loop6): z_erofs_readahead: readahead error at page 19 @ nid 36
[  335.713309][ T7132] erofs: (device loop6): z_erofs_readahead: readahead error at page 18 @ nid 36
[  335.747760][ T4246] EXT4-fs (loop4): unmounting filesystem.
[  335.747791][ T7132] erofs: (device loop6): z_erofs_readahead: readahead error at page 17 @ nid 36
[  335.809229][ T7132] erofs: (device loop6): z_erofs_readahead: readahead error at page 16 @ nid 36
[  335.883723][ T7132] erofs: (device loop6): z_erofs_readahead: readahead error at page 12 @ nid 36
[  335.926791][ T7132] syz.6.759: attempt to access beyond end of device
[  335.926791][ T7132] loop6: rw=524288, sector=376, nr_sectors = 16 limit=16
[  335.971416][ T7132] syz.6.759: attempt to access beyond end of device
[  335.971416][ T7132] loop6: rw=524288, sector=384, nr_sectors = 16 limit=16
[  336.217652][ T7153] xt_socket: unknown flags 0xc
[  336.734529][ T7169] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  336.787291][ T7169] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  336.837608][ T4287] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  336.867107][ T7169] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  336.970595][   T26] audit: type=1326 audit(1734294052.823:481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7174 comm="syz.4.766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817dd85d19 code=0x7ffc0000
[  336.995899][ T7169] A link change request failed with some changes committed already. Interface veth0 may have been left with an inconsistent configuration, please check.
[  337.026187][   T26] audit: type=1326 audit(1734294052.833:482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7174 comm="syz.4.766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f817dd85d19 code=0x7ffc0000
[  337.039392][ T7172] netlink: 4 bytes leftover after parsing attributes in process `syz.1.765'.
[  337.058699][ T4287] usb 6-1: Using ep0 maxpacket: 32
[  337.065171][   T26] audit: type=1326 audit(1734294052.833:483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7174 comm="syz.4.766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817dd85d19 code=0x7ffc0000
[  337.071366][ T4287] usb 6-1: config 0 has an invalid interface number: 67 but max is 0
[  337.108675][ T4287] usb 6-1: config 0 has no interface number 0
[  337.120850][   T26] audit: type=1326 audit(1734294052.833:484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7174 comm="syz.4.766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f817dd85d19 code=0x7ffc0000
[  337.133255][ T4287] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  337.168574][   T26] audit: type=1326 audit(1734294052.833:485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7174 comm="syz.4.766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817dd85d19 code=0x7ffc0000
[  337.181547][ T4287] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  337.228430][   T26] audit: type=1326 audit(1734294052.833:486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7174 comm="syz.4.766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f817dd85d19 code=0x7ffc0000
[  337.231198][ T4287] usb 6-1: Product: syz
[  337.260328][ T4287] usb 6-1: Manufacturer: syz
[  337.268037][ T4287] usb 6-1: SerialNumber: syz
[  337.290594][ T4287] usb 6-1: config 0 descriptor??
[  337.309232][ T4287] smsc95xx v2.0.0
[  337.315106][   T26] audit: type=1326 audit(1734294052.833:487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7174 comm="syz.4.766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817dd85d19 code=0x7ffc0000
[  337.340601][   T26] audit: type=1326 audit(1734294052.833:488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7174 comm="syz.4.766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f817dd85d19 code=0x7ffc0000
[  337.363151][   T26] audit: type=1326 audit(1734294052.833:489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7174 comm="syz.4.766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817dd85d19 code=0x7ffc0000
[  337.386034][   T26] audit: type=1326 audit(1734294052.833:490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7174 comm="syz.4.766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f817dd85d19 code=0x7ffc0000
[  337.719332][ T4287] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  337.740398][ T4287] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  338.932798][ T7194] loop1: detected capacity change from 0 to 40427
[  338.951056][ T7194] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x3ffff
[  338.964181][ T7194] F2FS-fs (loop1): build fault injection attr: rate: 0, type: 0x2
[  339.015562][ T7194] F2FS-fs (loop1): invalid crc value
[  339.273279][ T7194] F2FS-fs (loop1): Found nat_bits in checkpoint
[  339.287491][ T4287] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000104: -71
[  339.354919][ T7212] xt_socket: unknown flags 0xc
[  339.562860][ T4287] smsc95xx: probe of 6-1:0.67 failed with error -71
[  339.573592][ T4287] usb 6-1: USB disconnect, device number 2
[  340.322000][ T7194] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  341.738825][ T7220] loop5: detected capacity change from 0 to 128
[  341.891720][ T7220] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  341.947528][ T7220] ext4 filesystem being mounted at /16/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  342.612723][ T7237] xt_socket: unknown flags 0xc
[  343.003934][ T7229] loop4: detected capacity change from 0 to 40427
[  343.015855][ T7246] netlink: 4 bytes leftover after parsing attributes in process `syz.1.780'.
[  343.017719][ T7229] F2FS-fs (loop4): Invalid Fs Meta Ino: node(0) meta(2) root(0)
[  343.045404][ T7229] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  343.078152][ T7229] F2FS-fs (loop4): invalid crc value
[  343.100991][ T7229] F2FS-fs (loop4): Found nat_bits in checkpoint
[  343.168629][ T7229] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  343.185018][ T7229] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  343.209688][ T7253] netlink: 8 bytes leftover after parsing attributes in process `syz.5.774'.
[  343.399019][ T7259] loop0: detected capacity change from 0 to 256
[  344.808612][ T7278] xt_socket: unknown flags 0xc
[  345.779241][ T5854] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  345.971899][ T5854] usb 1-1: Using ep0 maxpacket: 32
[  346.021385][ T5854] usb 1-1: config 0 has an invalid interface number: 67 but max is 0
[  346.205580][ T5854] usb 1-1: config 0 has no interface number 0
[  346.489121][ T5854] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  346.527812][ T5854] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  346.598312][ T5854] usb 1-1: Product: syz
[  346.607560][ T5854] usb 1-1: Manufacturer: syz
[  346.608324][ T6544] EXT4-fs (loop5): unmounting filesystem.
[  346.630387][ T5854] usb 1-1: SerialNumber: syz
[  346.648201][ T5854] usb 1-1: config 0 descriptor??
[  346.744877][ T7290] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  346.806679][ T7290] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  346.813621][ T5854] smsc95xx v2.0.0
[  346.891058][ T7290] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  346.918306][ T7290] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check.
[  347.719864][ T5854] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -71
[  347.776267][ T5854] smsc95xx: probe of 1-1:0.67 failed with error -71
[  347.852509][ T5854] usb 1-1: USB disconnect, device number 13
[  348.332841][ T7308] netlink: 88 bytes leftover after parsing attributes in process `syz.0.790'.
[  348.839559][ T7295] loop5: detected capacity change from 0 to 40427
[  348.873007][ T7295] F2FS-fs (loop5): build fault injection attr: rate: 690, type: 0x3ffff
[  348.919715][ T7317] loop0: detected capacity change from 0 to 1024
[  348.941794][ T7295] F2FS-fs (loop5): build fault injection attr: rate: 0, type: 0x2
[  348.982716][ T7317] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  348.985469][ T7295] F2FS-fs (loop5): invalid crc value
[  349.012852][ T7317] EXT4-fs (loop0): orphan cleanup on readonly fs
[  349.019294][ T7317] EXT4-fs error (device loop0): ext4_ext_check_inode:520: inode #3: comm syz.0.793: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 3(4), depth 0(0)
[  349.049617][ T7317] EXT4-fs error (device loop0): ext4_quota_enable:6988: comm syz.0.793: Bad quota inode: 3, type: 0
[  349.069337][ T7295] F2FS-fs (loop5): Found nat_bits in checkpoint
[  349.100021][ T7324] loop4: detected capacity change from 0 to 128
[  349.101833][ T7317] EXT4-fs warning (device loop0): ext4_enable_quotas:7029: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix.
[  349.158152][ T7324] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  349.196735][ T7324] ext4 filesystem being mounted at /178/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  349.197450][ T7317] EXT4-fs (loop0): Cannot turn on quotas: error -117
[  349.279337][ T7317] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  349.289823][ T7295] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  349.491265][ T4246] EXT4-fs (loop4): unmounting filesystem.
[  349.508290][ T6544] syz-executor: attempt to access beyond end of device
[  349.508290][ T6544] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  349.666825][ T4245] EXT4-fs (loop0): unmounting filesystem.
