last executing test programs:

11m3.001697593s ago: executing program 0 (id=1996):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x2000003, &(0x7f0000000000), 0x1, 0x4f3, &(0x7f0000000bc0)="$eJzs3d9rXFkdAPDvvcnspt2sk0WRteDuYivp6nYm2bi7QaRWEH0qWOt7jMkkhEwyITOpzVA0xVdBEFHBJ598EfwDBOmfIEJB30WLItrqgw/aKzNzp03TmSQlP8adfD5wes+55977PWeauT/mHu4N4Mx6KyKuRcRIRLwdEcV8fpqnuVZhp7Pco4d3FlopiSy7+fckknxed1ut8mhEvNJZJcYi4utfjfhW8nzc+nZzdb5arWzm5XJjbaNc325eWVmbX64sV9ZnZqbfn/1g9r3ZqSx3pH5eiIirX37w4x/84itXf/POt/8499fL32k16wsf77Q7IhaOFKCPzrY/887u5rc+o82TCDYAI3l/CnsrbgymPQAA7K91jn8xIj7VPv8vxkj7bA4AAAAYJtkXx+M/SUQGAAAADK00IsYjSUv5WIDxSNNSqTOG92NxPq3W6o3PLtW21hdbdRETUUiXVqqVqXys8EQUklZ5up1/Wn53T3kmIl6LiB8Vz7XLpYVadXHQP34AAADAGfHKm89e//+rmLbzAAAAwJCZ6FsAAAAAhoVLfgAAABh+rv8BAABgqH3t+vVWyrrv8V68tb21Wrt1ZbFSXy2tbS2UFmqbG6XlWm25/cy+tT6b+X43U63VNj4X61u3y41KvVGubzfn1mpb6425lfbrwAEAAIABeO3Ne39IImLn8+faKfLnAAI848+DbgBwnEYG3QBgYEYH3QBgYAoHLjH6AssCH0bJAfV9B+/89vjbAgAAnIzJTzx///+lvM71Pgw3Y30A4Oxx/x/OroIRgHDmXepMXu5Xf/T7/1n2wo0CAACO1Xg7JWkpvxc4HmlaKkW82n4tQCFZWqlWpiLiIxHx+2Lh5VZ5ur1mcuCYYQAAAAAAAAAAAAAAAAAAAAAAAACgI8uSyAAAAIChFpH+JWk/zT9isnhpfO/vAy8l/y7Gg7zws5s/uT3faGxOt+b/o9iuj4jGT/P572ZeCQAAAAD/BzrX6fl0etCtAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDYPHp4Z6GbTjPu374UERO94o/GWHs6FoWIOP/PJEZ3rZdExMgxxN+5GxGv746fPYnwOMuyibwVveKfO5H43f4nrY8l9sQf666XHkNsOOvutfY/13p9/9J4qz3t/f0fzdNR9d//pU/2fyN99j+vHjLGhfu/KveNfzfiwmjv/U83ftIn/sVDxv/mN5rNfnXZzyMmex5/kmdilRtrG+X6dvPKytr8cmW5sj4zM/3+7Aez781OlZdWqpX8354xfvjJXz/er//n+8SfOKD/lw7Z///ev/3wo51soVf8yxd7H39f7xM/zY99n87zrfrJbn6nk9/tjV/+7o39+r/Yp/8H/f9fPmT/377xvT8dclEA4BTUt5ur89VqZXOfzNghlpGROUom+27n7/Fo24nNkWNtWDboj6W+3eyedZ929EHulQAAgJPw9KR/0C0BAAAAAAAAAAAAAAAAAACAs+s0Hie2N+bOYLoKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALCv/wUAAP//WIjdwA==")
socket$inet_udp(0x2, 0x2, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, 0x0, 0x0)
bind$inet(r4, &(0x7f0000000300)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000000)='batadv_slave_1\x00', 0x10)
sendmmsg$inet(r4, &(0x7f0000003b00)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000180)=';', 0xfffffdef}], 0x1}}, {{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000400)="bb", 0x1}], 0x1, 0x0, 0xfffffffffffffd96}}], 0x2, 0x16da)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x11, 0x10, 0x0, 0x100, 0x60, r5, 0x1ff, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000f7850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

11m1.512418813s ago: executing program 0 (id=1999):
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x10080, 0x20)
ioctl$FBIOPAN_DISPLAY(r0, 0x4606, &(0x7f0000000080)={0x280, 0xa0, 0x580, 0x640, 0x4, 0x9, 0x20, 0x1, {0x0, 0x787}, {0x2, 0xbd, 0x1}, {0x1ff, 0xfffff223, 0x1}, {0xf, 0x1da8783d, 0x1}, 0x0, 0x1, 0x0, 0x4, 0x0, 0x7, 0x3ff, 0xf4000000, 0x4, 0x2, 0x22, 0x81, 0x20, 0x0, 0x1, 0x6})
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, 0x0, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r1 = userfaultfd(0x1)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040))
r2 = fcntl$dupfd(r1, 0x0, r1)
r3 = userfaultfd(0x801)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r4, 0x0, 0xfffffffffffffffd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getsockname$packet(r0, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000300)=0xfffffffffffffd98)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_CONTINUE(r2, 0xc020aa07, &(0x7f00000000c0)={{&(0x7f0000800000/0x800000)=nil, 0x800000}})

10m59.706998753s ago: executing program 0 (id=2004):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x19a, @void, @value}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r0}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x103a42, 0x0)
copy_file_range(r2, 0x0, r2, 0x0, 0x9, 0x0)
r3 = memfd_secret(0x0)
r4 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0x0, 0x0)
r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r6, &(0x7f0000000100)={0xa, 0x4e21, 0x801, @local, 0x6}, 0x1c)
sendto$inet6(r6, &(0x7f0000000300), 0xfdef, 0x0, 0x0, 0xfffffffffffffdfd)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r4, 0xc1105517, &(0x7f0000000340)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0})
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r4, 0xc1105518, &(0x7f0000000040)={{0x0, 0x0, 0x20000, 0x0, 'syz0\x00'}, 0x1, [0x0, 0x0, 0x400000000, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x4, 0x8000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x7, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x2, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff]})
ftruncate(r3, 0x5)
ioctl$SNDRV_PCM_IOCTL_HW_FREE(r3, 0x4112, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000640)=@bpf_ext={0x1c, 0x8, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000202070250000009657174d4106678d00002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x48)

10m58.134028612s ago: executing program 0 (id=2009):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x2000003, &(0x7f0000000000), 0x1, 0x4f3, &(0x7f0000000bc0)="$eJzs3d9rXFkdAPDvvcnspt2sk0WRteDuYivp6nYm2bi7QaRWEH0qWOt7jMkkhEwyITOpzVA0xVdBEFHBJ598EfwDBOmfIEJB30WLItrqgw/aKzNzp03TmSQlP8adfD5wes+55977PWeauT/mHu4N4Mx6KyKuRcRIRLwdEcV8fpqnuVZhp7Pco4d3FlopiSy7+fckknxed1ut8mhEvNJZJcYi4utfjfhW8nzc+nZzdb5arWzm5XJjbaNc325eWVmbX64sV9ZnZqbfn/1g9r3ZqSx3pH5eiIirX37w4x/84itXf/POt/8499fL32k16wsf77Q7IhaOFKCPzrY/887u5rc+o82TCDYAI3l/CnsrbgymPQAA7K91jn8xIj7VPv8vxkj7bA4AAAAYJtkXx+M/SUQGAAAADK00IsYjSUv5WIDxSNNSqTOG92NxPq3W6o3PLtW21hdbdRETUUiXVqqVqXys8EQUklZ5up1/Wn53T3kmIl6LiB8Vz7XLpYVadXHQP34AAADAGfHKm89e//+rmLbzAAAAwJCZ6FsAAAAAhoVLfgAAABh+rv8BAABgqH3t+vVWyrrv8V68tb21Wrt1ZbFSXy2tbS2UFmqbG6XlWm25/cy+tT6b+X43U63VNj4X61u3y41KvVGubzfn1mpb6425lfbrwAEAAIABeO3Ne39IImLn8+faKfLnAAI848+DbgBwnEYG3QBgYEYH3QBgYAoHLjH6AssCH0bJAfV9B+/89vjbAgAAnIzJTzx///+lvM71Pgw3Y30A4Oxx/x/OroIRgHDmXepMXu5Xf/T7/1n2wo0CAACO1Xg7JWkpvxc4HmlaKkW82n4tQCFZWqlWpiLiIxHx+2Lh5VZ5ur1mcuCYYQAAAAAAAAAAAAAAAAAAAAAAAACgI8uSyAAAAIChFpH+JWk/zT9isnhpfO/vAy8l/y7Gg7zws5s/uT3faGxOt+b/o9iuj4jGT/P572ZeCQAAAAD/BzrX6fl0etCtAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDYPHp4Z6GbTjPu374UERO94o/GWHs6FoWIOP/PJEZ3rZdExMgxxN+5GxGv746fPYnwOMuyibwVveKfO5H43f4nrY8l9sQf666XHkNsOOvutfY/13p9/9J4qz3t/f0fzdNR9d//pU/2fyN99j+vHjLGhfu/KveNfzfiwmjv/U83ftIn/sVDxv/mN5rNfnXZzyMmex5/kmdilRtrG+X6dvPKytr8cmW5sj4zM/3+7Aez781OlZdWqpX8354xfvjJXz/er//n+8SfOKD/lw7Z///ev/3wo51soVf8yxd7H39f7xM/zY99n87zrfrJbn6nk9/tjV/+7o39+r/Yp/8H/f9fPmT/377xvT8dclEA4BTUt5ur89VqZXOfzNghlpGROUom+27n7/Fo24nNkWNtWDboj6W+3eyedZ929EHulQAAgJPw9KR/0C0BAAAAAAAAAAAAAAAAAACAs+s0Hie2N+bOYLoKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALCv/wUAAP//WIjdwA==")
socket$inet_udp(0x2, 0x2, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, 0x0, 0x0)
bind$inet(r4, &(0x7f0000000300)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000000)='batadv_slave_1\x00', 0x10)
sendmmsg$inet(r4, &(0x7f0000003b00)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000180)=';', 0xfffffdef}], 0x1}}, {{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000400)="bb", 0x1}], 0x1, 0x0, 0xfffffffffffffd96}}], 0x2, 0x16da)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x11, 0x10, 0x0, 0x100, 0x60, r5, 0x1ff, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000f7850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

10m56.94178046s ago: executing program 0 (id=2011):
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet_sctp(0x2, 0x1, 0x84)
socket(0x22, 0x2, 0x3)
socket$phonet_pipe(0x23, 0x5, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8'], 0x38}}, 0x0)
write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0)

10m55.832943603s ago: executing program 0 (id=2012):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000400)=0x200002)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r2 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0)
r3 = fcntl$dupfd(r2, 0x2, 0xffffffffffffffff)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000c80)={'lo\x00', <r5=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001240)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56641, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}, {0xd}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0)
splice(r1, 0x0, r3, 0x0, 0x2000, 0x0)

10m43.401437575s ago: executing program 32 (id=2007):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100))
mknod(&(0x7f0000000180)='./file0\x00', 0x1ffa, 0x0)
acct(0x0)
r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000140), 0x8481, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='net/fib_trie\x00')
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x0, @local}, 0x2}}, 0x26)
mkdir(0x0, 0x0)
r2 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
read$FUSE(r2, 0x0, 0x0)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket(0x0, 0x803, 0x0)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000380)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r4, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r5, 0x0, 0x0, 0x0, <r6=>0x0})
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000140)={0xc, 0x0, <r7=>0x0})
ioctl$IOMMU_HWPT_ALLOC$TEST(r4, 0x3b89, &(0x7f00000002c0)={0x18, 0x3, r6, r7, <r8=>0x0, 0x0, 0xdead, 0x4, &(0x7f0000000280)})
ioctl$IOMMU_HWPT_SET_DIRTY_TRACKING(r4, 0x3b8b, &(0x7f0000000080)={0x10, 0x0, r8})
ioctl$SNDCTL_DSP_SUBDIVIDE(r0, 0xc0045009, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f00000002c0)=0xf)

10m40.363625658s ago: executing program 33 (id=2012):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000400)=0x200002)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r2 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0)
r3 = fcntl$dupfd(r2, 0x2, 0xffffffffffffffff)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000c80)={'lo\x00', <r5=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001240)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56641, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}, {0xd}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0)
splice(r1, 0x0, r3, 0x0, 0x2000, 0x0)

10m8.531238808s ago: executing program 4 (id=2130):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000006007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="88000000", @ANYRES16=r0, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r2], 0x88}}, 0x0)

10m3.302834014s ago: executing program 4 (id=2138):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000015c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x28, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x2c, 0x1e, 0xa, 0x105, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x9c}}, 0x0)
unshare(0x22020400)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000095000000000000004f2e5e43b00d13cdaea41f396a2d"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = epoll_create(0xd9d0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000080)={0x1})
sendmsg$NL80211_CMD_REGISTER_FRAME(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f00000001c0)={0x118, r1, 0x8, 0x70bd27, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x4, 0x34}}}}, [@NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x400}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x8000}, @NL80211_ATTR_FRAME_MATCH={0xd8, 0x5b, "229170692d6215342c1d8104aa6c22c5bd03a03df632ade800d503540d6ce5a64a507a7ca1a274b5a14fbb831ba06d837d05abab249d333f470e0a93af54c2de586f6d6f2fe606b2021779c441533409b9e276660445efdd090d81a29a39f64a40a9b12edee05842f7db0842e8efdca494f6f0b62e57d1b0597b8fcc64382db86afc4f739f36bf0f7193147c5ee13ec1c1a8492cb504959af48c84139c87570f47e87ad220e569cef259d467987cdbcfa30f63feed19deef5dff030006cbde66030c37dc613c0dcecc2aff2a7b2e95c302568589"}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x1}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x6}]}, 0x118}, 0x1, 0x0, 0x0, 0x800}, 0x40)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
connect$bt_sco(0xffffffffffffffff, 0x0, 0x0)
pipe(0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xf, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{0x1}, 0x0, 0x0}, 0x1c)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000640)={0xffffffffffffffff, 0x20, &(0x7f0000000600)={&(0x7f0000000580)=""/100, 0x64, 0x0, 0x0}}, 0x10)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000001c0)={0x38, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'vcan0\x00'}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x20, 0x1411, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x20}}, 0x0)

10m2.873757186s ago: executing program 4 (id=2143):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e0000000400000008000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000d8d60b007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r4, 0x28, 0x1, 0x0, 0x0)

10m1.391032155s ago: executing program 6 (id=2047):
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCGIFCONF(r1, 0x8912, &(0x7f0000000100)=@req={0x28, &(0x7f0000000000)={'veth0_to_bond\x00', @ifru_names='batadv0\x00'}})
socket(0x11, 0x800000003, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'veth0_to_batadv\x00'})
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r3, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

9m59.483918799s ago: executing program 6 (id=2149):
sendmsg$TIPC_NL_MEDIA_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="900200", @ANYRES16, @ANYBLOB="000229bd7000fddbdf250c000000540006804800040067636d28616573290000000000000000000000000000000000000000000000002000000065517ed98842c59f25110efdc0efb67831a4fce79ccef47541cf727657cdbd02080001000900000008000480040007802c0007800c00040001000000000000800800010093e500000c0003002a0000000000000008000200010000000c00038008000100050000000800048004078030000780080001000700000008000100080000000c000300400000000000000008000100020000000e000200e4000000c80004801300010062726f6164636173742d6c696e6b0000540007800800030008000000080002000010000008000100040000000800040000800000080002000b000000080001001300000008000400000000000800040001000100080004000900000008000400010100001300010062726f6164636173742d6c696e6b00000900010073797a30000000003c000780080001000e000000080003000500000008000300fcffffff0800040001000000080001000a00000008000300c800000008000300ff7f000024000380"], 0x290}, 0x1, 0x0, 0x0, 0x24008035}, 0xc00c814)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000480)={'wlan0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32=r1, @ANYBLOB="080026009015000008"], 0x2c}}, 0x808)

9m58.726686927s ago: executing program 6 (id=2152):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
connect$bt_sco(r0, &(0x7f00000001c0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x8)
setsockopt$bt_BT_VOICE(r0, 0x112, 0xb, 0x0, 0x0)

9m58.299335437s ago: executing program 4 (id=2153):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000400)=0x200002)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x3)
socket$unix(0x1, 0x1, 0x0)
fanotify_init(0x4, 0x8000)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, r1, 0x0, 0x20000023896)

9m57.440905795s ago: executing program 6 (id=2155):
socket(0x2, 0x3, 0xff)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000780)='contention_end\x00', r0}, 0x18)
socket$inet_smc(0x2b, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socket$isdn_base(0x22, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket(0x2a, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
pipe(&(0x7f00000004c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="540000001000010400000000000000ffff000000", @ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x54}}, 0x0)

9m57.347700082s ago: executing program 4 (id=2156):
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='oom_adj\x00')
readv(r0, &(0x7f0000000780)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1)

9m57.160079423s ago: executing program 6 (id=2158):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, 0x0}, 0x0)
connect$can_bcm(r0, &(0x7f0000000140), 0x10)
sendmsg$can_bcm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="050000000300000000000000", @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x48}}, 0x0)
recvmsg$can_bcm(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x42)
read(r0, 0x0, 0x0)

9m57.063165244s ago: executing program 4 (id=2159):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x100000a, 0x5d032, 0xffffffffffffffff, 0x0)
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, 0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
fsopen(&(0x7f0000000080)='binder\x00', 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000001840)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000340)=""/26, 0x1a}, {0x0, 0x38}], 0x2}, 0xe208}], 0x1, 0x40012023, 0x0)
connect$can_bcm(0xffffffffffffffff, &(0x7f00000000c0), 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vcan0\x00'})
r1 = userfaultfd(0x801)
r2 = socket$kcm(0x23, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89ee, &(0x7f0000000740)={r2})
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000440)={&(0x7f0000800000/0x800000)=nil, &(0x7f000051f000/0x4000)=nil, 0x800000, 0x1})

9m56.727265743s ago: executing program 6 (id=2161):
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
socket$alg(0x26, 0x5, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[], 0x184}, 0x1, 0x0, 0x0, 0x4040800}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, 0x0, 0x40c0080)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(0xffffffffffffffff, 0xc00464b4, 0x0)
r1 = syz_io_uring_setup(0x119, &(0x7f0000000140)={0x0, 0xfad6, 0x400}, &(0x7f0000000240)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0)

9m41.78607989s ago: executing program 34 (id=2159):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x100000a, 0x5d032, 0xffffffffffffffff, 0x0)
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, 0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
fsopen(&(0x7f0000000080)='binder\x00', 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000001840)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000340)=""/26, 0x1a}, {0x0, 0x38}], 0x2}, 0xe208}], 0x1, 0x40012023, 0x0)
connect$can_bcm(0xffffffffffffffff, &(0x7f00000000c0), 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vcan0\x00'})
r1 = userfaultfd(0x801)
r2 = socket$kcm(0x23, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89ee, &(0x7f0000000740)={r2})
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000440)={&(0x7f0000800000/0x800000)=nil, &(0x7f000051f000/0x4000)=nil, 0x800000, 0x1})

9m41.536299201s ago: executing program 35 (id=2161):
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
socket$alg(0x26, 0x5, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[], 0x184}, 0x1, 0x0, 0x0, 0x4040800}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, 0x0, 0x40c0080)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(0xffffffffffffffff, 0xc00464b4, 0x0)
r1 = syz_io_uring_setup(0x119, &(0x7f0000000140)={0x0, 0xfad6, 0x400}, &(0x7f0000000240)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0)

6m7.438654405s ago: executing program 7 (id=2781):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x7c8)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFULNL_MSG_CONFIG(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="2c005f7500000104030000000000000000000000000008000540000000010800054000000000050001000100"], 0x2c}}, 0x0)
sendmsg$netlink(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)={0x114, 0x25, 0x1, 0x0, 0x0, "", [@nested={0x103, 0x0, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@dev}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd3f8c"]}]}, 0x114}], 0x1}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'veth1_to_team\x00'})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ab4000000060a01040000000000000000020000280900010073797a30000000000900020073797a320000000088000480100001800c000100636f756e7465720014000180090001006d6173710000000004000280600001800a0001006c696d6974000000500002800c000140000000000000000808000440000000010c00014000000000000080010c00024000000000000000090800034000000fba0c00024000000000000000000c000140000000000000000714000000110001"], 0xdc}}, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0xff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000180)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r7}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xfffffffe}}]}, &(0x7f0000000200)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ptrace$ARCH_GET_UNTAG_MASK(0x1e, r1, &(0x7f0000000300), 0x4001)
sendmsg$NFT_MSG_GETRULE(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="14000000190a01020000"], 0x14}}, 0x0)

6m5.654318112s ago: executing program 7 (id=2785):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000090)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240"], 0x7c}}, 0x0)
socket$inet6(0xa, 0x3, 0x4)
r4 = syz_open_dev$video(&(0x7f0000000000), 0x75, 0x0)
ioctl$VIDIOC_G_PARM(r4, 0xc0cc5615, &(0x7f0000000100)={0x1, @capture={0x1000, 0x0, {0x1d8, 0x10}, 0x6, 0x7}})

6m2.6853378s ago: executing program 7 (id=2794):
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000800), 0x462942, 0x0)
sched_setscheduler(0x0, 0x0, &(0x7f00000001c0)=0x4)
cachestat(r0, &(0x7f0000000040)={0x4000000000000002, 0xfffffffffffffffd}, &(0x7f0000000180), 0x0)
prlimit64(0x0, 0xd, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000400)=0x200002)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$packet(0x11, 0x2, 0x300)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x2000011, r3, 0x0)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000000)={'syz_tun\x00', &(0x7f0000002fc0)=@ethtool_coalesce={0xf, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x1}})
r4 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r4, 0x0, 0x0)
clock_adjtime(0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
gettid()
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)

6m0.114314747s ago: executing program 7 (id=2798):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
openat$snapshot(0xffffff9c, &(0x7f0000000880), 0x20840, 0x0)

5m56.575973554s ago: executing program 7 (id=2811):
r0 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r0, &(0x7f0000000040)={0x2a, 0xffffffff, 0xfffffffe}, 0xc)
accept(r0, &(0x7f0000000240)=@in={0x2, 0x0, @broadcast}, &(0x7f0000000300)=0x80)
write(r0, 0x0, 0x0)

5m55.601122553s ago: executing program 7 (id=2814):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
unshare(0x2000400)
preadv(r0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000080))
socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000080)='cdg\x00', 0x4)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
socket$inet6(0xa, 0x200000000003, 0x87)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
sendmsg$nl_route(r2, 0x0, 0x0)
syz_emit_ethernet(0x5a, &(0x7f0000000840)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000081000e0086dd6003136c00208700fc010000000000000000000000000000fc0000000000000000000000000000000402000000000000000100c9100000000000000000000000000000000000000030680a886a805458037bbe960cf3b217afada9a1a5ebe00c02bd8fc036f3bb8e9e681f32fa470642d630802adf9b5d06f44bc0cd8dfb7c05792df6e89b21ea959c29dfe50028291a897c7e4db0685b22bb1d0349a160e6c79fea59c2e4e38ccacd93ca6112ad1318b77fca622236123ac86e7cda4caa0fc06781aa355e3cdb5a4ad83075751a50d10dd6b2db0007f313ffb24efcbc8f30585fd3df0c6fd704c1939482f6384d23154dd1705d14c64061bbec1212becd5a23"], 0x0)
sendmmsg$inet6(r1, &(0x7f0000002b00)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000003c0)="90", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000240)='\a', 0x1}], 0x1}}], 0x2, 0x0)
unshare(0x62040200)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
unshare(0x0)
r4 = socket$l2tp(0x2, 0x2, 0x73)
setsockopt$IPT_SO_SET_ADD_COUNTERS(r4, 0x0, 0x41, &(0x7f0000000000)=ANY=[@ANYBLOB="73656375726974790000000000000000000000000000000000000000000000000400"/56], 0x68)

