last executing test programs:

2m43.436759963s ago: executing program 4 (id=14):
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/resume', 0x169a82, 0x189)
open_tree(0xffffffffffffffff, &(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r0, &(0x7f0000000400)=ANY=[], 0x1df)
write$binfmt_misc(r0, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000002c0)={r0, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})

2m43.352012994s ago: executing program 4 (id=15):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES64=r0, @ANYRES16=r0], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x70, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000040)={'tunl0\x00', 0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
unshare(0x78000100)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r6, {0x2, 0x0, @broadcast}, 0x2}}, 0x2e)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b400000000000000791028000000000069004400000000009500740000000000", @ANYRESDEC], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/164, 0x0, 0x25, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffff8f}, 0x48)
sendmsg$DEVLINK_CMD_RELOAD(r1, 0x0, 0x40800)
ioctl$PPPIOCGL2TPSTATS(0xffffffffffffffff, 0x80487436, 0x0)
capset(0x0, 0x0)
pselect6(0x0, 0x0, &(0x7f0000000040)={0x6, 0x6, 0x9, 0x7fffffff, 0xba, 0x9, 0x7, 0x7}, &(0x7f0000000100)={0x3, 0xfffffffffffffffa, 0xfffffffffffff000, 0x63, 0x14, 0x9, 0x10000, 0x4}, &(0x7f0000000180), 0x0)

2m42.228953486s ago: executing program 4 (id=23):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000080)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c696e6f646536342c6c6f63616c616c6c6f633d30303030303030303030303030303030313731342c61636c2c6c6f63616c666c6f636b732c636f686572656e63793d66756c6c2c6e6f61636c2c00882bb7a63864a19f186813ab5265f313eeeea0cb144b9317f58558f596fa072f9a29c38a293509350482fc7f"], 0x1, 0x4450, &(0x7f0000008900)="$eJzs3c9vHGcZAOB3Jia1Qxvs0EORkFiJSiBAlt0T4Eo4jhPXbkxQIBXislnb28Sw9kb2GnGohLlV4oTEAXGoQOLmU+UD1yLxD3DhWK5UggMXJKSIRbs7a++Md/ESdus6eh4pHs/3a971uzPzzWHypZnG4+390vZ+qbJbqm++vf9a6cf12sFONdKPyUUfn+GMPk9JyP3FuXfrznffei3iD1t//qjZbDajZSL6mu/5/Z//eGezd9uVFvq0xu0/2qj8ICJePhNXy5WI+P7vI5KIuJmVLWXbqYi4Hp26t975+cPSiKJ5/8Pq6+Wn6+8eL7y6dvTe8eDPnkT8uva5rz3a+dsXryz85SsjOjwAAAAAAAAAAAAAAAAAAJfcyv17D74zNx8fJDFxlJx9X3cl2w56P7Y5Ml8Y/4cFAAAAAAAAAAAAAAAAAACAT6jT9/9LyY1kIiLy7/8vZ9vFAf2b3xp/jIzP6rfvLd+em8/Wf0/O1H89K/r7zSsx02fd9+L67zcL/fuv//7CyOLvxtc97nQk6WxuP01nZyN+my38/kpyLa3V9xtffbt+sLs1sjAurXz+O6v3574F2YL+w+Z/qTD++Nf//2wUv7Wt/Ydnv8r0kc//lYHtfvezZKj83yr0+zjyz7PL53+iXTbV22CxcwFo5f8XE+fnf7kw/rjyfz0iSkkr1lLubnIj6ZQPmq+Ql8//p9pluUtn9occdP7/q5D/24XxL+r6f1i8EdFXPv9X22WTuRan5/9Mev75f6cw/kXkvxX/ofv/UPL5z66kE7km7b/ksNf/lcL448r/g7Qd51/jepL7BhwlnfgH/X915OXzP3mm/vT5Lx1q/vdGoX///I/u5OzG1z1u+/mv2Wz+NNv/ctJ5/qO/fP6nBrYb9vxfLfQb9/V/MUpDPwFcHWcgl1Q+/9faZfm583T757D5X+vdeTq+/LdnJZPd/J9eT/79Qqf8Nz3zvwfjCOA5kc//pzuFaW+Lw/bP9vwvOX/+/2Zh/P+S/+RwJJ/g7PyvFf9hOpLBn3v5/L84sF0r/38a4v5/t9Bv/PP/iDlz/WeWz/9LA9u1z//J8/O/Xug37vx/aZyDAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwCS9l2OpJ0NrefprOzEbey/VfiWrJR2Spv1OqbP9qPWM7KS3EjeVSrb1Rq5e3d+la1XKnV6psRt7P6l2My2a/VG+WdypM7J2NNJY+rlb3GRrXSiIiVrPzz8VJ3rI3txk7lSUS8cVL3mbS+9+RxZbe8tb33zbm5ublYPYlhJqn+pFHdbXSO3qmNWDvpO530BNeufvMklheTH9YP9nYrtXb53Z4+tfpmpdbTZz2r+2XMJI29g93NSqNartUfdY83yB+vPmNy/geL2XZ59f737t+dP1P/MOlsl8YfCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/hw8WvvGriJjo7KURUUqyX5LsX877H1ZfLz9df/d44dW1o/eOP+rXBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/7ADBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFXfpHaSCI4gD8Ziy09BhWy25nu6KIFq4InkCP4WH0KF7CO1ikSJsiBJJZCPsHtkmq72sezI+Z92AeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMByj2/d+2vdRKS42l5G/H7+/R/nz6V+303fvzjDjJzO00t3/1A35d/TKL8tR6s279PN+usjJmrvZ7Anw306GPcZmtu3ufn6vteRchURbclvUs5VtewtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAHTtwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgWMBAAAAAGH+1lH0bQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/AoAAP//YvMk6w==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
fallocate(r0, 0x0, 0x7351, 0x8001)
syz_mount_image$udf(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x100c007, &(0x7f0000000080)={[{@gid}, {@gid_forget}, {@adinicb}, {@utf8, 0x0}, {@noadinicb}, {@lastblock={'lastblock', 0x3d, 0x521}}, {@partition={'partition', 0x3d, 0x4}}, {@session={'session', 0x3d, 0x9}}, {@dmode={'dmode', 0x3d, 0x407}}], [{@defcontext={'defcontext', 0x3d, 'root'}}]}, 0xfd, 0xc2f, &(0x7f0000000280)="$eJzs3UFsHNd9B+D/G5IiaTcVEyeK3cbFui1SmbFcWVJMxSrcVU2zDSDLRCjmFoArcqUuTJEESTWykbZMLz30EKAoesiJQGsUSNHAqIugR7Z1geTiQ5FTT0QLG0HRA1sEyMlgMLNvpSVFWYxISpT1fTb12515b+bNm+EMJfDtCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAg4vdePX/yhfSgWwEA3E8XJ7528pTnPwA8Ui75+z8AAAAAAAAAAAAAABx2KYp4IlIsXNxIU9X7toELrbnrNyZHx3auNpiqmj1V+fJr4IVTp898+cWRs538+Pr77al4feLS+dor89cWFptLS82Z2uRca3p+ptj1Fnau37znFg2XHdAfEddnrlxZqp16/vSW1TeGPux//NjQuZFnTzzdLnujNjk6NjbRVaa37573fps7jfA4EkWciBTPff8nqRERVYftsS/ucu0ctMHqIIarg5gcHasOZLbVmFsuV453OqKIqHVVqnf66D6ciz2pR6yUzS8bPFwe3sRCY7FxebZZG28sLreWW/Nz46nd2vJ4alHE2RSxGhHr/bdvri+K6I0U3z26kS5HRE+nH75UDQy+czt2/511IMp21voiVouH4JwdYv1RxGuR4qfvHY/pss/yV3wx4rUyfxDxdpkvR6TywjgT8cEO1xEPp94o4i/K839uI81U94POfeXC12tfnbsy31W2c1/Z2/NhM1899/35MLgt749Dfm8aiCIa1R1/I937DzsAAAAAAAAAAAAAAAAA7LfBKOKpSPHqf/xRNa44qnHpR8+N/P7Qp7rHjD95l+2UZZ+PiJVid2Nyj+QhxONpPKUHPJb4UTYQRfxxHv/37QfdGAAAAAAAAAAAAAAAAAAAgEdaET+OFC+9fzytRvec4q25q7VLjcuz7VlhO3P/duZM39zc3KyldtZzTuVcybmacy3nes4ocv2c9ZxTOVdyruZcy7meM3py/Zz1nFM5V3Ku5lzLuZ4zenP9nPWcUzlXcq7mXMu5njMOydy9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACfJEUU8VGk+M43N1KkiKhHTEU71/ofdOsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgFJ/KuLdSFH7g/rNZb0Rkar/246Xf5yJ+pEyPxP1kTJfjvr5nI0qe+vffgDtZ2/6UhE/ihT9A+/cPOGfap//vva7m5dBvP2tW+9+pbedPZ2VQx/2P37s6LmRsV978k6v004NGL7Qmrt+ozY5OjY20bW4N+/9M13LhvJ+i/05dCJi6c233mjMzjYX7/1FeQnsoboXu35xRD/f24vNfLX/otWj9xA0/gG9eMA3Ju6L8vn/QaT47ff/s/PA7/z890vtdzef8PGzP7n1/H9p+4YO6Pn/RNeyl/JPI329EQPL1xb6jkUMLL351onWtcbV5tXm3JmTJ78yMvKV0yf7jkQMXGnNNrte7bmrAAAAAAAAAAAAAAAAAO6vVMTvRorGjzZSLSJuVOO1hs6NPHvi6Z7oqcZbbRm39frEpfO1V+avLSw2l5aaM7XJudb0/Exzt7sbqIZ7TY6OHcjB3NXgAbd/cOCV+YU3F1tX/3B5x/WPDZy/vLS82JjeeXUMRhFR714yXDV4cnSsavRsqzFXVR3fcTDdL64vFfFfkWL6TC09k5fl8X/bR/hvGf+/sn1DBzT+79Ndy8p9plTEzyLFb/3lk/FM1c7H4rY+y+X+NlIMn/1CLhdHynKdNrQ/V6A9MrAs+3+R4h8/2lq2Mx7yiVtlX9h1xz4kyvN/NFK8++ffi1/Py3q3fP7Dzuf/se0b2uX53/zTbfXucv4/27XssS2fV7A/x/+oK8//iUjx8hPvxG/kZb0f8/kfnc/eOJ4L3/x8jgP6/v9c17KhvN/f3J9DBwAAAAAAAAAAeKj1pSL+LlI8PdabXszLdvP7fzPbN3RAv//1+a5lM/szX9FdX+y5UwEAAADgkOhLRfw4UlxdfufmGOqt47+7xn/+zq3xn6Np29rq3/l+ufrcgP38979uQ3m/U3s/bAAAAAAAAAAAAAAAAAAAADhUUirixTyf+tRd5lNfixSv/s9zuVw6VpbrzAM/VP05cHF+7sT52dn56cZy4/Jsszax0JhulnU/Gyk2/uYLuW5Rza/+zLZ9dOZiX4wUY3/fKduei70zN3l7PvD2XOxl2U9Hiv/+h61lO/NYf+5W2VNl2b+OFN/4553LHrtV9nRZ9nuR4offqHXKPlaW7Xw+6udvlX1+er7Y1/MBAAAAAAAAAAAAAAAAAADAo6kvFfFnkeJ/r63eHMuf5//v63pbeftbXfP9b3Ojmud/qJr//06v72X+/6Hba3y02RaxefQejxoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA63FEW8FSkWLm6ktf7yfdvAhdbc9RuTo2M7VxtMVc2eqnz5NfDCqdNnvvziyNlOfnz9/fZUvD5x6XztlflrC4vNpaXmTG1yrjU9P9Pc9Rb2Wn+74aoDatfeuD5z5cpS7dTzp7esvjH0Yf/jx4bOjTx74ulO2cnRsbGJrjK9ffe899ukOyw/EkX8VaR47vs/Sf/SH1HE3vviLtfOQRusDmK4OojJ0bHqQGZbjbnlcuV4pyOKiFpXpXqnj+7DudiTesRK2fyywcPl4U0sNBYbl2ebtfHG4nJruTU/N57arS2PpxZFnE0RqxGx3n/75vqiiDcixXePbqR/7Y/o6fTDly5OfO3kqTu3ozjAY9yFsp21vojV4iE4Z4dYfxTxT5Hip+8dj3/rj+iN9ld8MeK1Mn8Q8Xa0z3cqL4wzER/scB3xcOqNIv6/PP/nNtJ7/eX9oHNfufD12leX3+0u27mvPPTPh/vpkN+bBqKIH1Z3/I30776vAQAAAAAAAAAAAAAAAA6RIn41Urz0/vFUjQ/uDIpebM1drV1qXJ5tD+vrjP3rrN7c3NyspXbWc07lXMm5mnMt53rOKHL9nPUyBzY3p/L7lZyrOddyrueMnlw/Zz3nVM6VnKs513Ku54zeXD9nPedUzpWcqznXcq7njEMydg8AAAAAAAAAAAAAAAAAAPhkKar/Unznmxtps789v/RUtHPNfKCfeD8PAAD//4Vl++I=")
ioctl$FITRIM(r0, 0x40406f06, 0x0)

2m41.676828157s ago: executing program 4 (id=32):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
add_key$user(0x0, &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000540)="31f4ab74", 0x4, 0xfffffffffffffffd)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="e8000000", @ANYRES16=r4, @ANYBLOB="050000000000000000000f00000008000300", @ANYRES32=r5, @ANYBLOB="28000e0080000000ffffffffffff0802110000000802110000000000000000000000000064000100040008010400440008004b000100000018004c000bac0f0001ac0f000fac0f0014ac0f000dac0f0004001e013400fe005b4b2efefbd21e89ebe44fed4ccafef683d6d2b615eaae470d346b912171f3b7964aa23b2b1cebf9b5e719d408580a7b08004b000100000008004c0013ac0f002400fe001c239bb7fafedd4381bff31d77124bfb354d84daed80e404deb71fdbdd2e3e6f08000c006400000008000d"], 0xe8}}, 0x0)
r6 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x20, &(0x7f0000000280)={@mcast2, 0x2, 0x1, 0x2, 0xa, 0xc53e, 0x8}, 0x20)
r7 = socket(0x1e, 0x1, 0x0)
ioctl$SIOCSIFMTU(r7, 0x8922, &(0x7f00000000c0)={'veth1_macvtap\x00', 0x100})
ioctl$VT_ACTIVATE(0xffffffffffffffff, 0x5603, 0x10000000000004)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000440)={'wlan0\x00'})
sendmsg$NL80211_CMD_PROBE_MESH_LINK(r8, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000480)={0x0}, 0x1, 0x0, 0x0, 0x14}, 0x4008000)
syz_mount_image$nilfs2(&(0x7f0000000a40), &(0x7f0000000000)='./file0\x00', 0x5, &(0x7f0000000040)={[{@discard}, {@snapshot={'cp', 0x3d, 0x3}}, {@discard}, {@snapshot={'cp', 0x3d, 0xfffffffffffffffd}}, {@norecovery}, {@snapshot={'cp', 0x3d, 0x3}}, {@discard}, {@order_relaxed}, {@nodiscard}]}, 0x1, 0xa0d, &(0x7f0000000a80)="$eJzs3U1sXEcdAPB5a6/TfJRsSkJNGtqEQls+ajeOCR8RNFVzIWoqbpUqLlGalog0IFIJWvWQ5MSNVlW48iFOvVSAkOgFRT1xqUQjcempcOBAFKRKHKCQGMWeWa//2eXtOonX6/39pPHsvJndmbd++/bte29mEjC2Got/5+enq5Quvv3Gkb8/9LfNN5Y83i7RWvw72ZFqppSqnJ4Mr/fBxFJ87cNXT3SLqzS3+Lek09NX28/dmlI6l/amS6mVdl+8/Pq7c08dO3/0wr733jx05c6sPQAAjJdvXTo0v+svf7pvx0dv3X84bWovL8fnrZzelo/7D+cD/3L830gr01VH6DQVyk3m0AjlJrqU66ynGcpN9qh/Krxus0e5TTX1T3Qs67beMMrKdtxKVWNmRbrRmJlZ+k2eFn/XT1UzZ06dfv7skBoK3Hb/fCCltFcQhHEMC9uHvQcCWBKvF97kXDyzcGvarzbZX/1Xn2h0fz7cBmu9/S+pzg23/mXq///1/+q8PQ63z0bdmsp6lc/RtpyO1xHi/UuDfv7L68XrEc0+29nrOsKoXF/o1c6JNW7HavVqf9wuNqqv57i8D98I+Z2fn/g/HZX/MdDdv5z/F4SxDQvD3gEB61a8b24hK/nxvr6Yv6km/66a/M01+Vtq8rfW5MM4++1LP0mvVcu/8+Nv+kHPh5XzbHfn+GMDtieejxy0/njf76Butf54PzGsZ78//szJrzz37OWl+/+r9vZ/PW/ve3O6lT9bl3KBcr4wnldv3/vfWllPo0e5e0J77u5SfvHxzpXlqp3Lr5M69jM3tWN65fO29yq3Z2W5Vii3OYe7Qnvj8cmW8Lxy/FH2q+X9mgzr2wzrMRXaUfYrO3Ic2wGrUbbHXvf/l+1zOjWr50+dPvlYTpft9I8TzU03lu9f43YDt67f/j/TaWX/n23t5c1G535h+/LyqnO/0ArL53osP5DT5XvuOxObF5fPnPje6edu98rDmDv78ivfPX769MkfeOCBBx60Hwx7zwTcabMvvfj92bMvv/LoqRePv3DyhZNnDhw8eGBu7uBXD8zPLh7Xz3Ye3QMbyfKX/rBbAgAAAAAAAAAAAPTrh0ePXP7zO19+f6n//3L/v9L/v9z5W/r//zj0/4/95Es/+NIPcEeX/MUyYYDVqVCumcPHQ3t3hnp2hed9Isftefxy//9SXRzXtbTn3rA8jt9byoXhBG4aL2UqjEES5wv8dI4v5PiXCYao2tx9cY7rxrcu23oZn8K4FKOp/N/K1lDGMSn9v3uN61T2/zvWoI3cfmvRnXDY6wh09w/jfwvC2IaFBbN4AOvDsOf/LOc9S3zmD9+860Yoxa4+sXJ/GccvhVux3uefVP/Gmv+zPf9d3/u/MGNea3X1/vtnV97vqDbt7rf+uP5lHOidg9X/Ua6/rM3Dqb/6F34R6o8XhPr0n1D/lj7rv2n996yu/v/m+svb9siD/da/1OKqsbId8bxxuf4XzxsX18L6l7E9B17/VU7UeD3XD+NsVOaZHdSozP/bS7wP40s5XXaE5T6HON/JoO0v91eU74Fd4fWrmu838/+Otq/luO7zUOb/Ldtjq0u60ZFudnlvN+q+BkbVB67/CcLYhoWFhTt7QqvGUCtn6O//sH8nDLv+Yb//deL8v/EYPs7/G/Pj/L8xP87/G/Pj/HoxP87/G9/POP9vzL83vG6cH3i6Jv+TNfm7a/Lvq8nfU5P/qZr8fTX599fkP1CTf09N/oM1+Z+pyf9sTf5DNfmP1OR/riZ/oyv9UcZ1/WGcxf55Pv8wPsr1n16f/501+cDo+ulb+5989jffbi31/59qnw8p1/EO53Qz/3b+UU7H696pI30j752c/mvIX+/nO2CcxPEz4vf7wzX5wOgq93n5fMMYqrqP2NPvuFW9jvMZLZ/P8Rdy/MUcP5rjmRzP5nh/jufWqH3cGU/++neHXquWf+9vD/n93k8e+wPFcaIO9NmeeH5g0PvZ4zh+g7rV+lfZHQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGBoGot/5+enq5Quvv3GkWeOnZq9seTxdonW4t/JjlSz/byUHsvxRI5/nh9c+/DVE53x9RxXaS5VqWovT09fbde0NaV0Lu1Nl1Ir7b54+fV35546dv7ohX3vvXnoyp17BwAAAGDj+18AAAD//8xlDh4=")

2m40.535605299s ago: executing program 4 (id=43):
r0 = socket$kcm(0x10, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wlan1\x00'})
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x24044884)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$unix(0x1, 0x5, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010028bd7000fddbdf250700000008000300", @ANYRES32=r4, @ANYBLOB="0c009900ff070000700000001400040073797a6b616c6c6572300000000000000800050006"], 0x44}, 0x1, 0x0, 0x0, 0x81}, 0x24044884)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r5)
socket$inet_sctp(0x2, 0x1, 0x84)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})

2m40.411660182s ago: executing program 4 (id=44):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x42, 0x6, 0x8, 0x0, 0x1}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x8001, 0x0, r0}, 0x50)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x8000, r1}, 0x38)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0)

2m25.327912585s ago: executing program 32 (id=44):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x42, 0x6, 0x8, 0x0, 0x1}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x8001, 0x0, r0}, 0x50)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x8000, r1}, 0x38)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0)

22.544487809s ago: executing program 2 (id=998):
r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
read$FUSE(r0, &(0x7f0000000040)={0x2020}, 0x2020)
ppoll(&(0x7f00000020c0), 0x0, 0x0, 0x0, 0x0)
write$FUSE_NOTIFY_RESEND(r0, &(0x7f0000002100)={0x14}, 0x14)
syz_open_dev$media(&(0x7f00000006c0), 0x4007, 0x0)
ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0x7c80, 0x0)
r1 = socket$igmp(0x2, 0x3, 0x2)
ioctl$SIOCGETSGCNT_IN6(r1, 0x89e1, &(0x7f0000000040)={@empty, @ipv4={'\x00', '\xff\xff', @local}})

21.229477676s ago: executing program 2 (id=1005):
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000440)={'pim6reg\x00', 0x0})
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000600)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f00000002c0)={0x8040500, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)

20.420297712s ago: executing program 1 (id=1009):
r0 = socket(0x10, 0x3, 0x0)
getpeername$netlink(r0, 0x0, &(0x7f0000000300))

