last executing test programs:

8m13.943366638s ago: executing program 0 (id=988):
r0 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_PKTINFO(r0, 0x10e, 0xc, &(0x7f0000000040)=0x8, 0x4)
sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYRES32=r0], 0x28}}, 0x802)

8m13.756841778s ago: executing program 0 (id=989):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000000c0)='kfree\x00', r0, 0x0, 0xfffffffffffffffd}, 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000001c0)=@filter={'filter\x00', 0x42, 0x4, 0x278, 0xffffffff, 0xf8, 0xf8, 0x1b8, 0xffffffff, 0xffffffff, 0x2d8, 0x2d8, 0x2d8, 0xffffffff, 0x4, 0x0, {[{{@ip={@empty, @loopback, 0x0, 0x0, 'veth0_to_batadv\x00', 'wlan0\x00', {}, {}, 0x11}, 0x0, 0x70, 0x98, 0x0, {0x100000000000000}}, @REJECT={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x8}}}, {{@ip={@multicast2, @private=0xa010102, 0x0, 0x0, 'veth1_virt_wifi\x00', '\x00', {}, {}, 0x0, 0x1}, 0x0, 0x70, 0xb0}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2d8)

8m13.360841889s ago: executing program 0 (id=991):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000d00)='sched_switch\x00', r4}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x13, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x66, 0x8}, @initr0, @exit, @alu={0x6, 0x0, 0x3, 0xa, 0x0, 0x2}, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xff99, &(0x7f0000000340)=""/222, 0x0, 0x8}, 0x78)

8m11.12182584s ago: executing program 0 (id=994):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000050000000900000001"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r4, 0x400455c8, 0x0)
write$rfkill(0xffffffffffffffff, &(0x7f0000000080)={0x2020, 0x8, 0x3, 0x5, 0x1}, 0x8)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0)
socketpair(0x18, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
io_uring_register$IORING_REGISTER_BUFFERS2(0xffffffffffffffff, 0xf, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f0000000940)={[{@bsdgroups}, {@nodiscard}, {@noblock_validity}, {@grpjquota}, {@grpjquota}, {@noquota}, {@abort}, {@noload}, {@nodiscard}]}, 0x64, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZj06Y3ueqDXvB69V5Ji3Y3aWwbfKgVRJ8Kan2vMdmEkE02ZDdtE4qm+AEEERV80hdfBD+AIAVffBShoM+KiiLa6oMP2rns7iRN091k226zafb3g8mcc2Zm/+dsmNk5M4eZAAbWOxFxLSIep2l6PiLGsvJcNsV2a2qs9+jh3bnGlESa3vhnEklWtvNZSTY/k212KiK+9uWIbybPxq1tbi3PVirl9Sxfqq+slWqbWxeWVmYXy4vl1enpqcszV2YuzUz2pJ1nI+LqF//6g+/+7EtXf/WZ23+6+fdz32pUazRbvrcdzyl/0MJW0wvN72LvBusvGOw4yjdbmBlpt8bQMyX3XnGdAABor3GO/8GI+GREnI+xGDr4dBYAAAB4DaWfH43/JRFpe8MdygEAAIDXSK45BjbJFbOxAKORyxWLrTG8H47TuUq1Vv/0QnVjdb41VnY8CrmFpUp5MhsrPB6FpJGfaqaf5C/uy09HxJsR8f2xkWa+OFetzPf74gcAAAAMiDP7+v//GWv1/wEAAIATZrzfFQAAAABeOf1/AAAAOPn0/wEAAOBE+8r1640p3Xn/9fytzY3l6q0L8+XacnFlY644V11fKy5Wq4vNZ/atHPZ5lWp17bOxunGnVC/X6qXa5tbNlerGav3m0lOvwAYAAACO0Jsfv/+HJCK2PzfSnBqGu9u0y9WA4yq/m0qyeZvd+o9vtOZ/OaJKAUdiqN8VAPom3+8KAH1T6HcFgL5LDlnecfDOb7P5J3pbHwAAoPcmPtr5/n/uwC23D14MHHt2Yhhc7v/D4Gre/+92JK+TBThRCs4AYOC99P3/Q6Xpc1UIAADoudHmlOSK2eW90cjlisWIs83XAhSShaVKeTIi3oiI348VPtDITzW3TA7tMwAAAAAAAAAAAAAAAAAAAAAAAAAALWmaRAoAAACcaBG5vyW/bj3Lf2LsvdH91weGk/+ORfaK0Ns/vvHDO7P1+vpUo/xfu+X1H2XlF/txBQMAAAAGwnO9wH+nn77TjwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAXnr08O7cznSUcf/xhYgYbxc/H6ea81NRiIjT/04iv2e7JCKGehB/pPHnI+3iJ41q7YZsF3+kB/G37x0YP8azb2F//OGIONOD+DDI7jeOP9fa7X+5eKc5b7//5SOeyr+ozse/2D3+DXU4/pztMsZbD35R6hj/XsRb+fbHn534SYf473YZ/xtf39rqtCz9ScRE29+f5KlYpfrKWqm2uXVhaWV2sbxYXp2enro8c2Xm0sxkaWGpUs7+to3xvY/98vFB7T/dIf74Ie1/r8v2///BnYcfaiUL7eKfe7dN/N/8NFvj2fi57LfvU1m6sXxiJ73dSu/19s9/9/ZB7Z/v0P7D/v/numz/+a9+589drgoAHIHa5tbybKVSXj+xiUYv/RhUQ+IYJr7d0w9M0zRt7FMv8TlJHIevpZno95EJAADotScn/f2uCQAAAAAAAAAAAAAAAAAAAAyuo3ic2P6Y27uppBeP0AYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6In3AwAA///d8Nla")
unshare(0x42000000)

8m6.699010267s ago: executing program 0 (id=1000):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x4, &(0x7f0000000640)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000040)='kfree\x00', r0, 0x0, 0x2}, 0x18)
gettid()
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000b40)={'\x00', 0x7ff, 0x5, 0xc, 0xfffffffffffffffd, 0x59c, 0xffffffffffffffff})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000021b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000001b40)='sched_switch\x00', r5}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
creat(0x0, 0x0)
ioctl$SG_BLKTRACETEARDOWN(r1, 0x1276, 0x0)

8m1.276692796s ago: executing program 0 (id=1003):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mq={0x7}]}, 0x2c}}, 0x0)

7m45.45562465s ago: executing program 32 (id=1003):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mq={0x7}]}, 0x2c}}, 0x0)

6m56.981201608s ago: executing program 4 (id=1095):
socket$inet6_udp(0xa, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e21, @multicast1}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='nv\x00', 0x3)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r2}, 0x18)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=@gettaction={0xd8, 0x32, 0x8, 0x70bd28, 0x25dfdbfd, {}, [@action_gd=@TCA_ACT_TAB={0x50, 0x1, [{0xc, 0x20, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x5}}, {0xc, 0x19, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4}}, {0xc, 0x13, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xc40b}}, {0xc, 0xa, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}, {0xc, 0x1, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x80000001}}, {0x10, 0x6, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'sample\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x64, 0x1, [{0xc, 0x13, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}, {0xc, 0x20, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xf8000000}}, {0xc, 0x14, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xb}}, {0xc, 0x3, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x3}}, {0xc, 0x1e, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}, {0xc, 0xd, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}, {0xc, 0x20, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x5}}, {0xc, 0x1f, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xf}}]}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x514}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x9}]}, 0xd8}, 0x1, 0x0, 0x0, 0x404}, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ppoll(&(0x7f0000000000)=[{r3, 0x4230}], 0x1, 0x0, 0x0, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000040)=0xa)
r4 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
setsockopt$bt_rfcomm_RFCOMM_LM(r4, 0x12, 0x3, 0x0, 0x0)

6m49.253006231s ago: executing program 4 (id=1103):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x2008042, &(0x7f00000000c0), 0x1, 0x571, &(0x7f0000000780)="$eJzs3c+PG1cdAPDvzP5yk7SbQA9QAQlQCCiKnXXaqOql5QJCVSVExQFxSJddZ7XEjkPsLd0lUrd/A0ggcYI/gQMSB6SeOHDjiMQBEOWAVCACJUgcBs3Yu+ts7MSNvXaz/nykybyZN+Pve/bOvOdnxy+AmXUuInYjYjEi3oyI5e7+pLvEq50lP+7undtr9+7cXksiy974Z1Lk5/ui55zcye5jliLim1+L+G7yYNzW9s711Xq9dqu7XWk3blZa2zsXNxurG7WN2o1q9crKlUsvXX6xOra6nm388oOvbr72rd/8+tPv/373yz/Mi3Wqm9dbj3HqVH1hP05uPiJeO4pgUzDXXS9OuRw8njQiPhYRnyuu/+WYK/46AYDjLMuWI1vu3QYAjru0GANL0nJEpGm3E1DujOE9GyfSerPVvnCtuXVjvTNWdjoW0mub9dqlM0t//H5x8EKSb68UeUV+sV09tH05Is5ExI+Xniq2y2vN+vp0ujwAMPNO9rb/EfGfpTQtl4c6tc+negDAE6M07QIAABOn/QeA2aP9B4DZM0T73/2wf/fIywIATIb3/wAwe7T/ADB7tP8AMFO+8frr+ZLd6/7+9fpb21vXm29dXK+1rpcbW2vlteatm+WNZnOj+M2exqMer95s3lx5IbberrRrrXaltb1ztdHcutG+Wvyu99XawkRqBQA8zJmz7/0hiYjdl58qluiZy0FbDcdbOsajgCfL3Cgn6yDAE81sXzC7hmrCi07C7468LMB09P0x71Lf5P1++iGC+J4RfKSc/+Tw4//meIbjxcg+zK7HG/9/ZezlACbvscf//zzecgCTl2XJ4Tn/F/ezAIBjaYSv8GXvjKsTAkzVoybzHsvn/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHDMnIqI70WSlou5wNP837Rcjng6Ik7HQnJts167FBHPxNmIWFjKt1emXWgAYETp35Pu/F/nl58/dTh3MfnvUrGOiB/87I2fvL3abt9ayff/a3//0t70YdWD80aYVxAAGN5fhzmoaL+r3XXPG/m7d26v7S1HWMYHfPCV/clH1+7duV0snZz5yLIsiygVfYkT/05ivntOKSKei4i5McTffTciPtGv/kkxNnK6O/Npb/zoxn56ovHT++KnRV5nnT99Hx9DWWDWvJfff149fP3NFVfWueKI/td/qbhDja64/5Ui9u59B/e/veu9VJTmcPz8mj83bIwXfvv1B3Zmy528dyOem+8XP9mPnwyI//yQ8f/0qc/86JUBednPI85H//i9sSrtxs1Ka3vn4mZjdaO2UbtRrV5ZuXLppcsvVivFGHVlb6T6Qf94+cIzg8qW1//EgPidV/7kofov7p/7hSHr/4v/vfmdzx5sLh2O/6XP93/9ny3W/Z//vE384pDxV0/8auD03Xn89QH1f9Trf2HI+O//bWd9yEMBgAlobe9cX63Xa7dGSuTvQj/8WVmWvZOX4SHH5NnDPeBed3G06vwlisTB05JEEqM/P/cn8s7YMAcvjFyd+xJ7wyXjrk6fxPx+X3G8j/zth/+1DEosjhI0HXstHicRp7uJu5MKOpXbETBBBxf9tEsCAAAAAAAAAAAAAAAMMon/wzTtOgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB8/T8AAP//Z1e+LQ==")
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', 0x0, 0x24, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)

6m47.203914638s ago: executing program 4 (id=1108):
syz_mount_image$iso9660(&(0x7f0000000080), &(0x7f0000000540)='./file0\x00', 0x18, &(0x7f0000000140)=ANY=[], 0x1, 0x5ab, &(0x7f0000000b40)="$eJzs3V9v09wdwPGf26ZkmVRNY0Ko6sNznrJJReoTnOQhKOLKc05SQ2JHtoPaK1bRFFWkMFEmrb0Y42Jsk7Y3sDtu9yL2KvY20O63i07+k7Zp/sHSNgO+n4jasU98fuck+Fen9rEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx7KppFgxpOG57U41mV32vefo0ffXAArnTNxlTr4gR/ZNsVm4mi27+7HT1jejH6q9+lzxbkWw0ycrRj2/85MH1hbne68cEfCUODo+eb3e7nVezDuTy/Pv42uiVde06gec0rbpWTuCpSrls3t2oBarmNHSwFYS6qWxfW6HnqzX7jipUKiWl81te261XrYbuLbz/fdE0y+phvqUtP/Dcuw/zgb3hNBqOW4/LRKujMvejD+IjJ1ShtppK7e51O6VJLYgKFT6mUHFSoaJZLBYKxWKhfK9y775pLgwsMM+RgRLRh3Zx4L8Pvh4XtOcGpjeX5n9piCOutGVT1NCHLVXxxZPmiPWpXv7/xV09tt6z+X8lWbRy83T1cvRjVeaTZ7dG5f9zMfxhKSk/PMLLeBzIoRzJc9mWrnSlI6+usO6pH5np+6ouWlxxJBBPHGmKFS9R6RIlFSlLWUx5IhtSk0CU1MSRhmgJZEsCCUXHnyhbfNFiSSie+KJkTWy5I0oKUpGKlESJlrxsiSdtcaUuVbHirezKXtzvJVHGaVT/7IvxpFBhZDNyvc9dR4pjWntR+R9fs5Od3N8uYP8NTOO4l/8BAAAAAMAXy4i/fY+O/zPyTTxXcxranHVYAAAAAADgAsV/+V+JJvHZYN+IwfE/AAAAAABfGkNupd8C5OTbZG5XjPhyqWFfAszPIEQAAAAAADCl+O//t6JJPAbKt2KcDJfCSQAAAAAAAHwh/nQy+u6oMXaD1jXjH/8S388Yb1ubPzf247F5rf30VICBMwLC2rKxlG4knpSTycKCrVeMbFLoZBDMD+lkd1Ichu9n/nOcOAng96MDyMr5AK4vyF/ku6TMdzvJdKe3JqklV3MaOm97jQcFsayluVBvhr95sfdbiZv/Z7e5ZGRlr9vJP33Z3Yk74220lbf76QCKA+MojuqM6wvyOh5vIb7mIiuyONDiTHwhRlpvzpDdvW7HjOu0kvbPiciPROb6a3yzNKbOd7KalFpNR7zN9bc/G9VZyI9qfRpFYcqWv5PbSZnba7eTyZAoipOiKJ6NIu2EuYuOojQpitKUUQDArOz2ZaFh+f808Z/JO2f3cr2ZMXu5j8ru/bV86q8X8R59LSmzthzvWBeWh+zRzUl7dHPK7Pb3gXsgjcqxUb1/PZdV30cveD+y3qBRNKIunH+9/2u5cXB49P3e/vazzrPOi2KxVDZ/MM17RcnEzUgn5B4AwBCr8fn/4+6xM7GE8cOEo+qfnpxSkJen8lK6siPr8dUG8RkHQ7eaO3MawvqEo9ZcnCaTO7ysjzmqW4yvcuhttzi2bH8MpSE9d8xNEwAAn63VCXn4Y/L/+oTj7v5cPv7oOHfmbm0AAOByaP+DkQv/aPi+03pSqFQKVrihle/Zj5TvVOtaOW6ofXvDcutatXwv9GyvEc08dqo6UEG71fL8UNU8X7W8wNmMhw9U6a3fA9203NCxg1ZDW4FWtueGlh2qqhPYqtX+ZcMJNrQfvzhoadupObYVOp6rAq/t2zqvVKD1mYJOVbuhU3OiWVe1fKdp+Vn12Gu0m1pVdWD7Tiv0kg326nLcmuc3483mZ93ZAAD8nzg4PHq+3e12Xl3WzOKsWwgAAM47TdezjgQAAAAAAAAAAAAAAAAAAAAAAIxy6df/nZ9JbwAgV1rpzGcusJ8/tesyF/Uuy8hVc5/Pe3o8f4WVXkv7ZcZtN+R/ersneSMimUvbMQG4dP8NAAD//0W+TG0=")

6m45.508372716s ago: executing program 4 (id=1112):
socket$inet6_udp(0xa, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e21, @multicast1}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='nv\x00', 0x3)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r2}, 0x18)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=@gettaction={0xd8, 0x32, 0x8, 0x70bd28, 0x25dfdbfd, {}, [@action_gd=@TCA_ACT_TAB={0x50, 0x1, [{0xc, 0x20, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x5}}, {0xc, 0x19, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4}}, {0xc, 0x13, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xc40b}}, {0xc, 0xa, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}, {0xc, 0x1, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x80000001}}, {0x10, 0x6, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'sample\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x64, 0x1, [{0xc, 0x13, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}, {0xc, 0x20, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xf8000000}}, {0xc, 0x14, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xb}}, {0xc, 0x3, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x3}}, {0xc, 0x1e, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}, {0xc, 0xd, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}, {0xc, 0x20, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x5}}, {0xc, 0x1f, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xf}}]}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x514}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x9}]}, 0xd8}, 0x1, 0x0, 0x0, 0x404}, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ppoll(&(0x7f0000000000)=[{r3, 0x4230}], 0x1, 0x0, 0x0, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000040)=0xa)
r4 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
setsockopt$bt_rfcomm_RFCOMM_LM(r4, 0x12, 0x3, 0x0, 0x0)

6m43.762421784s ago: executing program 4 (id=1116):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000050000000900000001"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x0)
r4 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x801, 0x0)
write$rfkill(r4, &(0x7f0000000080)={0x2020, 0x8, 0x3, 0x5, 0x1}, 0x8)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0)
socketpair(0x18, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
bind$bt_hci(r2, &(0x7f0000000780)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
io_uring_register$IORING_REGISTER_BUFFERS2(0xffffffffffffffff, 0xf, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f0000000940)={[{@bsdgroups}, {@nodiscard}, {@noblock_validity}, {@grpjquota}, {@grpjquota}, {@noquota}, {@abort}, {@noload}, {@nodiscard}]}, 0x64, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZj06Y3ueqDXvB69V5Ji3Y3aWwbfKgVRJ8Kan2vMdmEkE02ZDdtE4qm+AEEERV80hdfBD+AIAVffBShoM+KiiLa6oMP2rns7iRN091k226zafb3g8mcc2Zm/+dsmNk5M4eZAAbWOxFxLSIep2l6PiLGsvJcNsV2a2qs9+jh3bnGlESa3vhnEklWtvNZSTY/k212KiK+9uWIbybPxq1tbi3PVirl9Sxfqq+slWqbWxeWVmYXy4vl1enpqcszV2YuzUz2pJ1nI+LqF//6g+/+7EtXf/WZ23+6+fdz32pUazRbvrcdzyl/0MJW0wvN72LvBusvGOw4yjdbmBlpt8bQMyX3XnGdAABor3GO/8GI+GREnI+xGDr4dBYAAAB4DaWfH43/JRFpe8MdygEAAIDXSK45BjbJFbOxAKORyxWLrTG8H47TuUq1Vv/0QnVjdb41VnY8CrmFpUp5MhsrPB6FpJGfaqaf5C/uy09HxJsR8f2xkWa+OFetzPf74gcAAAAMiDP7+v//GWv1/wEAAIATZrzfFQAAAABeOf1/AAAAOPn0/wEAAOBE+8r1640p3Xn/9fytzY3l6q0L8+XacnFlY644V11fKy5Wq4vNZ/atHPZ5lWp17bOxunGnVC/X6qXa5tbNlerGav3m0lOvwAYAAACO0Jsfv/+HJCK2PzfSnBqGu9u0y9WA4yq/m0qyeZvd+o9vtOZ/OaJKAUdiqN8VAPom3+8KAH1T6HcFgL5LDlnecfDOb7P5J3pbHwAAoPcmPtr5/n/uwC23D14MHHt2Yhhc7v/D4Gre/+92JK+TBThRCs4AYOC99P3/Q6Xpc1UIAADoudHmlOSK2eW90cjlisWIs83XAhSShaVKeTIi3oiI348VPtDITzW3TA7tMwAAAAAAAAAAAAAAAAAAAAAAAAAALWmaRAoAAACcaBG5vyW/bj3Lf2LsvdH91weGk/+ORfaK0Ns/vvHDO7P1+vpUo/xfu+X1H2XlF/txBQMAAAAGwnO9wH+nn77TjwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAXnr08O7cznSUcf/xhYgYbxc/H6ea81NRiIjT/04iv2e7JCKGehB/pPHnI+3iJ41q7YZsF3+kB/G37x0YP8azb2F//OGIONOD+DDI7jeOP9fa7X+5eKc5b7//5SOeyr+ozse/2D3+DXU4/pztMsZbD35R6hj/XsRb+fbHn534SYf473YZ/xtf39rqtCz9ScRE29+f5KlYpfrKWqm2uXVhaWV2sbxYXp2enro8c2Xm0sxkaWGpUs7+to3xvY/98vFB7T/dIf74Ie1/r8v2///BnYcfaiUL7eKfe7dN/N/8NFvj2fi57LfvU1m6sXxiJ73dSu/19s9/9/ZB7Z/v0P7D/v/numz/+a9+589drgoAHIHa5tbybKVSXj+xiUYv/RhUQ+IYJr7d0w9M0zRt7FMv8TlJHIevpZno95EJAADotScn/f2uCQAAAAAAAAAAAAAAAAAAAAyuo3ic2P6Y27uppBeP0AYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6In3AwAA///d8Nla")

6m41.397282288s ago: executing program 4 (id=1119):
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000780)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = socket$unix(0x1, 0x1, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x20010040)
getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000240)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x12042, 0x0)
ioctl$PIO_FONTX(r4, 0x4b6c, &(0x7f00000003c0)={0x9d, 0x9, 0x0})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000d00)='sched_switch\x00', r3}, 0x10)
syz_mount_image$ext4(&(0x7f0000000380)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x3000000, &(0x7f00000006c0), 0x1, 0x512, &(0x7f0000000c40)="$eJzs3W1rZFcdAPD/vcmk2d3UTFVkLdgWW9ktujNJY9so0lYQfVVQ6/s1JpMQMsmEzKRuQtEsfgBBRAU/gG8EP4Ag+xFEWND3oqKI7upL3St35kbzMJMMySSzTn4/OJlz7sP5n3PJ3LkPh3sDuLJeioh3ImIsIl6NiOlielqk2OukfLnHjz5YzFMSWfbe35JIimn7deXl8Yi4Uaw2GRFf/0rEt5LjcZs7u2sL9XptqyhXW+ub1ebO7p3V9YWV2kptY25u9o35N+dfn5/JCufqZzki3vrSn370/Z99+a1ffebbv7/7l9vfyZv1hY912h0Ri+cK0EOn7lJ7W+zLt9HWRQQbkrw/pbFhtwIAgH7kx/gfjohPto//p2OsfTQHAAAAjJLs7an4VxKRAQAAACMrjYipSNJKMRZgKtK0UumM4f1oXE/rjWbr08uN7Y2lfF5EOUrp8mq9NlOMFS5HKcnLs8UY2/3ya0fKcxHxXET8cPpau1xZbNSXhn3xAwAAAK6IGy8ePv//53TazgMAAAAjptyzAAAAAIwKp/wAAAAw+pz/AwAAwEj76rvv5inbf4/30vs722uN9+8s1ZprlfXtxcpiY2uzstJorLSf2bd+Wn31RmPzs7Gxfa/aqjVb1ebO7t31xvZG6+7qoVdgAwAAAJfouRcf/C6JiL3PX2unKJ4DCHDIH4fdAGCQxobdAGBoxofdAGBoSqcuYQ8Boy45Zf7xwTuda4Xx64tpDwAAMHi3Pn78/v9EMe/0awPA/zNjfQDg6nF3D66u0llHAN4cdEuAYflQ5+OZXvN7Pryjj/v/nWsMWXamhgEAAAMz1U5JWimO06ciTSuViGfbrwUoJcur9dpMcX7w2+nSM3l5tr1mcuqYYQAAAAAAAAAAAAAAAAAAAAAAAACgI8uSyAAAAICRFpH+OWk/zT/i1vQrU4evDhx569dP3/vxvYVWa2s2YiL5+3Q+aSIiWj8ppr+WeSUAAAAAPAU65+nF5+ywWwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqHn86IPF/XSZcf/6xYgod4s/HpPtz8koRcT1fyQxfmC9JCLGBhB/735E3OwWP4knWZaVi1Z0i3/tguOX25ume/w0Im4MID5cZQ/y/c873b5/abzU/uz+/Rsv0nn13v+l/93/jfXY/zx7pNzL8w9/Ue0Z/37E8+Pd9z/78ZNO/EMh8sLLffbxm9/Y3e0640CV3eIfjFVtrW9Wmzu7d1bXF1ZqK7WNubnZN+bfnH99fqa6vFqvFX+7hvnBJ3755KT+X+8Rv3y4/8e2/yt99T6Lfz+89+gjnUKpW/zbL3f//b3ZI35a/PZ9qsjn82/t5/c6+YNe+PlvXjip/0s9+j95Sv9v99X/+NyrX/veH7rOObY1AIDL0NzZXVuo12tbJ2Qm+1jmkjNvPx3NGGAmno5mDCuTfbfz/3i+es65+rFMdp7Vx2MAzZg49j0di7NWmETs5XX1+Q8JAACMmP8d9J90BwkAAAAAAAAAAAAAAAAAAAC4SGd8LNlkRPS98NGYe8PpKgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAif4TAAD//4RX0Xo=")

6m25.828940288s ago: executing program 33 (id=1119):
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000780)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = socket$unix(0x1, 0x1, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x20010040)
getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000240)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x12042, 0x0)
ioctl$PIO_FONTX(r4, 0x4b6c, &(0x7f00000003c0)={0x9d, 0x9, 0x0})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000d00)='sched_switch\x00', r3}, 0x10)
syz_mount_image$ext4(&(0x7f0000000380)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x3000000, &(0x7f00000006c0), 0x1, 0x512, &(0x7f0000000c40)="$eJzs3W1rZFcdAPD/vcmk2d3UTFVkLdgWW9ktujNJY9so0lYQfVVQ6/s1JpMQMsmEzKRuQtEsfgBBRAU/gG8EP4Ag+xFEWND3oqKI7upL3St35kbzMJMMySSzTn4/OJlz7sP5n3PJ3LkPh3sDuLJeioh3ImIsIl6NiOlielqk2OukfLnHjz5YzFMSWfbe35JIimn7deXl8Yi4Uaw2GRFf/0rEt5LjcZs7u2sL9XptqyhXW+ub1ebO7p3V9YWV2kptY25u9o35N+dfn5/JCufqZzki3vrSn370/Z99+a1ffebbv7/7l9vfyZv1hY912h0Ri+cK0EOn7lJ7W+zLt9HWRQQbkrw/pbFhtwIAgH7kx/gfjohPto//p2OsfTQHAAAAjJLs7an4VxKRAQAAACMrjYipSNJKMRZgKtK0UumM4f1oXE/rjWbr08uN7Y2lfF5EOUrp8mq9NlOMFS5HKcnLs8UY2/3ya0fKcxHxXET8cPpau1xZbNSXhn3xAwAAAK6IGy8ePv//53TazgMAAAAjptyzAAAAAIwKp/wAAAAw+pz/AwAAwEj76rvv5inbf4/30vs722uN9+8s1ZprlfXtxcpiY2uzstJorLSf2bd+Wn31RmPzs7Gxfa/aqjVb1ebO7t31xvZG6+7qoVdgAwAAAJfouRcf/C6JiL3PX2unKJ4DCHDIH4fdAGCQxobdAGBoxofdAGBoSqcuYQ8Boy45Zf7xwTuda4Xx64tpDwAAMHi3Pn78/v9EMe/0awPA/zNjfQDg6nF3D66u0llHAN4cdEuAYflQ5+OZXvN7Pryjj/v/nWsMWXamhgEAAAMz1U5JWimO06ciTSuViGfbrwUoJcur9dpMcX7w2+nSM3l5tr1mcuqYYQAAAAAAAAAAAAAAAAAAAAAAAACgI8uSyAAAAICRFpH+OWk/zT/i1vQrU4evDhx569dP3/vxvYVWa2s2YiL5+3Q+aSIiWj8ppr+WeSUAAAAAPAU65+nF5+ywWwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqHn86IPF/XSZcf/6xYgod4s/HpPtz8koRcT1fyQxfmC9JCLGBhB/735E3OwWP4knWZaVi1Z0i3/tguOX25ume/w0Im4MID5cZQ/y/c873b5/abzU/uz+/Rsv0nn13v+l/93/jfXY/zx7pNzL8w9/Ue0Z/37E8+Pd9z/78ZNO/EMh8sLLffbxm9/Y3e0640CV3eIfjFVtrW9Wmzu7d1bXF1ZqK7WNubnZN+bfnH99fqa6vFqvFX+7hvnBJ3755KT+X+8Rv3y4/8e2/yt99T6Lfz+89+gjnUKpW/zbL3f//b3ZI35a/PZ9qsjn82/t5/c6+YNe+PlvXjip/0s9+j95Sv9v99X/+NyrX/veH7rOObY1AIDL0NzZXVuo12tbJ2Qm+1jmkjNvPx3NGGAmno5mDCuTfbfz/3i+es65+rFMdp7Vx2MAzZg49j0di7NWmETs5XX1+Q8JAACMmP8d9J90BwkAAAAAAAAAAAAAAAAAAAC4SGd8LNlkRPS98NGYe8PpKgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAif4TAAD//4RX0Xo=")

