last executing test programs:

16.367938889s ago: executing program 4 (id=118):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000005600)='./file0\x00', 0x0, &(0x7f0000000040)={[{@noacl}]}, 0x1, 0x5599, &(0x7f0000005680)="$eJzs3X1oVecdB/BzTaKhFpPV1alY6RSqdGVTW5DNUeNLZjvfkhq0NTXGaWudrViZW9qJCwliOi2NSh2jrjhkRVtWApO+iFPXoUM2psikszLnim44ahZ1gh2Tjdx7n+u955rk1nVNXz6fknvuc3/nec5zD+eP+731OTcCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAKIoSm289OevImvqxM8fNeeA/j7y669ljk5aNPnL25/N3TCuqWv1U3fSGlrq5UzqaKxfPP3p1/aEoSqT6pfsvnHzfA4/OWTizNAxYX53alpd3ecjk4+lUo2/Oi539cv8WRVFUEhugKL2tLMpqJ+IHiFblD9it6k1X3lxWM/XtxssXJg6vHbU3/63TqbS3J9Bb0tfVmWvXUkXysU9sj0w769JL5Fyiqf7xC+4jeRMAwAcypiq5yXwcTX/EzbQb4/VYuyLWbo21wyeE1uzGjUiN27ered4er/fSPCtSUaFfl/OM1dPnP9OuivePtWNR4wPMM3fXdKQp7WqeK2P13ponAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMfJu5PmXZgy/cXLfSfV7hiy4a+z+mxcv+9UbfVLd+2sPrHujf61ddMbWurmTulorlw8/+jV9YeiqDzZL5Hqnnhj08Kn+tbNfHDzQ2srZ0w49FpRetywLc7aOfpjePLVsij6VlblTBj23IAoqsotJJvRj/MLy5JP7g8FAAAAPk2GJB/7ZNqpOFiS004k02Qi+V+QCovVm668uaxm6tuNly9MHF47au+Nj1fVxXgV1x0v0y6/9pfICsYh/sbHu1YPu67KG6d78RHjef7YtHdmnBlRf27rlfNNTWsv7h534K73tkw93/zNd/av6Hf/cyPy8n959/k/nDn5HwAAgP+F/B8fp3s95f+3ZlfOaPvDvT/6/biv/31o9cZ3m/YmVg09vmLkd+ZNPPXa869fzcv/t+ccMi//hxmH/N8nurH8DwAAAB9n/+/8X5E3Tvd6yv/PHDwxdM+ogzWN0furyv6VOLhk36nnvtZ8ec29216oPDvrsf55+X9MYfm/OHva4cXfhQkvL4uiMYWfVAAAACBH+P/u175aCHk99c1BPK+/PP7FnRdLZxYvKf7yrl3bnl5TevcdA5fWLn5l9EtDnjg8/9nVefm/orD8X/LRvF0AAACgAIs23L100D/mjd+2pH32rVePVg66Z/vRO25un7G6Zv2kFbec/kpe/q8qLP/36523AwAAAFzHsfmPLFrxt9071v16xOQxpe9PGTn7e3WX9hwe++9RNR0vjP/GW3n5v76w/H9Tepte+ZDqdCj8K4QtZVFU2vlkZarwm6h1YqYAAAAAfEhCTm/44eylDZuf2fbPizV3vtJ8y8utf374C+V3bpz2s+9vOT63adO+vPy/svv7/4c7HYT1/zn3/8tb/59VSN31b4IbAwAAAPBZlL+eP9weP/XLBV39/n6h6/8fe3r4o1u/+5Olv7itfHfitpNPfumJ5ocrfzpwYHvL6JHNRYNL8vJ/Y2H5vyh7+2H+/h8AAADcgE/a7/89lDdO93q6//+0BesOL2gf+/kDLe3Pjxn02znFDy7Y+af2m/c/Oax9/7nzLcPy8n9rYfk/bPtnv70D4fw0l0XR4M4n6bsJ7grTXR4rtJVkFVInPtZjTuiRLrT1yyokrYz1GFcWRV/sfNIYK3wuFFpjhY4B6cL2WOFIKKSvh0zh1VjhQLjStg5ITzdeeD0U0gss2sIKiv6ZJRGxHpe66tFZuG6Pk5mDAwAAfKaE8JzOsiW5zSgeZdsSPe1wU0879Olph6KediiO7RDfsavXo/rcQnj9L6dXv/f48l/WTmi4Z+7kPcOOP37f2bE/+PbaX83uv6XxxKUpTXn5f3th+T+cir6pTVfr/6Ow/j/9u4aZ9f/1oVAeK7SFQlX8jgFV4RipsLshHKO8Kt2jY3CmAAAAAJ9q4XuBol6eBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBf9u49Sq6qThTw7nd30uk0OI6AykSdJEZMdydBlICLPERUjHQYZFTGPEg65NEkIQ8kwYWBsBwUdQLBxDvDXQS4WYCixDgEERgSlcC9RHnNMAzyFLiBUSFc3nCZ3NV9aleqzulKV0wa0tzv+6NrV/3289Sja59zah8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPj/w+BDv7LgilOeuWnkC3936imNC59+bsxlB3/kiPqb5h48/PUtd8+6fcrxZ10w5eSJO1YeO+Mrd7/591tDaO8uV5EUr/j5RVOX1U6Z9KWLv3zOsZ8/auum2ly9uXgY2PWnMnfn/Njqk4NCuKEihOp0YGRjEqjJ3W+M9b2vMYQDwq5AvkTHgKREuuFwW0MI68KuQL6qGxtCaCwInHTvL2/9blfikoYQhoYQ6tJtPFyXtNGQDgyrTQID0oEF1UnglZ2JfODnlUkA9lp8M+Rf9BvaizM091yuxOuvZp917O2VHl5VTDSXzven8X3cqQK16Qfa9+ppy1RHn8i8PTZ7t/WDd1tmO6/ytBV+kcp9Q9m5K1QXKmd2zJq+tHNJfKQytLRUlaqpj57nh5//+ow9Sfeb12HsQPM+eR1W7dh+59mNn7pu9aD1r64ce+WWve3mQwWbtDDd1+pC7jXXb57HaJzPk37w9st8SxriS1cI4V9vqNv26hcuf/nTa7ZcPem8v13zzIjTW9veuO+F6yctWLXg+v/+i8z8v3n38//4co63lUW5Y6tvNCVz8/hIY0w815TMzQEAAKDf6A97Tac+NOvF4b/5xD9PvvHR7YOO/5tFqw/+de2Wdz34VOX4Z285ecT81zLz/yHlHf+Ph/wbC0e7OYRx3YmVg0M4qPvxJHBN7M6pg0P4QHeqvTgwPhXYHMLB3YkR+apSJepjiSGpwPamXGBcKrA1BtpTgfUxsCoVOD8GNqQCM2JgcyowIQbCnOJxfKQpN46yAw0xMC3ZiBviWQgvNMXWUtvqd/mqAAAA9pHc7LCm+G7BuQ57myFOLzc09JYhnoFdMkNdqob0DDY/rSpZQ3VvNVT2VkN+3Ct2P/xMzRW91Zw5DaOiOMPSb/7h/rFfXDW3euj22sNemnfczN8d8/41O1s++uPanT8cd9fahsz8v2338/+6HjpSkTn+H8Lk7r8xd2Uu0pmPT2svygAAAADshdETP/ZPl733l9fdcuLnfzv4jiOv2PjDqbVjv/XK0nt+uGLCudt+dEFm/j+uvPP/4z6RqoLMYVvcDTFvcAhtxYGk2qOygeSo98BcAAAAAPqD/PH4/LHwObnb5BTt9Hw6m799D/PHA//jesw//pC/fmzDf8z99k8nTjli7TmPzd9+1+EfrWn7m+cf/tIF86Z947JvZub/7eWd/z+g+DbpxNbYi9WDQ6gvCNwee9kV6DYkBh47pjiQG//WuAEujFXlTkzIV3VhLDEtBtpSgXWlStydL3FQcSD3ZOUbX5kfx5xciYIAAAAAvOXi7oB4XD6e/3/fgg/PPmpb3aG3rKr46V/uuKZz4vVtNc+M/VXT61/4whNff63xzMz8f9qenf/fPQ/OnN7fOTCE1uoQqtI/DNg2IFkYMAYaK3KJWwYkdVWlqzp3QAhHdw0sXdXjufX/q9NrDN7bkFQVAwd98Ornh3UlrmwIobUwcP8pl3+sK7EkFcg3/sWGEP6qa7Tpxq+vTxqvSTe+tj6EQwsC+apOrQ+hq7HadFW/rMtdxyBd1XV1IbyrIJCv6oi6EJYFAPqp+K90ZuGDi5ctnze9s7NjUR8m4j78hjBrTmdHy4wFnTPrSvRpZqrPRcsYnZsdU8nlkFLiEkWr7lk7tJx0/neCbYV9ye3Hz5w4mLsfvwvVdI9zdE3R3THpIX/4Q9kmQsE3qbdryAMKK9n1JGbqj/lrw8BQv3Rxx6KWs6YvWbJoVPK33Oyjk79xUMm2GpXeVgN66tt+8PIYXlhJ65LTF7YuXrZ85JzTp5/WcVrH/NFtYw5vO3LMqCM+3to1qrbkby9DHd5T1amh7rz8rR/qIdUFlbwVnxoSEhL9LfE/zjj95DuOnPOpE+5d+oGj1oybcPaNh89qXXPb9ZPWT3ts8I9GXZKZ/y/c/fw/furET/7c+gyljv83x8P8yeO7DvNPi4F15R7/by51ND9/YsCQVGBFDKxwmB8AAIB3hrg7Mu52jHutH6q74qrDL3329C2jJn7tzOaRv57wwXEHfvqML99x3H/+3/d/7xN//N+Z+f+K8n7/v4/W/88vXf+5Usv8j4gl2kqt/59e5j+//v+KUuv/p5f5z6//v+5tWP9/aT6Q2iQvWP8fAAB4J3jr1v/vdXn/9AUCMhl6Xd4/fYGATIZel/Ev9wIBe7z+/5PHXPv0B97/TPvPrr/j8ekXn3HOx9fUD9uxrL7l9m//+y9u/MqpgzLz/1Xlzf8t3A8AAAD7j2uPffLfjr3q+7ec3Pjsj2sWzT7/5vNuahz2WsWsjfMnDJh8zez/ysz/15U3/3/r1/8Lpc7/H1Iq0F5qYUDr/wEAANBPlVr/b/tP6i+9sHHHuk0bXv/ske9+/Tt3fOdrry34wQ8+89H3zV48adyEmzPz/w3lzf/jaReVRbljb95oSta0C+k17Z5ryv9kAAAAAPqHytDSUlNm3qKVUcf/+W3GpUB3ly504nE//WT70HffPufaKa3/cN99Ha2H3NnUsH7+zi+d8PTyp05YeWVm/r+5vPl/0e8yqnZsv/Psxk9d98bqQetfXTn2yi27jv8DAAAAfafc/RIAAAAAAAAAAAAAAMDb770Lxoy/t+Xxd1+0evn5zdddcfmbm1q3fPUfL6na/uHZf7hg7uiGzO//w+TucqV+/x+v+xd/X/AXRbljq72v/5e7f9LxP1nWvWThtqYQPlQYmHfevANC7tr8wwsDt351xHu6EuelS9z8yISnuhJT04HPjDzw5a7E0anAtLhI4sHpQLyq4suDUoG4vOJ96UDcHhvSgdpc4FuDknFUpLfVM43JtqpIb6sHG0MYXBDIb6sbGpM2KtIDvCQVyA/wjHQgDvALuUBlulc/GZj0KgYaY9HLBia9AgBgvxW/BdaEWXM6O9riV/h4e0h18W1UtGTZudlqq8psPi5NtuqetUPLSVelv4vuutZ4TajrGsKozNfVwiwV3aPcN7X0sun+osSQe1vtra82XW3pETUkI2qZsaBzZk2vAx/Te5bR1b1mGZWZ7BRmqezepGXUUkZfyhhRmdumjC7H+5WhpaUqlWtsDDaHIr29Isr9vX5Pa/6VekV0+cSXb/rD41ubPn3Ye9pPO/+eyvff+6sDr3jxQ688dN1hm/7bR9b++urM/L+5vPl/XeG4Xs5dDGBFvLLeUYNDmFbmiAAAAOCdb/b8Ry6+4FcXbX+sfdhTC1ovuvWBZT9YXt10zfnHPnjzmS+d8r2pexu/9skTfvvAb3+0cdj4WxaOGfDEWVdedtw9d92xetvxb95w2P8ZOePRzPx/SHnz/7hjLHcoONnbsTle/3/l4BC6L63fnASuicM9dXAIH+hOtccSyQX1PxdLtCWBa+IOkxGxxLT24qrqY2BDKrC9KRfYnApsjYHcXoqrQ25XzkVNIXysOzW5uMTCWKI5FTghBoakAi0x0JYKDIqBcanAHwflAu2pwJ0xEOYUb6ufDcptKwAAgD2Rm2fVFN8N6XnehureMlT0lmFAbxkqe8tQ11uGUqOI9zfGDDWFx+NzGeJDNelaG1K1ZDLEi+Hvcb8yGcLdxTnTBTNN588kaS7OGTN8+x8f/OT0lx6+YemP3hh+4rmf/PH3tm16be4Tp40cPO3VsfNGfPuPmfl/W3nz/wHFt0nrW+P8f9f1/5LA7bF7q+Op40Ni4LFjigO5HQNb42T3wnxV7bkSuUn7hbHEuBgYkgosjIFxqcC0ybnAuvcUB3Iz7XzjK/ONz8mVKAgAAADAWy7uIIi7aeL8/9K/mz353O+0dqyc9dWnps0Y+ukDL33fpcfcNOk3c9cedOCpd14zLzP/H1fe/D+2N7CwsfNjb54cFMINFbt6kw+MbEwCcT9GY/x5/PsaQzigYAdHvkTHgKREbarhcFtD8gv12nRVNzYkawzE+yfd+8tbv9uVuKQhhKEFe1/ybTxcl7TRkA4Mq00CA9KBBdVJIO75yQd+XpkEYK/l9wrGF1TuVJe85p7LlXj9vVOuCZoeXmYfaA/5evrNVV+pSz+Q26eat2dPW6Y6+kTm7bHZu60/vtuavdsKv0jlvqHs3BWqC5UzO2ZNX9q5JD5S+EvWjD56nnv6Jevu0vvgdbjiz+9t7+rSHWhLfXy09Vyu59dhRayuasf2O89u/NR1qwetf3Xl2Cu3lN2NEuIm/cuvjR/2UMHm7Wt1Ifea63efJ+0+T/rjv4EhnrYQwqbnvlF/5okn/tsB/7Rw0/cf/a/mV7/1zTs2blzW1HJz1ZpJF3722sz8v728+X916rbba3FjLh4cwocLNu62uPknDk4+BwsCyafku7KB5JD7E00lPzkBAABgX8vv7sjvL5iTu01OCE/Pk7P52/cwf9xfMa7H/OX2+4TP3/0vf7vid6u/uGX9AxW/+f3GK04YM3XhYwvvu3jiP/+v31/16I2Z+f+03c//61PddPzf8X/6iOP/Pdrfd0XXpx9YsVe7ojPV0Scc/+/R/v5uc/y/R47/O/7fE8f/e+H4f4/296ct8y1poS9dIYSnn/2XC//hgmUnPfTqu4+4+IE/PTjx7IobOv9j+kPPdLzx0Vdm3XpoZv6/sLz5v/X/el60L7/+37RS6/8tLLX+3wrr/wEAAH2qxEJz6XleZvW+TIb06n2ZDL0uENjrEoPW/9vj9f82nFz9+1/P/ffvf+6+pw+vnHr/f46eP++m4UcdM+KqNU+t+NcX2lsy8/8V5c3/48thYGHr/WX9vyGTS1S1KgYWWhgQAACA/VGpHQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8vcaceedL33lh+2G3Lrlt5cnj/3r1qV//7NEH/+zKnZ/YHL7x4vKX7ply/FkXTDl54o6Vx874yt1v/v3WEOZ0l6tIilf8/KKpy2qnTPrSxV8+59jPH7V1U12u3prc7XuLcsdW32gKYV3BI40x8VxT151dgZOO/8my6q7EtqYQPlQYmHfevAO6EuubQhheGLj1qyPe05U4L13i5kcmPNWVmJoOfGbkgS93JY7OBSrS3b10UNLdinR3vzsohMEFgXx35w4qrirfxnG5QGW6jasakzZioDEW/UFj0kYMdMYSc+pDaK0OoSpd1f+sS6qqSlf1i7qkqqp0VefUhXB0CKE6XdUjtUlV1emR31WbVBUDB33w6ueHdSXW1YbQWhi4/5TLP9aVOCMVyDd+Ym0If9X1kkk3vrEmabwm3fglNSEcGkKoTZd4sTopUZsu8Xh1CO8qCOQbn10dwrLAO0L88JlZ+ODiZcvnTe/s7FjUh4naXFsNYdaczo6WGQs6Z9al+lRKRUF657nZeGWZY3/4+a/P6Lpddc/aoeWkq3Plarq7PLqm6O6YfdX7ij7qfezXgMJKdj0fmfpj/towMNQvXdyxqOWs6UuWLBqV/C03++jkb1UummyrUftqW5Xrz91WwwsraV1y+sLWxcuWj5xz+vTTOk7rmD+6bczhbUeOGXXEx1u7RtWW/N0XQ708G6/q46EeUl1QyVvxASAhIdHfEpVFn25t+/u/7MwX/V0drQl13R/QmWlFYZaK7lHui0GP3318Xw46MyXJjGhUZuKQyTK69yxjMpOJXVkakizd3+syk8PCmiq7N2m8XxlaWkr+p2suvlu4+f7Uw+YtV9x05aYBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+H/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCwAAAAAIMzfOoyeDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuBQAAP//CAsM0g==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x36}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0xdddd0000, 0xe, 0xf0, 0x40, 0xfd, 0xd4, 0xd4, 0x0, 0x4, 0x7, 0x7}, {0x5000, 0x2, 0xd, 0x9, 0x8, 0x3, 0x6, 0x8, 0x5, 0xf, 0x3, 0xca}, {0xeeee0000, 0xe6e50002, 0xb, 0x0, 0x2, 0x7, 0x4, 0x1, 0xc, 0x0, 0x6, 0x5}, {0x8000000, 0x3000, 0x8, 0xfc, 0x3, 0x46, 0x2, 0xd, 0x6, 0x3, 0x0, 0x1}, {0x100000, 0x0, 0x9, 0x1, 0x3, 0x9, 0x9, 0x5, 0x5, 0x44, 0xe, 0x4b}, {0x2, 0xd000, 0x0, 0x7, 0x3, 0x6e, 0x1, 0xff, 0x4, 0x80, 0x1, 0xfc}, {0x6000, 0x1000, 0xf, 0x9d, 0x3, 0x0, 0x0, 0xb, 0x5, 0x7, 0x0, 0xf8}, {0xffff1000, 0x8000000, 0xd, 0x5, 0x3, 0x3, 0xa, 0x9, 0x54, 0x6, 0x2, 0x7}, {0xeeee8000, 0x5}, {0x2, 0x9}, 0x40010000, 0x0, 0xf000, 0x300, 0x5, 0x0, 0xe6e70c00, [0xffffffffffffff47, 0x401, 0x5, 0xc5]})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000003008"])