[  350.212185][ T7338] ptrace attach of "./syz-executor exec"[7339] was attempted by "./syz-executor exec"[7338]
[  350.384654][ T7345] loop1: detected capacity change from 0 to 256
[  350.473158][ T7345] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  351.951742][ T4290] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  352.051857][ T4253] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  352.059581][ T7370] loop5: detected capacity change from 0 to 2048
[  352.061880][ T4253] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  352.074444][ T4253] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  352.083504][ T4254] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  352.096202][ T4253] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  352.096347][ T7371] xt_socket: unknown flags 0xc
[  352.109450][ T4253] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  352.162085][ T7349] loop0: detected capacity change from 0 to 40427
[  352.171020][ T7349] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  352.179630][ T7349] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  352.189565][ T7370] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  352.198374][ T4290] usb 5-1: Using ep0 maxpacket: 16
[  352.206534][ T4290] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  352.248537][ T4290] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  352.258832][ T7349] F2FS-fs (loop0): Found nat_bits in checkpoint
[  352.309256][ T4290] usb 5-1: New USB device found, idVendor=046d, idProduct=08f0, bcdDevice=50.0d
[  352.338842][ T4290] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  352.360002][ T7349] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  352.369017][ T7349] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  352.375414][ T4290] usb 5-1: Product: syz
[  352.399737][ T4290] usb 5-1: Manufacturer: syz
[  352.416547][ T4290] usb 5-1: SerialNumber: syz
[  352.446194][ T4290] usb 5-1: config 0 descriptor??
[  352.476320][ T7348] syz.0.802: attempt to access beyond end of device
[  352.476320][ T7348] loop0: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  352.480588][ T4290] gspca_main: STV06xx-2.14.0 probing 046d:08f0
[  352.527493][ T4290] gspca_stv06xx: st6422 sensor detected
[  352.555267][   T26] kauditd_printk_skb: 15 callbacks suppressed
[  352.555282][   T26] audit: type=1800 audit(1734294068.413:506): pid=7349 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.802" name="bus" dev="loop0" ino=11 res=0 errno=0
[  352.749651][ T7373] chnl_net:caif_netlink_parms(): no params data found
[  352.891470][ T4245] syz-executor: attempt to access beyond end of device
[  352.891470][ T4245] loop0: rw=2051, sector=45096, nr_sectors = 8 limit=40427
[  353.205852][ T4290] STV06xx: probe of 5-1:0.0 failed with error -71
[  353.234505][ T4290] usb 5-1: USB disconnect, device number 10
[  353.309979][ T7373] bridge0: port 1(bridge_slave_0) entered blocking state
[  353.326213][ T4245] F2FS-fs (loop0): Issue discard(5637, 5637, 1) failed, ret: -5
[  353.371927][ T7373] bridge0: port 1(bridge_slave_0) entered disabled state
[  353.395465][ T6544] EXT4-fs (loop5): unmounting filesystem.
[  353.462731][ T7373] device bridge_slave_0 entered promiscuous mode
[  353.485700][ T7373] bridge0: port 2(bridge_slave_1) entered blocking state
[  353.509791][ T7373] bridge0: port 2(bridge_slave_1) entered disabled state
[  353.533578][ T7373] device bridge_slave_1 entered promiscuous mode
[  353.621965][ T7373] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  353.658115][ T7373] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  353.755311][ T7373] team0: Port device team_slave_0 added
[  353.796318][ T7373] team0: Port device team_slave_1 added
[  353.896922][ T7373] batman_adv: batadv0: Adding interface: batadv_slave_0
[  353.918831][ T7373] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  354.181782][   T48] Bluetooth: hci4: command 0x0409 tx timeout
[  354.230624][ T7373] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  354.404200][ T7414] xt_socket: unknown flags 0xc
[  354.433641][ T7373] batman_adv: batadv0: Adding interface: batadv_slave_1
[  355.754272][ T7373] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  355.780284][ T7373] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  355.830177][ T7398] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  355.956947][ T7373] device hsr_slave_0 entered promiscuous mode
[  356.002640][ T7373] device hsr_slave_1 entered promiscuous mode
[  356.049456][ T7373] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  356.077046][ T7373] Cannot create hsr debugfs directory
[  356.087820][ T7422] netlink: 88 bytes leftover after parsing attributes in process `syz.4.811'.
[  356.219286][ T7425] netlink: 4 bytes leftover after parsing attributes in process `syz.0.810'.
[  356.261557][   T48] Bluetooth: hci4: command 0x041b tx timeout
[  357.486014][ T7373] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  357.584806][ T7373] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  357.646919][ T7441] loop0: detected capacity change from 0 to 256
[  357.683184][ T7373] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  357.753667][ T7373] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  358.493713][ T4253] Bluetooth: hci4: command 0x040f tx timeout
[  359.360090][ T7373] 8021q: adding VLAN 0 to HW filter on device bond0
[  359.452994][ T4345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  359.477212][ T4345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  359.505217][ T7373] 8021q: adding VLAN 0 to HW filter on device team0
[  359.705799][ T5670] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  359.743205][ T5670] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  359.753714][ T7463] xt_socket: unknown flags 0xc
[  359.769246][ T7462] loop1: detected capacity change from 0 to 2048
[  359.771356][ T5670] bridge0: port 1(bridge_slave_0) entered blocking state
[  359.782840][ T5670] bridge0: port 1(bridge_slave_0) entered forwarding state
[  359.796322][ T5670] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  359.809967][ T5670] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  359.819104][ T5670] bridge0: port 2(bridge_slave_1) entered blocking state
[  359.826286][ T5670] bridge0: port 2(bridge_slave_1) entered forwarding state
[  359.837848][ T5670] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  359.847484][ T5670] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  359.849032][ T7462] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  359.856985][ T5670] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  359.873357][ T5670] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  359.882368][ T5670] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  359.902485][ T5670] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  359.964761][ T5670] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  359.982001][ T5670] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  359.991270][ T5670] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  360.006766][ T5670] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  360.027142][ T5670] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  360.035911][ T5670] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  360.071838][ T4293] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  360.080527][ T7373] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  360.261740][ T4293] usb 6-1: Using ep0 maxpacket: 16
[  360.269880][ T4293] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  360.621849][ T4253] Bluetooth: hci4: command 0x0419 tx timeout
[  360.703094][ T4250] EXT4-fs (loop1): unmounting filesystem.
[  360.810911][ T7483] netlink: 88 bytes leftover after parsing attributes in process `syz.4.821'.
[  360.871772][ T4293] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  360.882807][ T4736] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  360.895727][ T4293] usb 6-1: New USB device found, idVendor=046d, idProduct=08f0, bcdDevice=50.0d
[  360.921553][ T4293] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  360.929591][ T4293] usb 6-1: Product: syz
[  360.934248][ T4293] usb 6-1: Manufacturer: syz
[  360.938870][ T4293] usb 6-1: SerialNumber: syz
[  360.952364][ T4293] usb 6-1: config 0 descriptor??
[  361.022930][ T7487] xt_socket: unknown flags 0xc
[  361.149701][ T4293] gspca_main: STV06xx-2.14.0 probing 046d:08f0
[  361.267460][ T4736] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  361.334491][ T4293] gspca_stv06xx: st6422 sensor detected
[  361.704422][ T7373] 8021q: adding VLAN 0 to HW filter on device batadv0
[  361.911454][ T7496] netlink: 4 bytes leftover after parsing attributes in process `syz.1.822'.
[  363.425257][ T4293] STV06xx: probe of 6-1:0.0 failed with error -71
[  363.480451][ T4293] usb 6-1: USB disconnect, device number 3
[  364.355120][ T5011] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  364.394316][ T5011] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  364.481631][ T5011] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  364.500367][ T5011] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  364.530803][ T5011] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  364.553029][ T5011] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  364.577762][ T7373] device veth0_vlan entered promiscuous mode
[  364.606624][ T7526] loop4: detected capacity change from 0 to 256
[  364.629337][ T7373] device veth1_vlan entered promiscuous mode
[  364.657586][ T7495] loop0: detected capacity change from 0 to 40427
[  364.684570][ T4736] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  364.703437][ T7495] F2FS-fs (loop0): build fault injection attr: rate: 690, type: 0x3ffff
[  364.809366][ T4736] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  364.827182][ T7495] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x2
[  364.836407][ T4736] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  364.852440][ T4736] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  364.872563][ T7373] device veth0_macvtap entered promiscuous mode
[  364.917952][ T7373] device veth1_macvtap entered promiscuous mode
[  364.962613][ T7495] F2FS-fs (loop0): invalid crc value
[  365.006909][ T7495] F2FS-fs (loop0): Failed to initialize F2FS segment manager (-4)
[  366.236293][ T7532] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check.
