last executing test programs:

13m26.442913897s ago: executing program 0 (id=23):
r0 = socket$inet6(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
connect$can_bcm(0xffffffffffffffff, &(0x7f0000000000), 0x10)
sendmsg$can_bcm(0xffffffffffffffff, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r3, 0x8983, &(0x7f0000000100)={0x0, 'veth1_to_batadv\x00', {0x4}, 0x26})
getsockopt$packet_int(0xffffffffffffffff, 0x107, 0xe, 0x0, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
close(r0)

13m10.260032114s ago: executing program 32 (id=23):
r0 = socket$inet6(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
connect$can_bcm(0xffffffffffffffff, &(0x7f0000000000), 0x10)
sendmsg$can_bcm(0xffffffffffffffff, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r3, 0x8983, &(0x7f0000000100)={0x0, 'veth1_to_batadv\x00', {0x4}, 0x26})
getsockopt$packet_int(0xffffffffffffffff, 0x107, 0xe, 0x0, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
close(r0)

12m2.345508551s ago: executing program 33 (id=145):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
io_uring_setup(0x1b7c, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
socket$inet(0x2, 0x80001, 0x84)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = socket$inet6(0xa, 0x802, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r2, 0x29, 0x36, &(0x7f00000000c0)={0x11}, 0x8)
connect$inet6(r2, &(0x7f0000000240)={0xa, 0x6e23, 0x2, @mcast1, 0x9}, 0x1c)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r2, 0x29, 0x37, &(0x7f0000000100)=ANY=[@ANYBLOB="0017d6536000"], 0x8)
sendmmsg$inet6(r2, &(0x7f0000001840), 0x3b, 0x0)

10m2.742579825s ago: executing program 34 (id=394):
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2010480, &(0x7f00000001c0), 0x5, 0x76a, &(0x7f0000000fc0)="$eJzs3d9rW1UcAPDvTdt17aatIOh8KghaGEvtrJuCDxMfRHAw0Ge3kGZlNm1Gk461FNwQwRdBxQdBX/bsj/nmqz9e9b/wQTamdsOJD1K5adJla9KlW5MI+XzgNOfce9Nzvjn3nnuSe0kC6FsT6Z9MxKGI+CiJGKstTyJiqJobjDixud3t9bV8mpLY2Hjzj6S6za31tXw0PCd1oFZ4MiJ+fD/icGZ7veWV1flcsVhYqpWnKgvnp8orq0fOLeTmCnOFxWPTMzNHj79w/NjexfrXL6sHr3/82rPfnPjnvSeufvhTEifiYG1dYxx7ZSImaq/JUPoS3uXVva6sx5JeN4AHkh6aA5tHeRyKsRio5loY6WbLAIBOeTciNgCAPpM4/wNAn6l/DnBrfS1fT739RKK7brwSEfs3469f39xcM1i7Zre/eh109FZy15WRJCLG96D+iYj44ru3v0pTdOg6JEAzly5HxJnxie3jf7LtnoXdeq6NbSbuKRv/oHu+T+c/Lzab/2W25j/RZP4z3OTYfRD3P/4z1/agmpbS+d/LDfe23W6Iv2Z8oFZ6pDrnG0rOnisW0rHt0YiYjKHhtDy9Qx2TN/+92Wpd4/zvz0/e+TKtP328s0Xm2uDw3c+ZzVVyDxNzoxuXI54abBZ/stX/SYv576k263j9pQ8+b7UujT+Nt562x99ZG1cinmna/3fuaEt2vD9xqro7TNV3iia+/fWz0Vb1N/Z/mtL66+8FuiHt/9Gd4x9PGu/XLO++jp+vjP3Qat3942++/+9L3qrm99WWXcxVKkvTEfuSN7YvP3rnufVyffs0/smnmx//O+3/6XvCM23GP3j9968fPP7OSuOf3VX/7z5z9fb8QKv62+v/mWpusraknfGv3QY+zGsHAAAAAAAAAAAAAAAAAAAAAAAAAO3KRMTBSDLZrXwmk81u/ob34zGaKZbKlcNnS8uLs1H9rezxGMrUv+pyrOH7UKdr34dfLx+9p/x8RDwWEZ8Oj1TL2XypONvr4AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg5kCL3/9P/Tbc69YBAB2zv9cNAAC6zvkfAPrP7s7/Ix1rBwDQPd7/A0D/cf4HgP7j/A8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECHnTp5Mk0bf6+v5dPy7IWV5fnShSOzhfJ8dmE5n82Xls5n50qluWIhmy8ttPxHlzYfiqXS+ZlYXL44VSmUK1PlldXTC6Xlxcrpcwu5ucLpwlDXIgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA9pVXVudzxWJhSUZGRmYr0zhKjPRugAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4n/svAAD//9EyKso=")
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x6, 0x17, &(0x7f0000000800)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0xfffffffffffffe02, &(0x7f00000002c0)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x40040)
r0 = openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0)
openat$cgroup_subtree(r0, &(0x7f00000000c0), 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000000800)='./bus\x00', 0x1000000, &(0x7f00000003c0), 0x1, 0x55ae, &(0x7f000000abc0)="$eJzs3X9snHUdB/DnruvaFdeWMOuArGwDJFtEOjdNCCR2bNNpYTnphE3I+gNH0DmtY8NVCCtinIERijWMwQoLbn9MEYqucyiJBewqul8IJtNFBbPFNWOkOBExYTG9u+d299zaHhMpwuu1tM/zvc/z/d73njx/3PvW73MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEHwx+N3TL/t3roJ26+ru++8a85e+2D3kuMX3rq1avND20v2dTz31aNVq1qPLF1w0/2JpkfW93d3BkEs2S+W7t9w2fwrr69vuKI0HLDxc6ltZeVQT5nq+mKqMTbnwcF+uT9NQRAURwYoSm/npXfiOQNkdlfkDzisayf1tE4dP69x28qujc8uu3xL/ktnUOloT2C0pK+rgyeupdrk73jkiEw769KL5Vyiqf7RC+4deREAwFtSk0huMm9H029xM+22aD3Sro202yPt8B1Ce3bjVKTGHTvUPCdH66M0z9pUVCgZcp6Revr8Z9qJaP9IOxI13sI8cw9NR5rSoebZEqmP1jwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3k0uuH5m/d49D7/8ldbf/u7h17/16sePrGq8ZaC7/qJ1ix/v2PG9vx2tWtV6ZOmCm+5PND2yvr+7Mwgqk/1iqe6xZ6ri8ZkDddseu6e3puFDC9cUpccNt2OyDg72hzsXVwRBc1blYDhsf3kQJHILyWawIb/wpeTOZ8ICAAAA7yVnJn/HM+1UHCzOaceSaTKW/BdKhcVrJ/W0Th0/r3Hbyq6Nzy67fMupj5cYYrzak46XaVee+IllBeMw/kbHO1EPD12RN87woiNG8/zpx/qnNdfdUHrl7gsWzphdv+XS4CfTD3csX3TfhBfHL9nXXpOX/yuHz//hmZP/AQAA+G/I/9FxhjdS/m+uqZh0cOp3ix67rur44fkP/Lyz7/kn4w8VD3Q//dLYcbf9cnVe/p+c85R5+T+ccZj/48Gp5X8AAAB4N/tf5//avHGGN1L+/8X+zZ//98pvTDk84187Xnj69xdvnVI+/7WyGTe8+cSCVxp2tf0pL//XFJb/x2RPO3xwVzjhZRVBUFP4SQUAAAByhP/vfuKjhTCvpz45iOb1y+4qe3LXG+tvjJ/V8o8zFvfPqv7i7tVf37ApNrChc92O5XNX5OX/2sLyf/E783IBAACAAvxm+y13V395ydYtew7N2XFnYvPYS+a+uuennVf1vXwsUfT8zX15+T9RWP4vGZ2XAwAAAJzEU+MmPnfo0UNfm7177YS9q9rmPD5t3+qFD/xz9t+veOnPxzddWJ6X/xsLy/9l6W165UOq087wrxA6KoKgdHCnJVXoC9o/mSkAAAAAb5Mwpzc1revduX7MrNfOPvzDNSuW/2rvpd++a2P1zQd+XXX7ucf2996Yl/9bhr//f3ing3D9f879//LW/2cVUnf9u8SNAQAAAHg/yl/PH94eP/XNBUN9/36h6/8/euaBko7m8ysnx7dVz3rig31Xra1+fVHHRZ/YfusbH46V//VTefm/rbD8X5S9fTu//w8AAABOwf/b9/8tzhtneCPd/79v3DPnrPnsPT+o/WbZU+e+eXfzd9oPTj9v87QzPlJ0fvecmX/4fl7+by8s/4fb07JfXk94fm6vCIKJgzvpuwluDae7LFLoKs4qpE58pEd92CNd6CrJKiS1RHp8rCIIpgzutEUKp4eF9khhoDxd2BQp7A0L6eshU3g0UugJr7R7y9PTjRZ+FhbSCyy6whUUp2WWRER6HBuqx2DhpD0OZJ4cAADgfSUMz+ksW5zbDKJRtis20gFlIx0QH+mAopEOGBM5IHrgUI8HjbmF8PEfz+1e+so1D9b1Xt1w9KzZe5bc0faBnkW9O7/wo55z/nL1Cws/nZf/NxWW/8NTMTa1GWr9fxCu/09/r2Fm/X9jWKiMFLrCQiJ6x4BE+BypsHtn+ByViXSPgYmZAgAAALynhZ8LFI3yPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sHfvcVJVd4LATzf9oJum6YgBY4ygRkR3aZomGEQcUXRXo4tNJKtjhtAIjXZoAwq4YsyKr3GV6GLUmBjZwY+jJg6r+CDqRIXoiElGJfE5Kz4HnciqS9BR45gs++m+dYqqW112IaC0+/3+0XWqfud569F17r11LgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/P/hsiX3Nrw58H9965ffW/f697409TdTD9m8y19uqHt3yDlPbT5ocN0tbw1asPCNtklnXtsyffk1G1YuDaGlq1xZUrzsoUHl5aP/cMxdt13xcNO0wVPOrcrUm4mHfp1/yjN3Loytvto/hLvLQqhIB0bUJYHKzP26WN8edSF8LmwJZEu01SYl0g2Hh2tCWBa2BLJV3VsTQl1OYMoTD666rDNxVU0I+4YQqtNtvFCdtFGTDgyrSgK16cCciiTw/uZENnBPeRKArVHV3YPxzZB90a9oyc/Q0H1lRV5/lR+3czuZ9PD6xERD8XxvHbaDO5Wj4Lls2aanrduXBttdwdtjtXdbL3i3FWznJZ623C9SmW8om7eEqkP5zLZZ0xd0zI+PlIfGxj7FatpBz/O6TefM2Jp0r3kdxg40bJfX4QO1k+ove3viwStP/uPp+85fO3Vbu/lczibNTe9o1SHzmus1z2M04dP7PNm8LYW3r539aSv4ljTUl64QwvF/+nzZM3Ne2n3jB6+eOPH2Fy6+etrCa6ZMfHbQL8b+47W73D3t8oL5f8NHz//jyznelufljq1+WJ/MzeMjdTGxsT6ZmwMAAECv0Rv2mn519KsvnfrQ3YteXH5cxXfH/eqk3eorzv5+x/G7rhz/xUuvbH98l4L5/9DSjv/HQ/51uaNdHcKErsQFA0LYrevxJPCz2J2TB4SwV1eqJT9wWCqwOoQvdCX2z1aVKtE3lhiaCvy+PhOYkAqsiYGWVODGGFiSClwYAytSgRkxsDoVODwGQnv+OA6oz4yj5EBNDLQmG3FFPAvhnfrYWmpbrctWBQAAsJ1kZoeV+XdzznXY1gxxermipqcM8QzsohmqUzWkZ7DZaVXRGip6qqG8pxqy41700cMvqLmsp5oLTsMoy8/w4ZDvlA+YuPeP7rpxxE3NL0787rtjj//Kn998d/X+//Tf7zln/nUHFMz/mz56/l/dTUfKCo7/hzC562/MXZ6JdGTjrS15GQAAAIBtcNVjS5+84YCj/s99L99355euvaF89dVf/7+vbLxg71HHDS/r+3ffXlEw/59Q2vn/cZ9In5zM4dG4G2L2gBCa8gNJtQcXBpKj3v0yAQAAAOgNssfjs8fC2zO3ySna6fl0Yf6WrcwfD/xP6Db/5Zv++tkvX/vkiQuH7bPhiv925gdlnx/7u12OXTvy8bf2HPYPDX0Lz/9vKe38/9r826QTa2IvrhwQQt+cwCOxl52BLkNj4OVD8wOZ8a+JG2BxrCpzYkK2qsWxRGsMNKUCy4qV+G22xG75gcyTlW38guw42jMlcgIAAADwiYu7A+Jx+Xj+/z2TD/jS/oNeGvPinvcufG3C0hNOrf3hPrfs+vqAjkljDpxwyBHPFMz/W7fu/P+ueXDB6f0d/UIYWRFCn/QPAx6tTRYGjIG6skzi/tqkrj7pqs6rDWF858DSVb2SWf+/Ir3G4BM1SVUxsNveP900rDNxQ00II3MDz3zz+jGdifmpQLbxb9SEMKRztOnGV/ZNGq9MN35N3xD2zAlkqzq5bwidjVWlq3qwOnMdg3RVt1WHMDAnkK3qwOoQFgYAeqn4r3Rm7oPzFp49e3pHR9sZOzAR9+HXhFntHW2NM+Z0zKwu0qeZqT7nLWN0XuGYSr3yzfOZJYqmDrl9eCnp7O8Em3LbyuzHLzhxMHM/fheq7Bpnc2Xe3dHpIQ/fp7CJkPNNqtiQy3fwkGtzK9nyJBbUH/NXhX6h74J5bWc0njV9/vwzRiV/S83enPyNh5mSbTUqva1qu+tbCS+PoqtlpXzcbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/PQx1v+6qTg118/Uljms7DnX3ipxKPolPDQkJid6WmL6k7PwJ0359/7f2WHPaWSft8fd7zBxx0l9d/pu5JzYeMvlX1//l2oL5/9yPnv/HT534yZ9Zn6HY8f+GeJg/eXzLYf7WGFhW6vH/hmJH87MnBgxNBRbFwCKH+QEAAPhsiLsj497MuFf6urp/uvvImTMOef+XJ0y5+m/Hjjv1rPX7Nlx89bFL/sP6d5asOuLtgvn/otJ+/7+d1v/PLl3/tWLL/O8fSzQVW/8/vcx/dv3/RcXW/08v859d/3/Zp7D+/4JsILVJ3rH+PwAA8Fnwya3/3+Py/ukLBBRk6HF5//QFAgoy9LiMf6kXCNjq9f/ndPxF7aDL54w7dMTcHz+yau8lA2/70vMTf73P0oNG3LvylvdG3Vow/19S2vzfwv0AAACw83jol32/ffG7w+5/6pH3jyy79Lcbbzr+r9oOOOQPA5tPmXx0zfdv+reC+f+y0ub/n/z6f6HY+f9DiwVaii0MaP0/AAAAeqli6//dPPDloavnj7jxsZ+/ectLrb+YOf61f7fkB1+ZPqzp5jXrftMwY33B/H9FafP/eNpFeV7u2JsP65M17UJ6TbuN9dmfDAAAAEDvUB4aGytLzJu3MuphH7/NdZmlQD8qnevp+watWlD+0FVl1Rt/cMm0QxrPPfbMOUdetP77tU/+pHZqY/UZBfP/1aXN//N+l/FA7aT6y96eePCHK0/+4+n7zl87dcvxfwAAAGDHKXW/BAAAAAAAAAAAAAAA8Ol7qnXpQR+MOvqNmXuN+tM3jn3hB4u/+M1H/ubaP5/588Pv26t987ApBb//D5O7yhX7/X+87l/8fcGuebljqz2v/5e5P+WYWxd2LVn4aH0I++QGZp8/+3Mhc23+/XIDq6buP7gzcX66xH0vHv5aZ2JaOnDUiF3e60yMTwVa4yKJX0gH4lUV3+ufCsTlFZ9MB+L2WJEOVGUCl/RPxlGW3lYb6pJtVZbeVs/VhTAgJ5DdVnfXJW2UpQd4VSqQHeDp6UAc4KRMoDzdq1v7Jb2KgbpY9G/6Jb0CAGCnFb8FVoZZ7R1tTfErfLzdvSL/Nspbsuy8wmrLSmz++czSZFOH3D68lHSf9HfRLdcarwzVnUMYVfB1NTdLWdcot08tPWy6XYsMuafV3sqLlEvb2k1XVXxENcmIGmfM6ZhZ2ePAR/ecpbmixyyjCiY7uVnKuzZpCbWU0JcSRlTitimhy/F+eWhs7JPKNS4GG0Kenl4Rpf5eP3edv2Kvgtw8f1tz7aV9Bvd5/9/GX/TQgwMqO06d3HbR7o/988BRM3/8wwdbr/l9wfy/obT5f3XuuN7LXAxgUbyy3sEDQmgtcUQAAADw2fc/z11+x4lz1myYtbri2d/9bnb5cSdWbj7nrnPOvui5+xcfdcm/v3lb4yvKntp04hubzvrrN37ylesePuulw2ecddekdYesb6u+8bt/sfzUIQXz/6Glzf/jHqzMoeBkb8fqeP3/CwaE0HVp/YYk8LM43JMHhLBXV6ollkguqP+1WKIpCfws7jDZP5Zobcmvqm8MrEgFfl+fCaxOBdbEQGYvxU9DZlfOFfUhjOlKTc4vMTeWaEgFjouBoalAYww0pQL9Y2BCKvBm/0ygJRX4xxgI7fnb6s7+mW0FAACwNTLzrMr8uyE9z1tR0VOGsp4y1PaUobynDNU9ZSg2inj/jpihMnXySllOpsp0rTWpWgoyxIvhb3W/CjKE3+bnTBcsaDqef5A936AsP8O4H97RetDX5v1408U/evzIAy88csmVb196dL/BVz77v9vP7dd/U23B/L+ptPl/bf5t0vqaOP/fcv2/JPBI7N6V8dTxoTHw8qH5gcyOgTVxsrs4W1VLpkRm0r44lpgQA0NTgbkxMCEVaJ2cCSwbnB/IzLSzjV+Qbbw9UyInAAAAAJ+4uIMg7qaJ8/+V48I7exz5fvPuVw6cO+7xR847YnrNrtU1/zx+7dLxl1Y/tF/fgvn/hNLm/7G9frmNXRh782r/EO4u29KbbGBEXRKI+zHq4s/j96gL4XM5OziyJdpqkxJVqYbDwzXJL9Sr0lXdW5OsMRDvT3niwVWXdSauqglh35y9L9k2XqhO2qhJB4ZVJYHadGBORRKIe36ygXvKkwBss+xewfiCypzqktXQfbkir7/PyjVB08Mr2AfaTb7ufnO1o1SnH8jsU83auqetoDp2iIK3x2rvtt74bmvwbsv9IpX5hrJ5S6g6lM9smzV9Qcf8+EjuL1kL7KDnOfdXqqWkt8PrcNHH723PqtMdaEp9fDR1X67712FZrO6B2kn1l7098eCVJ//x9H3nr51acjeKiD8UPvjWuQc8l7N5d7TqkHnN9brPkxafJ73x38BQT1sIYfkFs5584l/ef75iffN/OXDs8tvefGz5Tw56YNaIL2y45Msb33r3qIL5f0tp8/+K1G2XD+LGnDcghOE5G/fRuPknDkg+B3MCyafkwMJAcsh9fX3RT04AAADY3rK7O7L7C9ozt8kJ4el5cmH+lq3MH/dXTOg2f6n9HjjmH7536FWvf+Pr63e//NGlT637T2++csS0Qx/Y9PSKla83H/v5pwvm/60fPf/vm+qm4/+O/7ODOP7frZ19V3Tf9AOLtmlXdEF17BCO/3drZ3+3Of7fLcf/Hf/vjuP/PXD8v1s7+9NW8C1pri9dIYTWATfc/ova6cP7XXHOt2as/fnT7zSNe6Hu3KPv/B+HLw7XnLfqzwXz/7mlzf+t/9f9on3Z9f9ai63/N7fY+n+LrP8HAADsUEUWmkvP8wpW7yvIkF69ryBDjwsE9rjEoPX/tnr9v9qTzj7plfq39rpm4u3/+c7pFz5/0onP7tvn+RNuP+GmkVcPf+nLGwrm/4tKm//Hl0O/3NZ7y/p/QycXqWpJDMy1MCAAAAA7o2I7CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPh0rXhw8Rc3L97noJue/fxNh//rsjWz9v7VAZtHjzm5cfjigWVX/t2/vDVowcI32iadeW3L9OXXbFi5NIT2rnJlSfGyhwaVl4/+wzF33XbFw03TBk85tzpTb2Xm9ot5uWOrH9aHsCznkbqY2FjfeWdLYMoxty6s6Ew8Wh/CPrmB2efP/lxn4sb6EPbLDayauv/gzsT56RL3vXj4a52JaenAUSN2ea8zMT4TKEt397r+SXfL0t29rH8IA3IC2e5+u39+Vdk2/mMmUJ5u4+a6pI0YqItFf1SXtBEDHbFEe98QRlaE0Cdd1a+rk6r6pKv6++qkqj7pqv5rdQjjQwgV6aperEqqqkiPfG1VUlUM7Lb3TzcN60wsqwphZG7gmW9eP6YzcXoqkG3861UhDOl8yaQbv6Myabwy3fhVlSHsGUKoSpf414qkRFW6xCsVIQzMCWQbP7UihIWBz4T44TMz98F5C8+ePb2jo+2MHZioyrRVE2a1d7Q1zpjTMbM61adiynLSm8/7+GN/ftM5Mzpvpw65fXgp6YpMucquLjdX5t0dvbP3PvarNreSLc9HQf0xf1XoF/oumNd2RuNZ0+fPP2NU8rfU7M3J3z6ZaLKtRvWWbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/22Oo13/yQ929IqeST+IDQEJCorclyvM+3Zp29g/ygi/6WzpaGaq7PqALphW5Wcq6Rrk9Bn3Yxxzxx/me0uOIRhVMHAqyNPecZXTBZGJLlpokS9f3uoLJYW5N5V2bNN4vD42NfYpth4b8u7mb961t2LzrMpuu1DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD/2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBYAAAAAECYv3UYPRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlwIAAP//WKHPZA==")
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = fanotify_init(0x8, 0x40000)
r3 = syz_open_procfs(0x0, 0x0)
fanotify_mark(r2, 0x1, 0x8100011, r3, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2141, 0x59)
pwrite64(r4, 0x0, 0x0, 0x8000c61)
close_range(r2, r3, 0x0)