12.988558886s ago: executing program 4 (id=128):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$packet(0x11, 0x3, 0x300)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r3, &(0x7f00000002c0)={0xa, 0x4e24, 0x0, @rand_addr, 0x8000}, 0x1c)
sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0xfdff)

10.764436719s ago: executing program 3 (id=132):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0xffffffffffffff5b, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)={0x4c, r1, 0x1, 0x0, 0x0, {0x3d}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xffffffffffffffc8, 0x82}, {0x5, 0x87}}]}, 0x4c}}, 0x0)
semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000180))
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/pm_print_times', 0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x48c0)

10.619176065s ago: executing program 1 (id=133):
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005938d740109730773396000000010902"], 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f00000010c0)={{0x12, 0x1, 0x110, 0xd3, 0xb7, 0xcc, 0x20, 0x12d1, 0x9f4b, 0x6e52, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x5, 0x0, 0x10, [{{0x9, 0x4, 0x6f, 0xc7, 0x0, 0xff, 0x3, 0x14, 0x5}}]}}]}}, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$FICLONERANGE(r0, 0x4020940d, &(0x7f0000000040)={{r0}, 0x9, 0x7, 0x7fffffffffffffff})
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478ef8ed"])
r1 = openat$kvm(0xffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x10000, 0xb0, 0x4002004c4, 0x1000, 0x0, 0x0, 0x0, 0x5, 0x0, 0x9, 0x0, 0x7], 0xeeee8000, 0x2113c0})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

10.618308783s ago: executing program 2 (id=134):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='freezer.self_freezing\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
waitid(0x0, 0x0, 0x0, 0x80000000, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3)

9.206960919s ago: executing program 2 (id=135):
bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8)
socket$xdp(0x2c, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r2 = gettid()
process_vm_writev(r2, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000f80)=ANY=[@ANYBLOB="9feb01001800000000000000340000003400000004000000010000000000000c00000000020000000100000f01000000677af8cd4c2590840300000000000000000000000f030000000eeb3100612e"], 0x0, 0x50, 0x0, 0x1}, 0x28)

9.127312435s ago: executing program 4 (id=136):
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
pipe2(0x0, 0x0)
pipe2(0x0, 0x0)
tee(0xffffffffffffffff, 0xffffffffffffffff, 0x60000000000, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$rds(r0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x0, @private=0xa010100}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x1a000}, &(0x7f0000000300)=[{&(0x7f0000002640)=""/102389, 0x18ff5}], 0x1, 0x1903d}}], 0x48}, 0x0)

8.997066163s ago: executing program 3 (id=137):
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
connect$inet6(r1, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x3e)
write$binfmt_script(r1, &(0x7f0000000200), 0xfffffd9d)

8.258076344s ago: executing program 3 (id=139):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ftruncate(0xffffffffffffffff, 0x2007ffc)
r1 = syz_open_dev$sndpcmc(&(0x7f0000000540), 0x1, 0x2000)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x3, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="660a000000000000611165000000000085000000d100000095"], &(0x7f0000000100)='GPL\x00'}, 0x94)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x2, 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_DROP(r1, 0x4143, 0x0)
r3 = getpid()
r4 = syz_pidfd_open(r3, 0x0)
setns(r4, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x17, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000791200000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0xce22, 0x0, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}}, 0x1c)

7.152735196s ago: executing program 3 (id=141):
socket(0x10, 0x803, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff)
syz_read_part_table(0x1070, &(0x7f0000000000)="$eJzs0LFNQzEUBdDrJN/kNygjZAYqdmANOpZgBJqUzMEYDITEQzZRFIkWKc05heVrv2dbDje1Lj3ZnMNddpd5kt1V3Tb98fvjPoe53i/t2Sd5+kxq9I9Q9fKWHNNy2n5VVdLa67n8fZ40LfntWdaR+sz7VK0Pp8Pcvr49bQybP+96Pv7zdwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADATfwEAAD//3plEeI=")
io_uring_register$IORING_REGISTER_BUFFERS2(0xffffffffffffffff, 0x14, &(0x7f0000003480)={0x3, 0x0, 0x4, &(0x7f00000001c0)=[{0x0}, {0x0}, {0x0}], 0x0}, 0x20)
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(0xffffffffffffffff, 0x13, &(0x7f0000002640)=[0x4, 0x55db2314], 0x2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_DAEMON(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000009000000440003800800010002000000140002007663616e300000000000000000000000080003000000000014000600ff"], 0x58}}, 0x0)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)={0x114, 0x2d, 0x1, 0x0, 0x25dfdbfc, "", [@nested={0x104, 0xf2, 0x0, 0x1, [@typed={0xc, 0x18, 0x0, 0x0, @u64=0xfac04}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x36}}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82", @typed={0x4, 0xe9}]}]}, 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0)