20.172081927s ago: executing program 1 (id=1012):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
add_key$user(0x0, &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r3, 0x0, 0x0)
r6 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x20, &(0x7f0000000280)={@mcast2, 0x2, 0x1, 0x2, 0xa, 0xc53e, 0x8}, 0x20)
r7 = socket(0x1e, 0x1, 0x0)
ioctl$SIOCSIFMTU(r7, 0x8922, 0x0)
ioctl$VT_ACTIVATE(0xffffffffffffffff, 0x5603, 0x10000000000004)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000440)={'wlan0\x00'})
sendmsg$NL80211_CMD_PROBE_MESH_LINK(r8, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000480)={0x0}, 0x1, 0x0, 0x0, 0x14}, 0x4008000)
syz_mount_image$nilfs2(&(0x7f0000000a40), &(0x7f0000000000)='./file0\x00', 0x5, &(0x7f0000000040)={[{@discard}, {@snapshot={'cp', 0x3d, 0x3}}, {@discard}, {@snapshot={'cp', 0x3d, 0xfffffffffffffffd}}, {@norecovery}, {@snapshot={'cp', 0x3d, 0x3}}, {@discard}, {@order_relaxed}, {@nodiscard}]}, 0x1, 0xa0d, &(0x7f0000000a80)="$eJzs3U1sXEcdAPB5a6/TfJRsSkJNGtqEQls+ajeOCR8RNFVzIWoqbpUqLlGalog0IFIJWvWQ5MSNVlW48iFOvVSAkOgFRT1xqUQjcempcOBAFKRKHKCQGMWeWa//2eXtOonX6/39pPHsvJndmbd++/bte29mEjC2Got/5+enq5Quvv3Gkb8/9LfNN5Y83i7RWvw72ZFqppSqnJ4Mr/fBxFJ87cNXT3SLqzS3+Lek09NX28/dmlI6l/amS6mVdl+8/Pq7c08dO3/0wr733jx05c6sPQAAjJdvXTo0v+svf7pvx0dv3X84bWovL8fnrZzelo/7D+cD/3L830gr01VH6DQVyk3m0AjlJrqU66ynGcpN9qh/Krxus0e5TTX1T3Qs67beMMrKdtxKVWNmRbrRmJlZ+k2eFn/XT1UzZ06dfv7skBoK3Hb/fCCltFcQhHEMC9uHvQcCWBKvF97kXDyzcGvarzbZX/1Xn2h0fz7cBmu9/S+pzg23/mXq///1/+q8PQ63z0bdmsp6lc/RtpyO1xHi/UuDfv7L68XrEc0+29nrOsKoXF/o1c6JNW7HavVqf9wuNqqv57i8D98I+Z2fn/g/HZX/MdDdv5z/F4SxDQvD3gEB61a8b24hK/nxvr6Yv6km/66a/M01+Vtq8rfW5MM4++1LP0mvVcu/8+Nv+kHPh5XzbHfn+GMDtieejxy0/njf76Butf54PzGsZ78//szJrzz37OWl+/+r9vZ/PW/ve3O6lT9bl3KBcr4wnldv3/vfWllPo0e5e0J77u5SfvHxzpXlqp3Lr5M69jM3tWN65fO29yq3Z2W5Vii3OYe7Qnvj8cmW8Lxy/FH2q+X9mgzr2wzrMRXaUfYrO3Ic2wGrUbbHXvf/l+1zOjWr50+dPvlYTpft9I8TzU03lu9f43YDt67f/j/TaWX/n23t5c1G535h+/LyqnO/0ArL53osP5DT5XvuOxObF5fPnPje6edu98rDmDv78ivfPX769MkfeOCBBx60Hwx7zwTcabMvvfj92bMvv/LoqRePv3DyhZNnDhw8eGBu7uBXD8zPLh7Xz3Ye3QMbyfKX/rBbAgAAAAAAAAAAAPTrh0ePXP7zO19+f6n//3L/v9L/v9z5W/r//zj0/4/95Es/+NIPcEeX/MUyYYDVqVCumcPHQ3t3hnp2hed9Isftefxy//9SXRzXtbTn3rA8jt9byoXhBG4aL2UqjEES5wv8dI4v5PiXCYao2tx9cY7rxrcu23oZn8K4FKOp/N/K1lDGMSn9v3uN61T2/zvWoI3cfmvRnXDY6wh09w/jfwvC2IaFBbN4AOvDsOf/LOc9S3zmD9+860Yoxa4+sXJ/GccvhVux3uefVP/Gmv+zPf9d3/u/MGNea3X1/vtnV97vqDbt7rf+uP5lHOidg9X/Ua6/rM3Dqb/6F34R6o8XhPr0n1D/lj7rv2n996yu/v/m+svb9siD/da/1OKqsbId8bxxuf4XzxsX18L6l7E9B17/VU7UeD3XD+NsVOaZHdSozP/bS7wP40s5XXaE5T6HON/JoO0v91eU74Fd4fWrmu838/+Otq/luO7zUOb/Ldtjq0u60ZFudnlvN+q+BkbVB67/CcLYhoWFhTt7QqvGUCtn6O//sH8nDLv+Yb//deL8v/EYPs7/G/Pj/L8xP87/G/Pj/HoxP87/G9/POP9vzL83vG6cH3i6Jv+TNfm7a/Lvq8nfU5P/qZr8fTX599fkP1CTf09N/oM1+Z+pyf9sTf5DNfmP1OR/riZ/oyv9UcZ1/WGcxf55Pv8wPsr1n16f/501+cDo+ulb+5989jffbi31/59qnw8p1/EO53Qz/3b+UU7H696pI30j752c/mvIX+/nO2CcxPEz4vf7wzX5wOgq93n5fMMYqrqP2NPvuFW9jvMZLZ/P8Rdy/MUcP5rjmRzP5nh/jufWqH3cGU/++neHXquWf+9vD/n93k8e+wPFcaIO9NmeeH5g0PvZ4zh+g7rV+lfZHQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGBoGot/5+enq5Quvv3GkWeOnZq9seTxdonW4t/JjlSz/byUHsvxRI5/nh9c+/DVE53x9RxXaS5VqWovT09fbde0NaV0Lu1Nl1Ir7b54+fV35546dv7ohX3vvXnoyp17BwAAAGDj+18AAAD//8xlDh4=")

19.320821904s ago: executing program 5 (id=1017):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = syz_io_uring_setup(0x497, &(0x7f00000002c0)={0x0, 0x89b8, 0x800, 0x0, 0x207}, &(0x7f0000000040)=<r5=>0x0, 0x0)
syz_io_uring_submit(r5, 0x0, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r3, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12})
io_uring_enter(r4, 0x847ba, 0x0, 0xe, 0x0, 0x0)

19.319279654s ago: executing program 1 (id=1018):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000600)={0x44, &(0x7f0000000340)={0x40, 0xf, 0x1, 'V'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000180)={0x20, 0xd}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000002c0)={0x2c, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0})

18.784264734s ago: executing program 2 (id=1022):
getpeername$netlink(0xffffffffffffffff, 0x0, &(0x7f0000000300))

18.783861834s ago: executing program 2 (id=1023):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'netdevsim0\x00'})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x1a, &(0x7f0000000100)=0x401, 0x4)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f0000000080)={0xa, 0x14e22, 0xfffffff9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x36}}}, 0x1c)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r3, 0x29, 0x4b, &(0x7f0000000100)=0x401, 0x4)
bind$inet6(r3, &(0x7f0000000140)={0xa, 0x4e22, 0x3, @loopback={0x100000}, 0x6}, 0x1c)
getsockopt$XDP_STATISTICS(0xffffffffffffffff, 0x11b, 0x7, &(0x7f0000000000), &(0x7f0000000080)=0x30)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@broadcast, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @loopback, @local}, @time_exceeded={0x4, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty=0xac1414aa}, "17b6f7df60c70000"}}}}}, 0x0)
r7 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_GET(r7, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x30, 0x1401, 0x1, 0x70bd2b, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
recvfrom(r6, &(0x7f0000000500)=""/43, 0x2b, 0x2100, &(0x7f0000000540)=@pppol2tpv3in6={0x18, 0x1, {0x0, r4, 0x3, 0x3, 0x3, 0x0, {0xa, 0x4e22, 0x401, @local, 0xf}}}, 0x80)
sendmsg$NFT_BATCH(r6, 0x0, 0x4048010)
ioctl$HCIINQUIRY(r5, 0x400448ca, 0x0)
bind$bt_hci(r5, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000001c0)=ANY=[@ANYRES32=r8], 0x44}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
r9 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendmsg$AUDIT_GET(0xffffffffffffffff, 0x0, 0x1)
ioctl$sock_bt_hci(r9, 0x400448cb, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000096c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newtaction={0x60, 0x30, 0x1, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_vlan={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_PRIORITY={0x5}, @TCA_VLAN_PUSH_VLAN_ID={0x6}, @TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x88a8}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}}, 0x0)

18.459820101s ago: executing program 5 (id=1024):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'veth1_to_hsr\x00'})
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000090000082502000000000000000109025c00020100f92a0904000001020900000524060001053408fa6e0d240f0100000000000d000a0006471a0100001905"], 0x0)
syz_usb_disconnect(r0)

18.274843285s ago: executing program 1 (id=1025):
ioctl$COMEDI_INSN(0xffffffffffffffff, 0x8028640c, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x4, 0x4, 0x4, 0x10000, 0x808, 0xffffffffffffffff, 0x20000000, '\x00', 0x0, 0xffffffffffffffff, 0x3000000, 0xffffffff}, 0x50)

17.944752511s ago: executing program 3 (id=1028):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = fsopen(&(0x7f0000000100)='binder\x00', 0x0)
r4 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0xf0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x34, r4, 0x1, 0x0, 0x0, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x1}, @SEG6_ATTR_SECRET={0x8, 0x4, [0x0]}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x1}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x1}]}, 0x34}}, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)

17.908137852s ago: executing program 0 (id=1029):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
add_key$user(0x0, &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r3, 0x0, 0x0)
r6 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x20, &(0x7f0000000280)={@mcast2, 0x2, 0x1, 0x2, 0xa, 0xc53e, 0x8}, 0x20)
r7 = socket(0x1e, 0x1, 0x0)
ioctl$SIOCSIFMTU(r7, 0x8922, 0x0)
ioctl$VT_ACTIVATE(0xffffffffffffffff, 0x5603, 0x10000000000004)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000440)={'wlan0\x00'})
sendmsg$NL80211_CMD_PROBE_MESH_LINK(r8, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000480)={0x0}, 0x1, 0x0, 0x0, 0x14}, 0x4008000)
syz_mount_image$nilfs2(&(0x7f0000000a40), &(0x7f0000000000)='./file0\x00', 0x5, &(0x7f0000000040)={[{@discard}, {@snapshot={'cp', 0x3d, 0x3}}, {@discard}, {@snapshot={'cp', 0x3d, 0xfffffffffffffffd}}, {@norecovery}, {@snapshot={'cp', 0x3d, 0x3}}, {@discard}, {@order_relaxed}, {@nodiscard}]}, 0x1, 0xa0d, &(0x7f0000000a80)="$eJzs3U1sXEcdAPB5a6/TfJRsSkJNGtqEQls+ajeOCR8RNFVzIWoqbpUqLlGalog0IFIJWvWQ5MSNVlW48iFOvVSAkOgFRT1xqUQjcempcOBAFKRKHKCQGMWeWa//2eXtOonX6/39pPHsvJndmbd++/bte29mEjC2Got/5+enq5Quvv3Gkb8/9LfNN5Y83i7RWvw72ZFqppSqnJ4Mr/fBxFJ87cNXT3SLqzS3+Lek09NX28/dmlI6l/amS6mVdl+8/Pq7c08dO3/0wr733jx05c6sPQAAjJdvXTo0v+svf7pvx0dv3X84bWovL8fnrZzelo/7D+cD/3L830gr01VH6DQVyk3m0AjlJrqU66ynGcpN9qh/Krxus0e5TTX1T3Qs67beMMrKdtxKVWNmRbrRmJlZ+k2eFn/XT1UzZ06dfv7skBoK3Hb/fCCltFcQhHEMC9uHvQcCWBKvF97kXDyzcGvarzbZX/1Xn2h0fz7cBmu9/S+pzg23/mXq///1/+q8PQ63z0bdmsp6lc/RtpyO1xHi/UuDfv7L68XrEc0+29nrOsKoXF/o1c6JNW7HavVqf9wuNqqv57i8D98I+Z2fn/g/HZX/MdDdv5z/F4SxDQvD3gEB61a8b24hK/nxvr6Yv6km/66a/M01+Vtq8rfW5MM4++1LP0mvVcu/8+Nv+kHPh5XzbHfn+GMDtieejxy0/njf76Butf54PzGsZ78//szJrzz37OWl+/+r9vZ/PW/ve3O6lT9bl3KBcr4wnldv3/vfWllPo0e5e0J77u5SfvHxzpXlqp3Lr5M69jM3tWN65fO29yq3Z2W5Vii3OYe7Qnvj8cmW8Lxy/FH2q+X9mgzr2wzrMRXaUfYrO3Ic2wGrUbbHXvf/l+1zOjWr50+dPvlYTpft9I8TzU03lu9f43YDt67f/j/TaWX/n23t5c1G535h+/LyqnO/0ArL53osP5DT5XvuOxObF5fPnPje6edu98rDmDv78ivfPX769MkfeOCBBx60Hwx7zwTcabMvvfj92bMvv/LoqRePv3DyhZNnDhw8eGBu7uBXD8zPLh7Xz3Ye3QMbyfKX/rBbAgAAAAAAAAAAAPTrh0ePXP7zO19+f6n//3L/v9L/v9z5W/r//zj0/4/95Es/+NIPcEeX/MUyYYDVqVCumcPHQ3t3hnp2hed9Isftefxy//9SXRzXtbTn3rA8jt9byoXhBG4aL2UqjEES5wv8dI4v5PiXCYao2tx9cY7rxrcu23oZn8K4FKOp/N/K1lDGMSn9v3uN61T2/zvWoI3cfmvRnXDY6wh09w/jfwvC2IaFBbN4AOvDsOf/LOc9S3zmD9+860Yoxa4+sXJ/GccvhVux3uefVP/Gmv+zPf9d3/u/MGNea3X1/vtnV97vqDbt7rf+uP5lHOidg9X/Ua6/rM3Dqb/6F34R6o8XhPr0n1D/lj7rv2n996yu/v/m+svb9siD/da/1OKqsbId8bxxuf4XzxsX18L6l7E9B17/VU7UeD3XD+NsVOaZHdSozP/bS7wP40s5XXaE5T6HON/JoO0v91eU74Fd4fWrmu838/+Otq/luO7zUOb/Ldtjq0u60ZFudnlvN+q+BkbVB67/CcLYhoWFhTt7QqvGUCtn6O//sH8nDLv+Yb//deL8v/EYPs7/G/Pj/L8xP87/G/Pj/HoxP87/G9/POP9vzL83vG6cH3i6Jv+TNfm7a/Lvq8nfU5P/qZr8fTX599fkP1CTf09N/oM1+Z+pyf9sTf5DNfmP1OR/riZ/oyv9UcZ1/WGcxf55Pv8wPsr1n16f/501+cDo+ulb+5989jffbi31/59qnw8p1/EO53Qz/3b+UU7H696pI30j752c/mvIX+/nO2CcxPEz4vf7wzX5wOgq93n5fMMYqrqP2NPvuFW9jvMZLZ/P8Rdy/MUcP5rjmRzP5nh/jufWqH3cGU/++neHXquWf+9vD/n93k8e+wPFcaIO9NmeeH5g0PvZ4zh+g7rV+lfZHQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGBoGot/5+enq5Quvv3GkWeOnZq9seTxdonW4t/JjlSz/byUHsvxRI5/nh9c+/DVE53x9RxXaS5VqWovT09fbde0NaV0Lu1Nl1Ir7b54+fV35546dv7ohX3vvXnoyp17BwAAAGDj+18AAAD//8xlDh4=")

17.089905748s ago: executing program 2 (id=1030):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r2, &(0x7f0000000600)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r3, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x503, 0x70bd2d, 0x700, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bond={{0x9}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0xc0b0)
r4 = socket(0x10, 0x803, 0x8)
sendmsg$IPVS_CMD_SET_INFO(r4, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x2d}, 0x1, 0x0, 0x0, 0x8801}, 0x8000)
r5 = socket(0x10, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000600)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000000c0)={'macvlan1\x00', <r7=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000680)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="0315000004000000140012800b0001006970766c616e00000400028008000500", @ANYRES32=r7, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r6], 0x44}, 0x1, 0x0, 0x0, 0x4001}, 0x0)

17.044268459s ago: executing program 5 (id=1031):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000001100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast6-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)

17.04205952s ago: executing program 3 (id=1032):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x4004884)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=@newqdisc={0x68, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x3c, 0x2, [@TCA_TBF_PBURST={0x8, 0x7, 0xb86}, @TCA_TBF_PARMS={0x28, 0x1, {{0xa, 0x2, 0xffff, 0x7, 0xcc, 0x3}, {0x0, 0x1, 0x7, 0x8, 0x7f, 0x9}, 0xa6, 0x7, 0x1bb6}}, @TCA_TBF_BURST={0x8, 0x6, 0x7f}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000840)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r7, {}, {0x2, 0xb}, {0xd, 0xa}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_MEMORY={0x8, 0xa, 0x48}]}}]}, 0x3c}}, 0x4080)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

16.932219741s ago: executing program 1 (id=1033):
getpeername$netlink(0xffffffffffffffff, 0x0, &(0x7f0000000300))

16.932018951s ago: executing program 1 (id=1034):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = syz_io_uring_setup(0x497, &(0x7f00000002c0)={0x0, 0x89b8, 0x800, 0x0, 0x207}, &(0x7f0000000040)=<r4=>0x0, &(0x7f00000000c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, 0x0)
io_uring_enter(r3, 0x847ba, 0x0, 0xe, 0x0, 0x0)

16.586274338s ago: executing program 0 (id=1035):
r0 = socket$nl_route(0x10, 0x3, 0x0)
clock_adjtime(0x4, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = socket$xdp(0x2c, 0x3, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00'})
bind$xdp(r1, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, 0x0, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f0000000000)=0x8, 0x4)

16.570712189s ago: executing program 2 (id=1036):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES64=r0, @ANYRES16=r0], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x70, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
unshare(0x78000100)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r5, {0x2, 0x0, @broadcast}, 0x2}}, 0x2e)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b4000000000000007910280000000000", @ANYRESDEC], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xa4, &(0x7f000000cf3d)=""/164, 0x0, 0x25, '\x00', 0x0, @sk_reuseport}, 0x94)
sendmsg$DEVLINK_CMD_RELOAD(r1, 0x0, 0x40800)
ioctl$PPPIOCGL2TPSTATS(0xffffffffffffffff, 0x80487436, 0x0)
capset(0x0, 0x0)
pselect6(0x0, 0x0, &(0x7f0000000040)={0x6, 0x6, 0x9, 0x7fffffff, 0xba, 0x9, 0x7, 0x7}, &(0x7f0000000100)={0x3, 0xfffffffffffffffa, 0xfffffffffffff000, 0x63, 0x14, 0x9, 0x10000, 0x4}, &(0x7f0000000180), 0x0)

16.188226136s ago: executing program 3 (id=1037):
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b000000000000", 0x10, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})

16.155073677s ago: executing program 5 (id=1039):
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x8126}})
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x1c, &(0x7f0000000100)=0x3, 0x0, 0x4)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
io_uring_setup(0x863, &(0x7f0000000380)={0x0, 0xa4ac, 0x2, 0x3, 0x22b})
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha256\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18)

16.113820198s ago: executing program 3 (id=1040):
r0 = socket$kcm(0x10, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wlan1\x00'})
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x24044884)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$unix(0x1, 0x5, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010028bd7000fddbdf250700000008000300", @ANYRES32=r4, @ANYBLOB="0c009900ff070000700000001400040073797a6b616c6c6572300000000000000800050006"], 0x44}, 0x1, 0x0, 0x0, 0x81}, 0x24044884)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r5)
socket$inet_sctp(0x2, 0x1, 0x84)
ioctl$SIOCSIFHWADDR(r5, 0x8914, 0x0)

15.889411992s ago: executing program 3 (id=1041):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'netdevsim0\x00'})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x1a, &(0x7f0000000100)=0x401, 0x4)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f0000000080)={0xa, 0x14e22, 0xfffffff9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x36}}}, 0x1c)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r3, 0x29, 0x4b, &(0x7f0000000100)=0x401, 0x4)
bind$inet6(r3, &(0x7f0000000140)={0xa, 0x4e22, 0x3, @loopback={0x100000}, 0x6}, 0x1c)
getsockopt$XDP_STATISTICS(0xffffffffffffffff, 0x11b, 0x7, &(0x7f0000000000), &(0x7f0000000080)=0x30)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@broadcast, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @loopback, @local}, @time_exceeded={0x4, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty=0xac1414aa}, "17b6f7df60c70000"}}}}}, 0x0)
r7 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_GET(r7, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x30, 0x1401, 0x1, 0x70bd2b, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
recvfrom(r6, &(0x7f0000000500)=""/43, 0x2b, 0x2100, &(0x7f0000000540)=@pppol2tpv3in6={0x18, 0x1, {0x0, r4, 0x3, 0x3, 0x3, 0x0, {0xa, 0x4e22, 0x401, @local, 0xf}}}, 0x80)
sendmsg$NFT_BATCH(r6, 0x0, 0x4048010)
ioctl$HCIINQUIRY(r5, 0x400448ca, 0x0)
bind$bt_hci(r5, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000001c0)=ANY=[@ANYRES32=r8], 0x44}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
r9 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendmsg$AUDIT_GET(0xffffffffffffffff, 0x0, 0x1)
ioctl$sock_bt_hci(r9, 0x400448cb, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000096c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newtaction={0x60, 0x30, 0x1, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_vlan={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_PRIORITY={0x5}, @TCA_VLAN_PUSH_VLAN_ID={0x6}, @TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x88a8}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}}, 0x0)

15.600204718s ago: executing program 0 (id=1042):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c020000190001000000000000000000e00000020000000000000000000000000000000000000000000000000000000000000003000000000a0000205e000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000800000000000000000000000000000700000000000000000000000000000000000000000000000300000000000000070000000000000000000000000000000000000000000000e02700000000000000000000000000002d00000000000000000000000000000084010500ac1414bb000000000000000000000000000000006c00000000000000ac14142c000000000000000000000000000000000000560000000000fdffffff01000000ac141410000000000000000000000000000000003200000000000000fe800000000000000000000000000500023500000000000000000000feffffff00000000ff010000000000000000000000000001000000003c00000002000000ff0200000000000000000000000000010000000001"], 0x23c}}, 0x0)

14.99490223s ago: executing program 5 (id=1043):
socket$netlink(0x10, 0x3, 0x15)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
socket$nl_audit(0x10, 0x3, 0x9)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4c, 0x9, 0x6, 0x0, 0x3}, 0x0)
sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, 0x0, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380), 0xe8000, 0x0)
ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000140)={0x4000, 0xdffffffd, 0x80, 0x0, 0x0, "8100e1c8e80b598c36ff000800"})
syz_open_pts(r3, 0x141601)
r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040)
r5 = msgget(0x1, 0xefea72844cf5e2b4)
msgrcv(r5, 0x0, 0x0, 0x3, 0x0)
msgctl$IPC_RMID(r5, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}})
ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xfffffff9, 0x1, 0x3ff}})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000001ec0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r6, &(0x7f0000001f80)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001f00)={0x30, r7, 0x1, 0x0, 0x0, {{}, {}, {0x14, 0x19, {0x80000000, 0x1, 0x1, 0x5}}}}, 0x30}}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADD6RD(r0, 0x89f9, &(0x7f0000000040)={'sit0\x00', &(0x7f0000000000)={@remote, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x2008, 0xe}})
r8 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r8, 0xc4c85512, &(0x7f0000000040)={{}, 0x0, [0x0, 0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x6, 0xffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x769, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]})
r9 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x0)
ioctl$EVIOCGMASK(r9, 0x80104592, &(0x7f0000000300)={0x0, 0xffffffffffffff36, &(0x7f0000000200)="952bb3e006ae9a4c3a"})

999.38966ms ago: executing program 33 (id=1034):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = syz_io_uring_setup(0x497, &(0x7f00000002c0)={0x0, 0x89b8, 0x800, 0x0, 0x207}, &(0x7f0000000040)=<r4=>0x0, &(0x7f00000000c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, 0x0)
io_uring_enter(r3, 0x847ba, 0x0, 0xe, 0x0, 0x0)

939.933551ms ago: executing program 34 (id=1036):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES64=r0, @ANYRES16=r0], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x70, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
unshare(0x78000100)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r5, {0x2, 0x0, @broadcast}, 0x2}}, 0x2e)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b4000000000000007910280000000000", @ANYRESDEC], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xa4, &(0x7f000000cf3d)=""/164, 0x0, 0x25, '\x00', 0x0, @sk_reuseport}, 0x94)
sendmsg$DEVLINK_CMD_RELOAD(r1, 0x0, 0x40800)
ioctl$PPPIOCGL2TPSTATS(0xffffffffffffffff, 0x80487436, 0x0)
capset(0x0, 0x0)
pselect6(0x0, 0x0, &(0x7f0000000040)={0x6, 0x6, 0x9, 0x7fffffff, 0xba, 0x9, 0x7, 0x7}, &(0x7f0000000100)={0x3, 0xfffffffffffffffa, 0xfffffffffffff000, 0x63, 0x14, 0x9, 0x10000, 0x4}, &(0x7f0000000180), 0x0)