3m29.074627875s ago: executing program 6 (id=1386):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000050000000900000001"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r4, 0x400455c8, 0x0)
write$rfkill(0xffffffffffffffff, &(0x7f0000000080)={0x2020, 0x8, 0x3, 0x5, 0x1}, 0x8)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0)
socketpair(0x18, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
io_uring_register$IORING_REGISTER_BUFFERS2(0xffffffffffffffff, 0xf, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f0000000940)={[{@bsdgroups}, {@nodiscard}, {@noblock_validity}, {@grpjquota}, {@grpjquota}, {@noquota}, {@abort}, {@noload}, {@nodiscard}]}, 0x64, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZj06Y3ueqDXvB69V5Ji3Y3aWwbfKgVRJ8Kan2vMdmEkE02ZDdtE4qm+AEEERV80hdfBD+AIAVffBShoM+KiiLa6oMP2rns7iRN091k226zafb3g8mcc2Zm/+dsmNk5M4eZAAbWOxFxLSIep2l6PiLGsvJcNsV2a2qs9+jh3bnGlESa3vhnEklWtvNZSTY/k212KiK+9uWIbybPxq1tbi3PVirl9Sxfqq+slWqbWxeWVmYXy4vl1enpqcszV2YuzUz2pJ1nI+LqF//6g+/+7EtXf/WZ23+6+fdz32pUazRbvrcdzyl/0MJW0wvN72LvBusvGOw4yjdbmBlpt8bQMyX3XnGdAABor3GO/8GI+GREnI+xGDr4dBYAAAB4DaWfH43/JRFpe8MdygEAAIDXSK45BjbJFbOxAKORyxWLrTG8H47TuUq1Vv/0QnVjdb41VnY8CrmFpUp5MhsrPB6FpJGfaqaf5C/uy09HxJsR8f2xkWa+OFetzPf74gcAAAAMiDP7+v//GWv1/wEAAIATZrzfFQAAAABeOf1/AAAAOPn0/wEAAOBE+8r1640p3Xn/9fytzY3l6q0L8+XacnFlY644V11fKy5Wq4vNZ/atHPZ5lWp17bOxunGnVC/X6qXa5tbNlerGav3m0lOvwAYAAACO0Jsfv/+HJCK2PzfSnBqGu9u0y9WA4yq/m0qyeZvd+o9vtOZ/OaJKAUdiqN8VAPom3+8KAH1T6HcFgL5LDlnecfDOb7P5J3pbHwAAoPcmPtr5/n/uwC23D14MHHt2Yhhc7v/D4Gre/+92JK+TBThRCs4AYOC99P3/Q6Xpc1UIAADoudHmlOSK2eW90cjlisWIs83XAhSShaVKeTIi3oiI348VPtDITzW3TA7tMwAAAAAAAAAAAAAAAAAAAAAAAAAALWmaRAoAAACcaBG5vyW/bj3Lf2LsvdH91weGk/+ORfaK0Ns/vvHDO7P1+vpUo/xfu+X1H2XlF/txBQMAAAAGwnO9wH+nn77TjwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAXnr08O7cznSUcf/xhYgYbxc/H6ea81NRiIjT/04iv2e7JCKGehB/pPHnI+3iJ41q7YZsF3+kB/G37x0YP8azb2F//OGIONOD+DDI7jeOP9fa7X+5eKc5b7//5SOeyr+ozse/2D3+DXU4/pztMsZbD35R6hj/XsRb+fbHn534SYf473YZ/xtf39rqtCz9ScRE29+f5KlYpfrKWqm2uXVhaWV2sbxYXp2enro8c2Xm0sxkaWGpUs7+to3xvY/98vFB7T/dIf74Ie1/r8v2///BnYcfaiUL7eKfe7dN/N/8NFvj2fi57LfvU1m6sXxiJ73dSu/19s9/9/ZB7Z/v0P7D/v/numz/+a9+589drgoAHIHa5tbybKVSXj+xiUYv/RhUQ+IYJr7d0w9M0zRt7FMv8TlJHIevpZno95EJAADotScn/f2uCQAAAAAAAAAAAAAAAAAAAAyuo3ic2P6Y27uppBeP0AYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6In3AwAA///d8Nla")
unshare(0x42000000)

3m24.001007068s ago: executing program 6 (id=1393):
symlink(&(0x7f0000000040)='.\x00', &(0x7f0000000100)='./file0\x00')
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x9}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x3)
r1 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
read(r2, &(0x7f0000000040)=""/148, 0xffffff96)

3m20.83169354s ago: executing program 6 (id=1401):
r0 = creat(0x0, 0x48)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[], 0x15)
write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000540)=ANY=[@ANYBLOB], 0x53)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x1c, 0xb, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000fdff00000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x1f00, 0xe, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r2}, 0x10)
write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000800)={0x3, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000", @ANYRES64=r1, @ANYBLOB], 0x0, 0x101, 0x0, 0x0, 0x41100, 0x59, '\x00', 0x0, 0x25, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x979}, 0x94)
socket$can_raw(0x1d, 0x3, 0x1)
socket$kcm(0x21, 0x2, 0x2)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={0x0, r3}, 0x18)
syz_read_part_table(0x616, &(0x7f0000002200)="$eJzs3D+IFGcUAPC3dzc7twqehUWwiVoLQbF0iyh7G4MBWRMCYpG/iHDVBYQNWdzgFckVSrYQyzQS2BTnWkWvsMqhkDqIhUHYwiZgmhBT3ISZnbvdwHGQsCGE/H7F973defPefDDtm+A/bSaSMsrSYnvtg13zs4Vx3I13+o3FM1mWZW9HVOJiJHE42TeIiLmIwa2JqnEkIvZO1Ln99Z71L395I+k/OZ9M1u9GGvvz3GrkJUu1nR4l/cuHZerW6hsL11aWm9fzH83OcPPdiDsvGq17Z1d7g9nk9Ef5/1cjHpb5c8Vam9m6//25+NOVXXw+DiuT/bdejsuPm53hrf6zY5sHm7PfXTr58tD6jQfHI67klc9F8bKPVf/+mSet1TeyUtF/PiJ6nVNH7x64eaJ9/1Hr+exv5eVRy5nptAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4B+yli8r1bjerl9+3OwMv/jxh7fuvGi07p1d7Q3erJ5+WhnlPSzz58r9k2jHp5FExFIsxcexvHP5V7ajfdvRhcpk//rGwrWV5eao/+97Ip4d2zzY7NcunXy5uH7jwfEiqxLz+TYz1aPv0L8zvHL4qwu9zqmjdw/cPNG+/6j1fHaUt5TGh8VxIyKd/mMAAAAAAAAAAAAAAAAAAADwP9dYPHPo3Out/Xl8cT4ifv6smLLP0tq3UUzejxwp96fpaJT/9vzoWwD9J+d/rb73/epP5VB8N9LoRsTeb5KIeHW7z9Vi3fp6QCTjyvyb/ggAAP//A+iL8A==")
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000300008385"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r4, 0x0)
ioctl$USBDEVFS_SUBMITURB(r4, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x2000000b, 0x80, &(0x7f0000000240)={0x3, 0x0, 0xfffa, 0x4360}, 0x8, 0x6, 0x7d, 0x0, 0x1, 0x101, 0x0})
ioctl$USBDEVFS_REAPURBNDELAY(r4, 0x4008550d, &(0x7f0000000000))

3m18.194799248s ago: executing program 6 (id=1404):
r0 = syz_open_dev$sg(0x0, 0x0, 0x8002)
r1 = fcntl$dupfd(r0, 0x0, r0)
write$sndseq(r1, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$FAT_IOCTL_GET_ATTRIBUTES(0xffffffffffffffff, 0x80047210, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c", 0x15)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)}], 0x1, &(0x7f0000000380)=[@op={0x18}], 0x18}], 0x1, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r4, 0x25, &(0x7f0000000040)={0x0, 0x0, 0x82, 0x200000007})
fcntl$lock(r4, 0x24, &(0x7f0000000180)={0x2, 0x2, 0x20000000010000, 0x80000003})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x20)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

3m14.171622047s ago: executing program 6 (id=1412):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000003c0)='kfree\x00', r1, 0x0, 0x800000000}, 0x18)
syz_mount_image$iso9660(&(0x7f00000000c0), &(0x7f0000000540)='./file0\x00', 0x1204018, &(0x7f0000000140)=ANY=[@ANYBLOB="6f76657272696465726f636b7065726d2c6e6f636f6d70726573732c686964652c73657373696f6e3d3078303030303030303030303030303032312c756e686964652c696f636861727365743d63703433372c6f76657272696465726f636b7065726d2c626c6f636b3d3078303030303030303030303030303430302c005fb50aab29cf1d32d24be5ab2a6506aa524c8f1cd5781842ee1c86bee627767fee958f25bb6db8e631262ed8a59d337d730b6698271aeb8c31c1902a7e236e5dd878e6c1352c0c799d8e80d7346f8d2870acebe617c694bbb925d3ab4fb01784c564c03d88c81d2f84f58e8c6ba18548f09fa6"], 0x1, 0x56a, &(0x7f0000000580)="$eJzs3V9v094ZwPHH/bUQZVI1jQmhqsChbFKRSnASCIq48pyT9EBiR7aD2itW0RRVpDBRJq29GOOGbdL2Irjdi9g7QrvfLphsJ/2XOGFK20zV9xO158Q+9nmOG51Tt/axAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsdyabRctaRqvs6GyubXAbx2/7W89tEAenErG1CtixV+Sy8mtdNGtXx6vvhl/W/ntH9N3y5KLk5wc/uzmz5/dmJ8bbD8m4Euxf3D4dqvX636YdSAX59/fr2evbGjPhL5pOQ2tTOiraqViP1qvh6pumjrcDCPdUm6gncgP1Kr7QBWr1bLShU2/4zVqTlMPFj59WLLtinpeaGsnCH3v0fNC6K6bZtN4jaRMvDou8zT+IL4wkYq001JqZ7fXLU9qQVyo+COFSpMKlexSqVgslYqVJ9UnT217fmiBfYYMlZj9hxazdY69NzCduf74L00x4klHNkSNfLlSk0B8aWWs7xuM/79+pMfWe3L8X04XLd86Xr0Uf1uRO+m7O1njf0Ysl/falwM5lLeyJT3pSVc+zDyiy301RIsnRkLxxUhLnGSJ6i9RUpWKVMSWV7IudQlFSV2MNEVLKJsSSiQ6+US5EogWRyLxJRAlq+LKA1FSlKpUpSxKtBRkU3zpiCcNqYmT7GVHdpPjXhZlZcV4VKiY2Yz84HPXldKY1jL+Y3rn2n8D0/g+GP8BAAAAAMCVZSV/fY/P/xfkdpKrm6a2Zx0WAAAAAAA4R8l//pfjZCHO3RaL838AAAAAAK4aK7nHzhKRvNxNcztiJbdLjfojwE8zCBEAAAAAAEwp+f//nThJ5kC5K9bRdClcBAAAAAAAwBXxl6PZd7Pm2A3b161//kuCYMH63N74lbWXzM3r7PUvBRi6IiCqL1mL/Z0kSSVN5uddvWzl0kJHk2B+6yc78qkfR7rDoTisIFj4z/fUUQB/yg4gJ2cDuDEvf5N7aZl722m6PViT1pKvm6YuuH7zWVEcZ3Eu0hvR79/t/kGS5v/Vay1aOdntdQuv3/e2k4PxOd7L573+BIpD8yhmHYwb8/IxmW8huedi5JFfSG7E6Nebt2Rnt9e1kzqdtP1z6eZzp2v8tDimzi+ykpZa6c94mz/d/lxcZ7GQ1fp+FMUpW/5F7qdl7q/eT5MRUZQmRVE6GcXoYzF9FOVJUZSnjAIAZmVnwihknRj4M8adQWZML7cz6bcMa6iW//XXi6RHX03LrC4lHev80oge3Z7Uo9tTjm7/GHoGUtYYG9f79zOj6td4g6+Z9YbNkhUfwp8+7v1Obu4fHD7c3dt6033TfVcqlSv2Y9t+UpKFpBn9hLEHADDC5GfsTCxhPZ5wVv2Lo0sKCvJa3ktPtmUtudsgueJg5F7zJy5DWJtw1ppPhsn0CS9rY87qriV3OQz2Wxpb9nQM5Yv/QQAAcIlWJozDPzL+r0047z49lo8/O86feFobAAC4GDr4ZuWjP1tBYNqvitVq0YnWtQp894UKTK2hlfEiHbjrjtfQqh34ke/6zTjz0tR0qMJOu+0Hkar7gWr7odlIpg9U/Ue/h7rleJFxw3ZTO6FWru9Fjhupmgld1e78pmnCdR0kG4dt7Zq6cZ3I+J4K/U7g6oJSodYnCpqa9iJTN3HWU+3AtJwgp176zU5Lq5oO3cC0Iz/d4aAu49X9oJXstjDrgw0AwP+J/YPDt1u9XvfDRWWuzbqFAADgrOPhetaRAAAAAAAAAAAAAAAAAAAAAACALBd+/9/ZTP8BAHKplZI5h4xkrprjZ3r1MhO7jk8X2jEBuHD/DQAA//8Dc1K7")

3m13.629188285s ago: executing program 6 (id=1417):
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair(0x9, 0x6, 0x7, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet_tcp(0x2, 0x1, 0x0)
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', 0x0, 0x2208004, 0x0)

2m57.206255172s ago: executing program 34 (id=1417):
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair(0x9, 0x6, 0x7, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet_tcp(0x2, 0x1, 0x0)
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', 0x0, 0x2208004, 0x0)

2m19.625246561s ago: executing program 3 (id=1496):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x40, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
getpid()
r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000003800010700e9ffffffffffff07"], 0x14}, 0x1, 0x0, 0x0, 0x48011}, 0x4040080)

2m18.026795391s ago: executing program 3 (id=1499):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
recvmmsg(r0, &(0x7f0000000400)=[{{&(0x7f0000000380)=@l2tp={0x2, 0x0, @empty}, 0x80, &(0x7f0000000080)=[{&(0x7f00000004c0)=""/164, 0xa4}, {&(0x7f0000001640)=""/4096, 0x1000}], 0x2}, 0x1}], 0x1, 0x40000002, &(0x7f0000000440)={0x77359400})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x401, r4, 0x0, 0xa002a0}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200), &(0x7f0000001540), 0xfffffffe, r4, 0x0, 0x1500}, 0x38)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}]}, 0x4c}}, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$IPSET_CMD_SAVE(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, 0x8, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
syz_open_dev$vim2m(&(0x7f0000000000), 0xa194, 0x2)
syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00')