6.533013428s ago: executing program 2 (id=142):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
msgsnd(0x0, 0x0, 0x8, 0x800)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
request_key(&(0x7f0000000040)='id_legacy\x00', &(0x7f00000000c0)={'syz', 0x0}, &(0x7f0000000080)='].\x00', 0x0)

5.33514423s ago: executing program 0 (id=144):
mprotect(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f0000000e80), 0x0, 0x0)
socket$inet6(0xa, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000940)=ANY=[@ANYBLOB="e80100000001050500000000000000000a0000003c0002802c00018014000300ff01000000000000000000000000000114000400ff0200000000000000000000000000010c00028005000100000000003c0001800c00028005000100000000002c00018014000300ff020d40f799000000000000000000011400040020010000000000000000000000000001080007400000000010000d800c000380060002004e210000080007400000000da800068004000380080002006401010124000380060001004e230000060001004e230000060001004e210000060002004e24000008000200e0000002340003ec060002004e230000060002004e240000060001004e200000060002004e200000060002004e230000060001004e200000340004000000000000000000000000000000000008000200ac1414aa140005000000000000000000000000000000000008000100e000000284000e801400018008000100ac141409080002000a0101010600034000000000060003400001000006000340000300000c000280050001009f000000"], 0x1e8}}, 0x0)

5.3341572s ago: executing program 2 (id=145):
r0 = socket(0x10, 0x3, 0x9)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x25dfdbfc, 0x80}, 0xc)
timerfd_settime(0xffffffffffffffff, 0x2, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f0000000380)})
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYBLOB="0000000000000000b703000000030000850000001b000000b700000000"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$RDMA_NLDEV_CMD_SYS_GET(r0, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x28, 0x1406, 0x700, 0x70bd2c, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x28}}, 0x800)

5.295572818s ago: executing program 1 (id=146):
open(0x0, 0x108843, 0x98)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0)={[{@grpquota}, {@nogrpid}, {@quota}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi0\x00', 0x8080, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = socket$isdn_base(0x22, 0x3, 0x0)
dup3(r0, r2, 0x80000)

4.806598328s ago: executing program 3 (id=147):
syz_mount_image$minix(&(0x7f0000000140), &(0x7f0000000040)='./file0\x00', 0x804008, &(0x7f0000000100)=ANY=[], 0x5a, 0x212, &(0x7f0000000440)="$eJzs3D1v00Acx/Gf40BIQTyKBzFVQkIsJNBWqrLRhY03gMRQtaGqcKE0LI2QoG+CnZWJl8A7YWVoBzYmDp19AcdJ8cUhcYS/H6mNY9/P/3Pbs32NEgGorEfx90Bn3HNjzLtlSU+fSKqV2jUAM2bc408DoHpChj5QUScbYXz9/xJIX7+/3Tp2X+c87x9ONpJJgp0/HKfyzdMCzzL5oyB+vF0fzi9JOj8Sro/ev3xM8ncz9S/49t/VX8rkG9755Pjv3RnOX5R0SdJlSVckXZV0TYp3e11uQ6r+dqb+rWTzkWc3AAAAAAD4Kzv7bA2e+E76s/mWT8sHY9fa2fPz3ag7fquHWpJ/6NV49ADPuvorBcsP8quZPuVyL7g2XL619SraLtgHoKhaevznGxlA/uNfY/+dFU45/utx/kPBNFBtvcP+i80o6h7MbUGaNGUvlcWLNgcL33Ibf7IL+pG8MjL7n8bgZGrXLPukAtd4br8v5bd5n9OmqYOe8djP3BdeP07u3mZQwl6U0mv60+4wyI7T+tAg+pz6Q4oiE/b2/8Fx2R2a8PeJIizj7ARgltpv9vbbvcP+/d29zZ3uTvfl2nqns762utJpx7fl7akm5wAW2Z+Lftk9AQAAAAAAAAAAAAAARd2QdHPy2Kkf7wEAAABgcU3+xqDGxG8nKvsYAQAAAAAAAAAAAAD43/0KAAD//3hpPUA=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
write$nbd(r0, &(0x7f0000000000)={0x67446698, 0x1, 0x0, 0x3, 0x2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
vmsplice(r2, 0x0, 0x0, 0x4)
pwrite64(r0, &(0x7f0000000140)='2', 0xfdef, 0x8000c61)

4.428039135s ago: executing program 2 (id=148):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f0000000040)={0x8, 0x1, 0x1})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_netfilter(r0, 0x0, 0x40400)

4.37152937s ago: executing program 0 (id=149):
r0 = socket$inet(0x2, 0x2, 0x1)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000"], 0x1c)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000940)=ANY=[@ANYBLOB="b4050000200080066110000000000000c6000000000000009500d800000000009f33ef60916e55893f1eeb0b2ae13d922e6235592ce847e2566c43d72918a897323fd0723043c47c896ce0bce66a245ad9d6817fd98cd824498949714ffaac8a6f77ef0000ca5d82054d54d53cd2b6db714e75d9bdae214fa68a0557eb2c5ca683a4b6fcfcff0bffffffffffd47042eaebfa6fa26fa7a347c7faa8e700458c60897d4a6148a1c11428427c40de60beacf871ab5c2ff88a02084e5b5271e45f00003826fb8579c1fb01d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0c20cdbe7009a6fe7cc78762f1d4dcdbca64920db9a50f86c21632f7a4bd344e0bd74ff05d37ef68e3b9db863c758ffffffffabe90ac5d08dd9d4e0359c41cf3626e1230bc1cd4c02c460ceb44276e9bd94d1c2e6d17dc5c2edf332a62f5fe68fbbbbfcfd00000000000fbf940e6652d357474ed5f816f66ac3027460ae66317f83cdd7a7eb2a7003d1a6cf5478533584961c329fcf5a43e05c92bfef0dcd28000000003f2915a3039c9a78f63b8ec7e60a0000fed7d67c440e23d130e51eea1e085bebabe7059de9cbfc5117c024185a062acb6b8eec31c21b3af8b9eedb4660ed2deb7acf2a33a376a5cb7d4266d5b0be14488d14b473502486ad8dd600000000000000000000c7766ea7c581782c0d90f42a85303835fc291c25d29e6bead5d7360f2e1929d7736ebc8558c4506407d3046022bdf25485bd5442169e9b4c1278343581b7a06f65e8ea6b042c4fd08381e5000000000000006398d6480000001a723b91030000006480304c66b217aea0156ce9eef911fe5b7370f79987303ecb3aabc53c60014a0101ab766754f596b41da9534d12b8306a1b36cf3b03f0d790879f523eabfbee83d8bd472ef69660cf6ec897106c51e54a17497f384c4956b41f3843e7c878b1e11316d8ddae1c6c3b85aaf7a9fcaf8f5d6186c42542d68ba72682c938d3c0a2e6e10eed71b1d31c9f300b41745329bf34495c63e43fb896e4903fb0fae54a8f0fe3b48a5b29d279070647e65097c8ecf32a15080000000000000001007ba4a70a084bd994ac5e00000000000000000000000000351a30cd97f83d72631d0fe92efa974a53f4dc1eb9a86df632a6d463688123f64d42a919bcfc44a90ffd680200000091f842a91c977f6075d07e39e669b0713af0498a99bf5261cb3269d499a5202d7a08b33ade7b38829b9bd39619688d5e9af22170ef83e5b92cbb32b655c45de1c154aad81bf64351668a3f76d5afa958aff76249e0ffdf8e45155536a1a44bfcbfbfd232af000052f9002a"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=@base={0x12, 0x4, 0x4, 0x12}, 0x50)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB="05"], 0x10)
close(r1)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{r2}, &(0x7f0000000500), &(0x7f0000000540)=r1}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r2}, &(0x7f0000000000), &(0x7f0000000080)=r4}, 0x20)