930.064761ms ago: executing program 3 (id=1046):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
add_key$user(0x0, &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r3, 0x0, 0x0)
r6 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x20, &(0x7f0000000280)={@mcast2, 0x2, 0x1, 0x2, 0xa, 0xc53e, 0x8}, 0x20)
r7 = socket(0x1e, 0x1, 0x0)
ioctl$SIOCSIFMTU(r7, 0x8922, 0x0)
ioctl$VT_ACTIVATE(0xffffffffffffffff, 0x5603, 0x10000000000004)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000440)={'wlan0\x00'})
sendmsg$NL80211_CMD_PROBE_MESH_LINK(r8, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000480)={0x0}, 0x1, 0x0, 0x0, 0x14}, 0x4008000)
syz_mount_image$nilfs2(&(0x7f0000000a40), &(0x7f0000000000)='./file0\x00', 0x5, &(0x7f0000000040)={[{@discard}, {@snapshot={'cp', 0x3d, 0x3}}, {@discard}, {@snapshot={'cp', 0x3d, 0xfffffffffffffffd}}, {@norecovery}, {@snapshot={'cp', 0x3d, 0x3}}, {@discard}, {@order_relaxed}, {@nodiscard}]}, 0x1, 0xa0d, &(0x7f0000000a80)="$eJzs3U1sXEcdAPB5a6/TfJRsSkJNGtqEQls+ajeOCR8RNFVzIWoqbpUqLlGalog0IFIJWvWQ5MSNVlW48iFOvVSAkOgFRT1xqUQjcempcOBAFKRKHKCQGMWeWa//2eXtOonX6/39pPHsvJndmbd++/bte29mEjC2Got/5+enq5Quvv3Gkb8/9LfNN5Y83i7RWvw72ZFqppSqnJ4Mr/fBxFJ87cNXT3SLqzS3+Lek09NX28/dmlI6l/amS6mVdl+8/Pq7c08dO3/0wr733jx05c6sPQAAjJdvXTo0v+svf7pvx0dv3X84bWovL8fnrZzelo/7D+cD/3L830gr01VH6DQVyk3m0AjlJrqU66ynGcpN9qh/Krxus0e5TTX1T3Qs67beMMrKdtxKVWNmRbrRmJlZ+k2eFn/XT1UzZ06dfv7skBoK3Hb/fCCltFcQhHEMC9uHvQcCWBKvF97kXDyzcGvarzbZX/1Xn2h0fz7cBmu9/S+pzg23/mXq///1/+q8PQ63z0bdmsp6lc/RtpyO1xHi/UuDfv7L68XrEc0+29nrOsKoXF/o1c6JNW7HavVqf9wuNqqv57i8D98I+Z2fn/g/HZX/MdDdv5z/F4SxDQvD3gEB61a8b24hK/nxvr6Yv6km/66a/M01+Vtq8rfW5MM4++1LP0mvVcu/8+Nv+kHPh5XzbHfn+GMDtieejxy0/njf76Butf54PzGsZ78//szJrzz37OWl+/+r9vZ/PW/ve3O6lT9bl3KBcr4wnldv3/vfWllPo0e5e0J77u5SfvHxzpXlqp3Lr5M69jM3tWN65fO29yq3Z2W5Vii3OYe7Qnvj8cmW8Lxy/FH2q+X9mgzr2wzrMRXaUfYrO3Ic2wGrUbbHXvf/l+1zOjWr50+dPvlYTpft9I8TzU03lu9f43YDt67f/j/TaWX/n23t5c1G535h+/LyqnO/0ArL53osP5DT5XvuOxObF5fPnPje6edu98rDmDv78ivfPX769MkfeOCBBx60Hwx7zwTcabMvvfj92bMvv/LoqRePv3DyhZNnDhw8eGBu7uBXD8zPLh7Xz3Ye3QMbyfKX/rBbAgAAAAAAAAAAAPTrh0ePXP7zO19+f6n//3L/v9L/v9z5W/r//zj0/4/95Es/+NIPcEeX/MUyYYDVqVCumcPHQ3t3hnp2hed9Isftefxy//9SXRzXtbTn3rA8jt9byoXhBG4aL2UqjEES5wv8dI4v5PiXCYao2tx9cY7rxrcu23oZn8K4FKOp/N/K1lDGMSn9v3uN61T2/zvWoI3cfmvRnXDY6wh09w/jfwvC2IaFBbN4AOvDsOf/LOc9S3zmD9+860Yoxa4+sXJ/GccvhVux3uefVP/Gmv+zPf9d3/u/MGNea3X1/vtnV97vqDbt7rf+uP5lHOidg9X/Ua6/rM3Dqb/6F34R6o8XhPr0n1D/lj7rv2n996yu/v/m+svb9siD/da/1OKqsbId8bxxuf4XzxsX18L6l7E9B17/VU7UeD3XD+NsVOaZHdSozP/bS7wP40s5XXaE5T6HON/JoO0v91eU74Fd4fWrmu838/+Otq/luO7zUOb/Ldtjq0u60ZFudnlvN+q+BkbVB67/CcLYhoWFhTt7QqvGUCtn6O//sH8nDLv+Yb//deL8v/EYPs7/G/Pj/L8xP87/G/Pj/HoxP87/G9/POP9vzL83vG6cH3i6Jv+TNfm7a/Lvq8nfU5P/qZr8fTX599fkP1CTf09N/oM1+Z+pyf9sTf5DNfmP1OR/riZ/oyv9UcZ1/WGcxf55Pv8wPsr1n16f/501+cDo+ulb+5989jffbi31/59qnw8p1/EO53Qz/3b+UU7H696pI30j752c/mvIX+/nO2CcxPEz4vf7wzX5wOgq93n5fMMYqrqP2NPvuFW9jvMZLZ/P8Rdy/MUcP5rjmRzP5nh/jufWqH3cGU/++neHXquWf+9vD/n93k8e+wPFcaIO9NmeeH5g0PvZ4zh+g7rV+lfZHQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGBoGot/5+enq5Quvv3GkWeOnZq9seTxdonW4t/JjlSz/byUHsvxRI5/nh9c+/DVE53x9RxXaS5VqWovT09fbde0NaV0Lu1Nl1Ir7b54+fV35546dv7ohX3vvXnoyp17BwAAAGDj+18AAAD//8xlDh4=")

925.714592ms ago: executing program 5 (id=1047):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r2, &(0x7f0000000600)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r3, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x503, 0x70bd2d, 0x700, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bond={{0x9}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0xc0b0)
r4 = socket(0x10, 0x803, 0x8)
sendmsg$IPVS_CMD_SET_INFO(r4, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x2d}, 0x1, 0x0, 0x0, 0x8801}, 0x8000)
r5 = socket(0x10, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000600)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000000c0)={'macvlan1\x00', <r7=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000680)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="0315000004000000140012800b0001006970766c616e00000400028008000500", @ANYRES32=r7, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r6], 0x44}, 0x1, 0x0, 0x0, 0x4001}, 0x0)

913.521131ms ago: executing program 0 (id=1054):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'netdevsim0\x00'})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x1a, &(0x7f0000000100)=0x401, 0x4)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f0000000080)={0xa, 0x14e22, 0xfffffff9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x36}}}, 0x1c)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r3, 0x29, 0x4b, &(0x7f0000000100)=0x401, 0x4)
bind$inet6(r3, &(0x7f0000000140)={0xa, 0x4e22, 0x3, @loopback={0x100000}, 0x6}, 0x1c)
getsockopt$XDP_STATISTICS(0xffffffffffffffff, 0x11b, 0x7, &(0x7f0000000000), &(0x7f0000000080)=0x30)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@broadcast, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @loopback, @local}, @time_exceeded={0x4, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty=0xac1414aa}, "17b6f7df60c70000"}}}}}, 0x0)
r7 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_GET(r7, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x30, 0x1401, 0x1, 0x70bd2b, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
recvfrom(r6, &(0x7f0000000500)=""/43, 0x2b, 0x2100, &(0x7f0000000540)=@pppol2tpv3in6={0x18, 0x1, {0x0, r4, 0x3, 0x3, 0x3, 0x0, {0xa, 0x4e22, 0x401, @local, 0xf}}}, 0x80)
sendmsg$NFT_BATCH(r6, 0x0, 0x4048010)
ioctl$HCIINQUIRY(r5, 0x400448ca, 0x0)
bind$bt_hci(r5, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000001c0)=ANY=[@ANYRES32=r8], 0x44}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
r9 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendmsg$AUDIT_GET(0xffffffffffffffff, 0x0, 0x1)
ioctl$sock_bt_hci(r9, 0x400448cb, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000096c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newtaction={0x60, 0x30, 0x1, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_vlan={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_PRIORITY={0x5}, @TCA_VLAN_PUSH_VLAN_ID={0x6}, @TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x88a8}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}}, 0x0)

64.808278ms ago: executing program 0 (id=1048):
getpeername$netlink(0xffffffffffffffff, 0x0, &(0x7f0000000300))

0s ago: executing program 0 (id=1049):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x4004884)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=@newqdisc={0x68, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x3c, 0x2, [@TCA_TBF_PBURST={0x8, 0x7, 0xb86}, @TCA_TBF_PARMS={0x28, 0x1, {{0xa, 0x2, 0xffff, 0x7, 0xcc, 0x3}, {0x0, 0x1, 0x7, 0x8, 0x7f, 0x9}, 0xa6, 0x7, 0x1bb6}}, @TCA_TBF_BURST={0x8, 0x6, 0x7f}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000840)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r7, {}, {0x2, 0xb}, {0xd, 0xa}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_MEMORY={0x8, 0xa, 0x48}]}}]}, 0x3c}}, 0x4080)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

kernel console output (not intermixed with test programs):