2m16.478246885s ago: executing program 3 (id=1503):
r0 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000fee000)=0x1, 0x4)
bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
fchown(r0, 0xee01, 0x0)
r1 = eventfd(0x0)
fcntl$lock(r1, 0x6, &(0x7f00000006c0)={0x1, 0x1, 0x2, 0xfbfffffffffffeff})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x4, 0x0, &(0x7f0000000040)='syzkaller\x00', 0xf}, 0x94)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)="d8000000310081044e81f782db44b904021d080005000000e8fe55a1180015000600142603600e120900210000000401a8001600a40001", 0x37}], 0x1}, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="33fe00004a00530c8e5eb88edc5a9c0e0a9b80"], 0xfe33)
r3 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r3, &(0x7f0000000340)=@id={0x1e, 0x3, 0x3, {0x4e22, 0x4}}, 0x10)
r4 = socket$tipc(0x1e, 0x5, 0x0)
syz_mount_image$bcachefs(&(0x7f0000000000), &(0x7f0000005d40)='./bus\x00', 0x10000, &(0x7f0000000180)=ANY=[@ANYBLOB="19c0f390bd6f1e6912c3350d50b25c67a13ee7ced34bec2c60bea3f540fba414e119d94c4d55cd455db4", @ANYRES64, @ANYRES64], 0x9, 0x5c2a, &(0x7f000000b9c0)="$eJzs3Q2MHNWdIPCq7hnPjMcfYxLAcUg8EOMzuQ0ZY3IkVqIMnALJbcyysGt2A8F28NgM8Qd47DV4Q2yQlo0Il7N0p00u0kYI7UqcEEru0OV2k1uZ1RGiC7eKpRxn9u5yRJDVhTuxXrGQ+DDHrGa6qqe7ul5XTXePMfD7STPVVfP6/97/1Zuaqtc13REAAADvCE/9wdQvr131qR/dN/Hq4U9/b/e90XB1dvtgWmAkWd71ZrWQM2mgb+XsMjsujo4veuqTD3722T/+/J8+/8KKdev/5ParT9+5ZNMDD4z/5IrTf/XGPUVx0/F0ydx6/FIcRe/78bo/uv8HT58/sy2OoqgajxyJohVx5S9XxJkQY69FUbS93s7mHz7+6oYdM8sjXx1o2r48E8R4f2cbTMbZH/7F3gt+cenVzx7766teHRt8bd+RuSLxYMN4iqJlWxuf3x9F0VDyNSMdbSvTJyfL66IoWtzwvI8WtOuiku3/UGB9VbJclCyHC+KkP78ws95fsh19meVgyed1qrLA8VPp/luywPVnD27ZelYky+8my0vmGb+afsVRJY766tXtiufGSNSw3+Iont33c+uVprEQZ8ZGHEVxZr2SWa/2Z/KarTcZaNW41qTFUXN7Ksn2tPxosr0v2X5hwVi7IbD9PWm+yS/qqUz+2aDDLQ/qec1K2/WzNm05EyoNx6C87Wl7B5OdMZxsG47PaXnOdI70Z5tf+Nq3nz/0rTUjgXbE34mT+HFH8Z/Z/bETaw/99OTKUPytlSR+paP4U5e+/NiL1//w/GD8o2n8akfxn7t87de/f/jgqVD/pMNrOOrrKH514wdPr79vbHOw/Q+l/T/YUfyHr3r0m8s+8uRjwf07lvbPUBJ/2fz6Z/LA6zc9cu7JUPxke9/MEaGT9l/5ynkXb9z76M5g+59I+2e4o/hPT01uuv+21QdHQ/GPp/GXdhT/op/ffNOxExPPBds/nvb/SEfxP7Hmyus2ndzzYOjYGR85U39hAd6e3pWcY30lWe/0OrNbDdcL3xiJa+d8S5KvpdVe1tRspp7WMwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6M7DI9sn3vjz97/el6wPJA/eX60t0+2LoigeiqJoav+2ffsn9+wcvX3vgX17tu0a3bZ/dGLP/n13j17+a6ujKNq17e6Zn459aEPteedEcW0Zv6+l7unp6enKSPO2tL4vXvEvHx99/4n/HkVj5/7k/X3B9v/GPav+6Yqc7xnx+PSuf3HxLS8u+c8HahtGknaNBNoVBdr18Ude2viL7w398ygaO69du/73umt+0NSg2Q1zcRKVgagy+2AgXpzbjnqrk/ak/dW3Y3LXxFhx/1YDefzNqX/32wenbj1S69/BYB4l+3dofPpXe/7siVs/fui62oazdb8X9XeaRdq+tP8Gk/5eluS1LJBXXyCv+y++8H/9t3+9+6Uj0Vjf369urbsor/5kAPTH7ylVb1rD4ri5TwaT8ukeT5/34f277/jw1N2HPjS5e9vOiZ0TezZs2PDRyzdcdsVl/+TDs6nXvvcs/7T+f1Qy//mOp/5kOb/xtPeK8cn0e8546msdT0XtKuqPmXYV90dji0K/f+/+rWv+x73//uj1tQ1F4zwtXT+eJMvFM7t5fdQw3lr7Ki+von7oD/TDzhuG/80ro3v/X9FxqHHPNH7PiMen/37yv3xyybEP3FLbcEaO840N6vA4X2910p7+xuPO+rO3fweiapLXcG67PnDfy7/zX/88Hq23b9Gi6K5t+/fvW1/7fobyevcNX0ozOpxXbN55fXTt/73z0NZ7V7TkdVnt+5KkpUvi9+a2K7s1zWv17PdqlHRLuogGK/n59Ue19jX+Xdj4ybnnZXt1OIk5HJ+Tm1dW+rPNL3zt288f+taaUE/H36nVOBQtrS3jCwIld2WeWK0nmld/0fiIomhr47a0H5/4s381euxHK3YXjo/ayGj5nk1vfPrLH1vyN1M3Ht9U23BmjisNDerwuFJv9Vx7Zvtr9rhy2ZuXRzWTx5u3n5t+seLx6WMX/NrODf9xf/JrX9S/9dJ5/bshioqOA6sz6708DjQ+L1vPXPn8eKOZ9eGo2tFx47nL1379+4cPngoeN/6u7HHjS01r1S6PG3FgPJ348r/91e+feOYzvTtufGZt9XP/c/WGpEPPluPGYDKuBwPjut7qpD1x47i+9Na9u7bXtp+957/JsuD6J/37PXX3oS9u27VrYt9UubzKnpek9WR7ufW8pNz5Vvrbd05BXun+mstr4R6U6a+yv29p+7dn+6vD3zfIMxzFHf09e2b3x06sPfTTkyOBuPHWShK/ko1fKRN/6tKXH3vx+h+eH4x/NI3f11H7qxs/eHr9fWObg/EfipP4gx3Ff/iqR7+57CNPPhaMP5a2f6iz84nJA6/f9Mi54f6P0vjDHcV/empy0/23rT4YjH88TuqZObeLosdf3bCjth7PzjkNNrSjv6ldUXY9zqxXMuvVxvVKbQ6+XkE1jpu3p+WS7Rc2tCXPjVEUHR9o3Z6ePQ6urC1PpetR9kH77WebSsM5Qd727Pn10JlsHACcYenr/+m5Rvr6/+rkD2LD6/+1Zbyo6fkrk/OplemGwdp13r2jtT+k853XS9uRnddL46/7QHOMTuf1iublLsqsp+1anfRK2p4283JLohLzcq31tJ+Xy6RfPG82+pXMhr7Zub2W/Zbsh/5kpiLndeb7lze3d8lMhG7Ps1fmt7p+nh0ad9n5jvR1+rjkuMveF5Hu3+x9EWn8VZkJtE7vi+h23KXTGm3G3WxmxfOpreMiatOvc+MiP1p2XLQZR9nyI7VxtLCvS70J1/ul4pe63v/V0ELMvze9svCOmU+IjjT3T8n5hFLX+/2Nzzuz1/vp9vT40FdyHmBzYHuv5gHSw0Xarp+1acuZMN95AAB4O0qv/9Nzipnr/5m/1aOZ8/yi65bsVUYaL3gfSzW/PUXXv633sy3u6LzyylfOu3jj3kd3Bq8bnih7X8odTWuLC+5LKerHNVH0mcb1wn4M3ApSNO+wNlN+OFraUT9e9PObbzp2YuK5YD+O106kav14b85ISR3NNPNI/VEn/bgus17Yj/35rSrqx2w9ReP3ksz6cHJH0Hz7/RNrrrxu08k9Dwb7/Uhjv7cbvw81rY0UjF/X6YH49dflF/Y+ufLX6c0D8C13nZ7tnzP0un/RfOSb9rp/Mm+9UPMANwS2z3ceYLjlQT2vWW+5eYDA3wUAeCtLr//r98sn1///KVOu2+vD4HnbeG/uZw2et9XPaxvOy6cPl46fnpcH218/L+/uuigYv35d1N11S7B/6tct3V13BePXr7u6m6cJ9s8Taf+0nvcfLhE/Pe8P/btAet7/1r8uWth5BtdFyXqUfVCTd11UcV0EAMAZll7/p6er6f3/Tybr2XPjhb/OXejr0IW+ju7u9b/ieYbO50kWBWJHb6vX/878PEOZ+OXnGRZ6nu2dPA8wvXye8wD1u2t6PA/QcvVsHgAAgIXwqWR5S8nyfcl74Xzh1tsu27J94ve27Ng3MTF1x7ZbJ7ZM7pncXy/XP3vl1XqfdKi+ovuk88ovblN+SzB+c3uuDpQP6Tb/UH1F+eeVb5f/1mD85vZcEygf0m3+ofqK8s8r3y7/bcH4ze35dKB8SLf5h+oryj+vfLv8vxCM39yezwTKh3Sbf6i+ovzzyrfL/9Zg/Ob2/LNA+ZBu8w/VV5R/Xvl2+WffLzOU/68Hyod0m3+ovqL888q3y38iGL+5PZ8NlA/pNv9QfUX555Vvl/+OYPzm9mwKlA/pNv9QfUX555Vvl//OYPzm9lwbKB/Sbf6h+oryzyvfLv/bgvGb2/MbgfIh3eYfqq8o/7zy7fKfDMZvbs91gfJNGiaOu80/VF9R/nnl2+V/ezB+c3t+M1A+pNv8Q/UV5Z9Xvl3+XwzGb27P9YHyId3mH6qvKP+88u3y3xWM39yeGwLlQ7rNP1RfUf555dvlvzsYv7k9vxUoH9Jt/qH6ivJvKV+ZfQ/5gVD5PcH4ze357UD5kG7zD9VXlH9e+Xb7f28wfnN7NgfKh3Sbf6i+ovzzyrfL/45g/Ob23BgoH9Jt/qH6ivLPK98u/zuD8Zvb8zuB8iHd5h+qryj/vPLt8t8XjN/cnt8NlA/pNv9QfUX555Vvl/9UMH5zez4XKB/Sbf6h+oryzyvfLv/9wfjN7bkpUD6k2/xb6qtk21c+n3b5H8gpH+W05+ZA+ZBu8w/VV5R/Xvl2+f9eMH5zez4fKB/Sbf6h+oryzyvfLv+DwfjN7bklUD6k2/xD9RXln1e+Xf53BeM3t2dLoHxIPf/9+yYmthy4Y/u2/RNb9uzdPjG15eC+yf37J5ITtW7/fzN4X1lyX2J/1Nc2/1WZ9eXJrVvLA+8PlC2fhn3v7IPW9wfKVttX8D45RfsrW3/R+wzllc8bb6H9W3Q8KDsespp+P2qDZHLP1MS+1uP3UNv+aBwT0extc7VP4BiMzytVPvt2nYFqCpXPZ7BtPtnNA8mNgAPxuaXKR4HPg5uv8vnEwXzy2jHfz7FLw87rc+wy31rkvEdrU747pmYP0pPbdk0emmht/+KzoP1l+vFIz9tRaWlH0f6PM/2xImnJitDnvQX67+B3/8/Df/u3/+HXo2js3OoFXfVfPD699dR5X/jxxwc+PNP+Stv210umn6tc8PmH2fJpPn279k7t/8c79h7Yk/8KWnq/c6W+vkD3Oyd5Vkv+H3Pofo/53r8ctzw4O5W9fxkAAOCdIv3///R6dWXyP6grMlME5eeBu/v/6OA88PFy88DZ2YiieeBs+Upy81fRPHB6TT7c5Txwtv7QPG2lTfl2r7uUnQf+XKD8fJUfJ929D0BwnCQ9VTROsv+HXzROsuXT/VH29YKhLsdJtv6icZJXvt3r02XHyY2B8iHlx0MH7zsxGkUPPz8QRR958rHgeBgrNx6yn6tZNB6y5ec7Hga7HA/Z+ovGQ175dvfrlBwPp9Nd0fXrR4Xjo7v3hQmOj63lxkf281KKxke2/HzHR9zl+MjWXzQ+8sq3u5+x7PHiNwPlU+X3f3fv2xPc/0fL7f/s57YU7f9s+fnu/0qX+z9bf9H+zyvf7n7usvv/2kD5VPP+n9nxs/t9YsvBvfsa74Ge2//xG8nerU/vl9n/RZ/bElK+fQv7uTWdKt/+hXrfp6j5BcwFa3+b88m+1hTSn5V9X6mFb393103B9h/v7pWu8u1f2M8P7lQvXo9d3bye/3ps8j9DRe9DXfQ67e8Gts/vddqhubrbvenbWcDrtAAAALDw0tf/04/jT9/f/qvJMvAx/R17a32+99zE5dz7+wfnudJP3O5qnuut//77CzuPecb+v+Ksms+LzOcBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8wwz0rZxdPvUHU7+8dtWnfnTfxKuHP/293fceHV/01Ccf/Oyzf/z5P33+hRXr1v/J7VefvnPJpgceGP/JFaf/6o17CgOP1BaXJKuDURS/FEfR+3687o/u/8HT508vr22vxiNHomhFXPnLOBth7LUoirbX29n8w8df3bBjZnnkqwNN25dngmTzioaraXua2hndVZgRb0Ez+zmOomqy+uyxv77q1bHB1/YdmSsSD84MoWQ8RdGyrY3P74+iaCj5mpGOtpXpk5PldVEULW543kcL2nVRibbP1P2hzLZ0fVWyXJQshwtipT+/MLPeX6IdM/oyy8GSz+tUZWHD///p6enZB+n+W7LA9bcc3TL1rEiW302Wl8wzfjX9iqNKHPXVq9sVz42RqGG/xVE8u+/n1itNYyHOjI04iuLMeiWzXu3P5DVbbzLQqnHcvD0tl9k+mmzvS7ZfWDDWbghsf0+ab/KLeiqTfzbocMuDel6z0nb9rE1bzoRKwzEob3va3sFkZwwn24bjc1qeM50j/dnmF7727ecPfWvNSKC++DtxEj9uiF8tHf+Z3R87sfbQT0+uDOQZb60k8SsdtX/q0pcfe/H6H54fjH80jV/tKP5zl6/9+vcPHzw1Eor/d2n/9HUUv7rxg6fX3ze2Odj+h9L4gx3Ff/iqR7+57CNPPhZs/1jaP0Od9c/kgddveuTck8H4URp/cUfxr3zlvIs37n10ZzD+E2n/DHcU/+mpyU3337b64Ggo/vE0/tKO4l/085tvOnZi4rlg+8fT/hnpKP4n1lx53aaTex4MHTvjIwv8Fxbgbe5dyTnWV5L1P/yLvRf84tKr868zG+YtsteZ3Wq4XvjGSFw751uSfC3tZUUZM/UsW8D4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8PU1c843D1xzf8um+OIriQJnpHOnPqovGx0c7qLe68YOn1983trlx28oO4gAAAADF0uvwSn3LYLQyOhgPRe/NLZ/OEbw3XYubt2fnEIbmSvYkTqVHcao9itPXozj9PYqzqEdxBnoUZ7AgzmBULs5Q2ziV0u1Z3KM4wz2Ks6RHcZb2KM6yHsVZ3qM4I23jlB+HK3oU55wexXlXj+K8u0dxzu1RnPN6FOf8HsXJzinPdxwuTUquCsWZfVAtjNMXV+s/yJtPT+t5X+Z5lXnWM1yynuyc/XzrGSpZzwe6rGewZD1ru6wnLlnPJV3WUymoJx23d2Xbl9aTrpUc/3f3KM6hHsX5/R7F+VKP4tzTozhf7lGcw13GASgrvf6fu24ciQb6Ph4tTo442VmA9Hp3de3ZLcejwewFeiKNd0Fm+6KieNkL9Uy81T1u30WZ7f1N8frq501t4o00xluT+WFhvtkJhUz71s03XnZiAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB/YNfuYuQqywAAf2fnl23BqYE6kEJHSitGpKWL8pMaDnoxSwxKAH8CprulDHXTbRfZNoUVWesF8UIFo4mrF8ZwhSHEqEFRSZYLjUFJ2ESxiaAkKlE0QAIk1MRkzO6cM3+d6SyTYgs+T8j5eb/3+95zZkiT99sBAAAAAAAAAAAAAADgTVSrLsxXlybGQxSW/+up3kM6lsnHcWWIup/869d+8Je5717QHitku5IW7xliZQAAAKBb2ofnmpFiKGS3hnyU78grJvsAxeQ+U2qco8rIynk0Wnfc/GySv/XAvtu3zt419/6pfbv21PbU9o+NjV1+6dj2y7Z/cOttU9O1bY1jKAxYL5esN3vX3N5d09O1O2Yb993PXU7mlVuhyeXD4eS539mrTrF1HyX5rTpv3kX/b6l7YwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE6OWnVhvro0MT4ahRD1yan3kI5l8nFcGaLu1a+t33zlzEN72mOF7BALAQAAAAOlfXiuGSmGQjYTMuHslbvzW6mlEFp9PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8P+nVl2Yry5NjK+JQoj65NR7SMcy+TiuDFH3t7NT19772Y2H2mPlIdYBAAAABkv78JFmpBjKYVPIRWd35KV7A+d0zV/Jy7Xu03XO7ZUXjs3r3jvol7dplXlbVpn33gF5H0vOdwYAAAB460v7/2wzUgqF7Ol9+/9BfX2at7ErL5Och/mtwIrisBMBAACAtP/PNyPlUMiWm/36avv980PIt8fT+YP+bp/OH/R3+zTvwq68tE733/MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgFNXrbowX12aGM9EIUR9cuo9pGOZfBxXhqj73KVbvvWL+UNH22OF7BALAQAAAAOlfXir9S6GQnY05MKalb7/8i3/+tzc5OF1uVIynM+HO3cdOHDH9sYxzdv0pVc+/fufRZVj8i5pHE/KywEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACdAtnlVqy7MV5cmxk+LQoj6ZNd7SMcy+TiuDPEEz00d/M/ND571cnusPMQ6AAAAwGBpH97q/YuhHPIhH9av3LX3+stGuub32zMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3j5m75rbu2t6uhalF3e4cDHkxZpT4zFcnIiLk/0vEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcKqoVRfmq0sT48UohKhPTr2HdCyTj+PKEHUf+PBD3znjA798uD1WHmIdAAAAYLC0D2/1/sVQDrmQC2et3PXaE1jp/0v/w4cEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABOCbXqwnx1aWL89CiEqE9OvYd0LJOP48oQdc//22duXjxSe649VsgOsRAAAAAwUNqH55uRYihkLwmFsCG5n+6cEGWSc+99gda82zumja563t0d8zKrnvflrjfLJm/TmFdM1ys1zs15lWPnVUII5WReuTUw2TEv3N8x6/RVP+f3OuaVBswLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcAqqVRfmq0sT41EUQtQnp95DOpbJx3FlNYW6Fn963xVHtsz96eX2WHmoNwAAAAAGSfvwVnteDOVwbjgjnLvS94dSZ36at+PBF6/8x89P+2oI29b/7rxs3/X/fmH1V92HEEY6k0ZCeEdSL+pT79BP/vnASy/99KMhbDsrs+GN1utcMq5PHl1/y1M7CluP88EAAADA20ja/+eakVIoZPf37f/TzvsN9f8zZ95w97rkmHTkXTNGSkm9kT719l72jR9Xzjvyx+X+/3j1Pv6Fcz6yLsxcFk+lx0akSxTXp+/bvPOFtU8cTN+6UT/TVT/9XJ4/+qNPHJrd/cVG/WIoJvFzsr3qH3vsclpcf33/o4/v3jF3XWf9bJ/3v3fzu//8h2/ve3G5/qsbR5v133Oc9z9+/TNvrD5z+JH7r++sn+tTf88Na77/WmXm3433/3pzfDSEve35ySff+MLbvoUuUVx/derJq9YubtrZWT+EMNmemH7+jz/6zcrib9btSz//9LciF27qXLj9f7X2Y9eeUxTXFzdctGfssQNrOutHXfXT9z9yzw9f//yRp6/p/v5vDaut3/3+12zJ3PTsxrFV/XgGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCtp1ZdmK8uTYyHTAhRn5x6D+lYJh/HlSHqfuiCq6+79uX9X2mPFbJDLAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcMLXqwnx1aWJ8JAoh6pNT7yEdy+TjuDJE3dmLX3n4het//a72WHmIdQAAAIDB0j681fsXQznkQz6MrvT9k0fX3/LUjsLWUGqMRsk5Oz0ze+B9t80c3H/rSXpyAAAAYLXS/j/bjJRCIXtByCX9/+KGi/aMPXZgTdr/hxAmlw/F26ama2OhuU9wzZbMTc9uHKs09wna8y7ePTOdbBOk695zxdrnZz+1dG3Pdbe38l6devKqtYubdqZ5ueS8kndJK2/6vs07X1j7xME0byTdp1jO29bKe33/o4/v3jF3XTqeaV+vLe/MG6vPHH7k/uub6yTn0aQuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/ZQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgr7dRRadRXHAfyceze9eufainJJkYqJBsmkohKiKSQ9tJACXyzwISsjkxphCOESsjAJnyqCIqIgECkIeijCgjJIoiBCewhDe6iHWEQLcVGx7Zzt7q//tv41Bfl84HI8597zPb//+R//uxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Pya29Yz1h5+euD3Oxfd9vnuLcO7bn9/21P7++YcvnXfHcdeuffNEye7V6x+46H1I4929O/d2/f1jSNf/PnktMFPjDcrU7cRQvw5hnDllyte2PPpkYWjYzGEUI9dgyF0x9rH3bGQ0Hs6hHDfRJ1T33x3+Lr7R9vB5+ZOGb+oEFK8rtCs53rGdU2tlwtLI52zZz7cfsWPq9YfO/TtuuHexunHBic/Ehst5ymEzs2t89tDCPPSa1Q+bT15cmo3hBDmt8y7aZq6ls6w/mtL+otSOye1zWly8vtLCv32GdbRVmgbM5xXVW2W87N8/zpmef3iw624Tndq30vtyn+ZX8+vGGoxtE0s93CcPCOh5b7FEMfu/WS/NuUsxMLZiCHEQr9W6NfbC9c1tm46aPUYp47nz02Oj01fnMbb0viSac7a3SXjl+frTf9RTxWuvxjaPOMfE9cVWuv6/h9qORdqLc+gs43nehvpZjTTWDNefMacv84iv7fx5PNvn9j56rKukjriOzHlx0r532y7+ejynd8N9ZTlb66l/Fql/IFVvx786a7PFpbm78/59Ur5x69f/uIHu3acKt2fX/L+tFXKr6+5ZmT17t6NpfW/lvMblfJfX3fg5c4bPjlYWn9v3p951fZn6+N/bHrr0qHS/JDz51fKX/vbZVev2X7ggdL8j/L+NCvlHxnY2r/nwat2LC7L/yrnL6iUv/SHezYdOrrleGn9fXl/uirl37Js7Yb+oUf2lT074+C5+gsLcGG6JH3Hejb1q/7O/K9afi+81BXHv/N1pNeC/3OhgtF1OmcxHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4G924IAEAAAAQND/1+0IFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgKcCAAD//3nyUJ8=")
r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1c3341, 0x0)
getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r5, 0x84, 0x6d, &(0x7f0000001040)={<r6=>0x0, 0x1000, "eac0b8501dd802c346330023205311205c5591edc0bdaf204664d3d8ac834e3eb94f28b0d78e075c58e5519b0adba0b68ee4be60aea5bfff98a62f0ed3f251235cdd56f0a64b20a110985998ca0989f6d85f86a3b05cbb6f3b7f356ecb0dc3ea93c40c90278195788a56816a2ff8bac7c1ef854afb65c8ace9485c1d6348294e46324340823d5141f70f95897e96f36c7d5e9f473b7ff72163d5d6073940b2ab9bcbfd6b9e94dc8140b1f972e5ea42963b158a9cbc5c42a0b65dfcd416f6af7d0d3898ece3eef245ad44602b0748ae23493fa89409611ce89507a473afa3ca530ffe152844f55366ff3e16235fa03681a560f1d38ea22e3e9e0e78449233c691a23724a5d7277396194fe6e5ec4fc79c77a2dba422c5864f632173b427f90daf7807ab79d0070c4f0676dfecd2b78ba2cc9df410228ff22646ccd7a5eda0def85ae750f5811896d59303406405bb611f4252f5dc9f24a7f542665c312a9c1e126ac32d36d03be48bb47991d1609c343c612b7d03f2c9a5bac29846655b4af654c39fa9c3b7b3dd90c53891a88825b4192a7e2be29a0e632ae254f149f03a8f0bc54b28f8516a97950e99b88b5255948d68726ad96eab2a5acd165613007d829dbb628ef38ca1723299ce9e7664ed87e1b47597916287262e5b202488139d9bd5c77dba5dc0ea280080019ad3148afc7e6a9b43f93b3df6dab31b635a1f525c752cc7cbb78cabce5aa0abab34bf27a82bb3aff607cb40e6f0863038da5f44384f62c1f89296d01eafb9dd051ccaf9dc6d6c589a802d93dd8d172cb8dbf35284d59871fb6973500fdf7b099f9f705ce8b1c2954fb209bc7e846a31674676db034be0fba312b4a1e8ed2943897c843cbc7a67fbb1edf47f5c2af087513e54aedbed8b89dc5591fa25fd9f13345041fc01843881ff576977b37536f547649ad94910f7816fd22ebab073c33becbc527930686a4befd8550ddad31444088398153f28527502915a0323b5b14e80860cba44438d41ac8959544e5c7af6ec01bf8e3bce14f7b51aceb4c91d3ef1a9a21e0609183366c4f6dcb70b8bd65709d414c735984a6707e28e17bf368bac8d484562e8988ab7648714cf4c84b79c80c12b6fa5b6644c9cdaf6be859435e75b3f230d67818e0a5501f4b2b9b4b65e51b4bf944cec6b8280de7581fadccc2e50187b2ad32a368944890ca18fadeef44e31d337ed8ae9e63a27d97d5297d3501754953e787aeebb9fc6d83bf14c0f9df7b07591ec3582137581f500cf62a1d07424f5e051a78a8099ffe483206cca76b921f11ff45b6c89778170ff4c467977594c20fcf98b62ed5d0ef7d5b0f3da1f6c1758718b9a2b9782c01439988f4da6166820cc52a154d078f55b00bde54df7b4dcd0020f07e23604643d36e414940b9e742773a8664d40da4f2832deab712f3a99dcad11cf635c5f1661744d1a258ee25b2aa8559e0ab540758db9728c4de2c08dc5c7ffa4fa19aaf0288601e5535612e5aeb251592bfbddff621cece0b5596f6fdcbee22eff496715eb1cb33ab65132653fbc13b687af7cbc1c6b5badf82f886f6ad89f00f10241d135dbfb2f5999290e597c63a03adfee0667c06ed9c80b2b7698cd8dda3ce64e3696f6eaab2a14bac2aa51fe588e1c93a215d28ee68f59ab677779b5e91886ea0c4ff3639c766916297dd9d1b6f0bc3b803dee83b778e1bed0282347d986060012b0e0c3d937639bf15315ecf396dc857640706489179fe56a16fbbadd2a30250aef80fe5df98248f5d8d2874889e18e6ddbf0ac1b09dc70394e70839fe7bc13080ad9a6a1e65eeb8d130d157c1b5334b4233b48615f2d127b7169d0a8130d479b78b16e23dbcd68cc480a0b8de5a7a2044477e27cdc3f58d173ea816550e015acb32b392ad25efc8d76e6d71695c33f44cdf7a78a91bf25462d74545d1e8e910ad4dba2e65a8578ced252702ab7558956a08160b3cbda5b547dfe32c7edd6bae4c5ec55a3c0244b4f84004f1ce492e742e94faaa1097bc97956f63e6ada0ffb08240faf5a14df7127914aa4ec735d0ff6aedfa15190c59bea616a63ba9d2be315fe908657088f35540ea19e369426ccd84da22cd2772f1410833f4b6e060b5e7a770fd305598bc3da4a68a3455dc42f098d10edc9d4b2a33915cd2df3d10163fe6d273725936229903647fce68d45cb0adebacc80c1537544ff9ea841139d1348eebccb950875963348c30a24788c03a29b3597bc1a8faa39ce5711eec3ea0bdf3a298b77887bb47f451b50cea62a303ede92d6ab590df8d93b88b53b72f4daa0b81a11cd19741a4fee82135e135e031fc44667efc81a133d95d1f76b436146b2dda267b309debf0907cf575dc3cad51d00b1cd0afd3093280d662f4e664ca7d35f9d8a60f23be108356aadc51956cb17747fbda78a9d4fdcff314a95eeb42f45d2aa0efaebbad3f467c40b9d9a8c324bd56c694e633405ce229c7cda1ce35c62ce384d57e631f1be628298d98b99ae734d05f6625f04f23a540052bccb48d17ffdf1ac6332eadc2112e6831eb00c82a0ecf0dfb006523351b47d2182ec8d577ceaa19404e35c44c959eb913e1e991353b95245e234eddfad2f02a035559d96f2239a92913e6384820b55a09bd05257e7d0e7449453f9b502f0c8ba378bb9333a178433bd0a459a0be75004d08ea7a9fddc007c70fb2cef8cb9bf2a266b5af97cd0336943bd31e65b47a05edc12e6658b29c01f43f361b032f48834a83ed87689483adc9f68f9be090ee57dc412a59075ca07271b2018810f7d89c8cc54ab619ff21766172d026b212f705c02eb780bd0c6325ddad5460e51f29a8cf8745470f7372b0f2a72ae8389ce72b9616c042646b279d956d2b0ab48b5a0ec72e886a2d282fc600b42d02b8485f8edc51adb3e7f5f9e423d28ced53e8c76a0214a942180317248e73f3ca641f352b3b6a9b865a51e17730b33f76dc709a45998497c138a638c589f6df8c82a15d247fef985a7240310636644e29c99503949719c3350c40f070cd8f77c8aeb4aecae477d56c311f5e404f410808999aa8f91186ea1f097baa79685e5915f374fc4e3a2b36ffd95b268ef84d2676bb4b3598e22c71ec5a0b4b437a7bfa7e1f54d4457dbd26f16541b1fe636ac61d3f992c420f0b8ec46488fdbd441903b68709190e8db2a58ca25e55a072f31404000f326dba063322be8722ee667b9945016204af84fc3497171a904350c5b06d791f0fec11fad14d785e33cdacc92b4b8e0b2626606c9b39d16513fa3eba991ad2bb6d08edc7a492011296d992ef7fcc23c0297143aad7ddff7ec9ac1ab1b450bc8de702cd099051b33de6b6e5a3d25b6d049a17ee431f8f0609059efb7a460331d2a678f1346ca05a415b07496512003af7fd458f97e1ed33db5eeb7132a2ace3e686c6f9bd5d4d3aeb38ae8e851554ae3843bcdb0b181f4a9eaff8aca72c53e8e39f0fa39404962203045f92ee756ea760953f55f741e059588f9498ba074aad1be087ce29406aa2ed94eddf17b476cba4a9694ae9761ea22490c4cd06d7fc7222fbbb7543624d59b594e9dc460189c88a15103ee86c9bd54a89172d9c969c6449f55f236273ad3baab85a49e061910e5766ec2d3c43e8aa18c0b58fae514c3356a7a2fbbb12b53902eb757d0ed14b3dc9b12d27a548519e74387486e74064db5d68f90888f1e751622fbc5345a9ecfd93b97d299d4c04bceadb8c2410be86d6b713613666ad4ca735cf1653188d0e5b915182da9ee854a644258ed9d64275e8f2520f5a28da09e04b0fed6f74fd06cc2901c2218543a7af1c527961ce0bf1c5387ded4172cc40c5836439ff7c33bf0546081eff3bee76e653194ab3d1183f03baf53c49292c5e3149d94d140082b5ff5be6d50f9395718a012dd43ed7104e11749dcaf025088f9a4cadf913261ccb716e7135e6ac333b9870348d3702ccbcd4fe23074ca0c4c6a7109e0393181ab5f1488f630c5a63e8eeeda92bc50ffd913a2a9975e7ac00b861a7d614ce8354d8455c5535659147c5138ea35e789112d15a60276b336ac7f6d8c152aee0102c51c6dffcfde54d2018f1e1b5808203a3130c0d8fcb67faeab462f0b878454f6c3c920ced83ddd1a08eb1cb300dc0ec335fb9b8aa4f4a7f20f9773d1db86e599276461273a5ba3206d978b9f71a9f13d5a994a32bdedbc1e6f6e585d3482d341968f66f406c3060f1c259db225fa4358f6581abcef9436bec38b8415a62afd5e1433700f084c43b06602990355a8fb6ad669c8612d0825ce0c06cb2afbc69543bbe76653178c60844531e3a454aa04f7a05bf106e14c9fb42554e9ccfc77bac71742d6a3d78fe9e811e1f26a526bdaa62c7d1d1c04d9c4cb506c683db78337976c945e393e45f6dbab2dd026ca31b968fc70b3117da78d7de917aa8788fa47a1adb6b7f80565390069d4161e8804b86bc909bbc3f105068ea5bc3ba4bff60e394a17a62e9acf7bbd384dd23a63826a68baf9339afd93ee086d9819d40ad1ca23761197ae5c1f482c0cf6dbfa1a4afbece7dc3bf1b8c2ebc19584ba8665a604900d34d4e10457c17c6a3d1b111f758dbbae01019c086c2edada8f828e175782143daf6e32e99982bc0927cedc03438f25bca4599004aadae34f6bb397d94cf7ccd798fae584465c5f48feccf2c017a6545f0e6f44272fb925919d6826444c6d3fe8f4bc72f6d50b86228a857e783a893eb752f229686922aecc267f873b93730505223b8a6dfe131ce4f07f4581a5f53c7983de3ae841967fd44ff8b0b7fc93861f1357c76fe76bc037701bf35af827136efd98e86ccf71856bdbdef657b98563cadd92b2f3b7ac451d9396cd6010f6e84dedc03d8d1490864452cb34864cb8b7ed0fbe87f156a86b59a6834fbb93e2f8381d130e6193cbc89a980c05e91b4dc00855dc0acf0c94ec50b39f128f85e035c0cd0cd09884056dc29949a395746c5084cfcfd9d9e58736c5f742826b261ab810d9391226908b92537cf9aa63e8ddb7891ecc93eca7ca487bda0a2441cb8a526521cbb8d24064cccea15b007493593ce4c60275072d3fd54a2e4f8d2188a5639702b1ac072c94ce12a6a02ca875989e712761fa76ab1a88b16629d42f37fe4a6fce84699392cc2022af1b7a0b16e8b023dfd6f5c748c5dbb1b8f44d5abbf433e1101a38130f9c9015213c186a15bf3e5545a0707756b882675e453162325fb2e1e8fa978cb883fcb185d04e5198a8627cab26ff8384f03bb41578956640b4b528a1203c2e7ed49183032e0c49033490aef01519739b94359db1b69409a28616cac418ce10d69a3aa88b585f099dbf2b4c67fca7a014423dbb95d3ac2600dc2649b86acc6dc8edf5cfdfcb4d54354a91c9a78896316fbd98882e7713f45fd5c493c40f8455d76860cc36616fca455b97873a03d00f93bcce0ae9b37b76024f083ee5630ae235071965cdbd67e4a49ce21305359a458ae89df6e083a36f389a5542cbb866a5518e6af364fd02212703d5e369b308afeff2151eeea2db92b26b48bf9323fe24806e567919df3899c8fbdc289d83100e1e95be1b9b9fb452f4537791476f08d99a0485a9e6e581c4d53765d41c7267959fd467ed30ca51f346d421e65ae60e401a04c58badc53091f9c7d4c87f6890239a3f0b029ef689057016a38d46d882e8e42000107ba80e4e8f0651f45c770c85bc1bb7cd3f59b96fff860c180da48abb319a879086ca5af9deb7ca35083f5b231534479b532e87e0372e83aedcb5ea2afd38"}, &(0x7f0000000380)=0x1008)
getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r5, 0x84, 0x18, &(0x7f0000000440)={r6, 0x4}, &(0x7f0000000480)=0x8)
writev(r5, &(0x7f00000001c0)=[{&(0x7f00000004c0)='/', 0x1}], 0x1)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000600), 0xffffffffffffffff)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_SET_CQM(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000003f00000008000300", @ANYRES32=r9, @ANYBLOB="1c005e"], 0x38}, 0x1, 0x0, 0x0, 0x20048000}, 0x0)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r5, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000980)={0x5c4, r7, 0x200, 0x70bd2d, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x29ae11bb}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x22c}], @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_CSA_IES={0x58c, 0xb9, 0x0, 0x1, [@beacon_params=[@NL80211_ATTR_PROBE_RESP={0x234, 0x91, "da82168043ac45c3daa0279b8d43afc3330dc5644e1a7073e21a13f520ca5e782900290cdfe59dc26ec7a71911c937973f22f93ba96a5b6bf3d869c9ba4fa6440406710a7d552f848e4f97f47ea07e2e80877336c1755a93e4d87ad45a3f3e480e8a9865f590c0688306d9a8d41c185436148869286343479453599b0816c7eae43f1b94a00d0cc1007190f28fe5aadf74017f08e265b63daaa6dfa14854a158a888f8fb14f1725aead0c74221b1059e5a0c583b45de8796dc9eb765a3b07886e90b0b6e1208f389c66481582d893cb8a064a61f9ac39232a613cc13bf43cfe0e807d09735311381846488b90a690061822402843d4f84d2d8c23b738f0bcdbd526cebc8da0a21dfffb72c3e0221249ea28a0b75d05be3baa7407ec778b9dd69eb07ed0212de137edc58492d1f0b37fc6f9ee4c5a045e47815666d4407d6f1c11e331f0b82e80c0774f60602805e8d5febc0504219f3e89d19857c2405e42a4aca0c8b0870db0cbfffe8cde7b7976efc7b44f8a1ac0a411b95923d4146a8d2c25e9d21d36c88dc56c7b4b3228f5c0cf426d92ffd44f057ab71d0204619fb1bc935ef1380e32e173ece8a1b7524c7119ae6b3917ed624e3f7a4db22e5e7e7b8f363367200e1088c549b8bf82e9a46d97d8e89031e4d75c457fd544481cfa500ba3da4cc5af1c40866fcb292f3bd1c94c7dc64436ab60b9d951db54bd82550e067314322b61befe937515aad418319cd222107f23f5d80ac787377a2ffcc57058a1e25fffbee8ead834a23f5d677ce1eb9"}, @NL80211_ATTR_IE_ASSOC_RESP={0x45, 0x80, [@dsss={0x3, 0x1, 0x7c}, @challenge={0x10, 0x1, 0x3}, @supported_rates={0x1, 0x2, [{0x30}, {0x4f}]}, @peer_mgmt={0x75, 0x16, {0x0, 0x3, @void, @val=0x2f, @val="8649cdafe23cac4f0b7e4011e558d9ca"}}, @rann={0x7e, 0x15, {{0x1, 0x9}, 0xe6, 0xc, @device_a, 0x8, 0x1, 0x4}}, @ssid={0x0, 0x6, @default_ap_ssid}]}, @NL80211_ATTR_BEACON_TAIL={0xd4, 0xf, [@mesh_config={0x71, 0x7, {0x1, 0xffffffffffffffff, 0x0, 0x1, 0x2, 0x5, 0x20}}, @peer_mgmt={0x75, 0x18, {0x0, 0x0, @val=0x32fe, @val=0x3f, @val="7f6894a285c5d608bf51f2fca0b62d2c"}}, @random_vendor={0xdd, 0x99, "0a72dcf4d0d089080fa6eec44599be80c153971637b41946ae07c0b5a0dc21d11c553aaa3155a4b8d2d60e9b9ef8e3c857fd20642500b06fba102470fe0f72f5593b81de7ddf74653354f1ec7711efd21a5e03bc0999c3451e9465449283b836602b46233ffdf8e9137f36e16af11d6bc2e3165080b426fd3f5f4504635bb349cf68c53533feccff958cd04bd9fda03a118e6a772eca8311e2"}, @tim={0x5, 0x3, {0x5, 0x7e, 0x40}}, @channel_switch={0x25, 0x3, {0x1, 0x24, 0xc0}}, @mesh_chsw={0x76, 0x6, {0x0, 0x9, 0xc, 0x1}}]}, @NL80211_ATTR_FTM_RESPONDER={0x144, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x67, 0x2, "d03c90ded6e7d03d275178a25af85aefe153367c3e1f0a6388cadf53421e5271e68a607121f72151ce365997cb792f40314bc37a0ba908c721759f7589c34d4bbb1e365dc7e6bd052a0af5d0ae0e8a6c041f56e8bf67390a868357a58420041a3152b9"}, @NL80211_FTM_RESP_ATTR_LCI={0xd2, 0x2, "a6a81a7d92dc1816af5c901e6dccb224de49367aef517af0e865a09c566482f8928067e1fe039c0c34501e8a0c82a3915ef76e4dd2ac99f075af7642c9eb9487f522b1e4b4c4957a6c37d5ef1381a6a28873937f66768d10dfc75d57fd4fcf8a81957f2b6f3a8419b6d477fef1d7d3c3d2e22d1cba5c30b4f4a60e5f00955fa58acb48e0e6a8f266f3fdd41710aa4853c98aedfe6050ee7b99f9d50969ffb25a87bbf9f91e946288a432ce9fd2fe199c9c06dbb17a1dd9086863ce09a51d87e77fcbe08f31263e1181ee85c141a0"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x4}]}, @NL80211_ATTR_BEACON_TAIL={0xe8, 0xf, [@mesh_id={0x72, 0x6}, @random={0x9, 0x9e, "e0240bccdceec670141e5434cc60b7e24ab3a9293b3cde3af9ccfab3812c9f5947b120a0a329be4ffe1da42e01d916fc2e302dcb111e212281bf6bfb225a645a6b6fc55f5bb46050478849b4c630b81aebd2a7ad4ca0db40b304d9ba9e58ab55e8e2464fa0e6307a19fa0b08548ee4a5e772b7631ee974f25351950257a3596c37216af015936b9a34f6e76ecd1ef61785ae7e5bd5a156c3d892d1148973"}, @challenge={0x10, 0x1, 0x52}, @channel_switch={0x25, 0x3, {0x1, 0x66, 0x3}}, @chsw_timing={0x68, 0x4, {0x8, 0x7}}, @ibss={0x6, 0x2, 0x7}, @prep={0x83, 0x1f, {{}, 0x7, 0x98, @device_a, 0x0, @void, 0x401, 0x8, @broadcast, 0x5}}, @chsw_timing={0x68, 0x4, {0x200, 0xffff}}, @erp={0x2a, 0x1, {0x0, 0x1, 0x1}}]}], @NL80211_ATTR_CSA_C_OFF_BEACON={0xa, 0xba, [0x4, 0x6, 0xffa5]}]}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}]}, 0x5c4}, 0x1, 0x0, 0x0, 0x20008010}, 0x4004)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x3, 0x3, 0x3}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
openat$iommufd(0xffffffffffffff9c, &(0x7f00000003c0), 0x140, 0x0)
sendmsg$tipc(r3, &(0x7f0000000500)={&(0x7f0000000200)=@id={0x1e, 0x3, 0x0, {0x4e20, 0x4}}, 0x10, 0x0}, 0x20000040)
listen(r0, 0x50)