3.999795025s ago: executing program 1 (id=150):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_mount_image$udf(&(0x7f0000000f00), &(0x7f0000000080)='./file0\x00', 0x102020, &(0x7f00000015c0)=ANY=[], 0xfd, 0xc57, &(0x7f0000002940)="$eJzs3U9sHNd9B/DfGy3FldJUTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIRRzC8AVSakLUyRBUo1spC3TSw89BCiKHnIi0BoFUjQwmiLokWldILn4UORU9EC0sBEUPbBFgJwCFjP7llxSpEVbpERZn49NfXdn3pt5b2Y1QxF88wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAiPjdly+dPpMedisAgAfpyshXT591/weAx8o1//4HAAAAAAAAAAAAAICDLkURT0SK2Suraax631G/3O67fWd0aHj7akdSVfNQVb78qp85e+78l54fvNDNy+3p96m/1z4br45cu9R4aebW7Nzk/PzkRGN0uj0+MzG56y3cb/2tTlYHoHHrtdsTN27MN84+d27T6jsD7/V/7PjAxcFnTj3dLTs6NDw8slGk3lu+dvcejn6Q5uw0wuNwFHEqUjz7vZ+mVkQUcf/Hov5gz/1WR6pOnKw6MTo0XHVkqt2aXihXXu0eiCKi0VOp2T1G25+LqPU90D7srBmxWDa/bPDJsnsjs6251vWpycbV1txCe6E9M301dVpb9qcRRVxIEUsRsdK/ZVtpLfqiiFqk+M6x1XQ9Ig51j8MXq4HBO7ej2N9u3kvZzkZfxFLxCJyzA6w/inglUvzs7RMxnq8z1bXmCxGvlPmDiDfLfDEilR+M8xHvbv0c8ciqRRF/Xp7/i6tpIiKqvzLVdeXy1xpfmb4x01O2e135gPeHu64UD+n+cGRLPhgH/NpUjyJa1RV/NX34b3YAAAAAAAAAAAAAAAAA2GtHoojPRIqX/+0Pq3HFUY1LP3Zx8PcGPt47Zvype2ynLPtcRCwWuxuTezgPDLyarqb0kMcSP87qUcQf5fF/33rYjQEAAAAAAAAAAAAAAAAAAHisFfGTSPHCOyfSUvTOKd6evtm41ro+1ZkVtjv3b3fO9LW1tbVG6mQz51jOxZxLOZdzruSMItfP2cw5lnMx51LO5ZwrOeNQrp+zmXMs52LOpZzLOVdyRi3Xz9nMOZZzMedSzuWcKznjgMzdCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwUVJEEb+IFN/+xmqKFBHNiLHo5HL/w24dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFDqT0V8P1I0fr+5vqwWEan6v+NE+cf5aB4u85PRHCzzxWheytmqstb81kNoP/enLxXx40jRX39r/YTn89/Xebf+MYg3v7nx7rO1Th7qrhx4r/9jx49dHBz+1ad2ep22a8DJy+3p23cao0PDwyM9i2t575/sWTaQ91vsTdeJiPnX33itNTU1OffhX5Qfge6Sw3uxwQP7ItU2enoQ2uPFPr+I2jarPh4RD7thD6LvPAbK+/+7keK33vn37g2/c/+vxy913q3f4ePnf7xx/39h64Z2ef+vba2X7//lPX27+/8TPcteyN+N9NUi6gu3ZvuOR9TnX3/jVPtW6+bkzcnp86dPf3lw8MvnTvcdjqjfaE9N9rzak8MFAAAAAAAAAAAAAAAA8OCkIn4nUrR+vJoaEXGnGq81cHHwmVNPH4pD1XirTeO2Xx25dqnx0syt2bnJ+fnJicbo2rGIicnd7q5eDfcaHRrel87c05G72z/dHp/Zs/Yfqb80M/v6XPvmHyxsu/5o/dL1+YW51vj2q+NIFBHN3iUnqwaPDg1XjZ5qt6arqle3HUz/wfWlIv4zUoyfb6TP52V5/P/WEf6bxv8vbt3QPo3//0TPsnKfKRXx80jxm3/xVHy+aufRuOuY5XJ/EylOXvhcLheHy3LdNnSeK9AZGViW/d9I8Q+/2Fy2Ox7yiY2yZ3Z9YB8R5fk/Fim+/2ffjV/LyzY//2H7839064b26fw/2bPs6MbzCu4aRsqHU57/U5HixSfeil/Py97v+R/dZ2+cyIXXn8+xT+f/Uz3LBvJ+f2Nvug4AAAAAAAAAAPBI60tF/G2k+OFwLT2fl+3m9/8mtm5on37/69M9yyb2Zr6ie76474MKAAAAAAdEXyriJ5Hi5sJb62OoN4//7hn/+dsb4z+H0pa11c/5frl6bsBe/vyv10De79j9dxsAAAAAAAAAAAAAAAAAAAAOlJSKeD7Ppz5Wjeef2HE+9eVI8fJ/P5vLpeNlue488APVn/UrM9OnLk1NzYy3FlrXpyYbI7Ot8cmy7pORYvWvP5frFtX86t355jtzvG/MxT4XKYb/rlu2Mxd7d27yJzfKninLfiJS/Nffb5T9k4j1eaw/tVH2bFn2ryLF1/9p83a7ZY9vlD1Xlv1upPjR1xvdskfLst3no376P1K37HPjM8W+nBcAAAAAAAAAAAAAAAAAAAAeL32piD+NFP9za2l9LH+e/7+v523lzW/2zPe/xZ1qnv+Bav7/nV5vrtvd7PvP/189V2Bxp70CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBHU4oi3ogUs1dW03J/+b6jfrk9ffvO6NDw9tWOpKrmoap8+VU/c/bc+S89P3ihm+9ff699Jl4duXap8dLMrdm5yfn5yYnG6HR7fGZictdbuN/6W52sDkDj1mu3J27cmG+cfe7cptV3Bt7r/9jxgYuDz5x6ult2dGh4eKSnTK3vQ+/9LmmH5YejiL+MFM9+76fph/0RRdz/sbjHZ2e/Hak6cbLqxOjQcNWRqXZreqFcebV7IIqIRk+lZvcY7epcHH4Q/dheM2KxbH7Z4JNl90ZmW3Ot61OTjautuYX2Qntm+mrqtLbsTyOKuJAiliJipf/uzfVFEa9Fiu8cW03/3B9xqHscvnhl5Kunz+7cjmIf+7gLZTsbfRFLxW7PGdvpjyL+MVL87O0T8S/9EbXofMUXIl4p8wcRb0bnfKfyg3E+4t1tPkc8mmpRxP+V5//ianq7v7wedK8rl7/W+Mr0jZmest3ryiN/f3iQDvi1qR5F/Ki64q+mf/X3GgAAAAAAAAAAAAAAAOAAKeJXIsUL75xI1fjg9THF7embjWut61OdYX3dsX/dMdNra2trjdTJZs6xnIs5l3Iu51zJGUWun7NZZn1tbSy/X8y5lHM550rOOJTr52zmHMu5mHMp53LOlZxRy/VzNnOO5VzMuZRzOedKzjggY/cAAAAAAAAAAAAAAAAAAICPlqL6L8W3v7Ga1vo780uPRSeXzQf6kff/AQAA//+cFfZ5")
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[0x5836, 0x5, 0x9, 0xe51, 0xffffffffffffffff, 0x5479, 0x103d, 0x6, 0x0, 0x32a, 0xfffffffffffffffe, 0xffffffff, 0x1, 0x40000000009, 0x5, 0x69], 0x2000, 0x808d6})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0e0000000400000008000000"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000440)={0x5, 0x0, [{0x2, 0x1, 0x1, 0x101, 0xf1fb, 0x7ff, 0x7}, {0x40000000, 0x3, 0x4, 0x6, 0x3, 0x8, 0x200}, {0x80000019, 0x37, 0x1, 0x4, 0x5, 0x9, 0x96f2}, {0x6, 0xb, 0x6, 0x28d5fdcc, 0x8000, 0x8}, {0xd, 0x7, 0x3, 0x6, 0x10, 0x1, 0xe}]})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xd, 0x0, &(0x7f0000000280)="432275e2065074ef2415f73227", 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3.995481277s ago: executing program 0 (id=151):
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4080)
socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0, 0x0, 0x0, 0x0, 0x3}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x66, 0x8}, @initr0, @exit, @alu={0x6, 0x0, 0x3, 0xa, 0x0, 0x2, 0xffffffffffffffff}, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x8}, 0x94)
getpgid(0xffffffffffffffff)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x0, 0x0}], 0x1, 0x40800)
recvmsg(0xffffffffffffffff, 0x0, 0x0)

3.096864131s ago: executing program 0 (id=152):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x8080)
pipe(&(0x7f0000000380))
socket$inet(0x2, 0x4000000000000001, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r2}, 0x10)
syz_io_uring_setup(0x111, &(0x7f0000000340)={0x0, 0x0, 0x2, 0x4}, 0x0, 0x0)
openat$ipvs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0)

3.053257366s ago: executing program 3 (id=153):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000080000000c"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x1, 0x7fff0000}]})
flistxattr(r2, 0x0, 0x0)
timer_delete(0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x0, 0x0})
ioprio_set$pid(0x1, 0x0, 0x4000)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000000407d1ef62c0000000000010902240001000000000904008a0001030002000921000000012207000905"], 0x0)
syz_usb_control_io(r3, &(0x7f0000000400)={0x2c, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00!\a\x00\x00\x00'], 0x0, 0x0, 0x0, 0x0}, 0x0)

3.018244813s ago: executing program 4 (id=154):
openat2$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000140)={0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0100000000000000560000000000000066ba2000b0e2ee"], 0x6e})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x0, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x8000000000000035, 0xfff, 0x0, 0x40180, 0x5, 0x14, 0xf2, 0x3, 0x7fffffffffffe, 0x5, 0x5, 0xc6bd, 0x566, 0x45, 0x5, 0xbdb], 0x1, 0x1c4213})
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2.0545034s ago: executing program 1 (id=155):
setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x1, 0xf0, 0x1, 0x4, 0x6, 0x0, 0x8, 0x7f, 0x5, 0x1, 0x4, 0x8, 0xc, 0x6}, 0xe)
socket$l2tp6(0xa, 0x2, 0x73)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x101000, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x5c, r1, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @mcast2}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @dev={0xfe, 0x80, '\x00', 0x1c}}]}, 0x5c}, 0x1, 0x620b}, 0x0)

970.310652ms ago: executing program 0 (id=156):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00')
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
socket$alg(0x26, 0x5, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000b40))
bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x10, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x48)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70)

949.970204ms ago: executing program 1 (id=157):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = add_key$user(&(0x7f0000000200), &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000002c0)="f5", 0x30, 0xfffffffffffffffe)
r4 = add_key$user(&(0x7f0000000280), &(0x7f0000000440), &(0x7f0000000340)="94c14146f79c29fb4016c9d17e8040b8940ebf9c2db88dbad8af3b5516979a57e80b5f5e73001f8713f6b1c051cb6d08d2d082ac6c01b7e858f2b274a79a870bfa354e6b301c26b9d484ee1c9e28c336d013be7aa5d3edc593293845a375dff3401004440c50360a68b8a16c1f3cfacd9c9b0ee79d30cde69f397089ca03919d41aa483f8891b1c5c038c530f6caf30b1f3c15d4f7c0f7964230aa7199d63b0237f18e5ca8d130516c031f4afacc6576ddacc3ec81898561154adce958145d74", 0xc0, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r3, r4, r3}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)

930.7818ms ago: executing program 4 (id=158):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x400000000000000})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000300)={0x44, 0x0, &(0x7f0000000400)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1, 0x1000000000000, &(0x7f0000000340)="cb"})

910.552228ms ago: executing program 2 (id=159):
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
recvmmsg(r0, &(0x7f0000001740)=[{{0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000400)=""/4096, 0x10c4}], 0x1}}], 0x4000210, 0x2, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[], 0xc4}}, 0x0)
socket$packet(0x11, 0x3, 0x300)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x9, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0)

722.821727ms ago: executing program 4 (id=160):
r0 = open(&(0x7f0000000140)='.\x00', 0x0, 0x103)
fcntl$notify(r0, 0x402, 0x8000003d)
fcntl$setsig(r0, 0xa, 0x21)
mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x0, 0x1000000d)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x1, 0xc32a4cddd557707a)
fallocate(r1, 0x0, 0x0, 0x9000f3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeed, 0x80010, r1, 0x5000)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
mremap(&(0x7f00009d1000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f00002a0000/0x4000)=nil)

702.002745ms ago: executing program 0 (id=161):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r3, 0xc10c5541, &(0x7f0000000080)=0x20)