ETDEV_CHANGE): batadv_slave_0: link becomes ready
[   28.901578][ T1713] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   28.909692][ T4330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   28.911772][ T4330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   28.913138][ T4330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   28.914534][ T4330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   28.916176][ T4330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   28.917638][ T4330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   28.919094][ T4330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   28.920419][ T4330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   28.924069][ T4330] batman_adv: batadv0: Interface activated: batadv_slave_1
[   28.929297][ T4330] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   28.933735][ T4330] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   28.935052][ T4330] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   28.936396][ T4330] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   28.940118][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   28.941626][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   28.965346][ T4440] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   28.966555][ T4440] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   28.968107][  T207] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   29.029938][ T4443] netlink: 9 bytes leftover after parsing attributes in process `syz.0.6'.
[   29.035420][ T4443] device gretap0 entered promiscuous mode
[   29.188300][ T4440] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   29.189605][ T4440] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   29.193183][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   29.222726][ T4440] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   29.223933][ T4440] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   29.233703][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   29.245782][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   29.247043][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   29.248578][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   29.276103][   T39] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   29.277368][   T39] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   29.278961][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   29.285105][   T39] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   29.286458][   T39] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   29.288218][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   29.638122][ T4455] netlink: 'syz.1.8': attribute type 1 has an invalid length.
[   29.770833][ T4327] Bluetooth: hci1: command 0x041b tx timeout
[   29.771798][ T4327] Bluetooth: hci4: command 0x041b tx timeout
[   29.772746][ T4327] Bluetooth: hci3: command 0x041b tx timeout
[   29.773702][ T4327] Bluetooth: hci2: command 0x041b tx timeout
[   30.377948][ T4467] loop0: detected capacity change from 0 to 32768
[   30.383962][ T4467] =======================================================
[   30.383962][ T4467] WARNING: The mand mount option has been deprecated and
[   30.383962][ T4467]          and is ignored by this kernel. Remove the mand
[   30.383962][ T4467]          option from the mount to silence this warning.
[   30.383962][ T4467] =======================================================
[   30.424053][ T4467] JBD2: Ignoring recovery information on journal
[   30.471599][ T4473] Zero length message leads to an empty skb
[   30.480379][ T4473] loop3: detected capacity change from 0 to 2048
[   30.507475][ T4467] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[   30.652687][ T4320] ocfs2: Unmounting device (7,0) on (node local)
[   30.827387][ T4485] netlink: 'syz.1.16': attribute type 10 has an invalid length.
[   31.207755][ T4485] bond0: (slave wlan1): Enslaving as an active interface with an up link
[   31.860721][ T4324] Bluetooth: hci2: command 0x040f tx timeout
[   31.863184][ T4327] Bluetooth: hci3: command 0x040f tx timeout
[   31.863343][ T4337] Bluetooth: hci4: command 0x040f tx timeout
[   31.864133][ T4327] Bluetooth: hci1: command 0x040f tx timeout
[   31.873941][ T4504] netlink: 'syz.2.22': attribute type 1 has an invalid length.
[   32.005256][ T4512] loop6: detected capacity change from 0 to 7
[   32.008165][ T4512] Dev loop6: unable to read RDB block 7
[   32.009253][ T4512]  loop6: unable to read partition table
[   32.010146][ T4512] loop6: partition table beyond EOD, truncated
[   32.019054][ T4512] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[   32.034825][ T4507] loop4: detected capacity change from 0 to 32768
[   32.217237][ T4507] JBD2: Ignoring recovery information on journal
[   32.296050][ T4507] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[   32.433535][ T4529] netlink: 'syz.3.31': attribute type 10 has an invalid length.
[   32.475583][ T4332] ocfs2: Unmounting device (7,4) on (node local)
[   32.583695][ T4529] bond0: (slave wlan1): Enslaving as an active interface with an up link
[   32.651561][    T7] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   33.090611][    T7] usb 1-1: Using ep0 maxpacket: 8
[   33.093879][    T7] usb 1-1: config 0 has an invalid interface number: 94 but max is 0
[   33.095402][    T7] usb 1-1: config 0 has no interface number 0
[   33.096202][ T4546] overlayfs: failed to set xattr on upper
[   33.096233][    T7] usb 1-1: New USB device found, idVendor=057c, idProduct=2200, bcdDevice= e.fd
[   33.098581][    T7] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   33.100829][ T4546] overlayfs: ...falling back to index=off,metacopy=off.
[   33.112767][    T7] usb 1-1: config 0 descriptor??
[   33.124563][    T7] bfusb: probe of 1-1:0.94 failed with error -5
[   33.191827][ T4551] netlink: 'syz.2.36': attribute type 1 has an invalid length.
[   33.218285][ T4542] loop4: detected capacity change from 0 to 2048
[   33.287173][ T4554] loop6: detected capacity change from 0 to 7
[   33.288675][ T4554] Dev loop6: unable to read RDB block 7
[   33.289744][ T4554]  loop6: unable to read partition table
[   33.296697][ T4554] loop6: partition table beyond EOD, truncated
[   33.303050][ T4554] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[   33.323258][    T7] usb 1-1: USB disconnect, device number 2
[   33.359645][ T4557] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   33.362263][ T4557] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   33.569327][ T4565] netlink: 'syz.4.43': attribute type 10 has an invalid length.
[   33.644001][ T4565] bond0: (slave wlan1): Enslaving as an active interface with an up link
[   33.654549][ T4563] loop3: detected capacity change from 0 to 32768
[   33.677092][ T4563] JBD2: Ignoring recovery information on journal
[   33.708478][ T4563] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[   33.740044][ T4323] ocfs2: Unmounting device (7,3) on (node local)
[   33.950708][ T4334] Bluetooth: hci1: command 0x0419 tx timeout
[   33.952736][ T4334] Bluetooth: hci4: command 0x0419 tx timeout
[   33.953811][ T4334] Bluetooth: hci2: command 0x0419 tx timeout
[   33.954715][ T4334] Bluetooth: hci3: command 0x0419 tx timeout
[   34.445831][ T4588] netlink: 'syz.2.49': attribute type 1 has an invalid length.
[   34.529534][ T4591] loop6: detected capacity change from 0 to 7
[   34.533640][ T4591] Dev loop6: unable to read RDB block 7
[   34.534685][ T4591]  loop6: unable to read partition table
[   34.535670][ T4591] loop6: partition table beyond EOD, truncated
[   34.542803][ T4591] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[   34.638766][ T4596] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   34.643391][ T4596] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   35.304413][ T4606] netlink: 'syz.1.55': attribute type 10 has an invalid length.
[   35.369188][ T4604] loop0: detected capacity change from 0 to 2048
[   36.239791][ T4624] netlink: 'syz.0.61': attribute type 1 has an invalid length.
[   36.247962][ T4624] bond1 (unregistering): Released all slaves
[   36.382937][ T4635] loop6: detected capacity change from 0 to 7
[   36.460998][ T4635] Dev loop6: unable to read RDB block 7
[   36.462211][ T4635]  loop6: unable to read partition table
[   36.463416][ T4635] loop6: partition table beyond EOD, truncated
[   36.464495][ T4635] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[   36.919130][ T4641] netlink: 'syz.2.66': attribute type 10 has an invalid length.
[   36.998310][ T4641] bond0: (slave wlan1): Enslaving as an active interface with an up link
[   37.050235][ T4651] bond0: option lacp_active: mode dependency failed, not supported in mode balance-rr(0)
[   37.176350][ T4659] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   37.178269][ T4659] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   37.585195][ T4663] loop1: detected capacity change from 0 to 2048
[   37.670633][ T4367] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   37.829402][ T4670] netlink: 'syz.3.75': attribute type 1 has an invalid length.
[   37.836523][ T4670] bond1 (unregistering): Released all slaves
[   37.850627][ T4367] usb 1-1: Using ep0 maxpacket: 16
[   37.853428][ T4367] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   37.855271][ T4367] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[   37.856650][ T4367] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   37.858771][ T4367] usb 1-1: config 0 descriptor??
[   37.914092][ T4676] device syzkaller0 entered promiscuous mode
[   37.944070][ T4678] loop6: detected capacity change from 0 to 7
[   37.946530][ T4314] Dev loop6: unable to read RDB block 7
[   37.947600][ T4314]  loop6: unable to read partition table
[   37.948442][ T4314] loop6: partition table beyond EOD, truncated
[   37.951175][ T4678] Dev loop6: unable to read RDB block 7
[   37.952089][ T4678]  loop6: unable to read partition table
[   37.953113][ T4678] loop6: partition table beyond EOD, truncated
[   37.954142][ T4678] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[   37.974766][ T4680] netlink: 'syz.3.79': attribute type 10 has an invalid length.
[   37.997657][ T4680] device syzkaller0 left promiscuous mode
[   38.034356][ T4682] bridge0: port 2(bridge_slave_1) entered disabled state
[   38.035850][ T4682] bridge0: port 1(bridge_slave_0) entered disabled state
[   38.054556][ T4682] device bridge_slave_1 left promiscuous mode
[   38.055951][ T4682] bridge0: port 2(bridge_slave_1) entered disabled state
[   38.132517][ T4682] device bridge_slave_0 left promiscuous mode
[   38.133742][ T4682] bridge0: port 1(bridge_slave_0) entered disabled state
[   38.268721][ T4367] mcp2221 0003:04D8:00DD.0001: unknown main item tag 0x0
[   38.269944][ T4367] mcp2221 0003:04D8:00DD.0001: unknown main item tag 0x0
[   38.271502][ T4367] mcp2221 0003:04D8:00DD.0001: unknown main item tag 0x0
[   38.272579][ T4367] mcp2221 0003:04D8:00DD.0001: unknown main item tag 0x0
[   38.273616][ T4367] mcp2221 0003:04D8:00DD.0001: unknown main item tag 0x0
[   38.275066][ T4367] mcp2221 0003:04D8:00DD.0001: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0
[   38.798908][  T112] usb 1-1: USB disconnect, device number 3
[   39.075758][ T4704] netlink: 'syz.1.87': attribute type 1 has an invalid length.
[   39.088257][ T4704] bond2 (unregistering): Released all slaves
[   39.174581][ T4710] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   39.176055][ T4710] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   39.321043][ T4712] netlink: 'syz.0.90': attribute type 10 has an invalid length.
[   39.394817][ T4715] loop6: detected capacity change from 0 to 7
[   39.396571][ T4527] Dev loop6: unable to read RDB block 7
[   39.397488][ T4527]  loop6: unable to read partition table
[   39.398426][ T4527] loop6: partition table beyond EOD, truncated
[   39.400199][ T4715] Dev loop6: unable to read RDB block 7
[   39.401252][ T4715]  loop6: unable to read partition table
[   39.402165][ T4715] loop6: partition table beyond EOD, truncated
[   39.403047][ T4715] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[   39.631223][ T4725] loop0: detected capacity change from 0 to 2048
[   39.787873][ T4314] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   39.879528][ T4736] loop1: detected capacity change from 0 to 8
[   39.883744][ T4736] unable to read id index table
[   39.933846][ T4527] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   39.956929][ T4739] netlink: 'syz.1.99': attribute type 1 has an invalid length.
[   39.967457][ T4739] bond2 (unregistering): Released all slaves
[   40.068288][ T4745] netlink: 'syz.1.101': attribute type 10 has an invalid length.
[   40.206727][ T4747] loop1: detected capacity change from 0 to 40427
[   40.212190][ T4747] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[   40.213569][ T4747] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[   40.216409][ T4747] F2FS-fs (loop1): invalid crc value
[   40.219941][ T4747] F2FS-fs (loop1): Found nat_bits in checkpoint
[   40.231845][ T4747] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[   40.233141][ T4747] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   40.875372][ T4765] loop3: detected capacity change from 0 to 1024
[   40.879947][ T4765] hfsplus: unable to parse mount options
[   41.263237][ T4770] loop2: detected capacity change from 0 to 256
[   41.278183][ T4770] exFAT-fs (loop2): invalid boot record signature
[   41.290810][ T4770] exFAT-fs (loop2): failed to read boot sector
[   41.291742][ T4770] exFAT-fs (loop2): failed to recognize exfat type
[   41.367870][ T4776] loop1: detected capacity change from 0 to 512
[   41.742629][ T4776] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   41.773997][ T4783] netlink: 'syz.3.111': attribute type 1 has an invalid length.
[   41.786140][ T4783] device bond1 entered promiscuous mode
[   41.791775][ T4783] 8021q: adding VLAN 0 to HW filter on device bond1
[   41.830393][ T4783] 8021q: adding VLAN 0 to HW filter on device bond2
[   41.836334][ T4783] bond1: (slave bond2): making interface the new active one
[   41.837466][ T4783] device bond2 entered promiscuous mode
[   41.840168][ T4783] bond1: (slave bond2): Enslaving as an active interface with an up link
[   41.853066][ T4488] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[   41.953879][ T4789] netlink: 'syz.3.113': attribute type 10 has an invalid length.
[   42.003739][ T4776] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[   42.007036][ T4776] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 32768 with max blocks 2048 with error 28
[   42.008897][ T4776] EXT4-fs (loop1): This should not happen!! Data will be lost
[   42.008897][ T4776] 
[   42.010338][ T4776] EXT4-fs (loop1): Total free blocks count 0
[   42.012099][ T4776] EXT4-fs (loop1): Free/Dirty block details
[   42.013014][ T4776] EXT4-fs (loop1): free_blocks=39626
[   42.013790][ T4776] EXT4-fs (loop1): dirty_blocks=2048
[   42.014584][ T4776] EXT4-fs (loop1): Block reservation details
[   42.015456][ T4776] EXT4-fs (loop1): i_reserved_data_blocks=2048
[   42.065398][ T4325] EXT4-fs (loop1): unmounting filesystem.
[   42.196667][ T4799] loop3: detected capacity change from 0 to 2048
[   42.348707][ T4527] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   42.878063][ T4817] netlink: 'syz.0.123': attribute type 1 has an invalid length.
[   42.885815][ T4817] bond1 (unregistering): Released all slaves
[   43.323071][ T4828] netlink: 'syz.1.125': attribute type 10 has an invalid length.
[   44.125804][ T4851] loop2: detected capacity change from 0 to 2048
[   44.174366][ T4853] random: crng reseeded on system resumption
[   44.217928][ T4314] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   44.269733][ T4856] netlink: 'syz.0.135': attribute type 1 has an invalid length.
[   44.294538][ T4856] bond1 (unregistering): Released all slaves
[   44.473159][ T4860] netlink: 'syz.0.136': attribute type 10 has an invalid length.
[   44.755290][ T4872] loop6: detected capacity change from 0 to 7
[   44.757072][ T4872] Dev loop6: unable to read RDB block 7
[   44.757996][ T4872]  loop6: AHDI p3 p4
[   44.758584][ T4872] loop6: partition table partially beyond EOD, truncated
[   44.759843][ T4872] loop6: p3 start 1886353253 is beyond EOD, truncated
[   45.481150][ T4888] loop0: detected capacity change from 0 to 1024
[   45.617310][ T4895] netlink: 'syz.3.148': attribute type 1 has an invalid length.
[   45.619299][ T4888] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[   45.639755][ T4895] device bond3 entered promiscuous mode
[   45.649190][ T4895] 8021q: adding VLAN 0 to HW filter on device bond3
[   45.675582][ T4895] 8021q: adding VLAN 0 to HW filter on device bond4
[   45.679210][ T4895] bond3: (slave bond4): making interface the new active one
[   45.680436][ T4895] device bond4 entered promiscuous mode
[   45.685065][ T4895] bond3: (slave bond4): Enslaving as an active interface with an up link
[   45.691729][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): bond3: link becomes ready
[   45.695595][ T4320] EXT4-fs (loop0): unmounting filesystem.
[   45.712880][ T4900] netlink: 'syz.0.149': attribute type 10 has an invalid length.
[   45.772088][ T4906] loop6: detected capacity change from 0 to 7
[   45.773379][ T4906] Dev loop6: unable to read RDB block 7
[   45.774292][ T4906]  loop6: AHDI p3 p4
[   45.774877][ T4906] loop6: partition table partially beyond EOD, truncated
[   45.776235][ T4906] loop6: p3 start 1886353253 is beyond EOD, truncated
[   46.009209][ T4914] loop0: detected capacity change from 0 to 2048
[   46.923532][ T4932] netlink: 'syz.0.161': attribute type 10 has an invalid length.
[   46.996303][ T4937] loop6: detected capacity change from 0 to 7
[   46.998390][ T4937] Dev loop6: unable to read RDB block 7
[   46.999458][ T4937]  loop6: AHDI p3 p4
[   47.000348][ T4937] loop6: partition table partially beyond EOD, truncated
[   47.001615][ T4937] loop6: p3 start 1886353253 is beyond EOD, truncated
[   47.002567][ T4939] netlink: 'syz.0.163': attribute type 1 has an invalid length.
[   47.009149][ T4939] device bond1 entered promiscuous mode
[   47.010325][ T4939] 8021q: adding VLAN 0 to HW filter on device bond1
[   47.034089][ T4939] 8021q: adding VLAN 0 to HW filter on device bond2
[   47.038658][ T4939] bond1: (slave bond2): making interface the new active one
[   47.039958][ T4939] device bond2 entered promiscuous mode
[   47.041905][ T4939] bond1: (slave bond2): Enslaving as an active interface with an up link
[   47.044478][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[   47.134898][   T27] audit: type=1326 audit(47.120:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4949 comm="syz.0.168" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9775c0a8 code=0x7ffc0000
[   47.139203][   T27] audit: type=1326 audit(47.120:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4949 comm="syz.0.168" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9775c0a8 code=0x7ffc0000
[   47.145343][   T27] audit: type=1326 audit(47.120:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4949 comm="syz.0.168" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=33 compat=0 ip=0xffff9775c0a8 code=0x7ffc0000
[   47.155169][   T27] audit: type=1326 audit(47.120:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4949 comm="syz.0.168" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9775c0a8 code=0x7ffc0000
[   48.031396][ T4966] netlink: 'syz.0.173': attribute type 10 has an invalid length.
[   48.139347][ T4968] loop3: detected capacity change from 0 to 2048
[   48.504639][ T4527] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   48.752347][ T4983] netlink: 'syz.2.179': attribute type 1 has an invalid length.
[   48.817542][ T4983] device bond1 entered promiscuous mode
[   48.818602][ T4983] 8021q: adding VLAN 0 to HW filter on device bond1
[   48.825985][ T4334] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[   48.827607][ T4334] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[   48.830819][ T4334] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[   48.832370][ T4334] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[   48.833710][ T4334] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[   48.834885][ T4334] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[   48.847006][ T4985] 8021q: adding VLAN 0 to HW filter on device bond2
[   48.849189][ T4985] bond1: (slave bond2): making interface the new active one
[   48.850243][ T4985] device bond2 entered promiscuous mode
[   48.855325][ T4985] bond1: (slave bond2): Enslaving as an active interface with an up link
[   48.856856][ T4583] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[   49.499527][ T4988] chnl_net:caif_netlink_parms(): no params data found
[   49.509300][ T5000] loop2: detected capacity change from 0 to 40427
[   49.517314][ T5000] F2FS-fs (loop2): build fault injection attr: rate: 19, type: 0x3ffff
[   49.565636][ T5007] netlink: 'syz.1.184': attribute type 10 has an invalid length.
[   49.569820][ T4988] bridge0: port 1(bridge_slave_0) entered blocking state
[   49.586095][ T4988] bridge0: port 1(bridge_slave_0) entered disabled state
[   49.587823][ T4988] device bridge_slave_0 entered promiscuous mode
[   49.607325][ T4988] bridge0: port 2(bridge_slave_1) entered blocking state
[   49.613183][ T4988] bridge0: port 2(bridge_slave_1) entered disabled state
[   49.616055][ T4988] device bridge_slave_1 entered promiscuous mode
[   49.661406][ T4988] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   49.669636][ T4988] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   49.689533][ T4988] team0: Port device team_slave_0 added
[   49.691817][ T4988] team0: Port device team_slave_1 added
[   49.699589][ T4988] batman_adv: batadv0: Adding interface: batadv_slave_0
[   49.701219][ T4988] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   49.705229][ T4988] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   49.707665][ T4988] batman_adv: batadv0: Adding interface: batadv_slave_1
[   49.708860][ T4988] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   49.712880][ T4988] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   49.842149][ T4988] device hsr_slave_0 entered promiscuous mode
[   49.870949][ T4988] device hsr_slave_1 entered promiscuous mode
[   49.910629][ T4988] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   49.911822][ T4988] Cannot create hsr debugfs directory
[   49.973878][ T5029] loop3: detected capacity change from 0 to 2048
[   50.008801][ T4988] netdevsim netdevsim5 netdevsim0: renamed from eth0
[   50.052324][ T4988] netdevsim netdevsim5 netdevsim1: renamed from eth1
[   50.093166][ T4988] netdevsim netdevsim5 netdevsim2: renamed from eth2
[   50.132325][ T5033] netlink: 'syz.0.193': attribute type 1 has an invalid length.
[   50.142018][ T5033] device bond3 entered promiscuous mode
[   50.143066][ T5033] 8021q: adding VLAN 0 to HW filter on device bond3
[   50.144694][ T4988] netdevsim netdevsim5 netdevsim3: renamed from eth3
[   50.212694][ T5033] 8021q: adding VLAN 0 to HW filter on device bond4
[   50.214409][ T5033] bond3: (slave bond4): making interface the new active one
[   50.215850][ T5033] device bond4 entered promiscuous mode
[   50.217375][ T5033] bond3: (slave bond4): Enslaving as an active interface with an up link
[   50.266329][ T4472] IPv6: ADDRCONF(NETDEV_CHANGE): bond3: link becomes ready
[   50.304301][ T4988] 8021q: adding VLAN 0 to HW filter on device bond0
[   50.339075][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   50.341213][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   50.342582][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   50.353413][ T4988] 8021q: adding VLAN 0 to HW filter on device team0
[   50.364851][ T4488] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   50.366615][ T4488] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   50.368070][ T4488] bridge0: port 1(bridge_slave_0) entered blocking state
[   50.369168][ T4488] bridge0: port 1(bridge_slave_0) entered forwarding state
[   50.371559][ T4488] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   50.575371][ T5047] netlink: 4 bytes leftover after parsing attributes in process `syz.2.195'.
[   50.577796][ T4488] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   50.581172][ T4488] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   50.584766][ T4488] bridge0: port 2(bridge_slave_1) entered blocking state
[   50.585877][ T4488] bridge0: port 2(bridge_slave_1) entered forwarding state
[   50.588960][ T4488] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   50.600010][ T4488] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   50.606342][ T4488] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   50.613578][ T4988] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   50.615434][ T4988] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   50.619357][ T4488] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   50.624387][ T4488] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   50.784613][ T4988] 8021q: adding VLAN 0 to HW filter on device batadv0
[   50.792368][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   50.793702][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   50.864193][ T5060] netlink: 'syz.3.198': attribute type 10 has an invalid length.
[   50.893480][ T4334] Bluetooth: hci5: command 0x0409 tx timeout
[   51.576123][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   51.577891][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   51.588569][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   51.590163][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   51.594713][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   51.597453][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   51.601565][ T4988] device veth0_vlan entered promiscuous mode
[   51.618708][ T4988] device veth1_vlan entered promiscuous mode
[   51.644666][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   51.648436][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   51.655763][  T207] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   51.657360][  T207] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   51.660280][ T4988] device veth0_macvtap entered promiscuous mode
[   51.665115][ T4988] device veth1_macvtap entered promiscuous mode
[   51.673463][ T4988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   51.675262][ T4988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   51.676778][ T4988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   51.678519][ T4988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   51.680223][ T4988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   51.683938][ T4988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   51.780966][ T4988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   51.782676][ T4988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   51.784413][ T4988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   52.212229][ T4988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   52.224446][ T4988] batman_adv: batadv0: Interface activated: batadv_slave_0