[  366.251917][ T4737] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  366.279105][ T4737] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  366.326996][ T7373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  366.396306][ T7538] loop4: detected capacity change from 0 to 2048
[  366.424796][ T7373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  366.459861][ T7373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  366.495019][ T7373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  366.539073][ T7373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  366.542371][ T7538] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  366.560112][ T7373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  366.581958][ T7541] xt_socket: unknown flags 0xc
[  366.587154][ T7373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  366.599180][ T7373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  366.609281][ T7373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  366.619988][ T7373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  366.651159][ T7373] batman_adv: batadv0: Interface activated: batadv_slave_0
[  366.678750][ T4345] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  366.738971][ T4345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  366.758829][ T7373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  366.783268][ T7373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  366.840515][ T7373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  366.876842][ T7373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  366.887395][ T7373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  366.898205][ T7373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  366.908095][ T7373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  366.918576][ T7373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  366.928455][ T7373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  366.938940][ T7373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  366.965721][ T7373] batman_adv: batadv0: Interface activated: batadv_slave_1
[  366.978069][ T4580] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  366.992928][ T4580] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  367.021271][ T7373] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  367.055425][ T7373] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  367.087279][ T7373] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  367.118612][ T7373] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  367.473268][ T5670] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  367.481451][ T5670] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  367.534102][ T4345] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  367.918472][ T7560] xt_socket: unknown flags 0xc
[  368.620584][ T7562] netlink: 4 bytes leftover after parsing attributes in process `syz.0.834'.
[  368.791210][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  368.792730][ T7567] netlink: 88 bytes leftover after parsing attributes in process `syz.1.835'.
[  368.810170][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  368.834131][ T4344] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  369.191648][  T952] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  369.381608][  T952] usb 1-1: Using ep0 maxpacket: 16
[  369.388697][  T952] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  369.419692][  T952] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  370.572491][  T952] usb 1-1: New USB device found, idVendor=046d, idProduct=08f0, bcdDevice=50.0d
[  370.591566][  T952] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  370.962487][ T7592] loop5: detected capacity change from 0 to 256
[  371.201528][  T952] usb 1-1: Product: syz
[  371.205740][  T952] usb 1-1: Manufacturer: syz
[  371.210349][  T952] usb 1-1: SerialNumber: syz
[  371.259724][  T952] usb 1-1: config 0 descriptor??
[  372.005139][  T952] usb 1-1: can't set config #0, error -71
[  372.054387][  T952] usb 1-1: USB disconnect, device number 14
[  372.627179][ T7608] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  372.644425][ T7608] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  372.653003][ T7608] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  372.691841][ T7608] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check.
[  373.474007][ T7614] xt_socket: unknown flags 0xc
[  373.730569][ T7620] xt_socket: unknown flags 0xc
[  374.658392][ T7624] netlink: 4 bytes leftover after parsing attributes in process `syz.5.846'.
[  375.681101][ T4246] EXT4-fs (loop4): unmounting filesystem.
[  375.726692][ T7648] loop5: detected capacity change from 0 to 256
[  375.932472][ T4288] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  377.037686][ T4288] usb 1-1: Using ep0 maxpacket: 16
[  377.046198][ T4288] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  377.101612][ T4288] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  377.177751][ T7667] xt_socket: unknown flags 0xc
[  377.208327][ T4288] usb 1-1: New USB device found, idVendor=046d, idProduct=08f0, bcdDevice=50.0d
[  377.264682][ T4288] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  377.284829][ T4288] usb 1-1: Product: syz
[  377.294420][ T4288] usb 1-1: Manufacturer: syz
[  377.299926][ T4288] usb 1-1: SerialNumber: syz
[  377.488833][ T7675] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  377.507859][ T7675] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  377.516284][ T7675] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  377.536727][ T7675] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  377.930920][ T4288] usb 1-1: config 0 descriptor??
[  378.041977][ T7679] xt_socket: unknown flags 0xc
[  378.466943][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  378.474448][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  378.713890][ T4288] gspca_main: STV06xx-2.14.0 probing 046d:08f0
[  378.720145][ T4288] gspca_stv06xx: st6422 sensor detected
[  378.991859][ T4288] STV06xx: probe of 1-1:0.0 failed with error -71
[  379.031052][ T4288] usb 1-1: USB disconnect, device number 15
[  379.084638][ T7689] netlink: 4 bytes leftover after parsing attributes in process `syz.0.863'.
[  379.202973][ T7696] loop1: detected capacity change from 0 to 2048
[  379.304279][ T7696] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  379.516388][ T7712] loop4: detected capacity change from 0 to 256
[  380.945804][ T7684] loop7: detected capacity change from 0 to 40427
[  381.008539][ T7684] F2FS-fs (loop7): build fault injection attr: rate: 690, type: 0x3ffff
[  381.043437][ T7684] F2FS-fs (loop7): build fault injection attr: rate: 0, type: 0x2
[  381.070595][ T7684] F2FS-fs (loop7): invalid crc value
[  381.089244][ T7684] F2FS-fs (loop7): Found nat_bits in checkpoint
[  381.177171][ T7684] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  381.315077][ T7373] syz-executor: attempt to access beyond end of device
[  381.315077][ T7373] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  381.531205][ T4250] EXT4-fs (loop1): unmounting filesystem.
[  381.860880][ T7748] xt_socket: unknown flags 0xc
[  382.588260][ T7750] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  382.597559][ T7750] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  382.605228][ T7750] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  382.657415][ T7750] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check.
[  383.058935][ T7761] loop1: detected capacity change from 0 to 512
[  383.061738][ T4665] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  383.113921][ T7761] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  383.212824][ T7761] EXT4-fs (loop1): 1 truncate cleaned up
[  383.218519][ T7761] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  383.364957][ T7766] netlink: 4 bytes leftover after parsing attributes in process `syz.5.878'.
[  383.401601][ T4665] usb 5-1: Using ep0 maxpacket: 16
[  383.408552][ T4665] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  383.429364][ T4665] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  383.496987][ T7774] xt_socket: unknown flags 0xc
[  383.630721][ T4250] EXT4-fs (loop1): unmounting filesystem.
[  383.774432][ T4665] usb 5-1: New USB device found, idVendor=046d, idProduct=08f0, bcdDevice=50.0d
[  383.979007][ T4665] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  384.024886][ T4665] usb 5-1: Product: syz
[  384.080524][ T4665] usb 5-1: Manufacturer: syz
[  384.085551][ T4665] usb 5-1: SerialNumber: syz
[  384.152460][ T4665] usb 5-1: config 0 descriptor??
[  384.200783][ T4665] gspca_main: STV06xx-2.14.0 probing 046d:08f0
[  384.261581][ T4665] gspca_stv06xx: st6422 sensor detected
[  384.818147][ T7791] loop0: detected capacity change from 0 to 256
[  386.027004][ T4665] STV06xx: probe of 5-1:0.0 failed with error -71
[  386.038375][ T7799] loop0: detected capacity change from 0 to 2048
[  386.053648][ T4665] usb 5-1: USB disconnect, device number 11
[  386.211730][ T7799] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  386.625904][ T7818] xt_socket: unknown flags 0xc
[  386.901224][ T7777] loop7: detected capacity change from 0 to 40427
[  387.003548][ T7777] F2FS-fs (loop7): Invalid log_blocksize (268), supports only 12
[  387.107625][ T7777] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[  387.197506][ T7782] loop5: detected capacity change from 0 to 40427
[  387.235339][ T7782] F2FS-fs (loop5): build fault injection attr: rate: 690, type: 0x3ffff
[  387.255432][ T7777] F2FS-fs (loop7): Failed to initialize F2FS segment manager (-4)
[  387.321774][ T7782] F2FS-fs (loop5): build fault injection attr: rate: 0, type: 0x2
[  387.339440][ T7782] F2FS-fs (loop5): invalid crc value
[  387.368683][ T7782] F2FS-fs (loop5): Failed to initialize F2FS segment manager (-4)
[  387.903717][ T7837] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  387.913106][ T7837] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  387.920596][ T7837] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  387.938960][ T7837] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check.
[  388.305392][ T7843] netlink: 88 bytes leftover after parsing attributes in process `syz.5.889'.
[  388.388352][ T4245] EXT4-fs (loop0): unmounting filesystem.
[  388.586428][ T7853] netlink: 4 bytes leftover after parsing attributes in process `syz.5.892'.
[  388.889819][ T7863] xt_socket: unknown flags 0xc
[  389.666421][ T7865] loop5: detected capacity change from 0 to 256
[  389.864364][ T7848] device syzkaller0 entered promiscuous mode
[  389.995274][ T7873] xt_socket: unknown flags 0xc
[  391.771723][  T952] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  392.121606][  T952] usb 1-1: Using ep0 maxpacket: 16
[  392.143286][  T952] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  392.201657][  T952] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  392.244167][  T952] usb 1-1: New USB device found, idVendor=046d, idProduct=08f0, bcdDevice=50.0d
[  392.271554][  T952] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  392.279588][  T952] usb 1-1: Product: syz
[  392.301579][  T952] usb 1-1: Manufacturer: syz
[  392.306213][  T952] usb 1-1: SerialNumber: syz
[  392.352247][  T952] usb 1-1: config 0 descriptor??
[  392.403231][  T952] gspca_main: STV06xx-2.14.0 probing 046d:08f0
[  392.409483][  T952] gspca_stv06xx: st6422 sensor detected
[  392.499507][ T7899] loop4: detected capacity change from 0 to 2048
[  392.567231][ T7899] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  392.824074][ T7886] loop5: detected capacity change from 0 to 40427
[  392.842361][ T7906] netlink: 88 bytes leftover after parsing attributes in process `syz.1.902'.