2m13.089390735s ago: executing program 3 (id=1511):
syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x200000, &(0x7f0000000200), 0x3, 0x570, &(0x7f0000000680)="$eJzs3V1rHFUYAOB3Nkm/tSmUoiIS6IWV2k2T+FFBsF6KFgt6X5dkGmo23ZLdlCYW2l7YG2+kCCIWxB/gvZfFP+CvKGihSAl64U1kNrPtNtnN52q2zvPAtOfMzObM2TPv2Xd2dtkACmsk+6cU8WLcjK+TiMNt2wYj3ziyst/So+uT2ZLE8vInfySR5Ota+yf5/wfzygsR8cuXESdLa9utLyzOVKrVdC6vjzZmr4zWFxZPXZqtTKfT6eXxiYkzb06Mv/P2Wz3r62vn//ru43sfnPnq+NK3Pz04cieJs3Eo39bejx242V4ZiZH8ORmKs6t2HOtBY/0k2e0DYFsG8jgfimwOOBwDedQD/383ImIZKKhE/ENBtfKA1rV9j66DnxkP31+5AFrb/8GV90ZiX/Pa6MBS8tSVUXa9O9yD9rM2fv797p1siQ3eh7jRg/YAWm7eiojTg4Nr578kn/+273TzzeP1rW6jaK8/sJvuZfnP653yn9Lj/Cc65D8HO8Tudmwc/6UHPWimqyz/e7dj/vt46hoeyGvPNXO+oeTipWp6OiKej4gTMbQ3q693P+fM0v3lbtva879sydpv5YL5cTwY3Pv0Y6YqjcpO+tzu4a2Il57kv0msmf/3NXPd1eOfPR/nN9nGsfTuK922bdz/dr3PgJd/jHi14/g/uaOVrH9/crR5Poy2zoq1/rx97Ndu7W+t/72Xjf+B9fs/nLTfr61vvY0f9v2ddtu23fN/T/Jps7wnX3et0mjMjUXsST5au378yWNb9db+Wf9PHF9//ut0/u+PiM822f/bR2933bUfxn9qS+O/9cL9D7/4vlv7mxv/N5qlE/mazcx/mz3AnTx3AAAAAAAA0G9KEXEoklL5cblUKpdXPt9xNA6UqrV64+TF2vzlqWh+V3Y4hkqtO92H2z4PMZZ/HrZVH19Vn4iIIxHxzcD+Zr08WatO7XbnAQAAAAAAAAAAAAAAAAAAoE8c7PL9/8xvA7t9dMC/zk9+Q3FtGP+9+KUnoC95/Yfi6hL/pgUoAIEOxSX+objEPxSX+IfiEv9QXOIfAAAAAAAAAAAAAAAAAAAAAAAAAAAAeur8uXPZsrz06PpkVp+6ujA/U7t6aiqtz5Rn5yfLk7W5K+XpWm26mpYna7Mb/b1qrXZlbDzmr4020npjtL6weGG2Nn+5ceHSbGU6vZAO/Se9AgAAAAAAAAAAAAAAAAAAgGdLfWFxplKtpnMKXQvvxW4fxucv7+ThSedRTto6uGJbTQz2yzAp9LSwyxMTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALT5JwAA//821zOC")
r0 = open(&(0x7f00000001c0)='./file1\x00', 0x14927e, 0x20)
fallocate(r0, 0x0, 0x0, 0x1001f0)
getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, 0x0)
pwritev2(r0, &(0x7f0000000cc0)=[{&(0x7f0000000240)="5f8ef8", 0x3}], 0x1, 0xfff, 0xc, 0x4)
fallocate(r0, 0x3, 0x9, 0x10000)
copy_file_range(r0, 0x0, r0, 0x0, 0xb51, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x62042, 0x113)
pwritev2(r1, &(0x7f0000000100)=[{&(0x7f0000000240)="1228fa03", 0x4}], 0x1, 0xcfbc, 0x3, 0x0)

2m12.379358876s ago: executing program 3 (id=1514):
r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000795d6c08450c3a616dc4010203010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000400)={0x2c, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000800)={0x84, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

2m8.90703421s ago: executing program 3 (id=1525):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f0000000940)={[{@bsdgroups}, {@nodiscard}, {@noblock_validity}, {@grpjquota}, {@grpjquota}, {@noquota}, {@abort}, {@noload}, {@nodiscard}]}, 0x64, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZj06Y3ueqDXvB69V5Ji3Y3aWwbfKgVRJ8Kan2vMdmEkE02ZDdtE4qm+AEEERV80hdfBD+AIAVffBShoM+KiiLa6oMP2rns7iRN091k226zafb3g8mcc2Zm/+dsmNk5M4eZAAbWOxFxLSIep2l6PiLGsvJcNsV2a2qs9+jh3bnGlESa3vhnEklWtvNZSTY/k212KiK+9uWIbybPxq1tbi3PVirl9Sxfqq+slWqbWxeWVmYXy4vl1enpqcszV2YuzUz2pJ1nI+LqF//6g+/+7EtXf/WZ23+6+fdz32pUazRbvrcdzyl/0MJW0wvN72LvBusvGOw4yjdbmBlpt8bQMyX3XnGdAABor3GO/8GI+GREnI+xGDr4dBYAAAB4DaWfH43/JRFpe8MdygEAAIDXSK45BjbJFbOxAKORyxWLrTG8H47TuUq1Vv/0QnVjdb41VnY8CrmFpUp5MhsrPB6FpJGfaqaf5C/uy09HxJsR8f2xkWa+OFetzPf74gcAAAAMiDP7+v//GWv1/wEAAIATZrzfFQAAAABeOf1/AAAAOPn0/wEAAOBE+8r1640p3Xn/9fytzY3l6q0L8+XacnFlY644V11fKy5Wq4vNZ/atHPZ5lWp17bOxunGnVC/X6qXa5tbNlerGav3m0lOvwAYAAACO0Jsfv/+HJCK2PzfSnBqGu9u0y9WA4yq/m0qyeZvd+o9vtOZ/OaJKAUdiqN8VAPom3+8KAH1T6HcFgL5LDlnecfDOb7P5J3pbHwAAoPcmPtr5/n/uwC23D14MHHt2Yhhc7v/D4Gre/+92JK+TBThRCs4AYOC99P3/Q6Xpc1UIAADoudHmlOSK2eW90cjlisWIs83XAhSShaVKeTIi3oiI348VPtDITzW3TA7tMwAAAAAAAAAAAAAAAAAAAAAAAAAALWmaRAoAAACcaBG5vyW/bj3Lf2LsvdH91weGk/+ORfaK0Ns/vvHDO7P1+vpUo/xfu+X1H2XlF/txBQMAAAAGwnO9wH+nn77TjwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAXnr08O7cznSUcf/xhYgYbxc/H6ea81NRiIjT/04iv2e7JCKGehB/pPHnI+3iJ41q7YZsF3+kB/G37x0YP8azb2F//OGIONOD+DDI7jeOP9fa7X+5eKc5b7//5SOeyr+ozse/2D3+DXU4/pztMsZbD35R6hj/XsRb+fbHn534SYf473YZ/xtf39rqtCz9ScRE29+f5KlYpfrKWqm2uXVhaWV2sbxYXp2enro8c2Xm0sxkaWGpUs7+to3xvY/98vFB7T/dIf74Ie1/r8v2///BnYcfaiUL7eKfe7dN/N/8NFvj2fi57LfvU1m6sXxiJ73dSu/19s9/9/ZB7Z/v0P7D/v/numz/+a9+589drgoAHIHa5tbybKVSXj+xiUYv/RhUQ+IYJr7d0w9M0zRt7FMv8TlJHIevpZno95EJAADotScn/f2uCQAAAAAAAAAAAAAAAAAAAAyuo3ic2P6Y27uppBeP0AYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6In3AwAA///d8Nla")

1m53.698028688s ago: executing program 35 (id=1525):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f0000000940)={[{@bsdgroups}, {@nodiscard}, {@noblock_validity}, {@grpjquota}, {@grpjquota}, {@noquota}, {@abort}, {@noload}, {@nodiscard}]}, 0x64, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZj06Y3ueqDXvB69V5Ji3Y3aWwbfKgVRJ8Kan2vMdmEkE02ZDdtE4qm+AEEERV80hdfBD+AIAVffBShoM+KiiLa6oMP2rns7iRN091k226zafb3g8mcc2Zm/+dsmNk5M4eZAAbWOxFxLSIep2l6PiLGsvJcNsV2a2qs9+jh3bnGlESa3vhnEklWtvNZSTY/k212KiK+9uWIbybPxq1tbi3PVirl9Sxfqq+slWqbWxeWVmYXy4vl1enpqcszV2YuzUz2pJ1nI+LqF//6g+/+7EtXf/WZ23+6+fdz32pUazRbvrcdzyl/0MJW0wvN72LvBusvGOw4yjdbmBlpt8bQMyX3XnGdAABor3GO/8GI+GREnI+xGDr4dBYAAAB4DaWfH43/JRFpe8MdygEAAIDXSK45BjbJFbOxAKORyxWLrTG8H47TuUq1Vv/0QnVjdb41VnY8CrmFpUp5MhsrPB6FpJGfaqaf5C/uy09HxJsR8f2xkWa+OFetzPf74gcAAAAMiDP7+v//GWv1/wEAAIATZrzfFQAAAABeOf1/AAAAOPn0/wEAAOBE+8r1640p3Xn/9fytzY3l6q0L8+XacnFlY644V11fKy5Wq4vNZ/atHPZ5lWp17bOxunGnVC/X6qXa5tbNlerGav3m0lOvwAYAAACO0Jsfv/+HJCK2PzfSnBqGu9u0y9WA4yq/m0qyeZvd+o9vtOZ/OaJKAUdiqN8VAPom3+8KAH1T6HcFgL5LDlnecfDOb7P5J3pbHwAAoPcmPtr5/n/uwC23D14MHHt2Yhhc7v/D4Gre/+92JK+TBThRCs4AYOC99P3/Q6Xpc1UIAADoudHmlOSK2eW90cjlisWIs83XAhSShaVKeTIi3oiI348VPtDITzW3TA7tMwAAAAAAAAAAAAAAAAAAAAAAAAAALWmaRAoAAACcaBG5vyW/bj3Lf2LsvdH91weGk/+ORfaK0Ns/vvHDO7P1+vpUo/xfu+X1H2XlF/txBQMAAAAGwnO9wH+nn77TjwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAXnr08O7cznSUcf/xhYgYbxc/H6ea81NRiIjT/04iv2e7JCKGehB/pPHnI+3iJ41q7YZsF3+kB/G37x0YP8azb2F//OGIONOD+DDI7jeOP9fa7X+5eKc5b7//5SOeyr+ozse/2D3+DXU4/pztMsZbD35R6hj/XsRb+fbHn534SYf473YZ/xtf39rqtCz9ScRE29+f5KlYpfrKWqm2uXVhaWV2sbxYXp2enro8c2Xm0sxkaWGpUs7+to3xvY/98vFB7T/dIf74Ie1/r8v2///BnYcfaiUL7eKfe7dN/N/8NFvj2fi57LfvU1m6sXxiJ73dSu/19s9/9/ZB7Z/v0P7D/v/numz/+a9+589drgoAHIHa5tbybKVSXj+xiUYv/RhUQ+IYJr7d0w9M0zRt7FMv8TlJHIevpZno95EJAADotScn/f2uCQAAAAAAAAAAAAAAAAAAAAyuo3ic2P6Y27uppBeP0AYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6In3AwAA///d8Nla")

13.645220585s ago: executing program 7 (id=1739):
socket$unix(0x1, 0x2, 0x0)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000004c0), 0x48100)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000400), 0x40000)
openat$procfs(0xffffffffffffff9c, &(0x7f00000010c0)='/proc/tty/drivers\x00', 0x0, 0x0)
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x240048c1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0)
r3 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
dup3(0xffffffffffffffff, r3, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x3e, &(0x7f0000000100)=r2, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc)

11.707967859s ago: executing program 7 (id=1742):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f0000000480)={0x0, 0x60, &(0x7f0000000140)={&(0x7f00000002c0)={0x1c, r4, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)
io_setup(0x3fe, &(0x7f00000001c0))

11.428262324s ago: executing program 2 (id=1745):
r0 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r0, &(0x7f0000000480)={0xa, 0x0, 0x3c000, @dev={0xfe, 0x80, '\x00', 0x1a}, 0x5}, 0x1c)
r1 = dup2(r0, r0)
sendmmsg$unix(r1, &(0x7f0000008380), 0x400000000000174, 0x4008890)

10.121190495s ago: executing program 7 (id=1748):
socket$unix(0x1, 0x2, 0x0)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000004c0), 0x48100)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000400), 0x40000)
openat$procfs(0xffffffffffffff9c, &(0x7f00000010c0)='/proc/tty/drivers\x00', 0x0, 0x0)
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x240048c1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x3e, &(0x7f0000000100)=r2, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc)

9.329682654s ago: executing program 5 (id=1749):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYRES32], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$RDMA_NLDEV_CMD_SYS_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x94)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56741, 0x1, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x0, 0xf}, {0xffff, 0xffff}, {0x3}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0xfffffeee, 0x2, {0x21}}]}}]}, 0x48}}, 0x0)
r3 = accept4(r2, 0x0, 0x0, 0x800)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000001100000095"], &(0x7f00000000c0)='GPL\x00', 0x1005}, 0x94)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={0xffffffffffffffff, &(0x7f0000000240), 0x0}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="150000000300000008000000e2cf00", @ANYRES32, @ANYBLOB="0500"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="10eaee2c77a048006a3869ea0081086be3867823efb63823595bd73ff88d00e8993d708d2b2af83cc5830f86f8145924ff19426701f6d0d700f7cf65ca126996f751ce9e8ad55d41896b3490f019a76b1fb78945d83c59d5c240d3afdc0c3ade6124a3793ba8bcde82126147a166fd71f1f486f4b994cdce870ba3a11b646870acd21d1e98dd3137979c0c2352d1b6ee07112c2581a771d436147b448a750888ff111cdef81b3892", @ANYRES32], 0x50)
bind$alg(0xffffffffffffffff, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

9.306425081s ago: executing program 2 (id=1750):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000380)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002dbd7000000000004400000008000300", @ANYRES32=r3, @ANYBLOB="0a0081f02467e53a180003037cb7000100008000"/36], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x840)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket(0x10, 0x803, 0x0)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=@getchain={0x24, 0x66, 0x0, 0x0, 0x2000, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x4}}}, 0x24}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r6, 0x1493cf2c54a75087, 0xac}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @loopback}, @IFLA_IPTUN_ENCAP_DPORT={0x6, 0x12, 0x4e23}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x40001}, 0x20004090)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket(0x10, 0x3, 0x0)
r10 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r10)
sendmsg$nl_route_sched(r9, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x6}, {0xffff, 0xffff}, {0x0, 0x10}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=@newtfilter={0x34, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xb}}, [@filter_kind_options=@f_basic={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x0)

7.526570832s ago: executing program 2 (id=1752):
r0 = syz_open_dev$loop(&(0x7f0000000480), 0xd76, 0x181400)
mount$fuse(0x0, 0x0, 0x0, 0xa02002, &(0x7f00000004c0)=ANY=[@ANYBLOB="66643dc6953bd340e3272b71d8f75d2e259bf1b1641dbb07e599bb12e499abcbe83cb20c3beb0dfa38c10e940b6828039ec26a486cc445322e0a22037201a9aafdefaad479199cd361137641824dfeb422ab103c6a236f4c9ae516aaf718425b7cbf0a21a98a672989ebb66211460e26e8d8f0a8338d62ea54b8dbc1492deefab8989d8802bb1b8c5d61349a79922cad342e87ed63595e043a81fa36feb0f49bca508854", @ANYRESDEC, @ANYBLOB="40ef35a971d35097635122028eb919802534a9e95b3ca94bf84415370e72798ba993e10be6a82eee4caa011b2c213a3a032f32435692c0ba1dc1f06b1de6bc83e6d684a1f35cf6c3d5", @ANYRESOCT])
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, 0x0, 0x1df)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})

7.439255108s ago: executing program 5 (id=1753):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0))
read$dsp(0xffffffffffffffff, 0x0, 0x0)
syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_CLOCK(0xffffffffffffffff, 0x1d, &(0x7f00000001c0), 0x0)
r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
gettid()
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)

7.31007264s ago: executing program 1 (id=1754):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
open(0x0, 0x480, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x140, 0x0)
r1 = landlock_create_ruleset(&(0x7f0000000100)={0xb001, 0x1, 0x3}, 0x18, 0x0)
landlock_restrict_self(r1, 0x6)
move_mount(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, 0x0, 0x47)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000000)={'ip6tnl0\x00', 0x0})
prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffc000/0x4000)=nil)
brk(0x400000ffc020)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0xc08, 0x3, 0x468, 0xc, 0x5002004a, 0xb, 0x310, 0xea13, 0x3d0, 0x3c8, 0x3c8, 0x3d0, 0x3c8, 0x3, 0x0, {[{{@ip={@rand_addr, @local, 0x0, 0x0, 'erspan0\x00', 'ip6tnl0\x00', {}, {}, 0x6}, 0x0, 0x2c8, 0x310, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @bytecode={0x0, 0x2, 0x0, [{}, {0x16}]}}, @common=@ttl={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@NFQUEUE2={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x4c8)
syz_open_dev$video4linux(&(0x7f0000000500), 0x101, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2000, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1fd)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x100, 0x1, 0x28}, 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r6], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x58, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r7}, 0xc)
ioctl$KVM_GET_MSRS(r5, 0xc008ae88, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x0)
mount$pvfs2(0x0, 0x0, 0x0, 0x8184c, 0x0)
unlink(&(0x7f0000000000)='./file0\x00')

6.236999327s ago: executing program 5 (id=1755):
socket$unix(0x1, 0x2, 0x0)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000004c0), 0x48100)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000400), 0x40000)
r0 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfec9, 0x2, 0x20, 0x2fb}, &(0x7f00000000c0), &(0x7f0000000380))
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f00000010c0)='/proc/tty/drivers\x00', 0x0, 0x0)
r1 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x240048c1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0)
r4 = dup3(r0, 0xffffffffffffffff, 0x0)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e21, @remote}, 0x10)
setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f0000000100)=r3, 0x4)
sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc)

6.194850183s ago: executing program 2 (id=1756):
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a00000004000000fd0f0000070000000000", @ANYRES32=0x0, @ANYRES32, @ANYRESHEX=r1], 0x48)
r3 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsmount(r3, 0x0, 0x0)
r4 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x140, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r4, 0xc018937e, &(0x7f0000001040)={{0x1, 0x1, 0x1018}, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00'})

6.175509963s ago: executing program 1 (id=1757):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f0000000480)={0x0, 0x60, &(0x7f0000000140)={&(0x7f00000002c0)={0x1c, r4, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)
io_setup(0x3fe, &(0x7f00000001c0))

4.879150606s ago: executing program 1 (id=1758):
socket$unix(0x1, 0x2, 0x0)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000004c0), 0x48100)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000400), 0x40000)
r0 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfec9, 0x2, 0x20, 0x2fb}, &(0x7f00000000c0), &(0x7f0000000380))
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f00000010c0)='/proc/tty/drivers\x00', 0x0, 0x0)
r1 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x240048c1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0)
r4 = dup3(r0, 0xffffffffffffffff, 0x0)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e21, @remote}, 0x10)
setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f0000000100)=r3, 0x4)
sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc)

3.873289418s ago: executing program 5 (id=1759):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x8, 0x8, 0x8}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000f80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000085000000a000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2100, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x101040)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
pipe2(0x0, 0x4840)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000480)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305-generic\x00'}, 0x58)
io_uring_setup(0x5f6f, 0x0)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440)
accept4(r4, 0x0, 0x0, 0x0)
r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000280)={0x3, 0x4, 0x4, 0xa, 0x0, r1, 0xffff93d3, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x1, 0x2}, 0x50)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000380)={r5, 0x58, &(0x7f0000000300)}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900030073797a30000000000900010073797a300000000058000000060a010400000000000000000100000008000b40000000000900010073797a3000000000300004802c0001800a00010071756575650000001c000280060002400ffe009b06000140faff"], 0xcc}, 0x1, 0x0, 0x0, 0x24000090}, 0x0)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@RTM_GETNSID={0x44, 0x5a, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@NETNSA_FD={0x8}, @NETNSA_FD={0x8}, @NETNSA_NSID={0x8, 0x1, 0x4}, @NETNSA_PID={0x8}, @NETNSA_NSID={0x8, 0x1, 0x3}, @NETNSA_NSID={0x8, 0x1, 0x3}]}, 0x44}}, 0x0)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x18, 0x1404, 0x1, 0x70bd28, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x18}, 0x1, 0x0, 0x0, 0x4000}, 0x8044)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000001079120100000000009500eeff00000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock_addr=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)

3.827267926s ago: executing program 1 (id=1760):
socket$unix(0x1, 0x2, 0x0)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000004c0), 0x48100)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000400), 0x40000)
r0 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfec9, 0x2, 0x20, 0x2fb}, &(0x7f00000000c0), &(0x7f0000000380))
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f00000010c0)='/proc/tty/drivers\x00', 0x0, 0x0)
r1 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x240048c1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0)
r4 = dup3(r0, 0xffffffffffffffff, 0x0)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e21, @remote}, 0x10)
setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f0000000100)=r3, 0x4)
sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc)

3.755649338s ago: executing program 7 (id=1761):
socket$unix(0x1, 0x2, 0x0)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000004c0), 0x48100)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000400), 0x40000)
r0 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfec9, 0x2, 0x20, 0x2fb}, &(0x7f00000000c0), &(0x7f0000000380))
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f00000010c0)='/proc/tty/drivers\x00', 0x0, 0x0)
r1 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x240048c1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0)
syz_init_net_socket$ax25(0x3, 0x2, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e21, @remote}, 0x10)
setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f0000000100)=r3, 0x4)
sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc)

2.461490779s ago: executing program 5 (id=1762):
socket$unix(0x1, 0x2, 0x0)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000004c0), 0x48100)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000400), 0x40000)
r0 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfec9, 0x2, 0x20, 0x2fb}, &(0x7f00000000c0), &(0x7f0000000380))
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f00000010c0)='/proc/tty/drivers\x00', 0x0, 0x0)
r1 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x240048c1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0)
syz_init_net_socket$ax25(0x3, 0x2, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e21, @remote}, 0x10)
setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f0000000100)=r3, 0x4)
sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc)

2.173292364s ago: executing program 2 (id=1763):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYRES32], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$RDMA_NLDEV_CMD_SYS_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x94)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56741, 0x1, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x0, 0xf}, {0xffff, 0xffff}, {0x3}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0xfffffeee, 0x2, {0x21}}]}}]}, 0x48}}, 0x0)
r3 = accept4(r2, 0x0, 0x0, 0x800)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000001100000095"], &(0x7f00000000c0)='GPL\x00', 0x1005}, 0x94)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={0xffffffffffffffff, &(0x7f0000000240), 0x0}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="150000000300000008000000e2cf00", @ANYRES32, @ANYBLOB="0500"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="10eaee2c77a048006a3869ea0081086be3867823efb63823595bd73ff88d00e8993d708d2b2af83cc5830f86f8145924ff19426701f6d0d700f7cf65ca126996f751ce9e8ad55d41896b3490f019a76b1fb78945d83c59d5c240d3afdc0c3ade6124a3793ba8bcde82126147a166fd71f1f486f4b994cdce870ba3a11b646870acd21d1e98dd3137979c0c2352d1b6ee07112c2581a771d436147b448a750888ff111cdef81b3892", @ANYRES32], 0x50)
bind$alg(0xffffffffffffffff, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

1.42465591s ago: executing program 1 (id=1764):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0))
read$dsp(0xffffffffffffffff, 0x0, 0x0)
syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_CLOCK(0xffffffffffffffff, 0x1d, &(0x7f00000001c0), 0x0)
r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
gettid()
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)

1.325350114s ago: executing program 2 (id=1765):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
open(0x0, 0x480, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x140, 0x0)
r1 = landlock_create_ruleset(&(0x7f0000000100)={0xb001, 0x1, 0x3}, 0x18, 0x0)
landlock_restrict_self(r1, 0x6)
move_mount(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, 0x0, 0x47)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000000)={'ip6tnl0\x00', 0x0})
prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffc000/0x4000)=nil)
brk(0x400000ffc020)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0xc08, 0x3, 0x468, 0xc, 0x5002004a, 0xb, 0x310, 0xea13, 0x3d0, 0x3c8, 0x3c8, 0x3d0, 0x3c8, 0x3, 0x0, {[{{@ip={@rand_addr, @local, 0x0, 0x0, 'erspan0\x00', 'ip6tnl0\x00', {}, {}, 0x6}, 0x0, 0x2c8, 0x310, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @bytecode={0x0, 0x2, 0x0, [{}, {0x16}]}}, @common=@ttl={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@NFQUEUE2={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x4c8)
syz_open_dev$video4linux(&(0x7f0000000500), 0x101, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2000, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1fd)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x100, 0x1, 0x28}, 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, 0x0, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x58, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r6}, 0xc)
ioctl$KVM_GET_MSRS(r5, 0xc008ae88, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x0)
mount$pvfs2(0x0, 0x0, 0x0, 0x8184c, 0x0)
unlink(&(0x7f0000000000)='./file0\x00')

1.304951205s ago: executing program 7 (id=1766):
socket(0x2, 0x80805, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x19, &(0x7f0000000000), 0x8}, 0x94)
socket$unix(0x1, 0x1, 0x0)
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x200000087}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r4, 0x50009405, &(0x7f0000001440))

257.806052ms ago: executing program 5 (id=1767):
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000040)={0xc})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_io_uring_setup(0x110, &(0x7f00000000c0)={0x0, 0x1b00, 0x0, 0x3, 0x80}, &(0x7f0000000180)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB], 0x5c}}, 0x0)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f00000000c0)=0xf)
pipe2$9p(0x0, 0x4000)
write$P9_RGETLOCK(0xffffffffffffffff, 0x0, 0x1f)
ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x2)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0)
ioctl$TIOCSTI(r7, 0x5412, 0x0)
ioctl$TIOCSTI(r7, 0x5412, &(0x7f0000000380)=0xff)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f00000001c0)=0xfe)
syz_io_uring_submit(r4, r5, 0x0)
io_uring_enter(r3, 0x47f6, 0x0, 0x0, 0x0, 0x0)

255.508392ms ago: executing program 7 (id=1768):
syz_init_net_socket$rose(0xb, 0x5, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x50)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3, 0x9, 0x0, 0x1, 0x3801}, {0x2c}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r1}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

0s ago: executing program 1 (id=1769):
socket$unix(0x1, 0x2, 0x0)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000004c0), 0x48100)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000400), 0x40000)
openat$procfs(0xffffffffffffff9c, &(0x7f00000010c0)='/proc/tty/drivers\x00', 0x0, 0x0)
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x3e, &(0x7f0000000100)=r2, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc)

kernel console output (not intermixed with test programs):