0s ago: executing program 1 (id=162):
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
connect$inet6(r1, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x3e)
write$binfmt_script(r1, &(0x7f0000000200), 0xfffffd9d)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.188' (ED25519) to the list of known hosts.
[   73.680022][ T5848] cgroup: Unknown subsys name 'net'
[   73.792799][ T5848] cgroup: Unknown subsys name 'cpuset'
[   73.801713][ T5848] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   75.112706][ T5848] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   76.802887][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[   76.809507][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[   78.783524][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   78.800400][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   78.810444][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   78.819180][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   78.837581][ T5865] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   78.845474][ T5865] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   78.881446][ T5861] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   78.897364][ T5861] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   78.920233][ T5861] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   78.930583][ T5861] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   78.975272][   T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   78.983664][   T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   78.991392][   T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   78.999504][   T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   79.007374][   T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   79.026548][ T5861] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   79.034043][ T5861] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   79.041746][ T5861] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   79.049440][ T5861] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   79.057173][ T5861] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   79.080880][ T5865] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   79.089523][ T5865] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   79.100687][   T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   79.109973][   T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   79.122576][   T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   79.253191][ T5858] chnl_net:caif_netlink_parms(): no params data found
[   79.393087][ T5863] chnl_net:caif_netlink_parms(): no params data found
[   79.460991][ T5858] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.469646][ T5858] bridge0: port 1(bridge_slave_0) entered disabled state
[   79.477506][ T5858] bridge_slave_0: entered allmulticast mode
[   79.484740][ T5858] bridge_slave_0: entered promiscuous mode
[   79.544544][ T5858] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.551869][ T5858] bridge0: port 2(bridge_slave_1) entered disabled state
[   79.559094][ T5858] bridge_slave_1: entered allmulticast mode
[   79.565999][ T5858] bridge_slave_1: entered promiscuous mode
[   79.605926][ T5858] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   79.629368][ T5868] chnl_net:caif_netlink_parms(): no params data found
[   79.644573][ T5858] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   79.663197][ T5863] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.670771][ T5863] bridge0: port 1(bridge_slave_0) entered disabled state
[   79.678652][ T5863] bridge_slave_0: entered allmulticast mode
[   79.685764][ T5863] bridge_slave_0: entered promiscuous mode
[   79.696797][ T5863] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.704187][ T5863] bridge0: port 2(bridge_slave_1) entered disabled state
[   79.711934][ T5863] bridge_slave_1: entered allmulticast mode
[   79.718830][ T5863] bridge_slave_1: entered promiscuous mode
[   79.725623][ T5870] chnl_net:caif_netlink_parms(): no params data found
[   79.767610][ T5858] team0: Port device team_slave_0 added
[   79.777300][ T5858] team0: Port device team_slave_1 added
[   79.831592][ T5863] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   79.853307][ T5858] batman_adv: batadv0: Adding interface: batadv_slave_0
[   79.860363][ T5858] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.886855][ T5858] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   79.906363][ T5863] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   79.928643][ T5858] batman_adv: batadv0: Adding interface: batadv_slave_1
[   79.935843][ T5858] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.962351][ T5858] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   80.019777][ T5863] team0: Port device team_slave_0 added
[   80.044200][ T5870] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.051524][ T5870] bridge0: port 1(bridge_slave_0) entered disabled state
[   80.058748][ T5870] bridge_slave_0: entered allmulticast mode
[   80.065890][ T5870] bridge_slave_0: entered promiscuous mode
[   80.075647][ T5870] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.083166][ T5870] bridge0: port 2(bridge_slave_1) entered disabled state
[   80.092162][ T5870] bridge_slave_1: entered allmulticast mode
[   80.099242][ T5870] bridge_slave_1: entered promiscuous mode
[   80.118353][ T5863] team0: Port device team_slave_1 added
[   80.161645][ T5868] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.168998][ T5868] bridge0: port 1(bridge_slave_0) entered disabled state
[   80.176704][ T5868] bridge_slave_0: entered allmulticast mode
[   80.184138][ T5868] bridge_slave_0: entered promiscuous mode
[   80.214568][ T5870] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   80.224305][ T5868] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.232747][ T5868] bridge0: port 2(bridge_slave_1) entered disabled state
[   80.240052][ T5868] bridge_slave_1: entered allmulticast mode
[   80.247440][ T5868] bridge_slave_1: entered promiscuous mode
[   80.263456][ T5863] batman_adv: batadv0: Adding interface: batadv_slave_0
[   80.271043][ T5863] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.298467][ T5863] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   80.313231][ T5858] hsr_slave_0: entered promiscuous mode
[   80.320679][ T5858] hsr_slave_1: entered promiscuous mode
[   80.327429][ T5872] chnl_net:caif_netlink_parms(): no params data found
[   80.339093][ T5870] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   80.363108][ T5868] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   80.373264][ T5863] batman_adv: batadv0: Adding interface: batadv_slave_1
[   80.380758][ T5863] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.409072][ T5863] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   80.448753][ T5868] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   80.491775][ T5863] hsr_slave_0: entered promiscuous mode
[   80.498053][ T5863] hsr_slave_1: entered promiscuous mode
[   80.504502][ T5863] debugfs: 'hsr0' already exists in 'hsr'
[   80.510541][ T5863] Cannot create hsr debugfs directory
[   80.551204][ T5870] team0: Port device team_slave_0 added
[   80.559926][ T5868] team0: Port device team_slave_0 added
[   80.595404][ T5870] team0: Port device team_slave_1 added
[   80.611424][ T5868] team0: Port device team_slave_1 added
[   80.643927][ T5870] batman_adv: batadv0: Adding interface: batadv_slave_0
[   80.651297][ T5870] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.677629][ T5870] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   80.723635][ T5870] batman_adv: batadv0: Adding interface: batadv_slave_1
[   80.730998][ T5870] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.757312][ T5870] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   80.772205][ T5868] batman_adv: batadv0: Adding interface: batadv_slave_0
[   80.779191][ T5868] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.806161][ T5868] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   80.829938][ T5872] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.837249][ T5872] bridge0: port 1(bridge_slave_0) entered disabled state
[   80.845174][ T5872] bridge_slave_0: entered allmulticast mode
[   80.852645][ T5872] bridge_slave_0: entered promiscuous mode
[   80.864007][ T5872] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.871320][ T5872] bridge0: port 2(bridge_slave_1) entered disabled state
[   80.878503][ T5872] bridge_slave_1: entered allmulticast mode
[   80.885072][ T5861] Bluetooth: hci0: command tx timeout
[   80.886897][ T5872] bridge_slave_1: entered promiscuous mode
[   80.901965][ T5868] batman_adv: batadv0: Adding interface: batadv_slave_1
[   80.908956][ T5868] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.936235][ T5868] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   80.960267][ T5861] Bluetooth: hci1: command tx timeout
[   81.011735][ T5872] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   81.025428][ T5872] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   81.040529][ T5861] Bluetooth: hci2: command tx timeout
[   81.065975][ T5870] hsr_slave_0: entered promiscuous mode
[   81.073492][ T5870] hsr_slave_1: entered promiscuous mode
[   81.082275][ T5870] debugfs: 'hsr0' already exists in 'hsr'
[   81.088855][ T5870] Cannot create hsr debugfs directory
[   81.130316][ T5861] Bluetooth: hci3: command tx timeout
[   81.153655][ T5868] hsr_slave_0: entered promiscuous mode
[   81.160830][ T5868] hsr_slave_1: entered promiscuous mode
[   81.167151][ T5868] debugfs: 'hsr0' already exists in 'hsr'
[   81.174043][ T5868] Cannot create hsr debugfs directory
[   81.189690][ T5872] team0: Port device team_slave_0 added
[   81.200337][ T5861] Bluetooth: hci4: command tx timeout
[   81.225949][ T5872] team0: Port device team_slave_1 added
[   81.279028][ T5872] batman_adv: batadv0: Adding interface: batadv_slave_0
[   81.286553][ T5872] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   81.314056][ T5872] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   81.326100][ T5872] batman_adv: batadv0: Adding interface: batadv_slave_1
[   81.333289][ T5872] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   81.359415][ T5872] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   81.448350][ T5872] hsr_slave_0: entered promiscuous mode
[   81.455219][ T5872] hsr_slave_1: entered promiscuous mode
[   81.461629][ T5872] debugfs: 'hsr0' already exists in 'hsr'
[   81.467439][ T5872] Cannot create hsr debugfs directory
[   81.481709][ T5863] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   81.514417][ T5863] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   81.553617][ T5863] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   81.565799][ T5863] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   81.632049][ T5858] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   81.659417][ T5858] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   81.675751][ T5858] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   81.694341][ T5858] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   81.725876][ T5870] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   81.737818][ T5870] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   81.755304][ T5870] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   81.769821][ T5870] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   81.822540][ T5868] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   81.832559][ T5868] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   81.857064][ T5868] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   81.866658][ T5868] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   81.898211][ T5872] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   81.909307][ T5872] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   81.922632][ T5872] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   81.934371][ T5872] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   81.998463][ T5863] 8021q: adding VLAN 0 to HW filter on device bond0
[   82.058025][ T5863] 8021q: adding VLAN 0 to HW filter on device team0
[   82.082407][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.089837][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   82.123191][ T5858] 8021q: adding VLAN 0 to HW filter on device bond0
[   82.131429][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.138862][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   82.167446][ T5870] 8021q: adding VLAN 0 to HW filter on device bond0
[   82.184390][ T5858] 8021q: adding VLAN 0 to HW filter on device team0
[   82.214928][ T5870] 8021q: adding VLAN 0 to HW filter on device team0
[   82.223483][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.230730][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   82.257622][ T5868] 8021q: adding VLAN 0 to HW filter on device bond0
[   82.269482][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.276662][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   82.288019][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.295410][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   82.305105][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.312847][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   82.355803][ T5868] 8021q: adding VLAN 0 to HW filter on device team0
[   82.373331][ T5872] 8021q: adding VLAN 0 to HW filter on device bond0