[  392.878533][ T7886] F2FS-fs (loop5): build fault injection attr: rate: 690, type: 0x3ffff
[  392.897407][ T7886] F2FS-fs (loop5): build fault injection attr: rate: 0, type: 0x2
[  392.947705][ T7886] F2FS-fs (loop5): invalid crc value
[  392.979805][ T7886] F2FS-fs (loop5): Found nat_bits in checkpoint
[  393.322813][ T7886] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  393.490447][ T6544] syz-executor: attempt to access beyond end of device
[  393.490447][ T6544] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  393.646948][  T952] STV06xx: probe of 1-1:0.0 failed with error -71
[  393.660444][  T952] usb 1-1: USB disconnect, device number 16
[  393.812814][ T4246] EXT4-fs (loop4): unmounting filesystem.
[  393.947126][ T7927] netlink: 4 bytes leftover after parsing attributes in process `syz.4.905'.
[  394.445678][ T7936] xt_socket: unknown flags 0xc
[  395.251164][ T7942] loop4: detected capacity change from 0 to 256
[  395.622419][ T7952] xt_socket: unknown flags 0xc
[  397.343182][ T7962] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  397.905978][ T7962] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  397.932462][ T7962] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  398.354522][ T7973] loop4: detected capacity change from 0 to 2048
[  398.417835][ T7973] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  399.049092][ T7989] netlink: 4 bytes leftover after parsing attributes in process `syz.5.917'.
[  399.463471][  T952] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  399.596432][ T7981] loop0: detected capacity change from 0 to 40427
[  399.629284][ T7981] F2FS-fs (loop0): build fault injection attr: rate: 690, type: 0x3ffff
[  399.651685][  T952] usb 6-1: Using ep0 maxpacket: 16
[  399.658910][  T952] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  399.668923][ T7981] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x2
[  399.700269][ T7981] F2FS-fs (loop0): invalid crc value
[  399.719319][  T952] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  399.740831][ T7981] F2FS-fs (loop0): Found nat_bits in checkpoint
[  399.768874][  T952] usb 6-1: New USB device found, idVendor=046d, idProduct=08f0, bcdDevice=50.0d
[  399.808500][  T952] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  399.827006][  T952] usb 6-1: Product: syz
[  399.841415][  T952] usb 6-1: Manufacturer: syz
[  399.851573][  T952] usb 6-1: SerialNumber: syz
[  399.882486][  T952] usb 6-1: config 0 descriptor??
[  399.905932][ T7981] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  399.913654][  T952] gspca_main: STV06xx-2.14.0 probing 046d:08f0
[  399.919925][  T952] gspca_stv06xx: st6422 sensor detected
[  400.103717][ T4245] syz-executor: attempt to access beyond end of device
[  400.103717][ T4245] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  400.948973][ T4246] EXT4-fs (loop4): unmounting filesystem.
[  401.178602][  T952] STV06xx: probe of 6-1:0.0 failed with error -71
[  401.212210][  T952] usb 6-1: USB disconnect, device number 4
[  401.499427][ T8024] xt_socket: unknown flags 0xc
[  403.191665][ T8026] xt_socket: unknown flags 0xc
[  403.650724][ T8033] loop4: detected capacity change from 0 to 256
[  404.337808][ T8037] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  404.978730][ T8037] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  404.986890][ T8037] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  405.078817][ T8037] IPv6: ADDRCONF(NETDEV_CHANGE): gre2: link becomes ready
[  406.734473][ T8056] loop0: detected capacity change from 0 to 2048
[  406.826471][ T8063] netlink: 4 bytes leftover after parsing attributes in process `syz.7.929'.
[  406.884440][ T8056] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  406.911742][ T8063] device bridge_slave_1 left promiscuous mode
[  406.928373][ T8063] bridge0: port 2(bridge_slave_1) entered disabled state
[  406.968229][ T8063] device bridge_slave_0 left promiscuous mode
[  407.074708][ T8063] bridge0: port 1(bridge_slave_0) entered disabled state
[  408.132506][ T4245] EXT4-fs (loop0): unmounting filesystem.
[  408.271578][  T952] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  408.469437][  T952] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  408.471064][ T8057] loop4: detected capacity change from 0 to 40427
[  408.505276][ T8057] F2FS-fs (loop4): build fault injection attr: rate: 690, type: 0x3ffff
[  408.518067][ T8057] F2FS-fs (loop4): build fault injection attr: rate: 0, type: 0x2
[  408.583269][ T8091] xt_socket: unknown flags 0xc
[  408.741359][ T8057] F2FS-fs (loop4): invalid crc value
[  408.927252][ T8057] F2FS-fs (loop4): Found nat_bits in checkpoint
[  409.264470][  T952] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  409.274632][  T952] usb 6-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  409.284416][  T952] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  409.306636][  T952] usb 6-1: config 0 descriptor??
[  409.400601][ T8057] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  409.699341][ T8103] xt_socket: unknown flags 0xc
[  409.788073][  T952] hid (null): bogus close delimiter
[  410.254814][  T952] uclogic 0003:256C:006D.0010: failed retrieving Huion firmware version: -71
[  410.301790][  T952] uclogic 0003:256C:006D.0010: failed probing parameters: -71
[  410.377033][  T952] uclogic: probe of 0003:256C:006D.0010 failed with error -71
[  410.431185][  T952] usb 6-1: USB disconnect, device number 5
[  410.715397][ T8112] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  410.730461][ T8112] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  410.739146][ T8112] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  411.351794][ T4253] Bluetooth: hci5: command 0x0406 tx timeout
[  411.469102][ T8114] syz.0.939[8114] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  411.469201][ T8114] syz.0.939[8114] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  411.564823][ T8120] loop5: detected capacity change from 0 to 256
[  411.840892][ T8125] loop7: detected capacity change from 0 to 256
[  412.723083][ T5854] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  412.728476][ T8133] loop0: detected capacity change from 0 to 2048
[  412.918144][ T8133] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  413.031807][ T5854] usb 5-1: Using ep0 maxpacket: 16
[  413.066204][ T8143] xt_socket: unknown flags 0xc
[  413.077769][ T5854] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  413.299559][ T5854] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  413.651670][ T5854] usb 5-1: New USB device found, idVendor=046d, idProduct=08f0, bcdDevice=50.0d
[  413.701601][ T5854] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  413.709634][ T5854] usb 5-1: Product: syz
[  413.809553][ T5854] usb 5-1: Manufacturer: syz
[  413.827969][ T5854] usb 5-1: SerialNumber: syz
[  413.862408][ T5854] usb 5-1: config 0 descriptor??
[  413.888841][ T5854] gspca_main: STV06xx-2.14.0 probing 046d:08f0
[  413.915029][ T5854] gspca_stv06xx: st6422 sensor detected
[  414.163371][ T8147] xt_socket: unknown flags 0xc
[  415.385267][ T5854] STV06xx: probe of 5-1:0.0 failed with error -71
[  415.393726][ T5854] usb 5-1: USB disconnect, device number 12
[  415.516910][ T8142] loop5: detected capacity change from 0 to 40427
[  415.583517][ T8142] F2FS-fs (loop5): build fault injection attr: rate: 690, type: 0x3ffff
[  415.650433][ T8142] F2FS-fs (loop5): build fault injection attr: rate: 0, type: 0x2
[  415.680970][ T4245] EXT4-fs (loop0): unmounting filesystem.
[  415.701791][ T8142] F2FS-fs (loop5): invalid crc value
[  415.794978][ T8142] F2FS-fs (loop5): Found nat_bits in checkpoint
[  416.767876][ T8167] netlink: 4 bytes leftover after parsing attributes in process `syz.7.952'.
[  416.960177][ T8175] loop0: detected capacity change from 0 to 256
[  419.695953][ T8191] xt_socket: unknown flags 0xc
[  419.711425][ T8194] xt_socket: unknown flags 0xc
[  420.200324][ T8198] loop0: detected capacity change from 0 to 2048
[  420.302403][ T8198] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  420.411704][  T952] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  420.638239][  T952] usb 5-1: Using ep0 maxpacket: 16
[  420.645488][  T952] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  420.696538][  T952] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  420.779824][  T952] usb 5-1: New USB device found, idVendor=046d, idProduct=08f0, bcdDevice=50.0d
[  420.858912][  T952] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  420.888316][  T952] usb 5-1: Product: syz
[  420.901112][  T952] usb 5-1: Manufacturer: syz
[  420.916274][  T952] usb 5-1: SerialNumber: syz
[  420.933070][  T952] usb 5-1: config 0 descriptor??