5m39.793243145s ago: executing program 36 (id=2814):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
unshare(0x2000400)
preadv(r0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000080))
socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000080)='cdg\x00', 0x4)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
socket$inet6(0xa, 0x200000000003, 0x87)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
sendmsg$nl_route(r2, 0x0, 0x0)
syz_emit_ethernet(0x5a, &(0x7f0000000840)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000081000e0086dd6003136c00208700fc010000000000000000000000000000fc0000000000000000000000000000000402000000000000000100c9100000000000000000000000000000000000000030680a886a805458037bbe960cf3b217afada9a1a5ebe00c02bd8fc036f3bb8e9e681f32fa470642d630802adf9b5d06f44bc0cd8dfb7c05792df6e89b21ea959c29dfe50028291a897c7e4db0685b22bb1d0349a160e6c79fea59c2e4e38ccacd93ca6112ad1318b77fca622236123ac86e7cda4caa0fc06781aa355e3cdb5a4ad83075751a50d10dd6b2db0007f313ffb24efcbc8f30585fd3df0c6fd704c1939482f6384d23154dd1705d14c64061bbec1212becd5a23"], 0x0)
sendmmsg$inet6(r1, &(0x7f0000002b00)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000003c0)="90", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000240)='\a', 0x1}], 0x1}}], 0x2, 0x0)
unshare(0x62040200)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
unshare(0x0)
r4 = socket$l2tp(0x2, 0x2, 0x73)
setsockopt$IPT_SO_SET_ADD_COUNTERS(r4, 0x0, 0x41, &(0x7f0000000000)=ANY=[@ANYBLOB="73656375726974790000000000000000000000000000000000000000000000000400"/56], 0x68)

1m58.954926942s ago: executing program 5 (id=3348):
r0 = syz_usb_connect(0x6, 0x24, &(0x7f0000000480)=ANY=[@ANYRES16=0x0], 0x0)
syz_usb_control_io$printer(r0, &(0x7f0000000640)={0x14, &(0x7f0000000500)=ANY=[@ANYBLOB="000de0000000e00cf7e1d680e8fa6d9fea0d12f459768422a50bc191066cc2f51f028e33860c17cdad1366c55237f1c32b91ea35f5fb29161b9694291d12a2f062b003456a33539a018b23bcb4b672641203e4ae4043e7aa35c884bc1ff3616f63e09f6501a77c7b53ef36611cd17a84aab7dfd681d517892f77b60d7ca07fd694d7e9977817160d6e0cb5bfa4faee850e19a1b9e746ce23cd06f2bc3ed3e6223eb730791aa7e9f9389fb9a6142ba2a1f41be385f63661f1faa88c5a754fa17b7c409287ba5e2196cbfefac8b0ee7a6268f686dbbcba3c7395466526c117348bddfd1a25d9f8"], 0x0}, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r2 = dup(r1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x600000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r5 = accept4(r4, 0x0, 0x0, 0x800)
sendmmsg$alg(r5, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe1a}], 0x1, &(0x7f0000000380)=[@op={0x18}], 0x18}], 0x4924924924924b9, 0x0)
recvmsg(r5, 0x0, 0x0)
fadvise64(r1, 0x101f, 0x1f, 0x4)

1m57.620272085s ago: executing program 5 (id=3353):
r0 = syz_mount_image$f2fs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x8, &(0x7f0000000480)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c616c6c6f635f6d6f64653d64656661756c742c6163746976655f6c6f67733d362c6163746976655f6c6f67733d362c6661756c745f696e6a656374696f6e3d30303030303030303030303030303030313236322c616c6c6f635f6d6f64653d72657573652c6e6f61636c2c686561702c616c6c6f635f6d6f64653d64656661756c742c6e6f657874656e745f63616368652c636f6d70726573735f63616368652c6a71666d743d7666736f6c642c0059f4bd815bd5269b4f523c9fa8d344a3944fb455fe1b97b3eda5f977db05bfa9d02cc67646849b46fd481fbbd5b0fd213353e4ae7755b4985d63c4a5e13292c6d514d644c884482f93129a82c26ad8f1f7191de0ca75795a5f697573c1828a8ecf4a82e89215d1979fa2738c76683b231a638e5a0d6bd7235d108d564d307b3067ab6ac37a59e50763a2be3d70a1260e"], 0x1, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a40)={0x18, 0x25, &(0x7f0000000740)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x7}, {}, {}, [@map_idx={0x18, 0x2, 0x5, 0x0, 0xd}, @ldst={0x1, 0x0, 0x2, 0x5, 0xb, 0x183, 0x1}, @alu={0x4, 0x0, 0x5, 0xb, 0x0, 0x18, 0x8}, @alu={0x4, 0x1, 0x8, 0xa, 0x1, 0x20, 0xfffffffffffffffc}, @map_idx={0x18, 0x7, 0x5, 0x0, 0x8}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80000000}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @tail_call, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000880)='GPL\x00', 0xfffffffa, 0xb7, &(0x7f00000008c0)=""/183, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000980)={0x3, 0xc, 0xe9, 0x9}, 0x10, 0x0, 0x0, 0x1, &(0x7f00000009c0)=[0x1, 0x1, 0xffffffffffffffff, r0, 0x1], &(0x7f0000000a00)=[{0x5, 0x5, 0xc}], 0x10, 0xa8, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000b00)='ext4_es_remove_extent\x00', r2, 0x0, 0xe7}, 0x18)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, 0x0, 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xd, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="b4000000000000006b1104000000000004000000010100009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x4, 0x3e0, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x76, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
r5 = open(&(0x7f0000000040)='./file1\x00', 0x80242, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f0000000000), 0xfea7)
sendfile(r5, r5, &(0x7f0000000240), 0x7f03)

1m53.511195567s ago: executing program 5 (id=3365):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001d40)={&(0x7f00000009c0)='sched_switch\x00', r0, 0x0, 0xfffffffffffffffd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f00000001c0)=[{0x0}], 0x1, &(0x7f0000000080)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @dev}}}, @ip_retopts={{0x14, 0x0, 0x7, {[@rr={0x7, 0x3, 0x8b}, @noop]}}}], 0x38}, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x64, 0x6, 0x5e0, 0x0, 0xd0, 0x0, 0x3d0, 0x2c8, 0x510, 0x510, 0x510, 0x510, 0x510, 0x6, 0x0, {[{{@ipv6={@mcast1, @private1, [], [], 'veth1\x00', 'veth1_vlan\x00'}, 0x0, 0xa8, 0xd0, 0x0, {0x0, 0x3a010000}}, @HL={0x28}}, {{@ipv6={@mcast2, @loopback, [], [], 'veth1_virt_wifi\x00', 'pimreg\x00'}, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x2c8}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@frag={{0x30}}]}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@remote}}}, {{@ipv6={@loopback, @private2, [], [], 'batadv0\x00', 'veth0_to_batadv\x00'}, 0x0, 0x118, 0x140, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@hbh={{0x48}}]}, @inet=@DSCP={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x640)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000000c0), 0x4)
madvise(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0xc)

1m50.529100016s ago: executing program 5 (id=3371):
r0 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x3000c041)
r1 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08060cdc030ec000000080000000000000e2ffca1b1f0000000004c00e72f740805ed08a56231dbf9ed7815e3802000000033a0093b837dc6cc01e32efaec8c7a6ec08200800030006010000bdad446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347524f0b56a20ff27fff", 0x89}], 0x1}, 0x20040040)

1m49.815550826s ago: executing program 5 (id=3373):
mknodat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r0 = syz_io_uring_setup(0x260f, &(0x7f0000000300)={0x0, 0xfffffffd, 0x80, 0x3, 0x40000000}, &(0x7f0000000100), &(0x7f0000000080))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$BTRFS_IOC_DEV_INFO(r0, 0xd000941e, 0x0)
ioctl$BTRFS_IOC_DEV_INFO(r0, 0xd000941e, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r5 = syz_open_dev$radio(&(0x7f00000000c0), 0x2, 0x2)
preadv2(r5, &(0x7f0000000440)=[{&(0x7f0000000700)=""/4096, 0x1000}], 0x1, 0x0, 0x0, 0x0)

1m48.190789794s ago: executing program 5 (id=3377):
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYRES8=r0], 0x0, 0x48, 0x0, 0xa, 0x0, 0x0, @void, @value}, 0x28)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x1)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
bind$inet6(r2, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r2, 0x84, 0x13, &(0x7f0000000000)=0x8, 0x4)
sendto$inet6(r2, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

1m33.021283298s ago: executing program 37 (id=3377):
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYRES8=r0], 0x0, 0x48, 0x0, 0xa, 0x0, 0x0, @void, @value}, 0x28)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x1)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
bind$inet6(r2, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r2, 0x84, 0x13, &(0x7f0000000000)=0x8, 0x4)
sendto$inet6(r2, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

16.559263486s ago: executing program 2 (id=3613):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
r1 = getpid()
sched_setscheduler(r1, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000180))
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00\t\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00', @ANYRES32, @ANYBLOB='\x00'/19, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000ff0f0000000000000000000000000000eff77dda830743af2db23b7c9cc6e18bf2ccc8af87f566310447e83187e4439d1d18bc50b46093040ec5fe4da6f8670144ed2f3726a890f8460097a9b0c8a97cd99d20b3"], 0x50)
bpf$MAP_LOOKUP_ELEM(0x15, &(0x7f0000000240)={r4, 0x0, 0x0}, 0x20)
r5 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, 0xffffffffffffffff, &(0x7f0000000040))
r6 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x30000000})
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000002180)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000002740)=[{&(0x7f0000000140)='W', 0x1}], 0x1}}], 0x2, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x4)
shutdown(r0, 0x2)
r7 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r7, 0x4008af00, &(0x7f0000000140)=0x200000000)
write$vhost_msg_v2(r7, &(0x7f0000000980)={0x2, 0x0, {0x0, 0x4b, 0x0, 0x0, 0x2}}, 0x48)
write$vhost_msg_v2(r7, &(0x7f0000000640)={0x2, 0x0, {&(0x7f0000000740)=""/234, 0xea, 0x0, 0x0, 0x2}}, 0x4f)

15.262605821s ago: executing program 9 (id=3615):
socket$inet6_udplite(0xa, 0x2, 0x88)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x1, 0xfff, 0x79118b3ee5622451, @void, @value}, 0x28)
socket$inet6_sctp(0xa, 0x801, 0x84)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
socket$pppl2tp(0x18, 0x1, 0x1)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x5}, 0x0, 0x0)
recvfrom$inet6(r0, 0x0, 0x0, 0x10101, 0x0, 0x0)
sendmmsg$inet6(r0, &(0x7f0000000400)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000f40)="bda033176eb146b36ef41f221a4e7ce4a02598d750606488520915c6806affc0a913781c7211ce1fcd59a12b5d5afdaf9d723f092ce9d1eed16e208f2e79831ca049e8979ad94621175c2c48c10e33b29f2def51498743b057efc21efe4be4d9f02e9d236f27190c29c5da0f3799452f5e3640340502fde4ae8c56b303e1b79b3d1842bf6277771bef544c745e7a80c9e7efdd1c619f69b9d01839aa326776d335689e4db7cb7e32fad8f4c40e943b43eb4ea173d720bf5998149625a731643636c8ddbe61e1d7d4736f8414a84acc40557012c82697d8a59c873424aefb3c7ff0dba302efaaf887a477b1ab7ea6c1def9db3514e444c1ef36c6cf42cde90d4bbb2e923a5d16a1bb191ad91cab867cd55037d507a12803f3df1b81f1857fad085dbc5c46aac14230d7a4f8b36d6bc63b4a16cd309b7697b421a662b83001b5ce5ab3ff80800243107df7aa6cae9a5db6a8f2a53ef7d6c6aeac76b83a15466c74a9cdbcde8505e3d14c0c3a47a36bf464168202dc88e25f4c1da57faf0eaa7ff16bdd751c2ae5778e169c8ffba57c9a20e24ad51e6e8e02b721e8ca94f131cc98e03b34b615a1db4080362de4ef215d5a0541aeb0c742a2636ac5af8538ceb3585ef9dca8037df55baa072096073b005b5318f0b899de59bc2b5d687d109520571eeacb30124c4012fe6cb9e3bf451be3d219206ddc35099101533cff5aee6c4783e00e6dd391f664052a6c66c62f62a49fde8fbe336543bf99b55e53b801e54c030a292da83db26a8a870ac1d8751c4bc0d495277295cd3a17f9e9a25d70214217b981b62d5c75356ed025df3557a8b59648edd9d1dbdf169d91f9d85cfac11a57db0a14f03e8934a2cc98d389912a0d9942a40c3ee98d35da61d37827bab1a32c9d788e9f74ee57012ca5bfd0dc090b59077b7ef4a205fbd349fc372bbd7429983a69cae26ff8b5b019144d318ba225e46bc6cf8d7d3e5952333042542b2fd4fb4d88a3651dd8e14ecc2845d4e71f7dfd128e9e2ee2ab0062a3e701bb2477bfd73d7396ae522f11fa481078d1c7f7905e0846fb072dcf7c06102b3816ec4a3518514c7166d7385b680469f5184a93953258952554e68d93ea8f789c4f13982b65996d7d9cf19f0b39b72e1dc9079d84413bbc30d24fc481e24ef1beacb8bc15f50c2663d684d16a1c71b2c8a568481f4f1b254ccd66fbef4cacfc3e13f2c943a264e429824bef7297f93076aea55ed9cf12512ce3ac3df331695024bd1e53369a87caf6894fce811a64dad315402678de76789ae79ccec252203bda7798de237bbe019d70a7a2d8176638fd53465acdd321f5a500", 0x3b5}], 0x1}}], 0x1, 0x0)

12.748835909s ago: executing program 9 (id=3622):
preadv2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f00000005c0)=@filter={'filter\x00', 0x42, 0x4, 0x358, 0xffffffff, 0x1a8, 0x0, 0x0, 0xffffffff, 0xffffffff, 0x2e8, 0x2e8, 0x2e8, 0xffffffff, 0x4, 0x0, {[{{@ip={@empty, @loopback, 0x0, 0x0, 'veth0_to_batadv\x00', 'wlan0\x00', {}, {}, 0x11}, 0x0, 0xc0, 0xe8, 0x0, {0x100000000000000}, [@common=@inet=@l2tp={{0x30}, {0x0, 0x0, 0x0, 0x0, 0xf}}, @common=@socket0={{0x20}}]}, @REJECT={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x8}}}, {{@ip={@multicast2, @local, 0x0, 0x0, 'veth1_virt_wifi\x00', '\x00', {}, {}, 0x0, 0x1}, 0x0, 0xe0, 0x140, 0x0, {}, [@common=@osf={{0x50}, {'syz0\x00', 0x0, 0x9}}, @common=@socket0={{0x20}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x1, [0x1, 0x4, 0x1, 0x6, 0x7, 0x1], 0x0, 0x1}, {0x4, [0x2, 0x4, 0x3, 0x7, 0x7, 0x1], 0x2, 0x3}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3b8)
add_key$user(0x0, 0x0, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000fc0)=@nat={'nat\x00', 0x19, 0x3, 0xcaa, [0x20000300, 0x0, 0x0, 0x20000330, 0x20000360], 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff020000000300000008000000808a67656e6576653100000000000000000070696d36726567300000000000000000677265746170300000000000000000007866726d300000000000000000000000000000000000ffffff00ffffaaaaaaaaaabbff0000ff0000ae000000ae000000e600000071756f74610000000000000000000000000000000000000000000000000000001800000000000000010000000000000006000000000000000900000000000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000ffffffffffff00001000000000000000110000000100000000106361696630000000000000000000000070696d72656730000000000000000000766c616e30000000000000000000000076657468305f746f5f62617461647600bbbbbbbbbbbbff0000000000bbbbbbbbbbbbff00ffff00ff2e090000660900009e0900003830325f330000000000000000000000000000000000000000000000000000000800000000000000bc00000704040000616d6f6e6700000000000000000000000000000000000000000000000000000068080000000000000c000000000000000200000009000000050000000900000002000000060000000600000001000000bf0000003f6c000009000000040000008554000008000000e20000000e00000002000000c90b000004000000030000000100010001040000f0fc00000000000003000000050000000900000062000000413d000000000000050000003a04000003000000000800000a00000007000000080000001df9ffff06000000ff1200008100000002000000090000000900000003000000ffffffff1f0000000200000002000000010000007e0000001b33406805000000060000000300000004000000ff0100000100000007000000020000000400000000000100"]}, 0x3b4)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000240)={0x0, 0x0, 0x0, {0x0, 0x1}, {0x46, 0x2}})
r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x822b01)
write$char_usb(r1, &(0x7f0000000040)="e2", 0x1b18)
ioctl$EVIOCGKEY(r1, 0x80404518, 0x0)
r2 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
getsockopt$bt_rfcomm_RFCOMM_LM(r2, 0x12, 0x3, 0x0, &(0x7f0000001640))
r3 = socket(0x1, 0x803, 0x0)
getsockopt$SO_BINDTODEVICE(r3, 0x1, 0x24, &(0x7f0000000000), 0x20000000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000210000000000000000000000850000007500"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bpf$OBJ_GET_MAP(0x7, &(0x7f00000001c0)=@generic={&(0x7f0000000180)='./file0\x00'}, 0x18)
bind$bt_hci(r4, &(0x7f0000000000)={0x27}, 0x74)
ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x89e2, &(0x7f0000000200)={<r5=>r2})
ioctl$FS_IOC_FSSETXATTR(r5, 0x401c5820, &(0x7f0000000340)={0x9, 0x3234, 0x8, 0x9, 0x1000})
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x728e, &(0x7f0000000080)={0x0, 0x0, 0x4, 0x20, 0xfffffffd}, &(0x7f0000000000), 0x0)

12.398389976s ago: executing program 1 (id=3623):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
mount$9p_virtio(0x0, 0x0, 0x0, 0x440000, &(0x7f0000000440)=ANY=[])
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
prlimit64(0x0, 0xe, 0x0, 0x0)
syz_genetlink_get_family_id$nbd(&(0x7f0000000100), 0xffffffffffffffff)
ioctl$int_in(0xffffffffffffffff, 0x5421, &(0x7f0000000100)=0x100000001)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x1e, 0x0, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
close(0xffffffffffffffff)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x3)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
timer_create(0x0, 0x0, 0x0)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000980)={0x2}, 0x10)
write(r1, &(0x7f0000000300), 0x0)
mkdir(0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000002feffff720af0fff8ffffff71a4f0ff0000000071100000000000001d400500000000004704000001ed00000f030000000000001d44000000000000620a00fe040026ca7203000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51bf900000000000000d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba3a9508f9d6aba582a896a9f1e096df6ecea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350844ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6032399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0xffffffffffffffb9, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)

11.675223134s ago: executing program 9 (id=3625):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x1, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = syz_open_dev$dri(&(0x7f00000000c0), 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r2, &(0x7f0000000080)={0xa, 0xffff}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000340), 0x14)
write$binfmt_script(r2, 0x0, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)
getpid()
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl(r3, 0x8b32, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x1c}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r4, 0x0, 0x0)

11.279246156s ago: executing program 1 (id=3626):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r0}, 0x10)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff)
r3 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r3, 0xab00, r4)
r5 = dup3(r3, r1, 0x0)
ioctl$NBD_DO_IT(r5, 0xab03)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, r2, 0x1, 0x70bd2b, 0x8, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}}, 0x20000004)

10.926268171s ago: executing program 2 (id=3628):
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
madvise(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x16)
syz_clone(0x200000, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
keyctl$update(0x2, r1, 0x0, 0x0)
r2 = socket$inet6(0xa, 0x3, 0x6)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r3 = getpid()
r4 = syz_pidfd_open(r3, 0x0)
ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000200)=0x2)
setns(r4, 0x24020000)
sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8814}, 0x0)
r5 = epoll_create1(0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', 0x0, 0x0, &(0x7f0000000480)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r5}})
syz_clone(0x37000520, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$kcm(0xa, 0x2, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="120000000a00000004000000060000000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000040)={r6, &(0x7f0000000200), 0x20000000}, 0x20)

9.398614212s ago: executing program 8 (id=3629):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r0}, 0x10)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
dup3(r1, 0xffffffffffffffff, 0x0)

9.356218121s ago: executing program 1 (id=3630):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_linger(r0, 0x1, 0x3d, &(0x7f0000000000)={0xfffffffc, 0xd}, 0x8)

9.210451436s ago: executing program 2 (id=3631):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$l2tp6(0xa, 0x2, 0x73)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'veth0_macvtap\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xafd64c7130324753, 0x40003}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x20000000)
ioctl$SNDRV_PCM_IOCTL_WRITEI_FRAMES(0xffffffffffffffff, 0x40184150, 0x0)
bind$l2tp6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x20)
connect$l2tp6(r1, 0x0, 0x0)
sendmmsg$inet6(r1, &(0x7f0000000ac0)=[{{&(0x7f0000000180)={0xa, 0x0, 0x0, @empty}, 0x1c, 0x0}}], 0x17fd147c801ae9ab, 0x0)

9.028858143s ago: executing program 8 (id=3633):
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
syz_pidfd_open(0x0, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00')
read$FUSE(r4, &(0x7f0000003680)={0x2020}, 0x2020)
read$FUSE(0xffffffffffffffff, &(0x7f0000000680)={0x2020, 0x0, <r5=>0x0}, 0x2020)
sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(0xffffffffffffffff, &(0x7f0000013c00)={0x0, 0x0, &(0x7f0000013bc0)={&(0x7f0000013b80)=ANY=[@ANYBLOB], 0x28}}, 0x0)
write$FUSE_WRITE(r4, &(0x7f0000000040)={0x18, 0x0, r5, {0x80000000}}, 0x18)
sendto$inet(r1, &(0x7f0000000300)="ab", 0x1, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000100)={'tunl0\x00', &(0x7f0000000080)={'ip_vti0\x00', 0x0, 0xd47a5104164ca74c, 0x7800, 0x6, 0x5, {{0x13, 0x4, 0x1, 0x37, 0x4c, 0x65, 0x0, 0x3, 0x29, 0x0, @loopback, @remote, {[@rr={0x7, 0x7, 0xec, [@local]}, @generic={0x44, 0x11, "568fef332b82089f4f2dd755d69f1c"}, @timestamp_prespec={0x44, 0x14, 0x4b, 0x3, 0x5, [{@local, 0x1}, {@dev={0xac, 0x14, 0x14, 0x35}, 0x10}]}, @timestamp_prespec={0x44, 0xc, 0x8c, 0x3, 0x0, [{@multicast1, 0x200}]}]}}}}})
socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r6=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=@getchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r6}}, 0x24}}, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)

8.983202652s ago: executing program 1 (id=3634):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
ftruncate(r0, 0xc17a)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ptrace$setsig(0x4203, r1, 0xffffffffffff3322, &(0x7f0000000240)={0x15, 0x0, 0x4})
socket$l2tp6(0xa, 0x2, 0x73)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r4 = fsopen(&(0x7f0000005880)='zonefs\x00', 0x0)
r5 = landlock_create_ruleset(&(0x7f00000004c0)={0x0, 0x1}, 0x10, 0x0)
landlock_add_rule$LANDLOCK_RULE_NET_PORT(r5, 0x2, &(0x7f0000000500)={0x1}, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_usb_connect(0x0, 0x24, &(0x7f0000000440)={{0x12, 0x1, 0x0, 0xab, 0xbe, 0x67, 0x40, 0x17e9, 0x8b4e, 0x9c08, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff}}]}}]}}, 0x0)