: Getting dqdh_entries 15 out of range 0-14
[  734.348757][T11648] EXT4-fs error (device loop1): ext4_release_dquot:6969: comm kworker/u8:6: Failed to release dquot type 1
[  735.670875][T12162] loop3: detected capacity change from 0 to 512
[  736.405688][   T30] audit: type=1326 audit(1751511133.616:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12164 comm="syz.2.1232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3da98e929 code=0x7ffc0000
[  737.557100][   T30] audit: type=1326 audit(1751511133.646:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12164 comm="syz.2.1232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3da98e929 code=0x7ffc0000
[  737.579855][   T30] audit: type=1326 audit(1751511133.646:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12164 comm="syz.2.1232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7fd3da98e929 code=0x7ffc0000
[  737.615494][T12162] EXT4-fs warning (device loop3): ext4_multi_mount_protect:398: Unable to create kmmpd thread for loop3.
[  737.640982][   T30] audit: type=1326 audit(1751511133.646:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12164 comm="syz.2.1232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3da98e929 code=0x7ffc0000
[  737.708995][T12170] netlink: 'syz.2.1233': attribute type 1 has an invalid length.
[  737.759623][   T30] audit: type=1326 audit(1751511133.646:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12164 comm="syz.2.1232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3da98e929 code=0x7ffc0000
[  737.786193][   T30] audit: type=1326 audit(1751511133.646:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12164 comm="syz.2.1232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fd3da98e929 code=0x7ffc0000
[  737.812797][   T30] audit: type=1326 audit(1751511133.646:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12164 comm="syz.2.1232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3da98e929 code=0x7ffc0000
[  737.912981][   T30] audit: type=1326 audit(1751511133.646:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12164 comm="syz.2.1232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3da98e929 code=0x7ffc0000
[  737.961944][ T5843] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  737.989340][T11954] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  738.091406][   T30] audit: type=1326 audit(1751511133.646:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12164 comm="syz.2.1232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7fd3da98e929 code=0x7ffc0000
[  738.191981][T12172] veth3: entered promiscuous mode
[  738.203578][T12172] bond1: (slave veth3): Enslaving as a backup interface with a down link
[  738.315059][T12182] loop1: detected capacity change from 0 to 512
[  739.307223][T12182] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  739.538693][T12182] EXT4-fs (loop1): orphan cleanup on readonly fs
[  739.553891][T12182] __quota_error: 1 callbacks suppressed
[  739.553933][T12182] Quota error (device loop1): do_check_range: Getting block 196613 out of range 1-5
[  739.569820][T12182] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0
[  739.579326][T12182] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.1234: Failed to acquire dquot type 1
[  739.598749][T12182] EXT4-fs (loop1): 1 truncate cleaned up
[  739.614954][T12182] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  740.224290][T11954] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  741.257802][T12182] lo speed is unknown, defaulting to 1000
[  741.343587][T12201] loop2: detected capacity change from 0 to 512
[  741.411767][T12201] EXT4-fs: Ignoring removed nomblk_io_submit option
[  741.461342][T12201] ext4: Unknown parameter 'subj_user'
[  741.506196][T11954] team0: Port device team_slave_0 added
[  742.080755][T11954] team0: Port device team_slave_1 added
[  742.616364][T11954] batman_adv: batadv0: Adding interface: batadv_slave_0
[  742.630481][T11954] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  742.668331][T11954] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  742.952421][   T30] audit: type=1326 audit(1751511140.166:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12214 comm="syz.2.1241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3da98e929 code=0x7ffc0000
[  743.037098][T12216] siw: device registration error -23
[  743.110804][   T30] audit: type=1326 audit(1751511140.196:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12214 comm="syz.2.1241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3da98e929 code=0x7ffc0000
[  743.338873][   T30] audit: type=1326 audit(1751511140.206:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12214 comm="syz.2.1241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7fd3da98e929 code=0x7ffc0000
[  743.546354][   T30] audit: type=1326 audit(1751511140.206:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12214 comm="syz.2.1241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3da98e929 code=0x7ffc0000
[  743.589489][T11954] batman_adv: batadv0: Adding interface: batadv_slave_1
[  743.597618][T11954] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  743.672693][   T30] audit: type=1326 audit(1751511140.206:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12214 comm="syz.2.1241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3da98e929 code=0x7ffc0000
[  743.695065][T11954] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  743.716307][   T30] audit: type=1326 audit(1751511140.216:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12214 comm="syz.2.1241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fd3da98e929 code=0x7ffc0000
[  743.773492][   T30] audit: type=1326 audit(1751511140.216:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12214 comm="syz.2.1241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3da98e929 code=0x7ffc0000
[  743.798078][   T30] audit: type=1326 audit(1751511140.216:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12214 comm="syz.2.1241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd3da98e929 code=0x7ffc0000
[  743.916632][T12083] chnl_net:caif_netlink_parms(): no params data found
[  744.141594][ T5843] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  745.186532][T11954] hsr_slave_0: entered promiscuous mode
[  745.193484][T11954] hsr_slave_1: entered promiscuous mode
[  745.200268][T11954] debugfs: 'hsr0' already exists in 'hsr'
[  745.598893][T11954] Cannot create hsr debugfs directory
[  745.805049][T12240] loop2: detected capacity change from 0 to 512
[  745.826543][T12240] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  745.881043][T11650] Bluetooth: hci5: Frame reassembly failed (-84)
[  745.903292][T12240] EXT4-fs (loop2): orphan cleanup on readonly fs
[  745.915810][T12240] __quota_error: 3 callbacks suppressed
[  745.915853][T12240] Quota error (device loop2): do_check_range: Getting block 196613 out of range 1-5
[  745.932049][T12240] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0
[  745.941602][T12240] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.1247: Failed to acquire dquot type 1
[  745.976416][T12240] EXT4-fs (loop2): 1 truncate cleaned up
[  746.000145][T12240] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  747.095486][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  747.102044][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  747.887418][ T5836] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  748.036207][T12240] lo speed is unknown, defaulting to 1000
[  748.681636][T12261] loop1: detected capacity change from 0 to 512
[  748.701870][T12261] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  748.736674][T12261] EXT4-fs (loop1): orphan cleanup on readonly fs
[  748.750198][T12261] Quota error (device loop1): do_check_range: Getting block 196613 out of range 1-5
[  748.760274][T12261] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0
[  748.770095][T12261] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.1250: Failed to acquire dquot type 1
[  748.790736][T12261] EXT4-fs (loop1): 1 truncate cleaned up
[  748.807365][T12261] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  749.895938][T12261] lo speed is unknown, defaulting to 1000
[  750.497464][T12267] siw: device registration error -23
[  750.618415][T12083] bridge0: port 1(bridge_slave_0) entered blocking state
[  751.249349][ T5839] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  751.370399][T12083] bridge0: port 1(bridge_slave_0) entered disabled state
[  751.388213][T12083] bridge_slave_0: entered allmulticast mode
[  751.412781][T12083] bridge_slave_0: entered promiscuous mode
[  751.657862][T12083] bridge0: port 2(bridge_slave_1) entered blocking state
[  751.684361][T12083] bridge0: port 2(bridge_slave_1) entered disabled state
[  751.721169][T12083] bridge_slave_1: entered allmulticast mode
[  751.729753][T12083] bridge_slave_1: entered promiscuous mode
[  751.966463][T12083] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  751.999811][T12083] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  752.271304][T12083] team0: Port device team_slave_0 added
[  752.384059][T12083] team0: Port device team_slave_1 added
[  752.698495][   T49] bridge_slave_1: left allmulticast mode
[  752.720551][   T49] bridge_slave_1: left promiscuous mode
[  752.952437][ T5843] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  753.495510][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[  753.510729][   T49] bridge_slave_0: left allmulticast mode
[  753.523128][   T49] bridge_slave_0: left promiscuous mode
[  753.534474][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[  753.908476][T12304] blktrace: Concurrent blktraces are not allowed on sg0
[  754.458741][   T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  754.482285][   T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  754.511571][   T49] bond0 (unregistering): Released all slaves
[  754.593398][T12083] batman_adv: batadv0: Adding interface: batadv_slave_0
[  754.601146][T12083] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  754.646110][T12083] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  754.727593][   T49] hsr_slave_0: left promiscuous mode
[  754.851816][   T49] hsr_slave_1: left promiscuous mode
[  754.864706][   T49] batman_adv: batadv0: Removing interface: batadv_slave_0
[  754.887476][   T49] batman_adv: batadv0: Removing interface: batadv_slave_1
[  754.915416][T12313] futex_wake_op: syz.3.1263 tries to shift op by -1; fix this program
[  754.953139][T12310] loop1: detected capacity change from 0 to 2048
[  755.029413][ T5885]  loop1: p1 < > p4
[  755.069238][ T5885] loop1: p4 size 8388608 extends beyond EOD, truncated
[  755.172529][T12310]  loop1: p1 < > p4
[  755.189964][T12310] loop1: p4 size 8388608 extends beyond EOD, truncated
[  756.180592][   T49] team0 (unregistering): Port device team_slave_1 removed
[  756.225770][   T49] team0 (unregistering): Port device team_slave_0 removed
[  756.627548][T12083] batman_adv: batadv0: Adding interface: batadv_slave_1
[  756.634660][T12083] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  756.661185][T12083] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  758.116486][T12083] hsr_slave_0: entered promiscuous mode
[  758.134697][T12083] hsr_slave_1: entered promiscuous mode
[  758.141884][T12083] debugfs: 'hsr0' already exists in 'hsr'
[  758.147814][T12083] Cannot create hsr debugfs directory
[  758.413471][T12337] loop3: detected capacity change from 0 to 512
[  758.495776][T12337] EXT4-fs: Ignoring removed nomblk_io_submit option
[  758.514110][T12337] ext4: Unknown parameter 'subj_user'
[  758.808378][T12346] loop1: detected capacity change from 0 to 512
[  759.769476][T12346] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  759.854651][T12346] EXT4-fs (loop1): orphan cleanup on readonly fs
[  759.869747][T12346] Quota error (device loop1): do_check_range: Getting block 196613 out of range 1-5
[  759.879481][T12346] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0
[  759.889119][T12346] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.1273: Failed to acquire dquot type 1
[  759.909292][T12346] EXT4-fs (loop1): 1 truncate cleaned up
[  759.924829][T12346] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  760.478577][T12355] futex_wake_op: syz.2.1274 tries to shift op by -1; fix this program
[  761.644911][T12346] lo speed is unknown, defaulting to 1000
[  761.746752][T12362] loop3: detected capacity change from 0 to 512
[  761.914566][T12362] EXT4-fs: Ignoring removed nomblk_io_submit option
[  762.097640][T12362] ext4: Unknown parameter 'subj_user'
[  762.604407][T11954] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  762.708309][T11954] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  762.764258][T11954] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  762.936821][T11954] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  763.116486][ T5843] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  764.283816][T11954] 8021q: adding VLAN 0 to HW filter on device bond0
[  765.094870][T12083] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  765.145775][T12083] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  765.222117][T12083] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  765.321981][T12083] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  765.405016][T12403] loop1: detected capacity change from 0 to 2048
[  765.518798][T11592]  loop1: p1 < > p4
[  765.544157][T11592] loop1: p4 size 8388608 extends beyond EOD, truncated
[  765.602253][T12403]  loop1: p1 < > p4
[  765.649508][T12403] loop1: p4 size 8388608 extends beyond EOD, truncated
[  765.790393][ T5836] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  765.800132][ T5836] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  765.816104][ T5836] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  765.829747][ T5836] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  765.840706][ T5836] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  766.986738][ T5995] udevd[5995]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory
[  767.121581][T12432] loop2: detected capacity change from 0 to 512
[  767.264169][T11648] Bluetooth: hci0: Frame reassembly failed (-84)
[  767.277787][T12432] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  767.368791][T12432] EXT4-fs (loop2): orphan cleanup on readonly fs
[  767.381964][T12432] Quota error (device loop2): do_check_range: Getting block 196613 out of range 1-5
[  767.392174][T12432] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0
[  767.401931][T12432] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.1285: Failed to acquire dquot type 1
[  767.422888][T12432] EXT4-fs (loop2): 1 truncate cleaned up
[  767.439293][T12432] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  767.579593][T11592] udevd[11592]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory
[  768.047107][T12432] lo speed is unknown, defaulting to 1000
[  768.057466][ T5836] Bluetooth: hci5: command tx timeout
[  768.639643][ T5995] udevd[5995]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory
[  768.672174][T11592] udevd[11592]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory
[  769.123697][T12420] lo speed is unknown, defaulting to 1000
[  769.247450][ T5152] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  769.254841][ T5836] Bluetooth: hci0: command 0x1003 tx timeout
[  769.344171][T12083] 8021q: adding VLAN 0 to HW filter on device bond0
[  769.811289][ T5839] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  770.127930][ T5836] Bluetooth: hci5: command tx timeout
[  770.875704][T12083] 8021q: adding VLAN 0 to HW filter on device team0
[  771.315256][ T6054] bridge0: port 1(bridge_slave_0) entered blocking state
[  771.322529][ T6054] bridge0: port 1(bridge_slave_0) entered forwarding state
[  771.381656][ T6054] bridge0: port 2(bridge_slave_1) entered blocking state
[  771.388897][ T6054] bridge0: port 2(bridge_slave_1) entered forwarding state
[  772.227718][ T5836] Bluetooth: hci5: command tx timeout
[  772.702108][T12469] loop1: detected capacity change from 0 to 512
[  773.655574][T12083] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  774.066080][T12469] EXT4-fs (loop1): 1 orphan inode deleted
[  774.082084][T12469] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  774.108477][   T13] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  774.125116][T12469] ext4 filesystem being mounted at /297/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  774.272343][T12083] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  774.287577][ T5836] Bluetooth: hci5: command tx timeout
[  774.651472][   T13] EXT4-fs error (device loop1): ext4_release_dquot:6969: comm kworker/u8:1: Failed to release dquot type 1
[  774.995589][T12476] loop2: detected capacity change from 0 to 512
[  775.045313][T12476] EXT4-fs: Ignoring removed nomblk_io_submit option
[  775.084571][T12420] chnl_net:caif_netlink_parms(): no params data found
[  775.111845][T12476] ext4: Unknown parameter 'subj_user'
[  775.536124][ T5843] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  775.601711][ T6239] bridge_slave_1: left allmulticast mode
[  775.621539][ T6239] bridge_slave_1: left promiscuous mode
[  775.670254][ T6239] bridge0: port 2(bridge_slave_1) entered disabled state
[  775.719362][ T6239] bridge_slave_0: left allmulticast mode
[  775.730424][T12487] netlink: 'syz.3.1294': attribute type 1 has an invalid length.
[  775.742973][ T6239] bridge_slave_0: left promiscuous mode
[  775.759867][ T6239] bridge0: port 1(bridge_slave_0) entered disabled state
[  776.438735][T12502] ntfs3(nullb0): Primary boot signature is not NTFS.
[  776.447681][T12502] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  776.761404][ T6239] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  776.787913][ T6239] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  776.803758][ T6239] bond0 (unregistering): Released all slaves
[  776.865870][T12487] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  777.115387][T12492] veth3: entered promiscuous mode
[  777.431339][T12420] bridge0: port 1(bridge_slave_0) entered blocking state
[  777.448305][T12420] bridge0: port 1(bridge_slave_0) entered disabled state
[  777.465948][T12420] bridge_slave_0: entered allmulticast mode
[  777.482693][T12420] bridge_slave_0: entered promiscuous mode
[  777.503142][T12420] bridge0: port 2(bridge_slave_1) entered blocking state
[  777.680310][ T5833] hid_parser_main: 6 callbacks suppressed
[  777.680335][ T5833] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x4
[  777.739762][T12420] bridge0: port 2(bridge_slave_1) entered disabled state
[  777.757442][T12420] bridge_slave_1: entered allmulticast mode
[  777.765225][T12420] bridge_slave_1: entered promiscuous mode
[  777.782232][ T5833] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x2
[  777.806364][ T5833] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0
[  778.550634][ T5833] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0
[  778.558766][ T5833] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0
[  778.566899][ T5833] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0
[  778.576276][ T5833] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0
[  778.584324][ T5833] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0
[  778.592363][ T5833] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0
[  778.600362][ T5833] hid-generic 0000:3000000:0000.0002: unknown main item tag 0x0
[  778.625009][ T5833] hid-generic 0000:3000000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [sy

] on syz0
[  778.827224][ T6239] hsr_slave_0: left promiscuous mode
[  778.866897][ T6239] hsr_slave_1: left promiscuous mode
[  778.913844][ T6239] batman_adv: batadv0: Removing interface: batadv_slave_0
[  778.952915][T12539] fido_id[12539]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  779.087848][ T6239] batman_adv: batadv0: Removing interface: batadv_slave_1
[  779.599670][T12550] loop1: detected capacity change from 0 to 2048
[  779.632296][T11592]  loop1: p1 < > p4
[  779.639660][T11592] loop1: p4 size 8388608 extends beyond EOD, truncated
[  779.709850][T12550]  loop1: p1 < > p4
[  779.716800][T12550] loop1: p4 size 8388608 extends beyond EOD, truncated
[  779.858117][ T6239] team0 (unregistering): Port device team_slave_1 removed
[  779.943077][ T6239] team0 (unregistering): Port device team_slave_0 removed
[  780.061991][T12553] ntfs3(nullb0): Primary boot signature is not NTFS.
[  780.071030][T12553] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  780.432855][T12420] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  780.447883][T12420] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  780.556447][T12420] team0: Port device team_slave_0 added
[  780.593525][T12420] team0: Port device team_slave_1 added
[  780.802672][T12559] netlink: 'syz.1.1308': attribute type 1 has an invalid length.
[  780.843566][T12420] batman_adv: batadv0: Adding interface: batadv_slave_0
[  780.874501][T12420] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  780.985449][T12565] loop3: detected capacity change from 0 to 512
[  781.113010][T12565] EXT4-fs (loop3): 1 orphan inode deleted
[  781.127501][T12565] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  781.141369][T12565] ext4 filesystem being mounted at /268/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  781.207243][T12420] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  781.304663][   T49] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  781.374127][T12083] 8021q: adding VLAN 0 to HW filter on device batadv0
[  781.414670][   T49] EXT4-fs error (device loop3): ext4_release_dquot:6969: comm kworker/u8:3: Failed to release dquot type 1
[  782.270692][T12564] veth3: entered promiscuous mode
[  782.323375][T12564] bond1: (slave veth3): Enslaving as a backup interface with a down link
[  782.432065][T12420] batman_adv: batadv0: Adding interface: batadv_slave_1
[  782.489932][T12420] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  782.707279][T12420] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  783.150588][ T5831] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  783.263225][T12420] hsr_slave_0: entered promiscuous mode
[  783.322250][T12420] hsr_slave_1: entered promiscuous mode
[  783.374897][T12420] debugfs: 'hsr0' already exists in 'hsr'
[  783.402905][T12420] Cannot create hsr debugfs directory
[  783.477438][T12585] loop1: detected capacity change from 0 to 128
[  783.504927][T12585] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  783.590097][T12585] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  783.893686][ T5152] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  783.907887][ T5152] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  783.917998][ T5152] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  784.617706][ T5152] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  784.685555][ T5152] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  785.212962][T12596] loop1: detected capacity change from 0 to 512
[  785.254594][T12596] EXT4-fs: Ignoring removed nomblk_io_submit option
[  785.270453][T12596] ext4: Unknown parameter 'subj_user'
[  785.355155][T12600] loop3: detected capacity change from 0 to 512
[  785.801011][T12600] EXT4-fs (loop3): 1 orphan inode deleted
[  785.814717][T12600] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  785.829899][T12600] ext4 filesystem being mounted at /271/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  786.186175][T11656] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  786.218253][T11656] EXT4-fs error (device loop3): ext4_release_dquot:6969: comm kworker/u8:13: Failed to release dquot type 1
[  787.217705][ T5152] Bluetooth: hci0: command tx timeout
[  788.397240][T12615] netlink: 'syz.2.1318': attribute type 1 has an invalid length.
[  788.532409][T12617] loop1: detected capacity change from 0 to 2048
[  788.584145][T12587] lo speed is unknown, defaulting to 1000
[  788.660928][T12615] veth5: entered promiscuous mode
[  788.671612][T12617]  loop1: p1 < > p4
[  788.678470][T12615] bond2: (slave veth5): Enslaving as a backup interface with a down link
[  788.683166][T12617] loop1: p4 size 8388608 extends beyond EOD, truncated
[  788.703613][ T5831] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  788.845206][T12624] loop3: detected capacity change from 0 to 164
[  788.881114][T12624] ISOFS: unable to read i-node block
[  789.038672][T12626] loop2: detected capacity change from 0 to 512
[  789.067674][T12626] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  789.105812][T12624] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  789.156155][T12626] EXT4-fs (loop2): orphan cleanup on readonly fs
[  789.172057][T12626] Quota error (device loop2): do_check_range: Getting block 196613 out of range 1-5
[  789.182587][T12626] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0
[  789.192210][T12626] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.1321: Failed to acquire dquot type 1
[  789.218661][T12626] EXT4-fs (loop2): 1 truncate cleaned up
[  789.236818][T11650] Bluetooth: hci1: Frame reassembly failed (-84)
[  789.264442][T12626] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  789.361760][ T5836] Bluetooth: hci0: command tx timeout
[  791.167397][ T5152] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  791.219644][T12629] loop3: detected capacity change from 0 to 512
[  791.252463][T12629] EXT4-fs: Ignoring removed nomblk_io_submit option
[  791.296354][T12629] ext4: Unknown parameter 'subj_user'
[  791.561444][ T5836] Bluetooth: hci0: command tx timeout
[  792.561542][T12636] loop1: detected capacity change from 0 to 512
[  792.731370][T12636] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  792.761667][T12636] EXT4-fs (loop1): orphan cleanup on readonly fs
[  792.774244][T12636] Quota error (device loop1): do_check_range: Getting block 196613 out of range 1-5
[  792.784466][T12636] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0
[  792.793984][T12636] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.1323: Failed to acquire dquot type 1
[  792.813197][T12636] EXT4-fs (loop1): 1 truncate cleaned up
[  792.863397][T12636] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  793.641627][T12626] lo speed is unknown, defaulting to 1000
[  793.766682][ T5836] Bluetooth: hci0: command tx timeout
[  794.015808][T12636] lo speed is unknown, defaulting to 1000
[  794.796172][ T5839] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  795.068911][ T5843] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  796.361870][ T6239] bridge_slave_1: left allmulticast mode
[  796.389716][T12665] loop2: detected capacity change from 0 to 512
[  796.402756][ T6239] bridge_slave_1: left promiscuous mode
[  796.418935][T12665] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  796.428776][ T6239] bridge0: port 2(bridge_slave_1) entered disabled state
[  796.440818][T12665] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[  796.457056][T12665] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended
[  796.490736][ T6239] bridge_slave_0: left allmulticast mode
[  796.501078][T12665] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006]
[  796.511198][ T6239] bridge_slave_0: left promiscuous mode
[  796.525453][ T6239] bridge0: port 1(bridge_slave_0) entered disabled state
[  796.530358][T12665] System zones: 0-2, 18-18, 34-35
[  796.555538][T12668] loop1: detected capacity change from 0 to 164
[  796.586689][T12665] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  796.608573][T12668] ISOFS: unable to read i-node block
[  796.613973][T12668] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  796.782218][ T5839] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  798.985252][ T6239] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  799.000909][ T6239] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  799.014050][ T6239] bond0 (unregistering): Released all slaves
[  799.239550][T12420] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  799.306471][T12420] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  799.513980][T12587] chnl_net:caif_netlink_parms(): no params data found
[  799.601704][T12420] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  799.695896][ T6239] hsr_slave_0: left promiscuous mode
[  799.725270][ T6239] hsr_slave_1: left promiscuous mode
[  799.747883][ T6239] batman_adv: batadv0: Removing interface: batadv_slave_0
[  799.784894][ T6239] batman_adv: batadv0: Removing interface: batadv_slave_1
[  799.984134][T12696] loop2: detected capacity change from 0 to 512
[  800.125492][T12696] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  800.162001][T12696] EXT4-fs (loop2): orphan cleanup on readonly fs
[  800.175105][T12696] Quota error (device loop2): do_check_range: Getting block 196613 out of range 1-5
[  800.185055][T12696] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0
[  800.194624][T12696] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.1337: Failed to acquire dquot type 1
[  800.212346][ T6213] Bluetooth: hci1: Frame reassembly failed (-84)
[  801.339414][T12696] EXT4-fs (loop2): 1 truncate cleaned up
[  801.354964][T12696] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  802.275121][ T5152] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  802.682255][T12701] loop3: detected capacity change from 0 to 512
[  802.754475][T12701] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  802.793024][T12701] EXT4-fs (loop3): orphan cleanup on readonly fs
[  802.805192][T12701] Quota error (device loop3): do_check_range: Getting block 196613 out of range 1-5
[  802.815635][T12701] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0
[  802.825182][T12701] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.1339: Failed to acquire dquot type 1
[  802.849614][T12701] EXT4-fs (loop3): 1 truncate cleaned up
[  802.875194][T12701] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  803.931442][ T6239] team0 (unregistering): Port device team_slave_1 removed
[  804.011380][ T6239] team0 (unregistering): Port device team_slave_0 removed
[  804.611781][T12420] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  804.658232][T12696] lo speed is unknown, defaulting to 1000
[  804.669235][T12701] lo speed is unknown, defaulting to 1000
[  804.856857][T12710] loop1: detected capacity change from 0 to 164
[  804.937951][T12710] ISOFS: unable to read i-node block
[  804.943383][T12710] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  805.187603][T12587] bridge0: port 1(bridge_slave_0) entered blocking state
[  805.196532][T12587] bridge0: port 1(bridge_slave_0) entered disabled state
[  805.205098][T12587] bridge_slave_0: entered allmulticast mode
[  805.212702][T12587] bridge_slave_0: entered promiscuous mode
[  805.414615][T12721] loop1: detected capacity change from 0 to 512
[  806.200839][ T5839] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  806.236008][T12721] EXT4-fs (loop1): 1 orphan inode deleted
[  806.243952][T12721] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  806.258847][ T6054] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  806.278521][T12721] ext4 filesystem being mounted at /322/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  806.807798][ T6054] EXT4-fs error (device loop1): ext4_release_dquot:6969: comm kworker/u8:9: Failed to release dquot type 1
[  807.237411][T12587] bridge0: port 2(bridge_slave_1) entered blocking state
[  807.244618][T12587] bridge0: port 2(bridge_slave_1) entered disabled state
[  807.437439][T12587] bridge_slave_1: entered allmulticast mode
[  807.444307][ T5831] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  807.455269][T12587] bridge_slave_1: entered promiscuous mode
[  807.553420][T12726] loop2: detected capacity change from 0 to 512
[  807.662647][T12726] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  807.674624][ T5843] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  807.696984][T12726] ext4 filesystem being mounted at /315/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  807.711946][T12730] loop3: detected capacity change from 0 to 1024
[  807.723253][T12587] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  807.740490][T12587] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  807.762617][T12726] EXT4-fs error (device loop2): ext4_do_update_inode:5567: inode #2: comm syz.2.1343: corrupted inode contents
[  807.784738][T12726] EXT4-fs error (device loop2): ext4_dirty_inode:6458: inode #2: comm syz.2.1343: mark_inode_dirty error
[  807.791280][T12730] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  807.842428][T12726] EXT4-fs error (device loop2): ext4_do_update_inode:5567: inode #2: comm syz.2.1343: corrupted inode contents
[  807.887889][T12726] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #2: comm syz.2.1343: mark_inode_dirty error
[  807.911646][T12587] team0: Port device team_slave_0 added
[  808.001078][T12739] loop1: detected capacity change from 0 to 512
[  808.112114][T12739] EXT4-fs (loop1): 1 orphan inode deleted
[  808.126361][T12739] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  808.164869][   T30] audit: type=1800 audit(1751511205.246:79): pid=12736 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1343" name="file1" dev="loop2" ino=19 res=0 errno=0
[  808.234829][T12739] ext4 filesystem being mounted at /323/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  808.548070][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  808.554757][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  808.899665][ T6300] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  808.917839][ T6300] EXT4-fs error (device loop1): ext4_release_dquot:6969: comm kworker/u8:19: Failed to release dquot type 1
[  808.924198][T12587] team0: Port device team_slave_1 added
[  808.934052][ T5831] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  808.979307][ T5839] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  809.155149][T12587] batman_adv: batadv0: Adding interface: batadv_slave_0
[  809.170209][T12587] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  809.202842][T12587] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  809.232852][T12587] batman_adv: batadv0: Adding interface: batadv_slave_1
[  809.246179][T12587] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  809.279072][T12587] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  809.426531][T12420] 8021q: adding VLAN 0 to HW filter on device bond0
[  809.454445][T12587] hsr_slave_0: entered promiscuous mode
[  809.462236][T12587] hsr_slave_1: entered promiscuous mode
[  809.472191][T12587] debugfs: 'hsr0' already exists in 'hsr'
[  809.479138][T12587] Cannot create hsr debugfs directory
[  809.605668][T12420] 8021q: adding VLAN 0 to HW filter on device team0
[  809.654847][ T6054] bridge0: port 1(bridge_slave_0) entered blocking state
[  809.662080][ T6054] bridge0: port 1(bridge_slave_0) entered forwarding state
[  809.712505][ T6054] bridge0: port 2(bridge_slave_1) entered blocking state
[  809.719749][ T6054] bridge0: port 2(bridge_slave_1) entered forwarding state
[  810.166755][ T5843] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  810.219223][T12748] loop3: detected capacity change from 0 to 512
[  810.273820][T12748] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  810.299218][T12748] EXT4-fs (loop3): orphan cleanup on readonly fs
[  810.311152][T12748] Quota error (device loop3): do_check_range: Getting block 196613 out of range 1-5
[  810.320849][T12748] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0
[  810.330347][T12748] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.1346: Failed to acquire dquot type 1
[  810.368554][T12748] EXT4-fs (loop3): 1 truncate cleaned up
[  810.418730][T12748] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  810.670828][T12748] lo speed is unknown, defaulting to 1000
[  811.012813][T12757] loop1: detected capacity change from 0 to 512
[  811.231201][T12757] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  811.262734][T12757] EXT4-fs (loop1): orphan cleanup on readonly fs
[  811.274082][T12757] Quota error (device loop1): do_check_range: Getting block 196613 out of range 1-5
[  811.284025][T12757] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0
[  811.293596][T12757] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.1348: Failed to acquire dquot type 1
[  811.314684][T12757] EXT4-fs (loop1): 1 truncate cleaned up
[  811.833721][T12757] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  812.884062][T12757] lo speed is unknown, defaulting to 1000
[  813.716460][ T5843] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  813.842658][T12420] 8021q: adding VLAN 0 to HW filter on device batadv0
[  815.054371][T12587] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  815.116080][T12587] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  815.190470][T12587] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  815.290511][T12587] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  815.367000][T12779] netlink: 'syz.1.1351': attribute type 3 has an invalid length.
[  815.422498][T12779] netlink: 'syz.1.1351': attribute type 3 has an invalid length.
[  815.875174][T12794] loop1: detected capacity change from 0 to 512
[  816.793085][T12794] EXT4-fs (loop1): 1 orphan inode deleted
[  816.806961][T12794] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  816.822547][T12794] ext4 filesystem being mounted at /328/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  816.887243][ T6213] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  817.317883][ T6213] EXT4-fs error (device loop1): ext4_release_dquot:6969: comm kworker/u8:10: Failed to release dquot type 1
[  818.262165][ T5843] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  818.314827][T12587] 8021q: adding VLAN 0 to HW filter on device bond0
[  818.442205][T12587] 8021q: adding VLAN 0 to HW filter on device team0
[  818.464657][T12420] veth0_vlan: entered promiscuous mode
[  818.496041][T12420] veth1_vlan: entered promiscuous mode
[  818.571441][ T6213] bridge0: port 1(bridge_slave_0) entered blocking state
[  818.578723][ T6213] bridge0: port 1(bridge_slave_0) entered forwarding state
[  818.798805][ T6213] bridge0: port 2(bridge_slave_1) entered blocking state
[  818.806058][ T6213] bridge0: port 2(bridge_slave_1) entered forwarding state
[  819.724588][ T5831] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  819.881800][T12420] veth0_macvtap: entered promiscuous mode
[  819.939529][T12420] veth1_macvtap: entered promiscuous mode
[  819.993059][T12824] loop3: detected capacity change from 0 to 1024
[  820.061858][T12420] batman_adv: batadv0: Interface activated: batadv_slave_0
[  820.144316][T12824] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  820.181213][T12420] batman_adv: batadv0: Interface activated: batadv_slave_1
[  820.324877][   T49] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  820.375542][   T49] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  820.426313][   T49] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  820.474381][   T49] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  820.605574][ T5831] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  820.753626][T12842] loop2: detected capacity change from 0 to 512
[  820.852666][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  820.881249][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  820.885586][T12587] 8021q: adding VLAN 0 to HW filter on device batadv0
[  820.940055][T12842] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  821.020306][T12842] ext4 filesystem being mounted at /319/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  821.070204][T12842] EXT4-fs error (device loop2): ext4_do_update_inode:5567: inode #2: comm syz.2.1358: corrupted inode contents
[  821.088861][T12842] EXT4-fs error (device loop2): ext4_dirty_inode:6458: inode #2: comm syz.2.1358: mark_inode_dirty error
[  821.110480][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  821.122368][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  821.153123][T12842] EXT4-fs error (device loop2): ext4_do_update_inode:5567: inode #2: comm syz.2.1358: corrupted inode contents
[  821.193983][T12842] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #2: comm syz.2.1358: mark_inode_dirty error
[  821.306170][   T30] audit: type=1800 audit(1751511218.516:80): pid=12853 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1358" name="file1" dev="loop2" ino=19 res=0 errno=0
[  821.522052][ T5839] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  821.861880][T12876] loop1: detected capacity change from 0 to 512
[  821.999230][T12876] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  822.038939][T12876] ext4 filesystem being mounted at /333/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  822.186795][T12876] EXT4-fs error (device loop1): ext4_do_update_inode:5567: inode #2: comm syz.1.1365: corrupted inode contents
[  822.259732][T12876] EXT4-fs error (device loop1): ext4_dirty_inode:6458: inode #2: comm syz.1.1365: mark_inode_dirty error
[  822.314886][T12876] EXT4-fs error (device loop1): ext4_do_update_inode:5567: inode #2: comm syz.1.1365: corrupted inode contents
[  822.352698][T12876] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #2: comm syz.1.1365: mark_inode_dirty error
[  822.523615][T12587] veth0_vlan: entered promiscuous mode
[  822.565922][T12587] veth1_vlan: entered promiscuous mode
[  823.256542][   T30] audit: type=1800 audit(1751511220.456:81): pid=12889 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1365" name="file1" dev="loop1" ino=18 res=0 errno=0
[  823.271263][T12587] veth0_macvtap: entered promiscuous mode
[  823.343127][T12587] veth1_macvtap: entered promiscuous mode
[  823.491885][T12587] batman_adv: batadv0: Interface activated: batadv_slave_0
[  823.518861][T12587] batman_adv: batadv0: Interface activated: batadv_slave_1
[  823.539461][ T6054] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  823.599543][ T5843] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  823.639586][T11650] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  823.705117][T11650] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  823.750822][T11650] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  824.428854][ T6300] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  824.465801][ T6300] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  824.625758][ T6239] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  824.635231][ T6239] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  824.717275][ T6895] usb 6-1: new full-speed USB device number 2 using dummy_hcd
[  824.766135][T12916] loop1: detected capacity change from 0 to 512
[  827.528113][T12916] EXT4-fs (loop1): 1 orphan inode deleted
[  827.536078][T12916] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  827.558336][T12916] ext4 filesystem being mounted at /335/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  827.697627][ T6054] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  827.771814][ T6054] EXT4-fs error (device loop1): ext4_release_dquot:6969: comm kworker/u8:9: Failed to release dquot type 1
[  828.098878][ T5843] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  829.506280][T12929] loop1: detected capacity change from 0 to 2048
[  829.607600][ T5995]  loop1: p1 < > p4
[  829.814638][ T5995] loop1: p4 size 8388608 extends beyond EOD, truncated
[  829.937339][ T6895] usb 6-1: device descriptor read/64, error -110
[  830.524677][T12929]  loop1: p1 < > p4
[  830.583295][T12929] loop1: p4 size 8388608 extends beyond EOD, truncated
[  830.879235][ T6895] usb 6-1: new full-speed USB device number 3 using dummy_hcd
[  831.757366][ T6895] usb 6-1: device descriptor read/64, error -32
[  831.841696][T12950] loop2: detected capacity change from 0 to 512
[  831.889011][ T6895] usb usb6-port1: attempt power cycle
[  832.078157][T12950] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  832.092887][T12950] ext4 filesystem being mounted at /324/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  833.368142][ T6895] usb 6-1: new full-speed USB device number 4 using dummy_hcd
[  833.378291][T12950] EXT4-fs error (device loop2): ext4_do_update_inode:5567: inode #2: comm syz.2.1375: corrupted inode contents
[  833.397793][T12950] EXT4-fs error (device loop2): ext4_dirty_inode:6458: inode #2: comm syz.2.1375: mark_inode_dirty error
[  833.435333][ T6895] usb 6-1: device descriptor read/8, error -32
[  833.525834][T12950] EXT4-fs error (device loop2): ext4_do_update_inode:5567: inode #2: comm syz.2.1375: corrupted inode contents
[  833.710834][T12968] loop6: detected capacity change from 0 to 512
[  834.637240][ T6895] usb 6-1: new full-speed USB device number 5 using dummy_hcd
[  834.663396][ T6239] Bluetooth: hci1: Frame reassembly failed (-84)
[  834.679440][ T6895] usb 6-1: device descriptor read/8, error -32
[  835.649998][T12968] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  835.680925][T12968] EXT4-fs (loop6): orphan cleanup on readonly fs
[  835.726700][T12968] Quota error (device loop6): do_check_range: Getting block 196613 out of range 1-5
[  835.737231][T12968] Quota error (device loop6): qtree_read_dquot: Can't read quota structure for id 0
[  835.746721][T12968] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.1378: Failed to acquire dquot type 1
[  835.812364][ T5152] Bluetooth: hci1: command 0x1003 tx timeout
[  835.819857][ T5836] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  836.493776][ T6895] raw-gadget.0 gadget.5: failed to queue suspend event
[  836.501797][T12950] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #2: comm syz.2.1375: mark_inode_dirty error
[  836.530665][ T6895] usb usb6-port1: unable to enumerate USB device
[  836.541249][T12968] EXT4-fs (loop6): 1 truncate cleaned up
[  836.548559][T12968] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  836.668370][   T30] audit: type=1800 audit(1751511233.876:82): pid=12965 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1375" name="file1" dev="loop2" ino=19 res=0 errno=0
[  836.840300][T12902] raw-gadget.0 gadget.5: failed to queue disconnect event
[  836.860868][T12587] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  837.067001][ T5839] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  840.264570][T13003] loop6: detected capacity change from 0 to 512
[  840.289430][T13003] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  841.164768][T13003] EXT4-fs (loop6): orphan cleanup on readonly fs
[  841.177319][ T6239] Bluetooth: hci1: Frame reassembly failed (-84)
[  841.198089][T13003] Quota error (device loop6): do_check_range: Getting block 196613 out of range 1-5
[  841.212453][T13003] Quota error (device loop6): qtree_read_dquot: Can't read quota structure for id 0
[  841.222991][T13003] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.1386: Failed to acquire dquot type 1
[  841.333356][T13003] EXT4-fs (loop6): 1 truncate cleaned up
[  841.369535][T13003] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  843.123947][ T6876] hid_parser_main: 6 callbacks suppressed
[  843.123969][ T6876] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x4
[  843.167289][ T5152] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  843.213324][ T6876] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x2
[  843.258592][T12587] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  843.272889][ T6876] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0
[  843.287534][T13022] loop2: detected capacity change from 0 to 1024
[  843.300853][ T6876] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0
[  843.337485][ T6876] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0
[  843.345255][ T6876] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0
[  843.396893][ T6876] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0
[  843.416953][ T6876] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0
[  843.488470][ T6876] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0
[  843.534445][T13031] loop3: detected capacity change from 0 to 512
[  843.550312][ T6876] hid-generic 0000:3000000:0000.0003: unknown main item tag 0x0
[  843.730511][T13022] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  843.804759][T13031] EXT4-fs (loop3): 1 orphan inode deleted
[  843.818936][T13031] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  843.839374][T11650] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  843.850484][T13031] ext4 filesystem being mounted at /284/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  844.116353][ T6876] hid-generic 0000:3000000:0000.0003: hidraw0: <UNKNOWN> HID v0.00 Device [sy