[   52.232026][ T4583] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   52.233578][ T4583] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   52.235006][ T4583] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   52.238502][ T4583] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   52.243367][ T5088] netlink: 'syz.3.204': attribute type 1 has an invalid length.
[   52.248636][ T5088] device bond5 entered promiscuous mode
[   52.250052][ T5088] 8021q: adding VLAN 0 to HW filter on device bond5
[   52.254326][ T4988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   52.256039][ T4988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   52.257550][ T4988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   52.259170][ T4988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   52.268445][ T4988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   52.270282][ T4988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   52.272087][ T4988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   52.273785][ T4988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   52.275396][ T4988] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   52.276919][ T4988] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   52.279228][ T4988] batman_adv: batadv0: Interface activated: batadv_slave_1
[   52.287159][ T5088] 8021q: adding VLAN 0 to HW filter on device bond6
[   52.289744][ T5088] bond5: (slave bond6): making interface the new active one
[   52.294101][ T5088] device bond6 entered promiscuous mode
[   52.295491][ T5088] bond5: (slave bond6): Enslaving as an active interface with an up link
[   52.297042][ T4472] IPv6: ADDRCONF(NETDEV_CHANGE): bond5: link becomes ready
[   52.298621][ T4472] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   52.300306][ T4472] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   52.310234][ T4988] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   52.311885][ T4988] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   52.313271][ T4988] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   52.316979][ T4988] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   52.358708][ T4583] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   52.360224][ T4583] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   52.365294][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   52.366950][ T4488] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   52.368088][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   52.371285][ T4488] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   52.448009][ T5099] netlink: 'syz.1.208': attribute type 10 has an invalid length.
[   52.588789][ T5109] loop6: detected capacity change from 0 to 7
[   52.594164][ T5109] Dev loop6: unable to read RDB block 7
[   52.595081][ T5109]  loop6: unable to read partition table
[   52.595985][ T5109] loop6: partition table beyond EOD, truncated
[   52.596864][ T5109] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[   52.668507][ T5114] loop1: detected capacity change from 0 to 1024
[   52.721466][ T5112] loop3: detected capacity change from 0 to 2048
[   52.723174][ T5114] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   52.764268][ T5114] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   52.859205][ T4314] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   52.971336][ T4327] Bluetooth: hci5: command 0x041b tx timeout
[   53.144586][ T4325] EXT4-fs (loop1): unmounting filesystem.
[   53.569849][ T5129] netlink: 'syz.0.216': attribute type 1 has an invalid length.
[   53.584910][ T5129] device bond5 entered promiscuous mode
[   53.586138][ T5129] 8021q: adding VLAN 0 to HW filter on device bond5
[   53.616845][ T5129] 8021q: adding VLAN 0 to HW filter on device bond6
[   53.625505][ T5129] bond5: (slave bond6): making interface the new active one
[   53.626600][ T5129] device bond6 entered promiscuous mode
[   53.637767][ T5129] bond5: (slave bond6): Enslaving as an active interface with an up link
[   53.650489][ T1713] IPv6: ADDRCONF(NETDEV_CHANGE): bond5: link becomes ready
[   53.720384][ T5138] netlink: 'syz.0.219': attribute type 10 has an invalid length.
[   53.929048][ T5145] loop6: detected capacity change from 0 to 7
[   53.952218][ T5145] Dev loop6: unable to read RDB block 7
[   53.953159][ T5145]  loop6: unable to read partition table
[   53.954072][ T5145] loop6: partition table beyond EOD, truncated
[   53.954984][ T5145] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[   53.977094][ T5149] loop0: detected capacity change from 0 to 64
[   54.219606][ T5165] netlink: 'syz.0.230': attribute type 1 has an invalid length.
[   54.230298][ T5165] device bond7 entered promiscuous mode
[   54.233601][ T5165] 8021q: adding VLAN 0 to HW filter on device bond7
[   54.391829][ T5170] netlink: 'syz.0.231': attribute type 10 has an invalid length.
[   54.498824][ T5174] syz.0.233 uses obsolete (PF_INET,SOCK_PACKET)
[   54.515021][ T5174] netlink: 4 bytes leftover after parsing attributes in process `syz.0.233'.
[   55.018376][ T5186] loop6: detected capacity change from 0 to 7
[   55.029634][ T5186] Dev loop6: unable to read RDB block 7
[   55.030835][ T5186]  loop6: unable to read partition table
[   55.031768][ T5186] loop6: partition table beyond EOD, truncated
[   55.038922][ T5186] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[   55.051033][ T4327] Bluetooth: hci5: command 0x040f tx timeout
[   55.380429][ T5205] netlink: 'syz.2.241': attribute type 1 has an invalid length.
[   55.403565][ T5205] device bond3 entered promiscuous mode
[   55.405914][ T5205] 8021q: adding VLAN 0 to HW filter on device bond3
[   55.564162][ T5211] 8021q: adding VLAN 0 to HW filter on device bond4
[   55.565768][ T5211] bond3: (slave bond4): making interface the new active one
[   55.581730][ T5211] device bond4 entered promiscuous mode
[   55.582911][ T5211] bond3: (slave bond4): Enslaving as an active interface with an up link
[   55.622698][ T5213] netlink: 'syz.0.243': attribute type 10 has an invalid length.
[   55.629228][ T4639] IPv6: ADDRCONF(NETDEV_CHANGE): bond3: link becomes ready
[   55.657921][ T5209] loop3: detected capacity change from 0 to 2048
[   55.879124][ T5233] loop2: detected capacity change from 0 to 760
[   56.541641][ T5284] netlink: 'syz.5.254': attribute type 10 has an invalid length.
[   56.548474][ T5284] bond0: (slave wlan1): Enslaving as an active interface with an up link
[   56.554007][ T5283] netlink: 'syz.3.255': attribute type 1 has an invalid length.
[   56.565244][ T5283] device bond7 entered promiscuous mode
[   56.566546][ T5283] 8021q: adding VLAN 0 to HW filter on device bond7
[   56.571556][ T5284] netlink: 40 bytes leftover after parsing attributes in process `syz.5.254'.
[   56.589532][ T5283] 8021q: adding VLAN 0 to HW filter on device bond8
[   56.591717][ T5283] bond7: (slave bond8): making interface the new active one
[   56.594873][ T5283] device bond8 entered promiscuous mode
[   56.596138][ T5283] bond7: (slave bond8): Enslaving as an active interface with an up link
[   56.598361][ T4472] IPv6: ADDRCONF(NETDEV_CHANGE): bond7: link becomes ready
[   57.130659][ T4327] Bluetooth: hci5: command 0x0419 tx timeout
[   57.284777][ T5317] loop2: detected capacity change from 0 to 32768
[   57.330631][ T5317] XFS (loop2): Mounting V5 Filesystem
[   57.399904][ T5317] XFS (loop2): Ending clean mount
[   57.499210][ T5338] loop0: detected capacity change from 0 to 2048
[   57.898476][ T5254] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   57.952535][ T5360] netlink: 'syz.3.266': attribute type 1 has an invalid length.
[   58.000305][ T5360] device bond9 entered promiscuous mode
[   58.001439][ T5360] 8021q: adding VLAN 0 to HW filter on device bond9
[   58.016458][ T5366] netlink: 'syz.1.267': attribute type 10 has an invalid length.
[   58.054884][ T4330] XFS (loop2): Unmounting Filesystem
[   58.110512][ T5366] netlink: 40 bytes leftover after parsing attributes in process `syz.1.267'.
[   58.115387][ T5360] 8021q: adding VLAN 0 to HW filter on device bond10
[   58.118186][ T5360] bond9: (slave bond10): making interface the new active one
[   58.119561][ T5360] device bond10 entered promiscuous mode
[   58.126484][ T5360] bond9: (slave bond10): Enslaving as an active interface with an up link
[   58.131143][ T4472] IPv6: ADDRCONF(NETDEV_CHANGE): bond9: link becomes ready
[   58.512739][ T5382] binder: 5378:5382 unknown command 1074291477
[   58.513721][ T5382] binder: 5378:5382 ioctl c0306201 200003c0 returned -22
[   59.364252][ T5391] loop5: detected capacity change from 0 to 2048
[   59.427057][ T5400] netlink: 'syz.5.280': attribute type 10 has an invalid length.
[   59.478634][ T5400] netlink: 40 bytes leftover after parsing attributes in process `syz.5.280'.
[   59.524061][ T5407] netlink: 'syz.0.281': attribute type 1 has an invalid length.
[   59.564889][ T5407] device bond8 entered promiscuous mode
[   59.569078][ T5407] 8021q: adding VLAN 0 to HW filter on device bond8
[   59.641355][ T5410] 8021q: adding VLAN 0 to HW filter on device bond9
[   59.643055][ T5410] bond8: (slave bond9): making interface the new active one
[   59.644294][ T5410] device bond9 entered promiscuous mode
[   59.645597][ T5410] bond8: (slave bond9): Enslaving as an active interface with an up link
[   59.721984][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bond8: link becomes ready
[   59.758995][ T5404] loop2: detected capacity change from 0 to 32768
[   59.763218][ T5404] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.279 (5404)
[   59.770203][ T5404] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   59.793907][ T5404] BTRFS info (device loop2): using crc32c (crc32c-generic) checksum algorithm
[   59.795303][ T5404] BTRFS info (device loop2): turning on async discard
[   59.796299][ T5404] BTRFS info (device loop2): using free space tree
[   60.056495][ T5404] BTRFS info (device loop2): enabling ssd optimizations
[   60.156836][ T4330] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   60.656353][ T5462] loop5: detected capacity change from 0 to 2048
[   60.704933][ T5469] netlink: 'syz.1.294': attribute type 1 has an invalid length.
[   60.762606][ T5469] device bond2 entered promiscuous mode
[   60.763930][ T5469] 8021q: adding VLAN 0 to HW filter on device bond2
[   60.768258][ T5472] netlink: 'syz.0.295': attribute type 10 has an invalid length.
[   60.775358][ T5472] netlink: 40 bytes leftover after parsing attributes in process `syz.0.295'.
[   61.059850][ T5476] 8021q: adding VLAN 0 to HW filter on device bond3
[   61.068380][ T5476] bond2: (slave bond3): making interface the new active one
[   61.069597][ T5476] device bond3 entered promiscuous mode
[   61.076484][ T5476] bond2: (slave bond3): Enslaving as an active interface with an up link
[   61.078066][ T4472] IPv6: ADDRCONF(NETDEV_CHANGE): bond2: link becomes ready
[   61.163670][ T5493] vhci_hcd: invalid port number 96
[   61.164622][ T5493] vhci_hcd: default hub control req: 0300 vfffa i0060 l0
[   62.006139][ T5512] netlink: 40 bytes leftover after parsing attributes in process `syz.3.308'.
[   62.116706][ T5517] loop2: detected capacity change from 0 to 2048
[   62.237761][ T5511] netlink: 'syz.3.308': attribute type 10 has an invalid length.
[   62.379227][ T5528] netlink: 'syz.3.312': attribute type 1 has an invalid length.
[   62.426279][ T5528] device bond11 entered promiscuous mode
[   62.427347][ T5528] 8021q: adding VLAN 0 to HW filter on device bond11
[   62.500267][ T5528] 8021q: adding VLAN 0 to HW filter on device bond12
[   62.512240][ T5528] bond11: (slave bond12): making interface the new active one
[   62.513427][ T5528] device bond12 entered promiscuous mode
[   62.526471][ T5528] bond11: (slave bond12): Enslaving as an active interface with an up link
[   62.759148][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): bond11: link becomes ready
[   62.776723][ T5555] netlink: 'syz.3.322': attribute type 10 has an invalid length.
[   62.779882][ T5555] netlink: 40 bytes leftover after parsing attributes in process `syz.3.322'.
[   62.943253][ T5551] loop2: detected capacity change from 0 to 2048
[   63.366488][ T5574] netlink: 'syz.2.328': attribute type 1 has an invalid length.
[   63.382800][ T5574] device bond5 entered promiscuous mode
[   63.384363][ T5574] 8021q: adding VLAN 0 to HW filter on device bond5
[   63.393925][ T5574] 8021q: adding VLAN 0 to HW filter on device bond6
[   63.396955][ T5574] bond5: (slave bond6): making interface the new active one
[   63.398203][ T5574] device bond6 entered promiscuous mode
[   63.400312][ T5574] bond5: (slave bond6): Enslaving as an active interface with an up link
[   63.402531][  T207] IPv6: ADDRCONF(NETDEV_CHANGE): bond5: link becomes ready
[   63.559274][ T5595] netlink: 'syz.2.335': attribute type 10 has an invalid length.
[   63.589525][ T5595] netlink: 8 bytes leftover after parsing attributes in process `syz.2.335'.
[   63.691666][   T78] block nbd0: Attempted send on invalid socket
[   63.693322][   T78] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   63.695024][ T5605] efs: cannot read volume header
[   63.891371][ T5602] loop5: detected capacity change from 0 to 2048
[   63.996659][ T5254] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   64.083594][ T5618] netlink: 'syz.3.341': attribute type 1 has an invalid length.
[   64.105922][ T5618] device bond13 entered promiscuous mode
[   64.107947][ T5618] 8021q: adding VLAN 0 to HW filter on device bond13
[   64.127072][ T5618] 8021q: adding VLAN 0 to HW filter on device bond14
[   64.129895][ T5618] bond13: (slave bond14): making interface the new active one
[   64.133413][ T5618] device bond14 entered promiscuous mode
[   64.134993][ T5618] bond13: (slave bond14): Enslaving as an active interface with an up link
[   64.138050][ T4639] IPv6: ADDRCONF(NETDEV_CHANGE): bond13: link becomes ready
[   64.495416][ T2061] ieee802154 phy0 wpan0: encryption failed: -22
[   64.497862][ T2061] ieee802154 phy1 wpan1: encryption failed: -22
[   64.603139][   T14] cfg80211: failed to load regulatory.db
[   64.943881][ T5637] netlink: 'syz.5.348': attribute type 10 has an invalid length.
[   64.947443][ T5637] netlink: 8 bytes leftover after parsing attributes in process `syz.5.348'.
[   64.960604][   T14] usb 1-1: new low-speed USB device number 4 using dummy_hcd
[   65.154913][   T14] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[   65.161986][   T14] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   65.166872][   T14] usb 1-1: config 0 descriptor??
[   65.255230][ T5650] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   65.256723][ T5650] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   65.814386][ T5656] netlink: 'syz.5.354': attribute type 1 has an invalid length.
[   65.823175][ T5656] device bond1 entered promiscuous mode
[   65.824390][ T5656] 8021q: adding VLAN 0 to HW filter on device bond1
[   65.835357][ T5656] 8021q: adding VLAN 0 to HW filter on device bond2
[   65.838237][ T5656] bond1: (slave bond2): making interface the new active one
[   65.839643][ T5656] device bond2 entered promiscuous mode
[   65.841346][ T5656] bond1: (slave bond2): Enslaving as an active interface with an up link
[   65.845009][ T4488] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[   65.855179][ T5654] loop2: detected capacity change from 0 to 2048
[   65.958101][ T5662] netlink: 40 bytes leftover after parsing attributes in process `syz.3.356'.
[   65.970333][ T5662] netlink: 40 bytes leftover after parsing attributes in process `syz.3.356'.
[   66.046695][ T5666] input: syz1 as /devices/virtual/input/input3
[   66.219871][ T5675] netlink: 'syz.3.361': attribute type 10 has an invalid length.
[   66.229729][ T5675] netlink: 8 bytes leftover after parsing attributes in process `syz.3.361'.
[   66.703759][ T5687] netlink: 'syz.3.365': attribute type 1 has an invalid length.
[   66.708738][ T5687] device bond15 entered promiscuous mode
[   66.709850][ T5687] 8021q: adding VLAN 0 to HW filter on device bond15
[   66.718238][ T5687] 8021q: adding VLAN 0 to HW filter on device bond16
[   66.720009][ T5687] bond15: (slave bond16): making interface the new active one
[   66.721732][ T5687] device bond16 entered promiscuous mode
[   66.723220][ T5687] bond15: (slave bond16): Enslaving as an active interface with an up link
[   66.724704][ T5127] IPv6: ADDRCONF(NETDEV_CHANGE): bond15: link becomes ready
[   67.052083][ T5697] device vlan2 entered promiscuous mode
[   67.056703][ T5697] device bridge0 entered promiscuous mode
[   67.077986][ T5699] loop1: detected capacity change from 0 to 512
[   67.083740][ T5699] EXT4-fs: Ignoring removed mblk_io_submit option
[   67.088642][ T5699] EXT4-fs: Ignoring removed mblk_io_submit option
[   67.102441][ T5699] EXT4-fs (loop1): Test dummy encryption mode enabled
[   67.106870][ T5699] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   67.116413][ T5699] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   67.184241][ T5699] EXT4-fs (loop1): 1 truncate cleaned up
[   67.185684][ T5699] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[   67.516924][ T4325] EXT4-fs (loop1): unmounting filesystem.
[   67.540151][ T5710] netlink: 'syz.2.372': attribute type 10 has an invalid length.
[   67.546925][ T5710] netlink: 8 bytes leftover after parsing attributes in process `syz.2.372'.
[   67.706996][ T5724] netlink: 'syz.3.376': attribute type 1 has an invalid length.
[   67.712646][ T5724] device bond17 entered promiscuous mode
[   67.713675][ T5724] 8021q: adding VLAN 0 to HW filter on device bond17
[   67.723909][ T5724] 8021q: adding VLAN 0 to HW filter on device bond18
[   67.725726][ T5724] bond17: (slave bond18): making interface the new active one
[   67.726867][ T5724] device bond18 entered promiscuous mode
[   67.728020][ T5724] bond17: (slave bond18): Enslaving as an active interface with an up link
[   67.729512][ T1713] IPv6: ADDRCONF(NETDEV_CHANGE): bond17: link becomes ready
[   67.746929][ T5722] loop2: detected capacity change from 0 to 2048
[   67.835767][ T5733] loop3: detected capacity change from 0 to 4096
[   67.872552][ T5733] ntfs3: loop3: ntfs_set_state r=3 failed, -22.
[   67.894770][ T4488] ntfs3: loop3: ntfs3_write_inode r=3 failed, -22.
[   67.896421][ T4323] ntfs3: loop3: ntfs_set_state r=3 failed, -22.
[   67.897798][ T4323] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[   67.899346][ T4323] ntfs3: loop3: ntfs_set_state r=3 failed, -22.
[   67.901301][ T4488] ntfs3: loop3: ntfs3_write_inode r=3 failed, -22.
[   67.905075][ T4323] ntfs3: loop3: ntfs_evict_inode r=3 failed, -22.
[   67.970315][ T5739] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   67.976309][ T5739] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   68.330802][   T14] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[   68.333004][   T14] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0088: ffffffb9
[   68.335009][   T14] asix: probe of 1-1:0.0 failed with error -71
[   68.340175][   T14] usb 1-1: USB disconnect, device number 4
[   68.488164][ T5747] netlink: 'syz.2.384': attribute type 10 has an invalid length.
[   68.509335][ T5747] netlink: 8 bytes leftover after parsing attributes in process `syz.2.384'.
[   68.644033][ T5758] netlink: 'syz.1.388': attribute type 1 has an invalid length.
[   68.649433][ T5758] device bond4 entered promiscuous mode
[   68.651847][ T5758] 8021q: adding VLAN 0 to HW filter on device bond4
[   68.661178][ T5758] 8021q: adding VLAN 0 to HW filter on device bond5
[   68.663100][ T5758] bond4: (slave bond5): making interface the new active one
[   68.664317][ T5758] device bond5 entered promiscuous mode
[   68.665565][ T5758] bond4: (slave bond5): Enslaving as an active interface with an up link
[   68.668184][ T1713] IPv6: ADDRCONF(NETDEV_CHANGE): bond4: link becomes ready
[   68.725874][ T5761] tmpfs: Unknown parameter 'quota'
[   69.036470][ T5769] loop1: detected capacity change from 0 to 2048
[   69.066084][ T5769] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[   69.638820][ T5782] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   69.643572][ T5782] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   69.792943][ T5785] loop3: detected capacity change from 0 to 2048
[   69.852292][ T5254] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   69.893574][ T4325] EXT4-fs (loop1): unmounting filesystem.
[   69.966377][ T5788] netlink: 'syz.1.396': attribute type 10 has an invalid length.
[   69.979621][ T5790] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
[   69.980136][ T5788] netlink: 8 bytes leftover after parsing attributes in process `syz.1.396'.
[   70.201375][ T5799] loop2: detected capacity change from 0 to 128
[   70.209674][ T5799] FAT-fs (loop2): Unrecognized mount option "shortname=wMnt" or missing value
[   70.254557][ T5254] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   70.757619][ T5808] netlink: 'syz.3.403': attribute type 1 has an invalid length.
[   70.769301][ T5808] device bond19 entered promiscuous mode
[   70.770960][ T5808] 8021q: adding VLAN 0 to HW filter on device bond19
[   70.785248][ T5808] 8021q: adding VLAN 0 to HW filter on device bond20
[   70.788710][ T5808] bond19: (slave bond20): making interface the new active one
[   70.790041][ T5808] device bond20 entered promiscuous mode
[   70.796327][ T5808] bond19: (slave bond20): Enslaving as an active interface with an up link
[   70.799569][ T5127] IPv6: ADDRCONF(NETDEV_CHANGE): bond19: link becomes ready
[   70.977074][ T5815] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[   70.978311][ T5815] vhci_hcd: default hub control req: 2314 v0008 i0002 l0
[   71.024353][ T5822] netlink: 'syz.1.408': attribute type 10 has an invalid length.
[   71.808639][ T5834] IPv6: NLM_F_CREATE should be specified when creating new route
[   72.065174][ T5849] loop3: detected capacity change from 0 to 2048
[   72.334351][ T5854] netlink: 'syz.0.417': attribute type 1 has an invalid length.
[   72.344905][ T5854] device bond10 entered promiscuous mode
[   72.347262][ T5854] 8021q: adding VLAN 0 to HW filter on device bond10
[   72.378613][ T5854] 8021q: adding VLAN 0 to HW filter on device bond11
[   72.385487][ T5854] bond10: (slave bond11): making interface the new active one
[   72.393062][ T5854] device bond11 entered promiscuous mode
[   72.395611][ T5854] bond10: (slave bond11): Enslaving as an active interface with an up link
[   72.400883][ T4472] IPv6: ADDRCONF(NETDEV_CHANGE): bond10: link becomes ready
[   72.584305][ T5865] netlink: 'syz.0.420': attribute type 10 has an invalid length.
[   73.114010][ T5880] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   73.117677][ T5880] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   73.890008][ T5892] netlink: 'syz.0.430': attribute type 1 has an invalid length.
[   73.913089][ T5892] device bond12 entered promiscuous mode
[   73.914084][ T5892] 8021q: adding VLAN 0 to HW filter on device bond12
[   73.925373][ T5892] 8021q: adding VLAN 0 to HW filter on device bond13
[   73.927105][ T5892] bond12: (slave bond13): making interface the new active one
[   73.928326][ T5892] device bond13 entered promiscuous mode
[   73.929451][ T5892] bond12: (slave bond13): Enslaving as an active interface with an up link
[   73.938590][ T5895] netlink: 'syz.1.431': attribute type 10 has an invalid length.
[   73.943220][ T4488] IPv6: ADDRCONF(NETDEV_CHANGE): bond12: link becomes ready
[   74.194773][ T5907] loop3: detected capacity change from 0 to 2048
[   74.456136][ T5909] vcan0: tx drop: invalid da for name 0x0000000000080002
[   74.503303][ T5912] netlink: 68 bytes leftover after parsing attributes in process `syz.2.437'.
[   75.079783][ T5927] netlink: 232 bytes leftover after parsing attributes in process `syz.1.440'.
[   75.427124][ T5932] netlink: 'syz.2.443': attribute type 1 has an invalid length.
[   75.439149][ T5932] device bond7 entered promiscuous mode
[   75.440183][ T5932] 8021q: adding VLAN 0 to HW filter on device bond7
[   75.450021][ T5932] 8021q: adding VLAN 0 to HW filter on device bond8
[   75.451943][ T5932] bond7: (slave bond8): making interface the new active one
[   75.453003][ T5932] device bond8 entered promiscuous mode
[   75.454132][ T5932] bond7: (slave bond8): Enslaving as an active interface with an up link
[   75.457078][ T1713] IPv6: ADDRCONF(NETDEV_CHANGE): bond7: link becomes ready
[   75.485622][ T5936] netlink: 'syz.0.444': attribute type 10 has an invalid length.
[   75.833748][ T5946] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   75.836565][ T5946] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   76.181514][ T5953] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   76.183022][ T5953] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   76.512696][ T5959] overlayfs: failed to resolve './file0': -2
[   77.840354][ T5972] loop5: detected capacity change from 0 to 2048
[   78.077975][ T5974] netlink: 'syz.2.457': attribute type 10 has an invalid length.
[   78.101010][ T5976] netlink: 'syz.1.456': attribute type 1 has an invalid length.
[   78.126058][ T5976] device bond6 entered promiscuous mode
[   78.131059][ T5976] 8021q: adding VLAN 0 to HW filter on device bond6
[   78.169355][ T5976] 8021q: adding VLAN 0 to HW filter on device bond7
[   78.180000][ T5976] bond6: (slave bond7): making interface the new active one
[   78.183071][ T5976] device bond7 entered promiscuous mode
[   78.188584][ T5976] bond6: (slave bond7): Enslaving as an active interface with an up link
[   78.199902][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bond6: link becomes ready
[   78.246257][ T5976] netlink: 8 bytes leftover after parsing attributes in process `syz.1.456'.
[   78.262779][ T5989] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   78.264213][ T5989] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   79.124660][ T6017] netlink: 'syz.2.470': attribute type 10 has an invalid length.
[   79.231612][ T6026] netlink: 'syz.2.473': attribute type 1 has an invalid length.
[   79.245358][ T6026] device bond9 entered promiscuous mode
[   79.249100][ T6026] 8021q: adding VLAN 0 to HW filter on device bond9
[   79.323244][ T6026] 8021q: adding VLAN 0 to HW filter on device bond10
[   79.324941][ T6026] bond9: (slave bond10): making interface the new active one
[   79.326131][ T6026] device bond10 entered promiscuous mode
[   79.327258][ T6026] bond9: (slave bond10): Enslaving as an active interface with an up link
[   79.327553][ T6034] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   79.331292][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bond9: link becomes ready
[   79.336190][ T6026] netlink: 8 bytes leftover after parsing attributes in process `syz.2.473'.