8.168609096s ago: executing program 2 (id=3635):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x5, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec8500000050000000850000000f"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x40800)
fanotify_init(0x0, 0x80000)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000440)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = eventfd2(0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010002000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000050000000090a010400000000000000000100000008000a40000000000900020073797a30000000002200010073797a300000000008000540000000020c000980080001400000007b0800084000000001140000001000010000000000000000000000000a"], 0x98}}, 0x0)
flock(r5, 0xa422928b49da8f69)
r7 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_G_TUNER(r7, 0xc054561d, &(0x7f0000000140)={0x0, "13f20afd86c17f9dfa507069d57c6684154bc7ec29052b9ec48e707a4f251dd9"})
r8 = socket$phonet_pipe(0x23, 0x5, 0x2)
ioctl$sock_SIOCETHTOOL(r8, 0x8946, &(0x7f0000000740)={'macvlan0\x00', &(0x7f0000000200)=@ethtool_per_queue_op={0x4b, 0xe, [0x3, 0x1, 0x2, 0x1, 0x7f, 0xbcc, 0x8, 0xffffff8a, 0x9, 0x0, 0x3, 0xd9, 0x6, 0x7f, 0x9, 0x7, 0x5, 0x7, 0x7, 0x8, 0xc, 0x98800, 0x8, 0x0, 0x1, 0x8, 0x5, 0x1, 0xd, 0x1, 0x8, 0x2, 0x27ac8c95, 0x4, 0x9, 0x10, 0x4, 0x4, 0xffff045b, 0x7fff, 0x10, 0x1, 0x80000001, 0x8, 0x8, 0x9, 0x6, 0x4e7c, 0x10000, 0x9, 0x8, 0x9bb, 0x1, 0x7, 0x5, 0xf3, 0x2, 0x773, 0x7, 0x6, 0x8, 0x8, 0x38766f72, 0xfb47, 0xbdf0, 0x400, 0x9c, 0x10000, 0x4, 0xf, 0xaf, 0x1, 0x84, 0xffffff00, 0x5434, 0x6fb9e432, 0x9, 0x7f, 0x10, 0x1, 0x80000000, 0x1, 0x5, 0x0, 0x8000, 0x6, 0x5, 0x3, 0xfffeffff, 0x50, 0xfffffff3, 0x92, 0x875, 0x114000, 0x0, 0xffffcc06, 0x16000000, 0x6, 0x1, 0x80000001, 0x1, 0xca6, 0x1, 0x0, 0x8, 0x4, 0xfffffffd, 0x2, 0xffffffff, 0x8, 0x4, 0x4, 0x4, 0x0, 0x1ff, 0x4, 0x79d9b987, 0xc, 0x0, 0x232, 0xff, 0x3, 0x1000, 0x3, 0x0, 0xba81, 0x5, 0x4]}})
openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000480), 0x189401, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10)
r9 = socket$qrtr(0x2a, 0x2, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r9, 0x8914, &(0x7f0000000140)={'virt_wifi0\x00', 0x1})
ioctl$sock_inet_SIOCSIFFLAGS(r9, 0x8914, &(0x7f00000000c0)={'virt_wifi0\x00'})
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
ppoll(&(0x7f0000000240)=[{r0, 0x424}], 0x1, 0x0, 0x0, 0x0)

7.606002156s ago: executing program 8 (id=3637):
r0 = openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$SNDCTL_DSP_SUBDIVIDE(r0, 0xc0045009, &(0x7f0000000300)=0x8)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
shutdown(r1, 0x0)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, 0x0, &(0x7f00000001c0))
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000440)=0x10)
socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x10}}, 0x0)
r2 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
r3 = socket$netlink(0x10, 0x3, 0x0)
writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r3, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)
r4 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r4, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)
setsockopt$inet_msfilter(r4, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a010100000004"], 0x57)
socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_mreqsrc(r2, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc)
r5 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r5, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)

6.527233231s ago: executing program 3 (id=3638):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000240)=0x1)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000180))
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00\t\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00', @ANYRES32, @ANYBLOB='\x00'/19, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000ff0f0000000000000000000000000000eff77dda830743af2db23b7c9cc6e18bf2ccc8af87f566310447e83187e4439d1d18bc50b46093040ec5fe4da6f8670144ed2f3726a890f8460097a9b0c8a97cd99d20b3"], 0x50)
bpf$MAP_LOOKUP_ELEM(0x15, &(0x7f0000000240)={r2, 0x0, 0x0}, 0x20)
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, 0xffffffffffffffff, &(0x7f0000000040))
r4 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x30000000})
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000002180)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000002740)=[{&(0x7f0000000140)='W', 0x1}], 0x1}}], 0x2, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x4)
shutdown(r0, 0x2)
r5 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r5, 0x4008af00, &(0x7f0000000140)=0x200000000)
write$vhost_msg_v2(r5, &(0x7f0000000980)={0x2, 0x0, {0x0, 0x4b, 0x0, 0x0, 0x2}}, 0x48)
write$vhost_msg_v2(r5, &(0x7f0000000640)={0x2, 0x0, {&(0x7f0000000740)=""/234, 0xea, 0x0, 0x0, 0x2}}, 0x4f)

6.501978476s ago: executing program 8 (id=3639):
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x10080, 0x20)
ioctl$FBIOPAN_DISPLAY(r0, 0x4606, &(0x7f0000000080)={0x280, 0xa0, 0x580, 0x640, 0x4, 0x9, 0x20, 0x1, {0x0, 0x787}, {0x2, 0xbd, 0x1}, {0x1ff, 0xfffff223, 0x1}, {0xf, 0x1da8783d, 0x1}, 0x0, 0x1, 0x0, 0x4, 0x0, 0x7, 0x3ff, 0xf4000000, 0x4, 0x2, 0x22, 0x81, 0x20, 0x0, 0x1, 0x6})
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, 0x0, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r1 = userfaultfd(0x1)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040))
r2 = fcntl$dupfd(r1, 0x0, r1)
r3 = userfaultfd(0x801)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r4, 0x0, 0xfffffffffffffffd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getsockname$packet(r0, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000300)=0xfffffffffffffd98)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50032, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_CONTINUE(r2, 0xc020aa07, &(0x7f00000000c0)={{&(0x7f0000800000/0x800000)=nil, 0x800000}})

6.389072002s ago: executing program 3 (id=3640):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r0}, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff)
r3 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r3, 0xab00, r4)
r5 = dup3(r3, 0xffffffffffffffff, 0x0)
ioctl$NBD_DO_IT(r5, 0xab03)
sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, r2, 0x1, 0x70bd2b, 0x8, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}}, 0x20000004)

5.790962935s ago: executing program 3 (id=3641):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x11, 0x3, &(0x7f0000000080)=ANY=[], &(0x7f0000000440)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x101, @void, @value}, 0x94)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f0000000380)={0x42001000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = syz_open_dev$loop(&(0x7f00000001c0), 0x75f, 0x103382)
memfd_create(0x0, 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='mlxsw_sp_acl_atcam_entry_add_ctcam_spill\x00', 0xffffffffffffffff, 0x0, 0xffffffffffffffff}, 0x18)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', <r2=>0x0})
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1, 0x3, 0x261, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', r2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={r3}, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000002700)=""/102392, 0x18ff8)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(0xffffffffffffffff, 0x40405514, 0x0)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000200)={0x0, {}, 0x0, {}, 0x0, 0x6, 0x0, 0x9, "4b8b3ea46929dfed0b2f34380d308f95a023d009852471dd5a94a9fe9549918ae7fd1f0ece5b861375b108403362cfe0f4fccffb1b6a2115354d4df15d017a3f", "2363f18d9acc6c25af21ca2af6d2e80e4caadd6d126cfb80c92dc817d44dcdec", [0x1, 0x7]})
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$BLKPG(r5, 0x1269, &(0x7f0000000000)={0x1, 0x0, 0x98, &(0x7f0000000180)={0x0, 0x800, 0x1000000f}})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.time\x00', 0x275a, 0x0)

4.236750256s ago: executing program 3 (id=3642):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x7c8)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="2c005f7500000104030000000000000000000000000008000540000000010800054000000000050001000100"], 0x2c}}, 0x0)
sendmsg$netlink(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)={0x114, 0x25, 0x1, 0x0, 0x0, "", [@nested={0x103, 0x0, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@dev}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd3f8c"]}]}, 0x114}], 0x1}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000f80)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x1}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @rt={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_RT_DREG={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_RT_KEY={0x8, 0x2, 0x1, 0x0, 0x4}]}}}]}]}], {0x14}}, 0xd4}}, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'veth1_to_team\x00'})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ab4000000060a01040000000000000000020000280900010073797a30000000000900020073797a320000000088000480100001800c000100636f756e7465720014000180090001006d6173710000000004000280600001800a0001006c696d6974000000500002800c000140000000000000000808000440000000010c00014000000000000080010c00024000000000000000090800034000000fba0c00024000000000000000000c000140000000000000000714000000110001"], 0xdc}}, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0xff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000180)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r7}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xfffffffe}}]}, &(0x7f0000000200)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ptrace$ARCH_GET_UNTAG_MASK(0x1e, 0x0, &(0x7f0000000300), 0x4001)
sendmsg$NFT_MSG_GETRULE(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="14000000190a01020000"], 0x14}}, 0x0)

3.469806916s ago: executing program 9 (id=3643):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r0}, 0x10)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
dup3(r1, 0xffffffffffffffff, 0x0)

3.198335123s ago: executing program 9 (id=3644):
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, 0x0, 0x0)
setsockopt$bt_hci_HCI_TIME_STAMP(r2, 0x0, 0x3, &(0x7f00000001c0)=0x4, 0x4)
socket$inet6(0xa, 0x40000080806, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3}, 0x0, &(0x7f0000000200)={0x3ff, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x200000000000000, 0x7fffffff}, 0x0, 0x0)

2.968193075s ago: executing program 2 (id=3645):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = dup(r0)
sendmsg$nl_xfrm(r1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x85}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x4)
writev(r5, &(0x7f0000000080)=[{&(0x7f00000000c0)="480000001500257f09004b01fcfc8c860a881300f217e0060000e3323909b8f8896e33719fe3bb036e0bc90900000000000000000000ffff5bf1090000d0bd5e000000006203", 0x46}], 0x1)
socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r6 = socket$packet(0x11, 0x0, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x89a1, &(0x7f0000000040)={'syzkaller0\x00'})
sendmsg$key(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x20004000)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b70500000000000c7910a800000000007d0a0000000000009500000000000000"], &(0x7f00000002c0)='GPL\x00', 0x5, 0xfd90, &(0x7f0000000300)=""/188, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f3, 0x10, &(0x7f0000000080), 0xfffffffffffffc79, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2a)

2.718218558s ago: executing program 8 (id=3646):
socket$inet6_udplite(0xa, 0x2, 0x88)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x1, 0xfff, 0x79118b3ee5622451, @void, @value}, 0x28)
socket$inet6_sctp(0xa, 0x801, 0x84)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
socket$pppl2tp(0x18, 0x1, 0x1)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x5}, 0x0, 0x0)
recvfrom$inet6(r0, 0x0, 0x0, 0x10101, 0x0, 0x0)
sendmmsg$inet6(r0, &(0x7f0000000400)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000f40)="bda033176eb146b36ef41f221a4e7ce4a02598d750606488520915c6806affc0a913781c7211ce1fcd59a12b5d5afdaf9d723f092ce9d1eed16e208f2e79831ca049e8979ad94621175c2c48c10e33b29f2def51498743b057efc21efe4be4d9f02e9d236f27190c29c5da0f3799452f5e3640340502fde4ae8c56b303e1b79b3d1842bf6277771bef544c745e7a80c9e7efdd1c619f69b9d01839aa326776d335689e4db7cb7e32fad8f4c40e943b43eb4ea173d720bf5998149625a731643636c8ddbe61e1d7d4736f8414a84acc40557012c82697d8a59c873424aefb3c7ff0dba302efaaf887a477b1ab7ea6c1def9db3514e444c1ef36c6cf42cde90d4bbb2e923a5d16a1bb191ad91cab867cd55037d507a12803f3df1b81f1857fad085dbc5c46aac14230d7a4f8b36d6bc63b4a16cd309b7697b421a662b83001b5ce5ab3ff80800243107df7aa6cae9a5db6a8f2a53ef7d6c6aeac76b83a15466c74a9cdbcde8505e3d14c0c3a47a36bf464168202dc88e25f4c1da57faf0eaa7ff16bdd751c2ae5778e169c8ffba57c9a20e24ad51e6e8e02b721e8ca94f131cc98e03b34b615a1db4080362de4ef215d5a0541aeb0c742a2636ac5af8538ceb3585ef9dca8037df55baa072096073b005b5318f0b899de59bc2b5d687d109520571eeacb30124c4012fe6cb9e3bf451be3d219206ddc35099101533cff5aee6c4783e00e6dd391f664052a6c66c62f62a49fde8fbe336543bf99b55e53b801e54c030a292da83db26a8a870ac1d8751c4bc0d495277295cd3a17f9e9a25d70214217b981b62d5c75356ed025df3557a8b59648edd9d1dbdf169d91f9d85cfac11a57db0a14f03e8934a2cc98d389912a0d9942a40c3ee98d35da61d37827bab1a32c9d788e9f74ee57012ca5bfd0dc090b59077b7ef4a205fbd349fc372bbd7429983a69cae26ff8b5b019144d318ba225e46bc6cf8d7d3e5952333042542b2fd4fb4d88a3651dd8e14ecc2845d4e71f7dfd128e9e2ee2ab0062a3e701bb2477bfd73d7396ae522f11fa481078d1c7f7905e0846fb072dcf7c06102b3816ec4a3518514c7166d7385b680469f5184a93953258952554e68d93ea8f789c4f13982b65996d7d9cf19f0b39b72e1dc9079d84413bbc30d24fc481e24ef1beacb8bc15f50c2663d684d16a1c71b2c8a568481f4f1b254ccd66fbef4cacfc3e13f2c943a264e429824bef7297f93076aea55ed9cf12512ce3ac3df331695024bd1e53369a87caf6894fce811a64dad315402678de76789ae79ccec252203bda7798de237bbe019d70a7a2d8176638fd53465acdd321f5a500", 0x3b5}], 0x1}}], 0x2, 0x0)

2.642344151s ago: executing program 1 (id=3647):
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40000000000008b}, 0x0)
sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000240)={&(0x7f0000000600)=@delchain={0x4d8, 0x65, 0x10, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xd, 0x7}, {0x0, 0xc}, {0x0, 0x5}}, [@f_tcindex={{0xc}, {0x4}}, @f_tcindex={{0xc}, {0x40c, 0x2, [@TCA_TCINDEX_POLICE={0x408, 0x6, [@TCA_POLICE_RATE={0x404, 0x2, [0x8, 0x1, 0x9, 0x7, 0xc2, 0x2, 0x5, 0x0, 0x5, 0xe, 0x7fffffff, 0x8001, 0x3, 0x3, 0x4, 0x6, 0x4, 0xffff8001, 0x3, 0x0, 0x9, 0x7, 0xc648, 0x0, 0x3, 0x36b, 0x9, 0x7, 0x7, 0x10001, 0x7e1, 0xafd, 0x1000, 0x69f, 0x7fff, 0x6, 0x8, 0xe91, 0x200, 0xf926, 0x5, 0x8000, 0x8, 0x8, 0x6, 0x0, 0x0, 0xfffffff9, 0x3, 0x1, 0x10, 0xbe087478, 0xba02, 0xde87, 0x20000, 0x4bab021, 0x5, 0x8a32, 0x2, 0x5, 0x9, 0x9, 0x1c0f, 0xff, 0x400, 0x7, 0xf53, 0x6, 0x7808, 0x9, 0x1, 0x9, 0x8, 0xc8, 0x9, 0xce, 0x9, 0x7, 0xfff, 0x200, 0x4, 0x9, 0x40, 0x1000, 0x8, 0x7, 0x0, 0x2, 0x5, 0x0, 0x2, 0x5, 0x1, 0x10, 0x8, 0x1, 0x8, 0xfffffff6, 0xf9, 0x8, 0x2, 0x8, 0x6, 0x3ff, 0x1000, 0xfffffff7, 0x8, 0x401000, 0x7fff, 0x5, 0x0, 0x7, 0x6, 0x7ff, 0x80000000, 0xd, 0x7, 0x48c2df49, 0xe, 0xc872, 0x5, 0x6c, 0xffffff81, 0x1, 0x9, 0x8, 0x7, 0xfffffffb, 0x2, 0x7, 0x80000001, 0x0, 0xffff5483, 0x7, 0x3, 0x2, 0x5, 0xf5, 0x2, 0x9, 0x7, 0x10, 0x0, 0x5, 0xcee, 0x3, 0x80000000, 0xfd, 0xcb2, 0x400000, 0x4, 0x1c00, 0x48, 0x1000, 0x6, 0x7119, 0x9, 0x101, 0x8, 0x6661, 0xed2, 0xf5, 0x7, 0xfffffbff, 0x2, 0x1000, 0x10, 0xe4da, 0x40, 0x7fff, 0x80, 0x7, 0x2, 0x6, 0x29, 0x1, 0x3416, 0x9, 0x5, 0x9, 0x9, 0x3, 0x4, 0x6, 0x7, 0x6, 0x3, 0x7ff, 0x200, 0x5, 0x3, 0x151a4, 0x1e, 0x7f, 0x10, 0x0, 0x81, 0x6d6, 0x7, 0x0, 0x3, 0xd, 0x400, 0x0, 0x5, 0x7, 0x800, 0xffff, 0x4, 0x1e97dd61, 0x7, 0x1, 0x2521, 0x2, 0xeef, 0x8001, 0x4, 0x8001, 0x5, 0x7, 0x200, 0x1, 0x4, 0x1, 0x5, 0x8, 0xfffff411, 0x4, 0x3, 0x7b7, 0x2, 0x2, 0x8000, 0x7f, 0x5, 0xa799, 0xff, 0x7, 0x5, 0x8, 0x92, 0x9eae, 0x9, 0x8, 0xfffff4ed, 0xfffffffa, 0x2b9d, 0x8, 0x1, 0x9, 0x5, 0x3c, 0x4, 0xb198, 0x5, 0x9]}]}]}}, @f_tcindex={{0xc}, {0xc, 0x2, [@TCA_TCINDEX_MASK={0x6, 0x2, 0x3a6}]}}, @f_tcindex={{0xc}, {0x14, 0x2, [@TCA_TCINDEX_HASH={0x8, 0x1, 0xc23a}, @TCA_TCINDEX_CLASSID={0x8, 0x5, {0xfff3, 0x7}}]}}, @f_rsvp6={{0xa}, {0x18, 0x2, [@TCA_RSVP_DST={0x14, 0x2, @loopback}]}}, @f_rsvp={{0x9}, {0x24, 0x2, [@TCA_RSVP_DST={0x8, 0x2, @multicast1}, @TCA_RSVP_SRC={0x8, 0x3, @initdev={0xac, 0x1e, 0x0, 0x0}}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x8, 0x10}}, @TCA_RSVP_CLASSID={0x8, 0x1, {0xe, 0x5}}]}}]}, 0x4d8}, 0x1, 0x0, 0x0, 0x800}, 0x4040045)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x7)
ioctl$KDFONTOP_SET(r3, 0x4b72, 0x0)
mount$bind(0x0, 0x0, 0x0, 0x89101a, 0x0)
mount$bind(0x0, &(0x7f0000000480)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0)
r4 = syz_pidfd_open(0x0, 0x0)
setns(r4, 0x24020000)
syz_clone(0x120e1100, 0x0, 0x0, 0x0, 0x0, 0x0)

505.02884ms ago: executing program 9 (id=3648):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000840)={0x84, &(0x7f0000000340)={0x40, 0xf, 0x1, 'V'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000780)={0x2c, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)

251.320889ms ago: executing program 2 (id=3649):
r0 = openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$SNDCTL_DSP_SUBDIVIDE(r0, 0xc0045009, &(0x7f0000000300)=0x8)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
shutdown(r1, 0x0)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, 0x0, &(0x7f00000001c0))
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000440)=0x10)
socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x10}}, 0x0)
r2 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
r3 = socket$netlink(0x10, 0x3, 0x0)
writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r3, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)
r4 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r4, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)
setsockopt$inet_msfilter(r4, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a010100000004"], 0x57)
socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_mreqsrc(r2, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc)
r5 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r5, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)

250.63837ms ago: executing program 3 (id=3650):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000240)=0x1)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000180))
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00\t\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00', @ANYRES32, @ANYBLOB='\x00'/19, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000ff0f0000000000000000000000000000eff77dda830743af2db23b7c9cc6e18bf2ccc8af87f566310447e83187e4439d1d18bc50b46093040ec5fe4da6f8670144ed2f3726a890f8460097a9b0c8a97cd99d20b3"], 0x50)
bpf$MAP_LOOKUP_ELEM(0x15, &(0x7f0000000240)={r2, 0x0, 0x0}, 0x20)
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, 0xffffffffffffffff, &(0x7f0000000040))
r4 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x30000000})
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000002180)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000002740)=[{&(0x7f0000000140)='W', 0x1}], 0x1}}], 0x2, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x4)
shutdown(r0, 0x2)
r5 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r5, 0x4008af00, &(0x7f0000000140)=0x200000000)
write$vhost_msg_v2(r5, &(0x7f0000000980)={0x2, 0x0, {0x0, 0x4b, 0x0, 0x0, 0x2}}, 0x48)
write$vhost_msg_v2(r5, &(0x7f0000000640)={0x2, 0x0, {&(0x7f0000000740)=""/234, 0xea, 0x0, 0x0, 0x2}}, 0x4f)

186.953503ms ago: executing program 8 (id=3651):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000740), 0xffffffffffffffff)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x0, 0x8000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xe336, 0x0, 0x0)
set_mempolicy(0x4005, &(0x7f0000000040)=0x10000000005, 0x7)
syz_io_uring_setup(0xd2, 0x0, 0x0, 0x0)
getpriority(0x1, 0xe6)
r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x4000000004002, 0x0)
ioctl$BLKTRACESETUP(r8, 0xc0481273, &(0x7f0000001100)={'\x00', 0xf47, 0x8001, 0x8f, 0x7fffffffffffffff, 0x6, 0xffffffffffffffff})
bind$inet(r7, &(0x7f0000000000)={0x2, 0x4e21, @local}, 0x10)
sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="18000000", @ANYRES16=r1, @ANYBLOB="2503000000000000000016000000"], 0x18}, 0x1, 0x0, 0x0, 0x8800}, 0x0)

282.825µs ago: executing program 1 (id=3652):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0xffffffffffffff61)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet6(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r4 = socket(0x1e, 0x4, 0x0)
r5 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10)
sendmmsg(r4, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
sendmsg$tipc(r5, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x0)