] on syz0
[  844.179995][T11650] EXT4-fs error (device loop3): ext4_release_dquot:6969: comm kworker/u8:7: Failed to release dquot type 1
[  844.636554][T13022] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 49 with max blocks 4 with error 28
[  844.837305][T13022] EXT4-fs (loop2): This should not happen!! Data will be lost
[  844.837305][T13022] 
[  844.917593][T13022] EXT4-fs (loop2): Total free blocks count 0
[  844.971262][T13022] EXT4-fs (loop2): Free/Dirty block details
[  845.220821][T13038] fido_id[13038]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  845.239790][T13022] EXT4-fs (loop2): free_blocks=0
[  845.437544][T13022] EXT4-fs (loop2): dirty_blocks=0
[  845.446097][T13022] EXT4-fs (loop2): Block reservation details
[  846.212821][T13022] EXT4-fs (loop2): i_reserved_data_blocks=0
[  846.214084][ T5831] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  846.408560][ T5839] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  846.476670][T13054] loop1: detected capacity change from 0 to 512
[  846.487833][T13051] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1397'.
[  846.594135][T13054] EXT4-fs: Ignoring removed mblk_io_submit option
[  846.735772][T13054] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  846.776188][T13063] loop2: detected capacity change from 0 to 1024
[  848.586475][T13060] loop6: detected capacity change from 0 to 2048
[  848.619488][T13054] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a043c11c, mo2=0002]
[  848.657822][T13063] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  848.726452][T13054] System zones: 1-12
[  848.755034][T13054] EXT4-fs error (device loop1): ext4_iget_extra_inode:5034: inode #15: comm syz.1.1399: corrupted in-inode xattr: e_value size too large
[  848.776749][T13060]  loop6: p1 < > p4
[  848.827781][T13060] loop6: p4 size 8388608 extends beyond EOD, truncated
[  848.906511][T13054] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.1399: couldn't read orphan inode 15 (err -117)
[  848.998732][T13054] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  849.800892][ T5839] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  849.813608][ T5843] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  850.153450][ T5885] udevd[5885]: inotify_add_watch(7, /dev/loop6p4, 10) failed: No such file or directory
[  850.545906][T11592] udevd[11592]: inotify_add_watch(7, /dev/loop6p1, 10) failed: No such file or directory
[  850.899983][T13093] loop5: detected capacity change from 0 to 128
[  850.907828][T13093] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  851.063975][T13093] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  852.915542][T13117] loop3: detected capacity change from 0 to 1024
[  853.019595][T13117] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  853.341141][T13133] loop6: detected capacity change from 0 to 164
[  853.414336][T13133] ISOFS: unable to read i-node block
[  853.430128][T11650] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 51 with max blocks 1 with error 28
[  853.448755][T13133] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  853.470443][T11650] EXT4-fs (loop3): This should not happen!! Data will be lost
[  853.470443][T11650] 
[  853.509910][T11650] EXT4-fs (loop3): Total free blocks count 0
[  853.607571][T11650] EXT4-fs (loop3): Free/Dirty block details
[  853.616170][T11650] EXT4-fs (loop3): free_blocks=0
[  853.628901][T11650] EXT4-fs (loop3): dirty_blocks=0
[  853.734990][T13141] loop1: detected capacity change from 0 to 512
[  854.603768][T11650] EXT4-fs (loop3): Block reservation details
[  854.612168][T11650] EXT4-fs (loop3): i_reserved_data_blocks=0
[  855.184944][T13141] EXT4-fs (loop1): 1 orphan inode deleted
[  855.199816][T13141] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  855.218762][ T6213] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  855.232435][T13141] ext4 filesystem being mounted at /345/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  855.333021][ T5831] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  855.757296][ T6213] EXT4-fs error (device loop1): ext4_release_dquot:6969: comm kworker/u8:10: Failed to release dquot type 1
[  855.893736][T13152] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1416'.
[  862.033754][ T5843] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  862.448831][T13177] loop3: detected capacity change from 0 to 512
[  866.077312][T13177] EXT4-fs warning (device loop3): ext4_multi_mount_protect:398: Unable to create kmmpd thread for loop3.
[  866.332403][T13188] loop5: detected capacity change from 0 to 1024
[  866.339082][T13187] loop3: detected capacity change from 0 to 1024
[  866.394784][T13187] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  866.502336][T13188] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  866.635211][ T6054] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 51 with max blocks 1 with error 28
[  866.677672][T13188] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 49 with max blocks 4 with error 28
[  866.717993][ T6054] EXT4-fs (loop3): This should not happen!! Data will be lost
[  866.717993][ T6054] 
[  866.746314][T13188] EXT4-fs (loop5): This should not happen!! Data will be lost
[  866.746314][T13188] 
[  866.757084][ T6054] EXT4-fs (loop3): Total free blocks count 0
[  866.773299][ T6054] EXT4-fs (loop3): Free/Dirty block details
[  866.807178][ T6054] EXT4-fs (loop3): free_blocks=0
[  866.817469][T13188] EXT4-fs (loop5): Total free blocks count 0
[  866.833129][ T6054] EXT4-fs (loop3): dirty_blocks=0
[  866.861410][T13202] loop2: detected capacity change from 0 to 128
[  866.892566][ T6054] EXT4-fs (loop3): Block reservation details
[  866.898806][T13188] EXT4-fs (loop5): Free/Dirty block details
[  866.904740][T13188] EXT4-fs (loop5): free_blocks=0
[  866.917332][ T6054] EXT4-fs (loop3): i_reserved_data_blocks=0
[  866.958971][T13202] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  867.019649][T13188] EXT4-fs (loop5): dirty_blocks=0
[  867.024913][T13188] EXT4-fs (loop5): Block reservation details
[  867.049827][T13188] EXT4-fs (loop5): i_reserved_data_blocks=0
[  867.071482][ T5831] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  867.223471][T13202] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  868.007052][T12420] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  868.393163][T13215] loop2: detected capacity change from 0 to 1024
[  868.463284][T13216] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  868.888436][T13215] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  869.958918][T13215] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 49 with max blocks 4 with error 28
[  869.997784][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  870.004160][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  870.050901][T13215] EXT4-fs (loop2): This should not happen!! Data will be lost
[  870.050901][T13215] 
[  870.145396][T13215] EXT4-fs (loop2): Total free blocks count 0
[  870.177414][T13215] EXT4-fs (loop2): Free/Dirty block details
[  870.212030][T13215] EXT4-fs (loop2): free_blocks=0
[  870.617525][T13215] EXT4-fs (loop2): dirty_blocks=0
[  871.337913][T13215] EXT4-fs (loop2): Block reservation details
[  871.680631][T13215] EXT4-fs (loop2): i_reserved_data_blocks=0
[  872.308246][T13237] syz.5.1432 (13237) used greatest stack depth: 17912 bytes left
[  872.365999][ T5839] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  872.539664][T13250] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  873.034371][T13252] loop3: detected capacity change from 0 to 1024
[  873.259137][T13252] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  873.411708][T13261] loop5: detected capacity change from 0 to 512
[  873.458086][T13261] EXT4-fs: Ignoring removed nomblk_io_submit option
[  873.464779][T13261] ext4: Unknown parameter 'subj_user'
[  873.520372][ T6300] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 51 with max blocks 1 with error 28
[  873.561597][T13264] loop1: detected capacity change from 0 to 128
[  873.574670][ T6300] EXT4-fs (loop3): This should not happen!! Data will be lost
[  873.574670][ T6300] 
[  873.626702][ T6300] EXT4-fs (loop3): Total free blocks count 0
[  873.649323][ T6300] EXT4-fs (loop3): Free/Dirty block details
[  873.655304][ T6300] EXT4-fs (loop3): free_blocks=0
[  873.889392][ T6300] EXT4-fs (loop3): dirty_blocks=0
[  873.894509][ T6300] EXT4-fs (loop3): Block reservation details
[  873.902765][ T6300] EXT4-fs (loop3): i_reserved_data_blocks=0
[  874.216104][T13264] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  874.588680][T13264] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  874.621076][ T5831] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  875.075415][ T5152] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  875.089076][ T5152] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  875.098431][ T5152] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  875.122766][ T5152] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  875.135907][ T5152] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  875.953231][   T49] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  876.897417][T13306] : entered promiscuous mode
[  876.907016][   T30] audit: type=1326 audit(1751511274.116:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13300 comm="syz.1.1445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0ed98e929 code=0x7fc00000
[  876.929456][    C1] vkms_vblank_simulate: vblank timer overrun
[  877.028955][T13308] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  877.271215][   T49] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  877.328297][ T5152] Bluetooth: hci0: command tx timeout
[  877.545061][T13278] lo speed is unknown, defaulting to 1000
[  877.799062][   T49] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  879.407200][ T5152] Bluetooth: hci0: command tx timeout
[  879.583556][   T49] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  879.732220][T13330] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[  879.741948][T13330] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[  879.751844][T13330] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  881.493271][ T5152] Bluetooth: hci0: command tx timeout
[  882.212953][T13278] chnl_net:caif_netlink_parms(): no params data found
[  882.422055][T13371] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1457'.
[  882.546563][T13360] cgroup: fork rejected by pids controller in /syz3
[  883.226835][   T49] bridge_slave_1: left allmulticast mode
[  883.235082][   T49] bridge_slave_1: left promiscuous mode
[  883.249712][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[  883.567385][ T5152] Bluetooth: hci0: command tx timeout
[  883.988817][   T49] bridge_slave_0: left allmulticast mode
[  883.994566][   T49] bridge_slave_0: left promiscuous mode
[  884.032470][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[  885.031910][   T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  885.065258][   T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  885.082463][   T49] bond0 (unregistering): Released all slaves
[  885.126630][T13372] bridge0: port 3(batadv2) entered blocking state
[  885.133671][T13372] bridge0: port 3(batadv2) entered disabled state
[  885.140581][T13372] batadv2: entered allmulticast mode
[  885.148382][T13372] batadv2: entered promiscuous mode
[  885.474775][T13481] loop5: detected capacity change from 0 to 128
[  885.483232][T13481] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  885.534687][T13481] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  886.568093][T11656] batman_adv: batadv2: No IGMP Querier present - multicast optimizations disabled
[  886.577713][T11656] batman_adv: batadv2: No MLD Querier present - multicast optimizations disabled
[  886.743073][T13487] loop3: detected capacity change from 0 to 512
[  886.894172][T13487] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  887.588372][T13487] ext4 filesystem being mounted at /304/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  889.213639][T13487] EXT4-fs error (device loop3): ext4_do_update_inode:5567: inode #2: comm syz.3.1464: corrupted inode contents
[  889.382612][T13487] EXT4-fs error (device loop3): ext4_dirty_inode:6458: inode #2: comm syz.3.1464: mark_inode_dirty error
[  889.407488][T13487] EXT4-fs error (device loop3): ext4_do_update_inode:5567: inode #2: comm syz.3.1464: corrupted inode contents
[  889.442205][T13504] EXT4-fs error (device loop3): ext4_do_update_inode:5567: inode #2: comm syz.3.1464: corrupted inode contents
[  889.467722][T13504] EXT4-fs error (device loop3): ext4_dirty_inode:6458: inode #2: comm syz.3.1464: mark_inode_dirty error
[  889.506891][T13504] EXT4-fs error (device loop3): ext4_do_update_inode:5567: inode #2: comm syz.3.1464: corrupted inode contents
[  889.531940][T13504] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #2: comm syz.3.1464: mark_inode_dirty error
[  890.262666][T13504] EXT4-fs error (device loop3): ext4_do_update_inode:5567: inode #2: comm syz.3.1464: corrupted inode contents
[  890.276531][T13504] EXT4-fs error (device loop3): ext4_dirty_inode:6458: inode #2: comm syz.3.1464: mark_inode_dirty error
[  890.325393][T13506] EXT4-fs error (device loop3): ext4_do_update_inode:5567: inode #2: comm syz.3.1464: corrupted inode contents
[  890.539712][ T5831] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  891.633025][T13516] trusted_key: encrypted_key: hex blob is missing
[  891.726555][T13278] bridge0: port 1(bridge_slave_0) entered blocking state
[  891.738207][T13528] usb usb8: usbfs: process 13528 (syz.2.1471) did not claim interface 0 before use
[  891.767431][T13278] bridge0: port 1(bridge_slave_0) entered disabled state
[  891.805692][T13278] bridge_slave_0: entered allmulticast mode
[  891.838434][T13278] bridge_slave_0: entered promiscuous mode
[  891.869356][T13528] ptrace attach of "./syz-executor exec"[5839] was attempted by "./syz-executor exec"[13528]
[  891.969287][T13278] bridge0: port 2(bridge_slave_1) entered blocking state
[  891.976517][T13278] bridge0: port 2(bridge_slave_1) entered disabled state
[  892.010680][T13278] bridge_slave_1: entered allmulticast mode
[  892.109094][T13539] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  892.527225][ T5836] Bluetooth: hci5: command 0x0406 tx timeout
[  892.559534][T13278] bridge_slave_1: entered promiscuous mode
[  892.658752][T13540] loop1: detected capacity change from 0 to 128
[  892.777861][T13540] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  892.867213][T13540] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  895.004540][T13278] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  895.534957][T13558] loop2: detected capacity change from 0 to 512
[  895.623554][T13558] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  895.663580][T13558] ext4 filesystem being mounted at /342/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  895.757766][T13558] EXT4-fs error (device loop2): ext4_do_update_inode:5567: inode #2: comm syz.2.1478: corrupted inode contents
[  895.835885][T13558] EXT4-fs error (device loop2): ext4_dirty_inode:6458: inode #2: comm syz.2.1478: mark_inode_dirty error
[  895.853588][   T49] hsr_slave_0: left promiscuous mode
[  895.861137][T13558] EXT4-fs error (device loop2): ext4_do_update_inode:5567: inode #2: comm syz.2.1478: corrupted inode contents
[  895.881692][   T49] hsr_slave_1: left promiscuous mode
[  895.899455][T13572] EXT4-fs error (device loop2): ext4_do_update_inode:5567: inode #2: comm syz.2.1478: corrupted inode contents
[  895.904970][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  895.920267][   T49] batman_adv: batadv0: Removing interface: batadv_slave_0
[  895.951331][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  895.995927][T13572] EXT4-fs error (device loop2): ext4_dirty_inode:6458: inode #2: comm syz.2.1478: mark_inode_dirty error
[  896.014224][   T49] batman_adv: batadv0: Removing interface: batadv_slave_1
[  896.054462][T13572] EXT4-fs error (device loop2): ext4_do_update_inode:5567: inode #2: comm syz.2.1478: corrupted inode contents
[  896.083983][   T49] veth1_macvtap: left promiscuous mode
[  896.127361][   T49] veth0_macvtap: left promiscuous mode
[  896.143020][   T49] veth1_vlan: left promiscuous mode
[  896.153532][   T49] veth0_vlan: left promiscuous mode
[  896.265729][T13572] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #2: comm syz.2.1478: mark_inode_dirty error
[  896.300752][T13572] EXT4-fs error (device loop2): ext4_do_update_inode:5567: inode #2: comm syz.2.1478: corrupted inode contents
[  896.447707][T13572] EXT4-fs error (device loop2): ext4_dirty_inode:6458: inode #2: comm syz.2.1478: mark_inode_dirty error
[  896.658045][T13558] EXT4-fs error (device loop2): ext4_do_update_inode:5567: inode #2: comm syz.2.1478: corrupted inode contents
[  897.257917][T13590] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1485'.
[  897.385451][T13594] loop3: detected capacity change from 0 to 512
[  897.492940][T13594] EXT4-fs (loop3): 1 orphan inode deleted
[  897.508257][T13594] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  897.571359][T13594] ext4 filesystem being mounted at /308/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  898.717779][ T6239] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  899.683033][ T6239] EXT4-fs error (device loop3): ext4_release_dquot:6969: comm kworker/u8:17: Failed to release dquot type 1
[  900.338646][T13603] loop5: detected capacity change from 0 to 512
[  900.347690][T13603] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  900.362900][T13603] EXT4-fs (loop5): orphan cleanup on readonly fs
[  900.370716][T13603] Quota error (device loop5): do_check_range: Getting block 196613 out of range 1-5
[  900.380555][T13603] Quota error (device loop5): qtree_read_dquot: Can't read quota structure for id 0
[  900.390072][T13603] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.1488: Failed to acquire dquot type 1
[  900.407550][T13603] EXT4-fs (loop5): 1 truncate cleaned up
[  900.419449][ T5839] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  900.429650][ T6239] Bluetooth: hci1: Frame reassembly failed (-84)
[  900.436046][ T6239] Bluetooth: hci6: Frame reassembly failed (-84)
[  900.445535][T13603] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  900.466167][T13600] loop1: detected capacity change from 0 to 512
[  900.527199][ T5831] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  900.886830][T13606] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1487'.
[  902.431404][ T5152] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  902.438671][   T51] Bluetooth: hci6: command 0x1003 tx timeout
[  902.447058][ T5836] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  905.930024][   T49] team0 (unregistering): Port device team_slave_1 removed
[  906.056484][   T49] team0 (unregistering): Port device team_slave_0 removed
[  907.318115][T13278] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  907.365630][T13603] lo speed is unknown, defaulting to 1000
[  907.458395][T13633] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[  907.467847][T13633] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[  907.477465][T13633] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  907.720783][T13278] team0: Port device team_slave_0 added
[  908.630133][T13278] team0: Port device team_slave_1 added
[  909.951083][T13657] loop2: detected capacity change from 0 to 1024
[  909.970511][T13654] loop1: detected capacity change from 0 to 128
[  910.003806][T13654] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  910.018619][T13654] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  910.803042][T13657] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  910.831948][T13665] netlink: 64859 bytes leftover after parsing attributes in process `syz.3.1503'.
[  910.848245][T12420] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  911.298142][T13278] batman_adv: batadv0: Adding interface: batadv_slave_0
[  911.357425][T13278] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  911.383410][    C1] vkms_vblank_simulate: vblank timer overrun
[  911.427585][T13657] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 49 with max blocks 4 with error 28
[  911.452381][T13278] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  911.465241][T13278] batman_adv: batadv0: Adding interface: batadv_slave_1
[  911.476384][T13278] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  911.502828][T13278] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  911.543512][T13657] EXT4-fs (loop2): This should not happen!! Data will be lost
[  911.543512][T13657] 
[  911.569073][T13657] EXT4-fs (loop2): Total free blocks count 0
[  911.575141][T13657] EXT4-fs (loop2): Free/Dirty block details
[  911.637773][T13657] EXT4-fs (loop2): free_blocks=0
[  911.662047][T13657] EXT4-fs (loop2): dirty_blocks=0
[  911.683699][T13657] EXT4-fs (loop2): Block reservation details
[  911.696379][T13657] EXT4-fs (loop2): i_reserved_data_blocks=0
[  911.765777][T13278] hsr_slave_0: entered promiscuous mode
[  911.858376][T13278] hsr_slave_1: entered promiscuous mode
[  911.870323][ T5839] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  911.879536][T13278] debugfs: 'hsr0' already exists in 'hsr'
[  911.879597][T13278] Cannot create hsr debugfs directory
[  913.048621][T13689] loop5: detected capacity change from 0 to 512
[  913.141933][T13689] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  913.173100][T13684] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[  913.187408][T13684] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[  913.197014][T13684] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  913.248199][T13665] loop3: detected capacity change from 0 to 32768
[  913.256546][T13689] ext4 filesystem being mounted at /34/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  913.294506][T13665] bcachefs (/dev/loop3): error validating superblock: Invalid superblock section clean: entry type btree_keys overruns end of section
[  913.294506][T13665] clean (size 2912):
[  913.294506][T13665] flags:          0
[  913.294506][T13665] journal_seq:    8
[  913.294506][T13665] usage: type=inodes v=8
[  913.294506][T13665] usage: type=key_version v=0
[  913.294506][T13665] usage: type=reserved v=0
[  913.294506][T13665] usage: type=reserved v=0
[  913.294506][T13665] usage: type=reserved v=0
[  913.294506][T13665] usage: type=reserved v=0
[  913.294506][T13665] data_usage: btree: 1/1 [0]=2816
[  913.294506][T13665] data_usage: journal: 1/1 [0]=0
[  913.294506][T13665] btree_keys: btree=extents level=0 u64s 8 type deleted 0:2048:0 len 8 ver 1065151889408: 
[  913.294506][T13665] btree_keys: btree=extents level=0 u64s 1 type deleted POS_MIN len 224 ver 137438953472: 
[  913.294506][T13665] btree_keys: btree=extents level=0 u64s 32 type deleted POS_MIN len 0 ver 962072674304: 
[  913.294506][T13665] clock: read=0
[  913.294506][T13665] clock: write=1288
[  913.294506][T13665] btree_root: btree=extents level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 249e7ae2af8ee356 written 16 min_key POS_MIN ptr: 0:6912 gen 0
[  913.294506][T13665] btree_root: btree=inodes level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq efdd7a26d7396dd5 written 24 min_key POS_MIN ptr: 0:9728 gen 0
[  913.294506][T13665] btree_root: btree=dirents l
[  913.294776][T13665] bcachefs: bch2_fs_get_tree() error: invalid_sb_clean
[  913.425507][    C1] vkms_vblank_simulate: vblank timer overrun
[  913.455309][T13689] EXT4-fs error (device loop5): ext4_do_update_inode:5567: inode #2: comm syz.5.1508: corrupted inode contents
[  913.503357][T13689] EXT4-fs error (device loop5): ext4_dirty_inode:6458: inode #2: comm syz.5.1508: mark_inode_dirty error
[  913.542744][T13689] EXT4-fs error (device loop5): ext4_do_update_inode:5567: inode #2: comm syz.5.1508: corrupted inode contents
[  913.590254][T13697] EXT4-fs error (device loop5): ext4_do_update_inode:5567: inode #2: comm syz.5.1508: corrupted inode contents
[  913.684354][T13697] EXT4-fs error (device loop5): ext4_dirty_inode:6458: inode #2: comm syz.5.1508: mark_inode_dirty error
[  913.706111][T13697] EXT4-fs error (device loop5): ext4_do_update_inode:5567: inode #2: comm syz.5.1508: corrupted inode contents
[  913.722156][T13697] EXT4-fs error (device loop5): __ext4_ext_dirty:206: inode #2: comm syz.5.1508: mark_inode_dirty error
[  913.763770][T13665] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1503'.
[  913.803626][T13697] EXT4-fs error (device loop5): ext4_do_update_inode:5567: inode #2: comm syz.5.1508: corrupted inode contents
[  913.863866][T13704] loop1: detected capacity change from 0 to 1024
[  913.935761][T13697] EXT4-fs error (device loop5): ext4_dirty_inode:6458: inode #2: comm syz.5.1508: mark_inode_dirty error
[  914.000464][T13699] sctp: failed to load transform for md5: -2
[  914.025736][T13704] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  914.101053][T13278] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  914.145273][T13711] loop2: detected capacity change from 0 to 64
[  914.152189][T13698] EXT4-fs error (device loop5): ext4_do_update_inode:5567: inode #2: comm syz.5.1508: corrupted inode contents
[  914.179251][T13278] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  914.327613][T13278] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  914.362364][ T5843] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  914.408994][T13714] loop3: detected capacity change from 0 to 1024
[  914.429653][T13278] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  914.502442][T13714] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  914.526650][T12420] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  914.706419][T13724] loop1: detected capacity change from 0 to 2048
[  914.852915][ T5885]  loop1: p1 < > p4
[  914.876910][ T5885] loop1: p4 size 8388608 extends beyond EOD, truncated
[  914.891067][ T6215] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 51 with max blocks 1 with error 28
[  914.935218][T13278] 8021q: adding VLAN 0 to HW filter on device bond0
[  914.968212][ T6215] EXT4-fs (loop3): This should not happen!! Data will be lost
[  914.968212][ T6215] 
[  914.987528][T13724]  loop1: p1 < > p4