[  420.955255][  T952] gspca_main: STV06xx-2.14.0 probing 046d:08f0
[  420.981722][  T952] gspca_stv06xx: st6422 sensor detected
[  421.262255][  T952] STV06xx: probe of 5-1:0.0 failed with error -71
[  421.819741][ T8200] loop5: detected capacity change from 0 to 40427
[  421.932019][  T952] usb 5-1: USB disconnect, device number 13
[  421.991961][ T8200] F2FS-fs (loop5): build fault injection attr: rate: 690, type: 0x3ffff
[  422.039447][ T8200] F2FS-fs (loop5): build fault injection attr: rate: 0, type: 0x2
[  422.058625][ T8200] F2FS-fs (loop5): invalid crc value
[  422.135238][ T8223] loop7: detected capacity change from 0 to 256
[  422.151799][ T8200] F2FS-fs (loop5): Found nat_bits in checkpoint
[  422.212648][ T4245] EXT4-fs (loop0): unmounting filesystem.
[  422.313822][ T8200] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  423.165897][  T952] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  423.355007][  T952] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  423.382759][  T952] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  423.468844][ T8238] xt_socket: unknown flags 0xc
[  423.570667][  T952] usb 5-1: New USB device found, idVendor=0eef, idProduct=72d0, bcdDevice= 0.00
[  423.883004][  T952] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  424.144215][ T8240] netlink: 4 bytes leftover after parsing attributes in process `syz.7.975'.
[  424.195243][  T952] usb 5-1: config 0 descriptor??
[  424.497085][ T8246] xt_socket: unknown flags 0xc
[  425.157618][  T952] hid-multitouch 0003:0EEF:72D0.0011: unknown main item tag 0x0
[  425.168162][  T952] hid-multitouch 0003:0EEF:72D0.0011: unknown main item tag 0x0
[  425.186709][  T952] hid-multitouch 0003:0EEF:72D0.0011: item fetching failed at offset 2/5
[  425.196363][  T952] hid-multitouch: probe of 0003:0EEF:72D0.0011 failed with error -22
[  425.424852][  T952] usb 5-1: USB disconnect, device number 14
[  425.751762][ T4290] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  426.646373][ T8263] loop0: detected capacity change from 0 to 2048
[  426.721631][ T4290] usb 6-1: Using ep0 maxpacket: 16
[  426.733449][ T4290] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  426.745572][ T8263] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  426.761570][ T4290] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  426.790377][ T4290] usb 6-1: New USB device found, idVendor=046d, idProduct=08f0, bcdDevice=50.0d
[  426.808307][ T4290] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  426.816764][ T4290] usb 6-1: Product: syz
[  426.821006][ T4290] usb 6-1: Manufacturer: syz
[  426.831273][ T4290] usb 6-1: SerialNumber: syz
[  426.837964][ T4290] usb 6-1: config 0 descriptor??
[  426.854025][ T4290] gspca_main: STV06xx-2.14.0 probing 046d:08f0
[  426.861198][ T4290] gspca_stv06xx: st6422 sensor detected
[  427.101613][ T4253] Bluetooth: hci3: command 0x0406 tx timeout
[  427.552054][ T8278] xt_socket: unknown flags 0xc
[  428.275245][ T8280] loop4: detected capacity change from 0 to 256
[  428.459071][ T4245] EXT4-fs (loop0): unmounting filesystem.
[  428.537990][ T4290] STV06xx: probe of 6-1:0.0 failed with error -71
[  429.255117][ T8284] loop0: detected capacity change from 0 to 256
[  429.289427][ T4290] usb 6-1: USB disconnect, device number 6
[  429.416525][ T8284] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  429.809105][   T26] audit: type=1326 audit(1734294145.663:507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8293 comm="syz.0.992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3504585d19 code=0x7ffc0000
[  429.825222][ T8273] loop7: detected capacity change from 0 to 40427
[  429.892495][   T26] audit: type=1326 audit(1734294145.703:508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8293 comm="syz.0.992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3504585d19 code=0x7ffc0000
[  429.985728][ T8273] F2FS-fs (loop7): Invalid log_blocksize (268), supports only 12
[  430.018365][   T26] audit: type=1326 audit(1734294145.703:509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8293 comm="syz.0.992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=140 compat=0 ip=0x7f3504585d19 code=0x7ffc0000
[  430.041194][ T8273] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[  430.061904][   T26] audit: type=1326 audit(1734294145.703:510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8293 comm="syz.0.992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3504585d19 code=0x7ffc0000
[  430.095010][   T26] audit: type=1326 audit(1734294145.703:511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8293 comm="syz.0.992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3504585d19 code=0x7ffc0000
[  430.119459][ T8273] F2FS-fs (loop7): Failed to start F2FS issue_checkpoint_thread (-12)
[  430.185533][ T8299] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  430.203458][ T8299] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  430.212000][ T8299] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  430.239889][ T8299] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check.
[  430.984879][ T8304] xt_socket: unknown flags 0xc
[  431.342878][ T8310] xt_socket: unknown flags 0xc
[  432.247704][ T8316] loop0: detected capacity change from 0 to 2048
[  432.382464][ T8316] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  432.686958][ T8323] netlink: 4 bytes leftover after parsing attributes in process `syz.7.999'.
[  433.542160][ T8329] loop4: detected capacity change from 0 to 256
[  433.583713][  T952] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  433.781643][  T952] usb 6-1: Using ep0 maxpacket: 16
[  433.789064][  T952] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  434.057330][ T4245] EXT4-fs (loop0): unmounting filesystem.
[  434.537852][  T952] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  434.582374][  T952] usb 6-1: New USB device found, idVendor=046d, idProduct=08f0, bcdDevice=50.0d
[  434.611708][  T952] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  434.619750][  T952] usb 6-1: Product: syz
[  434.641605][  T952] usb 6-1: Manufacturer: syz
[  434.646270][  T952] usb 6-1: SerialNumber: syz
[  434.669747][  T952] usb 6-1: config 0 descriptor??
[  434.684466][  T952] gspca_main: STV06xx-2.14.0 probing 046d:08f0
[  434.701606][  T952] gspca_stv06xx: st6422 sensor detected
[  435.023178][ T8338] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  435.032449][ T8338] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  435.039923][ T8338] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  435.050947][ T8338] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check.
[  435.313034][  T952] STV06xx: probe of 6-1:0.0 failed with error -71
[  435.349787][  T952] usb 6-1: USB disconnect, device number 7
[  435.547377][ T8349] xt_socket: unknown flags 0xc
[  436.655304][ T8357] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1011'.
[  437.182985][ T5854] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  437.477607][ T8363] loop4: detected capacity change from 0 to 2048
[  437.633288][ T8363] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  437.650593][ T5854] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  437.683046][ T5854] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  437.709732][ T8371] xt_socket: unknown flags 0xc
[  437.754324][ T5854] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  437.801217][ T5854] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  437.860031][ T5854] usb 1-1: config 0 descriptor??
[  438.257223][ T8373] loop1: detected capacity change from 0 to 256
[  438.529095][ T5854] pyra 0003:1E7D:2CF6.0012: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.0-1/input0
[  438.845992][ T5854] pyra 0003:1E7D:2CF6.0012: couldn't init struct pyra_device
[  438.878693][ T5854] pyra 0003:1E7D:2CF6.0012: couldn't install mouse
[  439.145351][ T5854] pyra: probe of 0003:1E7D:2CF6.0012 failed with error -5
[  439.221797][ T5854] usb 1-1: USB disconnect, device number 17
[  439.957080][ T8394] xt_socket: unknown flags 0xc
[  440.014215][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  440.021687][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  440.968006][ T8395] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  440.991742][ T8395] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  441.000356][ T8395] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  441.040190][ T8395] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check.
[  441.928718][ T4246] EXT4-fs (loop4): unmounting filesystem.
[  442.061620][ T4291] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  442.245813][ T8411] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1025'.
[  442.951842][ T4291] usb 2-1: Using ep0 maxpacket: 16
[  443.119222][ T8405] loop0: detected capacity change from 0 to 40427
[  443.172789][ T8405] F2FS-fs (loop0): Wrong SIT boundary, start(1536) end(50334208) blocks(1024)
[  443.234763][ T8405] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  443.347504][ T8425] xt_socket: unknown flags 0xc
[  443.396177][ T4291] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  443.414115][ T4291] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  444.101720][ T8405] F2FS-fs (loop0): invalid crc value
[  444.154884][ T8405] F2FS-fs (loop0): Found nat_bits in checkpoint
[  444.230534][ T8430] loop5: detected capacity change from 0 to 256
[  444.320283][ T4291] usb 2-1: New USB device found, idVendor=046d, idProduct=08f0, bcdDevice=50.0d
[  444.329464][ T4291] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  444.337524][ T4291] usb 2-1: Product: syz
[  444.341737][ T4291] usb 2-1: Manufacturer: syz
[  444.346337][ T4291] usb 2-1: SerialNumber: syz
[  444.352764][ T4291] usb 2-1: config 0 descriptor??