0s ago: executing program 3 (id=3653):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x1, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = syz_open_dev$dri(&(0x7f00000000c0), 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r2, &(0x7f0000000080)={0xa, 0xffff}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000340), 0x14)
write$binfmt_script(r2, 0x0, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)
getpid()
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl(r3, 0x8b32, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x1c}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r4, 0x0, 0x0)

kernel console output (not intermixed with test programs):

 bcdDevice= 0.00
[  648.937675][ T5885] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  648.957290][ T5885] usb 6-1: config 0 descriptor??
[  649.192826][T13922] netlink: 36 bytes leftover after parsing attributes in process `syz.8.2666'.
[  649.720942][T13924] bond2 (unregistering): Released all slaves
[  650.050594][ T5885] cougar 0003:060B:700A.0005: hidraw0: USB HID v0.00 Device [HID 060b:700a] on usb-dummy_hcd.5-1/input0
[  650.225606][ T5886] usb 6-1: USB disconnect, device number 2
[  650.656276][T13941] Invalid source name
[  650.660433][T13941] UBIFS error (pid: 13941): cannot open "/dev/sg0", error -22
[  650.980773][T13943] fuse: Unknown parameter '0x0000000000000004'
[  651.011323][T13945] netlink: 199836 bytes leftover after parsing attributes in process `syz.8.2677'.
[  652.527854][ T5885] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  653.975151][T13965] netlink: 'syz.7.2684': attribute type 1 has an invalid length.
[  654.028398][ T5885] usb 9-1: unable to get BOS descriptor or descriptor too short
[  654.068242][ T5885] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  654.078417][ T5885] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0
[  654.089389][ T5885] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  654.100314][ T5885] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x88 has invalid maxpacket 0
[  654.185548][T13967] netlink: 36 bytes leftover after parsing attributes in process `syz.7.2684'.
[  654.217889][ T5885] usb 9-1: New USB device found, idVendor=04e6, idProduct=5591, bcdDevice=b5.39
[  654.229230][T13965] bond2 (unregistering): Released all slaves
[  654.232984][ T5885] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  654.272338][ T5885] usb 9-1: Product: syz
[  654.289724][ T5885] usb 9-1: Manufacturer: syz
[  654.294705][ T5885] usb 9-1: SerialNumber: syz
[  654.321598][ T5885] usb 9-1: config 0 descriptor??
[  654.500206][T13971] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  655.062280][ T5885] usb 9-1: NFC: Unable to get FW version
[  655.068513][ T5885] pn533_usb 9-1:0.0: probe with driver pn533_usb failed with error -90
[  655.158742][ T5885] usb 9-1: USB disconnect, device number 2
[  655.264936][T13979] fuse: Unknown parameter '0x0000000000000004'
[  656.589787][T14004] Invalid source name
[  656.594581][T14004] UBIFS error (pid: 14004): cannot open "/dev/sg0", error -22
[  658.957658][ T5886] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  658.974180][   T29] kauditd_printk_skb: 11 callbacks suppressed
[  658.974202][   T29] audit: type=1326 audit(1731003548.882:1127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14028 comm="syz.5.2706" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f87ed97e719 code=0x0
[  659.169799][ T5886] usb 9-1: Using ep0 maxpacket: 32
[  659.182074][ T5886] usb 9-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 32
[  659.213177][ T5886] usb 9-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 64
[  659.242460][ T5886] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  659.252292][ T5886] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  659.262279][ T5886] usb 9-1: Manufacturer: n
[  659.267410][ T5886] usb 9-1: SerialNumber: �㤩鵭��൹Ɉ테ꔙﴂꊞ헷ᗳ蜰赘냢횹떻�擈墥龷ና쿶﹇뿗Ễ宅喷械簀젇鑂ﮛ瘉擹ׄ㡨彾ᕑ䮮≠㱈ᑬﻥ숡䞈샧∓稜⣯늞羘 參闳�𣓒nj㸲냔
[  660.697037][ T5886] cdc_ncm 9-1:1.0: bind() failure
[  660.755080][ T5886] cdc_ncm 9-1:1.1: CDC Union missing and no IAD found
[  660.794220][ T5886] cdc_ncm 9-1:1.1: bind() failure
[  660.835247][ T5886] usb 9-1: USB disconnect, device number 3
[  666.427645][T14134] vcan0 speed is unknown, defaulting to 1000
[  669.620683][T14161] rdma_rxe: rxe_newlink: failed to add vcan0
[  670.389243][T14174] Mount JFS Failure: -22
[  670.393877][T14174] jfs_mount failed w/return code = -22
[  672.475950][T14181] netlink: 104 bytes leftover after parsing attributes in process `syz.2.2754'.
[  672.558748][   T29] audit: type=1326 audit(1731003562.382:1128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14179 comm="syz.2.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67a277e719 code=0x7ffc0000
[  673.047024][   T29] audit: type=1326 audit(1731003562.392:1129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14179 comm="syz.2.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=122 compat=0 ip=0x7f67a277e719 code=0x7ffc0000
[  673.123042][   T29] audit: type=1326 audit(1731003562.392:1130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14179 comm="syz.2.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67a277e719 code=0x7ffc0000
[  673.158907][   T29] audit: type=1326 audit(1731003562.392:1131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14179 comm="syz.2.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f67a277e719 code=0x7ffc0000
[  673.196150][   T29] audit: type=1326 audit(1731003562.412:1132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14179 comm="syz.2.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67a277e719 code=0x7ffc0000
[  673.220522][   T29] audit: type=1326 audit(1731003562.412:1133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14179 comm="syz.2.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f67a277e719 code=0x7ffc0000
[  673.245160][   T29] audit: type=1326 audit(1731003562.412:1134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14179 comm="syz.2.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67a277e719 code=0x7ffc0000
[  673.268276][   T29] audit: type=1326 audit(1731003562.412:1135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14179 comm="syz.2.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f67a277e31b code=0x7ffc0000
[  673.292177][   T29] audit: type=1326 audit(1731003562.412:1136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14179 comm="syz.2.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67a277e719 code=0x7ffc0000
[  673.324140][   T29] audit: type=1326 audit(1731003562.422:1137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14179 comm="syz.2.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f67a277e719 code=0x7ffc0000
[  674.785464][T12011] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  674.939546][T12011] usb 6-1: unable to get BOS descriptor or descriptor too short
[  674.968521][T12011] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  674.998865][T12011] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0
[  675.057977][T12011] usb 6-1: New USB device found, idVendor=04e6, idProduct=5591, bcdDevice=b5.39
[  675.123416][T12011] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  675.959713][T12011] usb 6-1: Product: syz
[  675.963952][T12011] usb 6-1: Manufacturer: syz
[  675.968696][T12011] usb 6-1: SerialNumber: syz
[  675.977267][T12011] usb 6-1: config 0 descriptor??
[  675.992049][T12011] pn533_usb 6-1:0.0: NFC: Could not find bulk-in or bulk-out endpoint
[  676.372645][T12011] usb 6-1: USB disconnect, device number 3
[  679.692485][T14248] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2767'.
[  680.225447][T12011] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  680.416952][T12011] usb 3-1: Using ep0 maxpacket: 8
[  680.456454][T12011] usb 3-1: New USB device found, idVendor=041e, idProduct=4053, bcdDevice= c.b2
[  680.480660][T12011] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  680.517638][T12011] usb 3-1: Product: syz
[  680.535408][T12011] usb 3-1: Manufacturer: syz
[  680.555374][T12011] usb 3-1: SerialNumber: syz
[  680.590387][T12011] usb 3-1: config 0 descriptor??
[  680.632285][T12011] gspca_main: gspca_zc3xx-2.14.0 probing 041e:4053
[  681.054984][T12011] gspca_zc3xx: reg_r err -71
[  681.065633][T12011] gspca_zc3xx 3-1:0.0: probe with driver gspca_zc3xx failed with error -71
[  681.130123][T12011] usb 3-1: USB disconnect, device number 26
[  686.077698][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  686.188383][T14298] fuse: Unknown parameter 'fd0x0000000000000004'
[  686.285619][   T29] kauditd_printk_skb: 4 callbacks suppressed
[  686.285640][   T29] audit: type=1326 audit(1731003576.202:1142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14300 comm="syz.5.2787" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f87ed97e719 code=0x0
[  686.425804][ T5849] Bluetooth: hci4: command 0x0405 tx timeout
[  687.503536][T14309] vcan0 speed is unknown, defaulting to 1000
[  694.016157][ T5844] Bluetooth: hci2: command 0x0406 tx timeout
[  694.024429][T14347] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[  694.743604][T14347] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  694.762367][T14347] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  694.773863][T14347] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  694.832681][ T5849] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  694.846514][ T5849] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  694.855230][ T5849] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  694.876681][ T5849] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  694.897462][ T5849] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  694.905464][ T5849] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  696.418008][ T7168] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  696.435493][ T5849] Bluetooth: hci5: command 0x0406 tx timeout
[  696.476845][T14365] vcan0 speed is unknown, defaulting to 1000
[  696.578123][ T7168] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  696.902147][ T5849] Bluetooth: hci4: command 0x0405 tx timeout
[  696.909826][ T5849] Bluetooth: hci1: command 0x0406 tx timeout
[  696.978131][ T5844] Bluetooth: hci3: command tx timeout
[  697.549764][ T7168] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  697.880964][ T7168] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  698.024811][T14398] bond_slave_0: entered promiscuous mode
[  698.030608][T14398] bond_slave_1: entered promiscuous mode
[  698.041151][T14398] macvlan2: entered promiscuous mode
[  698.048161][T14398] bond0: entered promiscuous mode
[  698.120247][T14398] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  698.206438][T14387] vcan0 speed is unknown, defaulting to 1000
[  698.525631][T14403] loop3: detected capacity change from 0 to 512
[  698.564396][T14403] EXT4-fs (loop3): blocks per group (95) and clusters per group (32768) inconsistent
[  698.921212][ T7168] bridge_slave_1: left allmulticast mode
[  699.055412][ T5844] Bluetooth: hci3: command tx timeout
[  699.066111][ T7168] bridge_slave_1: left promiscuous mode
[  699.071976][ T7168] bridge0: port 2(bridge_slave_1) entered disabled state
[  699.105793][ T7168] bridge_slave_0: left allmulticast mode
[  699.111654][ T7168] bridge_slave_0: left promiscuous mode
[  699.132120][ T7168] bridge0: port 1(bridge_slave_0) entered disabled state
[  699.934803][ T7168] bond1 (unregistering): (slave ip6gretap1): Releasing backup interface
[  701.153347][ T5844] Bluetooth: hci3: command tx timeout
[  702.008940][ T7168] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  702.020606][ T7168] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  702.107471][ T7168] bond0 (unregistering): Released all slaves
[  702.121995][ T7168] bond1 (unregistering): Released all slaves
[  702.178224][T14435] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2829'.
[  702.228352][ T7168] tipc: Disabling bearer <udp:s>
[  702.245109][ T7168] tipc: Left network mode
[  702.246489][T14411] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  702.264533][T14411] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  702.291487][T14411] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  702.334205][T14411] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  702.413069][T14411] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  702.453141][T14411] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  702.636505][T14411] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  703.166420][T14445] loop5: detected capacity change from 0 to 512
[  703.196704][T14445] EXT4-fs (loop5): blocks per group (95) and clusters per group (32768) inconsistent
[  704.004336][T14365] chnl_net:caif_netlink_parms(): no params data found
[  704.355040][ T5844] Bluetooth: hci4: command 0x0405 tx timeout
[  704.361218][ T5844] Bluetooth: hci1: command 0x0406 tx timeout
[  704.361283][ T5849] Bluetooth: hci5: command 0x0406 tx timeout
[  704.367300][ T5844] Bluetooth: hci2: command 0x0406 tx timeout
[  705.196027][ T5849] Bluetooth: hci3: command 0x0c1a tx timeout
[  707.255384][ T5849] Bluetooth: hci3: command 0x0c1a tx timeout
[  707.757115][T14365] bridge0: port 1(bridge_slave_0) entered blocking state
[  707.861710][T14491] Cannot find set identified by id 0 to match
[  708.073726][T14365] bridge0: port 1(bridge_slave_0) entered disabled state
[  708.199124][T14365] bridge_slave_0: entered allmulticast mode
[  708.297399][ T5849] Bluetooth: hci5: ACL packet for unknown connection handle 200
[  708.506642][T14365] bridge_slave_0: entered promiscuous mode
[  708.622811][ T7168] hsr_slave_1: left promiscuous mode
[  708.670307][ T7168] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  708.739446][ T7168] batman_adv: batadv0: Removing interface: batadv_slave_0
[  708.770647][ T7168] batman_adv: batadv0: Removing interface: batadv_slave_1
[  708.819230][ T7168] veth1_macvtap: left promiscuous mode
[  708.824806][ T7168] veth0_macvtap: left promiscuous mode
[  708.837359][T14498] loop5: detected capacity change from 0 to 512
[  708.876903][ T7168] veth1_vlan: left promiscuous mode
[  708.900897][T14498] EXT4-fs (loop5): blocks per group (95) and clusters per group (32768) inconsistent
[  709.317971][ T5849] Bluetooth: hci3: command 0x0c1a tx timeout
[  710.567798][ T7168] team0 (unregistering): Port device team_slave_1 removed
[  710.865887][T14516] netlink: 12 bytes leftover after parsing attributes in process `syz.8.2848'.
[  711.713629][ T7168] team0 (unregistering): Port device team_slave_0 removed
[  712.263214][ T5848] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  712.282220][ T5848] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  712.307668][ T5848] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  712.316315][ T5848] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  712.351635][ T5848] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  712.374618][ T5848] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  712.582373][T14365] bridge0: port 2(bridge_slave_1) entered blocking state
[  712.589736][T14365] bridge0: port 2(bridge_slave_1) entered disabled state
[  712.597091][T14365] bridge_slave_1: entered allmulticast mode
[  712.605022][T14365] bridge_slave_1: entered promiscuous mode
[  712.997541][T14365] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  713.011106][T14521] vcan0 speed is unknown, defaulting to 1000
[  713.051520][T14365] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  713.299683][T14530] syzkaller0: entered promiscuous mode
[  713.314886][T14530] syzkaller0: entered allmulticast mode
[  713.359681][T14365] team0: Port device team_slave_0 added
[  713.379828][T14365] team0: Port device team_slave_1 added
[  713.788040][   T81] syzkaller0: tun_net_xmit 48
[  714.511148][ T5849] Bluetooth: hci0: command tx timeout
[  716.898003][ T5849] Bluetooth: hci0: command tx timeout
[  717.047624][ T5885] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  717.128758][T14562] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2859'.
[  717.238306][ T5885] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  717.341531][ T5885] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  717.446305][ T5885] usb 9-1: New USB device found, idVendor=056a, idProduct=032f, bcdDevice= 0.00
[  717.535170][ T5885] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  717.715987][ T5885] usb 9-1: config 0 descriptor??
[  718.976707][ T5849] Bluetooth: hci0: command tx timeout
[  720.130511][T14365] batman_adv: batadv0: Adding interface: batadv_slave_0
[  720.137740][T14365] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  720.163815][T14365] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  720.255827][ T5885] usbhid 9-1:0.0: can't add hid device: -71
[  720.274192][ T5885] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  720.303498][ T5885] usb 9-1: USB disconnect, device number 4
[  720.354158][T14365] batman_adv: batadv0: Adding interface: batadv_slave_1
[  720.369670][ T7168] IPVS: stop unused estimator thread 0...
[  720.378523][T14365] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  720.588914][T14365] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  721.138495][ T5849] Bluetooth: hci0: command tx timeout
[  721.369308][T14365] hsr_slave_0: entered promiscuous mode
[  721.390413][T14365] hsr_slave_1: entered promiscuous mode
[  721.405518][T14365] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  721.422192][T14365] Cannot create hsr debugfs directory
[  722.687232][ T7168] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  722.973364][ T7168] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  723.148114][ T7168] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  723.767104][T14597] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2869'.
[  724.008056][T14588] syzkaller0: entered promiscuous mode
[  724.013868][T14588] syzkaller0: entered allmulticast mode
[  724.053007][ T7150] syzkaller0: tun_net_xmit 48
[  724.418651][ T7168] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  725.924999][T14616] loop5: detected capacity change from 0 to 512
[  725.971465][T14616] EXT4-fs (loop5): blocks per group (71) and clusters per group (32768) inconsistent
[  730.044376][T14615] veth0_vlan: entered allmulticast mode
[  730.109615][T14521] chnl_net:caif_netlink_parms(): no params data found
[  731.921414][ T7168] bridge_slave_1: left allmulticast mode
[  731.927327][ T7168] bridge_slave_1: left promiscuous mode
[  731.933102][ T7168] bridge0: port 2(bridge_slave_1) entered disabled state
[  731.947714][ T7168] bridge_slave_0: left allmulticast mode
[  731.967749][ T7168] bridge_slave_0: left promiscuous mode
[  731.998863][ T7168] bridge0: port 1(bridge_slave_0) entered disabled state
[  733.113757][ T7168] bond1 (unregistering): (slave ip6gretap1): Releasing backup interface
[  733.654351][ T7168] bond0 (unregistering): left promiscuous mode
[  733.662774][ T7168] bond_slave_0: left promiscuous mode
[  733.669122][ T7168] bond_slave_1: left promiscuous mode
[  733.703907][ T7168] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  733.718626][ T7168] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  733.734229][ T7168] bond0 (unregistering): Released all slaves
[  733.923925][ T7168] bond1 (unregistering): Released all slaves
[  733.936174][T14521] bridge0: port 1(bridge_slave_0) entered blocking state
[  733.954768][T14521] bridge0: port 1(bridge_slave_0) entered disabled state
[  733.963872][T14521] bridge_slave_0: entered allmulticast mode
[  733.988262][T14521] bridge_slave_0: entered promiscuous mode
[  734.283772][T14663] syzkaller0: entered promiscuous mode
[  734.310333][T14663] syzkaller0: entered allmulticast mode
[  734.329623][ T7171] syzkaller0: tun_net_xmit 48
[  734.338723][T14521] bridge0: port 2(bridge_slave_1) entered blocking state
[  734.357855][T14521] bridge0: port 2(bridge_slave_1) entered disabled state
[  734.365921][T14521] bridge_slave_1: entered allmulticast mode
[  734.372821][T14521] bridge_slave_1: entered promiscuous mode
[  741.125973][T14521] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  741.157701][T14521] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  741.385173][T14521] team0: Port device team_slave_0 added
[  741.444771][T14521] team0: Port device team_slave_1 added
[  741.474572][ T7168] hsr_slave_0: left promiscuous mode
[  741.490663][ T7168] hsr_slave_1: left promiscuous mode
[  741.504520][ T7168] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  741.522476][ T7168] batman_adv: batadv0: Removing interface: batadv_slave_0
[  741.537885][ T7168] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  741.554331][ T7168] batman_adv: batadv0: Removing interface: batadv_slave_1
[  741.609132][ T7168] veth1_macvtap: left promiscuous mode
[  741.619416][ T7168] veth0_macvtap: left promiscuous mode
[  741.634289][ T7168] veth1_vlan: left promiscuous mode
[  741.650219][ T7168] veth0_vlan: left promiscuous mode
[  744.671825][ T7168] team0 (unregistering): Port device team_slave_1 removed
[  744.748526][ T7168] team0 (unregistering): Port device team_slave_0 removed
[  747.379831][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  747.770815][T14521] batman_adv: batadv0: Adding interface: batadv_slave_0
[  747.787494][T14521] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  747.839628][T14521] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  748.068658][T14521] batman_adv: batadv0: Adding interface: batadv_slave_1
[  748.880420][T14521] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  748.933384][T14521] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  748.963695][T14365] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  749.032221][T14365] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  749.888134][T14365] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  749.937320][T14365] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  750.329529][T14521] hsr_slave_0: entered promiscuous mode
[  750.347388][T14521] hsr_slave_1: entered promiscuous mode
[  750.558740][T14521] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  751.097049][T14521] Cannot create hsr debugfs directory
[  751.561418][T14521] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  751.596835][T14521] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  751.667935][T14521] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  751.706628][T14521] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  751.814961][T14365] 8021q: adding VLAN 0 to HW filter on device bond0
[  751.944546][T14365] 8021q: adding VLAN 0 to HW filter on device team0
[  751.974508][ T7168] bridge0: port 1(bridge_slave_0) entered blocking state
[  751.981736][ T7168] bridge0: port 1(bridge_slave_0) entered forwarding state
[  752.959287][T14521] 8021q: adding VLAN 0 to HW filter on device bond0
[  752.996377][T14521] 8021q: adding VLAN 0 to HW filter on device team0
[  753.198251][T14521] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  753.208727][T14521] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  753.253545][ T7168] bridge0: port 1(bridge_slave_0) entered blocking state
[  753.260763][ T7168] bridge0: port 1(bridge_slave_0) entered forwarding state
[  753.286930][ T7168] bridge0: port 2(bridge_slave_1) entered blocking state
[  753.294097][ T7168] bridge0: port 2(bridge_slave_1) entered forwarding state
[  753.360079][ T5849] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  753.371852][ T5849] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  753.608441][ T5849] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  753.630572][ T5849] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  753.644511][ T5849] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  753.674357][ T5849] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  754.112122][T14772] vcan0 speed is unknown, defaulting to 1000
[  754.984635][T14521] 8021q: adding VLAN 0 to HW filter on device batadv0
[  756.453181][ T5848] Bluetooth: hci4: command tx timeout
[  758.071942][T14521] veth0_vlan: entered promiscuous mode
[  758.248208][T14521] veth1_vlan: entered promiscuous mode
[  758.527015][ T5849] Bluetooth: hci4: command tx timeout
[  758.978956][T14772] chnl_net:caif_netlink_parms(): no params data found
[  759.032536][T14521] veth0_macvtap: entered promiscuous mode
[  759.088704][T14521] veth1_macvtap: entered promiscuous mode
[  760.489555][T14521] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  760.513580][T14521] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  760.526505][T14521] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  760.547723][T14521] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  760.564563][T14521] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  760.578831][ T5849] Bluetooth: hci4: command tx timeout
[  760.635395][T14521] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  760.649908][T14521] batman_adv: batadv0: Interface activated: batadv_slave_0
[  760.840745][T14772] bridge0: port 1(bridge_slave_0) entered blocking state
[  760.848314][T14772] bridge0: port 1(bridge_slave_0) entered disabled state
[  760.855902][T14772] bridge_slave_0: entered allmulticast mode
[  760.862924][T14772] bridge_slave_0: entered promiscuous mode
[  760.904736][T14772] bridge0: port 2(bridge_slave_1) entered blocking state
[  760.927184][T14772] bridge0: port 2(bridge_slave_1) entered disabled state
[  760.934944][T14772] bridge_slave_1: entered allmulticast mode
[  760.977079][T14772] bridge_slave_1: entered promiscuous mode
[  761.058090][ T3534] bridge_slave_1: left allmulticast mode
[  761.085424][ T3534] bridge_slave_1: left promiscuous mode
[  761.091253][ T3534] bridge0: port 2(bridge_slave_1) entered disabled state
[  761.142549][ T3534] bridge_slave_0: left allmulticast mode
[  761.158032][ T3534] bridge_slave_0: left promiscuous mode
[  761.163873][ T3534] bridge0: port 1(bridge_slave_0) entered disabled state
[  763.437942][ T5849] Bluetooth: hci4: command tx timeout
[  767.056330][ T3534] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  767.094644][ T3534] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  767.121060][ T3534] bond0 (unregistering): Released all slaves