8m10.928640637s ago: executing program 5 (id=647):
openat$nullb(0xffffffffffffff9c, 0x0, 0x1c3902, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04040a0000000000005419b338"], 0xd)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x40)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000040)={{0x1, 0x1, 0x4}})
ioctl$TIOCSETD(r1, 0x5423, 0x0)
sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x90}}, 0x0)
r2 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000)
timer_create(0x2, 0x0, 0x0)
syz_open_dev$vim2m(&(0x7f0000000080), 0x2, 0x2)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)

8m5.668542718s ago: executing program 5 (id=644):
r0 = openat$comedi(0xffffff9c, &(0x7f0000000100)='/dev/comedi0\x00', 0x101001, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYRESOCT=r0], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
connect$inet6(r1, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000000)='cdg', 0x3)
unshare(0x6020400)
pidfd_getfd(r3, r2, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r4 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0)
sendfile(r4, r4, 0x0, 0x8)

8m1.413814207s ago: executing program 5 (id=652):
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
socket$nl_generic(0x10, 0x3, 0x10)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
syz_open_dev$tty1(0xc, 0x4, 0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680))
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000200)={0x58, 0x2, 0x6, 0x5, 0x0, 0x0, {0x4, 0x0, 0x1}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x6}]}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x58}}, 0x0)
rt_sigqueueinfo(0x0, 0x3c, &(0x7f00000000c0)={0x17, 0x7b7, 0xfffffffc})
unshare(0x64000600)

7m56.875534477s ago: executing program 5 (id=657):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'bridge0\x00'})
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000280)='./file1\x00', 0x2200008, &(0x7f00000003c0)={[{@data_err_abort}, {@init_itable}, {@norecovery}, {@mblk_io_submit}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@jqfmt_vfsv1}, {@inlinecrypt}, {@grpquota}, {@init_itable_val={'init_itable', 0x3d, 0x7}}]}, 0x3, 0x5ad, &(0x7f0000001000)="$eJzs3U1rG9caAOB35I983hsHQrj3Li6GLJqSRo7tfqRQSLosbWig3afCVkywHAVLDrEbSLJoNt2UUCilgdIf0H2XoX+gf6GbQBsIJZh2kY3KSKNYkS3bkkXsWs8Do5wzc5Qz78ycM2c0YyaAgTWefuQi/hsRXyURx1qWDUe2cLxRbvXZ7Zl0SqJW++SPJJJsXrN8kv17JMv8JyJ+/iLiTG59vZXllflCqVRczPIT1YUbE5XllbPXFgpzxbni9anp6fNvTU+9+87bfYv19ct/ffvxow/Of3lq9Zsfnxx/kMTFOJota8ZxaGdV3G3NjMd4tk1G4mJbwcmd1bPnJLu9AvRkKGvnI5H2AcdiKGv1wP53JyJqwIBKtH8YUM1xQPPavvV6fhA8fb9xAbQ+/uHGbyNx8ED6eXg1eenKKL3eHetD/WkdP/3+8EE6RdvvKe3uvJwd6kP1wAC7ey8izg0Pr+//kqz/6925+o/Hm2uvY9DOP7CbHqXjnzc2Gv/kmuOf+mf7+OfIBm23F1u3/9yTtiJJP+81pOO/9zYc/77ousaGsty/6mO+keTqtVLxXET8OyJOx8iBNL/Z/Zzzq49rnZa1jv/SKa2/ORbM1uPJ8IGXvzNbqBZ2EnOrp/ci/rc2/k1iXf9/sD7Wbd//6fa4vM06ThYf/r/Tsq3jb3Vn+4FtU+2HiNc23P9rR1my+f3JifrxMNE8Ktb78/7JXzrV3138/ff0XuNA3yT+saT1fm2l+zq+P/i82GlZr8f/aPJpPT3amPW8VqhWFycjRpOPWufHrXT+1Np3m/lbWfn0+D99avP+b6Pj/1BEfLbN+O+fuN+xaLf7f4f3p9dJ45/tav93n3j84eff9R5/uv/frKdOZ3O20/9tdwV3su0AAAAAAABgr8lFxNFIcvkX6Vwun28833EiDudK5Ur1zNXy0vXZqP+t7FiM5Jp3uo+1PA8xmT0P28xPteWnI+J4RHw9dKiez8+US7O7HTwAAAAAAAAAAAAAAAAAAADsEUc6/P1/6jdvmIL9zyu/YXA12v9o5wL9eNMTsCd1OP/3/21bwJ5j/A+DS/uHwVVv/x1f0QnsZ87/MLh6aP8eDYB9wvkfBtdw3N3tVQAAAAAAAAAAAAAAAAAAAAAAAAAAAID95PKlS+lUW312eybNz95cXpov3zw7W6zM5xeWZvIz5cUb+blyea5UzM+UF7b6/0rl8o3JqVi6NVEtVqoTleWVKwvlpevVK9cWCnPFK8WRVxIVAAAAAAAAAAAAAAAAAAAA/LNUllfmC6VScbGrxK/Ry7fWErkd1f6qExdiT6xGz4lkq+18IdsdPVUxvPsBSnSXGMr296aFd6lDAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAN/B0AAP//UaowBw==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfffff000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'macsec0\x00'})
r4 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82)
read$msr(0xffffffffffffffff, 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, r4)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x80c0)

7m55.109861848s ago: executing program 5 (id=663):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
syz_open_dev$vim2m(0x0, 0x0, 0x2)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000140)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
r3 = syz_open_procfs(0xffffffffffffffff, 0x0)
pread64(r3, 0x0, 0x0, 0x200)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000480), 0xffffffffffffffff)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@multicast2, @in6=@mcast1, 0x4e20, 0x4, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0xfffffffffffffffe}, {0x0, 0x0, 0xfffffffffffffffc, 0xff}, 0x0, 0x0, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0x3c}, 0x0, 0x32}, 0x0, @in=@private=0xa010100, 0x0, 0x2, 0x0, 0xb7, 0xfffffffe, 0xffffff7e}}, 0xe8)
sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x1c)

7m44.130511912s ago: executing program 5 (id=680):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x7)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x400448ca, 0x0)
epoll_wait(r1, &(0x7f0000000040)=[{}], 0x1, 0xbd)
socket$can_bcm(0x1d, 0x2, 0x2)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x18, 0x0, 0x0, 0x0, 0x80000000}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3, 0x9, 0x0, 0x1, 0x19}}, [@snprintf={{0x5, 0x0, 0x7, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x90}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xf1}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x9, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x7, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe5}, 0x94)

7m39.062949571s ago: executing program 1 (id=688):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setparam(r0, &(0x7f00000006c0)=0x4)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'bridge0\x00'})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x38}, 0x1, 0x0, 0x0, 0x20000805}, 0x24048040)
io_uring_setup(0x4a86, &(0x7f0000000380)={0x0, 0x417c, 0x2, 0x8001000, 0x2b8})
r3 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0xffffffff}, 0x10)
r4 = socket(0x1e, 0x4, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x4c840)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x34, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbbd, {0x0, 0x0, 0x0, 0x0, {0xb, 0xfff3}, {0x0, 0xfff3}, {0xd, 0x10}}, [@filter_kind_options=@f_basic={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x20041010}, 0x0)
setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)

7m36.711814153s ago: executing program 1 (id=690):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r1, &(0x7f0000000240)={0x2, 0x4e20, @loopback}, 0x10)
bind$inet(r1, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000000)={0x4, [0x0, 0x0, 0x0, <r2=>0x0]}, &(0x7f0000000180)=0x14)
setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r1, 0x84, 0x5, &(0x7f00000004c0)={r2, @in={{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x42}}}}, 0x84)
sendmsg$xdp(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4090}, 0x0)
sendmsg$alg(r1, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
writev(r3, &(0x7f00000005c0)=[{&(0x7f00000000c0)="052f", 0x2}], 0x1)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r3, 0x0)
r4 = socket(0x15, 0x5, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_BEARER_ENABLE(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x6c, 0x0, 0x1, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e26, 0x44, @loopback={0x5f0000000000002d, 0x2e}, 0x7f2a}}, {0x20, 0x2, @in6={0xa, 0x4e21, 0xfffffff9, @mcast2, 0x5}}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x40}, 0x0)
getsockopt(r4, 0x200000000114, 0x271e, 0x0, &(0x7f0000000040))
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_SPLIT(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x40080b1}, 0x80010)

7m31.607588467s ago: executing program 1 (id=695):
syz_emit_ethernet(0x42, &(0x7f0000000400)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @broadcast, @void, {@arp={0x806, @ether_ipv6={0x1, 0x86dd, 0x6, 0x10, 0x9, @link_local, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @empty, @empty}}}}, 0x0)

7m29.442078298s ago: executing program 1 (id=708):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/tty/drivers\x00', 0x0, 0x0)
r4 = socket$rds(0x15, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r5=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0xffffffffffffff2d, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r5, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0)
bind$rds(r4, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
sendmsg$rds(r4, &(0x7f0000000680)={&(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10, 0x0}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

7m28.114831351s ago: executing program 35 (id=680):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x7)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x400448ca, 0x0)
epoll_wait(r1, &(0x7f0000000040)=[{}], 0x1, 0xbd)
socket$can_bcm(0x1d, 0x2, 0x2)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x18, 0x0, 0x0, 0x0, 0x80000000}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3, 0x9, 0x0, 0x1, 0x19}}, [@snprintf={{0x5, 0x0, 0x7, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x90}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xf1}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x9, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x7, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe5}, 0x94)

7m20.006922901s ago: executing program 1 (id=714):
sendmsg$inet(0xffffffffffffffff, 0x0, 0x4000000)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbee3, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000540)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x20000080)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$nilfs2(&(0x7f0000000180), &(0x7f0000000300)='./bus\x00', 0x1004010, &(0x7f0000001040)=ANY=[], 0x11, 0xaf0, &(0x7f0000001940)="$eJzs3V2IXFcBAOBzZ3c2u2lrJjWxaxrbpNW2/nTTbNb4EzQpCYKhKeJLofgS0rQGYwQrqKXQJE++2VJS8MkffOpLqSJYEAl98qVgA0XoUxX0oSFiwYcaTUZ255yZOyczmZn9mdnNfB/cPXPuOXfOubN37ty/c04AxlZl6e/CwmwRwoU3Xj7y/gP/mFmcc7CZo7b0d7IUq4YQihifzN7vvYlGeO2D5090Coswv/Q3xcPjV5rL3hZCOBt2hYuhFnZcuPTSW/OPHTt39Pzut189cHlt1h4AAMbLNy4eWNj+1z/fvfXqa/ccCpua89PxeS3NmG4c9x+KB/7p+L8S2uNFaSqbyvJNxqky055vokO+cjnVLN9kl/KnsvKrXfJtCjcvf6I0r9N6w0aWtuNaKCpzIYTNzXilMjfXOCcPS+f1U8XcmVOnn352RBUFVt2/7w0h7CpNh8+3x9fbdHAd1GGZU30d1GHdTZU+8hwaXn2u1htG/rkMaapvGfUeCKAhv194g7P5lYWVab7bZH/lX3m00nl5WAXD3v4HKn9qxOUH5f/6nD0Oq+dW3ZrSeqXv0e0xnt9HyJ9feuUP7cu15Hc62ufm9yOqfdaz232EjXJ/oVs9J4Zcj+XqVv98u7hVfSWG6XP4alvqvW3fn/x/ulH+x0BnH+bX/00m0/qeQlu8upL3qo94/wOsX/lzc/V0fzTKn+vL0zf1SJ/ukT7TI31zj/TbeqTDOPvtD34aXixa17vyc/pBr4en62x3xPAjA9Ynvx45aPn5c7+DWmn5+fPEsJ79/vgTJ7/41JOXGs//F83t/3rc3tPpRi1+ty7GDOl6YX5dvfnsf629nEqXfHdm9bmjQ/6l19taebYsLrut9T6htJ+5oR6z7e+/pVu+ne35alm+mThNZ/XNj082Z8ul44+0X02f12S2vtVsPaayeqT9ytYY5vWA5UjbY3r+v9UeoPH8f9o+Z0O1ePrU6ZOPxHjaTv80Ud20OH/vkOsNrJ5u3//0+zUb2tv/3N6cX62U9wtbWvOLxn7h9fh+7fPnm+WU5pd+1NLv3LcnZpbyz5343umn1mC9YZw9++PnvnP89OmT3/di2S++tj6qMciLdNqyXurjxaAvdq11ESPeMQFrbs8LjYOAh0999/gzJ585eWbf/v375uf3f2nfwp6l4/o95aP7srMjqC2wmlo/+qOuCQAAAAAAAAAAANCvHx49cumdN7/wbqP9f6v9X2r/n578Te3/f5K1/8/byad28Kkd4NYO6Ut5sg5Wp7J81Th9NKtv6gageKERbs+W+1gMm+P4xfb/qbi8X9dUn7uy+dUu0aw7gRv6S5nK+iDJxwu8L4bnY/irACNUzHSeHcOb9G9dfFja1lP/FKUmvHX9A28c6f+W91+U2n937NepQ3ttNpZhtFgc9ToCnf1zrPr//ldrxUdeF1P3aXK45f1sfLeJeukovf3cuN8RbABWx6jH//x7aJSbrn+e+ePXpxenlO3Ko+1XNfL+S2EQf3mnPb7ex59c6/LzcfuGXf6o13/Y4382x7+L+7+03+u+/8tGzKstr9z//Pzyu6Viw45+y8/XP/UDvW2w8q/G8tPaPBj6K7/+y6z8/IZQn/6blb+5z/JvWP+dyyv/f7H89LE9dH+/5TdqXFTa6zGTrUe6/5dfN06uZeuf+va8SfnffK7T+i9zoMbrsXwYZxtlnNlBZccRzYP2XuP/Dvr7v9Lxf5uVzXZr+XMYn4/xtCNOzznk450MWv/0fEX6HdievX/R4/fN+L8b25dj2Ov7kMb/TdtjLf7kl+JLn2WKVzt8trfqvgY2qvfG6v7fsKbLjdOg5S0/Pfr6D2+qrYM6rHCqTyxjueZzViOuf71eX9sLWj2MtHBG/vl3O08Y1t3nUZ+n3Dfi8nvJx//Nj+Hz8X/z9Hz83zw9H/83T5+J/6H3u6Tn4//m23M+/m+eflf2vvn4wLM90j/eIb0IrfQdnZdvnrbf3eP9d/ZI/0SP9N3N9INtOVL6PTddvpWv2/vf2SP9/h7pn+yR/qke6Q/0SH+olF4eAzqlfzpbviilXx+DYaLT/qfb5wfcuvL2eb7/MD7S/Z9u3/9trfSpcpbh1hJYC6+8tvfwk7/5Vq3R/n+qeT0k3cc7FOPVeG70oxjP73uHUnwx7c0Y/1uWPurrTUBL3n9G/vv/YI90YONKz3n5fsMYKqY7z45hr36ruh3ns7F8JoafjeHnYvhwDOdiuCeGe2M4P6T6sTYOv/67Ay8WrfP9LVl6v8+T5+2B2vqJCiHs67M++fWBQZ9nz/vxG9RKy19mczAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICRqSz9XViYLUK48MbLR544dmrP4pyDzRy1pb+TpVi1uVwIj8RwIoa/iC+uffD8iXJ4PYZFmA9FKJrzw+NXmiXdFkI4G3aFi6EWdly49NJb848dO3f0/O63Xz1wee0+AQAAALj1/T8AAP//3j0KOg==")
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x1cf082, 0x80)
sendfile(r4, r4, 0x0, 0x7a680000)