[  444.360580][ T4291] gspca_main: STV06xx-2.14.0 probing 046d:08f0
[  444.366863][ T4291] gspca_stv06xx: st6422 sensor detected
[  444.982657][ T8438] xt_socket: unknown flags 0xc
[  446.028063][ T4291] STV06xx: probe of 2-1:0.0 failed with error -71
[  446.066660][ T4291] usb 2-1: USB disconnect, device number 10
[  446.383141][ T8447] loop7: detected capacity change from 0 to 2048
[  447.556928][ T8447] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none.
[  447.625532][ T8442] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  447.635142][ T8442] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  447.642704][ T8442] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  447.650117][ T8442] A link change request failed with some changes committed already. Interface vxcan1 may have been left with an inconsistent configuration, please check.
[  448.654058][ T8466] xt_socket: unknown flags 0xc
[  449.131072][ T8470] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1040'.
[  449.347854][ T8477] loop4: detected capacity change from 0 to 256
[  449.632942][ T7373] EXT4-fs (loop7): unmounting filesystem.
[  450.630114][ T8485] xt_socket: unknown flags 0xc
[  451.351788][ T4665] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  451.551682][ T4665] usb 5-1: Using ep0 maxpacket: 16
[  451.563304][ T4665] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  451.634126][ T4665] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  451.701108][ T4665] usb 5-1: New USB device found, idVendor=046d, idProduct=08f0, bcdDevice=50.0d
[  451.751251][ T4665] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  451.799277][ T4665] usb 5-1: Product: syz
[  451.825215][ T4665] usb 5-1: Manufacturer: syz
[  451.850214][ T4665] usb 5-1: SerialNumber: syz
[  451.888256][ T4665] usb 5-1: config 0 descriptor??
[  451.943222][ T4665] gspca_main: STV06xx-2.14.0 probing 046d:08f0
[  452.032003][ T4665] gspca_stv06xx: st6422 sensor detected
[  452.955107][ T8503] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  452.980610][ T8503] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  452.990704][ T8503] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  453.051296][ T8503] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check.
[  453.528823][ T4665] STV06xx: probe of 5-1:0.0 failed with error -71
[  453.555319][ T4665] usb 5-1: USB disconnect, device number 15
[  453.678477][ T8509] loop1: detected capacity change from 0 to 2048
[  453.862880][ T8496] loop5: detected capacity change from 0 to 40427
[  453.880994][ T8509] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  453.906332][ T8496] F2FS-fs (loop5): Insane cp_payload (553648128 >= 504)
[  453.913618][ T8496] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  453.960559][ T8517] xt_socket: unknown flags 0xc
[  454.300887][ T8496] F2FS-fs (loop5): invalid crc value
[  454.530961][ T8518] loop0: detected capacity change from 0 to 256
[  454.563099][ T8496] F2FS-fs (loop5): Found nat_bits in checkpoint
[  454.834955][ T8496] F2FS-fs (loop5): Cannot turn on quotas: -2 on 2
[  454.856122][ T8496] F2FS-fs (loop5): Start checkpoint disabled!
[  454.884850][ T8496] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  454.898568][ T8496] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  455.170841][ T8527] xt_socket: unknown flags 0xc
[  456.003964][ T8426] kworker/u4:24: attempt to access beyond end of device
[  456.003964][ T8426] loop5: rw=2049, sector=40960, nr_sectors = 32 limit=40427
[  456.339246][ T4250] EXT4-fs (loop1): unmounting filesystem.
[  456.470323][ T8544] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1061'.
[  456.799738][ T8550] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  456.828641][ T8550] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  456.837369][ T8550] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  456.877517][ T8550] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check.
[  458.116498][ T8561] xt_socket: unknown flags 0xc
[  459.220526][ T8567] xt_socket: unknown flags 0xc
[  459.950306][ T8569] loop0: detected capacity change from 0 to 256
[  460.134642][ T8571] loop1: detected capacity change from 0 to 256
[  460.447102][ T8576] loop1: detected capacity change from 0 to 2048
[  460.515760][ T8576] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  460.981996][ T8585] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  461.013348][ T8585] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  461.022047][ T8585] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  461.731458][ T8592] loop0: detected capacity change from 0 to 256
[  461.767340][ T8592] exfat: Deprecated parameter 'utf8'
[  461.781598][ T8592] exfat: Deprecated parameter 'utf8'
[  461.818271][ T8592] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xfa3b3837, utbl_chksum : 0xe619d30d)
[  462.237304][ T8600] xt_socket: unknown flags 0xc
[  463.336159][ T8606] xt_socket: unknown flags 0xc
[  464.059723][ T8612] loop7: detected capacity change from 0 to 128
[  464.213702][ T8614] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1085'.
[  465.227529][ T4250] EXT4-fs (loop1): unmounting filesystem.
[  465.648382][ T8624] loop1: detected capacity change from 0 to 256
[  466.138845][ T8631] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  467.481037][ T8631] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  467.488712][ T8631] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  467.798771][ T8643] xt_socket: unknown flags 0xc
[  468.559437][ T8651] xt_socket: unknown flags 0xc
[  469.059098][   T26] audit: type=1326 audit(1734294184.913:512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8654 comm="syz.4.1102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817dd85d19 code=0x7ffc0000
[  469.092413][ T8653] loop7: detected capacity change from 0 to 2048
[  469.130885][   T26] audit: type=1326 audit(1734294184.963:513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8654 comm="syz.4.1102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817dd85d19 code=0x7ffc0000
[  469.159030][   T26] audit: type=1326 audit(1734294184.963:514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8654 comm="syz.4.1102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=63 compat=0 ip=0x7f817dd85d19 code=0x7ffc0000
[  469.187043][   T26] audit: type=1326 audit(1734294184.963:515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8654 comm="syz.4.1102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817dd85d19 code=0x7ffc0000
[  469.230709][   T26] audit: type=1326 audit(1734294184.963:516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8654 comm="syz.4.1102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817dd85d19 code=0x7ffc0000
[  469.276996][ T8653] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none.
[  470.050120][ T8669] loop5: detected capacity change from 0 to 256
[  471.117211][ T8677] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1105'.
[  473.777524][ T8689] xt_socket: unknown flags 0xc
[  474.328397][ T8697] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  474.501208][ T8697] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  474.509985][ T8697] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  475.220132][   T26] audit: type=1326 audit(1734294191.073:517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8703 comm="syz.0.1117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3504585d19 code=0x7ffc0000
[  475.279971][   T26] audit: type=1326 audit(1734294191.113:518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8703 comm="syz.0.1117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3504585d19 code=0x7ffc0000
[  475.303486][   T26] audit: type=1326 audit(1734294191.113:519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8703 comm="syz.0.1117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7f3504585d19 code=0x7ffc0000
[  475.328297][   T26] audit: type=1326 audit(1734294191.123:520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8703 comm="syz.0.1117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3504585d19 code=0x7ffc0000
[  475.368643][   T26] audit: type=1326 audit(1734294191.123:521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8703 comm="syz.0.1117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3504585d19 code=0x7ffc0000
[  475.444186][ T8709] xt_socket: unknown flags 0xc
[  475.587355][   T26] audit: type=1326 audit(1734294191.123:522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8703 comm="syz.0.1117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=286 compat=0 ip=0x7f3504585d19 code=0x7ffc0000
[  475.990930][   T26] audit: type=1326 audit(1734294191.133:523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8703 comm="syz.0.1117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3504585d19 code=0x7ffc0000
[  476.108942][ T8711] loop0: detected capacity change from 0 to 256
[  476.323086][ T7373] EXT4-fs (loop7): unmounting filesystem.
[  477.925418][ T8736] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1121'.
[  477.972051][ T4287] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  478.151718][ T4287] usb 5-1: device descriptor read/64, error -71
[  478.196265][ T4253] Bluetooth: hci4: command 0x0406 tx timeout
[  478.421713][ T4287] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  478.519296][ T8740] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  478.542706][ T8740] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  478.551308][ T8740] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  479.247819][ T4287] usb 5-1: device descriptor read/64, error -71
[  479.326164][ T8745] device syzkaller0 entered promiscuous mode
[  479.420967][ T4287] usb usb5-port1: attempt power cycle
[  479.479275][ T8735] loop0: detected capacity change from 0 to 40427
[  479.517286][ T8735] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504)
[  479.539006][ T8735] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  479.561618][ T8735] F2FS-fs (loop0): invalid crc value
[  479.586420][ T8750] 9pnet_fd: Insufficient options for proto=fd
[  479.590008][ T8735] F2FS-fs (loop0): Found nat_bits in checkpoint
[  479.703984][ T8735] F2FS-fs (loop0): Cannot turn on quotas: -2 on 2
[  479.740377][ T8735] F2FS-fs (loop0): Start checkpoint disabled!