[  767.214134][T14772] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  767.236682][T14521] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  767.248156][T14521] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  767.260540][T14521] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  767.273122][T14521] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  767.308357][T14521] batman_adv: batadv0: Interface activated: batadv_slave_1
[  767.499021][T14873] netlink: 'syz.3.2938': attribute type 21 has an invalid length.
[  767.626681][T14873] netlink: 128 bytes leftover after parsing attributes in process `syz.3.2938'.
[  767.640765][T14873] netlink: 'syz.3.2938': attribute type 4 has an invalid length.
[  767.648805][T14873] netlink: 'syz.3.2938': attribute type 3 has an invalid length.
[  767.656827][T14873] netlink: 3 bytes leftover after parsing attributes in process `syz.3.2938'.
[  767.666274][T14875] netlink: 'syz.3.2938': attribute type 21 has an invalid length.
[  767.675073][T14875] netlink: 128 bytes leftover after parsing attributes in process `syz.3.2938'.
[  767.684452][T14875] netlink: 'syz.3.2938': attribute type 4 has an invalid length.
[  767.692943][T14875] netlink: 'syz.3.2938': attribute type 5 has an invalid length.
[  767.701569][T14875] netlink: 3 bytes leftover after parsing attributes in process `syz.3.2938'.
[  767.732456][T14772] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  767.760040][T14521] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  767.789489][T14521] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  767.815306][T14521] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  767.835317][T14521] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  768.200220][ T3534] hsr_slave_0: left promiscuous mode
[  768.254483][ T3534] hsr_slave_1: left promiscuous mode
[  768.270427][ T3534] batman_adv: batadv0: Removing interface: batadv_slave_0
[  768.291446][ T3534] batman_adv: batadv0: Removing interface: batadv_slave_1
[  768.700870][ T3534] team0 (unregistering): Port device team_slave_1 removed
[  768.909640][ T3534] team0 (unregistering): Port device team_slave_0 removed
[  769.530559][T14772] team0: Port device team_slave_0 added
[  769.572456][T14772] team0: Port device team_slave_1 added
[  769.676705][T14772] batman_adv: batadv0: Adding interface: batadv_slave_0
[  769.683726][T14772] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  769.709709][    C0] vkms_vblank_simulate: vblank timer overrun
[  769.763634][T14772] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  769.868550][T14772] batman_adv: batadv0: Adding interface: batadv_slave_1
[  769.879606][T14772] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  769.927876][T14772] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  770.207451][ T2920] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  770.225416][ T2920] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  771.372592][T14772] hsr_slave_0: entered promiscuous mode
[  771.379072][T14772] hsr_slave_1: entered promiscuous mode
[  772.143784][T14772] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  772.175740][T14772] Cannot create hsr debugfs directory
[  772.254378][T12544] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  772.425667][T12544] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  773.341738][T14917] syz.8.2950: attempt to access beyond end of device
[  773.341738][T14917] loop8: rw=0, sector=64, nr_sectors = 8 limit=0
[  773.354939][T14917] syz.8.2950: attempt to access beyond end of device
[  773.354939][T14917] loop8: rw=0, sector=120, nr_sectors = 8 limit=0
[  773.368253][T14917] Mount JFS Failure: -5
[  773.372432][T14917] jfs_mount failed w/return code = -5
[  773.875196][ T5848] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  773.960895][ T5848] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  774.258407][ T5848] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  774.275192][ T5848] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  774.690595][ T5848] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  774.703286][ T5848] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  775.013399][T14938] trusted_key: encrypted_key: insufficient parameters specified
[  777.057295][ T5848] Bluetooth: hci3: command tx timeout
[  777.202648][ T7162] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  777.336268][T14941] netlink: 'syz.3.2957': attribute type 21 has an invalid length.
[  777.344152][T14941] netlink: 128 bytes leftover after parsing attributes in process `syz.3.2957'.
[  777.367171][T14941] netlink: 'syz.3.2957': attribute type 4 has an invalid length.
[  777.374970][T14941] netlink: 'syz.3.2957': attribute type 3 has an invalid length.
[  777.401750][T14941] netlink: 3 bytes leftover after parsing attributes in process `syz.3.2957'.
[  777.586176][T14944] netlink: 'syz.3.2957': attribute type 21 has an invalid length.
[  777.594104][T14944] netlink: 128 bytes leftover after parsing attributes in process `syz.3.2957'.
[  777.603308][T14944] netlink: 'syz.3.2957': attribute type 4 has an invalid length.
[  777.611123][T14944] netlink: 'syz.3.2957': attribute type 5 has an invalid length.
[  777.618889][T14944] netlink: 3 bytes leftover after parsing attributes in process `syz.3.2957'.
[  778.551976][ T7162] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  778.873703][T14970] netlink: 'syz.5.2961': attribute type 4 has an invalid length.
[  778.929268][T14928] vcan0 speed is unknown, defaulting to 1000
[  778.976788][ T7162] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  779.008088][T14967] netlink: 'syz.5.2961': attribute type 4 has an invalid length.
[  779.135578][ T5848] Bluetooth: hci3: command tx timeout
[  779.156566][ T7162] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  779.238558][T14772] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  779.317857][T14772] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  779.349233][T14772] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  779.393671][T14772] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  779.648820][T14772] 8021q: adding VLAN 0 to HW filter on device bond0
[  779.668038][T14772] 8021q: adding VLAN 0 to HW filter on device team0
[  779.681016][   T81] bridge0: port 1(bridge_slave_0) entered blocking state
[  779.688293][   T81] bridge0: port 1(bridge_slave_0) entered forwarding state
[  779.731095][ T7162] bridge_slave_1: left allmulticast mode
[  779.739158][ T7162] bridge_slave_1: left promiscuous mode
[  779.744933][ T7162] bridge0: port 2(bridge_slave_1) entered disabled state
[  779.766713][ T7162] bridge_slave_0: left allmulticast mode
[  779.772429][ T7162] bridge_slave_0: left promiscuous mode
[  779.809978][ T7162] bridge0: port 1(bridge_slave_0) entered disabled state
[  780.025664][T12011] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  780.197543][T12011] usb 4-1: unable to get BOS descriptor or descriptor too short
[  780.207931][T12011] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  780.218295][T12011] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0
[  780.232019][T12011] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  780.253888][T12011] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x88 has invalid maxpacket 0
[  780.268382][T12011] usb 4-1: New USB device found, idVendor=04e6, idProduct=5591, bcdDevice=b5.39
[  780.280683][T12011] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  780.303510][T12011] usb 4-1: Product: syz
[  780.307906][T12011] usb 4-1: Manufacturer: syz
[  780.312549][T12011] usb 4-1: SerialNumber: syz
[  780.335014][T12011] usb 4-1: config 0 descriptor??
[  780.342476][T12011] usb 4-1: NFC: Unable to get FW version
[  780.356825][T12011] pn533_usb 4-1:0.0: probe with driver pn533_usb failed with error -90
[  780.778020][T12011] usb 4-1: USB disconnect, device number 34
[  781.222516][ T7162] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  781.227057][ T5848] Bluetooth: hci3: command tx timeout
[  781.246160][ T7162] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  781.259809][ T7162] bond0 (unregistering): Released all slaves
[  781.274239][   T81] bridge0: port 2(bridge_slave_1) entered blocking state
[  781.281475][   T81] bridge0: port 2(bridge_slave_1) entered forwarding state
[  781.557851][T14928] chnl_net:caif_netlink_parms(): no params data found
[  783.129198][ T7162] hsr_slave_0: left promiscuous mode
[  783.351451][ T5848] Bluetooth: hci3: command tx timeout
[  783.512841][ T7162] hsr_slave_1: left promiscuous mode
[  783.560856][ T7162] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  783.834812][ T7162] batman_adv: batadv0: Removing interface: batadv_slave_0
[  783.847759][ T7162] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  783.856015][ T7162] batman_adv: batadv0: Removing interface: batadv_slave_1
[  783.994457][ T7162] veth1_macvtap: left promiscuous mode
[  784.013717][ T7162] veth0_macvtap: left promiscuous mode
[  784.020194][ T7162] veth1_vlan: left promiscuous mode
[  784.026899][ T7162] veth0_vlan: left promiscuous mode
[  784.169289][T15031] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  785.331679][ T7162] team0 (unregistering): Port device team_slave_1 removed
[  785.592818][ T7162] team0 (unregistering): Port device team_slave_0 removed
[  787.013699][T14928] bridge0: port 1(bridge_slave_0) entered blocking state
[  787.025483][T14928] bridge0: port 1(bridge_slave_0) entered disabled state
[  787.033066][T14928] bridge_slave_0: entered allmulticast mode
[  787.076197][T14928] bridge_slave_0: entered promiscuous mode
[  787.085581][T14928] bridge0: port 2(bridge_slave_1) entered blocking state
[  787.092873][T14928] bridge0: port 2(bridge_slave_1) entered disabled state
[  787.100800][T14928] bridge_slave_1: entered allmulticast mode
[  787.108486][T14928] bridge_slave_1: entered promiscuous mode
[  787.126140][T15036] netlink: 'syz.8.2978': attribute type 1 has an invalid length.
[  787.135127][T15036] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR
[  787.221886][T14928] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  787.278411][T14928] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  787.580313][T14928] team0: Port device team_slave_0 added
[  787.597687][T14928] team0: Port device team_slave_1 added
[  788.312452][T14772] 8021q: adding VLAN 0 to HW filter on device batadv0
[  788.581767][T14928] batman_adv: batadv0: Adding interface: batadv_slave_0
[  788.604011][T14928] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  788.794093][T14928] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  788.811720][T14928] batman_adv: batadv0: Adding interface: batadv_slave_1
[  788.820646][T14928] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  788.854656][T14928] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  789.048312][T14928] hsr_slave_0: entered promiscuous mode
[  789.089248][T14928] hsr_slave_1: entered promiscuous mode
[  789.106137][T14928] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  789.113914][T14928] Cannot create hsr debugfs directory
[  789.243984][T14772] veth0_vlan: entered promiscuous mode
[  789.334899][T14772] veth1_vlan: entered promiscuous mode
[  789.521661][T14772] veth0_macvtap: entered promiscuous mode
[  789.548826][T14772] veth1_macvtap: entered promiscuous mode
[  789.619139][T15070] ufs: You didn't specify the type of your ufs filesystem
[  789.619139][T15070] 
[  789.619139][T15070] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  789.619139][T15070] 
[  789.619139][T15070] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  789.652130][T15070] ufs: ufstype=old is supported read-only
[  789.658608][T15070] ufs: ufs_fill_super(): bad magic number
[  789.979757][T14772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  790.025117][T14772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  790.075401][T14772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  790.086066][T14772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  790.113350][T14772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  790.143428][T14772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  790.157212][T14772] batman_adv: batadv0: Interface activated: batadv_slave_0
[  790.184692][T14772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  790.204352][T14772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  790.216017][T14772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  790.234971][T14772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  790.256454][T14772] batman_adv: batadv0: Interface activated: batadv_slave_1
[  790.282320][T14772] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  790.325392][T14772] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  790.363871][T14772] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  790.401369][T14772] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  791.287542][ T7156] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  791.296079][T15082] netlink: 'syz.3.2992': attribute type 1 has an invalid length.
[  791.309670][ T7156] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  791.528249][T15086] 8021q: adding VLAN 0 to HW filter on device bond4
[  791.905070][T14928] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  791.941037][ T7156] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  791.953169][T14928] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  791.978222][ T7156] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  792.011542][T14928] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  792.051051][T14928] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  792.448912][T14928] 8021q: adding VLAN 0 to HW filter on device bond0
[  792.490301][T14928] 8021q: adding VLAN 0 to HW filter on device team0
[  792.531134][T14928] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  792.541730][T14928] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  792.568420][ T7168] bridge0: port 1(bridge_slave_0) entered blocking state
[  792.575710][ T7168] bridge0: port 1(bridge_slave_0) entered forwarding state
[  792.587344][ T7168] bridge0: port 2(bridge_slave_1) entered blocking state
[  792.594506][ T7168] bridge0: port 2(bridge_slave_1) entered forwarding state
[  792.787550][T15096] snd_dummy snd_dummy.0: control 0:0:50593792:syz0:0 is already present
[  793.600279][    T9] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  793.760525][T14928] 8021q: adding VLAN 0 to HW filter on device batadv0
[  793.764528][    T9] usb 3-1: Using ep0 maxpacket: 32
[  793.788624][    T9] usb 3-1: string descriptor 0 read error: -22
[  793.796226][    T9] usb 3-1: New USB device found, idVendor=16c0, idProduct=05df, bcdDevice=b2.bf
[  793.831975][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  793.875005][    T9] usb 3-1: config 0 descriptor??
[  794.149631][T15121] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  794.152480][T15102] xt_l2tp: unknown flags: 19
[  794.190040][T12011] usb 3-1: USB disconnect, device number 27
[  795.893766][T15143] netlink: 428 bytes leftover after parsing attributes in process `syz.3.3001'.
[  795.943839][T15143] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3001'.
[  796.040654][T14928] veth0_vlan: entered promiscuous mode
[  796.127926][T14928] veth1_vlan: entered promiscuous mode
[  796.287686][T14928] veth0_macvtap: entered promiscuous mode
[  796.310111][T14928] veth1_macvtap: entered promiscuous mode
[  796.528709][T14928] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  796.735108][T14928] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  797.118114][T14928] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  797.132119][T14928] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  797.199231][T14928] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  797.211775][T14928] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  797.263640][T14928] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  797.290470][T14928] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  797.325655][T14928] batman_adv: batadv0: Interface activated: batadv_slave_0
[  797.468136][T14928] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  797.592860][T14928] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  797.613914][T14928] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  797.649760][T14928] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  797.715701][T14928] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  797.753270][T14928] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  797.793357][T14928] batman_adv: batadv0: Interface activated: batadv_slave_1
[  797.846747][T14928] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  797.863390][T14928] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  797.877136][T14928] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  797.899255][T14928] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  797.965391][ T5842] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  798.147548][ T5842] usb 9-1: unable to get BOS descriptor or descriptor too short
[  798.185461][ T5842] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  798.195174][ T5842] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0
[  798.222188][ T7150] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  798.271655][ T5842] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  798.294106][ T7150] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  798.343621][ T5842] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x88 has invalid maxpacket 0
[  798.371521][ T5842] usb 9-1: New USB device found, idVendor=04e6, idProduct=5591, bcdDevice=b5.39
[  798.382716][ T5842] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  798.406245][ T7156] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  798.413892][ T5842] usb 9-1: Product: syz
[  798.414329][ T7156] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  798.428356][ T5842] usb 9-1: Manufacturer: syz
[  798.433668][ T5842] usb 9-1: SerialNumber: syz
[  798.478939][ T5842] usb 9-1: config 0 descriptor??
[  798.511961][ T5842] usb 9-1: NFC: Unable to get FW version
[  799.413793][ T5842] pn533_usb 9-1:0.0: probe with driver pn533_usb failed with error -90
[  799.555088][T15175] snd_dummy snd_dummy.0: control 0:0:50593792:syz0:0 is already present
[  800.006093][ T5849] Bluetooth: hci3: command 0x0405 tx timeout
[  800.216303][T15079] usb 9-1: USB disconnect, device number 5
[  803.016578][T15205] netlink: 'syz.9.3018': attribute type 1 has an invalid length.
[  803.165885][T15079] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  803.332166][T15079] usb 3-1: New USB device found, idVendor=09e1, idProduct=5121, bcdDevice=40.c1
[  803.370701][T15079] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  803.400115][T15079] usb 3-1: Product: syz
[  803.413985][T15079] usb 3-1: Manufacturer: syz
[  803.428651][T15079] usb 3-1: SerialNumber: syz
[  803.453195][T15079] usb 3-1: config 0 descriptor??
[  803.679200][T15202] syz.2.3017: attempt to access beyond end of device
[  803.679200][T15202] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0
[  803.736583][T15202] SQUASHFS error: Failed to read block 0x0: -5
[  803.763997][T15202] unable to read squashfs_super_block
[  803.798955][T15079] int51x1 3-1:0.0: probe with driver int51x1 failed with error -71
[  803.861483][T15079] usb 3-1: USB disconnect, device number 28
[  804.131629][T15216] snd_dummy snd_dummy.0: control 0:0:50593792:syz0:0 is already present
[  804.826303][ T5844] Bluetooth: hci3: command 0x0405 tx timeout
[  804.887852][ T7164] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  804.927305][T15223] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  804.938873][T15223] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  804.947885][T15223] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  804.955812][T15223] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  804.967040][T15223] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  804.974851][T15223] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  805.066614][T15229] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3026'.
[  805.122276][T15221] vcan0 speed is unknown, defaulting to 1000
[  805.363806][ T7164] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  805.655661][ T5842] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[  805.857868][ T5842] usb 9-1: Using ep0 maxpacket: 32
[  806.001433][ T5842] usb 9-1: config 0 has an invalid interface number: 61 but max is 0
[  806.100254][ T5842] usb 9-1: config 0 has no interface number 0
[  806.117743][ T7164] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  806.117751][ T5842] usb 9-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=b5.f6
[  806.138528][ T5842] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  806.170022][ T5842] usb 9-1: Product: syz
[  806.192998][ T5842] usb 9-1: Manufacturer: syz
[  806.198209][ T5842] usb 9-1: SerialNumber: syz
[  806.209186][ T5842] usb 9-1: config 0 descriptor??
[  806.330910][ T7164] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  806.350880][ T5842] viperboard 9-1:0.61: version 0.00 found at bus 009 address 006
[  806.383684][ T5842] viperboard-i2c viperboard-i2c.2.auto: failure setting i2c_bus_freq to 100
[  806.392915][ T5842] viperboard-i2c viperboard-i2c.2.auto: probe with driver viperboard-i2c failed with error -5
[  806.534843][T15242] netlink: 'syz.2.3030': attribute type 1 has an invalid length.
[  807.013908][ T7164] ip6gretap0 (unregistering): left promiscuous mode
[  807.055704][ T5848] Bluetooth: hci0: command tx timeout
[  807.075204][ T7164] bond3 (unregistering): (slave ip6gretap1): Removing an active aggregator
[  807.103465][ T7164] bond3 (unregistering): (slave ip6gretap1): Releasing backup interface
[  807.159791][T15257] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  807.650359][T15268] usb usb1: usbfs: process 15268 (syz.5.3037) did not claim interface 0 before use
[  807.662975][T15268] 9pnet_fd: Insufficient options for proto=fd
[  808.405873][ T5885] usb 9-1: USB disconnect, device number 6
[  808.754210][ T7164] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  808.775363][ T7164] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  808.797598][ T7164] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  808.819218][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  808.828954][ T7164] bond0 (unregistering): Released all slaves
[  808.845059][ T7164] bond1 (unregistering): (slave batadv1): Releasing backup interface
[  808.859693][ T7164] bond1 (unregistering): Released all slaves
[  808.879190][ T7164] bond2 (unregistering): Released all slaves
[  809.084959][ T7164] bond3 (unregistering): Released all slaves
[  809.135958][ T5848] Bluetooth: hci0: command tx timeout
[  809.297012][ T7164] bond4 (unregistering): Released all slaves
[  809.321165][T15253] netlink: 'syz.2.3035': attribute type 4 has an invalid length.
[  809.350289][T15255] netlink: 'syz.2.3035': attribute type 4 has an invalid length.
[  809.528425][T15271] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3038'.
[  809.587239][ T7164] tipc: Disabling bearer <udp:s>
[  809.592564][ T7164] tipc: Left network mode
[  809.780370][T15221] chnl_net:caif_netlink_parms(): no params data found
[  810.804665][T15221] bridge0: port 1(bridge_slave_0) entered blocking state
[  810.830760][T15221] bridge0: port 1(bridge_slave_0) entered disabled state
[  810.848779][T15221] bridge_slave_0: entered allmulticast mode
[  810.867077][T15221] bridge_slave_0: entered promiscuous mode
[  810.954360][T15221] bridge0: port 2(bridge_slave_1) entered blocking state
[  810.965523][T15221] bridge0: port 2(bridge_slave_1) entered disabled state
[  810.983082][T15221] bridge_slave_1: entered allmulticast mode
[  811.007393][T15221] bridge_slave_1: entered promiscuous mode
[  811.223250][ T5848] Bluetooth: hci0: command tx timeout
[  811.661069][T15221] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  811.754333][T15221] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  812.025394][T15306] Invalid source name
[  812.029517][T15306] UBIFS error (pid: 15306): cannot open "/dev/sg0", error -22
[  812.880970][ T7164] batadv_slave_0: left promiscuous mode
[  812.899230][ T7164] hsr_slave_0: left promiscuous mode
[  812.910766][ T7164] hsr_slave_1: left promiscuous mode
[  812.926085][ T7164] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  812.943997][ T7164] batman_adv: batadv0: Removing interface: batadv_slave_0
[  812.952243][ T7164] batman_adv: batadv0: Removing interface: batadv_slave_1
[  813.025061][ T7164] veth1_macvtap: left promiscuous mode
[  813.031026][ T7164] veth0_macvtap: left promiscuous mode
[  813.036760][ T7164] veth1_vlan: left promiscuous mode
[  813.490215][ T5848] Bluetooth: hci0: command tx timeout
[  814.172981][ T7164] infiniband syz1: set down
[  814.265074][ T7164] pim6reg (unregistering): left allmulticast mode
[  814.721217][T15333] ufs: You didn't specify the type of your ufs filesystem
[  814.721217][T15333] 
[  814.721217][T15333] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  814.721217][T15333] 
[  814.721217][T15333] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  814.752014][    C0] vkms_vblank_simulate: vblank timer overrun
[  814.758360][T15333] ufs: ufstype=old is supported read-only
[  814.765733][T15333] ufs: ufs_fill_super(): bad magic number
[  816.235518][T15336] loop9: detected capacity change from 0 to 40427
[  816.278639][T15336] F2FS-fs (loop9): build fault injection attr: rate: 690, type: 0x1fffff
[  816.287785][T15336] F2FS-fs (loop9): heap/no_heap options were deprecated
[  816.294846][T15336] F2FS-fs (loop9): Image doesn't support compression
[  816.322912][T15336] F2FS-fs (loop9): invalid crc value
[  816.368512][T15336] F2FS-fs (loop9): Found nat_bits in checkpoint
[  816.472631][T15336] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5
[  816.664536][ T7164] team0 (unregistering): Port device team_slave_1 removed
[  816.844285][T15341] F2FS-fs (loop9): inject checkpoint error in f2fs_balance_fs of f2fs_map_blocks+0x44ec/0x4f10
[  816.881911][T15341] F2FS-fs (loop9): Stopped filesystem due to reason: 1