7m14.84729235s ago: executing program 1 (id=705):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
syz_open_dev$vim2m(0x0, 0x0, 0x2)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000140)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
r3 = syz_open_procfs(0xffffffffffffffff, 0x0)
pread64(r3, 0x0, 0x0, 0x200)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000480), 0xffffffffffffffff)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@multicast2, @in6=@mcast1, 0x4e20, 0x4, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0xfffffffffffffffe}, {0x0, 0x0, 0xfffffffffffffffc, 0xff}, 0x0, 0x0, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0x3c}, 0x0, 0x32}, 0x0, @in=@private=0xa010100, 0x0, 0x2, 0x0, 0xb7, 0xfffffffe, 0xffffff7e}}, 0xe8)
sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x1c)

6m57.98874449s ago: executing program 36 (id=705):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
syz_open_dev$vim2m(0x0, 0x0, 0x2)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000140)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
r3 = syz_open_procfs(0xffffffffffffffff, 0x0)
pread64(r3, 0x0, 0x0, 0x200)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000480), 0xffffffffffffffff)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@multicast2, @in6=@mcast1, 0x4e20, 0x4, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0xfffffffffffffffe}, {0x0, 0x0, 0xfffffffffffffffc, 0xff}, 0x0, 0x0, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0x3c}, 0x0, 0x32}, 0x0, @in=@private=0xa010100, 0x0, 0x2, 0x0, 0xb7, 0xfffffffe, 0xffffff7e}}, 0xe8)
sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x1c)

6m46.050637021s ago: executing program 0 (id=724):
syz_emit_ethernet(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
r1 = io_uring_setup(0x3824, 0x0)
syz_io_uring_setup(0x249a, 0x0, &(0x7f0000000300)=<r2=>0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, 0x0)
syz_ublk_add_dev(r1, r2, 0x0, 0x0, 0x0, &(0x7f00000004c0))
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000019240)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
close(0x3)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'trusted:', 'syz', 0x20, 0xffd}, 0x2d, 0x0)
r5 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
keyctl$read(0xb, r5, &(0x7f0000000240)=""/112, 0x349b7f55)

6m44.179954334s ago: executing program 0 (id=727):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'bridge0\x00'})
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000280)='./file1\x00', 0x2200008, &(0x7f00000003c0)={[{@data_err_abort}, {@init_itable}, {@norecovery}, {@mblk_io_submit}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@jqfmt_vfsv1}, {@inlinecrypt}, {@grpquota}, {@init_itable_val={'init_itable', 0x3d, 0x7}}]}, 0x3, 0x5ad, &(0x7f0000001000)="$eJzs3U1rG9caAOB35I983hsHQrj3Li6GLJqSRo7tfqRQSLosbWig3afCVkywHAVLDrEbSLJoNt2UUCilgdIf0H2XoX+gf6GbQBsIJZh2kY3KSKNYkS3bkkXsWs8Do5wzc5Qz78ycM2c0YyaAgTWefuQi/hsRXyURx1qWDUe2cLxRbvXZ7Zl0SqJW++SPJJJsXrN8kv17JMv8JyJ+/iLiTG59vZXllflCqVRczPIT1YUbE5XllbPXFgpzxbni9anp6fNvTU+9+87bfYv19ct/ffvxow/Of3lq9Zsfnxx/kMTFOJota8ZxaGdV3G3NjMd4tk1G4mJbwcmd1bPnJLu9AvRkKGvnI5H2AcdiKGv1wP53JyJqwIBKtH8YUM1xQPPavvV6fhA8fb9xAbQ+/uHGbyNx8ED6eXg1eenKKL3eHetD/WkdP/3+8EE6RdvvKe3uvJwd6kP1wAC7ey8izg0Pr+//kqz/6925+o/Hm2uvY9DOP7CbHqXjnzc2Gv/kmuOf+mf7+OfIBm23F1u3/9yTtiJJP+81pOO/9zYc/77ousaGsty/6mO+keTqtVLxXET8OyJOx8iBNL/Z/Zzzq49rnZa1jv/SKa2/ORbM1uPJ8IGXvzNbqBZ2EnOrp/ci/rc2/k1iXf9/sD7Wbd//6fa4vM06ThYf/r/Tsq3jb3Vn+4FtU+2HiNc23P9rR1my+f3JifrxMNE8Ktb78/7JXzrV3138/ff0XuNA3yT+saT1fm2l+zq+P/i82GlZr8f/aPJpPT3amPW8VqhWFycjRpOPWufHrXT+1Np3m/lbWfn0+D99avP+b6Pj/1BEfLbN+O+fuN+xaLf7f4f3p9dJ45/tav93n3j84eff9R5/uv/frKdOZ3O20/9tdwV3su0AAAAAAABgr8lFxNFIcvkX6Vwun28833EiDudK5Ur1zNXy0vXZqP+t7FiM5Jp3uo+1PA8xmT0P28xPteWnI+J4RHw9dKiez8+US7O7HTwAAAAAAAAAAAAAAAAAAADsEUc6/P1/6jdvmIL9zyu/YXA12v9o5wL9eNMTsCd1OP/3/21bwJ5j/A+DS/uHwVVv/x1f0QnsZ87/MLh6aP8eDYB9wvkfBtdw3N3tVQAAAAAAAAAAAAAAAAAAAAAAAAAAAID95PKlS+lUW312eybNz95cXpov3zw7W6zM5xeWZvIz5cUb+blyea5UzM+UF7b6/0rl8o3JqVi6NVEtVqoTleWVKwvlpevVK9cWCnPFK8WRVxIVAAAAAAAAAAAAAAAAAAAA/LNUllfmC6VScbGrxK/Ry7fWErkd1f6qExdiT6xGz4lkq+18IdsdPVUxvPsBSnSXGMr296aFd6lDAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAN/B0AAP//UaowBw==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfffff000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'macsec0\x00'})
r4 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82)
read$msr(0xffffffffffffffff, 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, r4)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x80c0)

6m40.846929783s ago: executing program 0 (id=729):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet(0x2, 0x4000000000000001, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0xa, 0x4, 0x8, 0x8, 0x82}, 0x50)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100))
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1, 0xfffffffc}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000100000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bca2000000000000a6020000f8ffffffb703000018000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r3=>0x0})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{r0}, &(0x7f00000004c0), &(0x7f0000000500)=r1}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={r1, r3, 0x25, 0x2, @void}, 0x10)

6m37.279447152s ago: executing program 7 (id=731):
syz_emit_ethernet(0x42, &(0x7f0000000400)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @broadcast, @void, {@arp={0x806, @ether_ipv6={0x1, 0x86dd, 0x6, 0x10, 0x9, @link_local, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @empty, @empty}}}}, 0x0)

6m37.092777499s ago: executing program 7 (id=732):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000005c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000300)={<r1=>0xffffffffffffffff}, 0x111}}, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x662, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ftruncate(0xffffffffffffffff, 0xffff)
r5 = fsopen(0x0, 0x1)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000100)='test_dummy_encryption', 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000000)='test_dummy_encryption', &(0x7f0000000080)='v2\x00ul\x00\x00\x00\x00\x00loc\x8d\x8b#\xe0\xb9\xbd\"\xeb.\xc7]\xa67\x97 \xc9\xfc|\x85o7Z\xdc}U\x8c\xdd\n\xaa?4\xafq\x1d\xf6(\xe6\x9em_\x1a\xbfDi\x15\x81\xd47\x8e\x86\xa2u~FC\x9c\xe3\x98\x87\x98\xf7\xa2\xb5\x12\x8cv\xe4_\x91\xa8G!mm\f\xcf\xfb[\xd5Qf\x15\xfe\xc80\xad\xaa\xe9', 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000400)={0x3, 0x40, 0xfa00, {{0xa, 0x4e22, 0x4, @loopback, 0x5}, {0xa, 0x4e20, 0x3, @mcast2, 0x7ff}, r1, 0x8d4}}, 0x48)
close_range(r0, r0, 0x0)

6m35.308851844s ago: executing program 7 (id=733):
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$inet_sctp(0x2, 0x5, 0x84)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x1000000, 0x8000, 0x4, 0x1}, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x100)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
ioprio_set$pid(0x3, 0x0, 0x0)
r1 = open(&(0x7f0000000040)='./file1\x00', 0x80242, 0x0)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000180)={0xa0, 0xfffffffffffffff5, 0x0, {{0x2, 0x3, 0x5, 0x6, 0x3, 0x4, {0x1, 0x3ff, 0xff, 0x4, 0x100, 0x4, 0x9, 0x7ffffffd, 0x9, 0x8000, 0x0, 0xee00, 0x0, 0x3ff, 0x1}}, {0x0, 0x11}}}, 0xa0)
sendfile(r1, r1, &(0x7f0000000080)=0x2, 0x7f03)

6m30.535890099s ago: executing program 7 (id=744):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = socket$unix(0x1, 0x2, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000540)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=@newqdisc={0x6c, 0x24, 0x4ee4e6a52ff56541, 0x1001, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x40, 0x2, [@TCA_TBF_PRATE64={0xc, 0x5, 0xc2240edb8ac75ac7}, @TCA_TBF_BURST={0x8, 0x6, 0xff}, @TCA_TBF_PARMS={0x28, 0x1, {{0x5a, 0x2, 0x84a, 0x9, 0x1, 0x800}, {0x8c, 0x1, 0xfffc, 0x7fff, 0x4, 0xb}, 0x5, 0x34, 0x91f}}]}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x50)
r7 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdbfe, {0x0, 0x0, 0x0, r8, {0x0, 0x8}, {0xffff, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x8, 0x3, 0x6, 0x1, 0x1, 0xd, 0xfff, 0xfffffffa, 0x8}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x40000b0}, 0x4890)
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56561, 0x70bd2b, 0x1, {0x0, 0x0, 0x0, r10, {0x0, 0x6}, {0x3, 0x8}, {0x7, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