[  914.990359][ T6215] EXT4-fs (loop3): Total free blocks count 0
[  915.026496][ T6215] EXT4-fs (loop3): Free/Dirty block details
[  915.030432][T13724] loop1: p4 size 8388608 extends beyond EOD, truncated
[  915.073520][T13278] 8021q: adding VLAN 0 to HW filter on device team0
[  915.080584][ T6215] EXT4-fs (loop3): free_blocks=0
[  915.117158][ T6215] EXT4-fs (loop3): dirty_blocks=0
[  915.130876][T11646] bridge0: port 1(bridge_slave_0) entered blocking state
[  915.138126][T11646] bridge0: port 1(bridge_slave_0) entered forwarding state
[  915.139671][ T6215] EXT4-fs (loop3): Block reservation details
[  915.211866][T11646] bridge0: port 2(bridge_slave_1) entered blocking state
[  915.212734][ T6215] EXT4-fs (loop3): i_reserved_data_blocks=0
[  915.219093][T11646] bridge0: port 2(bridge_slave_1) entered forwarding state
[  915.268619][ T5831] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  915.590846][ T5995] udevd[5995]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory
[  915.601463][T11592] udevd[11592]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory
[  915.695508][ T5995] udevd[5995]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory
[  915.721247][T11592] udevd[11592]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory
[  915.877303][ T6876] usb 4-1: new full-speed USB device number 7 using dummy_hcd
[  915.932773][T13752] loop5: detected capacity change from 0 to 1024
[  916.092236][ T6876] usb 4-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[  916.116119][ T6876] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  916.129113][ T6876] usb 4-1: Product: syz
[  916.133365][ T6876] usb 4-1: Manufacturer: syz
[  916.138307][ T6876] usb 4-1: SerialNumber: syz
[  916.146396][ T6876] usb 4-1: config 0 descriptor??
[  916.169450][ T6876] gspca_main: sonixj-2.14.0 probing 0c45:613a
[  916.174752][T13752] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  917.037880][T13278] 8021q: adding VLAN 0 to HW filter on device batadv0
[  917.256890][T12420] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  917.282740][ T6876] gspca_sonixj: reg_r err -71
[  917.293837][ T6876] sonixj 4-1:0.0: probe with driver sonixj failed with error -71
[  917.322689][ T6876] usb 4-1: USB disconnect, device number 7
[  917.374957][T13774] loop1: detected capacity change from 0 to 1024
[  917.468081][T13774] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  917.778189][T13785] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  917.861815][ T5843] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  918.555439][T13796] loop3: detected capacity change from 0 to 512
[  918.767941][T13801] loop1: detected capacity change from 0 to 512
[  919.583183][ T6215] Bluetooth: hci1: Frame reassembly failed (-84)
[  919.583636][T13801] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  919.609837][T13801] EXT4-fs (loop1): orphan cleanup on readonly fs
[  919.622764][T13801] Quota error (device loop1): do_check_range: Getting block 196613 out of range 1-5
[  919.632842][T13801] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0
[  919.642414][T13801] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.1523: Failed to acquire dquot type 1
[  919.661600][T13801] EXT4-fs (loop1): 1 truncate cleaned up
[  920.261372][T13801] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  920.274567][T13796] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  920.356046][T13801] lo speed is unknown, defaulting to 1000
[  921.118726][ T5836] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  921.426796][T13796] workqueue: Failed to create a rescuer kthread for wq "ext4-rsv-conversion": -EINTR
[  921.426865][T13796] EXT4-fs: failed to create workqueue
[  921.755472][T13796] EXT4-fs (loop3): mount failed
[  921.823253][ T5843] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  922.801766][T13278] veth0_vlan: entered promiscuous mode
[  923.031398][T13278] veth1_vlan: entered promiscuous mode
[  923.405028][T13822] loop2: detected capacity change from 0 to 512
[  923.498377][T13822] EXT4-fs: Ignoring removed mblk_io_submit option
[  923.533769][T13278] veth0_macvtap: entered promiscuous mode
[  923.585614][T13822] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[  923.614833][T13278] veth1_macvtap: entered promiscuous mode
[  923.664081][T13822] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a043c11c, mo2=0002]
[  923.676501][T13822] System zones: 1-12
[  923.689496][T13822] EXT4-fs error (device loop2): ext4_iget_extra_inode:5034: inode #15: comm syz.2.1531: corrupted in-inode xattr: e_value size too large
[  923.749880][T13822] EXT4-fs error (device loop2): ext4_orphan_get:1398: comm syz.2.1531: couldn't read orphan inode 15 (err -117)
[  923.766536][T13278] batman_adv: batadv0: Interface activated: batadv_slave_0
[  923.799554][T13822] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  923.872098][T13278] batman_adv: batadv0: Interface activated: batadv_slave_1
[  923.913305][   T13] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  923.932990][T13831] loop5: detected capacity change from 0 to 1024
[  923.956600][   T13] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  924.040284][   T13] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  924.069129][ T6300] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  924.104761][T13831] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  924.614838][T13842] Bluetooth: MGMT ver 1.23
[  925.149471][T12420] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  925.209766][ T5839] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  925.429807][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  925.464835][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  925.568890][ T6215] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  925.591698][ T6215] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  926.687866][T13611] Bluetooth: hci0: Opcode 0x1407 failed: -110
[  926.695418][ T5836] Bluetooth: hci0: command 0x1407 tx timeout
[  928.165303][T13866] loop5: detected capacity change from 0 to 1024
[  928.469896][T13866] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  928.801750][T12420] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  929.871624][T13887] mac80211_hwsim hwsim7 syzkaller0: entered promiscuous mode
[  929.879259][T13887] mac80211_hwsim hwsim7 syzkaller0: entered allmulticast mode
[  930.179046][T13893] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  931.412778][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  931.456930][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  933.617001][T13916] syzkaller0: entered promiscuous mode
[  933.699762][T13916] syzkaller0: entered allmulticast mode
[  938.204892][T13941] loop5: detected capacity change from 0 to 512
[  938.258772][T13941] EXT4-fs: Ignoring removed mblk_io_submit option
[  938.331929][T13611] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  938.342266][T13611] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  938.390667][T13611] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  938.400311][T13611] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  938.409551][T13611] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  938.434975][T13941] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[  938.495261][T13949] capability: warning: `syz.1.1555' uses 32-bit capabilities (legacy support in use)
[  938.987793][T13941] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a043c11c, mo2=0002]
[  939.074492][T13941] System zones: 1-12
[  939.136939][T13941] EXT4-fs error (device loop5): ext4_iget_extra_inode:5034: inode #15: comm syz.5.1558: corrupted in-inode xattr: e_value size too large
[  939.169144][T13941] EXT4-fs error (device loop5): ext4_orphan_get:1398: comm syz.5.1558: couldn't read orphan inode 15 (err -117)
[  939.202892][T13942] lo speed is unknown, defaulting to 1000
[  939.778649][T13941] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  940.452018][T13611] Bluetooth: hci1: command tx timeout
[  941.350968][T13973] loop7: detected capacity change from 0 to 164
[  941.359394][T12420] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  941.434448][T13973] ISOFS: unable to read i-node block
[  941.480677][T13973] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  941.642354][T13984] trusted_key: encrypted_key: hex blob is missing
[  941.855212][T13985] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  942.427415][T13976] usb usb8: usbfs: process 13976 (syz.1.1567) did not claim interface 0 before use
[  942.527726][T13611] Bluetooth: hci1: command tx timeout
[  942.696780][T13976] ptrace attach of "./syz-executor exec"[5843] was attempted by "./syz-executor exec"[13976]
[  943.306084][T13942] chnl_net:caif_netlink_parms(): no params data found
[  944.977251][T13611] Bluetooth: hci1: command tx timeout
[  945.146056][T14009] loop7: detected capacity change from 0 to 512
[  945.194311][T14009] EXT4-fs: Ignoring removed mblk_io_submit option
[  945.407979][T14009] EXT4-fs (loop7): mounting ext3 file system using the ext4 subsystem
[  945.519562][T14009] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a043c11c, mo2=0002]
[  945.613686][T14009] System zones: 1-12
[  945.618667][T14026] loop2: detected capacity change from 0 to 1024
[  945.666616][T14009] EXT4-fs error (device loop7): ext4_iget_extra_inode:5034: inode #15: comm syz.7.1573: corrupted in-inode xattr: e_value size too large
[  945.699829][T14009] EXT4-fs error (device loop7): ext4_orphan_get:1398: comm syz.7.1573: couldn't read orphan inode 15 (err -117)
[  945.760806][T14026] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  945.791804][T13942] bridge0: port 1(bridge_slave_0) entered blocking state
[  945.818349][T14009] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  945.841458][T13942] bridge0: port 1(bridge_slave_0) entered disabled state
[  945.869790][T13942] bridge_slave_0: entered allmulticast mode
[  945.904822][T13942] bridge_slave_0: entered promiscuous mode
[  945.961077][T13942] bridge0: port 2(bridge_slave_1) entered blocking state
[  945.991543][T14026] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 49 with max blocks 4 with error 28
[  946.012992][T13942] bridge0: port 2(bridge_slave_1) entered disabled state
[  946.038326][T13942] bridge_slave_1: entered allmulticast mode
[  946.055442][T14026] EXT4-fs (loop2): This should not happen!! Data will be lost
[  946.055442][T14026] 
[  946.076173][T13942] bridge_slave_1: entered promiscuous mode
[  946.118893][T14026] EXT4-fs (loop2): Total free blocks count 0
[  946.218437][T14026] EXT4-fs (loop2): Free/Dirty block details
[  946.297726][T14026] EXT4-fs (loop2): free_blocks=0
[  946.366852][T14026] EXT4-fs (loop2): dirty_blocks=0
[  946.472396][T14026] EXT4-fs (loop2): Block reservation details
[  946.652932][T14026] EXT4-fs (loop2): i_reserved_data_blocks=0
[  946.836129][T13278] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  947.017379][T13611] Bluetooth: hci1: command tx timeout
[  947.054960][ T5839] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  947.115355][T13942] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  947.235389][T13942] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  947.716605][T14059] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  948.061219][T14060] loop7: detected capacity change from 0 to 1024
[  948.181690][T14060] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  948.280828][T13942] team0: Port device team_slave_0 added
[  948.411537][T14060] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 49 with max blocks 4 with error 28
[  948.423988][T14060] EXT4-fs (loop7): This should not happen!! Data will be lost
[  948.423988][T14060] 
[  948.433782][T14060] EXT4-fs (loop7): Total free blocks count 0
[  948.442073][T14060] EXT4-fs (loop7): Free/Dirty block details
[  948.449954][T14060] EXT4-fs (loop7): free_blocks=0
[  948.455065][T14060] EXT4-fs (loop7): dirty_blocks=0
[  948.459279][T13942] team0: Port device team_slave_1 added
[  948.461853][T14060] EXT4-fs (loop7): Block reservation details
[  948.484551][T14060] EXT4-fs (loop7): i_reserved_data_blocks=0
[  949.288612][T14073] loop1: detected capacity change from 0 to 512
[  949.324089][T14073] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  949.334846][T11656] Bluetooth: hci6: Frame reassembly failed (-84)
[  949.358493][T13278] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  949.370969][T14073] EXT4-fs (loop1): orphan cleanup on readonly fs
[  949.389190][T14073] Quota error (device loop1): do_check_range: Getting block 196613 out of range 1-5
[  949.398993][T14073] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0
[  949.408636][T14073] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.1585: Failed to acquire dquot type 1
[  949.421659][T14073] EXT4-fs (loop1): 1 truncate cleaned up
[  950.179760][T14073] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  950.408481][T14073] lo speed is unknown, defaulting to 1000
[  950.462282][T13942] batman_adv: batadv0: Adding interface: batadv_slave_0
[  950.499017][T13942] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  950.607533][T13942] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  950.669394][T14077] loop7: detected capacity change from 0 to 1024
[  950.686066][T13942] batman_adv: batadv0: Adding interface: batadv_slave_1
[  950.695310][T13942] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  950.760034][T13942] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  950.797012][T14077] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  951.070443][T13278] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  951.074588][T13942] hsr_slave_0: entered promiscuous mode
[  951.086833][T13942] hsr_slave_1: entered promiscuous mode
[  951.115684][T13942] debugfs: 'hsr0' already exists in 'hsr'
[  951.132534][T13942] Cannot create hsr debugfs directory
[  951.327782][ T5836] Bluetooth: hci6: command 0x1003 tx timeout
[  951.337664][T13611] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  951.576474][ T5843] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  952.317949][T14090] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  955.178212][T14123] trusted_key: encrypted_key: hex blob is missing
[  955.385610][T14125] usb usb8: usbfs: process 14125 (syz.1.1597) did not claim interface 0 before use
[  955.460864][T14125] ptrace attach of "./syz-executor exec"[5843] was attempted by "./syz-executor exec"[14125]
[  956.072574][T14137] loop5: detected capacity change from 0 to 512
[  957.078310][T11650] Bluetooth: hci2: Frame reassembly failed (-84)
[  957.119240][T14137] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  957.160624][T14137] EXT4-fs (loop5): orphan cleanup on readonly fs
[  957.180691][T14137] Quota error (device loop5): do_check_range: Getting block 196613 out of range 1-5
[  957.190743][T14137] Quota error (device loop5): qtree_read_dquot: Can't read quota structure for id 0
[  957.200286][T14137] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.1600: Failed to acquire dquot type 1
[  957.215162][T14137] EXT4-fs (loop5): 1 truncate cleaned up
[  957.223170][T14137] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  957.752035][T14134] lo speed is unknown, defaulting to 1000
[  958.127277][T13611] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  958.960833][T12420] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  959.167247][T11646] bridge_slave_1: left allmulticast mode
[  959.173210][T11646] bridge_slave_1: left promiscuous mode
[  959.230084][T11646] bridge0: port 2(bridge_slave_1) entered disabled state
[  959.643823][T11646] bridge_slave_0: left allmulticast mode
[  959.651600][T11646] bridge_slave_0: left promiscuous mode
[  960.564089][T11646] bridge0: port 1(bridge_slave_0) entered disabled state
[  960.777083][T14165] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  964.605351][T14188] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  964.834196][T11646] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  964.843698][T11646] bond_slave_0: left allmulticast mode
[  964.853240][T11646] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  964.863139][T11646] bond_slave_1: left allmulticast mode
[  964.870399][T11646] bond0 (unregistering): Released all slaves
[  964.918366][T14186] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[  964.927883][T14186] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[  964.939019][T14186] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  965.182338][T14191] loop5: detected capacity change from 0 to 512
[  965.190119][ T6215] Bluetooth: hci2: Frame reassembly failed (-84)
[  965.196962][T14191] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  965.229243][T14191] EXT4-fs (loop5): orphan cleanup on readonly fs
[  965.238312][T14191] Quota error (device loop5): do_check_range: Getting block 196613 out of range 1-5
[  965.251495][T14191] Quota error (device loop5): qtree_read_dquot: Can't read quota structure for id 0
[  965.261266][T14191] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.1617: Failed to acquire dquot type 1
[  965.276032][T13942] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  965.290675][T14191] EXT4-fs (loop5): 1 truncate cleaned up
[  965.308729][T14191] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  965.389203][T13942] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  965.643102][T14191] lo speed is unknown, defaulting to 1000
[  966.584845][T13942] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  966.632429][T13942] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  967.248221][T13611] Bluetooth: hci2: command 0x1003 tx timeout
[  967.250695][ T5836] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  967.319896][T12420] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  967.623605][T11646] hsr_slave_0: left promiscuous mode
[  967.648752][T11646] hsr_slave_1: left promiscuous mode
[  967.665565][T11646] batman_adv: batadv0: Removing interface: batadv_slave_0
[  967.756750][T11646] batman_adv: batadv0: Removing interface: batadv_slave_1
[  968.524963][T14231] loop1: detected capacity change from 0 to 512
[  968.578824][T14231] EXT4-fs: Ignoring removed mblk_io_submit option
[  968.594409][T14231] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  968.620805][T14231] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a043c11c, mo2=0002]
[  968.645709][T14231] System zones: 1-12
[  968.697390][T14231] EXT4-fs error (device loop1): ext4_iget_extra_inode:5034: inode #15: comm syz.1.1625: corrupted in-inode xattr: e_value size too large
[  968.733422][T14231] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.1625: couldn't read orphan inode 15 (err -117)
[  968.788798][T14231] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  970.222725][ T5843] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  972.236419][T14253] loop7: detected capacity change from 0 to 512
[  972.333080][T11646] team0 (unregistering): Port device team_slave_1 removed
[  972.341541][   T49] Bluetooth: hci2: Frame reassembly failed (-84)
[  972.358365][T14253] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  972.434290][T14253] EXT4-fs (loop7): orphan cleanup on readonly fs
[  972.453943][T14253] Quota error (device loop7): do_check_range: Getting block 196613 out of range 1-5
[  972.463613][T14253] Quota error (device loop7): qtree_read_dquot: Can't read quota structure for id 0
[  972.473122][T14253] EXT4-fs error (device loop7): ext4_acquire_dquot:6933: comm syz.7.1633: Failed to acquire dquot type 1
[  972.503475][T14253] EXT4-fs (loop7): 1 truncate cleaned up
[  973.283569][T14253] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  973.414630][T11646] team0 (unregistering): Port device team_slave_0 removed
[  973.599025][T14265] loop2: detected capacity change from 0 to 128
[  973.612545][T14265] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  973.659949][T14265] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  974.357233][ T5836] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  975.291321][T14273] loop1: detected capacity change from 0 to 512
[  975.374250][T14273] EXT4-fs: Ignoring removed mblk_io_submit option
[  975.431179][T14273] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  975.508151][T14273] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a043c11c, mo2=0002]
[  975.546807][T14273] System zones: 1-12
[  975.735913][T14273] EXT4-fs error (device loop1): ext4_iget_extra_inode:5034: inode #15: comm syz.1.1637: corrupted in-inode xattr: e_value size too large
[  975.751938][T14273] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.1637: couldn't read orphan inode 15 (err -117)
[  975.766014][T14273] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  976.292255][ T5843] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  976.342693][T14229] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[  976.352755][T14229] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[  976.362750][T14229] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  976.362756][T14253] lo speed is unknown, defaulting to 1000
[  977.762156][T13942] 8021q: adding VLAN 0 to HW filter on device bond0
[  977.916006][T13942] 8021q: adding VLAN 0 to HW filter on device team0
[  977.935494][T14295] loop2: detected capacity change from 0 to 512
[  978.009346][T14295] EXT4-fs: Ignoring removed nomblk_io_submit option
[  978.022961][ T6213] bridge0: port 1(bridge_slave_0) entered blocking state
[  978.030331][ T6213] bridge0: port 1(bridge_slave_0) entered forwarding state
[  978.067439][T14295] ext4: Unknown parameter 'subj_user'
[  978.114596][ T6213] bridge0: port 2(bridge_slave_1) entered blocking state
[  978.121866][ T6213] bridge0: port 2(bridge_slave_1) entered forwarding state
[  980.734647][T13278] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  984.732545][T14360] loop5: detected capacity change from 0 to 164
[  984.755725][T14355] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[  984.765263][T14355] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[  984.775089][T14355] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  984.854736][T14360] ISOFS: unable to read i-node block
[  984.901356][T14360] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  985.254241][T14369] loop7: detected capacity change from 0 to 512
[  985.273528][T14369] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  985.285662][ T6054] Bluetooth: hci2: Frame reassembly failed (-84)
[  985.342333][T14369] EXT4-fs (loop7): orphan cleanup on readonly fs
[  985.355488][T14369] Quota error (device loop7): do_check_range: Getting block 196613 out of range 1-5
[  985.365212][T14369] Quota error (device loop7): qtree_read_dquot: Can't read quota structure for id 0
[  985.374686][T14369] EXT4-fs error (device loop7): ext4_acquire_dquot:6933: comm syz.7.1656: Failed to acquire dquot type 1
[  985.393350][T14369] EXT4-fs (loop7): 1 truncate cleaned up
[  986.099189][T14369] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  986.134182][T14369] lo speed is unknown, defaulting to 1000
[  986.323153][T13942] 8021q: adding VLAN 0 to HW filter on device batadv0
[  987.634383][T13611] Bluetooth: hci2: command 0x1003 tx timeout
[  987.648035][ T5836] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  987.872909][T13278] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  987.938914][T14389] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[  987.948419][T14389] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[  987.958223][T14389] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  991.010009][T14431] loop6: detected capacity change from 0 to 7
[  991.027516][T14431] Dev loop6: unable to read RDB block 7
[  991.033179][T14431]  loop6: unable to read partition table
[  991.786114][T14431] loop6: partition table beyond EOD, truncated
[  991.802306][T14431] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[  991.913193][T13942] veth0_vlan: entered promiscuous mode
[  992.078377][T13942] veth1_vlan: entered promiscuous mode
[  993.119854][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  993.126248][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  993.885763][T13942] veth0_macvtap: entered promiscuous mode
[  993.886809][T14450] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  994.953965][T14462] loop2: detected capacity change from 0 to 512
[  995.103133][T14462] EXT4-fs: Ignoring removed mblk_io_submit option
[  995.190740][T14462] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[  995.262926][T14462] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a043c11c, mo2=0002]
[  995.277494][T14462] System zones: 1-12
[  995.347755][T14468] netlink: 20 bytes leftover after parsing attributes in process `syz.7.1682'.
[  995.367139][T14462] EXT4-fs error (device loop2): ext4_iget_extra_inode:5034: inode #15: comm syz.2.1680: corrupted in-inode xattr: e_value size too large
[  995.456343][T14462] EXT4-fs error (device loop2): ext4_orphan_get:1398: comm syz.2.1680: couldn't read orphan inode 15 (err -117)
[  995.761958][T14462] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  997.747957][T13611] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  997.874145][T13611] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  997.883842][T13611] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  997.904939][T13611] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  997.931273][T13611] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  999.732978][T14477] lo speed is unknown, defaulting to 1000
[ 1000.053640][T11846] Bluetooth: hci0: command 0x1407 tx timeout
[ 1000.092731][ T5839] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1001.016424][T14503] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[ 1001.807360][ T5836] Bluetooth: hci2: command tx timeout
[ 1003.887225][T11846] Bluetooth: hci2: command tx timeout
[ 1005.795355][T14517] loop1: detected capacity change from 0 to 164
[ 1005.918553][T14517] ISOFS: unable to read i-node block
[ 1005.959531][T14517] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[ 1005.977475][T11846] Bluetooth: hci2: command tx timeout
[ 1008.057336][T11846] Bluetooth: hci2: command tx timeout
[ 1009.148257][T14477] chnl_net:caif_netlink_parms(): no params data found