[  479.761457][ T8735] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  479.782427][ T8735] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  479.841637][ T4287] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  479.887113][ T4287] usb 5-1: device descriptor read/8, error -71
[  480.171551][ T4287] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  480.180926][ T4439] kworker/u4:12: attempt to access beyond end of device
[  480.180926][ T4439] loop0: rw=2049, sector=40960, nr_sectors = 32 limit=40427
[  480.202312][ T4287] usb 5-1: device descriptor read/8, error -71
[  480.322136][ T4287] usb usb5-port1: unable to enumerate USB device
[  481.867233][ T8760] xt_socket: unknown flags 0xc
[  482.641587][ T4287] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  482.841704][ T4287] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  482.879196][ T4287] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  482.901595][ T4287] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  482.910695][ T4287] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  482.955626][ T4287] usb 5-1: config 0 descriptor??
[  483.157397][ T8775] loop7: detected capacity change from 0 to 256
[  483.382161][ T4287] pyra 0003:1E7D:2CF6.0013: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.4-1/input0
[  483.586815][ T4287] pyra 0003:1E7D:2CF6.0013: couldn't init struct pyra_device
[  483.600745][ T4287] pyra 0003:1E7D:2CF6.0013: couldn't install mouse
[  483.643622][ T4287] pyra: probe of 0003:1E7D:2CF6.0013 failed with error -5
[  483.865068][   T41] usb 5-1: USB disconnect, device number 20
[  484.312577][   T26] audit: type=1326 audit(1734294200.163:524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8786 comm="syz.7.1142" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6a0985d19 code=0x7ffc0000
[  484.401923][   T26] audit: type=1326 audit(1734294200.163:525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8786 comm="syz.7.1142" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6a0985d19 code=0x7ffc0000
[  484.917259][   T26] audit: type=1326 audit(1734294200.163:526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8786 comm="syz.7.1142" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7fa6a0985d19 code=0x7ffc0000
[  485.050093][   T26] audit: type=1326 audit(1734294200.193:527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8786 comm="syz.7.1142" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6a0985d19 code=0x7ffc0000
[  485.341742][   T27] INFO: task syz.6.759:7132 blocked for more than 144 seconds.
[  485.361437][   T27]       Tainted: G        W          6.1.120-syzkaller-00773-g52f863f820fd #0
[  485.371919][ T4287] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  485.408041][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  485.421027][   T27] task:syz.6.759       state:D stack:23704 pid:7132  ppid:6713   flags:0x00004004
[  485.439112][   T27] Call Trace:
[  485.443296][   T27]  <TASK>
[  485.446325][   T27]  __schedule+0x143f/0x4570
[  485.451004][   T27]  ? release_firmware_map_entry+0x186/0x186
[  485.457216][   T27]  ? blk_check_plugged+0x250/0x250
[  485.468835][   T27]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  485.476203][   T27]  ? blk_check_plugged+0x250/0x250
[  485.491419][   T27]  ? print_irqtrace_events+0x210/0x210
[  485.498534][   T27]  ? _raw_spin_lock_irq+0xdb/0x110
[  485.521687][   T27]  schedule+0xbf/0x180
[  485.525940][   T27]  io_schedule+0x88/0x100
[  485.530434][   T27]  folio_wait_bit_common+0x878/0x1290
[  485.542222][   T27]  ? folio_wait_bit+0x20/0x20
[  485.547656][   T27]  ? migration_entry_wait_on_locked+0x1160/0x1160
[  485.557520][   T27]  ? erofs_map_blocks+0x1a30/0x1a30
[  485.565907][   T27]  ? bio_add_page+0x3a4/0x750
[  485.768349][   T27]  z_erofs_runqueue+0xa59/0x1e10
[  485.825436][   T27]  ? z_erofs_do_read_page+0x3d00/0x3d00
[  485.870126][   T27]  ? __lock_acquire+0x1f80/0x1f80
[  485.934029][   T27]  ? z_erofs_pcluster_readmore+0x413/0x450
[  485.977950][   T27]  z_erofs_readahead+0xc26/0x1030
[  486.059427][   T27]  ? z_erofs_read_folio+0x760/0x760
[  486.126271][   T27]  ? __lock_acquire+0x1f80/0x1f80
[  486.222327][   T27]  ? blk_start_plug+0x95/0x110
[  486.437086][   T27]  read_pages+0x17f/0x830
[  486.447442][   T27]  ? folio_add_lru+0x34d/0xd70
[  486.458101][   T27]  ? folio_add_lru+0x34d/0xd70
[  486.475473][   T27]  ? page_cache_ra_unbounded+0x7b0/0x7b0
[  486.487119][   T27]  ? __lock_acquire+0x125b/0x1f80
[  486.495102][   T27]  ? __filemap_add_folio+0x1b00/0x1b00
[  486.506516][   T27]  page_cache_ra_unbounded+0x68b/0x7b0
[  486.514725][   T27]  force_page_cache_ra+0x2a3/0x300
[  486.520257][   T27]  generic_fadvise+0x553/0x7b0
[  486.529905][   T27]  ? dump_task+0x620/0x620
[  486.540123][   T27]  ? __fget_files+0x28/0x4a0
[  486.555059][   T27]  ? __fdget+0x182/0x210
[  486.559816][   T27]  __x64_sys_fadvise64+0x138/0x180
[  486.569408][   T27]  do_syscall_64+0x3b/0xb0
[  486.577828][   T27]  ? clear_bhb_loop+0x45/0xa0
[  486.586438][   T27]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  486.595984][   T27] RIP: 0033:0x7f3d34985d19
[  486.600758][   T27] RSP: 002b:00007f3d357ab038 EFLAGS: 00000246 ORIG_RAX: 00000000000000dd
[  486.617121][   T27] RAX: ffffffffffffffda RBX: 00007f3d34b75fa0 RCX: 00007f3d34985d19
[  486.626721][   T27] RDX: 000000000000ff39 RSI: 000000000000aa1f RDI: 0000000000000005
[  486.640687][   T27] RBP: 00007f3d34a01a20 R08: 0000000000000000 R09: 0000000000000000
[  486.659711][   T27] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000
[  486.675529][   T27] R13: 0000000000000000 R14: 00007f3d34b75fa0 R15: 00007ffd77265048
[  486.686466][   T27]  </TASK>
[  486.716203][   T27] 
[  486.716203][   T27] Showing all locks held in the system:
[  486.745572][   T27] 1 lock held by rcu_tasks_kthre/12:
[  486.755229][   T27]  #0: ffffffff8d32b250 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x34/0xde0
[  486.778241][   T27] 1 lock held by rcu_tasks_trace/13:
[  486.784907][   T27]  #0: ffffffff8d32ba70 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x34/0xde0
[  486.803245][   T27] 1 lock held by khungtaskd/27:
[  486.809233][   T27]  #0: ffffffff8d32b080 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x51/0x290
[  486.826519][   T27] 2 locks held by getty/4011:
[  486.831447][   T27]  #0: ffff88814ce5d098
[  486.832367][ T4287] usb 8-1: device descriptor read/64, error -71
[  486.833297][   T27]  (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70
[  486.854373][   T27]  #1: ffffc9000325e2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6a7/0x1db0
[  486.865954][   T27] 5 locks held by kworker/0:4/4287:
[  486.871160][   T27]  #0: ffff88801e6cf538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0
[  486.882317][   T27]  #1: ffffc90003f97d20 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0
[  486.894862][   T27]  #2: ffff888145372190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5730
[  486.903987][   T27]  #3: ffff8881453754f8 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_event+0x2471/0x5730
[  486.914523][   T27]  #4: ffff888027e3e768 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_event+0x249e/0x5730
[  486.924379][   T27] 3 locks held by kworker/0:5/4288:
[  486.929578][   T27]  #0: ffff888030874538 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0
[  486.940715][   T27]  #1: ffffc90003fb7d20 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0
[  486.954099][   T27]  #2: ffffffff8e50b328 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x15/0x30
[  486.963853][   T27] 2 locks held by kworker/1:4/4293:
[  486.969076][   T27]  #0: ffff888017c72138 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0
[  486.979585][   T27]  #1: ffffc90004007d20 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0
[  486.991082][   T27] 1 lock held by syz.6.759/7132:
[  486.996374][   T27]  #0: ffff8880561e1898 (mapping.invalidate_lock#5){.+.+}-{3:3}, at: page_cache_ra_unbounded+0xed/0x7b0
[  487.007634][   T27] 1 lock held by syz.0.1139/8783:
[  487.012987][   T27]  #0: ffffffff8e50b328 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7c1/0xff0
[  487.023140][   T27] 2 locks held by syz.5.1140/8780:
[  487.028267][   T27]  #0: ffffffff8e50b328 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3a/0x1b0
[  487.037359][   T27]  #1: ffffffff8d3306b8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x4f0/0x930
[  487.048302][   T27] 1 lock held by syz.1.1141/8790:
[  487.053428][   T27]  #0: ffffffff8e50b328 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7c1/0xff0
[  487.062913][   T27] 1 lock held by syz.4.1145/8801:
[  487.067938][   T27]  #0: ffffffff8e50b328 (rtnl_mutex){+.+.}-{3:3}, at: dev_ethtool+0x1f4/0x1540
[  487.077207][   T27] 
[  487.079669][   T27] =============================================
[  487.079669][   T27] 
[  487.096510][   T27] NMI backtrace for cpu 0
[  487.100880][   T27] CPU: 0 PID: 27 Comm: khungtaskd Tainted: G        W          6.1.120-syzkaller-00773-g52f863f820fd #0
[  487.111998][   T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  487.122044][   T27] Call Trace:
[  487.125310][   T27]  <TASK>
[  487.128225][   T27]  dump_stack_lvl+0x1e3/0x2cb
[  487.132987][   T27]  ? nf_tcp_handle_invalid+0x642/0x642
[  487.138447][   T27]  ? panic+0x764/0x764
[  487.142507][   T27]  ? vprintk_emit+0x622/0x740
[  487.147183][   T27]  ? printk_sprint+0x490/0x490
[  487.151953][   T27]  ? nmi_cpu_backtrace+0x252/0x560
[  487.157071][   T27]  nmi_cpu_backtrace+0x4e1/0x560
[  487.162017][   T27]  ? nmi_trigger_cpumask_backtrace+0x3f0/0x3f0
[  487.168174][   T27]  ? _printk+0xd1/0x111
[  487.172327][   T27]  ? panic+0x764/0x764
[  487.176390][   T27]  ? __wake_up_klogd+0xcc/0x100
[  487.181242][   T27]  ? panic+0x764/0x764
[  487.185301][   T27]  ? nmi_trigger_cpumask_backtrace+0xe0/0x3f0
[  487.191364][   T27]  ? arch_trigger_cpumask_backtrace+0x10/0x10
[  487.197422][   T27]  nmi_trigger_cpumask_backtrace+0x1ae/0x3f0
[  487.203405][   T27]  watchdog+0xf88/0xfd0
[  487.207558][   T27]  ? watchdog+0x1f8/0xfd0
[  487.211884][   T27]  kthread+0x28d/0x320
[  487.215941][   T27]  ? hungtask_pm_notify+0x50/0x50
[  487.220958][   T27]  ? kthread_blkcg+0xd0/0xd0
[  487.225540][   T27]  ret_from_fork+0x1f/0x30
[  487.229960][   T27]  </TASK>
[  487.234119][   T27] Sending NMI from CPU 0 to CPUs 1:
[  487.239520][    C1] NMI backtrace for cpu 1
[  487.239541][    C1] CPU: 1 PID: 9 Comm: kworker/u4:0 Tainted: G        W          6.1.120-syzkaller-00773-g52f863f820fd #0
[  487.239556][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  487.239565][    C1] Workqueue: bat_events batadv_nc_worker
[  487.239587][    C1] RIP: 0010:__lock_acquire+0x315/0x1f80
[  487.239607][    C1] Code: 48 89 34 24 0f 85 de 13 00 00 4c 8b ac 24 c8 00 00 00 b8 00 e0 ff ff 23 03 41 81 e7 ff 1f 00 00 44 09 f8 48 89 5c 24 08 89 03 <48> 8d 5c ee 08 48 89 d8 48 c1 e8 03 80 3c 10 00 74 16 48 89 df e8
[  487.239619][    C1] RSP: 0018:ffffc900000e79a0 EFLAGS: 00000002
[  487.239631][    C1] RAX: 000000000002002c RBX: ffff888017f50b50 RCX: ffff888017f50000
[  487.239642][    C1] RDX: dffffc0000000000 RSI: ffff888017f50ae0 RDI: ffffffff8d32b080
[  487.239652][    C1] RBP: 000000000000000a R08: 0000000000000000 R09: 0000000000000000
[  487.239661][    C1] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000
[  487.239670][    C1] R13: ffffffff8a82bc37 R14: ffffffff8d32b080 R15: 000000000000002c
[  487.239680][    C1] FS:  0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[  487.239693][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  487.239703][    C1] CR2: 0000564c54705600 CR3: 000000000d08e000 CR4: 00000000003506e0
[  487.239715][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  487.239724][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  487.239733][    C1] Call Trace:
[  487.239737][    C1]  <NMI>
[  487.239743][    C1]  ? nmi_cpu_backtrace+0x3de/0x560
[  487.239762][    C1]  ? read_lock_is_recursive+0x10/0x10
[  487.239781][    C1]  ? nmi_trigger_cpumask_backtrace+0x3f0/0x3f0
[  487.239807][    C1]  ? nmi_cpu_backtrace_handler+0x8/0x10
[  487.239820][    C1]  ? nmi_handle+0x12e/0x440
[  487.239840][    C1]  ? nmi_handle+0x25/0x440
[  487.239857][    C1]  ? __lock_acquire+0x315/0x1f80
[  487.239874][    C1]  ? default_do_nmi+0x62/0x150
[  487.239888][    C1]  ? exc_nmi+0xa8/0x100
[  487.239900][    C1]  ? end_repeat_nmi+0x16/0x31
[  487.239912][    C1]  ? batadv_nc_worker+0xc7/0x610
[  487.239932][    C1]  ? __lock_acquire+0x315/0x1f80
[  487.239949][    C1]  ? __lock_acquire+0x315/0x1f80
[  487.239967][    C1]  ? __lock_acquire+0x315/0x1f80
[  487.239984][    C1]  </NMI>
[  487.239988][    C1]  <TASK>
[  487.239999][    C1]  lock_acquire+0x1f8/0x5a0
[  487.240016][    C1]  ? batadv_nc_worker+0xc7/0x610
[  487.240035][    C1]  ? read_lock_is_recursive+0x10/0x10
[  487.240054][    C1]  ? batadv_nc_worker+0xc7/0x610
[  487.240070][    C1]  ? __lock_acquire+0x1f80/0x1f80
[  487.240089][    C1]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  487.240110][    C1]  batadv_nc_worker+0xe8/0x610
[  487.240125][    C1]  ? batadv_nc_worker+0xc7/0x610
[  487.240141][    C1]  ? batadv_nc_worker+0xc7/0x610
[  487.240158][    C1]  ? process_one_work+0x7a9/0x11d0
[  487.240173][    C1]  process_one_work+0x8a9/0x11d0
[  487.240194][    C1]  ? worker_detach_from_pool+0x260/0x260
[  487.240211][    C1]  ? _raw_spin_lock_irqsave+0x120/0x120
[  487.240227][    C1]  ? kthread_data+0x4e/0xc0
[  487.240247][    C1]  ? wq_worker_running+0x97/0x190
[  487.240260][    C1]  worker_thread+0xa47/0x1200
[  487.240277][    C1]  ? release_firmware_map_entry+0x186/0x186
[  487.240298][    C1]  kthread+0x28d/0x320
[  487.240309][    C1]  ? worker_clr_flags+0x190/0x190
[  487.240323][    C1]  ? kthread_blkcg+0xd0/0xd0
[  487.240336][    C1]  ret_from_fork+0x1f/0x30
[  487.240358][    C1]  </TASK>
[  487.599333][   T27] Kernel panic - not syncing: hung_task: blocked tasks
[  487.606209][   T27] CPU: 1 PID: 27 Comm: khungtaskd Tainted: G        W          6.1.120-syzkaller-00773-g52f863f820fd #0
[  487.617323][   T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  487.627369][   T27] Call Trace:
[  487.630638][   T27]  <TASK>
[  487.633560][   T27]  dump_stack_lvl+0x1e3/0x2cb
[  487.638237][   T27]  ? nf_tcp_handle_invalid+0x642/0x642
[  487.643690][   T27]  ? panic+0x764/0x764
[  487.647748][   T27]  ? llist_add_batch+0x160/0x1d0
[  487.652678][   T27]  ? vscnprintf+0x59/0x80
[  487.656999][   T27]  panic+0x318/0x764
[  487.660880][   T27]  ? nmi_trigger_cpumask_backtrace+0x2bf/0x3f0
[  487.667026][   T27]  ? memcpy_page_flushcache+0xfc/0xfc
[  487.672391][   T27]  ? nmi_trigger_cpumask_backtrace+0x2bf/0x3f0
[  487.678539][   T27]  ? nmi_trigger_cpumask_backtrace+0x338/0x3f0
[  487.684685][   T27]  ? nmi_trigger_cpumask_backtrace+0x33d/0x3f0
[  487.690833][   T27]  watchdog+0xfc7/0xfd0
[  487.694988][   T27]  ? watchdog+0x1f8/0xfd0
[  487.699310][   T27]  kthread+0x28d/0x320
[  487.703365][   T27]  ? hungtask_pm_notify+0x50/0x50
[  487.708376][   T27]  ? kthread_blkcg+0xd0/0xd0
[  487.712952][   T27]  ret_from_fork+0x1f/0x30
[  487.717371][   T27]  </TASK>
[  487.720650][   T27] Kernel Offset: disabled
[  487.724987][   T27] Rebooting in 86400 seconds..