[   79.339677][ T6034] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   79.375689][ T6032] loop1: detected capacity change from 0 to 2048
[   79.421174][ T5254] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   80.014307][   T27] audit: type=1326 audit(80.000:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6047 comm="syz.3.480" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9615c0a8 code=0x7ffc0000
[   80.019033][   T27] audit: type=1326 audit(80.000:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6047 comm="syz.3.480" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=203 compat=0 ip=0xffff9615c0a8 code=0x7ffc0000
[   80.024540][   T27] audit: type=1326 audit(80.010:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6047 comm="syz.3.480" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9615c0a8 code=0x7ffc0000
[   80.028879][   T27] audit: type=1326 audit(80.010:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6047 comm="syz.3.480" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=95 compat=0 ip=0xffff9615c0a8 code=0x7ffc0000
[   80.032835][   T27] audit: type=1326 audit(80.010:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6047 comm="syz.3.480" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9615c0a8 code=0x7ffc0000
[   80.112458][ T6056] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   80.113946][ T6056] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   80.144029][ T6053] netlink: 'syz.3.483': attribute type 10 has an invalid length.
[   80.248170][ T6064] netlink: 'syz.5.487': attribute type 1 has an invalid length.
[   80.257017][ T6064] device bond3 entered promiscuous mode
[   80.258141][ T6064] 8021q: adding VLAN 0 to HW filter on device bond3
[   80.270344][ T6064] 8021q: adding VLAN 0 to HW filter on device bond4
[   80.273174][ T6064] bond3: (slave bond4): making interface the new active one
[   80.274396][ T6064] device bond4 entered promiscuous mode
[   80.275553][ T6064] bond3: (slave bond4): Enslaving as an active interface with an up link
[   80.277088][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): bond3: link becomes ready
[   80.280247][ T6064] netlink: 8 bytes leftover after parsing attributes in process `syz.5.487'.
[   80.639491][ T6072] loop2: detected capacity change from 0 to 128
[   80.743050][ T6069] loop5: detected capacity change from 0 to 32768
[   80.753315][ T6069] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 scanned by syz.5.488 (6069)
[   80.793596][ T6069] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   80.796427][ T6069] BTRFS info (device loop5): using sha256 (sha256-ce) checksum algorithm
[   80.797646][ T6069] BTRFS info (device loop5): using free space tree
[   80.808367][ T6069] BTRFS info (device loop5): enabling ssd optimizations
[   80.825697][ T4988] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   80.899169][ T6095] loop5: detected capacity change from 0 to 764
[   81.074360][ T6106] netlink: 'syz.3.496': attribute type 10 has an invalid length.
[   81.326756][ T6116] netlink: 'syz.3.499': attribute type 1 has an invalid length.
[   81.333920][ T6116] device bond21 entered promiscuous mode
[   81.335245][ T6116] 8021q: adding VLAN 0 to HW filter on device bond21
[   81.348093][ T6116] 8021q: adding VLAN 0 to HW filter on device bond22
[   81.350057][ T6116] bond21: (slave bond22): making interface the new active one
[   81.352291][ T6116] device bond22 entered promiscuous mode
[   81.354656][ T6116] bond21: (slave bond22): Enslaving as an active interface with an up link
[   81.357872][ T4472] IPv6: ADDRCONF(NETDEV_CHANGE): bond21: link becomes ready
[   81.359748][ T6116] netlink: 8 bytes leftover after parsing attributes in process `syz.3.499'.
[   82.780482][ T6146] netlink: 'syz.2.508': attribute type 10 has an invalid length.
[   82.805550][ T6152] netlink: 'syz.0.511': attribute type 1 has an invalid length.
[   82.815074][ T6152] device bond14 entered promiscuous mode
[   82.816166][ T6152] 8021q: adding VLAN 0 to HW filter on device bond14
[   82.851506][ T6152] 8021q: adding VLAN 0 to HW filter on device bond15
[   82.854280][ T6152] bond14: (slave bond15): making interface the new active one
[   82.855581][ T6152] device bond15 entered promiscuous mode
[   82.856696][ T6152] bond14: (slave bond15): Enslaving as an active interface with an up link
[   82.858404][ T1713] IPv6: ADDRCONF(NETDEV_CHANGE): bond14: link becomes ready
[   82.867607][ T6152] netlink: 8 bytes leftover after parsing attributes in process `syz.0.511'.
[   84.036169][ T6175] can0: slcan on ttyS3.
[   84.110995][ T6172] can0 (unregistered): slcan off ttyS3.
[   84.228921][ T6195] netlink: 8 bytes leftover after parsing attributes in process `syz.1.523'.
[   84.277004][ T6199] netlink: 'syz.1.524': attribute type 1 has an invalid length.
[   84.367733][ T6199] device bond8 entered promiscuous mode
[   84.369032][ T6199] 8021q: adding VLAN 0 to HW filter on device bond8
[   84.461090][ T6203] 8021q: adding VLAN 0 to HW filter on device bond9
[   84.480006][ T6203] bond8: (slave bond9): making interface the new active one
[   84.485041][ T6203] device bond9 entered promiscuous mode
[   84.490117][ T6203] bond8: (slave bond9): Enslaving as an active interface with an up link
[   84.497115][ T4488] IPv6: ADDRCONF(NETDEV_CHANGE): bond8: link becomes ready
[   84.504296][ T6199] netlink: 8 bytes leftover after parsing attributes in process `syz.1.524'.
[   85.201066][ T6227] netlink: 'syz.0.527': attribute type 10 has an invalid length.
[   85.209433][ T6227] netlink: 40 bytes leftover after parsing attributes in process `syz.0.527'.
[   85.335523][ T6238] netlink: 104 bytes leftover after parsing attributes in process `syz.2.530'.
[   86.217755][ T6259] netlink: 'syz.5.536': attribute type 1 has an invalid length.
[   86.228378][ T6259] device bond5 entered promiscuous mode
[   86.229792][ T6259] 8021q: adding VLAN 0 to HW filter on device bond5
[   86.241742][ T6259] 8021q: adding VLAN 0 to HW filter on device bond6
[   86.245768][ T6259] bond5: (slave bond6): making interface the new active one
[   86.246997][ T6259] device bond6 entered promiscuous mode
[   86.248279][ T6259] bond5: (slave bond6): Enslaving as an active interface with an up link
[   86.249988][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): bond5: link becomes ready
[   86.401784][ T6268] netlink: 8 bytes leftover after parsing attributes in process `syz.3.534'.
[   86.717355][ T6270] loop5: detected capacity change from 0 to 2048
[   86.998191][ T6274] netlink: 'syz.2.539': attribute type 10 has an invalid length.
[   87.007275][ T6274] netlink: 40 bytes leftover after parsing attributes in process `syz.2.539'.
[   87.126578][   T27] audit: type=1326 audit(87.110:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6279 comm="syz.2.541" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa6d5c0a8 code=0x7ffc0000
[   87.129943][   T27] audit: type=1326 audit(87.110:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6279 comm="syz.2.541" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=70 compat=0 ip=0xffffa6d5c0a8 code=0x7ffc0000
[   87.142098][   T27] audit: type=1326 audit(87.110:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6279 comm="syz.2.541" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa6d5c0a8 code=0x7ffc0000
[   87.284287][ T6289] netlink: 56 bytes leftover after parsing attributes in process `syz.3.544'.
[   87.657857][ T6295] loop2: detected capacity change from 0 to 2048
[   87.695853][ T6295] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[   87.765077][ T6298] netlink: 'syz.2.548': attribute type 1 has an invalid length.
[   87.864387][ T6298] device bond11 entered promiscuous mode
[   87.875494][ T6298] 8021q: adding VLAN 0 to HW filter on device bond11
[   87.934802][ T6298] 8021q: adding VLAN 0 to HW filter on device bond12
[   87.938579][ T6298] bond11: (slave bond12): making interface the new active one
[   87.939887][ T6298] device bond12 entered promiscuous mode
[   87.944759][ T6298] bond11: (slave bond12): Enslaving as an active interface with an up link
[   87.947980][  T207] IPv6: ADDRCONF(NETDEV_CHANGE): bond11: link becomes ready
[   88.026769][ T6304] Driver unsupported XDP return value 0 on prog  (id 38) dev N/A, expect packet loss!
[   88.122963][ T6308] netlink: 'syz.1.551': attribute type 10 has an invalid length.
[   88.185139][ T6308] netlink: 40 bytes leftover after parsing attributes in process `syz.1.551'.
[   88.216803][ T6315] netlink: 'syz.3.554': attribute type 13 has an invalid length.
[   88.218186][ T6315] netlink: 'syz.3.554': attribute type 17 has an invalid length.
[   88.247766][ T6317] loop2: detected capacity change from 0 to 1024
[   88.251809][ T6317] EXT4-fs: Ignoring removed orlov option
[   88.352692][ T6315] gretap0: refused to change device tx_queue_len
[   88.354301][ T6315] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[   88.357649][ T6317] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[   88.498840][ T6326] loop1: detected capacity change from 0 to 2048
[   88.691211][ T4330] EXT4-fs (loop2): unmounting filesystem.
[   88.692530][ T5252] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   88.746352][ T6332] netlink: 'syz.0.560': attribute type 1 has an invalid length.
[   88.812518][ T6332] device bond16 entered promiscuous mode
[   88.813758][ T6332] 8021q: adding VLAN 0 to HW filter on device bond16
[   88.834105][ T6334] 8021q: adding VLAN 0 to HW filter on device bond17
[   88.837308][ T6334] bond16: (slave bond17): making interface the new active one
[   88.838490][ T6334] device bond17 entered promiscuous mode
[   88.839865][ T6334] bond16: (slave bond17): Enslaving as an active interface with an up link
[   88.841916][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): bond16: link becomes ready
[   89.386660][ T6336] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[   89.388142][ T6336] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[   90.459633][ T6360] netlink: 'syz.1.566': attribute type 10 has an invalid length.
[   90.526037][ T6362] loop1: detected capacity change from 0 to 1024
[   90.572678][ T6362] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[   90.638324][ T6362] EXT4-fs error (device loop1): mb_free_blocks:1810: group 0, inode 15: block 161:freeing already freed block (bit 10); block bitmap corrupt.
[   90.693386][ T4325] EXT4-fs (loop1): unmounting filesystem.
[   90.695854][ T6366] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   90.697305][ T6366] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   91.859770][ T6388] netlink: 'syz.5.574': attribute type 1 has an invalid length.
[   91.882833][ T6388] device bond7 entered promiscuous mode
[   91.883947][ T6388] 8021q: adding VLAN 0 to HW filter on device bond7
[   91.902995][ T6388] 8021q: adding VLAN 0 to HW filter on device bond8
[   91.906228][ T6388] bond7: (slave bond8): making interface the new active one
[   91.907363][ T6388] device bond8 entered promiscuous mode
[   91.908549][ T6388] bond7: (slave bond8): Enslaving as an active interface with an up link
[   91.911362][ T4639] IPv6: ADDRCONF(NETDEV_CHANGE): bond7: link becomes ready
[   91.926637][ T6391] loop2: detected capacity change from 0 to 128
[   91.947691][ T6391] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[   91.947988][ T6394] netlink: 'syz.5.577': attribute type 10 has an invalid length.
[   91.956289][ T6391] hpfs: filesystem error: improperly stopped
[   91.957922][ T6391] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[   91.959102][ T6391] hpfs: You really don't want any checks? You are crazy...
[   91.960683][ T6391] hpfs: hpfs_map_sector(): read error
[   91.961552][ T6391] hpfs: code page support is disabled
[   91.963166][ T6391] hpfs: hpfs_map_4sectors(): unaligned read
[   91.964304][ T6391] hpfs: hpfs_map_4sectors(): unaligned read
[   91.965167][ T6391] hpfs: filesystem error: unable to find root dir
[   91.968907][ T6391] hpfs: hpfs_map_4sectors(): unaligned read
[   92.855505][   T27] audit: type=1107 audit(92.840:14): pid=6422 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg=''
[   94.523790][ T6439] loop3: detected capacity change from 0 to 2048
[  104.023061][ T6421] netlink: 20 bytes leftover after parsing attributes in process `syz.1.586'.
[  104.036020][ T6425] netlink: 'syz.0.588': attribute type 1 has an invalid length.
[  104.063193][ T6444] netlink: 'syz.1.592': attribute type 10 has an invalid length.
[  105.138703][ T6474] netlink: 'syz.0.603': attribute type 1 has an invalid length.
[  105.142411][ T6473] loop3: detected capacity change from 0 to 256
[  105.154371][ T6474] device bond18 entered promiscuous mode
[  105.166709][ T6474] 8021q: adding VLAN 0 to HW filter on device bond18
[  105.198715][ T6449] loop1: detected capacity change from 0 to 1764
[  105.203635][ T6474] 8021q: adding VLAN 0 to HW filter on device bond19
[  105.205371][ T6474] bond18: (slave bond19): making interface the new active one
[  105.206497][ T6474] device bond19 entered promiscuous mode
[  105.207624][ T6474] bond18: (slave bond19): Enslaving as an active interface with an up link
[  105.228329][ T6484] netlink: 'syz.5.606': attribute type 10 has an invalid length.
[  105.258944][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): bond18: link becomes ready
[  105.856552][ T6503] loop1: detected capacity change from 0 to 2048
[  107.119522][ T6526] netlink: 'syz.2.618': attribute type 1 has an invalid length.
[  107.214158][ T6526] device bond13 entered promiscuous mode
[  107.215287][ T6526] 8021q: adding VLAN 0 to HW filter on device bond13
[  107.676419][ T6531] 8021q: adding VLAN 0 to HW filter on device bond14
[  107.678444][ T6531] bond13: (slave bond14): making interface the new active one
[  107.679626][ T6531] device bond14 entered promiscuous mode
[  107.683851][ T6531] bond13: (slave bond14): Enslaving as an active interface with an up link
[  107.685199][ T6534] netlink: 'syz.0.621': attribute type 10 has an invalid length.
[  107.687578][ T6526] netlink: 8 bytes leftover after parsing attributes in process `syz.2.618'.
[  107.692376][ T1574] IPv6: ADDRCONF(NETDEV_CHANGE): bond13: link becomes ready
[  107.801227][ T6548] loop2: detected capacity change from 0 to 2048
[  107.840614][ T6548] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  109.944850][ T6573] loop1: detected capacity change from 0 to 2048
[  110.264976][ T6579] netlink: 'syz.2.634': attribute type 1 has an invalid length.
[  110.301421][ T6579] device bond15 entered promiscuous mode
[  110.302517][ T6579] 8021q: adding VLAN 0 to HW filter on device bond15
[  110.336084][ T6579] 8021q: adding VLAN 0 to HW filter on device bond16
[  110.337920][ T6579] bond15: (slave bond16): making interface the new active one
[  110.342394][ T6579] device bond16 entered promiscuous mode
[  110.343595][ T6579] bond15: (slave bond16): Enslaving as an active interface with an up link
[  110.352954][ T6579] netlink: 8 bytes leftover after parsing attributes in process `syz.2.634'.
[  110.358810][ T1574] IPv6: ADDRCONF(NETDEV_CHANGE): bond15: link becomes ready
[  110.617506][ T6597] loop3: detected capacity change from 0 to 1024
[  110.640764][   T14] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  111.063824][   T14] usb 1-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad
[  111.066405][   T14] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  111.080827][   T14] usb 1-1: config 0 descriptor??
[  111.090852][   T14] gspca_main: spca508-2.14.0 probing 8086:0110
[  111.295993][   T14] gspca_spca508: reg_read err -32
[  111.297445][   T14] gspca_spca508: reg_read err -32
[  111.298926][   T14] gspca_spca508: reg_read err -32
[  111.300370][   T14] gspca_spca508: reg_read err -32
[  111.313533][ T6608] loop2: detected capacity change from 0 to 512
[  111.324566][ T6608] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  111.334100][ T6608] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.644: couldn't read orphan inode 26 (err -116)
[  111.338346][ T6608] EXT4-fs (loop2): Remounting filesystem read-only
[  111.340005][ T6608] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  111.365379][ T4330] EXT4-fs (loop2): unmounting filesystem.
[  111.701341][   T14] gspca_spca508: reg write: error -71
[  111.703523][   T14] spca508: probe of 1-1:0.0 failed with error -71
[  111.709074][   T14] usb 1-1: USB disconnect, device number 5
[  111.741559][ T6617] netlink: 'syz.1.647': attribute type 10 has an invalid length.
[  112.578426][ T6632] loop1: detected capacity change from 0 to 2048
[  113.363560][ T6636] netlink: 'syz.3.651': attribute type 1 has an invalid length.
[  113.379555][ T6636] device bond23 entered promiscuous mode
[  113.384447][ T6441] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  113.386161][ T6636] 8021q: adding VLAN 0 to HW filter on device bond23
[  113.414002][ T6636] 8021q: adding VLAN 0 to HW filter on device bond24
[  113.415727][ T6636] bond23: (slave bond24): making interface the new active one
[  113.416872][ T6636] device bond24 entered promiscuous mode
[  113.418100][ T6636] bond23: (slave bond24): Enslaving as an active interface with an up link
[  113.425613][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bond23: link becomes ready
[  113.428922][ T6636] netlink: 8 bytes leftover after parsing attributes in process `syz.3.651'.
[  113.471886][ T6643] device team_slave_0 entered promiscuous mode
[  113.473101][ T6643] device team_slave_1 entered promiscuous mode
[  113.474533][ T6643] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  113.805152][ T6657] netlink: 'syz.0.658': attribute type 10 has an invalid length.
[  114.527479][ T6675] netlink: 'syz.2.665': attribute type 1 has an invalid length.
[  114.533906][ T6675] device bond17 entered promiscuous mode
[  114.535195][ T6675] 8021q: adding VLAN 0 to HW filter on device bond17
[  114.548767][ T6675] 8021q: adding VLAN 0 to HW filter on device bond18
[  114.552319][ T6675] bond17: (slave bond18): making interface the new active one
[  114.553531][ T6675] device bond18 entered promiscuous mode
[  114.555878][ T6675] bond17: (slave bond18): Enslaving as an active interface with an up link
[  114.559203][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bond17: link becomes ready
[  114.952731][ T6675] netlink: 36 bytes leftover after parsing attributes in process `syz.2.665'.
[  115.012602][ T6687] netlink: 'syz.2.669': attribute type 10 has an invalid length.
[  116.608147][ T6724] netlink: 'syz.5.680': attribute type 1 has an invalid length.
[  116.628569][ T6724] device bond9 entered promiscuous mode
[  116.629767][ T6724] 8021q: adding VLAN 0 to HW filter on device bond9
[  116.646026][ T6724] 8021q: adding VLAN 0 to HW filter on device bond10
[  117.260488][ T6729] loop3: detected capacity change from 0 to 1024
[  117.260834][ T6724] bond9: (slave bond10): making interface the new active one
[  117.262729][ T6729] EXT4-fs: Ignoring removed oldalloc option
[  117.262984][ T6724] device bond10 entered promiscuous mode
[  117.264014][ T6729] EXT4-fs: Ignoring removed bh option
[  117.265086][ T6724] bond9: (slave bond10): Enslaving as an active interface with an up link
[  117.270022][ T6729] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  117.275712][ T6536] IPv6: ADDRCONF(NETDEV_CHANGE): bond9: link becomes ready
[  117.279947][ T6724] netlink: 36 bytes leftover after parsing attributes in process `syz.5.680'.
[  117.332621][ T6729] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  117.355035][ T6736] netlink: 'syz.1.682': attribute type 10 has an invalid length.
[  117.358830][ T6736] netlink: 48 bytes leftover after parsing attributes in process `syz.1.682'.
[  117.765146][ T4323] EXT4-fs (loop3): unmounting filesystem.
[  117.846617][ T6753] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  117.850186][ T6753] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  118.415954][ T6756] loop2: detected capacity change from 0 to 2048
[  118.767494][ T6764] netlink: 32 bytes leftover after parsing attributes in process `syz.2.692'.
[  119.235572][ T6775] netlink: 'syz.1.695': attribute type 1 has an invalid length.
[  119.241600][ T6775] device bond10 entered promiscuous mode
[  119.242799][ T6775] 8021q: adding VLAN 0 to HW filter on device bond10
[  119.257146][ T6775] 8021q: adding VLAN 0 to HW filter on device bond11
[  119.259010][ T6775] bond10: (slave bond11): making interface the new active one
[  119.260296][ T6775] device bond11 entered promiscuous mode
[  119.261697][ T6775] bond10: (slave bond11): Enslaving as an active interface with an up link
[  119.265213][ T4488] IPv6: ADDRCONF(NETDEV_CHANGE): bond10: link becomes ready
[  119.266916][ T6775] netlink: 36 bytes leftover after parsing attributes in process `syz.1.695'.
[  119.289091][ T6780] netlink: 'syz.1.696': attribute type 10 has an invalid length.
[  119.295766][ T6780] netlink: 48 bytes leftover after parsing attributes in process `syz.1.696'.
[  119.315960][ T6782] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  119.318671][ T6782] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  119.598967][ T6784] loop3: detected capacity change from 0 to 128
[  119.949798][ T6800] loop3: detected capacity change from 0 to 2048
[  120.194036][ T6804] netlink: 'syz.2.706': attribute type 1 has an invalid length.
[  120.199488][ T6804] device bond19 entered promiscuous mode
[  120.200457][ T6804] 8021q: adding VLAN 0 to HW filter on device bond19
[  120.216030][ T6441] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  120.236498][ T6804] 8021q: adding VLAN 0 to HW filter on device bond20
[  120.238479][ T6804] bond19: (slave bond20): making interface the new active one
[  120.239529][ T6804] device bond20 entered promiscuous mode
[  120.240721][ T6804] bond19: (slave bond20): Enslaving as an active interface with an up link
[  120.246064][ T1713] IPv6: ADDRCONF(NETDEV_CHANGE): bond19: link becomes ready
[  120.254226][ T6804] netlink: 36 bytes leftover after parsing attributes in process `syz.2.706'.
[  120.349869][ T6812] netlink: 'syz.5.707': attribute type 10 has an invalid length.
[  120.375861][ T6812] netlink: 48 bytes leftover after parsing attributes in process `syz.5.707'.
[  121.683685][ T6834] loop2: detected capacity change from 0 to 256
[  121.707953][ T6834] FAT-fs (loop2): Directory bread(block 64) failed
[  121.709122][ T6834] FAT-fs (loop2): Directory bread(block 65) failed
[  121.711394][ T6834] FAT-fs (loop2): Directory bread(block 66) failed
[  121.714503][ T6834] FAT-fs (loop2): Directory bread(block 67) failed
[  121.716681][ T6834] FAT-fs (loop2): Directory bread(block 68) failed
[  121.717997][ T6836] overlayfs: failed to resolve './file1': -2
[  121.720438][ T6834] FAT-fs (loop2): Directory bread(block 69) failed
[  121.723829][ T6834] FAT-fs (loop2): Directory bread(block 70) failed
[  121.727059][ T6834] FAT-fs (loop2): Directory bread(block 71) failed
[  121.730340][ T6834] FAT-fs (loop2): Directory bread(block 72) failed
[  121.731916][ T6834] FAT-fs (loop2): Directory bread(block 73) failed
[  121.939811][ T6845] netlink: 'syz.3.718': attribute type 1 has an invalid length.
[  121.974524][ T6845] device bond25 entered promiscuous mode
[  121.984144][ T6845] 8021q: adding VLAN 0 to HW filter on device bond25
[  122.056272][ T6848] 8021q: adding VLAN 0 to HW filter on device bond26
[  122.065133][ T6848] bond25: (slave bond26): making interface the new active one
[  122.066381][ T6848] device bond26 entered promiscuous mode
[  122.072416][ T6848] bond25: (slave bond26): Enslaving as an active interface with an up link
[  122.075521][ T4472] IPv6: ADDRCONF(NETDEV_CHANGE): bond25: link becomes ready
[  122.111554][ T6845] netlink: 36 bytes leftover after parsing attributes in process `syz.3.718'.
[  122.225232][ T6855] netlink: 'syz.3.721': attribute type 10 has an invalid length.
[  122.236652][ T6855] netlink: 'syz.3.721': attribute type 72 has an invalid length.
[  122.237855][ T6855] netlink: 40 bytes leftover after parsing attributes in process `syz.3.721'.
[  122.299703][ T6856] binder: 6851:6856 BC_ACQUIRE_DONE node 1 has no pending acquire request
[  122.763663][ T6867] loop2: detected capacity change from 0 to 2048
[  123.051275][ T6441] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  123.426594][ T6880] loop2: detected capacity change from 0 to 16
[  123.433986][ T6880] erofs: (device loop2): mounted with root inode @ nid 36.
[  123.505319][ T6881] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  123.508783][ T6881] erofs: (device loop2): z_erofs_readahead: readahead error at page 47 @ nid 36
[  123.510230][ T6881] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  123.519031][ T6881] erofs: (device loop2): z_erofs_readahead: readahead error at page 46 @ nid 36
[  123.526042][ T6881] erofs: (device loop2): z_erofs_readahead: readahead error at page 45 @ nid 36
[  123.540422][ T6881] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  123.544984][ T6881] erofs: (device loop2): z_erofs_readahead: readahead error at page 43 @ nid 36
[  123.563600][ T6881] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  123.565306][ T6881] erofs: (device loop2): z_erofs_readahead: readahead error at page 42 @ nid 36
[  123.577462][ T6881] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  123.579095][ T6881] erofs: (device loop2): z_erofs_readahead: readahead error at page 41 @ nid 36
[  123.591458][ T6881] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  123.593033][ T6881] erofs: (device loop2): z_erofs_readahead: readahead error at page 40 @ nid 36
[  123.606365][ T6881] erofs: (device loop2): z_erofs_readahead: readahead error at page 39 @ nid 36
[  123.607926][ T6881] erofs: (device loop2): z_erofs_readahead: readahead error at page 38 @ nid 36
[  123.615817][ T6881] erofs: (device loop2): z_erofs_readahead: readahead error at page 36 @ nid 36
[  123.618171][ T6881] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  124.026184][ T6881] erofs: (device loop2): z_erofs_readahead: readahead error at page 31 @ nid 36
[  124.027962][ T6881] erofs: (device loop2): z_erofs_readahead: readahead error at page 25 @ nid 36
[  124.029393][ T6881] erofs: (device loop2): z_erofs_readahead: readahead error at page 24 @ nid 36
[  124.048167][ T6881] erofs: (device loop2): z_erofs_readahead: readahead error at page 19 @ nid 36
[  124.049897][ T6881] syz.2.728: attempt to access beyond end of device
[  124.049897][ T6881] loop2: rw=524288, sector=784, nr_sectors = 64 limit=16
[  124.068967][ T6881] syz.2.728: attempt to access beyond end of device
[  124.068967][ T6881] loop2: rw=524288, sector=13478624080, nr_sectors = 24 limit=16
[  124.079944][ T6881] syz.2.728: attempt to access beyond end of device
[  124.079944][ T6881] loop2: rw=524288, sector=13478624032, nr_sectors = 48 limit=16
[  124.089756][ T6881] syz.2.728: attempt to access beyond end of device