[  816.987195][ T7164] team0 (unregistering): Port device team_slave_0 removed
[  818.611821][T14698] smc: removing ib device syz1
[  818.661021][T15221] team0: Port device team_slave_0 added
[  818.677760][T15311] netlink: 92 bytes leftover after parsing attributes in process `syz.2.3050'.
[  818.691698][ T5842] vcan0 speed is unknown, defaulting to 1000
[  818.776670][T15221] team0: Port device team_slave_1 added
[  818.930294][T15349] netlink: 68 bytes leftover after parsing attributes in process `syz.8.3059'.
[  818.953583][T15221] batman_adv: batadv0: Adding interface: batadv_slave_0
[  818.961537][T15221] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  818.987448][    C0] vkms_vblank_simulate: vblank timer overrun
[  819.301071][T15221] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  819.584760][T15355] Invalid source name
[  819.589064][T15355] UBIFS error (pid: 15355): cannot open "/dev/sg0", error -22
[  820.237735][T15221] batman_adv: batadv0: Adding interface: batadv_slave_1
[  820.545372][T15221] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  820.572038][T15221] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  821.377311][T15365] netlink: 428 bytes leftover after parsing attributes in process `syz.9.3065'.
[  821.971814][T15365] netlink: 104 bytes leftover after parsing attributes in process `syz.9.3065'.
[  822.076621][T15221] hsr_slave_0: entered promiscuous mode
[  822.220492][T15221] hsr_slave_1: entered promiscuous mode
[  822.271072][T15221] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  822.282572][T15221] Cannot create hsr debugfs directory
[  822.288828][T15374] netlink: 92 bytes leftover after parsing attributes in process `syz.8.3068'.
[  822.371996][T15385] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3070'.
[  824.174480][T15399] netlink: 'syz.9.3072': attribute type 21 has an invalid length.
[  824.184712][T15399] netlink: 128 bytes leftover after parsing attributes in process `syz.9.3072'.
[  824.230660][T15399] netlink: 'syz.9.3072': attribute type 4 has an invalid length.
[  824.289435][T15399] netlink: 'syz.9.3072': attribute type 3 has an invalid length.
[  824.323479][T15399] netlink: 3 bytes leftover after parsing attributes in process `syz.9.3072'.
[  824.396676][T15400] netlink: 'syz.9.3072': attribute type 21 has an invalid length.
[  824.427247][T15400] netlink: 128 bytes leftover after parsing attributes in process `syz.9.3072'.
[  824.441731][T15400] netlink: 'syz.9.3072': attribute type 4 has an invalid length.
[  824.451330][T15400] netlink: 'syz.9.3072': attribute type 5 has an invalid length.
[  824.472172][T15400] netlink: 3 bytes leftover after parsing attributes in process `syz.9.3072'.
[  825.593117][ T7164] IPVS: stop unused estimator thread 0...
[  826.024278][T15418] netlink: 428 bytes leftover after parsing attributes in process `syz.5.3077'.
[  826.355509][T15418] netlink: 104 bytes leftover after parsing attributes in process `syz.5.3077'.
[  829.429389][T15221] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  830.250397][T15221] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  830.742753][T15221] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  831.056003][T15221] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  831.469797][T15221] 8021q: adding VLAN 0 to HW filter on device bond0
[  831.567858][T15221] 8021q: adding VLAN 0 to HW filter on device team0
[  831.620148][T15189] bridge0: port 1(bridge_slave_0) entered blocking state
[  831.627347][T15189] bridge0: port 1(bridge_slave_0) entered forwarding state
[  831.718355][T15189] bridge0: port 2(bridge_slave_1) entered blocking state
[  831.725562][T15189] bridge0: port 2(bridge_slave_1) entered forwarding state
[  832.435111][T15453] loop9: detected capacity change from 0 to 40427
[  832.461706][T15453] F2FS-fs (loop9): build fault injection attr: rate: 690, type: 0x1fffff
[  832.483935][T15453] F2FS-fs (loop9): heap/no_heap options were deprecated
[  832.529787][T15453] F2FS-fs (loop9): Image doesn't support compression
[  832.723969][T15453] F2FS-fs (loop9): invalid crc value
[  832.739922][T15221] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  832.771542][T15453] F2FS-fs (loop9): Found nat_bits in checkpoint
[  832.845560][T15221] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  832.953494][T15466] snd_dummy snd_dummy.0: control 0:0:50593792:syz0:0 is already present
[  833.172777][T15453] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5
[  833.672959][T15479] F2FS-fs (loop9): inject checkpoint error in f2fs_balance_fs of f2fs_map_blocks+0x44ec/0x4f10
[  834.310098][T15479] F2FS-fs (loop9): Stopped filesystem due to reason: 1
[  835.761861][T15221] 8021q: adding VLAN 0 to HW filter on device batadv0
[  835.958695][T15493] Cannot find set identified by id 0 to match
[  836.645459][ T5848] Bluetooth: hci5: ACL packet for unknown connection handle 200
[  836.836395][T15221] veth0_vlan: entered promiscuous mode
[  836.848728][T15221] veth1_vlan: entered promiscuous mode
[  836.873440][T15221] veth0_macvtap: entered promiscuous mode
[  836.883116][T15221] veth1_macvtap: entered promiscuous mode
[  836.900528][T15221] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  836.911091][T15221] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  836.921361][T15221] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  836.932209][T15221] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  836.942205][T15221] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  836.952868][T15221] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  836.962788][T15221] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  836.973362][T15221] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  836.985120][T15221] batman_adv: batadv0: Interface activated: batadv_slave_0
[  836.995395][T15221] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  837.005984][T15221] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  837.015924][T15221] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  837.026920][T15221] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  837.037412][T15221] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  837.048164][T15221] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  837.058255][T15221] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  837.068950][T15221] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  837.096715][T15221] batman_adv: batadv0: Interface activated: batadv_slave_1
[  837.308586][T15221] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  837.321945][T15221] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  837.532813][T15221] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  837.834912][T15221] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  839.261717][T15511] vcan0 speed is unknown, defaulting to 1000
[  839.585905][T15511] vcan0 speed is unknown, defaulting to 1000
[  839.592566][T15511] vcan0 speed is unknown, defaulting to 1000
[  839.657896][ T7166] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  839.666713][ T7166] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  839.745345][  T169] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  839.769916][  T169] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  839.940375][T15511] infiniband syz1: set active
[  839.945173][T15511] infiniband syz1: added vcan0
[  840.005668][    T9] vcan0 speed is unknown, defaulting to 1000
[  840.078262][T15511] syz1: rxe_create_cq: returned err = -12
[  840.084215][T15511] infiniband syz1: Couldn't create ib_mad CQ
[  840.093481][T15511] infiniband syz1: Couldn't open port 1
[  840.136862][T15523] snd_dummy snd_dummy.0: control 0:0:50593792:syz0:0 is already present
[  840.293441][T15511] RDS/IB: syz1: added
[  840.302496][T15511] smc: adding ib device syz1 with port count 1
[  840.309479][T15530] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  840.323326][T15511] smc:    ib device syz1 port 1 has pnetid 
[  840.330712][T12422] vcan0 speed is unknown, defaulting to 1000
[  840.340214][T15511] vcan0 speed is unknown, defaulting to 1000
[  842.522825][T15544] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3111'.
[  843.064226][   T29] audit: type=1326 audit(1731003732.412:1143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15540 comm="syz.2.3111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f107e57e719 code=0x7ffc0000
[  843.086955][   T29] audit: type=1326 audit(1731003732.412:1144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15540 comm="syz.2.3111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f107e57e719 code=0x7ffc0000
[  843.353050][   T29] audit: type=1326 audit(1731003732.422:1145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15540 comm="syz.2.3111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=122 compat=0 ip=0x7f107e57e719 code=0x7ffc0000
[  843.935954][   T29] audit: type=1326 audit(1731003732.432:1146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15540 comm="syz.2.3111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f107e57e719 code=0x7ffc0000
[  844.362379][T15511] vcan0 speed is unknown, defaulting to 1000
[  844.393566][   T29] audit: type=1326 audit(1731003732.432:1147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15540 comm="syz.2.3111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f107e57e719 code=0x7ffc0000
[  844.496854][T15552] netlink: 'syz.9.3109': attribute type 21 has an invalid length.
[  844.505364][T15552] netlink: 128 bytes leftover after parsing attributes in process `syz.9.3109'.
[  844.517773][T15552] netlink: 'syz.9.3109': attribute type 4 has an invalid length.
[  844.526526][T15552] netlink: 'syz.9.3109': attribute type 3 has an invalid length.
[  844.535676][T15552] netlink: 3 bytes leftover after parsing attributes in process `syz.9.3109'.
[  845.249897][   T29] audit: type=1326 audit(1731003732.442:1148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15540 comm="syz.2.3111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f107e57e719 code=0x7ffc0000
[  845.291862][T15552] netlink: 'syz.9.3109': attribute type 21 has an invalid length.
[  845.300663][T15552] netlink: 128 bytes leftover after parsing attributes in process `syz.9.3109'.
[  845.311144][T15552] netlink: 'syz.9.3109': attribute type 4 has an invalid length.
[  845.319573][T15552] netlink: 'syz.9.3109': attribute type 5 has an invalid length.
[  845.327847][T15552] netlink: 3 bytes leftover after parsing attributes in process `syz.9.3109'.
[  845.482932][   T29] audit: type=1326 audit(1731003732.452:1149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15540 comm="syz.2.3111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f107e57e719 code=0x7ffc0000
[  845.719312][   T29] audit: type=1326 audit(1731003732.462:1150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15540 comm="syz.2.3111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f107e57e719 code=0x7ffc0000
[  845.945579][   T29] audit: type=1326 audit(1731003732.482:1151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15540 comm="syz.2.3111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f107e57e719 code=0x7ffc0000
[  846.205576][   T29] audit: type=1326 audit(1731003732.482:1152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15540 comm="syz.2.3111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f107e57e719 code=0x7ffc0000
[  848.385731][T15570] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3117'.
[  848.771826][T15511] vcan0 speed is unknown, defaulting to 1000
[  849.018231][T15511] vcan0 speed is unknown, defaulting to 1000
[  849.800225][T15511] vcan0 speed is unknown, defaulting to 1000
[  851.679980][T15576] loop9: detected capacity change from 0 to 40427
[  851.905515][T15576] F2FS-fs (loop9): Unable to read 1th superblock
[  851.913130][T15576] F2FS-fs (loop9): Unable to read 2th superblock
[  853.905635][T15626] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  856.799390][T15645] rdma_rxe: rxe_newlink: failed to add vcan0
[  856.816268][ T5886] usb 6-1: new full-speed USB device number 4 using dummy_hcd
[  857.167024][ T5886] usb 6-1: config 1 interface 0 altsetting 245 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  857.178445][ T5886] usb 6-1: config 1 interface 0 altsetting 245 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  857.201668][ T5886] usb 6-1: config 1 interface 0 has no altsetting 0
[  857.238266][ T5886] usb 6-1: New USB device found, idVendor=05ac, idProduct=024d, bcdDevice= 0.40
[  857.250958][ T5886] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  857.302408][ T5886] usb 6-1: Product: syz
[  857.320153][ T5886] usb 6-1: Manufacturer: syz
[  857.345757][ T5886] usb 6-1: SerialNumber: syz
[  857.527697][T15639] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  858.001304][ T5886] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/input/input9
[  859.576793][ T5886] usb 6-1: USB disconnect, device number 4
[  859.576861][    C0] bcm5974 6-1:1.0: trackpad urb failed: -19
[  859.618234][ T5886] bcm5974 6-1:1.0: could not read from device
[  859.774560][T15669] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  863.105091][T15694] snd_dummy snd_dummy.0: control 0:0:50593792:syz0:0 is already present
[  867.605978][T15734] ufs: You didn't specify the type of your ufs filesystem
[  867.605978][T15734] 
[  867.605978][T15734] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  867.605978][T15734] 
[  867.605978][T15734] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  867.637130][T15734] ufs: ufstype=old is supported read-only
[  867.645905][T15734] ufs: ufs_fill_super(): bad magic number
[  870.263907][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  870.395303][T15751] snd_dummy snd_dummy.0: control 0:0:50593792:syz0:0 is already present
[  873.012831][T15783] netlink: 'syz.5.3177': attribute type 4 has an invalid length.
[  873.039143][T15783] netlink: 'syz.5.3177': attribute type 4 has an invalid length.
[  877.777407][ T5848] Bluetooth: hci4: command 0x0406 tx timeout
[  879.610828][T15836] netlink: 'syz.5.3191': attribute type 4 has an invalid length.
[  880.624561][T15838] netlink: 'syz.5.3191': attribute type 4 has an invalid length.
[  880.840457][T15847] vcan0 speed is unknown, defaulting to 1000
[  885.896528][T15897] CIFS: VFS: Malformed UNC in devname
[  888.997645][T15927] random: crng reseeded on system resumption
[  890.893362][T15940] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3212'.
[  891.636273][T15955] Invalid source name
[  891.640334][T15955] UBIFS error (pid: 15955): cannot open "/dev/sg0", error -22
[  894.005319][    T9] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  894.219958][    T9] usb 4-1: config index 0 descriptor too short (expected 23569, got 27)
[  894.259578][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  894.282516][    T9] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  894.291798][T12011] usb 9-1: new full-speed USB device number 7 using dummy_hcd
[  894.310482][    T9] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  894.330005][    T9] usb 4-1: Manufacturer: syz
[  894.347202][    T9] usb 4-1: config 0 descriptor??
[  894.486308][T12011] usb 9-1: config 1 interface 0 altsetting 245 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  894.553608][T12011] usb 9-1: config 1 interface 0 altsetting 245 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  894.735654][    T9] rc_core: IR keymap rc-hauppauge not found
[  894.781275][T12011] usb 9-1: config 1 interface 0 has no altsetting 0
[  894.817866][    T9] Registered IR keymap rc-empty
[  894.945426][T12011] usb 9-1: New USB device found, idVendor=05ac, idProduct=024d, bcdDevice= 0.40
[  895.027363][    T9] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  895.055834][T12011] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  895.104701][    T9] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input10
[  895.117033][T12011] usb 9-1: Product: syz
[  895.121249][T12011] usb 9-1: Manufacturer: syz
[  895.126013][T12011] usb 9-1: SerialNumber: syz
[  895.138047][T15975] raw-gadget.1 gadget.8: fail, usb_ep_enable returned -22
[  895.159031][T15971] Bluetooth: MGMT ver 1.23
[  895.269146][    C0] igorplugusb 4-1:0.0: receive overflow invalid: 135
[  895.471421][ T5886] usb 4-1: USB disconnect, device number 35
[  895.610763][T12011] input: bcm5974 as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:1.0/input/input11
[  896.430395][T15999] netlink: 92 bytes leftover after parsing attributes in process `syz.2.3232'.
[  896.828117][ T5885] usb 9-1: USB disconnect, device number 7
[  896.828738][ T5186] bcm5974 9-1:1.0: could not read from device
[  897.839541][ T5186] bcm5974 9-1:1.0: could not read from device
[  897.961029][T15223] Bluetooth: hci3: command 0x0405 tx timeout
[  898.006414][ T5835] bcm5974 9-1:1.0: could not read from device
[  898.089156][ T5186] bcm5974 9-1:1.0: could not read from device
[  898.696122][T16033] Cannot find set identified by id 0 to match
[  898.722057][ T5848] Bluetooth: hci0: link tx timeout
[  898.729078][ T5848] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
[  898.775619][T12011] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  898.945951][T12011] usb 6-1: Using ep0 maxpacket: 32
[  898.959320][T12011] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  898.993705][T12011] usb 6-1: New USB device found, idVendor=084f, idProduct=0001, bcdDevice= b.8c
[  899.005625][T12011] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  899.031643][T12011] usb 6-1: Product: syz
[  899.038126][T12011] usb 6-1: Manufacturer: syz
[  899.080006][T12011] usb 6-1: SerialNumber: syz
[  899.732141][T16045] 9pnet_fd: Insufficient options for proto=fd
[  900.532560][T16049] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3249'.
[  900.780308][ T5914] usb 3-1: new full-speed USB device number 29 using dummy_hcd
[  900.830471][T15223] Bluetooth: hci0: command 0x0406 tx timeout
[  901.107131][ T5914] usb 3-1: config 1 interface 0 altsetting 245 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  901.187469][ T5914] usb 3-1: config 1 interface 0 altsetting 245 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  901.263002][ T5914] usb 3-1: config 1 interface 0 has no altsetting 0
[  901.312142][ T5914] usb 3-1: New USB device found, idVendor=05ac, idProduct=024d, bcdDevice= 0.40
[  901.374452][ T5914] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  901.414403][T16056] syz.3.3251 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  901.419846][ T5914] usb 3-1: Product: syz
[  901.441319][ T5914] usb 3-1: Manufacturer: syz
[  901.447486][ T5914] usb 3-1: SerialNumber: syz
[  901.456981][T16043] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  901.469193][T16056] netlink: 92 bytes leftover after parsing attributes in process `syz.3.3251'.
[  901.485386][ T5886] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[  901.640880][T12011] empeg 6-1:1.0: empeg converter detected
[  901.657886][T12011] empeg 6-1:1.0: probe with driver empeg failed with error -71
[  901.672569][ T5886] usb 9-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  901.686457][ T5914] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input12
[  901.699582][ T5886] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  901.712602][T12011] usb 6-1: USB disconnect, device number 5
[  901.741943][ T5886] usb 9-1: config 0 descriptor??
[  901.848036][T16064] netlink: 44 bytes leftover after parsing attributes in process `syz.9.3254'.
[  901.859792][T16064] netlink: 43 bytes leftover after parsing attributes in process `syz.9.3254'.
[  901.869309][T16064] netlink: 'syz.9.3254': attribute type 6 has an invalid length.
[  901.877842][T16064] netlink: 43 bytes leftover after parsing attributes in process `syz.9.3254'.
[  902.111807][T16070] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  902.293159][ T5186] bcm5974 3-1:1.0: could not read from device
[  902.300201][ T5885] usb 3-1: USB disconnect, device number 29
[  902.318142][ T5186] bcm5974 3-1:1.0: could not read from device
[  902.339296][ T5835] bcm5974 3-1:1.0: could not read from device
[  904.643732][ T5886] [drm] vendor descriptor length:b9 data:00 00 00 00 00 00 00 00 00 00 00
[  904.661095][ T5886] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor
[  904.746271][ T5886] [drm:udl_init] *ERROR* Selecting channel failed
[  904.817463][ T5886] [drm] Initialized udl 0.0.1 for 9-1:0.0 on minor 2
[  904.824239][ T5886] [drm] Initialized udl on minor 2
[  904.834648][ T5886] udl 9-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  904.847415][ T5886] udl 9-1:0.0: [drm] Cannot find any crtc or sizes
[  904.891494][ T5914] udl 9-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  904.904195][ T5886] usb 9-1: USB disconnect, device number 8
[  904.952832][ T5914] udl 9-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed
[  904.981778][ T5914] udl 9-1:0.0: [drm] Cannot find any crtc or sizes
[  905.125693][T16102] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3265'.
[  905.181067][T16106] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  905.195109][T16105] netlink: 92 bytes leftover after parsing attributes in process `syz.9.3268'.
[  907.711187][T16143] netlink: 'syz.9.3277': attribute type 10 has an invalid length.
[  907.719989][T16143] bond0: (slave ipvlan0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  907.732540][T16143] bond0: (slave ipvlan0): The slave device specified does not support setting the MAC address
[  907.744027][T16143] bond0: (slave ipvlan0): Error -95 calling set_mac_address
[  908.759805][T16154] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3280'.
[  910.109529][T16159] netlink: 24 bytes leftover after parsing attributes in process `syz.8.3281'.
[  910.834917][T16164] netlink: 'syz.9.3286': attribute type 4 has an invalid length.
[  911.106589][T16170] netlink: 'syz.9.3286': attribute type 4 has an invalid length.
[  911.180206][T16168] netlink: 92 bytes leftover after parsing attributes in process `syz.8.3285'.
[  913.618783][ T5914] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  913.814987][T16200] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3294'.
[  914.725428][ T5914] usb 3-1: Using ep0 maxpacket: 16
[  915.473365][ T5914] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  915.589174][ T5914] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  915.599363][ T5914] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  915.613041][ T5914] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  915.622403][ T5914] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  915.634992][ T5914] usb 3-1: config 0 descriptor??
[  916.491655][T16213] Invalid source name
[  916.496104][T16213] UBIFS error (pid: 16213): cannot open "/dev/sg0", error -22
[  916.673128][ T5914] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  916.688939][ T5914] microsoft 0003:045E:07DA.0006: ignoring exceeding usage max
[  916.699750][ T5914] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  916.708882][ T5914] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  916.716276][ T5914] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  916.723594][ T5914] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  916.730965][ T5914] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  916.757714][ T5914] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.0006/input/input13
[  916.759671][ T5885] usb 10-1: new full-speed USB device number 2 using dummy_hcd
[  916.864064][ T5914] microsoft 0003:045E:07DA.0006: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0
[  916.887536][ T5914] usb 3-1: USB disconnect, device number 30
[  917.152299][ T5885] usb 10-1: config 1 interface 0 altsetting 245 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  917.921875][T16226] ufs: You didn't specify the type of your ufs filesystem
[  917.921875][T16226] 
[  917.921875][T16226] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  917.921875][T16226] 
[  917.921875][T16226] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  918.035118][T16226] ufs: ufstype=old is supported read-only
[  918.041520][T16226] ufs: ufs_fill_super(): bad magic number
[  918.125929][ T5885] usb 10-1: config 1 interface 0 altsetting 245 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  918.139642][ T5885] usb 10-1: config 1 interface 0 has no altsetting 0
[  918.536806][T16232] netlink: 92 bytes leftover after parsing attributes in process `syz.3.3303'.
[  919.460196][ T5885] usb 10-1: New USB device found, idVendor=05ac, idProduct=024d, bcdDevice= 0.40
[  919.523285][ T5885] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  919.567604][   T29] kauditd_printk_skb: 11 callbacks suppressed
[  919.567623][   T29] audit: type=1326 audit(1731003809.492:1164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16238 comm="syz.2.3304" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f107e57e719 code=0x0
[  919.791756][ T5885] usb 10-1: can't set config #1, error -71
[  919.802415][ T5885] usb 10-1: USB disconnect, device number 2
[  919.944830][T16247] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  920.236410][T16254] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3308'.
[  923.433305][T16277] netlink: 92 bytes leftover after parsing attributes in process `syz.2.3318'.
[  924.058113][T16298] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3320'.
[  924.077708][ T5914] usb 6-1: new full-speed USB device number 6 using dummy_hcd
[  925.129565][ T5914] usb 6-1: config 1 interface 0 altsetting 245 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  925.141065][ T5914] usb 6-1: config 1 interface 0 altsetting 245 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  925.154916][ T5914] usb 6-1: config 1 interface 0 has no altsetting 0
[  925.306096][T16299] ufs: You didn't specify the type of your ufs filesystem
[  925.306096][T16299] 
[  925.306096][T16299] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  925.306096][T16299] 
[  925.306096][T16299] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  925.337242][T16299] ufs: ufstype=old is supported read-only
[  925.347874][T16299] ufs: ufs_fill_super(): bad magic number