6m30.215087516s ago: executing program 0 (id=745):
syz_mount_image$hfs(&(0x7f0000000180), &(0x7f0000000080)='./file0\x00', 0x4000, &(0x7f0000000280)={[{@part={'part', 0x3d, 0xa0}}, {@umask={'umask', 0x3d, 0x50000}}, {@codepage={'codepage', 0x3d, 'cp950'}}, {@iocharset={'iocharset', 0x3d, 'ascii'}}]}, 0x1, 0x34e, &(0x7f0000000300)="$eJzs3U9r1EwcB/DvJLvb7LOlT2wrBU9SLXgqbT0oHrRI8eIb8CDF2m6hNFbQCloQqxcvIt4EwaM3z6JvQS/iG1A8FBRP9lI8GJnJJJtsZ7Lpuu123e8H3M1u5s9vkplkpqUGRNS3Ls59fnV6S/4TZQAugHOAA8ADSgCOYsy7s7besiA32RKIcopdaRbX6qasHnQOzZefShhMf0f7IwzD8It999fz6u3nwQVEXSHSIzjFAQbgqJGo9nsHHtn+2JTt6jepMyx2sIO7GOpmOERE1H36/u/ou8Sgnr87DjCh5+E9ev9PIs7Mb3a6Esvhkdz/nehzKOTx+V/tkuu9lfWgvhQt4eTZd+JVoqksY58IXVT0pnp3ALeWmnKlajFTsTjV5ZWgPrmpCniEC1oq2ah6XULcEJkUtmh1ROOGtWmOvLbnq6k2lGUbZizxj+TVaFwAv/uO5+bq5j8UiEm8Fx/FvPDxAkvJ/K8UCnlw1PHxm4ZKFP+UvUTVSj9KlWllI/wjqpJj8Rl4+7rRyqrtuHpwZSwmshTRPH/34zifVey5MIzsjxWi1k3bW6dyjQAloTtXI9dMkuiXMddoc13V5XJQn1y8Gdg6fWcZV3TiqbgixvEDbzCXmv87MvUE7CMzM8rFBPB4W/eM3PaUVJmW85ihBvCN4iOzXDjlv+6S8UQ3+Zb9+ATXcRZDt+9trC4EQf1W9zfiodJm9uMdjifqiLo7ym/keyoNPLkhO2HHKv0dhqFxVwkFy5GDtO0wogF15mWjyRurC0Jf83bnclC8CnnlbNo1a08MYBaA/ia+IrTTrgdJrgFdoF8w+7Y82+obc4eMozqAARJXldnlYqDQSKm2Uenl+6sLQdtXI+ohjZOOsavJBFnijwb7hJx3iWj9l1qvTKmrjnzxc9Y/YavCUyVOW1ZAw+r1v2QFp7RYc9XsK7havNFizXXiFHCykq3RQVzjw+ZifR0nDuNvJff+qwwxh0+4xkFORERERERERERERERERERERERERNRr9vrXCO38OUG2xq0+/I83iIiIiIiIiIiIiIiIiIiIiIiIiIiIiIj+TuP5v8nzXSqm5//mPalJcaMnxHideP6vW+D5v2KzWAOJyOpPAAAA//9md2BL")
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f00000002c0)='./file0\x00', 0x1200082, &(0x7f0000000500)=ANY=[@ANYBLOB="6572726f72733d636f6e74696e75652c6572726f72733d636f6e74696e75652c757466382c756d61736b3d30303030303030303030303030303030303032313632362c696f636861727365743d63703935302c646973636172642c616c6c6f775f7574696d653d3030303030303030352c6572726f72733d72656d6f756e742d726f2c646973636172642c00d50194377d24b5953951fbb0e6d2204f459a2129e54509e955e3ac3e9dd76061aeb341a8ae53564e806289fad8cab1be25d1de2b9d46be57d2e9c2ded432413ab147de643c400dba4f15a90c962bcd8d805d7d5f57"], 0x5, 0x1530, &(0x7f0000002f80)="$eJzs3AuYjlX3MPC19t43Y5r0NMlh2Huvm4cG2yRJDklySJIkSc4JSZMkCYkhp6QhCTlOyGEIyWFi0jifDzknyStJkpCQZH/XdPj83/q/V/2/t/fz/t9Zv+u6r9lrnmetZ93Pmmvuw3PNfNVteK0mtas3IiL4p+DPX1IAIAYABgPANQAQAED5+PLx2Y/nkZjyz70I+2s9mH6lO2BXEs8/Z+P552w8/5yN55+z8fxzNp5/zsbzz9l4/ozlZNtmFbqWt5y7/XL/Pwb4/n8OxMf/nI3n/x/De9/nf5zE88/ZeP45G88/Z+P552w8/5yN55+z2N/EPH/GcrK/5D5y7l+K/cPniP/NnzP8+lb9k3WKBz+X+Vf1Gfw/5V2hHzvGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYYznMeX+ZAoBf11e6L8YYY4wxxhhjjP11fO4r3QFjjDHGGGOMMcb+9RBASVAQQC7IDTGQB2LhKoiDqyEvXAMRuBbi4TrIB9dDfigABaEQJEBhKAIaDFggCKEoFIMoFIcScAMkQkkoBaXBQRlIghuhLNwE5eBmKA+3QAW4FSpCJagMVeA2qAq3QzW4A6rDnVADakItqA13QR28G+rCPVAP7oX6cB80gPuhITwAjeBBaAwPQRN4GJpCM2gOLaAltILWv82HP5P/PPSCF6A39IEU6Av94EXoDwNgIAyCwfASDIGXYSi8AqkwDIbDqzACXoOR8DqMgtEwBt6AsTAOxsMEmAiTIA3ehMkwBabCWzANpsMMmAnpMAtmw9swB+bCPHgH5sO7sAAWwiJYDBnwHiyBpZAJ78My+ACyYDmsgJWwClbDGlgL62A9bICNsAk2wxbYCtvgQ9gOO2An7ILdsAf2wkewDz6G/fAJHIBP/4f5536T3x0BAQUKVKgwF+bCGIzBWIzFOIzDvJgXIxjBeIzHfJgP82N+LIgFMQEAi2ARNGiQkLAoFsUoRrEElsBETMRSWAodOkzCJCyLN2E5LIflsTxWwApYESthJayCVbAqVsVqWA2r37oQAGtgLayFd+FdeDfWxbpYD+thfayPDbABNsSG2AgbYWNsjE2wCTbFptgcm2NLbImtsTW2wTbYFttie2yPHbADdsSOmIzJ2Ak7YWfsjF2wC3bFrtgNu2F37IE98Hl8Hl/AF7AP1hB9sR/2w/7YHwfiIByEL+EQfBlfximYisNwOL6Kr+JrOBLP4igcjWNwDFYV43A8TkASkzAN03AyTsapOBWn4XScjjMxHWfhbJyNc3AuzsV3cD6+i+/iQlyIizEDM3AJLsVMzMRleA6zcDmuwJW4CgBX4Vpch2txA27EDbgZN+NW3Iof4oe4A3fgLtyFe3APfoQf4cf4MaZiMwA4iAfxEB7Cw3gYj+ARPIpH8Rgew+N4HE/gCTyJp/A0nsIzeAbP4jk8j+fxAl7Ai/hswheN95RcnwoimxJK5BK5RIyIEbEiVsSJOJFX5BURERHxIl7kE/lEfpFfFBQFRYJIEEVEEWGEESRCUVQUFVERFSVECZEoEkUpUUr0FU4kiSRRVpQV5UQ5UV7cIiqIW0VFUUm0c1VEFVFVtHfVxB2iuqguaoiaopaoLWqLOqKOqCvqinqinqgv6gsFAA1FXxyID4rsyTQRw7CpGI7NRQvRUrQSr+Ejoo0YiW1FO9FePCZG4yjsKNq4ZPGk6CTGY2fxtJiAz4iuYhJ2E8+J7qKH6CmeF71EW9db9BHTsK/oJ2ZifzFADBSDxBysKbInVku8IlLFMDFcvCoW42tipHhdjBKjxRjxhhgrxonxYoKYKCaJNPGmmCymiKniLTFNTBczxEyRLmaJ2eJtMUfMFfPEO2K+eFcsEAvFIrFYZIj3xBKxVGSK98Uy8YHIEsvFCrFSrBKrxRqxVqwT68UGsVFsEpvFFrFVbBMfiu1ih9gpdondYo/YKz4S+8THYr/4RBwQn4qD4m/ikPhMHBafiyPiC3FUfCmOia/EcfG1OCH6iJPilDgtvhVnxHfirDgnzovvxQXxg7gofhSXhBcgUQoppZKBzCVzyxiZR8bKq2ScvFrmldfIiLxWxsvrZD55vcwvC8iCspBMkIVlEamlkVaSDGVRWUxGZXFZQt4gE2VJWUqWlk6WkUnyRllW3iTLyZtleXmLrCBvlRVlJVlZVpG3yarydllN3iGryztlDVlT1pK15V2yjrxb1pX3yHryXllf3icbyPtlQ/mAbCQflI3lQ7KJfFg2lc1kc9lCtpStZGv5iGwjH5VtZTvZXj4mO8jHZUf5hEyWT8pO8inZWT4tu8hnZFf5rOwmn5PdZQ/ZU/4oL0kve8s+MkX2lf3ki7K/zD4WDpKD5UtyiHxZDpWvyFQ5TA6Xr8oR8jU5Ur4uR8nRcox8Q46V4+R4OUFOlJNkmnxTTpZT5FT5lpwmp8sZcqZMl7PkwF8qzfsT+VN+zff48yFZzpJDU1LlsJStcpv8UG6XO+ROuUvulnvkXrlX7pP75H65Xx6QB+RBeVAekofkYXlYHpFH5FF5VB6Tx+RxeVyekCfkSXlKfi+/lWfkd/KsPCfPye/lBXlBXvzlPQCFSiiplApULpVbxag8KlZdpeLU1SqvAAB1rYpX16l86nqVXxVQBVUhlaAKqyJKK6OsIhWqoqqYiqriqoS6QSWqkqqUKq2cKqOS1I0q8k/m/31/8tf+Vs74+Z1SrVVr1Ua1UW1VW9VetVcdVAfVUXVUySpZdVKdVGfVWXVRXVRX1VV1U91Ud9Vd9VQ9VS/VS/VGUCkqRfVTL6r+aoAaqAapweolNUQNUUPVUJWqUtVwNVyNUCPUSDVSjVKj1Bg1Ro1VY9V4NV5NVBNVmkpTk9VkNVVNVdPUNDVDzVDpKl3NVrPVHDVHzVPz1Hw1Xy1QC9QitUhlqAy1RC1RmSpTLVPLVJZarparlWqlWq1Wq7VqrVqv1quNaqParDarLLVNbVPb1Xa1U+1Uu9VutVftVfvUPrVf7VcH1AF1UB1Uh9QhdVgdVkfUEXVUHVXH1DF1XB1XJ9QJdVKdVKfVaXVGnVFn1Vl1Xp1XF9QFdVFdVJfUpezTvkAEIlCBCnIFuYKYICaIDWKDuCAuyBvkDSJBJIgP4oN8wfVB/qBAUDAoFCQEhYMigQ5MYAMKwqBoUCyIBsWDEsENQWJQMigVlA5cUCZICm4MygY3BeWCm4PywS1BheDWoGJQKagcVAluC6oGtwfVgjuC6sGdQY2gZlArqB3cFdQJ7g7qBvcE9YJ7g/rBfUGD4P6gYfBA0Ch4MGgcPBQ0CR4OmgbNguZBi6Bl0Cpo/VfVx+z63p8t8Kjrrfvo3NBX99Mv6v56gB6oB+nB+iU9RL+sh+pXdKoepofHvKpH6Nf0SP26HqVH6zH6DT1Wj9Pj9QQ9UU/SafpNPVlP0VP1W3qanq5n6Jk6Xc/Ss/Xbeo6eq+fpd/R8/a5eoBfqRXqxztDv6SV6qc7U7+tl+gOdpZfrFXqlXqVX6zV6rV6n1+sNeqPepDfrLXqr3qY/1Nv1Dr1T79K79R69V3+k9+mP9X79iT6gP9UH9d/0If2ZPqw/10f0F/qo/lIf01/p4/prfUJ/o0/qU/q0/laf0d/ps/qcPq+/1xf0D/qi/lFf0j775D778G6UUSaXyWViTIyJNbEmzsSZvCaviZiIiTfxJp/JZ/Kb/KagKWgSTIIpYoqYbGTIFDVFTdRETQlTwiSaRFPKlDLOOJNkkkxZU9aUM+VMeVPeVDAVTEVT0VQ2lc1t5jZzu7nd3GHuMHeaO01NU9PUNrVNHVPH1DV1TT1Tz9Q39U0D08A0NA1NI9PINDaNTRPTxDQ1TU1z09y0NC1Na9PatDFtTFvT1rQ37U0H08F0NB1Nskk2nUwn09l0Nl1MF9PVdDXdTDfT3XQ3PU1P08v0Mr1Nb5NiUkw/08/0N/3NQDPQDDaDzRAzxAw1Q02qSTXDzXAzwowwI81IM8qMNmPMG2asGWfGmwlmoplk0kyamWwmm6lmqplmppkZZoZJN+lmtplt5pg5Zp6ZZ+ab+WaBWWAWmUUmw2SYJWaJyTSZZplZZrJMlllhVphVZpVZY9aYdWad2WA2mE1mk9litphtZpvZbrabnWan2W12m71mr9ln9pn9Zr85YA6Yg+agOWQOmRg4bI6YI+aoOWqOmWPmuDluTpgT5qQ5aU6b0+aMOWPOmrPmvDlvLpgfzEXzo7lkvImxeWysvcrG2attXnuN/W1c0BayCbawLWK1zW8L/F1srLWJtqQtZUtbZ8vYJHvj7+KKtpKtbKvY22xVe7ut9ru4jr3b1rX32Hr2Xlvb3vV3cX17n21gH7YNbTPbyLawjW0r28Q+bJvaZra5bWFb2la2g33cdrRP2GT7pO1kn/pdvMQutevservBbrT77Mf2vP3eHrNf2Qv2B9vb9rGD7Ut2iH3ZDrWv2FQ77HfxGPuGHWvH2fF2gp1oJ/0unmFn2nQ7y862b9s5du7v4gz7np1vM+0Cu9Ausot/irN7yrTv22X2A5tll9sVdqVdZVfbNXbt/+11pd1st9itdq/9yG63O+xOu8vutnt+irP3Y7/9xB6wn9qj9kt7yH5mD9vj9oj94qc4e/+O26/tCfuNPWlP2dP2W3vGfmfP2nM/7X/2vn9rf7SXrLdASIIkKQooF+WmGMpDsXQVxdHVlJeuoQhdS/F0HeWj6yk/FaCCVIgSqDAVIU2GLBGFVJSKUZSKUwm6gRKpJJWi0uSoDCXRjVSWbqJydDOVp1uoAt1KFakSVaYqdBtVpdupGt1B1elOqkE1qRbVpruoDt1Ndekeqkf3Un26jxrQ/dSQHqBG9CA1poeoCT1MTakZNacW1JJaUWt6hNrQo9SW2lF7eow60OPUkZ6gZHqSOtFT1Jmepi70DHWlZ6kbPUfdqQf1pOepF71AvakPpVBf6kcvUn8aQANpEA2ml2oAAA2lVyiVhtFwepVG0Gs0kl6nUTSaxtAbNJbG0XiaQBNpEqXRmzSZptBUeoum0XSaQTMpnWbRbHqb5tBcmkfv0Hx6lxbQQlpEiymD3qMltJQy6X1aRh9QFi2nFbSSVtFqWkNrfW4A2kAbaRNtpi20lbbRh7SddhDSLtpNe2gvfUT76GPaT5/QAfqUDhLiIfqMDtPndIS+oKP0JR2jr+g4fU0n6Bs6SafoNH1LZ+g7Okvn6Dx9TxfoB7pIP9Il8gQhhiKUoQqDMFeYO4wJ84Sx4VVhXHh1mDe8JoyE14bx4XVhvvD6MH9YICwYFgoTwsJhkVCHJrQhhWFYNCwWRsPiYYnwhjAxLBmWCkuHLiwTJoU3hmXDm8Jy4c1h+fCWsEJ4a1gxrBQ+fG+V8Lawanh7WC28I6we3hnWCGuGtcLa4V1hnfDusG54T1gvvDcsF94XNgjvDxuGD4SNwgfDxuFDYZPw4bBp2CxsHrYIW4atwtbhI2Gb8NGwbdgubB8+FnYIHw87hk+EyeGTYafwqT98PCXsG/YLXwxfDL2/Ry6KLo5mRN+LLokujWZG348ui34QzYouj66Iroyuiq6Oromuja6Lro9uiG6Mbopujm6Jbo16Xzs3OHTCSadc4HK53C7G5XGx7ioX5652ed01LuKudfHuOpfPXe/yuwKuoCvkElxhV8RpZ5x15EJX1BVzUVfclXA3uERX0pVypZ1zZVySa+Vau9aujXvUtXXtXHv3mHvMPe4ed0+4J9yTrpN7ynV2T7su7hnX1T3rnnXPue6uh+vpnne93Auut+vjUlyK6+f6uf6uvxvoBrrBbrAb4oa4oW6oS3Wpbrgb7ka4EW6kG+lGuVFujBvjxrqxbrwb7yb6iS7NpbnJbrKb6qa6aW6am+FmuHSX7ma72W6Om+PmuXlufuJ8t8AtcIvcIpfhMtwSt8Rluky3zC1zWS7LrXAr3Cq3yq1xa9w6t85tcBvcJrfJbXFb3Da3zW13291Ot9PtdrvdXrfX7XP73H633x1wB9xBd/C8d4fcYfe5O+K+cEfdl+6Y+8odd1+7E+4bd9Kdcqfdt+6M+86ddefcefe9u+B+cBfdj+6S8y4t8mZkcmRKZGrkrci0yPTIjMjMSHpkVmR25O3InMjcyLwIwvzIu5EFkYWRRZHFkYzIe5ElkaWRzMj7kWWRDyJZkeWRFZGVkVWR1RHvC28PfVFfzEd9cV/C3+ATfUlfypf2zpfxSf5GX9bf5Mv5m315f4uv4G/1FX0lX9k38819C9/St/Kt/SO+jX/Ut/XtfHv/mO/gH/cd/RM+2T/pO/mnfGf/tO/in/Fd/bO+m3/Od/c9fE//vO/lX/C9fR+f4vv6fv5F398P8AP9ID/Yv+SH+Jf9UP+KT/XD/HD/qh/hX/Mj/et+lB/tx/g3/Fg/zo/3E/xEP8mn+Tf9ZD/FT/Vv+Wl+up/hZ/p0P8vP9m/7OX6un+ff8fP9u36BX+gX+cU+w7/nl/ilPtO/75f5D3yWX+5X+JUeYlb7NX6tX+fX+w1+o9/kN/stfqvf5j/02/0Ov9Pv8rv9Hr/Xf+T3+Y/9fv+JP+A/9Qf93/wh/5k/7D/3R/wX/qj/0h/zX/nj/mt/wn/jT/pT/rT/1p/x3/mz/pw/77/3F/wP/qL/0V/iv1ljjDHGGPtT5B883ve/+Z74ZcvWDwCu3lHoyG9rbsr/83qASOgQAYAn+3R78JdPN1Jq1EhJSfnluVkSgmILASByOT8XXI6XQ3t4HJKhHZT9b/sbIHpcoF/q/7r9tn70FoDY/5ITA5fjy/Vv+gf1x83/w/oLARKLXc7JA5fjy/XL/YP6Bdr8Qf08n6UBtP0vOXFwOb5cPwkehacg+Y8G+rODf+pZjDHGGGOMMcb+YwwQlbv80fVt9vV5grqckxsux390ff6TP3dNyhhjjDHGGGOMsX+RZ3r0fOKR5OR2Xa7UAuBKvjov/swi179HG/9hC/nv0cY/Wlzp30yMMcYYY4yxv9rlk/4r3QljjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMZZz/f/4d2JXeh8ZY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4yxK+3/BAAA//9MkSIw")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x105042, 0xb)
mmap$IORING_OFF_SQ_RING(0x0, 0x3000, 0x2, 0x11, r0, 0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x101e01, 0x0)
connect$inet(r1, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
shutdown(r1, 0x1)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
truncate(&(0x7f0000000280)='./file1\x00', 0x1bf8)

6m24.484658265s ago: executing program 0 (id=747):
r0 = socket(0x2b, 0x1, 0x1)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
syz_open_procfs(0x0, &(0x7f0000000200)='uid_map\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x32, 0x0)
get_robust_list(0x0, 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8)
keyctl$dh_compute(0x17, 0x0, 0x0, 0x0, 0x0)
mknod$loop(&(0x7f0000000280)='./file0\x00', 0xfff, 0x1)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[@ANYBLOB="1400000042000501"], 0x14}}, 0x40044)
recvmmsg(r2, &(0x7f0000000000)=[{{0x0, 0x0, &(0x7f00000002c0)=[{0x0}], 0x1}}], 0x1, 0x2, 0x0)
socket$kcm(0x2, 0xa, 0x2)

6m23.276116616s ago: executing program 7 (id=763):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$unix(0x1, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r1, 0x0, 0x0)
rmdir(&(0x7f0000000000)='./file0\x00')
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002abd7000fddbdf250700000008000300", @ANYRES32, @ANYBLOB="0c009900ff070000700000001400040073797a6b616c6c6572300000000000000800050006"], 0x60}, 0x1, 0x0, 0x0, 0x81}, 0x24044884)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r5)
r6 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_buf(r6, 0x0, 0x9, &(0x7f0000000280)=""/117, &(0x7f0000000340)=0x75)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
r7 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r7, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8)