[   82.389022][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.396536][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[   82.429522][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.446978][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[   82.462779][ T5872] 8021q: adding VLAN 0 to HW filter on device team0
[   82.492721][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.499875][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[   82.538150][ T1109] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.545369][ T1109] bridge0: port 2(bridge_slave_1) entered forwarding state
[   82.559299][ T5870] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   82.615978][ T5868] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   82.728276][ T5863] 8021q: adding VLAN 0 to HW filter on device batadv0
[   82.852801][ T5863] veth0_vlan: entered promiscuous mode
[   82.892837][ T5863] veth1_vlan: entered promiscuous mode
[   82.965082][ T5861] Bluetooth: hci0: command tx timeout
[   82.978980][ T5863] veth0_macvtap: entered promiscuous mode
[   83.002828][ T5863] veth1_macvtap: entered promiscuous mode
[   83.024484][ T5863] batman_adv: batadv0: Interface activated: batadv_slave_0
[   83.040843][ T5861] Bluetooth: hci1: command tx timeout
[   83.049605][ T5870] 8021q: adding VLAN 0 to HW filter on device batadv0
[   83.075071][ T5863] batman_adv: batadv0: Interface activated: batadv_slave_1
[   83.087991][ T5872] 8021q: adding VLAN 0 to HW filter on device batadv0
[   83.117222][ T5858] 8021q: adding VLAN 0 to HW filter on device batadv0
[   83.126354][ T5861] Bluetooth: hci2: command tx timeout
[   83.135974][   T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   83.169321][   T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   83.187535][ T5868] 8021q: adding VLAN 0 to HW filter on device batadv0
[   83.197350][   T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   83.210865][   T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   83.212111][ T5861] Bluetooth: hci3: command tx timeout
[   83.280393][ T5861] Bluetooth: hci4: command tx timeout
[   83.322381][ T5872] veth0_vlan: entered promiscuous mode
[   83.346264][ T5858] veth0_vlan: entered promiscuous mode
[   83.371840][ T5858] veth1_vlan: entered promiscuous mode
[   83.388180][ T5872] veth1_vlan: entered promiscuous mode
[   83.406938][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.420455][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.424867][ T5858] veth0_macvtap: entered promiscuous mode
[   83.438962][ T5858] veth1_macvtap: entered promiscuous mode
[   83.460592][ T5868] veth0_vlan: entered promiscuous mode
[   83.484215][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.494907][ T5870] veth0_vlan: entered promiscuous mode
[   83.500285][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.526931][ T5868] veth1_vlan: entered promiscuous mode
[   83.536395][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_0
[   83.555930][ T5870] veth1_vlan: entered promiscuous mode
[   83.565990][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_1
[   83.588376][ T5872] veth0_macvtap: entered promiscuous mode
[   83.597657][ T5863] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   83.631807][ T5872] veth1_macvtap: entered promiscuous mode
[   83.645963][   T59] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   83.655811][   T59] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   83.685452][   T59] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   83.709117][   T59] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   83.724597][ T5872] batman_adv: batadv0: Interface activated: batadv_slave_0
[   83.735890][ T5872] batman_adv: batadv0: Interface activated: batadv_slave_1
[   83.818060][   T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   83.829178][   T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   83.839654][   T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   83.855202][ T5868] veth0_macvtap: entered promiscuous mode
[   83.864318][ T5868] veth1_macvtap: entered promiscuous mode
[   83.881066][ T5868] batman_adv: batadv0: Interface activated: batadv_slave_0
[   83.897592][   T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   83.907779][ T5870] veth0_macvtap: entered promiscuous mode
[   83.918429][ T5870] veth1_macvtap: entered promiscuous mode
[   83.935384][ T5956] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.936706][ T5868] batman_adv: batadv0: Interface activated: batadv_slave_1
[   83.952647][ T5956] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.377254][ T5870] batman_adv: batadv0: Interface activated: batadv_slave_0
[   84.388202][ T5870] batman_adv: batadv0: Interface activated: batadv_slave_1
[   84.404022][   T13] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   84.419712][   T13] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   84.444732][   T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.451242][   T13] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   84.459111][   T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.470524][   T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   84.487176][   T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   84.487599][ T1156] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.497891][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   84.506544][ T1156] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.514218][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   84.531913][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   84.631995][ T1156] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.639995][ T1156] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.762286][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.789675][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   85.003645][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   85.105973][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   85.106008][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   85.137476][ T5861] Bluetooth: hci0: command tx timeout
[   85.137572][   T51] Bluetooth: hci1: command tx timeout
[   85.200718][   T51] Bluetooth: hci2: command tx timeout
[   85.303080][   T51] Bluetooth: hci3: command tx timeout
[   85.372300][   T51] Bluetooth: hci4: command tx timeout
[   85.380544][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   85.389447][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   85.398132][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   85.406737][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   85.415609][    T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!!
[   85.672234][ T1109] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.681919][   T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.689924][   T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   85.721089][ T1109] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   85.874062][ T1156] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.901019][ T1156] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   87.170500][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   87.200579][   T51] Bluetooth: hci0: command tx timeout
[   87.206220][   T51] Bluetooth: hci1: command tx timeout
[   87.280623][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   87.405384][ T5861] Bluetooth: hci3: command tx timeout
[   87.413150][ T5861] Bluetooth: hci2: command tx timeout
[   87.450887][ T5861] Bluetooth: hci4: command tx timeout
[   88.541797][ T6055] bridge0: entered promiscuous mode
[   88.604171][ T6055] vlan2: entered promiscuous mode
[   89.066793][ T6066] netlink: 4 bytes leftover after parsing attributes in process `syz.4.15'.
[   89.517567][ T6066] team1 (uninitialized): Failed to send options change via netlink (err -105)
[   89.558360][ T6066] team1: entered promiscuous mode
[   89.570261][ T6066] team1: entered allmulticast mode
[   89.579626][ T6064] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   89.607616][ T6066] Zero length message leads to an empty skb
[   91.226861][   T51] Bluetooth: hci1: Malformed MSFT vendor event: 0x02
[   91.321336][ T6098] loop3: detected capacity change from 0 to 512
[   91.853154][ T6098] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   91.945707][ T6098] ext4 filesystem being mounted at /3/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   92.100078][ T6098] EXT4-fs error (device loop3): ext4_readdir:264: inode #12: block 32: comm syz.3.24: path /3/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[   92.179890][ T1637] cfg80211: failed to load regulatory.db
[   92.230327][ T6098] EXT4-fs (loop3): Remounting filesystem read-only
[   93.557669][ T6122] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   93.581661][ T6121] syzkaller0: entered promiscuous mode
[   93.587591][ T6121] syzkaller0: entered allmulticast mode
[   93.846850][ T6127] loop0: detected capacity change from 0 to 512
[   94.004234][ T5872] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   94.044154][ T6127] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   94.115818][ T6131] loop4: detected capacity change from 0 to 64
[   94.128506][ T6127] ext4 filesystem being mounted at /4/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   94.962009][ T5858] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   95.095782][ T6145] syz.4.38 uses obsolete (PF_INET,SOCK_PACKET)
[   95.133707][ T6139] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.141337][ T6139] bridge0: port 1(bridge_slave_0) entered disabled state
[   96.570650][ T6139] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   96.944441][ T6139] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   97.438390][ T6056] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   97.530859][ T6056] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   97.550358][ T6056] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   97.607718][ T6056] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   97.858724][ T6175] loop4: detected capacity change from 0 to 40427
[   97.881079][ T6175] F2FS-fs (loop4): invalid crc value
[   98.404512][ T6175] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[   98.414061][ T6175] F2FS-fs (loop4): Start checkpoint disabled!
[   98.444062][ T6175] F2FS-fs (loop4): f2fs_disable_checkpoint() finish, err:0
[   98.454071][ T6175] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[   98.989849][ T6175] syz.4.46: attempt to access beyond end of device
[   98.989849][ T6175] loop4: rw=2049, sector=77824, nr_sectors = 2280 limit=40427
[   98.999837][ T6190] lo: entered allmulticast mode
[   99.012454][ T6175] syz.4.46: attempt to access beyond end of device
[   99.012454][ T6175] loop4: rw=2049, sector=80104, nr_sectors = 1816 limit=40427
[   99.031553][ T6190] tunl0: entered allmulticast mode
[   99.037795][ T6175] syz.4.46: attempt to access beyond end of device
[   99.037795][ T6175] loop4: rw=2049, sector=49152, nr_sectors = 2160 limit=40427
[   99.047150][ T6175] syz.4.46: attempt to access beyond end of device
[   99.047150][ T6175] loop4: rw=2049, sector=51312, nr_sectors = 1936 limit=40427
[   99.109252][ T6175] syz.4.46: attempt to access beyond end of device
[   99.109252][ T6175] loop4: rw=2049, sector=57344, nr_sectors = 12288 limit=40427
[   99.127504][ T6175] syz.4.46: attempt to access beyond end of device
[   99.127504][ T6175] loop4: rw=2049, sector=69632, nr_sectors = 8 limit=40427
[   99.142729][ T6175] syz.4.46: attempt to access beyond end of device
[   99.142729][ T6175] loop4: rw=2049, sector=69640, nr_sectors = 8 limit=40427
[   99.156844][ T6175] syz.4.46: attempt to access beyond end of device
[   99.156844][ T6175] loop4: rw=2049, sector=69648, nr_sectors = 8 limit=40427
[   99.171778][ T6175] syz.4.46: attempt to access beyond end of device
[   99.171778][ T6175] loop4: rw=2049, sector=69656, nr_sectors = 8 limit=40427
[   99.187677][ T6175] syz.4.46: attempt to access beyond end of device
[   99.187677][ T6175] loop4: rw=2049, sector=69664, nr_sectors = 8 limit=40427
[   99.472217][ T6190] gre0: entered allmulticast mode
[   99.490855][ T6190] gretap0: entered allmulticast mode
[   99.498396][ T6190] erspan0: entered allmulticast mode
[   99.512643][ T6190] ip_vti0: entered allmulticast mode
[   99.545773][ T6190] ip6_vti0: entered allmulticast mode
[   99.573148][ T6190] sit0: entered allmulticast mode
[   99.587535][ T6190] ip6tnl0: entered allmulticast mode
[   99.605820][ T6190] ip6gre0: entered allmulticast mode
[   99.622301][ T6190] syz_tun: entered allmulticast mode
[   99.632198][ T6190] ip6gretap0: entered allmulticast mode
[   99.665861][ T6190] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.673645][ T6190] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.697364][ T6190] bridge0: entered allmulticast mode
[   99.734344][ T6190] vcan0: entered allmulticast mode
[   99.741353][ T6190] bond0: entered allmulticast mode
[   99.746817][ T6190] bond_slave_0: entered allmulticast mode
[   99.842687][ T6190] bond_slave_1: entered allmulticast mode
[   99.856023][ T6190] team0: entered allmulticast mode
[   99.863040][ T6190] team_slave_0: entered allmulticast mode
[   99.869008][ T6190] team_slave_1: entered allmulticast mode
[   99.909286][ T6048] CPU: 0 UID: 0 PID: 6048 Comm: kworker/u8:17 Not tainted 6.17.0-rc2-next-20250818-syzkaller #0 PREEMPT(full) 