[  124.089756][ T6881] loop2: rw=524288, sector=16, nr_sectors = 16 limit=16
[  124.235211][ T6889] loop1: detected capacity change from 0 to 2048
[  124.443067][ T6889] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  124.558419][ T6891] netlink: 'syz.3.731': attribute type 1 has an invalid length.
[  124.596964][ T6891] device bond27 entered promiscuous mode
[  124.598132][ T6891] 8021q: adding VLAN 0 to HW filter on device bond27
[  124.649119][ T6893] 8021q: adding VLAN 0 to HW filter on device bond28
[  124.662750][ T6893] bond27: (slave bond28): making interface the new active one
[  124.664124][ T6893] device bond28 entered promiscuous mode
[  124.667518][ T6893] bond27: (slave bond28): Enslaving as an active interface with an up link
[  124.669997][ T6891] netlink: 36 bytes leftover after parsing attributes in process `syz.3.731'.
[  124.682769][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bond27: link becomes ready
[  124.736244][ T6896] netlink: 'syz.5.733': attribute type 10 has an invalid length.
[  124.743541][ T6896] netlink: 'syz.5.733': attribute type 72 has an invalid length.
[  124.749718][ T6896] netlink: 40 bytes leftover after parsing attributes in process `syz.5.733'.
[  125.044432][ T6912] binder: 6905:6912 BC_ACQUIRE_DONE node 2 has no pending acquire request
[  125.404124][ T6909] loop3: detected capacity change from 0 to 32768
[  125.417831][ T6909] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 scanned by syz.3.738 (6909)
[  125.520310][ T6918] loop1: detected capacity change from 0 to 2048
[  125.789459][ T6909] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  125.791546][ T6909] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  125.793063][ T6909] BTRFS info (device loop3): using free space tree
[  125.935373][ T6909] BTRFS info (device loop3): enabling ssd optimizations
[  125.941165][ T2061] ieee802154 phy0 wpan0: encryption failed: -22
[  125.942441][ T2061] ieee802154 phy1 wpan1: encryption failed: -22
[  126.005689][ T4323] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  126.179813][ T6949] netlink: 'syz.2.743': attribute type 1 has an invalid length.
[  126.191856][ T6949] device bond21 entered promiscuous mode
[  126.193519][ T6949] 8021q: adding VLAN 0 to HW filter on device bond21
[  126.214237][ T6949] 8021q: adding VLAN 0 to HW filter on device bond22
[  126.226698][ T6949] bond21: (slave bond22): making interface the new active one
[  126.228049][ T6949] device bond22 entered promiscuous mode
[  126.231875][ T6949] bond21: (slave bond22): Enslaving as an active interface with an up link
[  126.235178][ T4639] IPv6: ADDRCONF(NETDEV_CHANGE): bond21: link becomes ready
[  126.529316][ T6949] netlink: 16 bytes leftover after parsing attributes in process `syz.2.743'.
[  126.531023][ T6949] netlink: 4 bytes leftover after parsing attributes in process `syz.2.743'.
[  126.586185][ T6960] netlink: 'syz.2.746': attribute type 10 has an invalid length.
[  126.589419][ T6960] netlink: 'syz.2.746': attribute type 72 has an invalid length.
[  126.590964][ T6960] netlink: 40 bytes leftover after parsing attributes in process `syz.2.746'.
[  126.979636][ T6967] loop2: detected capacity change from 0 to 2048
[  127.082779][ T6967] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  127.405847][ T6979] loop3: detected capacity change from 0 to 1024
[  127.408828][ T6979] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  127.411074][ T6979] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  127.416448][ T6979] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (31873!=20869)
[  127.419006][ T6979] EXT4-fs (loop3): filesystem has both journal inode and journal device!
[  127.734426][ T6988] binder: 6981:6988 BC_ACQUIRE_DONE node 3 has no pending acquire request
[  128.019612][ T6991] netlink: 'syz.1.755': attribute type 1 has an invalid length.
[  128.025685][ T6991] device bond12 entered promiscuous mode
[  128.026827][ T6991] 8021q: adding VLAN 0 to HW filter on device bond12
[  128.039764][ T6991] 8021q: adding VLAN 0 to HW filter on device bond13
[  128.041988][ T6991] bond12: (slave bond13): making interface the new active one
[  128.043279][ T6991] device bond13 entered promiscuous mode
[  128.044678][ T6991] bond12: (slave bond13): Enslaving as an active interface with an up link
[  128.047859][ T4583] IPv6: ADDRCONF(NETDEV_CHANGE): bond12: link becomes ready
[  128.057791][ T6991] netlink: 16 bytes leftover after parsing attributes in process `syz.1.755'.
[  128.059294][ T6991] netlink: 4 bytes leftover after parsing attributes in process `syz.1.755'.
[  128.111864][ T6998] netlink: 'syz.1.757': attribute type 10 has an invalid length.
[  128.115443][ T6998] netlink: 40 bytes leftover after parsing attributes in process `syz.1.757'.
[  129.254937][ T7012] binder: 7004:7012 Acquire 1 refcount change on invalid ref 0 ret -22
[  129.256414][ T7012] binder: 7004:7012 DecRefs 0 refcount change on invalid ref 0 ret -22
[  129.286037][ T7016] loop3: detected capacity change from 0 to 2048
[  129.600276][ T7016] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  130.546507][ T7038] netlink: 'syz.0.768': attribute type 10 has an invalid length.
[  130.576371][ T7038] netlink: 40 bytes leftover after parsing attributes in process `syz.0.768'.
[  130.581547][ T7037] netlink: 'syz.3.767': attribute type 1 has an invalid length.
[  130.596621][ T7043] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  130.598255][ T7037] device bond29 entered promiscuous mode
[  130.598894][ T7043] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  130.599811][ T7037] 8021q: adding VLAN 0 to HW filter on device bond29
[  130.615287][ T7037] 8021q: adding VLAN 0 to HW filter on device bond30
[  130.617230][ T7037] bond29: (slave bond30): making interface the new active one
[  130.618328][ T7037] device bond30 entered promiscuous mode
[  130.619409][ T7037] bond29: (slave bond30): Enslaving as an active interface with an up link
[  130.628123][ T4583] IPv6: ADDRCONF(NETDEV_CHANGE): bond29: link becomes ready
[  130.630193][ T7037] netlink: 16 bytes leftover after parsing attributes in process `syz.3.767'.
[  130.632735][ T7037] netlink: 4 bytes leftover after parsing attributes in process `syz.3.767'.
[  130.679218][ T7029] loop2: detected capacity change from 0 to 32768
[  130.681611][ T7029] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 scanned by syz.2.766 (7029)
[  130.689611][ T7048] netlink: 'syz.0.782': attribute type 1 has an invalid length.
[  130.699561][ T7029] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  130.701310][ T7029] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm
[  130.702699][ T7029] BTRFS info (device loop2): using free space tree
[  130.706070][ T7048] device bond20 entered promiscuous mode
[  130.707263][ T7048] 8021q: adding VLAN 0 to HW filter on device bond20
[  130.771901][ T7048] 8021q: adding VLAN 0 to HW filter on device bond21
[  130.774751][ T7048] bond20: (slave bond21): making interface the new active one
[  130.776375][ T7048] device bond21 entered promiscuous mode
[  130.777535][ T7048] bond20: (slave bond21): Enslaving as an active interface with an up link
[  130.778801][ T4472] IPv6: ADDRCONF(NETDEV_CHANGE): bond20: link becomes ready
[  130.786743][ T7048] netlink: 8 bytes leftover after parsing attributes in process `syz.0.782'.
[  130.788441][ T7048] netlink: 4 bytes leftover after parsing attributes in process `syz.0.782'.
[  130.819158][ T7068] tipc: Started in network mode
[  130.820162][ T7068] tipc: Node identity 080211000001, cluster identity 4711
[  130.828784][ T7068] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  130.881309][ T7069] binder: 7049:7069 BC_ACQUIRE_DONE node 4 has no pending acquire request
[  131.105190][ T7068] device syzkaller0 entered promiscuous mode
[  131.144748][ T7029] BTRFS info (device loop2): enabling ssd optimizations
[  131.224807][ T4330] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  131.331592][ T7077] tipc: Resetting bearer <eth:syzkaller0>
[  131.911454][ T6945] tipc: Node number set to 134418688
[  132.540159][ T7103] loop3: detected capacity change from 0 to 2048
[  133.244796][ T7111] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  133.246312][ T7111] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  133.262664][ T7113] netlink: 'syz.5.783': attribute type 10 has an invalid length.
[  133.271629][ T7113] netlink: 40 bytes leftover after parsing attributes in process `syz.5.783'.
[  133.288793][ T6441] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  133.309624][ T7117] netlink: 'syz.2.784': attribute type 1 has an invalid length.
[  133.325526][ T7117] device bond23 entered promiscuous mode
[  133.327171][ T7117] 8021q: adding VLAN 0 to HW filter on device bond23
[  133.771312][ T7117] 8021q: adding VLAN 0 to HW filter on device bond24
[  133.775545][ T7117] bond23: (slave bond24): making interface the new active one
[  133.776699][ T7117] device bond24 entered promiscuous mode
[  133.778174][ T7117] bond23: (slave bond24): Enslaving as an active interface with an up link
[  133.780039][ T7123] netlink: 8 bytes leftover after parsing attributes in process `syz.2.784'.
[  133.784746][ T7123] netlink: 4 bytes leftover after parsing attributes in process `syz.2.784'.
[  133.788314][ T1574] IPv6: ADDRCONF(NETDEV_CHANGE): bond23: link becomes ready
[  133.833745][ T7127] netlink: 'syz.2.798': attribute type 1 has an invalid length.
[  133.875315][ T7127] device bond25 entered promiscuous mode
[  133.876423][ T7127] 8021q: adding VLAN 0 to HW filter on device bond25
[  133.887455][ T7127] 8021q: adding VLAN 0 to HW filter on device bond26
[  133.889550][ T7127] bond25: (slave bond26): making interface the new active one
[  133.890893][ T7127] device bond26 entered promiscuous mode
[  133.892092][ T7127] bond25: (slave bond26): Enslaving as an active interface with an up link
[  133.893619][ T1574] IPv6: ADDRCONF(NETDEV_CHANGE): bond25: link becomes ready
[  133.900656][ T7127] netlink: 8 bytes leftover after parsing attributes in process `syz.2.798'.
[  133.901958][ T7127] netlink: 4 bytes leftover after parsing attributes in process `syz.2.798'.
[  134.314202][ T7130] loop5: detected capacity change from 0 to 32768
[  134.317895][ T7130] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop5 scanned by syz.5.786 (7130)
[  134.325089][ T7130] BTRFS info (device loop5): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  134.327521][ T7130] BTRFS info (device loop5): using blake2b (blake2b-256-generic) checksum algorithm
[  134.333855][ T7130] BTRFS info (device loop5): using free space tree
[  134.358362][ T7140] tipc: Started in network mode
[  134.359283][ T7140] tipc: Node identity c6a7e743deee, cluster identity 4711
[  134.367059][ T7140] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  134.368995][ T7140] device syzkaller0 entered promiscuous mode
[  134.422362][ T7130] BTRFS info (device loop5): enabling ssd optimizations
[  134.437113][ T7163] tipc: Resetting bearer <eth:syzkaller0>
[  134.458691][ T7139] tipc: Resetting bearer <eth:syzkaller0>
[  134.567593][ T4988] BTRFS info (device loop5): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  134.581483][ T7139] tipc: Disabling bearer <eth:syzkaller0>
[  134.588476][ T7171] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  134.590198][ T7171] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  134.969412][ T6441] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 10 /dev/loop5 scanned by udevd (6441)
[  134.985866][ T7181] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  134.987331][ T7181] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  135.233924][ T7186] loop2: detected capacity change from 0 to 2048
[  135.492568][ T7189] netlink: 'syz.0.800': attribute type 1 has an invalid length.
[  135.498187][ T7189] device bond22 entered promiscuous mode
[  135.499190][ T7189] 8021q: adding VLAN 0 to HW filter on device bond22
[  135.506117][ T6441] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  135.513807][ T7189] 8021q: adding VLAN 0 to HW filter on device bond23
[  135.516179][ T7189] bond22: (slave bond23): making interface the new active one
[  135.517522][ T7189] device bond23 entered promiscuous mode
[  135.518800][ T7189] bond22: (slave bond23): Enslaving as an active interface with an up link
[  135.520338][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): bond22: link becomes ready
[  135.593483][ T7195] netlink: 'syz.1.802': attribute type 10 has an invalid length.
[  137.111947][ T7220] netlink: 'syz.0.811': attribute type 1 has an invalid length.
[  137.119556][ T7220] device bond24 entered promiscuous mode
[  137.124110][ T7220] 8021q: adding VLAN 0 to HW filter on device bond24
[  137.138518][ T7220] 8021q: adding VLAN 0 to HW filter on device bond25
[  137.140387][ T7220] bond24: (slave bond25): making interface the new active one
[  137.142976][ T7220] device bond25 entered promiscuous mode
[  137.144229][ T7220] bond24: (slave bond25): Enslaving as an active interface with an up link
[  137.145596][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bond24: link becomes ready
[  137.150423][ T7224] tipc: Started in network mode
[  137.151624][ T7224] tipc: Node identity 921a6aa16515, cluster identity 4711
[  137.152751][ T7224] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  137.154596][ T7224] device syzkaller0 entered promiscuous mode
[  137.162634][ T7220] __nla_validate_parse: 1 callbacks suppressed
[  137.162652][ T7220] netlink: 16 bytes leftover after parsing attributes in process `syz.0.811'.
[  137.176670][ T7229] netlink: 'syz.1.814': attribute type 10 has an invalid length.
[  137.235267][ T7224] tipc: Resetting bearer <eth:syzkaller0>
[  137.253804][ T7223] tipc: Resetting bearer <eth:syzkaller0>
[  137.289251][ T7213] loop2: detected capacity change from 0 to 40427
[  137.302004][ T7213] F2FS-fs (loop2): Insane cp_payload (553648128 >= 504)
[  137.305069][ T7213] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  137.308560][ T7213] F2FS-fs (loop2): build fault injection attr: rate: 17008, type: 0x3ffff
[  137.351072][ T7223] tipc: Disabling bearer <eth:syzkaller0>
[  137.470778][ T7237] loop1: detected capacity change from 0 to 2048
[  137.764491][ T7242] loop5: detected capacity change from 0 to 256
[  137.781168][ T6321] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  138.350592][ T6321] usb 1-1: Using ep0 maxpacket: 8
[  138.382036][ T6321] usb 1-1: config 0 has an invalid interface number: 94 but max is 0
[  138.383429][ T6321] usb 1-1: config 0 has no interface number 0
[  138.384632][ T6321] usb 1-1: New USB device found, idVendor=057c, idProduct=2200, bcdDevice= e.fd
[  138.386107][ T6321] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  138.479837][ T6321] usb 1-1: config 0 descriptor??
[  138.610026][ T6321] bfusb: probe of 1-1:0.94 failed with error -5
[  138.778969][ T7257] netlink: 'syz.5.826': attribute type 10 has an invalid length.
[  138.792202][ T7256] netlink: 'syz.3.825': attribute type 1 has an invalid length.
[  138.810490][ T7256] device bond31 entered promiscuous mode
[  138.815947][ T7256] 8021q: adding VLAN 0 to HW filter on device bond31
[  138.845212][ T6321] usb 1-1: USB disconnect, device number 6
[  138.857511][ T7256] 8021q: adding VLAN 0 to HW filter on device bond32
[  138.859276][ T7256] bond31: (slave bond32): making interface the new active one
[  138.860393][ T7256] device bond32 entered promiscuous mode
[  138.863226][ T7256] bond31: (slave bond32): Enslaving as an active interface with an up link
[  138.872865][ T4639] IPv6: ADDRCONF(NETDEV_CHANGE): bond31: link becomes ready
[  138.916189][ T7256] netlink: 16 bytes leftover after parsing attributes in process `syz.3.825'.
[  139.273429][ T7274] tipc: Started in network mode
[  139.274394][ T7274] tipc: Node identity 080211000001, cluster identity 4711
[  139.275900][ T7274] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  139.311112][ T7274] device syzkaller0 entered promiscuous mode
[  139.876317][ T7291] loop2: detected capacity change from 0 to 2048
[  140.625734][ T6321] tipc: Node number set to 134418688
[  140.626344][ T7276] tipc: Resetting bearer <eth:syzkaller0>
[  140.947296][ T7307] netlink: 'syz.3.839': attribute type 10 has an invalid length.
[  140.954962][ T7307] device syzkaller0 left promiscuous mode
[  140.956141][ T7307] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready
[  140.999153][ T7311] netlink: 'syz.1.840': attribute type 1 has an invalid length.
[  141.031574][ T7311] device bond14 entered promiscuous mode
[  141.032645][ T7311] 8021q: adding VLAN 0 to HW filter on device bond14
[  141.043049][ T7314] loop3: detected capacity change from 0 to 128
[  141.051222][ T7314] EXT4-fs warning (device loop3): ext4_init_metadata_csum:4561: metadata_csum and uninit_bg are redundant flags; please run fsck.
[  141.053585][ T7314] EXT4-fs (loop3): VFS: Found ext4 filesystem with invalid superblock checksum.  Run e2fsck?
[  141.069409][ T6441] udevd[6441]: incorrect jbd checksum on /dev/loop3
[  141.074153][ T7316] loop2: detected capacity change from 0 to 164
[  141.399087][ T7324] loop3: detected capacity change from 0 to 1024
[  141.423435][   T27] audit: type=1326 audit(141.210:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7312 comm="syz.3.841" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9615c0a8 code=0x7ffc0000
[  141.443347][ T7329] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  141.443352][   T27] audit: type=1326 audit(141.210:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7312 comm="syz.3.841" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=179 compat=0 ip=0xffff9615c0a8 code=0x7ffc0000
[  141.444950][ T7329] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  141.457485][   T27] audit: type=1326 audit(141.210:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7312 comm="syz.3.841" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9615c0a8 code=0x7ffc0000
[  141.461816][   T27] audit: type=1326 audit(141.210:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7312 comm="syz.3.841" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=110 compat=0 ip=0xffff9615c0a8 code=0x7ffc0000
[  141.463442][ T7311] 8021q: adding VLAN 0 to HW filter on device bond15
[  141.465355][   T27] audit: type=1326 audit(141.410:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7312 comm="syz.3.841" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9615c0a8 code=0x7ffc0000
[  141.467036][ T7311] bond14: (slave bond15): making interface the new active one
[  141.471710][   T27] audit: type=1326 audit(141.410:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7312 comm="syz.3.841" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffff9615c0a8 code=0x7ffc0000
[  141.475163][   T27] audit: type=1326 audit(141.410:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7312 comm="syz.3.841" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9615c0a8 code=0x7ffc0000
[  141.478510][   T27] audit: type=1326 audit(141.410:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7312 comm="syz.3.841" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9615c0a8 code=0x7ffc0000
[  141.510844][ T7311] device bond15 entered promiscuous mode
[  141.512357][ T7311] bond14: (slave bond15): Enslaving as an active interface with an up link
[  141.531608][ T7323] netlink: 8 bytes leftover after parsing attributes in process `syz.1.840'.
[  141.536304][ T4472] IPv6: ADDRCONF(NETDEV_CHANGE): bond14: link becomes ready
[  142.045377][ T7337] netlink: 'syz.2.851': attribute type 10 has an invalid length.
[  142.544363][ T7349] loop3: detected capacity change from 0 to 2048
[  143.240097][ T7358] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  143.241600][ T7358] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  143.256170][ T7361] tipc: Started in network mode
[  143.256922][ T7361] tipc: Node identity 080211000001, cluster identity 4711
[  143.258407][ T7361] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  143.260292][ T7361] device syzkaller0 entered promiscuous mode
[  143.715018][ T7365] tipc: Resetting bearer <eth:syzkaller0>
[  143.759926][ T7370] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  143.761576][ T7370] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  143.777757][ T7372] netlink: 'syz.2.858': attribute type 1 has an invalid length.
[  143.784188][ T7372] device bond27 entered promiscuous mode
[  143.785239][ T7372] 8021q: adding VLAN 0 to HW filter on device bond27
[  143.794985][ T7372] 8021q: adding VLAN 0 to HW filter on device bond28
[  143.796907][ T7372] bond27: (slave bond28): making interface the new active one
[  143.798186][ T7372] device bond28 entered promiscuous mode
[  143.799539][ T7372] bond27: (slave bond28): Enslaving as an active interface with an up link
[  143.803377][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bond27: link becomes ready
[  143.807169][ T7372] netlink: 8 bytes leftover after parsing attributes in process `syz.2.858'.
[  144.290624][ T7078] tipc: Node number set to 134418688
[  144.293157][ T7383] loop5: detected capacity change from 0 to 1024
[  144.309405][ T7383] Quota error (device loop5): do_check_range: Getting block 64 out of range 1-5
[  144.311710][ T7383] Quota error (device loop5): qtree_read_dquot: Can't read quota structure for id 0
[  144.313557][ T7383] EXT4-fs error (device loop5): ext4_acquire_dquot:6816: comm syz.5.862: Failed to acquire dquot type 0
[  144.317375][ T7383] EXT4-fs error (device loop5): mb_free_blocks:1810: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt.
[  144.323504][ T7387] netlink: 'syz.0.863': attribute type 10 has an invalid length.
[  144.330086][ T7387] device syzkaller0 left promiscuous mode
[  144.330186][ T7383] EXT4-fs error (device loop5): ext4_do_update_inode:5254: inode #13: comm syz.5.862: corrupted inode contents
[  144.331586][ T7387] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready
[  144.338352][ T7383] EXT4-fs error (device loop5): ext4_dirty_inode:6119: inode #13: comm syz.5.862: mark_inode_dirty error
[  144.347774][ T7383] EXT4-fs error (device loop5): ext4_do_update_inode:5254: inode #13: comm syz.5.862: corrupted inode contents
[  144.352868][ T7383] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #13: comm syz.5.862: mark_inode_dirty error
[  144.359117][ T7383] EXT4-fs error (device loop5): ext4_do_update_inode:5254: inode #13: comm syz.5.862: corrupted inode contents
[  144.367704][ T7383] EXT4-fs error (device loop5) in ext4_orphan_del:305: Corrupt filesystem
[  144.369599][ T7383] EXT4-fs error (device loop5): ext4_do_update_inode:5254: inode #13: comm syz.5.862: corrupted inode contents
[  144.372323][ T7383] EXT4-fs error (device loop5): ext4_truncate:4312: inode #13: comm syz.5.862: mark_inode_dirty error
[  144.374430][ T7383] EXT4-fs error (device loop5) in ext4_process_orphan:347: Corrupt filesystem
[  144.378086][ T7383] EXT4-fs (loop5): 1 truncate cleaned up
[  144.379156][ T7383] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  144.612465][ T7392] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  144.613923][ T7392] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  145.231010][ T4988] EXT4-fs (loop5): unmounting filesystem.
[  145.383876][ T7399] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  145.385249][ T7399] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  145.390079][ T7405] netlink: 'syz.0.871': attribute type 1 has an invalid length.
[  145.398497][ T7405] device bond26 entered promiscuous mode
[  145.399620][ T7405] 8021q: adding VLAN 0 to HW filter on device bond26
[  145.409569][ T7405] 8021q: adding VLAN 0 to HW filter on device bond27
[  145.412246][ T7405] bond26: (slave bond27): making interface the new active one
[  145.413430][ T7405] device bond27 entered promiscuous mode
[  145.414615][ T7405] bond26: (slave bond27): Enslaving as an active interface with an up link
[  145.418696][ T6759] IPv6: ADDRCONF(NETDEV_CHANGE): bond26: link becomes ready
[  145.420298][ T7405] netlink: 8 bytes leftover after parsing attributes in process `syz.0.871'.
[  146.735670][ T7442] netlink: 'syz.0.875': attribute type 10 has an invalid length.
[  147.503758][ T7460] loop3: detected capacity change from 0 to 2048
[  147.842215][ T7462] netlink: 'syz.2.882': attribute type 1 has an invalid length.
[  147.908128][ T7462] device bond29 entered promiscuous mode
[  147.909246][ T7462] 8021q: adding VLAN 0 to HW filter on device bond29
[  147.931052][ T7466] 8021q: adding VLAN 0 to HW filter on device bond30
[  147.935738][ T7466] bond29: (slave bond30): making interface the new active one
[  147.938095][ T7466] device bond30 entered promiscuous mode
[  147.940513][ T7466] bond29: (slave bond30): Enslaving as an active interface with an up link
[  148.272802][ T6536] IPv6: ADDRCONF(NETDEV_CHANGE): bond29: link becomes ready
[  148.284344][ T7462] netlink: 8 bytes leftover after parsing attributes in process `syz.2.882'.
[  148.322116][ T7471] loop3: detected capacity change from 0 to 256
[  148.335768][ T7471] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  148.337211][ T7471] exFAT-fs (loop3): Medium has reported failures. Some data may be lost.
[  148.352859][ T7471] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  148.368044][ T7454] loop5: detected capacity change from 0 to 32768
[  148.491483][ T4327] Bluetooth: hci2: command 0x0406 tx timeout
[  148.491509][ T4334] Bluetooth: hci1: command 0x0406 tx timeout
[  148.491526][ T4324] Bluetooth: hci3: command 0x0406 tx timeout
[  148.566739][ T7473] exFAT-fs (loop3): hint_cluster is invalid (17)
[  148.876733][ T7476] netlink: 'syz.2.886': attribute type 10 has an invalid length.
[  148.903766][ T7479] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  148.906440][ T7479] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  150.615782][ T7511] netlink: 'syz.5.896': attribute type 1 has an invalid length.
[  150.656022][ T7511] device bond11 entered promiscuous mode
[  150.657186][ T7511] 8021q: adding VLAN 0 to HW filter on device bond11
[  150.707032][ T7515] 8021q: adding VLAN 0 to HW filter on device bond12
[  150.714140][ T7515] bond11: (slave bond12): making interface the new active one
[  150.717951][ T7515] device bond12 entered promiscuous mode
[  150.720361][ T7515] bond11: (slave bond12): Enslaving as an active interface with an up link
[  150.725756][ T4472] IPv6: ADDRCONF(NETDEV_CHANGE): bond11: link becomes ready
[  150.739709][ T7511] netlink: 8 bytes leftover after parsing attributes in process `syz.5.896'.
[  150.961677][ T7524] loop3: detected capacity change from 0 to 2048
[  151.231800][ T6441] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  151.259034][ T7527] netlink: 'syz.0.900': attribute type 10 has an invalid length.
[  151.944790][ T7539] loop2: detected capacity change from 0 to 256
[  151.975323][ T7539] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  151.976959][ T7539] exFAT-fs (loop2): Medium has reported failures. Some data may be lost.