6m22.305900269s ago: executing program 7 (id=755):
sendmsg$inet(0xffffffffffffffff, 0x0, 0x4000000)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbee3, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000540)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x20000080)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$nilfs2(&(0x7f0000000180), &(0x7f0000000300)='./bus\x00', 0x1004010, &(0x7f0000001040)=ANY=[], 0x11, 0xaf0, &(0x7f0000001940)="$eJzs3V2IXFcBAOBzZ3c2u2lrJjWxaxrbpNW2/nTTbNb4EzQpCYKhKeJLofgS0rQGYwQrqKXQJE++2VJS8MkffOpLqSJYEAl98qVgA0XoUxX0oSFiwYcaTUZ255yZOyczmZn9mdnNfB/cPXPuOXfOubN37ty/c04AxlZl6e/CwmwRwoU3Xj7y/gP/mFmcc7CZo7b0d7IUq4YQihifzN7vvYlGeO2D5090Coswv/Q3xcPjV5rL3hZCOBt2hYuhFnZcuPTSW/OPHTt39Pzut189cHlt1h4AAMbLNy4eWNj+1z/fvfXqa/ccCpua89PxeS3NmG4c9x+KB/7p+L8S2uNFaSqbyvJNxqky055vokO+cjnVLN9kl/KnsvKrXfJtCjcvf6I0r9N6w0aWtuNaKCpzIYTNzXilMjfXOCcPS+f1U8XcmVOnn352RBUFVt2/7w0h7CpNh8+3x9fbdHAd1GGZU30d1GHdTZU+8hwaXn2u1htG/rkMaapvGfUeCKAhv194g7P5lYWVab7bZH/lX3m00nl5WAXD3v4HKn9qxOUH5f/6nD0Oq+dW3ZrSeqXv0e0xnt9HyJ9feuUP7cu15Hc62ufm9yOqfdaz232EjXJ/oVs9J4Zcj+XqVv98u7hVfSWG6XP4alvqvW3fn/x/ulH+x0BnH+bX/00m0/qeQlu8upL3qo94/wOsX/lzc/V0fzTKn+vL0zf1SJ/ukT7TI31zj/TbeqTDOPvtD34aXixa17vyc/pBr4en62x3xPAjA9Ynvx45aPn5c7+DWmn5+fPEsJ79/vgTJ7/41JOXGs//F83t/3rc3tPpRi1+ty7GDOl6YX5dvfnsf629nEqXfHdm9bmjQ/6l19taebYsLrut9T6htJ+5oR6z7e+/pVu+ne35alm+mThNZ/XNj082Z8ul44+0X02f12S2vtVsPaayeqT9ytYY5vWA5UjbY3r+v9UeoPH8f9o+Z0O1ePrU6ZOPxHjaTv80Ud20OH/vkOsNrJ5u3//0+zUb2tv/3N6cX62U9wtbWvOLxn7h9fh+7fPnm+WU5pd+1NLv3LcnZpbyz5343umn1mC9YZw9++PnvnP89OmT3/di2S++tj6qMciLdNqyXurjxaAvdq11ESPeMQFrbs8LjYOAh0999/gzJ585eWbf/v375uf3f2nfwp6l4/o95aP7srMjqC2wmlo/+qOuCQAAAAAAAAAAANCvHx49cumdN7/wbqP9f6v9X2r/n578Te3/f5K1/8/byad28Kkd4NYO6Ut5sg5Wp7J81Th9NKtv6gageKERbs+W+1gMm+P4xfb/qbi8X9dUn7uy+dUu0aw7gRv6S5nK+iDJxwu8L4bnY/irACNUzHSeHcOb9G9dfFja1lP/FKUmvHX9A28c6f+W91+U2n937NepQ3ttNpZhtFgc9ToCnf1zrPr//ldrxUdeF1P3aXK45f1sfLeJeukovf3cuN8RbABWx6jH//x7aJSbrn+e+ePXpxenlO3Ko+1XNfL+S2EQf3mnPb7ex59c6/LzcfuGXf6o13/Y4382x7+L+7+03+u+/8tGzKstr9z//Pzyu6Viw45+y8/XP/UDvW2w8q/G8tPaPBj6K7/+y6z8/IZQn/6blb+5z/JvWP+dyyv/f7H89LE9dH+/5TdqXFTa6zGTrUe6/5dfN06uZeuf+va8SfnffK7T+i9zoMbrsXwYZxtlnNlBZccRzYP2XuP/Dvr7v9Lxf5uVzXZr+XMYn4/xtCNOzznk450MWv/0fEX6HdievX/R4/fN+L8b25dj2Ov7kMb/TdtjLf7kl+JLn2WKVzt8trfqvgY2qvfG6v7fsKbLjdOg5S0/Pfr6D2+qrYM6rHCqTyxjueZzViOuf71eX9sLWj2MtHBG/vl3O08Y1t3nUZ+n3Dfi8nvJx//Nj+Hz8X/z9Hz83zw9H/83T5+J/6H3u6Tn4//m23M+/m+eflf2vvn4wLM90j/eIb0IrfQdnZdvnrbf3eP9d/ZI/0SP9N3N9INtOVL6PTddvpWv2/vf2SP9/h7pn+yR/qke6Q/0SH+olF4eAzqlfzpbviilXx+DYaLT/qfb5wfcuvL2eb7/MD7S/Z9u3/9trfSpcpbh1hJYC6+8tvfwk7/5Vq3R/n+qeT0k3cc7FOPVeG70oxjP73uHUnwx7c0Y/1uWPurrTUBL3n9G/vv/YI90YONKz3n5fsMYKqY7z45hr36ruh3ns7F8JoafjeHnYvhwDOdiuCeGe2M4P6T6sTYOv/67Ay8WrfP9LVl6v8+T5+2B2vqJCiHs67M++fWBQZ9nz/vxG9RKy19mczAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICRqSz9XViYLUK48MbLR544dmrP4pyDzRy1pb+TpVi1uVwIj8RwIoa/iC+uffD8iXJ4PYZFmA9FKJrzw+NXmiXdFkI4G3aFi6EWdly49NJb848dO3f0/O63Xz1wee0+AQAAALj1/T8AAP//3j0KOg==")
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x1cf082, 0x80)
sendfile(r4, r4, 0x0, 0x7a680000)

6m8.671281208s ago: executing program 37 (id=747):
r0 = socket(0x2b, 0x1, 0x1)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
syz_open_procfs(0x0, &(0x7f0000000200)='uid_map\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x32, 0x0)
get_robust_list(0x0, 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8)
keyctl$dh_compute(0x17, 0x0, 0x0, 0x0, 0x0)
mknod$loop(&(0x7f0000000280)='./file0\x00', 0xfff, 0x1)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[@ANYBLOB="1400000042000501"], 0x14}}, 0x40044)
recvmmsg(r2, &(0x7f0000000000)=[{{0x0, 0x0, &(0x7f00000002c0)=[{0x0}], 0x1}}], 0x1, 0x2, 0x0)
socket$kcm(0x2, 0xa, 0x2)

6m6.491844054s ago: executing program 38 (id=755):
sendmsg$inet(0xffffffffffffffff, 0x0, 0x4000000)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbee3, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000540)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x20000080)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_mount_image$nilfs2(&(0x7f0000000180), &(0x7f0000000300)='./bus\x00', 0x1004010, &(0x7f0000001040)=ANY=[], 0x11, 0xaf0, &(0x7f0000001940)="$eJzs3V2IXFcBAOBzZ3c2u2lrJjWxaxrbpNW2/nTTbNb4EzQpCYKhKeJLofgS0rQGYwQrqKXQJE++2VJS8MkffOpLqSJYEAl98qVgA0XoUxX0oSFiwYcaTUZ255yZOyczmZn9mdnNfB/cPXPuOXfOubN37ty/c04AxlZl6e/CwmwRwoU3Xj7y/gP/mFmcc7CZo7b0d7IUq4YQihifzN7vvYlGeO2D5090Coswv/Q3xcPjV5rL3hZCOBt2hYuhFnZcuPTSW/OPHTt39Pzut189cHlt1h4AAMbLNy4eWNj+1z/fvfXqa/ccCpua89PxeS3NmG4c9x+KB/7p+L8S2uNFaSqbyvJNxqky055vokO+cjnVLN9kl/KnsvKrXfJtCjcvf6I0r9N6w0aWtuNaKCpzIYTNzXilMjfXOCcPS+f1U8XcmVOnn352RBUFVt2/7w0h7CpNh8+3x9fbdHAd1GGZU30d1GHdTZU+8hwaXn2u1htG/rkMaapvGfUeCKAhv194g7P5lYWVab7bZH/lX3m00nl5WAXD3v4HKn9qxOUH5f/6nD0Oq+dW3ZrSeqXv0e0xnt9HyJ9feuUP7cu15Hc62ufm9yOqfdaz232EjXJ/oVs9J4Zcj+XqVv98u7hVfSWG6XP4alvqvW3fn/x/ulH+x0BnH+bX/00m0/qeQlu8upL3qo94/wOsX/lzc/V0fzTKn+vL0zf1SJ/ukT7TI31zj/TbeqTDOPvtD34aXixa17vyc/pBr4en62x3xPAjA9Ynvx45aPn5c7+DWmn5+fPEsJ79/vgTJ7/41JOXGs//F83t/3rc3tPpRi1+ty7GDOl6YX5dvfnsf629nEqXfHdm9bmjQ/6l19taebYsLrut9T6htJ+5oR6z7e+/pVu+ne35alm+mThNZ/XNj082Z8ul44+0X02f12S2vtVsPaayeqT9ytYY5vWA5UjbY3r+v9UeoPH8f9o+Z0O1ePrU6ZOPxHjaTv80Ud20OH/vkOsNrJ5u3//0+zUb2tv/3N6cX62U9wtbWvOLxn7h9fh+7fPnm+WU5pd+1NLv3LcnZpbyz5343umn1mC9YZw9++PnvnP89OmT3/di2S++tj6qMciLdNqyXurjxaAvdq11ESPeMQFrbs8LjYOAh0999/gzJ585eWbf/v375uf3f2nfwp6l4/o95aP7srMjqC2wmlo/+qOuCQAAAAAAAAAAANCvHx49cumdN7/wbqP9f6v9X2r/n578Te3/f5K1/8/byad28Kkd4NYO6Ut5sg5Wp7J81Th9NKtv6gageKERbs+W+1gMm+P4xfb/qbi8X9dUn7uy+dUu0aw7gRv6S5nK+iDJxwu8L4bnY/irACNUzHSeHcOb9G9dfFja1lP/FKUmvHX9A28c6f+W91+U2n937NepQ3ttNpZhtFgc9ToCnf1zrPr//ldrxUdeF1P3aXK45f1sfLeJeukovf3cuN8RbABWx6jH//x7aJSbrn+e+ePXpxenlO3Ko+1XNfL+S2EQf3mnPb7ex59c6/LzcfuGXf6o13/Y4382x7+L+7+03+u+/8tGzKstr9z//Pzyu6Viw45+y8/XP/UDvW2w8q/G8tPaPBj6K7/+y6z8/IZQn/6blb+5z/JvWP+dyyv/f7H89LE9dH+/5TdqXFTa6zGTrUe6/5dfN06uZeuf+va8SfnffK7T+i9zoMbrsXwYZxtlnNlBZccRzYP2XuP/Dvr7v9Lxf5uVzXZr+XMYn4/xtCNOzznk450MWv/0fEX6HdievX/R4/fN+L8b25dj2Ov7kMb/TdtjLf7kl+JLn2WKVzt8trfqvgY2qvfG6v7fsKbLjdOg5S0/Pfr6D2+qrYM6rHCqTyxjueZzViOuf71eX9sLWj2MtHBG/vl3O08Y1t3nUZ+n3Dfi8nvJx//Nj+Hz8X/z9Hz83zw9H/83T5+J/6H3u6Tn4//m23M+/m+eflf2vvn4wLM90j/eIb0IrfQdnZdvnrbf3eP9d/ZI/0SP9N3N9INtOVL6PTddvpWv2/vf2SP9/h7pn+yR/qke6Q/0SH+olF4eAzqlfzpbviilXx+DYaLT/qfb5wfcuvL2eb7/MD7S/Z9u3/9trfSpcpbh1hJYC6+8tvfwk7/5Vq3R/n+qeT0k3cc7FOPVeG70oxjP73uHUnwx7c0Y/1uWPurrTUBL3n9G/vv/YI90YONKz3n5fsMYKqY7z45hr36ruh3ns7F8JoafjeHnYvhwDOdiuCeGe2M4P6T6sTYOv/67Ay8WrfP9LVl6v8+T5+2B2vqJCiHs67M++fWBQZ9nz/vxG9RKy19mczAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICRqSz9XViYLUK48MbLR544dmrP4pyDzRy1pb+TpVi1uVwIj8RwIoa/iC+uffD8iXJ4PYZFmA9FKJrzw+NXmiXdFkI4G3aFi6EWdly49NJb848dO3f0/O63Xz1wee0+AQAAALj1/T8AAP//3j0KOg==")
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x1cf082, 0x80)
sendfile(r4, r4, 0x0, 0x7a680000)

14.843896464s ago: executing program 9 (id=1682):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r2, 0x0, 0x0)
rmdir(0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002abd7000fddbdf250700000008000300", @ANYRES32=r6, @ANYBLOB="0c009900ff070000700000001400040073797a6b616c6c6572300000000000000800050006"], 0x60}, 0x1, 0x0, 0x0, 0x81}, 0x24044884)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r7)
r8 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_buf(r8, 0x0, 0x9, &(0x7f0000000280)=""/117, &(0x7f0000000340)=0x75)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
r9 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r9, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8)

12.25062556s ago: executing program 4 (id=1688):
socket$nl_route(0x10, 0x3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.empty_time\x00', 0x275a, 0x0)
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000740)={0x48, 0x2, r1})
sched_setaffinity(0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8c}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
unshare(0x20060400)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$dupfd(r3, 0x406, r3)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x3000003, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000007c0)={0x28, 0x5, r1, 0x0, &(0x7f0000000000/0x800000)=nil, 0x800000, 0x1004000})

12.246992133s ago: executing program 9 (id=1689):
openat$full(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbee3, 0x8031, 0xffffffffffffffff, 0x0)
sched_setscheduler(r0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$VIDIOC_ENCODER_CMD(r3, 0xc028564d, &(0x7f0000000180)={0x0, 0x0, [0x6, 0x3, 0x3fffc000, 0x6, 0x7, 0x7, 0x10, 0x2]})
r4 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0)
linkat(0xffffffffffffff9c, &(0x7f00000006c0)='./file2\x00', 0xffffffffffffff9c, &(0x7f0000000700)='./file7\x00', 0x0)
write$proc_mixer(r4, &(0x7f0000000180)=ANY=[@ANYBLOB='SYNTH \'Mic\' 00000000000000000000\nIGAIN \'Capture Volume\' 00000000000000000000\nVOLUME\nLINE\nMONITOR\nCD \'CD Capture'], 0x86)
r5 = openat$proc_mixer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
dup3(r5, r4, 0x0)