[  925.844640][ T5914] usb 6-1: New USB device found, idVendor=05ac, idProduct=024d, bcdDevice= 0.40
[  925.853903][ T5914] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  925.862869][ T5914] usb 6-1: Product: syz
[  925.910022][ T5914] usb 6-1: Manufacturer: syz
[  925.914938][ T5914] usb 6-1: SerialNumber: syz
[  925.935022][T16278] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  925.974470][T16307] block nbd3: NBD_DISCONNECT
[  925.983271][T16307] block nbd3: Disconnected due to user request.
[  926.004586][T16307] block nbd3: shutting down sockets
[  926.153172][ T5914] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/input/input14
[  926.285515][T16320] netlink: 'syz.2.3328': attribute type 21 has an invalid length.
[  926.388420][T16320] netlink: 128 bytes leftover after parsing attributes in process `syz.2.3328'.
[  926.414876][T16320] netlink: 'syz.2.3328': attribute type 4 has an invalid length.
[  926.448198][T16320] netlink: 'syz.2.3328': attribute type 3 has an invalid length.
[  926.464745][T16320] netlink: 3 bytes leftover after parsing attributes in process `syz.2.3328'.
[  926.494370][T16323] netlink: 'syz.2.3328': attribute type 21 has an invalid length.
[  926.541892][T16323] netlink: 128 bytes leftover after parsing attributes in process `syz.2.3328'.
[  926.551811][T16323] netlink: 'syz.2.3328': attribute type 4 has an invalid length.
[  926.560287][T16323] netlink: 'syz.2.3328': attribute type 5 has an invalid length.
[  926.569672][T16323] netlink: 3 bytes leftover after parsing attributes in process `syz.2.3328'.
[  926.725334][   T25] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  926.802675][ T5186] bcm5974 6-1:1.0: could not read from device
[  926.832185][ T5914] usb 6-1: USB disconnect, device number 6
[  926.917702][   T25] usb 10-1: Using ep0 maxpacket: 16
[  927.084218][   T25] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  927.102427][   T25] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  927.112640][   T25] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  927.126048][   T25] usb 10-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  928.675119][   T25] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  928.735920][   T25] usb 10-1: config 0 descriptor??
[  928.763153][T16352] netlink: 92 bytes leftover after parsing attributes in process `syz.3.3338'.
[  929.193799][   T25] microsoft 0003:045E:07DA.0007: unknown main item tag 0x0
[  929.201283][   T25] microsoft 0003:045E:07DA.0007: ignoring exceeding usage max
[  929.214443][   T25] microsoft 0003:045E:07DA.0007: unknown main item tag 0x0
[  929.231628][   T25] microsoft 0003:045E:07DA.0007: unknown main item tag 0x0
[  929.241977][   T25] microsoft 0003:045E:07DA.0007: unknown main item tag 0x0
[  929.254674][   T25] microsoft 0003:045E:07DA.0007: unknown main item tag 0x0
[  929.263794][   T25] microsoft 0003:045E:07DA.0007: unknown main item tag 0x0
[  929.334991][   T25] input: HID 045e:07da as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.0/0003:045E:07DA.0007/input/input15
[  929.392541][T16351] loop8: detected capacity change from 0 to 40427
[  929.412563][T16351] F2FS-fs (loop8): build fault injection attr: rate: 690, type: 0x1fffff
[  929.421953][T16351] F2FS-fs (loop8): heap/no_heap options were deprecated
[  929.432572][T16351] F2FS-fs (loop8): Image doesn't support compression
[  929.433250][   T25] microsoft 0003:045E:07DA.0007: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.9-1/input0
[  929.454521][T16351] F2FS-fs (loop8): invalid crc value
[  929.472439][T16351] F2FS-fs (loop8): Found nat_bits in checkpoint
[  929.512637][   T25] usb 10-1: USB disconnect, device number 3
[  929.742227][T16351] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  930.070133][T16367] F2FS-fs (loop8): inject checkpoint error in f2fs_balance_fs of f2fs_map_blocks+0x44ec/0x4f10
[  930.087315][    T9] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  930.105333][T16367] F2FS-fs (loop8): Stopped filesystem due to reason: 1
[  930.245303][    T9] usb 4-1: Using ep0 maxpacket: 16
[  930.725994][    T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  930.736446][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  930.747700][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  930.757623][    T9] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  930.775327][    T9] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  930.815705][    T9] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  930.825277][    T9] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  930.833750][    T9] usb 4-1: Manufacturer: syz
[  930.870341][    T9] usb 4-1: config 0 descriptor??
[  931.285266][    T9] rc_core: IR keymap rc-hauppauge not found
[  931.295427][    T9] Registered IR keymap rc-empty
[  931.300434][    T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  931.342263][    T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  931.386522][    T9] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  931.467023][    T9] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input16
[  931.612090][    T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  931.635474][    T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  931.675412][    T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  931.701589][    T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  931.725812][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  931.736085][    T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  931.965416][    T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  932.036098][T16388] netlink: 88 bytes leftover after parsing attributes in process `syz.8.3343'.
[  932.741476][    T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  932.781170][    T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  933.365352][    T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  933.425534][    T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  933.467677][    T9] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  933.476962][    T9] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  933.515995][    T9] usb 4-1: USB disconnect, device number 36
[  934.885756][T12011] usb 9-1: new high-speed USB device number 9 using dummy_hcd
[  935.135335][T12011] usb 9-1: Using ep0 maxpacket: 16
[  935.142510][T12011] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  935.178582][T12011] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  935.201359][T12011] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  935.254576][T12011] usb 9-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  935.265690][T12011] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  935.290777][T12011] usb 9-1: config 0 descriptor??
[  935.452310][T16418] netlink: 'syz.9.3356': attribute type 21 has an invalid length.
[  935.494879][T16418] netlink: 128 bytes leftover after parsing attributes in process `syz.9.3356'.
[  935.513089][T16418] netlink: 'syz.9.3356': attribute type 4 has an invalid length.
[  935.564039][T16418] netlink: 'syz.9.3356': attribute type 3 has an invalid length.
[  935.641784][T16418] netlink: 3 bytes leftover after parsing attributes in process `syz.9.3356'.
[  935.721840][T12011] usbhid 9-1:0.0: can't add hid device: -71
[  935.728341][T12011] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  935.743048][T12011] usb 9-1: USB disconnect, device number 9
[  935.938291][T16424] netlink: 'syz.9.3357': attribute type 1 has an invalid length.
[  936.100923][T16424] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  936.340579][T16410] loop5: detected capacity change from 0 to 40427
[  936.395960][T16410] F2FS-fs (loop5): build fault injection attr: rate: 690, type: 0x1fffff
[  936.419887][T16430] loop9: detected capacity change from 0 to 512
[  936.426918][T16410] F2FS-fs (loop5): heap/no_heap options were deprecated
[  936.433977][T16410] F2FS-fs (loop5): Image doesn't support compression
[  936.463088][T16430] EXT4-fs (loop9): blocks per group (95) and clusters per group (32768) inconsistent
[  936.506398][T16410] F2FS-fs (loop5): invalid crc value
[  936.643401][T16410] F2FS-fs (loop5): Found nat_bits in checkpoint
[  937.487934][T16410] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  937.880298][T16445] F2FS-fs (loop5): inject checkpoint error in f2fs_balance_fs of f2fs_map_blocks+0x44ec/0x4f10
[  938.136477][T16445] F2FS-fs (loop5): Stopped filesystem due to reason: 1
[  938.354984][T16449] overlayfs: failed to resolve './file1': -2
[  941.612287][   T25] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  941.785418][   T25] usb 3-1: Using ep0 maxpacket: 16
[  941.809861][   T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  941.836854][   T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  941.856562][   T25] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  941.875714][   T25] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  941.885683][   T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  941.934800][   T25] usb 3-1: config 0 descriptor??
[  942.705068][T16490] ufs: You didn't specify the type of your ufs filesystem
[  942.705068][T16490] 
[  942.705068][T16490] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  942.705068][T16490] 
[  942.705068][T16490] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  942.736721][T16490] ufs: ufstype=old is supported read-only
[  942.744568][T16490] ufs: ufs_fill_super(): bad magic number
[  942.951911][   T25] usbhid 3-1:0.0: can't add hid device: -71
[  942.974289][   T25] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  943.415551][   T25] usb 3-1: USB disconnect, device number 31
[  946.826356][T16526] trusted_key: encrypted_key: insufficient parameters specified
[  950.295721][    T9] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[  950.468960][    T9] usb 10-1: Using ep0 maxpacket: 16
[  950.481862][    T9] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  950.525686][    T9] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  950.555997][    T9] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  950.614589][    T9] usb 10-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  950.658672][    T9] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  950.690524][    T9] usb 10-1: config 0 descriptor??
[  951.122797][    T9] usbhid 10-1:0.0: can't add hid device: -71
[  951.140120][    T9] usbhid 10-1:0.0: probe with driver usbhid failed with error -71
[  951.192953][    T9] usb 10-1: USB disconnect, device number 4
[  951.440525][T16555] loop8: detected capacity change from 0 to 40427
[  951.469081][T16555] F2FS-fs (loop8): build fault injection attr: rate: 690, type: 0x1fffff
[  951.507761][T16555] F2FS-fs (loop8): heap/no_heap options were deprecated
[  951.551828][T16555] F2FS-fs (loop8): Image doesn't support compression
[  951.572692][T16555] F2FS-fs (loop8): invalid crc value
[  951.766878][T16555] F2FS-fs (loop8): Found nat_bits in checkpoint
[  952.342099][T16571] ufs: You didn't specify the type of your ufs filesystem
[  952.342099][T16571] 
[  952.342099][T16571] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  952.342099][T16571] 
[  952.342099][T16571] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  952.373366][T16571] ufs: ufstype=old is supported read-only
[  952.379671][T16571] ufs: ufs_fill_super(): bad magic number
[  953.030162][T16555] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  953.366491][T16579] F2FS-fs (loop8): inject checkpoint error in f2fs_balance_fs of f2fs_map_blocks+0x44ec/0x4f10
[  953.423928][T16579] F2FS-fs (loop8): Stopped filesystem due to reason: 1
[  957.831060][T16615] ufs: You didn't specify the type of your ufs filesystem
[  957.831060][T16615] 
[  957.831060][T16615] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  957.831060][T16615] 
[  957.831060][T16615] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  957.864062][T16615] ufs: ufstype=old is supported read-only
[  957.870405][T16615] ufs: ufs_fill_super(): bad magic number
[  958.984230][T16625] netlink: 'syz.9.3408': attribute type 10 has an invalid length.
[  959.005395][T16625] bond0: (slave ipvlan0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  959.087693][T16625] bond0: (slave ipvlan0): The slave device specified does not support setting the MAC address
[  959.175640][T16625] bond0: (slave ipvlan0): Error -95 calling set_mac_address
[  959.312932][T15223] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  959.324817][T15223] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  959.335567][T15223] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  959.343462][T15223] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  959.353447][T15223] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  959.361180][T15223] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  959.422688][T16627] vcan0 speed is unknown, defaulting to 1000
[  959.662728][T16627] chnl_net:caif_netlink_parms(): no params data found
[  959.678855][T16634] netlink: 'syz.2.3411': attribute type 1 has an invalid length.
[  960.161837][T16627] bridge0: port 1(bridge_slave_0) entered blocking state
[  960.170235][T16627] bridge0: port 1(bridge_slave_0) entered disabled state
[  960.189839][T16627] bridge_slave_0: entered allmulticast mode
[  960.205722][T16627] bridge_slave_0: entered promiscuous mode
[  960.223763][T16627] bridge0: port 2(bridge_slave_1) entered blocking state
[  960.232058][T16627] bridge0: port 2(bridge_slave_1) entered disabled state
[  960.244815][T16627] bridge_slave_1: entered allmulticast mode
[  960.257759][T16627] bridge_slave_1: entered promiscuous mode
[  960.301620][T16627] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  960.318488][T16627] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  960.444290][T16627] team0: Port device team_slave_0 added
[  960.516395][T16627] team0: Port device team_slave_1 added
[  960.614379][T16627] batman_adv: batadv0: Adding interface: batadv_slave_0
[  960.622694][T16627] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  960.703777][T16627] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  960.751784][T16627] batman_adv: batadv0: Adding interface: batadv_slave_1
[  960.818195][T16627] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  960.909017][T16627] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  961.718721][T15223] Bluetooth: hci2: command tx timeout
[  961.883121][T16627] hsr_slave_0: entered promiscuous mode
[  961.900464][T16627] hsr_slave_1: entered promiscuous mode
[  962.117767][T16627] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  962.149377][T16627] Cannot create hsr debugfs directory
[  962.211340][T16648] trusted_key: encrypted_key: insufficient parameters specified
[  963.775467][T15223] Bluetooth: hci2: command tx timeout
[  963.992533][T16671] netlink: 'syz.3.3421': attribute type 1 has an invalid length.
[  964.168825][T16672] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  965.196292][ T7162] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  965.578790][ T7162] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  965.875577][T15223] Bluetooth: hci2: command tx timeout
[  966.287323][T16688] netlink: 'syz.8.3422': attribute type 10 has an invalid length.
[  966.302361][T16688] bond0: (slave ipvlan0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  966.385910][T16688] bond0: (slave ipvlan0): The slave device specified does not support setting the MAC address
[  966.857146][T16688] bond0: (slave ipvlan0): Error -95 calling set_mac_address
[  966.936152][ T7162] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  966.993608][T16627] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  967.031189][T16627] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  967.149439][ T7162] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  967.214284][T16627] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  968.044437][ T5848] Bluetooth: hci2: command tx timeout
[  968.085381][T16696] block nbd2: shutting down sockets
[  968.182427][T16627] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  969.902444][T16627] 8021q: adding VLAN 0 to HW filter on device bond0
[  969.918205][T16627] 8021q: adding VLAN 0 to HW filter on device team0
[  969.959430][T16709] netlink: 'syz.9.3432': attribute type 1 has an invalid length.
[  970.057109][   T81] bridge0: port 1(bridge_slave_0) entered blocking state
[  970.064380][   T81] bridge0: port 1(bridge_slave_0) entered forwarding state
[  970.148001][   T81] bridge0: port 2(bridge_slave_1) entered blocking state
[  970.155313][   T81] bridge0: port 2(bridge_slave_1) entered forwarding state
[  970.389171][ T7162] bridge_slave_1: left allmulticast mode
[  970.396604][ T7162] bridge_slave_1: left promiscuous mode
[  970.404245][ T7162] bridge0: port 2(bridge_slave_1) entered disabled state
[  971.044041][ T7162] bridge_slave_0: left allmulticast mode
[  971.060020][ T7162] bridge_slave_0: left promiscuous mode
[  971.067763][ T7162] bridge0: port 1(bridge_slave_0) entered disabled state
[  975.117908][T16748] trusted_key: encrypted_key: insufficient parameters specified
[  975.551432][T16750] loop8: detected capacity change from 0 to 512
[  975.601363][T16750] EXT4-fs (loop8): blocks per group (95) and clusters per group (32768) inconsistent
[  977.182366][ T7162] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  977.194281][ T7162] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  977.209166][ T7162] bond0 (unregistering): Released all slaves
[  977.247882][T16757] netlink: 'syz.8.3444': attribute type 1 has an invalid length.
[  977.389800][T16763] ÿÿÿÿÿÿ: renamed from vlan1 (while UP)
[  978.545892][T16779] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.3448'.
[  978.589773][T16627] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  978.601616][T16627] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  978.678132][   T29] audit: type=1804 audit(1731003868.592:1165): pid=16781 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.8.3449" name="/newroot/290/file1" dev="fuse" ino=1 res=1 errno=0
[  978.787963][   T29] audit: type=1804 audit(1731003868.592:1166): pid=16784 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.8.3449" name="/newroot/290/file1" dev="fuse" ino=1 res=1 errno=0
[  978.848290][   T29] audit: type=1800 audit(1731003868.592:1167): pid=16784 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.3449" name="/" dev="fuse" ino=1 res=0 errno=0
[  979.163468][T16627] 8021q: adding VLAN 0 to HW filter on device batadv0
[  979.333172][ T7162] hsr_slave_0: left promiscuous mode
[  979.341819][ T7162] hsr_slave_1: left promiscuous mode
[  979.415634][ T7162] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  979.434590][ T7162] batman_adv: batadv0: Removing interface: batadv_slave_0
[  979.473583][ T7162] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  979.501723][ T7162] batman_adv: batadv0: Removing interface: batadv_slave_1
[  979.555044][T16793] Invalid source name
[  979.635318][T16793] UBIFS error (pid: 16793): cannot open "/dev/sg0", error -22
[  979.662682][ T7162] veth1_macvtap: left promiscuous mode
[  979.713445][ T7162] veth0_macvtap: left promiscuous mode
[  979.809953][ T7162] veth1_vlan: left promiscuous mode
[  980.298007][T16797] loop3: detected capacity change from 0 to 512
[  980.376986][T16797] EXT4-fs (loop3): blocks per group (95) and clusters per group (32768) inconsistent
[  980.654262][T16802] trusted_key: encrypted_key: insufficient parameters specified
[  981.517227][ T7162] infiniband syz1: set down
[  983.464353][ T7162] team0 (unregistering): Port device team_slave_1 removed
[  983.538556][ T7162] team0 (unregistering): Port device team_slave_0 removed
[  984.219397][ T7145] smc: removing ib device syz1
[  984.273323][ T5914] vcan0 speed is unknown, defaulting to 1000
[  984.346627][T16627] veth0_vlan: entered promiscuous mode
[  984.361627][T16818] netlink: 'syz.9.3458': attribute type 1 has an invalid length.
[  984.386269][T16818] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR
[  984.541360][T16627] veth1_vlan: entered promiscuous mode
[  984.690709][T16828] block nbd8: NBD_DISCONNECT
[  984.763454][T16627] veth0_macvtap: entered promiscuous mode
[  984.788880][T16627] veth1_macvtap: entered promiscuous mode
[  985.227923][T15223] Bluetooth: hci0: command 0x0406 tx timeout
[  985.377193][T16627] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  985.566773][T16627] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  985.576851][T16627] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  985.603008][T16627] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  985.618029][T16627] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  985.652467][T16627] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  985.685736][T16627] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  985.702691][T16627] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  985.758298][T16627] batman_adv: batadv0: Interface activated: batadv_slave_0
[  986.064194][T16627] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  986.089643][T16627] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  986.149273][T16627] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  986.187047][T16627] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  986.228099][T16627] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  986.259857][T16627] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  986.289054][T16627] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  986.320027][T16627] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  986.549232][T16627] batman_adv: batadv0: Interface activated: batadv_slave_1
[  987.008647][T16846] trusted_key: encrypted_key: insufficient parameters specified
[  987.084595][T16627] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  987.172478][T16627] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  987.211935][T16627] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  987.253593][T16627] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  987.664238][   T81] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  987.675313][ T5914] usb 4-1: new full-speed USB device number 37 using dummy_hcd
[  987.704102][   T81] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  987.912263][ T5914] usb 4-1: config 1 interface 0 altsetting 245 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  988.091098][   T81] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  988.097058][ T5914] usb 4-1: config 1 interface 0 altsetting 245 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  988.368613][T16858] block nbd8: NBD_DISCONNECT
[  988.385202][   T81] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  988.395313][ T5914] usb 4-1: config 1 interface 0 has no altsetting 0
[  988.416035][ T5914] usb 4-1: New USB device found, idVendor=05ac, idProduct=024d, bcdDevice= 0.40
[  988.425888][ T5914] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  988.433981][ T5914] usb 4-1: Product: syz
[  988.438320][ T5914] usb 4-1: Manufacturer: syz
[  988.446451][ T5914] usb 4-1: SerialNumber: syz
[  988.484221][T16856] block nbd8: Disconnected due to user request.
[  988.518512][T16856] block nbd8: shutting down sockets
[  988.521276][T16851] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  988.595781][T16860] netlink: 199836 bytes leftover after parsing attributes in process `syz.9.3462'.
[  988.753653][ T5914] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/input/input17
[  988.758613][ T5186] bcm5974 4-1:1.0: could not read from device
[  988.779162][ T5186] bcm5974 4-1:1.0: could not read from device
[  988.783454][ T5186] bcm5974 4-1:1.0: could not read from device
[  988.789120][ T5186] bcm5974 4-1:1.0: could not read from device
[  988.789720][ T5914] usb 4-1: USB disconnect, device number 37
[  988.963785][T16868] usb usb1: usbfs: process 16868 (syz.2.3466) did not claim interface 0 before use
[  989.702225][T16859] tty tty39: ldisc open failed (-12), clearing slot 38
[  989.709714][T16867] tty tty1: ldisc open failed (-12), clearing slot 0
[  989.878962][T16873] netlink: 'syz.3.3471': attribute type 1 has an invalid length.
[  991.096499][T16886] Cannot find set identified by id 0 to match
[  991.135355][ T5848] Bluetooth: hci4: ACL packet for unknown connection handle 200
[  992.923103][T16894] trusted_key: encrypted_key: insufficient parameters specified
[  993.272397][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  995.320217][T16920] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3484'.
[  996.112489][T16923] netlink: 'syz.1.3485': attribute type 1 has an invalid length.
[  998.876552][T16959] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3495'.
[ 1000.328257][T16970] Cannot find set identified by id 0 to match
[ 1001.059405][ T5848] Bluetooth: hci0: ACL packet for unknown connection handle 200
[ 1001.684053][T16984] netlink: 'syz.2.3503': attribute type 1 has an invalid length.
[ 1002.638113][T16997] trusted_key: encrypted_key: insufficient parameters specified
[ 1003.193640][T17001] netlink: 'syz.2.3508': attribute type 4 has an invalid length.
[ 1003.880392][T17003] netlink: 'syz.2.3508': attribute type 4 has an invalid length.
[ 1004.606252][T17016] Cannot find set identified by id 0 to match
[ 1005.113729][ T5848] Bluetooth: hci0: ACL packet for unknown connection handle 200
[ 1006.401280][T17032] netlink: 'syz.3.3518': attribute type 1 has an invalid length.
[ 1006.615289][T12422] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[ 1006.635644][T17042] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 1006.644101][T17042] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock
[ 1006.654463][T17042] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 1006.666328][T17042] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock
[ 1006.968859][T12422] usb 2-1: Using ep0 maxpacket: 16
[ 1007.021621][T12422] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1007.701680][T12422] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1007.782489][T12422] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1007.887980][T12422] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1007.957314][T12422] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1008.165031][T12422] usb 2-1: config 0 descriptor??