[  151.999529][ T7539] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  152.893126][ T7549] exFAT-fs (loop2): hint_cluster is invalid (17)
[  153.356996][ T7557] netlink: 'syz.3.908': attribute type 1 has an invalid length.
[  153.374658][ T7557] device bond33 entered promiscuous mode
[  153.377383][ T7557] 8021q: adding VLAN 0 to HW filter on device bond33
[  153.485807][ T7557] 8021q: adding VLAN 0 to HW filter on device bond34
[  153.489389][ T7557] bond33: (slave bond34): making interface the new active one
[  153.490862][ T7557] device bond34 entered promiscuous mode
[  153.492133][ T7557] bond33: (slave bond34): Enslaving as an active interface with an up link
[  153.493589][ T7565] netlink: 8 bytes leftover after parsing attributes in process `syz.3.908'.
[  153.497040][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): bond33: link becomes ready
[  153.856334][ T7572] netlink: 'syz.3.911': attribute type 10 has an invalid length.
[  153.857980][ T7573] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  153.859656][ T7573] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  154.083440][ T7580] loop5: detected capacity change from 0 to 2048
[  155.389195][ T7600] loop1: detected capacity change from 0 to 256
[  155.432318][ T7600] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  155.439179][ T7600] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[  155.764307][ T7600] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  155.767683][ T7603] netlink: 'syz.0.921': attribute type 1 has an invalid length.
[  155.806233][ T7603] device bond28 entered promiscuous mode
[  155.877185][ T7603] 8021q: adding VLAN 0 to HW filter on device bond28
[  155.898177][ T7605] 8021q: adding VLAN 0 to HW filter on device bond29
[  155.899969][ T7605] bond28: (slave bond29): making interface the new active one
[  155.901513][ T7605] device bond29 entered promiscuous mode
[  155.902691][ T7605] bond28: (slave bond29): Enslaving as an active interface with an up link
[  155.903968][ T7603] netlink: 4 bytes leftover after parsing attributes in process `syz.0.921'.
[  155.907503][ T4472] IPv6: ADDRCONF(NETDEV_CHANGE): bond28: link becomes ready
[  156.043725][ T7614] exFAT-fs (loop1): hint_cluster is invalid (17)
[  156.357150][ T7618] netlink: 'syz.3.924': attribute type 10 has an invalid length.
[  156.419572][   T27] audit: type=1326 audit(156.400:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7619 comm="syz.2.926" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa6d5c0a8 code=0x7ffc0000
[  156.425126][   T27] audit: type=1326 audit(156.410:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7619 comm="syz.2.926" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffffa6d5c0a8 code=0x7ffc0000
[  156.429443][   T27] audit: type=1326 audit(156.410:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7619 comm="syz.2.926" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa6d5c0a8 code=0x7ffc0000
[  156.432854][   T27] audit: type=1326 audit(156.410:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7619 comm="syz.2.926" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=209 compat=0 ip=0xffffa6d5c0a8 code=0x7ffc0000
[  156.436334][   T27] audit: type=1326 audit(156.410:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7619 comm="syz.2.926" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa6d5c0a8 code=0x7ffc0000
[  157.337188][ T7635] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  157.338722][ T7635] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  157.357919][ T7634] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  157.428446][ T7634] device syzkaller0 entered promiscuous mode
[  157.952366][ T7647] loop3: detected capacity change from 0 to 2048
[  158.154345][ T7634] tipc: Resetting bearer <eth:syzkaller0>
[  158.156250][ T7651] netlink: 'syz.0.933': attribute type 1 has an invalid length.
[  158.164282][ T7651] device bond30 entered promiscuous mode
[  158.165380][ T7651] 8021q: adding VLAN 0 to HW filter on device bond30
[  158.167236][ T7633] tipc: Resetting bearer <eth:syzkaller0>
[  158.341213][ T7633] tipc: Disabling bearer <eth:syzkaller0>
[  158.354854][ T7651] 8021q: adding VLAN 0 to HW filter on device bond31
[  158.356519][ T7651] bond30: (slave bond31): making interface the new active one
[  158.357704][ T7651] device bond31 entered promiscuous mode
[  158.358909][ T7651] bond30: (slave bond31): Enslaving as an active interface with an up link
[  158.360215][ T7653] netlink: 4 bytes leftover after parsing attributes in process `syz.0.933'.
[  158.361955][ T7661] netlink: 'syz.1.937': attribute type 10 has an invalid length.
[  158.368401][ T4639] IPv6: ADDRCONF(NETDEV_CHANGE): bond30: link becomes ready
[  158.891149][ T4327] Bluetooth: hci4: command 0x0406 tx timeout
[  159.085843][ T7661] device syzkaller0 left promiscuous mode
[  159.087031][ T7661] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready
[  159.279208][ T7676] loop3: detected capacity change from 0 to 2048
[  159.789480][ T7676] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  160.619996][ T4323] EXT4-fs (loop3): unmounting filesystem.
[  161.295099][ T7703] loop2: detected capacity change from 0 to 2048
[  161.658455][ T6441] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  162.061764][ T7716] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  162.078167][ T7716] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  162.120363][ T7721] netlink: 'syz.0.948': attribute type 10 has an invalid length.
[  162.465491][ T7727] netlink: 'syz.0.950': attribute type 1 has an invalid length.
[  162.485052][ T7727] device bond32 entered promiscuous mode
[  162.488271][ T7727] 8021q: adding VLAN 0 to HW filter on device bond32
[  162.533004][ T7727] 8021q: adding VLAN 0 to HW filter on device bond33
[  162.536342][ T7727] bond32: (slave bond33): making interface the new active one
[  162.537654][ T7727] device bond33 entered promiscuous mode
[  162.542098][ T7727] bond32: (slave bond33): Enslaving as an active interface with an up link
[  162.550716][ T4639] IPv6: ADDRCONF(NETDEV_CHANGE): bond32: link becomes ready
[  162.553752][ T7727] netlink: 4 bytes leftover after parsing attributes in process `syz.0.950'.
[  163.029616][ T7745] loop5: detected capacity change from 0 to 256
[  163.456567][ T7745] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  163.460296][ T7745] exFAT-fs (loop5): Medium has reported failures. Some data may be lost.
[  163.465873][ T7745] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  164.341511][ T7756] exFAT-fs (loop5): hint_cluster is invalid (17)
[  164.545261][ T7755] loop2: detected capacity change from 0 to 2048
[  164.612592][ T7755] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  164.741260][ T7769] netlink: 'syz.0.963': attribute type 10 has an invalid length.
[  165.316257][ T7775] loop3: detected capacity change from 0 to 2048
[  165.631119][ T4330] EXT4-fs (loop2): unmounting filesystem.
[  166.007088][ T7782] netlink: 'syz.2.965': attribute type 1 has an invalid length.
[  166.015336][ T7785] loop5: detected capacity change from 0 to 256
[  166.017328][ T7785] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  166.032180][ T7785] exFAT-fs (loop5): Medium has reported failures. Some data may be lost.
[  166.039824][ T7782] device bond31 entered promiscuous mode
[  166.047553][ T7782] 8021q: adding VLAN 0 to HW filter on device bond31
[  166.053303][ T7785] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  166.097694][ T7787] 8021q: adding VLAN 0 to HW filter on device bond32
[  166.099847][ T7787] bond31: (slave bond32): making interface the new active one
[  166.103599][ T7787] device bond32 entered promiscuous mode
[  166.107046][ T7787] bond31: (slave bond32): Enslaving as an active interface with an up link
[  166.184765][ T1713] IPv6: ADDRCONF(NETDEV_CHANGE): bond31: link becomes ready
[  166.541231][ T7790] exFAT-fs (loop5): hint_cluster is invalid (17)
[  166.982652][ T7804] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  166.986089][ T7804] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  167.033002][ T7807] netlink: 'syz.2.975': attribute type 10 has an invalid length.
[  167.050053][ T7809] loop3: detected capacity change from 0 to 256
[  167.066011][ T7809] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  167.067572][ T7809] exFAT-fs (loop3): Medium has reported failures. Some data may be lost.
[  167.381263][ T7809] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  167.383769][ T7812] loop1: detected capacity change from 0 to 2048
[  167.501561][ T7812] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  167.967947][ T7821] exFAT-fs (loop3): hint_cluster is invalid (17)
[  168.282156][ T7825] loop2: detected capacity change from 0 to 2048
[  168.588133][ T6441] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  169.155264][ T4325] EXT4-fs (loop1): unmounting filesystem.
[  169.163124][ T7842] netlink: 'syz.0.984': attribute type 11 has an invalid length.
[  169.164378][ T7842] netlink: 36 bytes leftover after parsing attributes in process `syz.0.984'.
[  169.198035][ T7845] netlink: 'syz.0.986': attribute type 1 has an invalid length.
[  169.236554][ T7845] device bond34 entered promiscuous mode
[  169.237640][ T7845] 8021q: adding VLAN 0 to HW filter on device bond34
[  169.546876][ T7845] 8021q: adding VLAN 0 to HW filter on device bond35
[  169.549841][ T7845] bond34: (slave bond35): making interface the new active one
[  169.551059][ T7845] device bond35 entered promiscuous mode
[  169.552298][ T7845] bond34: (slave bond35): Enslaving as an active interface with an up link
[  169.555495][ T7852] netlink: 'syz.1.988': attribute type 10 has an invalid length.
[  169.620338][ T4488] IPv6: ADDRCONF(NETDEV_CHANGE): bond34: link becomes ready
[  171.415622][ T7884] loop1: detected capacity change from 0 to 2048
[  172.018532][ T7897] netlink: 'syz.3.1000': attribute type 1 has an invalid length.
[  172.031840][ T7897] device bond35 entered promiscuous mode
[  172.032930][ T7897] 8021q: adding VLAN 0 to HW filter on device bond35
[  172.034479][ T7899] netlink: 'syz.5.1001': attribute type 10 has an invalid length.
[  172.063912][ T7897] 8021q: adding VLAN 0 to HW filter on device bond36
[  172.077798][ T7897] bond35: (slave bond36): making interface the new active one
[  172.081238][ T7897] device bond36 entered promiscuous mode
[  172.082977][ T7897] bond35: (slave bond36): Enslaving as an active interface with an up link
[  172.087265][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): bond35: link becomes ready
[  174.189926][ T4324] Bluetooth: hci5: command 0x0406 tx timeout
[  174.614150][ T7944] loop1: detected capacity change from 0 to 2048
[  174.709730][ T7951] netlink: 'syz.5.1014': attribute type 10 has an invalid length.
[  174.719679][ T7949] netlink: 'syz.3.1013': attribute type 1 has an invalid length.
[  174.738606][ T7949] device bond37 entered promiscuous mode
[  174.739702][ T7949] 8021q: adding VLAN 0 to HW filter on device bond37
[  174.847085][ T7962] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  174.855940][ T7962] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  174.876414][ T7949] 8021q: adding VLAN 0 to HW filter on device bond38
[  174.883930][ T7949] bond37: (slave bond38): making interface the new active one
[  174.885118][ T7949] device bond38 entered promiscuous mode
[  174.886470][ T7949] bond37: (slave bond38): Enslaving as an active interface with an up link
[  174.889780][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bond37: link becomes ready
[  175.658082][ T7980] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  175.659482][ T7980] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  176.128875][ T7991] netlink: 'syz.3.1027': attribute type 10 has an invalid length.
[  176.172570][ T7993] netlink: 'syz.0.1038': attribute type 10 has an invalid length.
[  177.016038][ T8003] netlink: 'syz.2.1030': attribute type 1 has an invalid length.
[  177.022550][ T8003] device bond33 entered promiscuous mode
[  177.023793][ T8003] 8021q: adding VLAN 0 to HW filter on device bond33
[  177.085831][ T8003] 8021q: adding VLAN 0 to HW filter on device bond34
[  177.169145][ T8003] bond33: (slave bond34): making interface the new active one
[  177.170454][ T8003] device bond34 entered promiscuous mode
[  177.172860][ T8003] bond33: (slave bond34): Enslaving as an active interface with an up link
[  177.185638][ T4639] IPv6: ADDRCONF(NETDEV_CHANGE): bond33: link becomes ready
[  177.502028][ T8008] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  177.517183][ T8008] sch_tbf: burst 127 is lower than device syzkaller0 mtu (313) !
[  193.194472][ T8066] netlink: 'syz.5.1047': attribute type 1 has an invalid length.
[  193.204763][ T8066] device bond13 entered promiscuous mode
[  193.213478][ T8066] 8021q: adding VLAN 0 to HW filter on device bond13
[  193.266994][ T4334] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  193.270084][ T4334] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  193.275334][ T4334] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  193.276975][ T4334] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  193.278418][ T4334] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  193.279706][ T4334] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  193.290408][ T4334] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  193.296550][ T4324] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  193.298204][ T4324] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  193.300285][ T4334] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  193.301996][ T4334] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[  193.303265][ T4334] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  195.290635][ T4337] Bluetooth: hci6: command 0x0409 tx timeout
[  195.370608][ T4337] Bluetooth: hci7: command 0x0409 tx timeout
[  197.380626][ T4334] Bluetooth: hci6: command 0x041b tx timeout
[  197.450584][ T4337] Bluetooth: hci7: command 0x041b tx timeout
[  199.450569][ T4334] Bluetooth: hci6: command 0x040f tx timeout
[  199.531635][ T4337] Bluetooth: hci7: command 0x040f tx timeout
[  200.120521][    C1] watchdog: BUG: soft lockup - CPU#1 stuck for 22s! [syz.1.1034:8015]
[  200.121964][    C1] Modules linked in:
[  200.122612][    C1] irq event stamp: 1149215
[  200.123347][    C1] hardirqs last  enabled at (1149214): [<ffff8000083b9458>] timekeeping_get_ns+0x124/0x3b8
[  200.125020][    C1] hardirqs last disabled at (1149215): [<ffff800011956d60>] el1_interrupt+0x24/0x54
[  200.126431][    C1] softirqs last  enabled at (9574): [<ffff80000803092c>] local_bh_enable+0x10/0x34
[  200.127884][    C1] softirqs last disabled at (9579): [<ffff800008020164>] __do_softirq+0x14/0x20
[  200.129427][    C1] CPU: 1 PID: 8015 Comm: syz.1.1034 Not tainted syzkaller #0
[  200.130664][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
[  200.132167][    C1] pstate: 42400005 (nZcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
[  200.133386][    C1] pc : __sanitizer_cov_trace_pc+0x24/0x94
[  200.134287][    C1] lr : cake_heapify+0x30/0x530
[  200.135042][    C1] sp : ffff800008017180
[  200.135660][    C1] x29: ffff8000080171a0 x28: dfff800000000000 x27: 0000002e977bb6bd
[  200.136892][    C1] x26: 000000000003e8f8 x25: ffff000103f942d8 x24: 0000000000000000
[  200.138131][    C1] x23: ffff000103f902d0 x22: ffff000103f902c0 x21: ffff000103f902c0
[  200.139360][    C1] x20: 0000000000000500 x19: 0000000000000903 x18: ffff800011abbcc0
[  200.140527][    C1] x17: ffff8000181f9000 x16: ffff8000082d22d4 x15: ffff800017cd9fc0
[  200.141751][    C1] x14: ffff0000d34da658 x13: 1ffff00002a180b1 x12: 0000000000ff0100
[  200.143003][    C1] x11: ff0080000ffc8fbc x10: 0000000000000302 x9 : ffff80000ffc8fbc
[  200.144191][    C1] x8 : ffff0000d34d9bc0 x7 : ffff8000083b9864 x6 : 0000000000000000
[  200.145408][    C1] x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000
[  200.146653][    C1] x2 : 0000000000000002 x1 : 0000000000000903 x0 : ffff000103f902c0
[  200.147925][    C1] Call trace:
[  200.148408][    C1]  __sanitizer_cov_trace_pc+0x24/0x94
[  200.149179][    C1]  cake_enqueue+0x32dc/0x6670
[  200.149944][    C1]  tbf_enqueue+0x2dc/0x610
[  200.150668][    C1]  dev_qdisc_enqueue+0x5c/0x38c
[  200.151427][    C1]  __dev_queue_xmit+0xad0/0x309c
[  200.152213][    C1]  tipc_l2_send_msg+0x29c/0x35c
[  200.152944][    C1]  tipc_bearer_xmit_skb+0x244/0x384
[  200.153801][    C1]  tipc_disc_timeout+0x4c8/0x608
[  200.154561][    C1]  call_timer_fn+0x1b8/0x964
[  200.155230][    C1]  __run_timers+0x460/0x6bc
[  200.155937][    C1]  run_timer_softirq+0x7c/0x114
[  200.156643][    C1]  handle_softirqs+0x318/0xc6c
[  200.157410][    C1]  __do_softirq+0x14/0x20
[  200.158036][    C1]  ____do_softirq+0x14/0x20
[  200.158704][    C1]  call_on_irq_stack+0x30/0x48
[  200.159374][    C1]  do_softirq_own_stack+0x20/0x2c
[  200.160132][    C1]  __irq_exit_rcu+0x23c/0x43c
[  200.160776][    C1]  irq_exit_rcu+0x14/0x84
[  200.161406][    C1]  el1_interrupt+0x38/0x54
[  200.162135][    C1]  el1h_64_irq_handler+0x18/0x24
[  200.162875][    C1]  el1h_64_irq+0x64/0x68
[  200.163550][    C1]  finish_lock_switch+0xb8/0x1c4
[  200.164339][    C1]  finish_task_switch+0x120/0x620
[  200.165091][    C1]  __schedule+0xde0/0x1b18
[  200.165795][    C1]  preempt_schedule_common+0xec/0x1a0
[  200.166579][    C1]  preempt_schedule+0x64/0x84
[  200.167351][    C1]  __local_bh_enable_ip+0x21c/0x380
[  200.168159][    C1]  local_bh_enable+0x28/0x34
[  200.168873][    C1]  fpsimd_restore_current_state+0xe8/0x20c
[  200.169787][    C1]  do_notify_resume+0x1784/0x2b0c
[  200.170540][    C1]  el0_svc+0x98/0x138
[  200.171190][    C1]  el0t_64_sync_handler+0x84/0xf0
[  200.171974][    C1]  el0t_64_sync+0x18c/0x190
[  200.172667][    C1] Kernel panic - not syncing: softlockup: hung tasks
[  200.173714][    C1] CPU: 1 PID: 8015 Comm: syz.1.1034 Tainted: G             L     syzkaller #0
[  200.175081][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
[  200.176712][    C1] Call trace:
[  200.177264][    C1]  dump_backtrace+0x1c8/0x1f4
[  200.178029][    C1]  show_stack+0x2c/0x3c
[  200.178682][    C1]  __dump_stack+0x30/0x40
[  200.179367][    C1]  dump_stack_lvl+0xf8/0x160
[  200.180127][    C1]  dump_stack+0x1c/0x5c
[  200.180790][    C1]  panic+0x2e0/0x79c
[  200.181449][    C1]  softlockup_fn+0x0/0x120
[  200.182136][    C1]  __hrtimer_run_queues+0x420/0xc64
[  200.182991][    C1]  hrtimer_interrupt+0x2bc/0xb5c
[  200.183740][    C1]  arch_timer_handler_virt+0x74/0x88
[  200.184483][    C1]  handle_percpu_devid_irq+0x174/0x34c
[  200.185277][    C1]  generic_handle_domain_irq+0xe0/0x140
[  200.186098][    C1]  gic_handle_irq+0x70/0x1e4
[  200.186769][    C1]  do_interrupt_handler+0xe0/0x138
[  200.187621][    C1]  el1_interrupt+0x34/0x54
[  200.188303][    C1]  el1h_64_irq_handler+0x18/0x24
[  200.189030][    C1]  el1h_64_irq+0x64/0x68
[  200.189651][    C1]  __sanitizer_cov_trace_pc+0x24/0x94
[  200.190400][    C1]  cake_enqueue+0x32dc/0x6670
[  200.191077][    C1]  tbf_enqueue+0x2dc/0x610
[  200.191758][    C1]  dev_qdisc_enqueue+0x5c/0x38c
[  200.192405][    C1]  __dev_queue_xmit+0xad0/0x309c
[  200.193104][    C1]  tipc_l2_send_msg+0x29c/0x35c
[  200.193841][    C1]  tipc_bearer_xmit_skb+0x244/0x384
[  200.194580][    C1]  tipc_disc_timeout+0x4c8/0x608
[  200.195326][    C1]  call_timer_fn+0x1b8/0x964
[  200.195959][    C1]  __run_timers+0x460/0x6bc
[  200.196617][    C1]  run_timer_softirq+0x7c/0x114
[  200.197375][    C1]  handle_softirqs+0x318/0xc6c
[  200.198092][    C1]  __do_softirq+0x14/0x20
[  200.198742][    C1]  ____do_softirq+0x14/0x20
[  200.199428][    C1]  call_on_irq_stack+0x30/0x48
[  200.200123][    C1]  do_softirq_own_stack+0x20/0x2c
[  200.200865][    C1]  __irq_exit_rcu+0x23c/0x43c
[  200.201555][    C1]  irq_exit_rcu+0x14/0x84
[  200.202213][    C1]  el1_interrupt+0x38/0x54
[  200.202909][    C1]  el1h_64_irq_handler+0x18/0x24
[  200.203630][    C1]  el1h_64_irq+0x64/0x68
[  200.204260][    C1]  finish_lock_switch+0xb8/0x1c4
[  200.204958][    C1]  finish_task_switch+0x120/0x620
[  200.205744][    C1]  __schedule+0xde0/0x1b18
[  200.206388][    C1]  preempt_schedule_common+0xec/0x1a0
[  200.207206][    C1]  preempt_schedule+0x64/0x84
[  200.207912][    C1]  __local_bh_enable_ip+0x21c/0x380
[  200.208727][    C1]  local_bh_enable+0x28/0x34
[  200.209459][    C1]  fpsimd_restore_current_state+0xe8/0x20c
[  200.210354][    C1]  do_notify_resume+0x1784/0x2b0c
[  200.211135][    C1]  el0_svc+0x98/0x138
[  200.211764][    C1]  el0t_64_sync_handler+0x84/0xf0
[  200.212575][    C1]  el0t_64_sync+0x18c/0x190
[  200.213279][    C1] SMP: stopping secondary CPUs
[  200.213971][    C1] Kernel Offset: disabled
[  200.214628][    C1] CPU features: 0x080000,000f0097,a65bfea7
[  200.215497][    C1] Memory Limit: none
[  200.219775][    C1] 
[  200.220114][    C1] ================================
[  200.220784][    C1] WARNING: inconsistent lock state
[  200.221508][    C1] syzkaller #0 Tainted: G             L    
[  200.222369][    C1] --------------------------------
[  200.223048][    C1] inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage.
[  200.224055][    C1] syz.1.1034/8015 [HC1[1]:SC1[3]:HE0:SE0] takes:
[  200.224982][    C1] ffff8000151013d8 (efi_rt_lock){?...}-{2:2}, at: virt_efi_set_variable_nonblocking+0x74/0x16c
[  200.226495][    C1] {HARDIRQ-ON-W} state was registered at:
[  200.227311][    C1]   lock_acquire+0x20c/0x644
[  200.227969][    C1]   _raw_spin_lock+0x54/0x6c
[  200.228700][    C1]   efi_call_rts+0x260/0x9f4
[  200.229363][    C1]   process_one_work+0x7f4/0x13a8
[  200.230155][    C1]   worker_thread+0x8c8/0xfbc
[  200.230889][    C1]   kthread+0x250/0x2d8
[  200.231558][    C1]   ret_from_fork+0x10/0x20
[  200.232289][    C1] irq event stamp: 1149215
[  200.232948][    C1] hardirqs last  enabled at (1149214): [<ffff8000083b9458>] timekeeping_get_ns+0x124/0x3b8
[  200.234553][    C1] hardirqs last disabled at (1149215): [<ffff800011956d60>] el1_interrupt+0x24/0x54
[  200.235984][    C1] softirqs last  enabled at (9574): [<ffff80000803092c>] local_bh_enable+0x10/0x34
[  200.237382][    C1] softirqs last disabled at (9579): [<ffff800008020164>] __do_softirq+0x14/0x20
[  200.238693][    C1] 
[  200.238693][    C1] other info that might help us debug this:
[  200.239810][    C1]  Possible unsafe locking scenario:
[  200.239810][    C1] 
[  200.240864][    C1]        CPU0
[  200.241348][    C1]        ----
[  200.241849][    C1]   lock(efi_rt_lock);
[  200.242448][    C1]   <Interrupt>
[  200.242960][    C1]     lock(efi_rt_lock);
[  200.243550][    C1] 
[  200.243550][    C1]  *** DEADLOCK ***
[  200.243550][    C1] 
[  200.244679][    C1] 6 locks held by syz.1.1034/8015:
[  200.245417][    C1]  #0: ffff800008017c40 ((&d->timer)){+.-.}-{0:0}, at: call_timer_fn+0xd0/0x964
[  200.246757][    C1]  #1: ffff800015296e00 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x10/0x4c
[  200.248117][    C1]  #2: ffff800015296e60 (rcu_read_lock_bh){....}-{1:2}, at: rcu_lock_acquire+0x18/0x54
[  200.249484][    C1]  #3: ffff0000dc1f2908 (&sch->root_lock_key#1901){+.-.}-{2:2}, at: __dev_queue_xmit+0x974/0x309c
[  200.251086][    C1]  #4: ffff800015296e00 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x10/0x4c
[  200.252494][    C1]  #5: ffff800017164608 (&psinfo->buf_lock){....}-{2:2}, at: pstore_dump+0x180/0x728
[  200.253893][    C1] 
[  200.253893][    C1] stack backtrace:
[  200.254768][    C1] CPU: 1 PID: 8015 Comm: syz.1.1034 Tainted: G             L     syzkaller #0
[  200.256101][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
[  200.257540][    C1] Call trace:
[  200.257962][    C1]  dump_backtrace+0x1c8/0x1f4
[  200.258633][    C1]  show_stack+0x2c/0x3c
[  200.259224][    C1]  __dump_stack+0x30/0x40
[  200.259840][    C1]  dump_stack_lvl+0xf8/0x160
[  200.260457][    C1]  dump_stack+0x1c/0x5c
[  200.261049][    C1]  print_usage_bug+0x4c0/0x6d8
[  200.261781][    C1]  mark_lock_irq+0x788/0x9e4
[  200.262437][    C1]  mark_lock+0x224/0x320
[  200.263004][    C1]  __lock_acquire+0xd2c/0x6544
[  200.263736][    C1]  lock_acquire+0x20c/0x644
[  200.264423][    C1]  _raw_spin_lock+0x54/0x6c
[  200.265067][    C1]  virt_efi_set_variable_nonblocking+0x74/0x16c
[  200.265908][    C1]  efivar_set_variable_locked+0x1d0/0x204
[  200.266763][    C1]  efi_pstore_write+0x26c/0x358
[  200.267454][    C1]  pstore_dump+0x504/0x728
[  200.268094][    C1]  kmsg_dump+0x170/0x260
[  200.268734][    C1]  panic+0x36c/0x79c
[  200.269333][    C1]  softlockup_fn+0x0/0x120
[  200.270006][    C1]  __hrtimer_run_queues+0x420/0xc64
[  200.270808][    C1]  hrtimer_interrupt+0x2bc/0xb5c
[  200.271600][    C1]  arch_timer_handler_virt+0x74/0x88
[  200.272412][    C1]  handle_percpu_devid_irq+0x174/0x34c
[  200.273290][    C1]  generic_handle_domain_irq+0xe0/0x140
[  200.274194][    C1]  gic_handle_irq+0x70/0x1e4
[  200.274867][    C1]  do_interrupt_handler+0xe0/0x138
[  200.275693][    C1]  el1_interrupt+0x34/0x54
[  200.276380][    C1]  el1h_64_irq_handler+0x18/0x24
[  200.277129][    C1]  el1h_64_irq+0x64/0x68
[  200.277747][    C1]  __sanitizer_cov_trace_pc+0x24/0x94
[  200.278503][    C1]  cake_enqueue+0x32dc/0x6670
[  200.279168][    C1]  tbf_enqueue+0x2dc/0x610
[  200.279832][    C1]  dev_qdisc_enqueue+0x5c/0x38c
[  200.280527][    C1]  __dev_queue_xmit+0xad0/0x309c
[  200.281294][    C1]  tipc_l2_send_msg+0x29c/0x35c
[  200.282000][    C1]  tipc_bearer_xmit_skb+0x244/0x384
[  200.282762][    C1]  tipc_disc_timeout+0x4c8/0x608
[  200.283431][    C1]  call_timer_fn+0x1b8/0x964
[  200.284061][    C1]  __run_timers+0x460/0x6bc
[  200.284700][    C1]  run_timer_softirq+0x7c/0x114
[  200.285382][    C1]  handle_softirqs+0x318/0xc6c
[  200.286067][    C1]  __do_softirq+0x14/0x20
[  200.286687][    C1]  ____do_softirq+0x14/0x20
[  200.287391][    C1]  call_on_irq_stack+0x30/0x48
[  200.288109][    C1]  do_softirq_own_stack+0x20/0x2c
[  200.288914][    C1]  __irq_exit_rcu+0x23c/0x43c
[  200.289659][    C1]  irq_exit_rcu+0x14/0x84
[  200.290314][    C1]  el1_interrupt+0x38/0x54
[  200.290949][    C1]  el1h_64_irq_handler+0x18/0x24
[  200.291748][    C1]  el1h_64_irq+0x64/0x68
[  200.292388][    C1]  finish_lock_switch+0xb8/0x1c4
[  200.293184][    C1]  finish_task_switch+0x120/0x620
[  200.293972][    C1]  __schedule+0xde0/0x1b18
[  200.294686][    C1]  preempt_schedule_common+0xec/0x1a0
[  200.295472][    C1]  preempt_schedule+0x64/0x84
[  200.296135][    C1]  __local_bh_enable_ip+0x21c/0x380
[  200.296927][    C1]  local_bh_enable+0x28/0x34
[  200.297640][    C1]  fpsimd_restore_current_state+0xe8/0x20c
[  200.298531][    C1]  do_notify_resume+0x1784/0x2b0c
[  200.299305][    C1]  el0_svc+0x98/0x138
[  200.299964][    C1]  el0t_64_sync_handler+0x84/0xf0
[  200.300717][    C1]  el0t_64_sync+0x18c/0x190
[  200.418420][    C1] Rebooting in 86400 seconds..