10.55591602s ago: executing program 9 (id=1694):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x48040}, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r5)
socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
r7 = socket(0x400000000010, 0x3, 0x0)
r8 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000022c0)=@newtfilter={0xea4, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r9, {0x5, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0xe70, 0x2, [@TCA_MATCHALL_ACT={0xe6c, 0x2, [@m_pedit={0xe68, 0x1, 0x0, 0x0, {{0xa}, {0xe3c, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe38, 0x4, {{{0xffffffff, 0xdb7, 0x5, 0x7, 0x9}, 0xd, 0xeb, [{0x3, 0xc, 0x88, 0xfffffffa, 0x0, 0x40}]}, [{0x2, 0x8, 0xfff, 0x8, 0x7ff, 0x7}, {0x626, 0x5, 0x5, 0xe38b, 0x54, 0x3bf}, {0x59, 0xffff, 0x4, 0xffffffff, 0x4, 0x9}, {0xb, 0x1355, 0x4, 0x8, 0x51b, 0x806}, {0x4, 0x5, 0xf02, 0xffff, 0xe, 0x94a}, {0x3, 0x6, 0x7, 0x0, 0x8, 0x4}, {0x2f, 0x3, 0xb, 0x0, 0x9, 0xf}, {0x6f4c, 0x80000001, 0x8000a3, 0x200, 0x913, 0x8001}, {0x1f0, 0x10000, 0xfffffff8, 0x0, 0x3, 0x8000}, {0xc, 0x5, 0x8, 0x0, 0x101, 0x4}, {0x200, 0x8, 0xfc3, 0xffffffff, 0xf, 0x1}, {0x2, 0x2, 0x662, 0x7, 0x4}, {0x0, 0x9511, 0xf, 0xfffff001, 0x0, 0x81a}, {0x6, 0x5, 0x7ff, 0x7, 0xffff}, {0x7a, 0x5, 0x800, 0x6, 0x6, 0x1}, {0x600000, 0x9e, 0x8039, 0x102d, 0x90, 0x9}, {0xffd, 0xa7, 0x200, 0x101, 0x3, 0xffffff01}, {0x3, 0x200, 0xffffffff, 0x4, 0x4, 0x500}, {0x7, 0x8, 0x8, 0x7, 0x3, 0x4000}, {0xd831fc23, 0x81, 0x8, 0x6, 0xffff, 0x5b}, {0x1, 0x4, 0x9, 0x9, 0xee, 0xa0e}, {0x9, 0x1, 0x7, 0x1, 0xc, 0xf0}, {0x40, 0x0, 0x0, 0x4, 0x1}, {0x6, 0x7, 0x0, 0x1, 0x7, 0x200}, {0x6, 0x10001, 0x0, 0x8, 0xf31d, 0x95}, {0x2, 0xfffffffe, 0xe, 0x5, 0x7ffb, 0xffffffc3}, {0x3, 0x400, 0x4, 0x3ff, 0x0, 0x61b9f92}, {0x1, 0x349, 0x7f, 0x6, 0x1, 0x7fff}, {0x188, 0x2, 0x418b3d83, 0xc, 0x3, 0x8}, {0x1ff, 0x8, 0x8, 0x7, 0x1000, 0x4}, {0x7f33eafe, 0xffffffff, 0xb, 0x2, 0x7, 0x8}, {0x1, 0x7f, 0x7, 0x9, 0x3, 0x6}, {0x80f469, 0x2, 0x401, 0x4, 0x8, 0x4}, {0x5, 0x2, 0x6, 0x1, 0x401, 0x2}, {0x0, 0x7fffffff, 0x4, 0x4, 0x6, 0x8515}, {0x5, 0x7, 0x8001, 0x76, 0x8000, 0xffffffff}, {0xc0f, 0x6, 0x1, 0x4, 0x200, 0xa7a2ee47}, {0x8, 0x2, 0x4e, 0xff, 0x7, 0x6}, {0x6, 0x2a, 0x63a8, 0x4, 0x288a6aae, 0x1}, {0xc52, 0x0, 0xfff, 0xe3c, 0x8, 0x10}, {0x80, 0xb, 0x8, 0x1, 0xa, 0x1}, {0x7, 0x9, 0x5, 0x4, 0x9, 0x80000001}, {0x5, 0x5, 0xffff, 0x3, 0x96e, 0x800}, {0x3, 0xa, 0x6, 0xffff1836, 0x9, 0x7f}, {0xd4, 0x100, 0x1, 0x2, 0x9, 0x9}, {0xcf680000, 0x3b9e, 0x28b7, 0x1, 0x4, 0x5}, {0xf8cd, 0x5, 0x900, 0xffffffeb, 0x1, 0x7}, {0x9, 0x24fd, 0x7, 0x80, 0x237e078f, 0x80}, {0x6, 0x55, 0x7, 0x101, 0xfffffffb, 0x1}, {0x8, 0x7, 0x80000008, 0xf9, 0x877, 0x7c}, {0xd732, 0x6, 0x2, 0x7, 0x1}, {0x81, 0x8, 0x6, 0xffffffff, 0xa, 0x5}, {0x8, 0xc, 0xeb6, 0x8, 0x80, 0xfffffffe}, {0x5, 0x56b, 0x0, 0x1, 0x9, 0x3}, {0x6, 0x8, 0x6, 0x9, 0xfffffff8, 0x3}, {0x6, 0xa5cb, 0x100, 0x9, 0x400, 0x7}, {0xfffffffa, 0x4, 0x6, 0x4756, 0x4002b13, 0x80}, {0x4, 0x1c0000, 0x7, 0xe, 0x0, 0x2}, {0x6, 0x1, 0x6, 0x4, 0x202, 0xb}, {0x425, 0x0, 0x3, 0x4f, 0x7, 0x8}, {0x4, 0x8, 0xd9b, 0x4, 0x9, 0x9}, {0xff, 0x8, 0x2, 0x0, 0x930, 0xc3c}, {0x85f, 0x3, 0x0, 0xcd4, 0x7, 0x484}, {0x2, 0x2, 0x0, 0x9, 0x7, 0x40}, {0x400001ff, 0x5, 0x7, 0x6, 0x400, 0x3ff}, {0xa, 0x5, 0x80000001, 0x5, 0x5, 0x7}, {0x2, 0x5, 0x80, 0xfffffffd}, {0xcd, 0xfac, 0xb19d, 0x6, 0x4}, {0xc, 0x3, 0x1, 0x7, 0x7fff, 0x8}, {0x81, 0x10, 0x1, 0x273, 0x1, 0xd}, {0x5c39c017, 0x7f, 0xffff7fff, 0x5, 0x3, 0x5}, {0x2, 0x3, 0x8, 0x81, 0xa, 0x9b7b}, {0x4, 0x39, 0xc, 0xb4c, 0xd, 0x6}, {0x9, 0x303a, 0x6, 0x6, 0x7, 0x6}, {0x2, 0xfffff942, 0x4, 0x4, 0x0, 0x7}, {0x0, 0x10001, 0x0, 0x4, 0x401, 0x3}, {0x65, 0x7, 0x9, 0xff, 0x2, 0x8}, {0xe, 0x200, 0x8, 0x7fff, 0x7, 0x8}, {0xf, 0xfffffffb, 0x8, 0x2, 0x1, 0x7}, {0x3, 0x7, 0x2, 0x1a, 0x3, 0x100}, {0xe, 0x7, 0x6, 0x6c95, 0x10000}, {0x6, 0x5, 0x2, 0x921, 0x8000, 0x20}, {0x795c, 0x494d, 0xfff, 0x80, 0x7fff, 0x3}, {0xbd9, 0x6, 0xb, 0xfffffffc, 0x0, 0x8}, {0x9, 0xfffffff7, 0x2, 0x2, 0xf68, 0x7}, {0x5, 0x4, 0x8, 0x7, 0xf5c, 0x8}, {0x1, 0x0, 0x5419, 0xc, 0x9, 0x7}, {0x3ff, 0x3, 0x1037, 0x5, 0xd, 0x10000}, {0xb, 0x9, 0x101, 0xb99, 0x2e7, 0x8}, {0x3, 0x8001, 0x10001, 0x6, 0x54f7, 0x6}, {0x1, 0x5, 0x8, 0x1, 0x400, 0xd}, {0x8, 0x6, 0xfff, 0xce, 0x1b, 0x8}, {0x8, 0x9, 0x2bd, 0xffff79af, 0x7, 0x3}, {0x7, 0x0, 0x6, 0x1, 0x6, 0x5}, {0x7, 0xe, 0x7, 0xfff, 0x7, 0x2}, {0x0, 0x8, 0x585, 0x4, 0x2}, {0x9, 0x200, 0x1, 0x8702, 0xffff8a6e, 0x9}, {0x200, 0x2, 0x4, 0xc, 0x3, 0x6}, {0xe, 0x6, 0x0, 0x9, 0x8, 0xb5}, {0x100, 0x5, 0x2400000, 0x8, 0x0, 0x8000}, {0x0, 0xfffffff0, 0x101, 0xd786, 0x7}, {0x5, 0x6, 0x5, 0x0, 0x97, 0x10001}, {0x2, 0x45c9, 0x100, 0x5, 0x6, 0x337bc25c}, {0x7f, 0x10, 0x6, 0x834, 0x5, 0x4e8e}, {0x0, 0x4, 0x14, 0x2, 0x2, 0x4}, {0x8001, 0x0, 0x25, 0x869, 0x3, 0x7}, {0xa, 0x9, 0x100, 0x4, 0x7, 0x8000}, {0x8, 0x4, 0x8, 0x8, 0x1, 0x2}, {0x7, 0x1, 0x400, 0x6, 0x5}, {0x6, 0xfffffff7, 0x6, 0xe7, 0x401, 0x610ddc80}, {0x6, 0x1ff, 0x0, 0x0, 0x7f}, {0x6, 0x0, 0x1fbb, 0x5, 0xe53, 0x73}, {0x8, 0x8000, 0x0, 0x10, 0x4e5ae85, 0x1}, {0x5, 0xa8e, 0x2, 0x4, 0x1, 0x8}, {0x5, 0x0, 0x7559, 0x800, 0x7507f659, 0x1000}, {0x4, 0xa3, 0xad4, 0x0, 0x4, 0x9d2}, {0x4, 0x0, 0x17c, 0x3ff, 0xfffffffc, 0xff}, {0xd, 0x81, 0x8, 0x6, 0x0, 0x2}, {0xfffffffa, 0xa, 0xffffff96, 0x5, 0x6, 0xffd9}, {0x7ff, 0x7ff, 0xfffffff8, 0x1, 0x3ff}, {0x0, 0x9, 0x8, 0x2, 0xdec9, 0x5}, {0x9, 0x9, 0x800, 0x8, 0x1, 0x5}, {0x1, 0xfff, 0x10001, 0x6, 0x80, 0x5}, {0xffffffff, 0xd55c, 0x68, 0xfffffffd, 0xa5b7, 0x10001}, {0x9, 0x9, 0x80, 0x6e0, 0x8, 0x389}, {0xa0, 0x3111013c, 0x8, 0x1, 0x80000000, 0x93fb}, {0x1, 0x9, 0x6, 0x5, 0x32, 0x800}, {0x7, 0x76, 0x5, 0x4, 0x101, 0x9}], [{}, {0x5}, {0x3, 0x1}, {0x1}, {0x1, 0x1}, {}, {0x2, 0x1}, {0x2}, {0x0, 0x1}, {0x854056177ef68b07, 0x1}, {0x1}, {0x1}, {0x0, 0x1}, {0x3, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {0x1, 0x6fb9e8e116338fa4}, {0x4, 0x1}, {0x2, 0x1}, {0x0, 0xebb446fe48414d9f}, {}, {0x2, 0x1}, {0x7, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {0x5}, {0x0, 0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x2, 0x1}, {0x4, 0x1}, {0x4}, {0x4}, {0x4, 0x1}, {0x4}, {0x1}, {0x1}, {0x0, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x4}, {0x1}, {0x3, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {}, {0x0, 0x1}, {0x3, 0x1}, {0x1, 0x1}, {0x4}, {0x1}, {0x4, 0x1}, {}, {0x1}, {0x3}, {0x3}, {0x4}, {0x3, 0x1}, {0x3, 0x1}, {0x1}, {0x4, 0x1}, {0x4}, {0x4}, {0x0, 0x1}, {0x2, 0x1}, {}, {0x0, 0x1}, {0x5, 0x1}, {0x1}, {0x0, 0x1}, {0x5}, {0x3, 0x1}, {0x3, 0x1}, {}, {0x3, 0x1}, {}, {0x3}, {0x1, 0x1}, {0x0, 0x1}, {0x2}, {0x4}, {0x4}, {}, {}, {0x7}, {0x2, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {0x4, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {0x5}, {0x3}, {0x4, 0x1}, {0x4, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x0, 0x1}, {0x3}, {0x4}, {0x3, 0x1}, {0x5}, {0x2, 0x1}, {0x5, 0x1}, {0x3}, {0x5}, {0x2}, {}, {0x2, 0x1}, {0x2}, {0x2}, {0x3, 0x1}, {0x1}, {0x1}, {0x4}, {0x0, 0x1}, {0x1}, {0x0, 0x1}, {0x2, 0x1}, {0x2}, {0x3, 0x1}, {0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x5}], 0x1}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}]}, 0xea4}, 0x1, 0x0, 0x0, 0x10}, 0x0)
setsockopt$sock_attach_bpf(r4, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r4, &(0x7f0000000000)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r6, 0x28}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000180)="27030200084014000e00002fb96dffff1144ee163cddcb000000800000827600000000000000", 0x26}, {&(0x7f0000000780)="f058050000007f8f", 0x300}], 0x2}, 0x5)

10.420718318s ago: executing program 6 (id=1695):
timer_create(0x3, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000005580)=""/102392, 0x18ff8)
removexattr(&(0x7f00000002c0)='./cgroup.cpu/cgroup.procs\x00', &(0x7f0000000000)=@known='security.apparmor\x00')
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000811}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@newtaction={0x18, 0x30, 0x871a15abc695fb3d, 0x70bd28, 0x0, {}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r2 = syz_open_dev$video(&(0x7f0000000040), 0x3ff, 0x0)
ioctl$VIDIOC_STREAMOFF(r2, 0x40045613, &(0x7f0000000200)=0x1)
r3 = syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x80)
ioctl$I2C_SMBUS(r3, 0x720, &(0x7f0000000100)={0x1, 0x4, 0x2, &(0x7f0000000080)={0x7, "14a6c62707da239de521fbd83463674d70b41d4008e21000"}})
socket$nl_generic(0x10, 0x3, 0x10)
io_uring_setup(0xfd2, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f00000000c0))
r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(r4, 0x0, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)

9.897207643s ago: executing program 4 (id=1697):
syz_usb_connect$midi(0x5, 0x40, 0x0, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$inet(0x2, 0x1, 0x6)
prctl$PR_SET_SECUREBITS(0x1c, 0x4)
setresuid(0x0, 0xee00, 0xee01)
creat(0x0, 0x70)
acct(&(0x7f0000000040)='./file0\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xd, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x1000000000a)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000025300)=""/102392, 0x18ff8)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
execve(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
socket$inet6(0xa, 0x3, 0x40)
syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/arp\x00')
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, 0x0)
shutdown(0xffffffffffffffff, 0x0)

9.680849161s ago: executing program 2 (id=1698):
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCSETSW2(r3, 0x402c542c, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x13, &(0x7f0000000100)=0x2, 0x4)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff, 0xf, 0x0, @void}, 0x10)
ioctl$TCSETS(r3, 0x5402, &(0x7f0000000140)={0x6, 0x5, 0xfffffffb, 0x3, 0xd, "4e51d01d5236922570b08e53c9119bbedc290f"})
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xf, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0xfffffffd}, 0x50)
r4 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r5, {0x0, 0xc}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
timerfd_settime(0xffffffffffffffff, 0x1, &(0x7f0000000180), 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000780)=@newtfilter={0x884, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0xb, 0xfff3}, {}, {0x7, 0xffff}}, [@filter_kind_options=@f_flow={{0x9}, {0x854, 0x2, [@TCA_FLOW_POLICE={0x848, 0xa, 0x0, 0x1, [@TCA_POLICE_TBF={0x3c, 0x1, {0x5, 0x8, 0x65, 0x2, 0x4d, {0x1, 0x2, 0x2, 0x3, 0x3, 0x4}, {0x5, 0x0, 0x400, 0xab, 0x0, 0x9}, 0x2, 0x6, 0x8000}}, @TCA_POLICE_RATE={0x404, 0x2, [0x7, 0x7fffffff, 0x8, 0x7ff, 0x3, 0x2, 0x1, 0x401, 0xb9, 0xace, 0x0, 0x1, 0x9, 0x43, 0x7, 0x2, 0x0, 0x1ce00000, 0x7, 0x6, 0x103, 0x3, 0x1c000, 0x1ff, 0x2, 0x6, 0x9b16, 0x6, 0x100, 0x15a, 0xe, 0x40, 0x5, 0x4, 0x80000001, 0x4a, 0x1, 0x8, 0x99a9, 0x340d, 0x3, 0x2, 0x7, 0xd, 0x400, 0xfffffffa, 0x6, 0x100, 0x0, 0x5, 0x5, 0x2, 0xffff0001, 0x2, 0xdd1, 0x9, 0xfb, 0x4, 0xf, 0x324, 0x6, 0x3, 0x6, 0xff, 0x8, 0x401, 0x7fffffff, 0x4, 0x5, 0x800, 0x8261, 0x3, 0x6, 0x8, 0x2, 0x9, 0x4, 0x4, 0x6, 0x5, 0xf, 0x9, 0x38c8, 0x80000001, 0x4, 0xa11, 0x6, 0x8, 0x604, 0xfff, 0xab, 0x7, 0x5, 0x8, 0x1, 0x9, 0x401, 0x0, 0x4, 0x1ff, 0x4, 0x17, 0xffffff7f, 0x7c, 0x4, 0x4, 0xa42, 0xfffffff7, 0x4, 0x5b564ea6, 0xaa32, 0x2, 0x2, 0x4000008, 0x1ff, 0x5, 0x3, 0x7, 0x6, 0xfffff000, 0x12aeb60c, 0x4, 0xbb6, 0x1, 0x3, 0x5, 0x2, 0x3, 0x85, 0x10, 0x1, 0x5, 0x1, 0x10004, 0xb, 0xf65, 0x1d7, 0x9, 0x100, 0x0, 0x0, 0xc2, 0x1, 0x3, 0xffffffff, 0x1ff, 0x1, 0x30bb, 0x7, 0x40, 0xfffffff8, 0x5, 0x2, 0x1, 0x8, 0x8000, 0x5, 0x4, 0x31e, 0xffff8001, 0x6, 0xff, 0xa, 0x1ff, 0x9, 0x7, 0x7, 0x2, 0x412, 0x6, 0xf441, 0x6, 0x1, 0x7, 0x89, 0x3, 0x5, 0x0, 0x9, 0x7, 0x1, 0x4, 0x0, 0x4, 0x4, 0x200, 0x1, 0x720a, 0xff7f, 0xfff, 0x9, 0x7fff, 0x8, 0x3ac8efcb, 0x8, 0xf2c, 0x7, 0x80000000, 0x12, 0xfffff802, 0x2e4, 0x7, 0xfffffff9, 0x400, 0x4, 0x30, 0x10000, 0xfd, 0x4, 0x1, 0x5, 0x7, 0x0, 0x7, 0x47, 0x0, 0x0, 0x1, 0x7, 0x0, 0x8, 0x3, 0x6, 0x0, 0x10001, 0x0, 0xe9, 0x5, 0x1, 0x4, 0xaacc, 0x6f, 0x7fffffff, 0x5, 0x6, 0x2, 0xffff, 0x4, 0x10000, 0x9, 0xe, 0x45e8, 0x9, 0xfffffff8, 0x6, 0x100, 0x5, 0xe, 0x73d, 0x31, 0x3, 0x0, 0x2, 0x3, 0xb70, 0x3]}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0xfffffff7, 0x5, 0x7, 0x4, 0x2, 0x6, 0x1, 0xfb0, 0x8, 0x3, 0x5, 0x3, 0x0, 0x4, 0x9a, 0x9, 0x7, 0xfff, 0x7, 0x40, 0x5, 0x7fff, 0x6c, 0x3, 0x5, 0x7ff, 0x4, 0x2, 0x7, 0x2, 0x83d, 0x2, 0x3b, 0x4, 0x0, 0x4, 0x9, 0xc, 0x1cabbb02, 0x4, 0x4, 0x2, 0x8001, 0x7fff, 0x80000000, 0x10000, 0xffff8906, 0x7fffffff, 0x0, 0x0, 0x9, 0xc0000000, 0x2, 0x6, 0x83, 0x3, 0x10000, 0x3, 0x1, 0x6, 0x0, 0x1, 0x100, 0xcc2, 0x3800, 0x6, 0x18, 0x0, 0xfffffe00, 0x3, 0x6, 0x4, 0x3, 0x7, 0x1, 0xfffffffc, 0x8e4, 0xf5c1, 0x1, 0x5077, 0x3, 0x5, 0x7fff, 0x2, 0x4, 0x2, 0x3, 0x401, 0x6, 0x40, 0x7, 0x95, 0x5, 0x200, 0x1, 0x2, 0x7ff, 0x4, 0x8, 0xb, 0x6, 0x2, 0x0, 0xd266, 0x4, 0x0, 0x10001, 0x2, 0x101, 0x401, 0x200, 0x6, 0x1, 0x4a, 0x8, 0x2, 0xfffffffe, 0x14e, 0x4, 0x3, 0x1, 0x2, 0x94e6, 0xfffffbff, 0x5, 0x2, 0xfffd, 0xc, 0x4, 0x2, 0x40800000, 0x1f, 0x4, 0xffffffff, 0x800, 0x401, 0x3ff, 0x7ff, 0x101, 0x10, 0x5, 0x374, 0xc2f, 0x3, 0xffffff81, 0xfffffff7, 0x6, 0x8000, 0x8, 0x1, 0x1, 0x200, 0xcae, 0xc64, 0xffff, 0x7fff, 0x1, 0x8, 0x3c0, 0x9, 0x0, 0x6d3, 0xfffffff3, 0x9, 0x476b3752, 0xff, 0x0, 0x9, 0x7ff, 0x4, 0x3, 0x4, 0x7, 0x7249, 0x7, 0xffff8001, 0x95f, 0x8, 0x0, 0x1000, 0x800, 0x0, 0xfff, 0xf2, 0x0, 0x3, 0xffff, 0x0, 0x0, 0x8000, 0x9, 0x4, 0xcc6, 0xffe01000, 0x22, 0xd56, 0xfffffff0, 0x3bb8, 0x10, 0x140, 0x81, 0x9, 0x40, 0x2, 0x2, 0x4, 0x3, 0x0, 0x3, 0xf, 0x0, 0xc527, 0x9, 0x8, 0x1, 0xffff86fd, 0x7, 0x2, 0x8, 0x3, 0x9, 0x5, 0x0, 0x4, 0xc12, 0x7f, 0x0, 0x0, 0x80000000, 0x6f3, 0x7, 0x9, 0x7, 0x9, 0x4, 0x2, 0xc9, 0xaf8, 0x3, 0x80000000, 0xad8c, 0x4, 0x2, 0xea9, 0x9a1, 0x5, 0x1, 0x4, 0x8, 0x5, 0x10000, 0x3, 0x7fb, 0xdbbb, 0x4, 0x2]}]}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1}]}}]}, 0x884}, 0x1, 0x0, 0x0, 0x20041090}, 0xd0)