[   99.909310][ T6048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   99.909320][ T6048] Workqueue: writeback wb_workfn (flush-7:4)
[   99.909362][ T6048] Call Trace:
[   99.909367][ T6048]  <TASK>
[   99.909374][ T6048]  dump_stack_lvl+0x189/0x250
[   99.909396][ T6048]  ? __pfx_dump_stack_lvl+0x10/0x10
[   99.909412][ T6048]  ? rcu_is_watching+0x15/0xb0
[   99.909426][ T6048]  ? __pfx_queue_work_on+0x10/0x10
[   99.909442][ T6048]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   99.909465][ T6048]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   99.909488][ T6048]  ? f2fs_hw_is_readonly+0x39b/0x470
[   99.909509][ T6048]  f2fs_handle_critical_error+0x37c/0x540
[   99.909531][ T6048]  f2fs_write_end_io+0x886/0xb60
[   99.909550][ T6048]  __submit_merged_bio+0x27a/0x6a0
[   99.909569][ T6048]  ? _raw_spin_unlock+0x28/0x50
[   99.909591][ T6048]  f2fs_submit_page_write+0x208c/0x21b0
[   99.909618][ T6048]  ? __f2fs_is_valid_blkaddr+0xd2a/0x14f0
[   99.909642][ T6048]  do_write_page+0x40f/0xac0
[   99.909658][ T6048]  ? f2fs_encrypt_one_page+0xaf/0x940
[   99.909679][ T6048]  f2fs_outplace_write_data+0x11a/0x220
[   99.909696][ T6048]  f2fs_do_write_data_page+0x113e/0x1650
[   99.909721][ T6048]  ? __pfx_f2fs_do_write_data_page+0x10/0x10
[   99.909742][ T6048]  ? css_rstat_updated+0x23a/0x4f0
[   99.909762][ T6048]  f2fs_write_single_data_page+0xa68/0x16a0
[   99.909790][ T6048]  ? __pfx_f2fs_write_single_data_page+0x10/0x10
[   99.909817][ T6048]  ? mlock_drain_local+0x79/0x490
[   99.909840][ T6048]  ? mlock_drain_local+0x28e/0x490
[   99.909856][ T6048]  f2fs_write_data_pages+0x195b/0x3000
[   99.909889][ T6048]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   99.909956][ T6048]  ? rcu_is_watching+0x15/0xb0
[   99.909976][ T6048]  ? lock_release+0x4b/0x3e0
[   99.910002][ T6048]  ? f2fs_write_meta_pages+0x357/0x450
[   99.910023][ T6048]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   99.910045][ T6048]  do_writepages+0x32e/0x550
[   99.910070][ T6048]  __writeback_single_inode+0x145/0xff0
[   99.910088][ T6048]  ? do_raw_spin_unlock+0x122/0x240
[   99.910113][ T6048]  writeback_sb_inodes+0x6c7/0x1010
[   99.910149][ T6048]  ? __pfx_writeback_sb_inodes+0x10/0x10
[   99.910192][ T6048]  ? rcu_is_watching+0x15/0xb0
[   99.910215][ T6048]  wb_writeback+0x43b/0xaf0
[   99.910235][ T6048]  ? queue_io+0x361/0x590
[   99.910253][ T6048]  ? __pfx_wb_writeback+0x10/0x10
[   99.910274][ T6048]  ? rcu_is_watching+0x15/0xb0
[   99.910289][ T6048]  wb_workfn+0x409/0xef0
[   99.910308][ T6048]  ? __pfx_wb_workfn+0x10/0x10
[   99.910322][ T6048]  ? rcu_is_watching+0x15/0xb0
[   99.910336][ T6048]  ? rcu_is_watching+0x15/0xb0
[   99.910352][ T6048]  ? process_scheduled_works+0x9ef/0x17b0
[   99.910366][ T6048]  ? rcu_is_watching+0x15/0xb0
[   99.910379][ T6048]  ? lock_acquire+0x5f/0x360
[   99.910401][ T6048]  ? rcu_is_watching+0x15/0xb0
[   99.910414][ T6048]  ? process_scheduled_works+0x9ef/0x17b0
[   99.910427][ T6048]  ? process_scheduled_works+0x9ef/0x17b0
[   99.910441][ T6048]  process_scheduled_works+0xade/0x17b0
[   99.910465][ T6048]  ? __pfx_process_scheduled_works+0x10/0x10
[   99.910485][ T6048]  worker_thread+0x8a0/0xda0
[   99.910515][ T6048]  kthread+0x711/0x8a0
[   99.910541][ T6048]  ? __pfx_worker_thread+0x10/0x10
[   99.910559][ T6048]  ? __pfx_kthread+0x10/0x10
[   99.910582][ T6048]  ? rcu_is_watching+0x15/0xb0
[   99.910603][ T6048]  ? __pfx_kthread+0x10/0x10
[   99.910622][ T6048]  ret_from_fork+0x3f9/0x770
[   99.910637][ T6048]  ? __pfx_ret_from_fork+0x10/0x10
[   99.910654][ T6048]  ? __switch_to_asm+0x39/0x70
[   99.910672][ T6048]  ? __switch_to_asm+0x33/0x70
[   99.910690][ T6048]  ? __pfx_kthread+0x10/0x10
[   99.910708][ T6048]  ret_from_fork_asm+0x1a/0x30
[   99.910733][ T6048]  </TASK>
[  100.860381][ T6048] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  100.895434][ T6190] dummy0: entered allmulticast mode
[  100.990507][ T6190] nlmon0: entered allmulticast mode
[  101.007400][ T6190] caif0: entered allmulticast mode
[  101.014313][ T6190] batadv0: entered allmulticast mode
[  101.032163][ T6190] vxcan0: entered allmulticast mode
[  101.060426][ T6190] vxcan1: entered allmulticast mode
[  101.077003][ T6190] veth0: entered allmulticast mode
[  101.096007][ T6190] veth1: entered allmulticast mode
[  101.126111][ T6190] wg0: entered allmulticast mode
[  101.148538][ T6190] wg1: entered allmulticast mode
[  101.170618][ T6190] wg2: entered allmulticast mode
[  101.181549][ T6190] veth0_to_bridge: entered allmulticast mode
[  101.215143][ T6190] veth1_to_bridge: entered allmulticast mode
[  101.242307][ T6190] veth0_to_bond: entered allmulticast mode
[  101.257691][ T6190] veth1_to_bond: entered allmulticast mode
[  101.268121][ T6190] veth0_to_team: entered allmulticast mode
[  101.278272][ T6190] veth1_to_team: entered allmulticast mode
[  101.289759][ T6190] veth0_to_batadv: entered allmulticast mode
[  101.298496][ T6190] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  101.306507][ T6190] batadv_slave_0: entered allmulticast mode
[  101.317204][ T6190] veth1_to_batadv: entered allmulticast mode
[  101.414872][ T6190] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  101.443995][ T6190] batadv_slave_1: entered allmulticast mode
[  101.636514][ T6190] xfrm0: entered allmulticast mode
[  101.650024][ T6190] veth0_to_hsr: entered allmulticast mode
[  101.668070][ T6190] hsr_slave_0: entered allmulticast mode
[  101.694059][ T6190] veth1_to_hsr: entered allmulticast mode
[  101.708577][ T6190] hsr_slave_1: entered allmulticast mode
[  101.721777][ T6190] hsr0: entered allmulticast mode
[  101.736888][ T6190] veth1_virt_wifi: entered allmulticast mode
[  101.750624][ T6190] veth0_virt_wifi: entered allmulticast mode
[  101.765288][ T6190] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[  101.778097][ T6190] veth1_vlan: entered allmulticast mode
[  101.792951][ T6190] veth0_vlan: entered allmulticast mode
[  101.834693][ T6190] vlan0: entered allmulticast mode
[  101.872392][ T6190] vlan1: entered allmulticast mode
[  101.891545][ T6190] macvlan0: entered allmulticast mode
[  101.914338][ T6190] macvlan1: entered allmulticast mode
[  101.936495][ T6190] ipvlan0: entered allmulticast mode
[  101.944663][ T6190] ipvlan1: entered allmulticast mode
[  101.959397][ T6190] veth1_macvtap: entered allmulticast mode
[  101.972905][ T6190] veth0_macvtap: entered allmulticast mode
[  101.996602][ T6190] macvtap0: entered allmulticast mode
[  102.029272][ T6190] macsec0: entered allmulticast mode
[  102.059360][ T6190] geneve0: entered allmulticast mode
[  102.218978][ T6190] geneve1: entered allmulticast mode
[  102.251567][ T6190] netdevsim netdevsim3 netdevsim0: entered allmulticast mode
[  102.295377][ T6190] netdevsim netdevsim3 netdevsim1: entered allmulticast mode
[  102.345345][ T6190] netdevsim netdevsim3 netdevsim2: entered allmulticast mode
[  102.370479][ T6190] netdevsim netdevsim3 netdevsim3: entered allmulticast mode
[  102.415748][ T6190] mac80211_hwsim hwsim5 wlan0: entered allmulticast mode
[  102.494401][ T6190] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode
[  102.533023][ T6037] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  102.550409][ T1156] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  102.566313][ T1156] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  102.586987][ T1156] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  105.903894][ T6251] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  105.998972][ T6251] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  107.965256][ T6273] loop1: detected capacity change from 0 to 128
[  108.699458][ T6285] process 'syz.1.74' launched './file0' with NULL argv: empty string added
[  110.323615][ T6306] netlink: 'syz.4.82': attribute type 1 has an invalid length.
[  110.331917][ T6306] netlink: 224 bytes leftover after parsing attributes in process `syz.4.82'.
[  113.717736][ T1637] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  114.192261][ T1637] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  114.658033][ T1637] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  114.669197][ T1637] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  114.678511][ T1637] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  114.689707][ T1637] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  115.235855][ T1637] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  115.251921][ T1637] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  115.260413][ T1637] usb 3-1: Product: syz
[  115.264656][ T1637] usb 3-1: Manufacturer: syz
[  115.265261][ T6363] loop0: detected capacity change from 0 to 64
[  115.357230][ T1637] cdc_wdm 3-1:1.0: skipping garbage
[  115.398316][ T1637] cdc_wdm 3-1:1.0: skipping garbage
[  115.447564][ T1637] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  115.466977][ T6365] netlink: 4 bytes leftover after parsing attributes in process `syz.1.100'.
[  115.474574][ T1637] cdc_wdm 3-1:1.0: Unknown control protocol
[  115.593868][ T6367] minix_free_block (loop0:1): bit already cleared
[  115.600757][ T6367] minix_free_block (loop0:4): bit already cleared
[  115.607437][ T6367] minix_free_block (loop0:3): bit already cleared
[  115.614241][ T6367] minix_free_block (loop0:2): bit already cleared
[  115.622689][ T6367] minix_free_block (loop0:1): bit already cleared
[  116.214063][ T5973] usb 3-1: USB disconnect, device number 2
[  116.292520][ T6372] Bluetooth: MGMT ver 1.23
[  116.373073][ T6376] loop1: detected capacity change from 0 to 256
[  116.400942][ T6376] vfat: Deprecated parameter 'posix'
[  116.418571][ T6376] FAT-fs: "posix" option is obsolete, not supported now
[  117.658950][ T3091] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  117.884380][ T3091] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  117.897130][ T3091] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  117.910176][ T3091] usb 4-1: Product: syz
[  118.456484][ T3091] usb 4-1: Manufacturer: syz
[  118.515806][ T3091] usb 4-1: SerialNumber: syz
[  118.535405][ T3091] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  120.413448][ T5930] usb 4-1: ath9k_htc: Firmware - ath9k_htc/htc_9271-1.4.0.fw download failed
[  120.805605][ T5930] usb 4-1: ath9k_htc: USB layer deinitialized
[  120.871382][   T43] usb 4-1: USB disconnect, device number 2
[  120.878137][ T6407] loop3: detected capacity change from 0 to 8
[  120.889649][ T6407] squashfs: Unknown parameter ''
[  121.467567][   T30] audit: type=1326 audit(1755502937.487:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6413 comm="syz.1.114" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81a278ebe9 code=0x7ffc0000
[  121.759928][   T30] audit: type=1326 audit(1755502937.497:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6413 comm="syz.1.114" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81a278ebe9 code=0x7ffc0000
[  121.798245][   T43] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  122.037363][   T30] audit: type=1326 audit(1755502937.537:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6413 comm="syz.1.114" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f81a278ebe9 code=0x7ffc0000
[  122.066979][   T30] audit: type=1326 audit(1755502937.657:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6419 comm="syz.1.114" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f81a27c14a5 code=0x7ffc0000
[  122.177507][   T43] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  122.208632][   T43] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  122.219539][   T30] audit: type=1326 audit(1755502937.657:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6413 comm="syz.1.114" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81a278ebe9 code=0x7ffc0000
[  122.314421][   T30] audit: type=1326 audit(1755502937.657:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6413 comm="syz.1.114" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81a278ebe9 code=0x7ffc0000
[  122.370741][   T30] audit: type=1326 audit(1755502938.027:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6419 comm="syz.1.114" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f81a278ebe9 code=0x7ffc0000
[  122.396433][   T43] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  122.406696][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  122.425025][   T30] audit: type=1326 audit(1755502938.277:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6413 comm="syz.1.114" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f81a278d84a code=0x7ffc0000
[  122.457465][   T43] usb 4-1: SerialNumber: syz
[  122.471718][   T30] audit: type=1326 audit(1755502938.277:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6413 comm="syz.1.114" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f81a27c14a5 code=0x7ffc0000
[  122.520263][   T30] audit: type=1326 audit(1755502938.487:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6413 comm="syz.1.114" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81a278ebe9 code=0x7ffc0000
[  122.677236][   T43] usb 4-1: 0:2 : does not exist
[  122.727729][   T43] usb 4-1: USB disconnect, device number 3
[  123.603919][ T6425] loop4: detected capacity change from 0 to 32768
[  123.785330][ T6425] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.118 (6425)
[  124.741147][ T6425] BTRFS info (device loop4): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  124.825210][ T6425] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm
[  124.895957][ T6451] binder_alloc: 6450: binder_alloc_buf, no vma
[  125.128003][ T6425] BTRFS info (device loop4): enabling ssd optimizations
[  125.221819][ T6425] BTRFS info (device loop4): enabling free space tree
[  125.515046][ T5870] BTRFS info (device loop4): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  126.258254][ T6484] Bluetooth: MGMT ver 1.23
[  127.871350][ T6491] netlink: 24 bytes leftover after parsing attributes in process `syz.3.132'.
[  128.410197][ T1637] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  129.346215][ T1637] usb 2-1: config 0 has no interfaces?
[  129.409452][ T1637] usb 2-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  129.509930][ T1637] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  129.674109][ T6505] rdma_op ffff8880791a41f0 conn xmit_rdma 0000000000000000
[  129.710811][ T1637] usb 2-1: config 0 descriptor??
[  130.355781][ T6496] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  130.940511][ T6496] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  131.658933][   T43] usb 2-1: USB disconnect, device number 2
[  132.011896][ T6521] loop3: detected capacity change from 0 to 8192
[  132.188722][ T6525] netlink: 8 bytes leftover after parsing attributes in process `syz.3.141'.
[  132.647049][ T6525] IPVS: Error joining to the multicast group
[  132.845700][ T6521] netlink: 'syz.3.141': attribute type 11 has an invalid length.
[  133.152401][ T6521] netlink: 224 bytes leftover after parsing attributes in process `syz.3.141'.
[  133.237351][ T6536] loop1: detected capacity change from 0 to 512
[  133.275822][ T6536] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  133.330918][ T6536] ext4 filesystem being mounted at /21/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  133.361439][ T6540] netlink: 16 bytes leftover after parsing attributes in process `syz.0.144'.
[  133.372226][ T6540] netlink: 4 bytes leftover after parsing attributes in process `syz.0.144'.
[  133.381336][ T6540] netlink: 72 bytes leftover after parsing attributes in process `syz.0.144'.
[  134.071903][ T6544] loop3: detected capacity change from 0 to 64
[  134.471585][ T5863] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  134.483731][ T6548] minix_free_block (loop3:1): bit already cleared
[  134.504779][ T6548] minix_free_block (loop3:4): bit already cleared
[  134.612002][ T6548] minix_free_block (loop3:3): bit already cleared
[  134.618493][ T6548] minix_free_block (loop3:2): bit already cleared
[  134.921236][ T6548] minix_free_block (loop3:1): bit already cleared
[  135.468999][ T6558] loop1: detected capacity change from 0 to 2048
[  136.600171][ T5973] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  137.421135][ T5973] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  137.441683][ T5973] usb 4-1: config 0 interface 0 has no altsetting 0
[  137.448369][ T5973] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  137.478164][ T5973] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  137.535932][ T5973] usb 4-1: config 0 descriptor??
[  137.664862][ T6584] binder: 6582:6584 ioctl c0306201 200000000680 returned -14
[  138.242168][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  138.248540][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  138.254617][ T5973] usb 4-1: string descriptor 0 read error: -71
[  138.263232][ T5973] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  138.272288][ T5973] usb 4-1: MIDIStreaming interface descriptor not found
[  138.336519][ T5973] usb 4-1: USB disconnect, device number 4
[  138.550868][ T6599] ==================================================================
[  138.559014][ T6599] BUG: KASAN: slab-use-after-free in __se_sys_mremap+0xb33/0x1150
[  138.566865][ T6599] Read of size 8 at addr ffff888033341e18 by task syz.4.160/6599
[  138.574618][ T6599] 
[  138.576972][ T6599] CPU: 1 UID: 0 PID: 6599 Comm: syz.4.160 Not tainted 6.17.0-rc2-next-20250818-syzkaller #0 PREEMPT(full) 
[  138.577006][ T6599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  138.577020][ T6599] Call Trace:
[  138.577029][ T6599]  <TASK>
[  138.577038][ T6599]  dump_stack_lvl+0x189/0x250
[  138.577070][ T6599]  ? __pfx_dump_stack_lvl+0x10/0x10
[  138.577095][ T6599]  ? lock_release+0x4b/0x3e0
[  138.577128][ T6599]  ? __virt_addr_valid+0x4a5/0x5c0
[  138.577156][ T6599]  print_report+0xca/0x240
[  138.577176][ T6599]  ? __se_sys_mremap+0xb33/0x1150
[  138.577206][ T6599]  kasan_report+0x118/0x150
[  138.577243][ T6599]  ? __se_sys_mremap+0xb33/0x1150
[  138.577278][ T6599]  __se_sys_mremap+0xb33/0x1150
[  138.577308][ T6599]  ? rcu_is_watching+0x15/0xb0
[  138.577349][ T6599]  ? __pfx___se_sys_mremap+0x10/0x10
[  138.577385][ T6599]  ? rcu_is_watching+0x15/0xb0
[  138.577412][ T6599]  ? __x64_sys_mremap+0x20/0xc0
[  138.577440][ T6599]  do_syscall_64+0xfa/0x3b0
[  138.577464][ T6599]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.577485][ T6599]  ? clear_bhb_loop+0x60/0xb0
[  138.577516][ T6599]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.577541][ T6599] RIP: 0033:0x7f499e38ebe9
[  138.577574][ T6599] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  138.577598][ T6599] RSP: 002b:00007f499c1f4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[  138.577625][ T6599] RAX: ffffffffffffffda RBX: 00007f499e5b6270 RCX: 00007f499e38ebe9
[  138.577646][ T6599] RDX: 0000000000004000 RSI: 0000000000004000 RDI: 00002000009d1000
[  138.577660][ T6599] RBP: 00007f499e411e19 R08: 00002000002a0000 R09: 0000000000000000
[  138.577674][ T6599] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000
[  138.577687][ T6599] R13: 00007f499e5b6308 R14: 00007f499e5b6270 R15: 00007ffead3bc168
[  138.577711][ T6599]  </TASK>
[  138.577718][ T6599] 
[  138.767639][ T6599] Allocated by task 5870:
[  138.771991][ T6599]  kasan_save_track+0x3e/0x80
[  138.776701][ T6599]  __kasan_slab_alloc+0x6c/0x80
[  138.781591][ T6599]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  138.787093][ T6599]  vm_area_dup+0x2b/0x680
[  138.791452][ T6599]  dup_mmap+0x90c/0x1ac0
[  138.795748][ T6599]  copy_mm+0x13c/0x4b0
[  138.799853][ T6599]  copy_process+0x1706/0x3c00
[  138.804555][ T6599]  kernel_clone+0x21e/0x840
[  138.809076][ T6599]  __x64_sys_clone+0x18b/0x1e0
[  138.813856][ T6599]  do_syscall_64+0xfa/0x3b0
[  138.818373][ T6599]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.824307][ T6599] 
[  138.826637][ T6599] Freed by task 6595:
[  138.830621][ T6599]  kasan_save_track+0x3e/0x80
[  138.835307][ T6599]  kasan_save_free_info+0x46/0x50
[  138.840336][ T6599]  __kasan_slab_free+0x5b/0x80
[  138.845112][ T6599]  slab_free_after_rcu_debug+0x129/0x2a0
[  138.850755][ T6599]  rcu_core+0xca8/0x1770
[  138.855026][ T6599]  handle_softirqs+0x283/0x870
[  138.859834][ T6599]  __irq_exit_rcu+0xca/0x1f0
[  138.864446][ T6599]  irq_exit_rcu+0x9/0x30
[  138.868704][ T6599]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  138.874355][ T6599]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  138.880439][ T6599] 
[  138.882773][ T6599] Last potentially related work creation:
[  138.888484][ T6599]  kasan_save_stack+0x3e/0x60
[  138.893175][ T6599]  kasan_record_aux_stack+0xbd/0xd0
[  138.898376][ T6599]  kmem_cache_free+0x2f6/0x400
[  138.903161][ T6599]  vms_complete_munmap_vmas+0x626/0x8a0
[  138.908906][ T6599]  do_vmi_align_munmap+0x358/0x420
[  138.914028][ T6599]  do_vmi_munmap+0x253/0x2e0
[  138.918626][ T6599]  do_munmap+0xe1/0x140
[  138.922792][ T6599]  mremap_to+0x2df/0x7a0
[  138.927042][ T6599]  __se_sys_mremap+0xadf/0x1150
[  138.931895][ T6599]  do_syscall_64+0xfa/0x3b0
[  138.936403][ T6599]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.942302][ T6599] 
[  138.944633][ T6599] The buggy address belongs to the object at ffff888033341dc0
[  138.944633][ T6599]  which belongs to the cache vm_area_struct of size 256
[  138.958972][ T6599] The buggy address is located 88 bytes inside of
[  138.958972][ T6599]  freed 256-byte region [ffff888033341dc0, ffff888033341ec0)
[  138.972692][ T6599] 
[  138.975028][ T6599] The buggy address belongs to the physical page:
[  138.981457][ T6599] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x33341
[  138.990227][ T6599] memcg:ffff888028fe8c01
[  138.994497][ T6599] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  139.001615][ T6599] page_type: f5(slab)
[  139.005607][ T6599] raw: 00fff00000000000 ffff88801bed5b40 ffffea0000c34340 0000000000000002
[  139.014230][ T6599] raw: 0000000000000000 00000000000c000c 00000000f5000000 ffff888028fe8c01
[  139.022820][ T6599] page dumped because: kasan: bad access detected
[  139.029252][ T6599] page_owner tracks the page as allocated
[  139.034972][ T6599] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5614, tgid 5614 (dhcpcd-run-hook), ts 50444299286, free_ts 50431133609
[  139.054525][ T6599]  post_alloc_hook+0x240/0x2a0
[  139.059309][ T6599]  get_page_from_freelist+0x21e4/0x22c0
[  139.064981][ T6599]  __alloc_frozen_pages_noprof+0x181/0x370
[  139.070820][ T6599]  alloc_pages_mpol+0x232/0x4a0
[  139.075709][ T6599]  allocate_slab+0x8a/0x370
[  139.080229][ T6599]  ___slab_alloc+0xbeb/0x1410
[  139.084918][ T6599]  kmem_cache_alloc_noprof+0x283/0x3c0
[  139.090412][ T6599]  vm_area_alloc+0x24/0x140
[  139.094921][ T6599]  mmap_region+0xdc7/0x20c0
[  139.099434][ T6599]  do_mmap+0xc45/0x10d0
[  139.103598][ T6599]  vm_mmap_pgoff+0x2a6/0x4d0
[  139.108194][ T6599]  ksys_mmap_pgoff+0x51f/0x760
[  139.112964][ T6599]  do_syscall_64+0xfa/0x3b0
[  139.117476][ T6599]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.123374][ T6599] page last free pid 5614 tgid 5614 stack trace:
[  139.129704][ T6599]  __free_frozen_pages+0xbc4/0xd30
[  139.134830][ T6599]  __tlb_remove_table+0x2d2/0x3b0
[  139.139863][ T6599]  tlb_remove_table_rcu+0x85/0x100
[  139.144978][ T6599]  rcu_core+0xca8/0x1770
[  139.149222][ T6599]  handle_softirqs+0x283/0x870
[  139.153991][ T6599]  __irq_exit_rcu+0xca/0x1f0
[  139.158605][ T6599]  irq_exit_rcu+0x9/0x30
[  139.162857][ T6599]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  139.168500][ T6599]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  139.174494][ T6599] 
[  139.176819][ T6599] Memory state around the buggy address:
[  139.182460][ T6599]  ffff888033341d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  139.190615][ T6599]  ffff888033341d80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  139.198678][ T6599] >ffff888033341e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  139.206757][ T6599]                             ^
[  139.211627][ T6599]  ffff888033341e80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  139.219706][ T6599]  ffff888033341f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  139.227773][ T6599] ==================================================================
[  139.269504][ T6599] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  139.276778][ T6599] CPU: 0 UID: 0 PID: 6599 Comm: syz.4.160 Not tainted 6.17.0-rc2-next-20250818-syzkaller #0 PREEMPT(full) 
[  139.288179][ T6599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  139.298286][ T6599] Call Trace:
[  139.301584][ T6599]  <TASK>
[  139.304531][ T6599]  dump_stack_lvl+0x99/0x250
[  139.309160][ T6599]  ? __asan_memcpy+0x40/0x70
[  139.313771][ T6599]  ? __pfx_dump_stack_lvl+0x10/0x10
[  139.318992][ T6599]  ? __pfx__printk+0x10/0x10
[  139.323626][ T6599]  vpanic+0x281/0x750
[  139.327627][ T6599]  ? preempt_schedule+0xae/0xc0
[  139.332496][ T6599]  ? __pfx_vpanic+0x10/0x10
[  139.337061][ T6599]  ? preempt_schedule_common+0x83/0xd0
[  139.342549][ T6599]  ? preempt_schedule+0xae/0xc0
[  139.347453][ T6599]  ? __pfx_preempt_schedule+0x10/0x10
[  139.352870][ T6599]  panic+0xb9/0xc0
[  139.356610][ T6599]  ? __pfx_panic+0x10/0x10
[  139.361037][ T6599]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  139.366956][ T6599]  ? __se_sys_mremap+0xb33/0x1150
[  139.371994][ T6599]  check_panic_on_warn+0x89/0xb0
[  139.376952][ T6599]  ? __se_sys_mremap+0xb33/0x1150
[  139.381993][ T6599]  end_report+0x78/0x160
[  139.386264][ T6599]  kasan_report+0x129/0x150
[  139.390791][ T6599]  ? __se_sys_mremap+0xb33/0x1150
[  139.395839][ T6599]  __se_sys_mremap+0xb33/0x1150
[  139.400701][ T6599]  ? rcu_is_watching+0x15/0xb0
[  139.405487][ T6599]  ? __pfx___se_sys_mremap+0x10/0x10
[  139.410794][ T6599]  ? rcu_is_watching+0x15/0xb0
[  139.415576][ T6599]  ? __x64_sys_mremap+0x20/0xc0
[  139.420446][ T6599]  do_syscall_64+0xfa/0x3b0
[  139.424963][ T6599]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.431044][ T6599]  ? clear_bhb_loop+0x60/0xb0
[  139.435741][ T6599]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.441645][ T6599] RIP: 0033:0x7f499e38ebe9
[  139.446070][ T6599] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  139.465966][ T6599] RSP: 002b:00007f499c1f4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[  139.474422][ T6599] RAX: ffffffffffffffda RBX: 00007f499e5b6270 RCX: 00007f499e38ebe9
[  139.482463][ T6599] RDX: 0000000000004000 RSI: 0000000000004000 RDI: 00002000009d1000
[  139.490531][ T6599] RBP: 00007f499e411e19 R08: 00002000002a0000 R09: 0000000000000000
[  139.498513][ T6599] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000
[  139.506493][ T6599] R13: 00007f499e5b6308 R14: 00007f499e5b6270 R15: 00007ffead3bc168
[  139.514484][ T6599]  </TASK>
[  139.517782][ T6599] Kernel Offset: disabled
[  139.522220][ T6599] Rebooting in 86400 seconds..