[ 1009.200846][T12422] usbhid 2-1:0.0: can't add hid device: -71
[ 1009.211551][T12422] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1009.256351][   T51] usb 10-1: new high-speed USB device number 5 using dummy_hcd
[ 1009.267557][T12422] usb 2-1: USB disconnect, device number 11
[ 1009.589418][   T51] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1009.600612][   T51] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1009.625338][   T51] usb 10-1: New USB device found, idVendor=056a, idProduct=032f, bcdDevice= 0.00
[ 1009.634543][   T51] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1010.636603][   T51] usb 10-1: config 0 descriptor??
[ 1010.642470][   T51] usb 10-1: can't set config #0, error -71
[ 1010.653711][   T51] usb 10-1: USB disconnect, device number 5
[ 1011.397374][T17088] netlink: 'syz.3.3534': attribute type 1 has an invalid length.
[ 1014.495443][ T5844] Bluetooth: hci2: command 0x0405 tx timeout
[ 1014.805634][T17124] random: crng reseeded on system resumption
[ 1016.891984][T17138] netlink: 'syz.9.3546': attribute type 1 has an invalid length.
[ 1017.765386][T17148] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3549'.
[ 1017.802502][T17148] netlink: 43 bytes leftover after parsing attributes in process `syz.3.3549'.
[ 1017.828781][T17148] netlink: 'syz.3.3549': attribute type 6 has an invalid length.
[ 1017.846426][T17148] netlink: 43 bytes leftover after parsing attributes in process `syz.3.3549'.
[ 1019.530358][T17173] netlink: 'syz.2.3557': attribute type 1 has an invalid length.
[ 1019.633603][T17147] loop1: detected capacity change from 0 to 40427
[ 1019.795515][T17147] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x1fffff
[ 1019.811956][T17147] F2FS-fs (loop1): heap/no_heap options were deprecated
[ 1019.819579][T17147] F2FS-fs (loop1): Image doesn't support compression
[ 1019.858044][T17147] F2FS-fs (loop1): invalid crc value
[ 1019.899954][T17180] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.3556'.
[ 1019.962731][T17147] F2FS-fs (loop1): Found nat_bits in checkpoint
[ 1019.996068][T17184] netlink: 256 bytes leftover after parsing attributes in process `syz.2.3559'.
[ 1020.225673][T17147] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[ 1020.297894][T17190] netlink: 'syz.2.3560': attribute type 4 has an invalid length.
[ 1020.536592][T17192] netlink: 'syz.2.3560': attribute type 4 has an invalid length.
[ 1020.662016][T17195] F2FS-fs (loop1): inject checkpoint error in f2fs_balance_fs of f2fs_map_blocks+0x44ec/0x4f10
[ 1020.701163][T17195] F2FS-fs (loop1): Stopped filesystem due to reason: 1
[ 1021.295711][ T5844] Bluetooth: hci2: command 0x0405 tx timeout
[ 1021.419845][T17200] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3563'.
[ 1021.429430][T17200] netlink: 43 bytes leftover after parsing attributes in process `syz.2.3563'.
[ 1021.438843][T17200] netlink: 'syz.2.3563': attribute type 6 has an invalid length.
[ 1021.447782][T17200] netlink: 43 bytes leftover after parsing attributes in process `syz.2.3563'.
[ 1021.463364][T17200] binder: BINDER_SET_CONTEXT_MGR already set
[ 1021.472353][T17200] binder: 17199:17200 ioctl 4018620d 200001c0 returned -16
[ 1024.892663][T17234] netlink: 'syz.1.3569': attribute type 1 has an invalid length.
[ 1025.010942][T17241] netlink: 'syz.3.3573': attribute type 4 has an invalid length.
[ 1025.104667][T17243] netlink: 'syz.3.3573': attribute type 4 has an invalid length.
[ 1025.222279][T17245] Cannot find set identified by id 0 to match
[ 1025.927578][ T5844] Bluetooth: hci3: ACL packet for unknown connection handle 200
[ 1026.149717][T17255] loop4: detected capacity change from 0 to 524287999
[ 1026.188705][    C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1026.198317][    C0] Buffer I/O error on dev loop4, logical block 0, async page read
[ 1026.283541][T17254] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3574'.
[ 1026.324921][    C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1026.334244][    C0] Buffer I/O error on dev loop4, logical block 0, async page read
[ 1026.364471][    C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1026.365377][T17254] netlink: 43 bytes leftover after parsing attributes in process `syz.1.3574'.
[ 1026.373802][    C0] Buffer I/O error on dev loop4, logical block 0, async page read
[ 1026.394016][    C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1026.403312][    C0] Buffer I/O error on dev loop4, logical block 0, async page read
[ 1026.419042][    C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1026.428301][    C1] Buffer I/O error on dev loop4, logical block 0, async page read
[ 1026.440914][    C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1026.450254][    C1] Buffer I/O error on dev loop4, logical block 0, async page read
[ 1026.558668][    C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1026.567974][    C1] Buffer I/O error on dev loop4, logical block 0, async page read
[ 1026.589089][    C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1026.598384][    C1] Buffer I/O error on dev loop4, logical block 0, async page read
[ 1026.609406][T17255] ldm_validate_partition_table(): Disk read failed.
[ 1026.644453][    C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1026.653760][    C1] Buffer I/O error on dev loop4, logical block 0, async page read
[ 1026.710851][    C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 1026.720165][    C1] Buffer I/O error on dev loop4, logical block 0, async page read
[ 1026.741094][T17255] Dev loop4: unable to read RDB block 0
[ 1026.974181][T17254] netlink: 'syz.1.3574': attribute type 6 has an invalid length.
[ 1027.043543][T17255]  loop4: unable to read partition table
[ 1027.050619][T17254] netlink: 43 bytes leftover after parsing attributes in process `syz.1.3574'.
[ 1027.079509][T17255] loop_reread_partitions: partition scan of loop4 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[ 1027.795899][T17276] netlink: 'syz.2.3584': attribute type 1 has an invalid length.
[ 1027.911444][T17281] netlink: 'syz.3.3586': attribute type 4 has an invalid length.
[ 1027.983196][T17282] netlink: 'syz.3.3586': attribute type 4 has an invalid length.
[ 1028.242413][T17288] ubi: mtd0 is already attached to ubi0
[ 1028.555222][ T5844] Bluetooth: hci2: command 0x0405 tx timeout
[ 1028.885509][ T5842] usb 10-1: new high-speed USB device number 6 using dummy_hcd
[ 1028.992868][T17298] netlink: 44 bytes leftover after parsing attributes in process `syz.8.3591'.
[ 1029.002215][T17298] netlink: 43 bytes leftover after parsing attributes in process `syz.8.3591'.
[ 1029.011328][T17298] netlink: 'syz.8.3591': attribute type 6 has an invalid length.
[ 1029.019252][T17298] netlink: 43 bytes leftover after parsing attributes in process `syz.8.3591'.
[ 1029.034448][T17298] binder: BINDER_SET_CONTEXT_MGR already set
[ 1029.040726][T17298] binder: 17297:17298 ioctl 4018620d 200001c0 returned -16
[ 1029.212281][T17294] ÿÿÿÿÿÿ: renamed from vlan1 (while UP)
[ 1030.566348][ T5842] usb 10-1: Using ep0 maxpacket: 16
[ 1030.573252][ T5842] usb 10-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[ 1030.585470][ T5842] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1030.601532][ T5842] usb 10-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1030.682997][ T5842] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1030.691307][ T5842] usb 10-1: Product: syz
[ 1030.695686][ T5842] usb 10-1: Manufacturer: syz
[ 1030.700432][ T5842] usb 10-1: SerialNumber: syz
[ 1030.707850][ T5842] usb 10-1: config 0 descriptor??
[ 1030.718477][ T5842] em28xx 10-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 1030.734618][ T5842] em28xx 10-1:0.0: Audio interface 0 found (Vendor Class)
[ 1030.861986][T17317] netlink: 428 bytes leftover after parsing attributes in process `syz.2.3597'.
[ 1030.871791][T17317] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3597'.
[ 1031.030188][T17324] netlink: 'syz.1.3598': attribute type 4 has an invalid length.
[ 1031.100889][T17319] netlink: 'syz.1.3598': attribute type 4 has an invalid length.
[ 1031.411315][ T5842] em28xx 10-1:0.0: chip ID is em2874
[ 1032.765690][ T5842] usb 10-1: USB disconnect, device number 6
[ 1032.810347][ T5842] em28xx 10-1:0.0: Disconnecting em28xx
[ 1033.380642][ T5842] em28xx 10-1:0.0: Freeing device
[ 1035.131156][T17363] netlink: 428 bytes leftover after parsing attributes in process `syz.2.3610'.
[ 1035.140628][T17363] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3610'.
[ 1035.150003][    T9] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[ 1035.202035][T17368] netlink: 'syz.1.3611': attribute type 4 has an invalid length.
[ 1035.305985][T17369] netlink: 'syz.1.3611': attribute type 4 has an invalid length.
[ 1036.548965][T17364] block nbd8: shutting down sockets
[ 1039.644412][    T9] usb 4-1: unable to read config index 0 descriptor/start: -71
[ 1039.652558][    T9] usb 4-1: can't read configurations, error -71
[ 1040.083494][T17413] netlink: 'syz.3.3624': attribute type 4 has an invalid length.
[ 1040.144428][T17413] netlink: 'syz.3.3624': attribute type 4 has an invalid length.
[ 1041.225391][T17428] trusted_key: encrypted_key: insufficient parameters specified
[ 1041.422336][ T5844] block nbd1: Receive control failed (result -32)
[ 1042.047843][T17422] block nbd1: shutting down sockets
[ 1045.091390][T17456] netlink: 'syz.8.3637': attribute type 4 has an invalid length.
[ 1045.101182][T17456] netlink: 'syz.8.3637': attribute type 4 has an invalid length.
[ 1045.118906][ T5914] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[ 1045.308119][ T5914] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[ 1045.401707][ T5914] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1045.442636][ T5914] usb 2-1: config 0 descriptor??
[ 1045.685823][T17467] block nbd3: NBD_DISCONNECT
[ 1045.705364][T17467] block nbd3: Disconnected due to user request.
[ 1045.720957][T17467] block nbd3: shutting down sockets
[ 1047.363943][T17478] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3635'.
[ 1048.792417][ T5914] [drm] vendor descriptor length:b9 data:00 00 00 00 00 00 00 00 00 00 00
[ 1048.805303][ T5914] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor
[ 1048.833862][ T5914] [drm:udl_init] *ERROR* Selecting channel failed
[ 1048.857376][ T5914] [drm] Initialized udl 0.0.1 for 2-1:0.0 on minor 2
[ 1048.864225][ T5914] [drm] Initialized udl on minor 2
[ 1048.872164][ T5914] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[ 1048.882622][ T5914] udl 2-1:0.0: [drm] Cannot find any crtc or sizes
[ 1048.898342][ T5914] usb 2-1: USB disconnect, device number 12
[ 1050.454077][T17500] sp0: Synchronizing with TNC
[ 1051.637727][T17509] netlink: 'syz.2.3649': attribute type 4 has an invalid length.
[ 1051.991227][T17514] 
[ 1051.993623][T17514] ======================================================
[ 1052.000664][T17514] WARNING: possible circular locking dependency detected
[ 1052.007721][T17514] 6.12.0-rc6-next-20241107-syzkaller #0 Not tainted
[ 1052.014344][T17514] ------------------------------------------------------
[ 1052.021483][T17514] syz.8.3651/17514 is trying to acquire lock:
[ 1052.027572][T17514] ffff88805c1fe5e0 (&mm->mmap_lock){++++}-{4:4}, at: __might_fault+0xaa/0x120
[ 1052.036527][T17514] 
[ 1052.036527][T17514] but task is already holding lock:
[ 1052.043916][T17514] ffff888025ef4d10 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0xdd/0x9a0
[ 1052.053288][T17514] 
[ 1052.053288][T17514] which lock already depends on the new lock.
[ 1052.053288][T17514] 
[ 1052.063803][T17514] 
[ 1052.063803][T17514] the existing dependency chain (in reverse order) is:
[ 1052.072844][T17514] 
[ 1052.072844][T17514] -> #3 (&q->debugfs_mutex){+.+.}-{4:4}:
[ 1052.080730][T17514]        lock_acquire+0x1ed/0x550
[ 1052.085800][T17514]        __mutex_lock+0x1ac/0xee0
[ 1052.090895][T17514]        blk_mq_init_sched+0x3fa/0x830
[ 1052.096399][T17514]        elevator_init_mq+0x1d8/0x2d0
[ 1052.101808][T17514]        add_disk_fwnode+0x10d/0xf80
[ 1052.107128][T17514]        sd_probe+0xba6/0x1100
[ 1052.111926][T17514]        really_probe+0x2b8/0xad0
[ 1052.116980][T17514]        __driver_probe_device+0x1a2/0x390
[ 1052.122816][T17514]        driver_probe_device+0x50/0x430
[ 1052.128390][T17514]        __device_attach_driver+0x2d6/0x530
[ 1052.134322][T17514]        bus_for_each_drv+0x24e/0x2e0
[ 1052.139735][T17514]        __device_attach_async_helper+0x22d/0x300
[ 1052.146189][T17514]        async_run_entry_fn+0xa8/0x420
[ 1052.151692][T17514]        process_scheduled_works+0xa63/0x1850
[ 1052.157802][T17514]        worker_thread+0x870/0xd30
[ 1052.162958][T17514]        kthread+0x2f0/0x390
[ 1052.167581][T17514]        ret_from_fork+0x4b/0x80
[ 1052.172547][T17514]        ret_from_fork_asm+0x1a/0x30
[ 1052.177877][T17514] 
[ 1052.177877][T17514] -> #2 (&q->q_usage_counter(io)#66){++++}-{0:0}:
[ 1052.186542][T17514]        lock_acquire+0x1ed/0x550
[ 1052.191596][T17514]        blk_mq_submit_bio+0x1510/0x2490
[ 1052.197260][T17514]        __submit_bio+0x2c2/0x560
[ 1052.202318][T17514]        submit_bio_noacct_nocheck+0x4d3/0xe30
[ 1052.208536][T17514]        ext4_bio_write_folio+0x123a/0x1d70
[ 1052.214472][T17514]        mpage_submit_folio+0x1af/0x230
[ 1052.220057][T17514]        ext4_do_writepages+0x1d1d/0x3d20
[ 1052.225805][T17514]        ext4_writepages+0x213/0x3c0
[ 1052.231129][T17514]        do_writepages+0x35d/0x870
[ 1052.236274][T17514]        __writeback_single_inode+0x14f/0x10d0
[ 1052.242474][T17514]        writeback_sb_inodes+0x80c/0x1370
[ 1052.248233][T17514]        __writeback_inodes_wb+0x11b/0x260
[ 1052.254076][T17514]        wb_writeback+0x42f/0xbd0
[ 1052.259145][T17514]        wb_workfn+0xba1/0x1090
[ 1052.264031][T17514]        process_scheduled_works+0xa63/0x1850
[ 1052.270143][T17514]        worker_thread+0x870/0xd30
[ 1052.275319][T17514]        kthread+0x2f0/0x390
[ 1052.279934][T17514]        ret_from_fork+0x4b/0x80
[ 1052.284907][T17514]        ret_from_fork_asm+0x1a/0x30
[ 1052.290264][T17514] 
[ 1052.290264][T17514] -> #1 (jbd2_handle){++++}-{0:0}:
[ 1052.297625][T17514]        lock_acquire+0x1ed/0x550
[ 1052.302683][T17514]        start_this_handle+0x1eb4/0x2110
[ 1052.308345][T17514]        jbd2__journal_start+0x2da/0x5d0
[ 1052.314010][T17514]        __ext4_journal_start_sb+0x239/0x600
[ 1052.320029][T17514]        ext4_dirty_inode+0x92/0x110
[ 1052.325351][T17514]        __mark_inode_dirty+0x2ee/0xe90
[ 1052.330933][T17514]        touch_atime+0x413/0x690
[ 1052.335906][T17514]        ext4_file_mmap+0x18c/0x540
[ 1052.341135][T17514]        __mmap_region+0x2204/0x2cd0
[ 1052.346462][T17514]        mmap_region+0x226/0x2c0
[ 1052.351432][T17514]        do_mmap+0x8f0/0x1000
[ 1052.356140][T17514]        vm_mmap_pgoff+0x214/0x430
[ 1052.361309][T17514]        ksys_mmap_pgoff+0x4eb/0x720
[ 1052.366712][T17514]        do_syscall_64+0xf3/0x230
[ 1052.371774][T17514]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1052.378236][T17514] 
[ 1052.378236][T17514] -> #0 (&mm->mmap_lock){++++}-{4:4}:
[ 1052.385839][T17514]        validate_chain+0x18ef/0x5920
[ 1052.391244][T17514]        __lock_acquire+0x1397/0x2100
[ 1052.396645][T17514]        lock_acquire+0x1ed/0x550
[ 1052.401692][T17514]        __might_fault+0xc6/0x120
[ 1052.406745][T17514]        _copy_from_user+0x2a/0xc0
[ 1052.411878][T17514]        blk_trace_ioctl+0x1ad/0x9a0
[ 1052.417190][T17514]        blkdev_ioctl+0x40c/0x6a0
[ 1052.422248][T17514]        __se_sys_ioctl+0xf5/0x170
[ 1052.427401][T17514]        do_syscall_64+0xf3/0x230
[ 1052.432447][T17514]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1052.438898][T17514] 
[ 1052.438898][T17514] other info that might help us debug this:
[ 1052.438898][T17514] 
[ 1052.449142][T17514] Chain exists of:
[ 1052.449142][T17514]   &mm->mmap_lock --> &q->q_usage_counter(io)#66 --> &q->debugfs_mutex
[ 1052.449142][T17514] 
[ 1052.463291][T17514]  Possible unsafe locking scenario:
[ 1052.463291][T17514] 
[ 1052.470759][T17514]        CPU0                    CPU1
[ 1052.476138][T17514]        ----                    ----
[ 1052.481518][T17514]   lock(&q->debugfs_mutex);
[ 1052.486144][T17514]                                lock(&q->q_usage_counter(io)#66);
[ 1052.494084][T17514]                                lock(&q->debugfs_mutex);
[ 1052.501230][T17514]   rlock(&mm->mmap_lock);
[ 1052.505677][T17514] 
[ 1052.505677][T17514]  *** DEADLOCK ***
[ 1052.505677][T17514] 
[ 1052.513834][T17514] 1 lock held by syz.8.3651/17514:
[ 1052.518962][T17514]  #0: ffff888025ef4d10 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0xdd/0x9a0
[ 1052.528770][T17514] 
[ 1052.528770][T17514] stack backtrace:
[ 1052.534699][T17514] CPU: 1 UID: 0 PID: 17514 Comm: syz.8.3651 Not tainted 6.12.0-rc6-next-20241107-syzkaller #0
[ 1052.544960][T17514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1052.555048][T17514] Call Trace:
[ 1052.558348][T17514]  <TASK>
[ 1052.561297][T17514]  dump_stack_lvl+0x241/0x360
[ 1052.566012][T17514]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1052.571244][T17514]  ? __pfx__printk+0x10/0x10
[ 1052.575873][T17514]  print_circular_bug+0x13a/0x1b0
[ 1052.580940][T17514]  check_noncircular+0x36a/0x4a0
[ 1052.585913][T17514]  ? __pfx_check_noncircular+0x10/0x10
[ 1052.591403][T17514]  ? lockdep_lock+0x123/0x2b0
[ 1052.596124][T17514]  validate_chain+0x18ef/0x5920
[ 1052.601015][T17514]  ? is_bpf_text_address+0x26/0x2a0
[ 1052.606252][T17514]  ? 0xffffffffa0003b40
[ 1052.610438][T17514]  ? 0xffffffffa0003b40
[ 1052.614615][T17514]  ? __pfx_validate_chain+0x10/0x10
[ 1052.619853][T17514]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1052.626045][T17514]  ? kernel_text_address+0xa7/0xe0
[ 1052.631199][T17514]  ? mark_lock+0x9a/0x360
[ 1052.635560][T17514]  ? __lock_acquire+0x1397/0x2100
[ 1052.640614][T17514]  ? string+0x26a/0x2b0
[ 1052.644798][T17514]  ? widen_string+0x3a/0x310
[ 1052.649465][T17514]  ? string+0x26a/0x2b0
[ 1052.653655][T17514]  ? bdev_name+0x2b1/0x3c0
[ 1052.658108][T17514]  ? mark_lock+0x9a/0x360
[ 1052.662468][T17514]  __lock_acquire+0x1397/0x2100
[ 1052.667355][T17514]  lock_acquire+0x1ed/0x550
[ 1052.671889][T17514]  ? __might_fault+0xaa/0x120
[ 1052.676612][T17514]  ? __pfx_lock_acquire+0x10/0x10
[ 1052.681678][T17514]  ? __pfx___might_resched+0x10/0x10
[ 1052.687002][T17514]  ? snprintf+0xda/0x120
[ 1052.691274][T17514]  ? __pfx___mutex_lock+0x10/0x10
[ 1052.696336][T17514]  ? blk_trace_ioctl+0xec/0x9a0
[ 1052.701211][T17514]  ? __pfx_snprintf+0x10/0x10
[ 1052.705919][T17514]  ? __might_fault+0xaa/0x120
[ 1052.710632][T17514]  __might_fault+0xc6/0x120
[ 1052.715167][T17514]  ? __might_fault+0xaa/0x120
[ 1052.719883][T17514]  _copy_from_user+0x2a/0xc0
[ 1052.724503][T17514]  blk_trace_ioctl+0x1ad/0x9a0
[ 1052.729291][T17514]  ? tomoyo_path_number_perm+0x6f9/0x860
[ 1052.734979][T17514]  ? tomoyo_path_number_perm+0x206/0x860
[ 1052.740645][T17514]  ? __pfx_blk_trace_ioctl+0x10/0x10
[ 1052.745961][T17514]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1052.751986][T17514]  ? file_to_blk_mode+0xcc/0x140
[ 1052.756967][T17514]  blkdev_ioctl+0x40c/0x6a0
[ 1052.761502][T17514]  ? __pfx_blkdev_ioctl+0x10/0x10
[ 1052.766566][T17514]  ? __se_sys_ioctl+0x2c/0x170
[ 1052.771371][T17514]  ? __pfx_blkdev_ioctl+0x10/0x10
[ 1052.776427][T17514]  __se_sys_ioctl+0xf5/0x170
[ 1052.781065][T17514]  do_syscall_64+0xf3/0x230
[ 1052.785601][T17514]  ? clear_bhb_loop+0x35/0x90
[ 1052.790307][T17514]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1052.796241][T17514] RIP: 0033:0x7f7a7f37e719
[ 1052.800683][T17514] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1052.820320][T17514] RSP: 002b:00007f7a7d7f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1052.828767][T17514] RAX: ffffffffffffffda RBX: 00007f7a7f536130 RCX: 00007f7a7f37e719
[ 1052.836764][T17514] RDX: 0000000020001100 RSI: 00000000c0481273 RDI: 0000000000000009
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1052.844765][T17514] RBP: 00007f7a7f3f139e R08: 0000000000000000 R09: 0000000000000000
[ 1052.852762][T17514] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1052.860759][T17514] R13: 0000000000000000 R14: 00007f7a7f536130 R15: 00007ffe5fac1ae8
[ 1052.868776][T17514]  </TASK>
[ 1053.013411][T17514] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3651'.
[ 1053.246318][T17515] netlink: 'syz.2.3649': attribute type 4 has an invalid length.
[ 1053.400871][ T5885] usb 10-1: new high-speed USB device number 7 using dummy_hcd
[ 1054.038251][   T81] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1054.149430][   T81] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1054.209712][   T81] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1054.260302][   T81] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1054.341761][   T81] bridge_slave_1: left allmulticast mode
[ 1054.347571][   T81] bridge_slave_1: left promiscuous mode
[ 1054.353282][   T81] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1054.362842][   T81] bridge_slave_0: left allmulticast mode
[ 1054.368977][   T81] bridge_slave_0: left promiscuous mode
[ 1054.374634][   T81] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1054.463760][   T81] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1054.477962][   T81] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1054.487881][   T81] bond0 (unregistering): Released all slaves
[ 1054.589397][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[ 1054.663774][   T81] hsr_slave_0: left promiscuous mode
[ 1054.669794][   T81] hsr_slave_1: left promiscuous mode
[ 1054.677233][   T81] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1054.684668][   T81] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1054.692694][   T81] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1054.700919][   T81] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1054.710629][   T81] veth1_macvtap: left promiscuous mode
[ 1054.716244][   T81] veth0_macvtap: left promiscuous mode
[ 1054.721792][   T81] veth1_vlan: left promiscuous mode
[ 1054.727837][   T81] veth0_vlan: left promiscuous mode
[ 1054.921340][   T81] team0 (unregistering): Port device team_slave_1 removed
[ 1054.955042][   T81] team0 (unregistering): Port device team_slave_0 removed
[ 1055.420819][   T81] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1055.470222][   T81] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1055.529831][   T81] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1055.619537][   T81] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1055.716140][   T81] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1055.769072][   T81] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1055.829453][   T81] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1055.879669][   T81] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1055.953761][   T81] bridge_slave_1: left allmulticast mode
[ 1055.960428][   T81] bridge_slave_1: left promiscuous mode
[ 1055.966979][   T81] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1055.974994][   T81] bridge_slave_0: left allmulticast mode
[ 1055.980818][   T81] bridge_slave_0: left promiscuous mode
[ 1055.986581][   T81] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1055.995256][   T81] bridge_slave_1: left allmulticast mode
[ 1056.000931][   T81] bridge_slave_1: left promiscuous mode
[ 1056.006868][   T81] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1056.015063][   T81] bridge_slave_0: left allmulticast mode
[ 1056.021404][   T81] bridge_slave_0: left promiscuous mode
[ 1056.027577][   T81] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1056.090716][   T81] bond1 (unregistering): (slave ip6gretap1): Releasing backup interface
[ 1056.231038][   T81] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1056.242334][   T81] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1056.253155][   T81] bond0 (unregistering): Released all slaves
[ 1056.262828][   T81] bond1 (unregistering): Released all slaves
[ 1056.273275][   T81] bond2 (unregistering): Released all slaves
[ 1056.284625][   T81] bond3 (unregistering): Released all slaves
[ 1056.294553][   T81] bond4 (unregistering): Released all slaves
[ 1056.309234][   T81] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1056.322071][   T81] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1056.334444][   T81] bond0 (unregistering): Released all slaves
[ 1056.343541][   T81] bond1 (unregistering): Released all slaves
[ 1056.352788][   T81] bond2 (unregistering): Released all slaves
[ 1056.363538][   T81] bond3 (unregistering): Released all slaves
[ 1056.692286][   T81] hsr_slave_0: left promiscuous mode
[ 1056.698325][   T81] hsr_slave_1: left promiscuous mode
[ 1056.704137][   T81] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1056.711771][   T81] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1056.720216][   T81] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1056.728582][   T81] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1056.738648][   T81] hsr_slave_0: left promiscuous mode
[ 1056.744383][   T81] hsr_slave_1: left promiscuous mode
[ 1056.750866][   T81] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1056.758829][   T81] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1056.767381][   T81] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1056.775039][   T81] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1056.785785][   T81] veth1_macvtap: left promiscuous mode
[ 1056.791376][   T81] veth0_macvtap: left promiscuous mode
[ 1056.797059][   T81] veth1_vlan: left promiscuous mode
[ 1056.802333][   T81] veth0_vlan: left promiscuous mode
[ 1056.808719][   T81] veth1_macvtap: left promiscuous mode
[ 1056.814237][   T81] veth0_macvtap: left promiscuous mode
[ 1056.819906][   T81] veth1_vlan: left promiscuous mode
[ 1056.825317][   T81] veth0_vlan: left promiscuous mode
[ 1056.985393][   T81] team0 (unregistering): Port device team_slave_1 removed
[ 1057.024898][   T81] team0 (unregistering): Port device team_slave_0 removed
[ 1057.259624][   T81] team0 (unregistering): Port device team_slave_1 removed
[ 1057.290280][   T81] team0 (unregistering): Port device team_slave_0 removed