8.269112812s ago: executing program 6 (id=1701):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r1, &(0x7f0000000240)={0x2, 0x4e20, @loopback}, 0x10)
bind$inet(r1, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000000)={0x3, [0x0, 0x0, <r2=>0x0]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r1, 0x84, 0x5, &(0x7f00000004c0)={r2, @in={{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x42}}}}, 0x84)
sendmsg$xdp(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4090}, 0x0)
sendmsg$alg(r1, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
writev(r3, &(0x7f00000005c0)=[{&(0x7f00000000c0)="052f", 0x2}], 0x1)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r3, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x6c, r5, 0x1, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e26, 0x44, @loopback={0x5f0000000000002d, 0x2e}, 0x7f2a}}, {0x20, 0x2, @in6={0xa, 0x4e21, 0xfffffff9, @mcast2, 0x5}}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x40}, 0x0)
getsockopt(0xffffffffffffffff, 0x200000000114, 0x271e, 0x0, &(0x7f0000000040))
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_SPLIT(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x40080b1}, 0x80010)

8.236736925s ago: executing program 9 (id=1702):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r2, 0x0, 0x0)
rmdir(0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002abd7000fddbdf250700000008000300", @ANYRES32=r6, @ANYBLOB="0c009900ff070000700000001400040073797a6b616c6c6572300000000000000800050006"], 0x60}, 0x1, 0x0, 0x0, 0x81}, 0x24044884)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r7)
r8 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_buf(r8, 0x0, 0x9, &(0x7f0000000280)=""/117, &(0x7f0000000340)=0x75)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
r9 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r9, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8)

6.782705371s ago: executing program 2 (id=1704):
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000006fc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)}}, {{&(0x7f00000002c0)=@abs, 0x6e, &(0x7f0000001040)=[{&(0x7f0000000340)=""/36, 0x24}, {&(0x7f0000000440)=""/18, 0x12}, {&(0x7f0000000480)=""/64, 0x40}, {&(0x7f00000004c0)=""/47, 0x2f}, {&(0x7f0000000500)=""/95, 0x5f}, {&(0x7f0000000580)=""/199, 0xc7}, {&(0x7f0000000680)=""/201, 0xc9}, {&(0x7f0000000780)=""/114, 0x72}, {&(0x7f0000000f40)=""/208, 0xd0}], 0x9, &(0x7f0000000f00)=[@cred={{0x1c}}, @cred={{0x1c}}], 0x40}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000d00)}}, {{0x0, 0x0, &(0x7f0000004740)=[{&(0x7f0000001580)=""/4096, 0x1000}, {0x0}, {&(0x7f0000002600)=""/4096, 0x1000}, {0x0}, {&(0x7f0000004600)=""/37, 0x25}, {&(0x7f0000004680)=""/19, 0x13}, {&(0x7f00000046c0)=""/98, 0x62}], 0x7}}, {{0x0, 0x0, &(0x7f0000004a00)=[{&(0x7f0000004900)=""/113, 0x71}, {&(0x7f0000004980)=""/27, 0x1b}], 0x2, &(0x7f0000004a40)=[@rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x88}}], 0x5, 0x40, &(0x7f00000071c0))
fcntl$lock(0xffffffffffffffff, 0x410, 0x0)
syz_usb_connect(0x2, 0x9a2, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x40}}, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x240, 0x0)
ioctl$TCFLSH(r0, 0x400455c8, 0x4)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$TIOCL_PASTESEL(0xffffffffffffffff, 0x541c, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
syz_open_dev$video4linux(0x0, 0x4, 0x40000)
openat$ttyprintk(0xffffff9c, &(0x7f0000000040), 0x20000, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_linger(r3, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @local, 0x2}, 0x1c)
sendmmsg$inet6(r3, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000440)=@pppol2tp={0x18, 0x1, {0x0, r2, {0x2, 0x1, @remote}, 0xa, 0x0, 0x3}}, 0x26)

6.717269321s ago: executing program 8 (id=1705):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0000}]})
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x1001, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000080), 0x84400, 0x0)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x129240, 0x0)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f00000000c0)={0xc})
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f00000000c0)={0xc})
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000600)={0xc})
close_range(r0, 0xffffffffffffffff, 0x0)

5.691995015s ago: executing program 3 (id=1706):
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000140)={0xc, 0x0, <r0=>0x0})
r1 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x1, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdir(&(0x7f00000000c0)='./file0\x00', 0x143)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@block_validity}, {}, {@nombcache}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x3}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@norecovery}]}, 0x3, 0x58d, &(0x7f0000001140)="$eJzs3UtrG9ceAPD/yFbe98aBEO7tohiyaEoaObb7SKHQdFna0EC7T4WsmGA5CpYcYteQZNFsuimhUEoDpR+g+y5Dv0A/RaANhBJMS+lGZeSRrcSS/IgSudXvB2OdMw+fOXPmHP1nRkIBDK3x9E8u4v8R8WUScbRt2WhkC8fX1lt9vFJaPbhSSqLR+Pi3JJJsXmv9JHs9nGX+FxE/fR5xOre53NrS8lyxUikvZPmJ+vy1idrS8pkr88XZ8mz56tT09Lk3pqfefuvNvtX11Yt/fPPR/ffPfXFy9esfHh67m8T5OJIta6/HM7jVnhmP8eyY5OP8UytO9qGwvSQZ9A6wKyNZP89HOgYcjZGs1wP/fjcjogEMqUT/hyHVigOa1/bZNNiI5MV69N7aBdDm+o+u3RuJA81ro0OryRNXRun17lgfyk/L+PHXe3fTKba4D3GzD+UBtNy6HRFnR0c3j39JNv7t3tnmzePeni5j2N5/YJDup/HPa53in9x6/BMd4p/DHfrubmzd/3MP+1BMV2n8907H+Hd96BobyXL/acZ8+eTylUr5bET8NyJORX5/mu/1POfc6oNGt2Xt8V86peW3YsFsPx6O7n9ym5livfgsdW736HbESxvxbxKPV0r55pJkvf2TDu2fHo+L2yzjRPney92WbV3/dv2PgBvfR7zSsf03nmglvZ9PTjTPh4nWWbHZ73dO/Nxpfm7H9e+/tP0P9a7/WNL+vLa28zK+O/BXuduy3Z7/+5JPmul9sXb9dqNYry9MRuxLPtyYH9n8qY1tW/nW+mn9T53sPf51Ov8PRsSn26z/neN3uq46nj2Di+w4DKL9Z3bU/jtPPPjgs2+7ld+z/Vu3J/a/3nw5lW2znfFvuzv4bEcPAAAAAAAA9pZcRByJJFdYT+dyhcLa5zuOx6FcpVqrn75cXbw6E83vyo5FPtd60n207fMQk9nnYVv5qafy0xFxLCK+GjnYzBdK1crMoCsPAAAAAAAAAAAAAAAAAAAAe8ThLt//T/0yMui9A547P/kNw2vL/t+PX3oC9iTv/zC89H8YXvo/DC/9H4aX/g/DS/+H4aX/w/DS/wEAAAAAAAAAAAAAAAAAAAAAAAAAAKCvLl64kE6N1ccrpTQ/c31pca56/cxMuTZXmF8sFUrVhWuF2Wp1tlIulKrzW/2/SrV6bXIqFm9M1Mu1+kRtafnSfHXxav3Sn/PF2fKlcv6F1AoAAAAAAAAAAAAAAAAAAAD+WWpLy3PFSiUWskRZYlPi3dgTu7HrRBJbVnDNrooYHXwFJXomGo1GY+dbbWv4OPBcBycAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyPwdAAD//9HCMNU=")
setxattr$security_ima(&(0x7f0000000000)='./file1\x00', &(0x7f0000000200), 0x0, 0x7fb, 0x1)
renameat2(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x2)
openat$cgroup_subtree(r2, &(0x7f0000000000), 0x2, 0x0)
ioctl$IOMMU_VFIO_IOAS$SET(0xffffffffffffffff, 0x3b88, &(0x7f0000000200)={0xc, r0})
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f00000001c0)={0x0, "0092938eda08a5513db99d08fdae429e4ae4c5bac9dd8259be4ee64b32c65e0a"})

5.612703519s ago: executing program 6 (id=1707):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x275a, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
pwritev(r2, &(0x7f0000000100)=[{&(0x7f0000000040)="8e", 0x1}], 0x1, 0x4008001, 0x80)
close(r2)
socket$kcm(0x29, 0x2, 0x0)
sendfile(r2, r1, 0x0, 0xf03a0005)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0)
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, 0x0, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r4, &(0x7f0000001140)={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
socket$inet6_udp(0xa, 0x2, 0x0)
readv(0xffffffffffffffff, &(0x7f0000001240)=[{&(0x7f0000000040)=""/4090, 0xffa}, {&(0x7f0000001080)=""/182, 0xb6}, {&(0x7f0000001340)=""/224, 0xe0}], 0x3)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x24044044, &(0x7f0000000540)={0xa, 0x4e22, 0x0, @mcast2, 0x4}, 0x1c)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$bt_l2cap_L2CAP_OPTIONS(r2, 0x6, 0x1, &(0x7f0000001280)={0x0, 0x7f, 0x2, 0x8, 0xe, 0x1, 0x7fff}, 0xc)
setsockopt$sock_int(r5, 0x1, 0x1, &(0x7f0000001180)=0x4, 0x4)
setsockopt(r5, 0x84, 0x7f, &(0x7f0000000040)="020000000980ffff", 0x8)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)

5.582711695s ago: executing program 8 (id=1708):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0000}]})
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x1001, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x129240, 0x0)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f00000000c0)={0xc})
close_range(r0, 0xffffffffffffffff, 0x0)

5.392463818s ago: executing program 9 (id=1709):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], 0x0, 0x2, 0x0, 0x0, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r3, 0x84, 0x66, &(0x7f0000000ac0)={0x0, 0xd0}, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10)
setsockopt$SO_BINDTODEVICE_wg(r4, 0x1, 0x19, 0x0, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS2(0xffffffffffffffff, 0xf, &(0x7f00000004c0)={0x300, 0x0, 0x0, &(0x7f0000000480)=[{0x0}], 0xffffffffffffffff}, 0x20)
sendto$inet(r4, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0)
syz_emit_ethernet(0x146, &(0x7f00000003c0)={@link_local, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "0300", 0x110, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, [{0x0, 0x9, "a78ce54006598080a8030003004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b"}, {}, {}, {0x19, 0x5, "b8a3e10000a3e1030000000900fec0ffff00000000600000ff0bc0fe000000000000000000000000d9a0"}, {0x19, 0x10, "3f14f0e74d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e2eeb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d"}]}}}}}}, 0x0)

5.386586294s ago: executing program 4 (id=1710):
openat$vmci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
syz_ublk_add_dev(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi4\x00', 0x109000, 0x0)
fcntl$notify(0xffffffffffffffff, 0x402, 0x30)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000000600)=""/102400, 0x19000)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000200)=[@in={0x2, 0x4e21, @local}], 0x10)
sendmsg$inet_sctp(r1, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x1)
r2 = dup(r1)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f00000013c0)={0x0, 0x1}, 0x8)
write$cgroup_subtree(r2, &(0x7f00000005c0)=ANY=[], 0x32600)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x1, 0x0, 0x111, 0x5}}, 0xffcc)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newtaction={0x18, 0x30, 0x871a15abc695fa3d, 0x70bd27, 0x0, {}, [{0x4}]}, 0x18}}, 0x0)
r4 = socket(0x2b, 0x3, 0x0)
sendto$inet6(r4, 0x0, 0x0, 0x44004, &(0x7f0000000040)={0xa, 0x4e24, 0x7, @loopback, 0xc5f}, 0x1c)

4.186010614s ago: executing program 3 (id=1711):
socket$nl_route(0x10, 0x3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.empty_time\x00', 0x275a, 0x0)
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000740)={0x48, 0x2, r1})
sched_setaffinity(0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8c}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
unshare(0x20060400)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$dupfd(r3, 0x406, r3)
setsockopt$inet6_buf(r3, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f", 0xe)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x3000003, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0)

3.64973747s ago: executing program 9 (id=1712):
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00'})
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x9, 0x80000100008b}, 0x0)
fanotify_init(0xf00, 0x2)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000140)=0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
syz_open_dev$sndpcmc(0x0, 0x0, 0x8000)
r1 = syz_open_dev$MSR(&(0x7f0000000180), 0x29, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=@bridge_delneigh={0x1c, 0x1e, 0x1, 0x0, 0x4, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa}}, 0x1c}}, 0x20000080)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GET_LEASE(r2, 0xc01064c8, &(0x7f0000000280)={0x0, 0x0, 0x0})
socket$netlink(0x10, 0x3, 0x6)
syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000000)=@mgmt_frame=@beacon={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x6, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x24}]}, @void, @void, @val={0x6, 0x2, 0x5}, @void, @void, @void, @void, @void, @void, @void, @void}, 0x38)

3.623345642s ago: executing program 8 (id=1713):
socket$nl_route(0x10, 0x3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.empty_time\x00', 0x275a, 0x0)
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000740)={0x48, 0x2, r1})
sched_setaffinity(0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8c}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
unshare(0x20060400)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$dupfd(r3, 0x406, r3)
setsockopt$inet6_buf(r3, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f", 0xe)
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000007c0)={0x28, 0x5, r1, 0x0, &(0x7f0000000000/0x800000)=nil, 0x800000, 0x1004000})