[ 1009.194858][T14545] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[ 1009.204413][T14545] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[ 1009.215288][T14545] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[ 1011.235228][T14562] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[ 1011.235305][T14562] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[ 1011.235327][T14562] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[ 1011.359803][T14552] ceph: No mds server is up or the cluster is laggy
[ 1011.374943][T14571] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1702'.
[ 1011.383063][ T6863] libceph: connect (1)[c::]:6789 error -101
[ 1011.442641][ T6863] libceph: mon0 (1)[c::]:6789 connect error
[ 1011.949209][ T6851] libceph: connect (1)[c::]:6789 error -101
[ 1011.999629][ T6851] libceph: mon0 (1)[c::]:6789 connect error
[ 1013.324297][T14477] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1013.354732][T14477] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1013.366828][T14477] bridge_slave_0: entered allmulticast mode
[ 1013.430960][T14477] bridge_slave_0: entered promiscuous mode
[ 1013.510907][T11646] bridge_slave_1: left allmulticast mode
[ 1013.591971][T11646] bridge_slave_1: left promiscuous mode
[ 1013.689922][T11646] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1014.098351][T11646] bridge_slave_0: left allmulticast mode
[ 1014.104214][T11646] bridge_slave_0: left promiscuous mode
[ 1014.886074][T11646] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1015.800439][T14612] loop2: detected capacity change from 0 to 512
[ 1015.810359][T14612] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[ 1015.835858][T14612] EXT4-fs (loop2): orphan cleanup on readonly fs
[ 1015.844389][T14612] Quota error (device loop2): do_check_range: Getting block 196613 out of range 1-5
[ 1015.854023][T14612] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0
[ 1015.863431][T14612] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.1711: Failed to acquire dquot type 1
[ 1015.882535][T11648] Bluetooth: hci1: Frame reassembly failed (-84)
[ 1015.884816][T14612] EXT4-fs (loop2): 1 truncate cleaned up
[ 1015.976049][T14612] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[ 1016.601503][T14616] netlink: 64859 bytes leftover after parsing attributes in process `syz.1.1712'.
[ 1017.034978][T14616] loop1: detected capacity change from 0 to 32768
[ 1017.054593][T14616] bcachefs (/dev/loop1): error validating superblock: Invalid superblock section clean: entry type btree_keys overruns end of section
[ 1017.054593][T14616] clean (size 2912):
[ 1017.054593][T14616] flags:          0
[ 1017.054593][T14616] journal_seq:    8
[ 1017.054593][T14616] usage: type=inodes v=8
[ 1017.054593][T14616] usage: type=key_version v=0
[ 1017.054593][T14616] usage: type=reserved v=0
[ 1017.054593][T14616] usage: type=reserved v=0
[ 1017.054593][T14616] usage: type=reserved v=0
[ 1017.054593][T14616] usage: type=reserved v=0
[ 1017.054593][T14616] data_usage: btree: 1/1 [0]=2816
[ 1017.054593][T14616] data_usage: journal: 1/1 [0]=0
[ 1017.054593][T14616] btree_keys: btree=extents level=0 u64s 8 type deleted 0:2048:0 len 8 ver 1065151889408: 
[ 1017.054593][T14616] btree_keys: btree=extents level=0 u64s 1 type deleted POS_MIN len 224 ver 137438953472: 
[ 1017.054593][T14616] btree_keys: btree=extents level=0 u64s 32 type deleted POS_MIN len 0 ver 962072674304: 
[ 1017.054593][T14616] clock: read=0
[ 1017.054593][T14616] clock: write=1288
[ 1017.054593][T14616] btree_root: btree=extents level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 249e7ae2af8ee356 written 16 min_key POS_MIN ptr: 0:6912 gen 0
[ 1017.054593][T14616] btree_root: btree=inodes level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq efdd7a26d7396dd5 written 24 min_key POS_MIN ptr: 0:9728 gen 0
[ 1017.054593][T14616] btree_root: btree=dirents l
[ 1017.054852][T14616] bcachefs: bch2_fs_get_tree() error: invalid_sb_clean
[ 1017.185772][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1017.259848][T11646] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1017.283062][T11646] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1017.306877][T11646] bond0 (unregistering): Released all slaves
[ 1017.368739][T14477] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1017.375990][T14477] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1017.396156][T14477] bridge_slave_1: entered allmulticast mode
[ 1017.409586][T14477] bridge_slave_1: entered promiscuous mode
[ 1017.473992][T14612] lo speed is unknown, defaulting to 1000
[ 1017.490755][T14619] sctp: failed to load transform for md5: -2
[ 1017.527995][T14616] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1712'.
[ 1017.775399][T14625] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1714'.
[ 1017.847465][T11846] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 1018.020898][ T5839] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1018.046066][T11646] hsr_slave_0: left promiscuous mode
[ 1019.158209][T11646] hsr_slave_1: left promiscuous mode
[ 1019.797143][T11646] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1019.974618][T11646] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1019.985866][ T6851] libceph: connect (1)[c::]:6789 error -101
[ 1020.012918][ T6851] libceph: mon0 (1)[c::]:6789 connect error
[ 1020.047357][T14639] ceph: No mds server is up or the cluster is laggy
[ 1021.231327][ T6851] libceph: connect (1)[c::]:6789 error -101
[ 1021.267337][ T6851] libceph: mon0 (1)[c::]:6789 connect error
[ 1021.590353][T11646] veth0_macvtap: left promiscuous mode
[ 1021.676326][T11646] veth1_vlan: left promiscuous mode
[ 1022.339841][T11646] veth0_vlan: left promiscuous mode
[ 1023.485576][T11496] libceph: connect (1)[c::]:6789 error -101
[ 1023.497001][T11496] libceph: mon0 (1)[c::]:6789 connect error
[ 1023.537789][T14669] ceph: No mds server is up or the cluster is laggy
[ 1024.479563][T11496] libceph: connect (1)[c::]:6789 error -101
[ 1024.485657][T11496] libceph: mon0 (1)[c::]:6789 connect error
[ 1026.110815][T14690] loop2: detected capacity change from 0 to 128
[ 1026.144325][T14690] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[ 1026.171440][T14690] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[ 1027.182523][T11646] team0 (unregistering): Port device team_slave_1 removed
[ 1027.406736][T14698] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[ 1028.267717][T11646] team0 (unregistering): Port device team_slave_0 removed
[ 1028.507585][T14704] netlink: 64859 bytes leftover after parsing attributes in process `syz.7.1729'.
[ 1028.995651][T14704] loop7: detected capacity change from 0 to 32768
[ 1029.011189][T14704] bcachefs (/dev/loop7): error validating superblock: Invalid superblock section clean: entry type btree_keys overruns end of section
[ 1029.011189][T14704] clean (size 2912):
[ 1029.011189][T14704] flags:          0
[ 1029.011189][T14704] journal_seq:    8
[ 1029.011189][T14704] usage: type=inodes v=8
[ 1029.011189][T14704] usage: type=key_version v=0
[ 1029.011189][T14704] usage: type=reserved v=0
[ 1029.011189][T14704] usage: type=reserved v=0
[ 1029.011189][T14704] usage: type=reserved v=0
[ 1029.011189][T14704] usage: type=reserved v=0
[ 1029.011189][T14704] data_usage: btree: 1/1 [0]=2816
[ 1029.011189][T14704] data_usage: journal: 1/1 [0]=0
[ 1029.011189][T14704] btree_keys: btree=extents level=0 u64s 8 type deleted 0:2048:0 len 8 ver 1065151889408: 
[ 1029.011189][T14704] btree_keys: btree=extents level=0 u64s 1 type deleted POS_MIN len 224 ver 137438953472: 
[ 1029.011189][T14704] btree_keys: btree=extents level=0 u64s 32 type deleted POS_MIN len 0 ver 962072674304: 
[ 1029.011189][T14704] clock: read=0
[ 1029.011189][T14704] clock: write=1288
[ 1029.011189][T14704] btree_root: btree=extents level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 249e7ae2af8ee356 written 16 min_key POS_MIN ptr: 0:6912 gen 0
[ 1029.011189][T14704] btree_root: btree=inodes level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq efdd7a26d7396dd5 written 24 min_key POS_MIN ptr: 0:9728 gen 0
[ 1029.011189][T14704] btree_root: btree=dirents l
[ 1029.011431][T14704] bcachefs: bch2_fs_get_tree() error: invalid_sb_clean
[ 1029.383962][T14710] sctp: failed to load transform for md5: -2
[ 1029.731413][T14716] fuse: Bad value for 'rootmode'
[ 1030.143240][T14477] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1030.168907][T14477] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1030.228358][T14704] netlink: 24 bytes leftover after parsing attributes in process `syz.7.1729'.
[ 1031.516225][T14727] fuse: Bad value for 'rootmode'
[ 1031.800236][T14477] team0: Port device team_slave_0 added
[ 1031.861729][T14477] team0: Port device team_slave_1 added
[ 1032.631563][T14477] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1032.641522][T14477] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1032.674620][T14477] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1033.590483][T14477] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1033.649556][T14477] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1033.945425][T14477] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1035.219181][ T5833] libceph: connect (1)[c::]:6789 error -101
[ 1035.269308][ T5833] libceph: mon0 (1)[c::]:6789 connect error
[ 1035.332345][T14749] ceph: No mds server is up or the cluster is laggy
[ 1035.334497][T14477] hsr_slave_0: entered promiscuous mode
[ 1035.356376][T14477] hsr_slave_1: entered promiscuous mode
[ 1036.538599][T14772] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[ 1036.548355][T14772] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[ 1036.558026][T14772] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[ 1038.042900][T14790] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1750'.
[ 1039.226524][T14800] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1751'.
[ 1040.042759][ T6851] libceph: connect (1)[c::]:6789 error -101
[ 1040.052510][ T6851] libceph: mon0 (1)[c::]:6789 connect error
[ 1040.222451][T14821] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[ 1040.449589][ T6851] libceph: connect (1)[c::]:6789 error -101
[ 1040.466685][ T6851] libceph: mon0 (1)[c::]:6789 connect error
[ 1040.609579][T14816] loop6: detected capacity change from 0 to 7
[ 1040.727579][T14816] Dev loop6: unable to read RDB block 7
[ 1040.758466][T14814] ceph: No mds server is up or the cluster is laggy
[ 1040.767387][T14816]  loop6: unable to read partition table
[ 1040.806337][T14816] loop6: partition table beyond EOD, truncated
[ 1040.824652][T14816] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1042.470046][T14477] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1042.529348][T14477] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1042.758666][T14477] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1043.032136][T14477] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1043.566691][T14477] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1043.720490][T14861] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1759'.
[ 1044.177230][T14477] 8021q: adding VLAN 0 to HW filter on device team0
[ 1044.881426][ T6239] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1044.888664][ T6239] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1045.004906][T11656] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1045.012120][T11656] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1045.877508][T14477] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1046.129442][ T6876] libceph: connect (1)[c::]:6789 error -101
[ 1046.136325][ T6876] libceph: mon0 (1)[c::]:6789 connect error
[ 1046.418535][T14889] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[ 1046.705743][ T6876] libceph: connect (1)[c::]:6789 error -101
[ 1046.712435][ T6876] libceph: mon0 (1)[c::]:6789 connect error
[ 1046.843940][T14878] ceph: No mds server is up or the cluster is laggy
[ 1047.402276][    C0] ==================================================================
[ 1047.410414][    C0] BUG: KASAN: slab-use-after-free in flush_tlb_func+0x23d/0x6c0
[ 1047.418168][    C0] Write of size 8 at addr ffff88807eebd540 by task pool_workqueue_/3
[ 1047.426325][    C0] 
[ 1047.428673][    C0] CPU: 0 UID: 0 PID: 3 Comm: pool_workqueue_ Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[ 1047.428695][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1047.428712][    C0] Call Trace:
[ 1047.428719][    C0]  <IRQ>
[ 1047.428726][    C0]  dump_stack_lvl+0x189/0x250
[ 1047.428754][    C0]  ? __virt_addr_valid+0x1c8/0x5c0
[ 1047.428769][    C0]  ? rcu_is_watching+0x15/0xb0
[ 1047.428790][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1047.428813][    C0]  ? rcu_is_watching+0x15/0xb0
[ 1047.428833][    C0]  ? lock_release+0x4b/0x3e0
[ 1047.428854][    C0]  ? __virt_addr_valid+0x1c8/0x5c0
[ 1047.428868][    C0]  ? __virt_addr_valid+0x4a5/0x5c0
[ 1047.428882][    C0]  print_report+0xd2/0x2b0
[ 1047.428903][    C0]  ? flush_tlb_func+0x23d/0x6c0
[ 1047.428917][    C0]  kasan_report+0x118/0x150
[ 1047.428932][    C0]  ? flush_tlb_func+0x23d/0x6c0
[ 1047.428950][    C0]  kasan_check_range+0x2b0/0x2c0
[ 1047.428972][    C0]  flush_tlb_func+0x23d/0x6c0
[ 1047.428991][    C0]  ? __pfx_flush_tlb_func+0x10/0x10
[ 1047.429004][    C0]  ? sched_clock_cpu+0x74/0x430
[ 1047.429027][    C0]  ? rcu_is_watching+0x15/0xb0
[ 1047.429048][    C0]  ? __pfx_flush_tlb_func+0x10/0x10
[ 1047.429063][    C0]  __flush_smp_call_function_queue+0x370/0xaa0
[ 1047.429087][    C0]  ? __pfx_flush_tlb_func+0x10/0x10
[ 1047.429103][    C0]  __sysvec_call_function_single+0xa8/0x3d0
[ 1047.429121][    C0]  sysvec_call_function_single+0x9e/0xc0
[ 1047.429145][    C0]  </IRQ>
[ 1047.429150][    C0]  <TASK>
[ 1047.429157][    C0]  asm_sysvec_call_function_single+0x1a/0x20
[ 1047.429178][    C0] RIP: 0010:preempt_schedule_irq+0xb0/0x150
[ 1047.429206][    C0] Code: 24 20 f6 44 24 21 02 74 0c 90 0f 0b 48 f7 03 08 00 00 00 74 64 bf 01 00 00 00 e8 2b ac 1f f6 e8 56 dd 56 f6 fb bf 01 00 00 00 <e8> 1b ab ff ff 48 c7 44 24 40 00 00 00 00 9c 8f 44 24 40 8b 44 24
[ 1047.429221][    C0] RSP: 0018:ffffc90000087aa0 EFLAGS: 00000286
[ 1047.429239][    C0] RAX: b498d4fe0084da00 RBX: 0000000000000000 RCX: b498d4fe0084da00
[ 1047.429251][    C0] RDX: 0000000000000000 RSI: ffffffff8d993fd3 RDI: 0000000000000001
[ 1047.429262][    C0] RBP: ffffc90000087b40 R08: ffffffff8fa17c37 R09: 1ffffffff1f42f86
[ 1047.429275][    C0] R10: dffffc0000000000 R11: fffffbfff1f42f87 R12: 0000000000000000
[ 1047.429287][    C0] R13: 0000000000000000 R14: dffffc0000000000 R15: 1ffff92000010f54
[ 1047.429307][    C0]  ? __pfx_preempt_schedule_irq+0x10/0x10
[ 1047.429335][    C0]  ? rcu_irq_exit_check_preempt+0xdf/0x210
[ 1047.429357][    C0]  irqentry_exit+0x6f/0x90
[ 1047.429371][    C0]  asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1047.429388][    C0] RIP: 0010:lockdep_unregister_key+0x2c5/0x310
[ 1047.429409][    C0] Code: 65 48 8b 05 1d 73 02 11 48 3b 44 24 10 0f 84 26 fe ff ff e8 ed a1 d1 09 e8 18 a3 d1 09 41 f7 c7 00 02 00 00 74 bd fb 40 84 ed <75> bc eb cd 90 0f 0b 90 e9 19 ff ff ff 90 0f 0b 90 e9 2a ff ff ff
[ 1047.429422][    C0] RSP: 0018:ffffc90000087c00 EFLAGS: 00000202
[ 1047.429436][    C0] RAX: b498d4fe0084da00 RBX: 0000000000000001 RCX: b498d4fe0084da00
[ 1047.429448][    C0] RDX: ffffffff9363e358 RSI: ffffffff8d9a7920 RDI: ffffffff8be326c0
[ 1047.429460][    C0] RBP: ffff888032cec901 R08: 0000000000000000 R09: ffffffff81aaae18
[ 1047.429471][    C0] R10: dffffc0000000000 R11: fffffbfff1f42f87 R12: 0000000000000000
[ 1047.429483][    C0] R13: 0000000000001000 R14: 0000000000000001 R15: 0000000000000a02
[ 1047.429496][    C0]  ? __is_module_percpu_address+0x28/0x3f0
[ 1047.429527][    C0]  pwq_release_workfn+0x6d5/0x870
[ 1047.429553][    C0]  kthread_worker_fn+0x507/0xb60
[ 1047.429579][    C0]  ? kthread_worker_fn+0xe4/0xb60
[ 1047.429604][    C0]  ? __pfx_pwq_release_workfn+0x10/0x10
[ 1047.429627][    C0]  kthread+0x70e/0x8a0
[ 1047.429643][    C0]  ? __pfx_kthread_worker_fn+0x10/0x10
[ 1047.429666][    C0]  ? __pfx_kthread+0x10/0x10
[ 1047.429682][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1047.429703][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1047.429726][    C0]  ? __pfx_kthread+0x10/0x10
[ 1047.429741][    C0]  ret_from_fork+0x3fc/0x770
[ 1047.429762][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[ 1047.429785][    C0]  ? __switch_to_asm+0x39/0x70
[ 1047.429799][    C0]  ? __switch_to_asm+0x33/0x70
[ 1047.429814][    C0]  ? __pfx_kthread+0x10/0x10
[ 1047.429829][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1047.429851][    C0]  </TASK>
[ 1047.429856][    C0] 
[ 1047.833050][    C0] Allocated by task 5839:
[ 1047.837389][    C0]  kasan_save_track+0x3e/0x80
[ 1047.842081][    C0]  __kasan_slab_alloc+0x6c/0x80
[ 1047.846942][    C0]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[ 1047.852409][    C0]  copy_mm+0xdb/0x4b0
[ 1047.856401][    C0]  copy_process+0x1706/0x3c00
[ 1047.861086][    C0]  kernel_clone+0x21e/0x870
[ 1047.865597][    C0]  __x64_sys_clone+0x18b/0x1e0
[ 1047.870373][    C0]  do_syscall_64+0xfa/0x3b0
[ 1047.874880][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1047.880793][    C0] 
[ 1047.883121][    C0] Freed by task 14884:
[ 1047.887193][    C0]  kasan_save_track+0x3e/0x80
[ 1047.891929][    C0]  kasan_save_free_info+0x46/0x50
[ 1047.896967][    C0]  __kasan_slab_free+0x62/0x70
[ 1047.901739][    C0]  kmem_cache_free+0x18f/0x400
[ 1047.906521][    C0]  exit_mm+0x1da/0x2c0
[ 1047.910687][    C0]  do_exit+0x648/0x2300
[ 1047.914848][    C0]  do_group_exit+0x21c/0x2d0
[ 1047.919450][    C0]  __x64_sys_exit_group+0x3f/0x40
[ 1047.924484][    C0]  x64_sys_call+0x21f7/0x2200
[ 1047.929174][    C0]  do_syscall_64+0xfa/0x3b0
[ 1047.933684][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1047.939581][    C0] 
[ 1047.941912][    C0] The buggy address belongs to the object at ffff88807eebcb40
[ 1047.941912][    C0]  which belongs to the cache mm_struct of size 2584
[ 1047.955889][    C0] The buggy address is located 2560 bytes inside of
[ 1047.955889][    C0]  freed 2584-byte region [ffff88807eebcb40, ffff88807eebd558)
[ 1047.969868][    C0] 
[ 1047.972199][    C0] The buggy address belongs to the physical page:
[ 1047.978616][    C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7eeb8
[ 1047.987398][    C0] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1047.995915][    C0] memcg:ffff888033f9b681
[ 1048.000160][    C0] ksm flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 1048.008063][    C0] page_type: f5(slab)
[ 1048.012051][    C0] raw: 00fff00000000040 ffff88801a44bb40 ffffea00019b8800 dead000000000003
[ 1048.020653][    C0] raw: 0000000000000000 00000000800b000b 00000000f5000000 ffff888033f9b681
[ 1048.029254][    C0] head: 00fff00000000040 ffff88801a44bb40 ffffea00019b8800 dead000000000003
[ 1048.037942][    C0] head: 0000000000000000 00000000800b000b 00000000f5000000 ffff888033f9b681
[ 1048.046627][    C0] head: 00fff00000000003 ffffea0001fbae01 00000000ffffffff 00000000ffffffff
[ 1048.055303][    C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 1048.063970][    C0] page dumped because: kasan: bad access detected
[ 1048.070396][    C0] page_owner tracks the page as allocated
[ 1048.076133][    C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5616, tgid 5616 (dhcpcd-run-hook), ts 57185885238, free_ts 57110348631
[ 1048.097886][    C0]  post_alloc_hook+0x240/0x2a0
[ 1048.102692][    C0]  get_page_from_freelist+0x21e4/0x22c0
[ 1048.108266][    C0]  __alloc_frozen_pages_noprof+0x181/0x370
[ 1048.114077][    C0]  alloc_pages_mpol+0x232/0x4a0
[ 1048.118957][    C0]  allocate_slab+0x8a/0x370
[ 1048.123462][    C0]  ___slab_alloc+0xbeb/0x1410
[ 1048.128165][    C0]  kmem_cache_alloc_noprof+0x283/0x3c0
[ 1048.133638][    C0]  mm_alloc+0x23/0xd0
[ 1048.137634][    C0]  alloc_bprm+0x378/0x5b0
[ 1048.141971][    C0]  do_execveat_common+0x1b3/0x6a0
[ 1048.147006][    C0]  __x64_sys_execve+0x94/0xb0
[ 1048.151706][    C0]  do_syscall_64+0xfa/0x3b0
[ 1048.156219][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1048.162120][    C0] page last free pid 5612 tgid 5612 stack trace:
[ 1048.168450][    C0]  __free_frozen_pages+0xb80/0xd80
[ 1048.173565][    C0]  __put_partials+0x156/0x1a0
[ 1048.178250][    C0]  put_cpu_partial+0x17c/0x250
[ 1048.183068][    C0]  __slab_free+0x2d5/0x3c0
[ 1048.187509][    C0]  qlist_free_all+0x97/0x140
[ 1048.192151][    C0]  kasan_quarantine_reduce+0x148/0x160
[ 1048.197648][    C0]  __kasan_slab_alloc+0x22/0x80
[ 1048.202525][    C0]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[ 1048.208022][    C0]  getname_flags+0xb8/0x540
[ 1048.212536][    C0]  vfs_fstatat+0x43/0x170
[ 1048.216874][    C0]  __x64_sys_newfstatat+0x116/0x190
[ 1048.222084][    C0]  do_syscall_64+0xfa/0x3b0
[ 1048.226600][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1048.232498][    C0] 
[ 1048.234833][    C0] Memory state around the buggy address:
[ 1048.240467][    C0]  ffff88807eebd400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1048.248533][    C0]  ffff88807eebd480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1048.256596][    C0] >ffff88807eebd500: fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc
[ 1048.264656][    C0]                                            ^
[ 1048.270828][    C0]  ffff88807eebd580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1048.278985][    C0]  ffff88807eebd600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1048.287058][    C0] ==================================================================
[ 1048.295165][    C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1048.302389][    C0] CPU: 0 UID: 0 PID: 3 Comm: pool_workqueue_ Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[ 1048.314038][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1048.324294][    C0] Call Trace:
[ 1048.327598][    C0]  <IRQ>
[ 1048.330470][    C0]  dump_stack_lvl+0x99/0x250
[ 1048.335199][    C0]  ? __asan_memcpy+0x40/0x70
[ 1048.339818][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1048.345031][    C0]  ? __pfx__printk+0x10/0x10
[ 1048.349717][    C0]  panic+0x2db/0x790
[ 1048.353628][    C0]  ? __pfx_panic+0x10/0x10
[ 1048.358059][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1048.363966][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1048.370305][    C0]  ? print_memory_metadata+0x314/0x400
[ 1048.375779][    C0]  ? flush_tlb_func+0x23d/0x6c0
[ 1048.380635][    C0]  check_panic_on_warn+0x89/0xb0
[ 1048.385580][    C0]  ? flush_tlb_func+0x23d/0x6c0
[ 1048.390446][    C0]  end_report+0x78/0x160
[ 1048.394733][    C0]  kasan_report+0x129/0x150
[ 1048.399247][    C0]  ? flush_tlb_func+0x23d/0x6c0
[ 1048.404106][    C0]  kasan_check_range+0x2b0/0x2c0
[ 1048.409056][    C0]  flush_tlb_func+0x23d/0x6c0
[ 1048.413753][    C0]  ? __pfx_flush_tlb_func+0x10/0x10
[ 1048.418974][    C0]  ? sched_clock_cpu+0x74/0x430
[ 1048.423852][    C0]  ? rcu_is_watching+0x15/0xb0
[ 1048.428629][    C0]  ? __pfx_flush_tlb_func+0x10/0x10
[ 1048.433855][    C0]  __flush_smp_call_function_queue+0x370/0xaa0
[ 1048.440025][    C0]  ? __pfx_flush_tlb_func+0x10/0x10
[ 1048.445235][    C0]  __sysvec_call_function_single+0xa8/0x3d0
[ 1048.451150][    C0]  sysvec_call_function_single+0x9e/0xc0
[ 1048.456815][    C0]  </IRQ>
[ 1048.459758][    C0]  <TASK>
[ 1048.462695][    C0]  asm_sysvec_call_function_single+0x1a/0x20
[ 1048.468678][    C0] RIP: 0010:preempt_schedule_irq+0xb0/0x150
[ 1048.474600][    C0] Code: 24 20 f6 44 24 21 02 74 0c 90 0f 0b 48 f7 03 08 00 00 00 74 64 bf 01 00 00 00 e8 2b ac 1f f6 e8 56 dd 56 f6 fb bf 01 00 00 00 <e8> 1b ab ff ff 48 c7 44 24 40 00 00 00 00 9c 8f 44 24 40 8b 44 24
[ 1048.494216][    C0] RSP: 0018:ffffc90000087aa0 EFLAGS: 00000286
[ 1048.500312][    C0] RAX: b498d4fe0084da00 RBX: 0000000000000000 RCX: b498d4fe0084da00
[ 1048.508296][    C0] RDX: 0000000000000000 RSI: ffffffff8d993fd3 RDI: 0000000000000001
[ 1048.516271][    C0] RBP: ffffc90000087b40 R08: ffffffff8fa17c37 R09: 1ffffffff1f42f86
[ 1048.524264][    C0] R10: dffffc0000000000 R11: fffffbfff1f42f87 R12: 0000000000000000
[ 1048.532253][    C0] R13: 0000000000000000 R14: dffffc0000000000 R15: 1ffff92000010f54
[ 1048.540256][    C0]  ? __pfx_preempt_schedule_irq+0x10/0x10
[ 1048.546009][    C0]  ? rcu_irq_exit_check_preempt+0xdf/0x210
[ 1048.551867][    C0]  irqentry_exit+0x6f/0x90
[ 1048.556291][    C0]  asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1048.561756][    C0] RIP: 0010:lockdep_unregister_key+0x2c5/0x310
[ 1048.567948][    C0] Code: 65 48 8b 05 1d 73 02 11 48 3b 44 24 10 0f 84 26 fe ff ff e8 ed a1 d1 09 e8 18 a3 d1 09 41 f7 c7 00 02 00 00 74 bd fb 40 84 ed <75> bc eb cd 90 0f 0b 90 e9 19 ff ff ff 90 0f 0b 90 e9 2a ff ff ff
[ 1048.587581][    C0] RSP: 0018:ffffc90000087c00 EFLAGS: 00000202
[ 1048.593662][    C0] RAX: b498d4fe0084da00 RBX: 0000000000000001 RCX: b498d4fe0084da00
[ 1048.601657][    C0] RDX: ffffffff9363e358 RSI: ffffffff8d9a7920 RDI: ffffffff8be326c0
[ 1048.609649][    C0] RBP: ffff888032cec901 R08: 0000000000000000 R09: ffffffff81aaae18
[ 1048.617648][    C0] R10: dffffc0000000000 R11: fffffbfff1f42f87 R12: 0000000000000000
[ 1048.625648][    C0] R13: 0000000000001000 R14: 0000000000000001 R15: 0000000000000a02
[ 1048.633636][    C0]  ? __is_module_percpu_address+0x28/0x3f0
[ 1048.639486][    C0]  pwq_release_workfn+0x6d5/0x870
[ 1048.644528][    C0]  kthread_worker_fn+0x507/0xb60
[ 1048.649482][    C0]  ? kthread_worker_fn+0xe4/0xb60
[ 1048.654522][    C0]  ? __pfx_pwq_release_workfn+0x10/0x10
[ 1048.660081][    C0]  kthread+0x70e/0x8a0
[ 1048.664161][    C0]  ? __pfx_kthread_worker_fn+0x10/0x10
[ 1048.669635][    C0]  ? __pfx_kthread+0x10/0x10
[ 1048.674230][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1048.679460][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1048.684691][    C0]  ? __pfx_kthread+0x10/0x10
[ 1048.689314][    C0]  ret_from_fork+0x3fc/0x770
[ 1048.693932][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[ 1048.699078][    C0]  ? __switch_to_asm+0x39/0x70
[ 1048.703856][    C0]  ? __switch_to_asm+0x33/0x70
[ 1048.708630][    C0]  ? __pfx_kthread+0x10/0x10
[ 1048.713228][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1048.718001][    C0]  </TASK>
[ 1048.721352][    C0] Kernel Offset: disabled
[ 1048.725677][    C0] Rebooting in 86400 seconds..