3.159990363s ago: executing program 2 (id=1714):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x48040}, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r5)
socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
r7 = socket(0x400000000010, 0x3, 0x0)
r8 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000022c0)=@newtfilter={0xea4, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r9, {0x5, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0xe70, 0x2, [@TCA_MATCHALL_ACT={0xe6c, 0x2, [@m_pedit={0xe68, 0x1, 0x0, 0x0, {{0xa}, {0xe3c, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe38, 0x4, {{{0xffffffff, 0xdb7, 0x5, 0x7, 0x9}, 0xd, 0xeb, [{0x3, 0xc, 0x88, 0xfffffffa, 0x0, 0x40}]}, [{0x2, 0x8, 0xfff, 0x8, 0x7ff, 0x7}, {0x626, 0x5, 0x5, 0xe38b, 0x54, 0x3bf}, {0x59, 0xffff, 0x4, 0xffffffff, 0x4, 0x9}, {0xb, 0x1355, 0x4, 0x8, 0x51b, 0x806}, {0x4, 0x5, 0xf02, 0xffff, 0xe, 0x94a}, {0x3, 0x6, 0x7, 0x0, 0x8, 0x4}, {0x2f, 0x3, 0xb, 0x0, 0x9, 0xf}, {0x6f4c, 0x80000001, 0x8000a3, 0x200, 0x913, 0x8001}, {0x1f0, 0x10000, 0xfffffff8, 0x0, 0x3, 0x8000}, {0xc, 0x5, 0x8, 0x0, 0x101, 0x4}, {0x200, 0x8, 0xfc3, 0xffffffff, 0xf, 0x1}, {0x2, 0x2, 0x662, 0x7, 0x4}, {0x0, 0x9511, 0xf, 0xfffff001, 0x0, 0x81a}, {0x6, 0x5, 0x7ff, 0x7, 0xffff}, {0x7a, 0x5, 0x800, 0x6, 0x6, 0x1}, {0x600000, 0x9e, 0x8039, 0x102d, 0x90, 0x9}, {0xffd, 0xa7, 0x200, 0x101, 0x3, 0xffffff01}, {0x3, 0x200, 0xffffffff, 0x4, 0x4, 0x500}, {0x7, 0x8, 0x8, 0x7, 0x3, 0x4000}, {0xd831fc23, 0x81, 0x8, 0x6, 0xffff, 0x5b}, {0x1, 0x4, 0x9, 0x9, 0xee, 0xa0e}, {0x9, 0x1, 0x7, 0x1, 0xc, 0xf0}, {0x40, 0x0, 0x0, 0x4, 0x1}, {0x6, 0x7, 0x0, 0x1, 0x7, 0x200}, {0x6, 0x10001, 0x0, 0x8, 0xf31d, 0x95}, {0x2, 0xfffffffe, 0xe, 0x5, 0x7ffb, 0xffffffc3}, {0x3, 0x400, 0x4, 0x3ff, 0x0, 0x61b9f92}, {0x1, 0x349, 0x7f, 0x6, 0x1, 0x7fff}, {0x188, 0x2, 0x418b3d83, 0xc, 0x3, 0x8}, {0x1ff, 0x8, 0x8, 0x7, 0x1000, 0x4}, {0x7f33eafe, 0xffffffff, 0xb, 0x2, 0x7, 0x8}, {0x1, 0x7f, 0x7, 0x9, 0x3, 0x6}, {0x80f469, 0x2, 0x401, 0x4, 0x8, 0x4}, {0x5, 0x2, 0x6, 0x1, 0x401, 0x2}, {0x0, 0x7fffffff, 0x4, 0x4, 0x6, 0x8515}, {0x5, 0x7, 0x8001, 0x76, 0x8000, 0xffffffff}, {0xc0f, 0x6, 0x1, 0x4, 0x200, 0xa7a2ee47}, {0x8, 0x2, 0x4e, 0xff, 0x7, 0x6}, {0x6, 0x2a, 0x63a8, 0x4, 0x288a6aae, 0x1}, {0xc52, 0x0, 0xfff, 0xe3c, 0x8, 0x10}, {0x80, 0xb, 0x8, 0x1, 0xa, 0x1}, {0x7, 0x9, 0x5, 0x4, 0x9, 0x80000001}, {0x5, 0x5, 0xffff, 0x3, 0x96e, 0x800}, {0x3, 0xa, 0x6, 0xffff1836, 0x9, 0x7f}, {0xd4, 0x100, 0x1, 0x2, 0x9, 0x9}, {0xcf680000, 0x3b9e, 0x28b7, 0x1, 0x4, 0x5}, {0xf8cd, 0x5, 0x900, 0xffffffeb, 0x1, 0x7}, {0x9, 0x24fd, 0x7, 0x80, 0x237e078f, 0x80}, {0x6, 0x55, 0x7, 0x101, 0xfffffffb, 0x1}, {0x8, 0x7, 0x80000008, 0xf9, 0x877, 0x7c}, {0xd732, 0x6, 0x2, 0x7, 0x1}, {0x81, 0x8, 0x6, 0xffffffff, 0xa, 0x5}, {0x8, 0xc, 0xeb6, 0x8, 0x80, 0xfffffffe}, {0x5, 0x56b, 0x0, 0x1, 0x9, 0x3}, {0x6, 0x8, 0x6, 0x9, 0xfffffff8, 0x3}, {0x6, 0xa5cb, 0x100, 0x9, 0x400, 0x7}, {0xfffffffa, 0x4, 0x6, 0x4756, 0x4002b13, 0x80}, {0x4, 0x1c0000, 0x7, 0xe, 0x0, 0x2}, {0x6, 0x1, 0x6, 0x4, 0x202, 0xb}, {0x425, 0x0, 0x3, 0x4f, 0x7, 0x8}, {0x4, 0x8, 0xd9b, 0x4, 0x9, 0x9}, {0xff, 0x8, 0x2, 0x0, 0x930, 0xc3c}, {0x85f, 0x3, 0x0, 0xcd4, 0x7, 0x484}, {0x2, 0x2, 0x0, 0x9, 0x7, 0x40}, {0x400001ff, 0x5, 0x7, 0x6, 0x400, 0x3ff}, {0xa, 0x5, 0x80000001, 0x5, 0x5, 0x7}, {0x2, 0x5, 0x80, 0xfffffffd}, {0xcd, 0xfac, 0xb19d, 0x6, 0x4}, {0xc, 0x3, 0x1, 0x7, 0x7fff, 0x8}, {0x81, 0x10, 0x1, 0x273, 0x1, 0xd}, {0x5c39c017, 0x7f, 0xffff7fff, 0x5, 0x3, 0x5}, {0x2, 0x3, 0x8, 0x81, 0xa, 0x9b7b}, {0x4, 0x39, 0xc, 0xb4c, 0xd, 0x6}, {0x9, 0x303a, 0x6, 0x6, 0x7, 0x6}, {0x2, 0xfffff942, 0x4, 0x4, 0x0, 0x7}, {0x0, 0x10001, 0x0, 0x4, 0x401, 0x3}, {0x65, 0x7, 0x9, 0xff, 0x2, 0x8}, {0xe, 0x200, 0x8, 0x7fff, 0x7, 0x8}, {0xf, 0xfffffffb, 0x8, 0x2, 0x1, 0x7}, {0x3, 0x7, 0x2, 0x1a, 0x3, 0x100}, {0xe, 0x7, 0x6, 0x6c95, 0x10000}, {0x6, 0x5, 0x2, 0x921, 0x8000, 0x20}, {0x795c, 0x494d, 0xfff, 0x80, 0x7fff, 0x3}, {0xbd9, 0x6, 0xb, 0xfffffffc, 0x0, 0x8}, {0x9, 0xfffffff7, 0x2, 0x2, 0xf68, 0x7}, {0x5, 0x4, 0x8, 0x7, 0xf5c, 0x8}, {0x1, 0x0, 0x5419, 0xc, 0x9, 0x7}, {0x3ff, 0x3, 0x1037, 0x5, 0xd, 0x10000}, {0xb, 0x9, 0x101, 0xb99, 0x2e7, 0x8}, {0x3, 0x8001, 0x10001, 0x6, 0x54f7, 0x6}, {0x1, 0x5, 0x8, 0x1, 0x400, 0xd}, {0x8, 0x6, 0xfff, 0xce, 0x1b, 0x8}, {0x8, 0x9, 0x2bd, 0xffff79af, 0x7, 0x3}, {0x7, 0x0, 0x6, 0x1, 0x6, 0x5}, {0x7, 0xe, 0x7, 0xfff, 0x7, 0x2}, {0x0, 0x8, 0x585, 0x4, 0x2}, {0x9, 0x200, 0x1, 0x8702, 0xffff8a6e, 0x9}, {0x200, 0x2, 0x4, 0xc, 0x3, 0x6}, {0xe, 0x6, 0x0, 0x9, 0x8, 0xb5}, {0x100, 0x5, 0x2400000, 0x8, 0x0, 0x8000}, {0x0, 0xfffffff0, 0x101, 0xd786, 0x7}, {0x5, 0x6, 0x5, 0x0, 0x97, 0x10001}, {0x2, 0x45c9, 0x100, 0x5, 0x6, 0x337bc25c}, {0x7f, 0x10, 0x6, 0x834, 0x5, 0x4e8e}, {0x0, 0x4, 0x14, 0x2, 0x2, 0x4}, {0x8001, 0x0, 0x25, 0x869, 0x3, 0x7}, {0xa, 0x9, 0x100, 0x4, 0x7, 0x8000}, {0x8, 0x4, 0x8, 0x8, 0x1, 0x2}, {0x7, 0x1, 0x400, 0x6, 0x5}, {0x6, 0xfffffff7, 0x6, 0xe7, 0x401, 0x610ddc80}, {0x6, 0x1ff, 0x0, 0x0, 0x7f}, {0x6, 0x0, 0x1fbb, 0x5, 0xe53, 0x73}, {0x8, 0x8000, 0x0, 0x10, 0x4e5ae85, 0x1}, {0x5, 0xa8e, 0x2, 0x4, 0x1, 0x8}, {0x5, 0x0, 0x7559, 0x800, 0x7507f659, 0x1000}, {0x4, 0xa3, 0xad4, 0x0, 0x4, 0x9d2}, {0x4, 0x0, 0x17c, 0x3ff, 0xfffffffc, 0xff}, {0xd, 0x81, 0x8, 0x6, 0x0, 0x2}, {0xfffffffa, 0xa, 0xffffff96, 0x5, 0x6, 0xffd9}, {0x7ff, 0x7ff, 0xfffffff8, 0x1, 0x3ff}, {0x0, 0x9, 0x8, 0x2, 0xdec9, 0x5}, {0x9, 0x9, 0x800, 0x8, 0x1, 0x5}, {0x1, 0xfff, 0x10001, 0x6, 0x80, 0x5}, {0xffffffff, 0xd55c, 0x68, 0xfffffffd, 0xa5b7, 0x10001}, {0x9, 0x9, 0x80, 0x6e0, 0x8, 0x389}, {0xa0, 0x3111013c, 0x8, 0x1, 0x80000000, 0x93fb}, {0x1, 0x9, 0x6, 0x5, 0x32, 0x800}, {0x7, 0x76, 0x5, 0x4, 0x101, 0x9}], [{}, {0x5}, {0x3, 0x1}, {0x1}, {0x1, 0x1}, {}, {0x2, 0x1}, {0x2}, {0x0, 0x1}, {0x854056177ef68b07, 0x1}, {0x1}, {0x1}, {0x0, 0x1}, {0x3, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {0x1, 0x6fb9e8e116338fa4}, {0x4, 0x1}, {0x2, 0x1}, {0x0, 0xebb446fe48414d9f}, {}, {0x2, 0x1}, {0x7, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {0x5}, {0x0, 0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x2, 0x1}, {0x4, 0x1}, {0x4}, {0x4}, {0x4, 0x1}, {0x4}, {0x1}, {0x1}, {0x0, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x4}, {0x1}, {0x3, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {}, {0x0, 0x1}, {0x3, 0x1}, {0x1, 0x1}, {0x4}, {0x1}, {0x4, 0x1}, {}, {0x1}, {0x3}, {0x3}, {0x4}, {0x3, 0x1}, {0x3, 0x1}, {0x1}, {0x4, 0x1}, {0x4}, {0x4}, {0x0, 0x1}, {0x2, 0x1}, {}, {0x0, 0x1}, {0x5, 0x1}, {0x1}, {0x0, 0x1}, {0x5}, {0x3, 0x1}, {0x3, 0x1}, {}, {0x3, 0x1}, {}, {0x3}, {0x1, 0x1}, {0x0, 0x1}, {0x2}, {0x4}, {0x4}, {}, {}, {0x7}, {0x2, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {0x4, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {0x5}, {0x3}, {0x4, 0x1}, {0x4, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x0, 0x1}, {0x3}, {0x4}, {0x3, 0x1}, {0x5}, {0x2, 0x1}, {0x5, 0x1}, {0x3}, {0x5}, {0x2}, {}, {0x2, 0x1}, {0x2}, {0x2}, {0x3, 0x1}, {0x1}, {0x1}, {0x4}, {0x0, 0x1}, {0x1}, {0x0, 0x1}, {0x2, 0x1}, {0x2}, {0x3, 0x1}, {0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x5}], 0x1}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}]}, 0xea4}, 0x1, 0x0, 0x0, 0x10}, 0x0)
setsockopt$sock_attach_bpf(r4, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r4, &(0x7f0000000000)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r6, 0x28}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000180)="27030200084014000e00002fb96dffff1144ee163cddcb000000800000827600000000000000", 0x26}, {&(0x7f0000000780)="f058050000007f8f", 0x300}], 0x2}, 0x5)

3.060981911s ago: executing program 4 (id=1715):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x7, 0x7ff}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$packet(0x11, 0x3, 0x300)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000240)='tasks\x00', 0x2, 0x0)
ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r3, 0x80089419, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'veth0\x00', <r4=>0x0})
setsockopt$packet_int(r2, 0x107, 0x7, &(0x7f0000000180)=0x19ca, 0x4)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x11)
ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000100)={{0x100, 0xec1, 0x0, 0x1}, 'syz1\x00', 0x1a})
ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501)
setsockopt$packet_int(r2, 0x107, 0xf, 0x0, 0x0)
sendto$packet(r2, &(0x7f00000000c0)="3f03fe7f0302140006001e0089e9aaa911d7", 0x12, 0x0, &(0x7f0000000540)={0xc9, 0x0, r4, 0x1, 0x0, 0x6, @multicast}, 0x14)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x28, r5, 0x1, 0x70bd29, 0x0, {{0x2}, {@val={0x8}, @val={0xc, 0x99, {0x41, 0x60}}}}, [@chandef_params]}, 0x28}}, 0x0)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={0x0}, 0x1, 0x0, 0x0, 0x40080}, 0x48000)

3.052573365s ago: executing program 3 (id=1716):
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCSETSW2(r3, 0x402c542c, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x13, &(0x7f0000000100)=0x2, 0x4)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff, 0xf, 0x0, @void}, 0x10)
ioctl$TCSETS(r3, 0x5402, &(0x7f0000000140)={0x6, 0x5, 0xfffffffb, 0x3, 0xd, "4e51d01d5236922570b08e53c9119bbedc290f"})
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xf, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0xfffffffd}, 0x50)
r4 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r5, {0x0, 0xc}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
timerfd_settime(0xffffffffffffffff, 0x1, &(0x7f0000000180), 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000780)=@newtfilter={0x884, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0xb, 0xfff3}, {}, {0x7, 0xffff}}, [@filter_kind_options=@f_flow={{0x9}, {0x854, 0x2, [@TCA_FLOW_POLICE={0x848, 0xa, 0x0, 0x1, [@TCA_POLICE_TBF={0x3c, 0x1, {0x5, 0x8, 0x65, 0x2, 0x4d, {0x1, 0x2, 0x2, 0x3, 0x3, 0x4}, {0x5, 0x0, 0x400, 0xab, 0x0, 0x9}, 0x2, 0x6, 0x8000}}, @TCA_POLICE_RATE={0x404, 0x2, [0x7, 0x7fffffff, 0x8, 0x7ff, 0x3, 0x2, 0x1, 0x401, 0xb9, 0xace, 0x0, 0x1, 0x9, 0x43, 0x7, 0x2, 0x0, 0x1ce00000, 0x7, 0x6, 0x103, 0x3, 0x1c000, 0x1ff, 0x2, 0x6, 0x9b16, 0x6, 0x100, 0x15a, 0xe, 0x40, 0x5, 0x4, 0x80000001, 0x4a, 0x1, 0x8, 0x99a9, 0x340d, 0x3, 0x2, 0x7, 0xd, 0x400, 0xfffffffa, 0x6, 0x100, 0x0, 0x5, 0x5, 0x2, 0xffff0001, 0x2, 0xdd1, 0x9, 0xfb, 0x4, 0xf, 0x324, 0x6, 0x3, 0x6, 0xff, 0x8, 0x401, 0x7fffffff, 0x4, 0x5, 0x800, 0x8261, 0x3, 0x6, 0x8, 0x2, 0x9, 0x4, 0x4, 0x6, 0x5, 0xf, 0x9, 0x38c8, 0x80000001, 0x4, 0xa11, 0x6, 0x8, 0x604, 0xfff, 0xab, 0x7, 0x5, 0x8, 0x1, 0x9, 0x401, 0x0, 0x4, 0x1ff, 0x4, 0x17, 0xffffff7f, 0x7c, 0x4, 0x4, 0xa42, 0xfffffff7, 0x4, 0x5b564ea6, 0xaa32, 0x2, 0x2, 0x4000008, 0x1ff, 0x5, 0x3, 0x7, 0x6, 0xfffff000, 0x12aeb60c, 0x4, 0xbb6, 0x1, 0x3, 0x5, 0x2, 0x3, 0x85, 0x10, 0x1, 0x5, 0x1, 0x10004, 0xb, 0xf65, 0x1d7, 0x9, 0x100, 0x0, 0x0, 0xc2, 0x1, 0x3, 0xffffffff, 0x1ff, 0x1, 0x30bb, 0x7, 0x40, 0xfffffff8, 0x5, 0x2, 0x1, 0x8, 0x8000, 0x5, 0x4, 0x31e, 0xffff8001, 0x6, 0xff, 0xa, 0x1ff, 0x9, 0x7, 0x7, 0x2, 0x412, 0x6, 0xf441, 0x6, 0x1, 0x7, 0x89, 0x3, 0x5, 0x0, 0x9, 0x7, 0x1, 0x4, 0x0, 0x4, 0x4, 0x200, 0x1, 0x720a, 0xff7f, 0xfff, 0x9, 0x7fff, 0x8, 0x3ac8efcb, 0x8, 0xf2c, 0x7, 0x80000000, 0x12, 0xfffff802, 0x2e4, 0x7, 0xfffffff9, 0x400, 0x4, 0x30, 0x10000, 0xfd, 0x4, 0x1, 0x5, 0x7, 0x0, 0x7, 0x47, 0x0, 0x0, 0x1, 0x7, 0x0, 0x8, 0x3, 0x6, 0x0, 0x10001, 0x0, 0xe9, 0x5, 0x1, 0x4, 0xaacc, 0x6f, 0x7fffffff, 0x5, 0x6, 0x2, 0xffff, 0x4, 0x10000, 0x9, 0xe, 0x45e8, 0x9, 0xfffffff8, 0x6, 0x100, 0x5, 0xe, 0x73d, 0x31, 0x3, 0x0, 0x2, 0x3, 0xb70, 0x3]}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0xfffffff7, 0x5, 0x7, 0x4, 0x2, 0x6, 0x1, 0xfb0, 0x8, 0x3, 0x5, 0x3, 0x0, 0x4, 0x9a, 0x9, 0x7, 0xfff, 0x7, 0x40, 0x5, 0x7fff, 0x6c, 0x3, 0x5, 0x7ff, 0x4, 0x2, 0x7, 0x2, 0x83d, 0x2, 0x3b, 0x4, 0x0, 0x4, 0x9, 0xc, 0x1cabbb02, 0x4, 0x4, 0x2, 0x8001, 0x7fff, 0x80000000, 0x10000, 0xffff8906, 0x7fffffff, 0x0, 0x0, 0x9, 0xc0000000, 0x2, 0x6, 0x83, 0x3, 0x10000, 0x3, 0x1, 0x6, 0x0, 0x1, 0x100, 0xcc2, 0x3800, 0x6, 0x18, 0x0, 0xfffffe00, 0x3, 0x6, 0x4, 0x3, 0x7, 0x1, 0xfffffffc, 0x8e4, 0xf5c1, 0x1, 0x5077, 0x3, 0x5, 0x7fff, 0x2, 0x4, 0x2, 0x3, 0x401, 0x6, 0x40, 0x7, 0x95, 0x5, 0x200, 0x1, 0x2, 0x7ff, 0x4, 0x8, 0xb, 0x6, 0x2, 0x0, 0xd266, 0x4, 0x0, 0x10001, 0x2, 0x101, 0x401, 0x200, 0x6, 0x1, 0x4a, 0x8, 0x2, 0xfffffffe, 0x14e, 0x4, 0x3, 0x1, 0x2, 0x94e6, 0xfffffbff, 0x5, 0x2, 0xfffd, 0xc, 0x4, 0x2, 0x40800000, 0x1f, 0x4, 0xffffffff, 0x800, 0x401, 0x3ff, 0x7ff, 0x101, 0x10, 0x5, 0x374, 0xc2f, 0x3, 0xffffff81, 0xfffffff7, 0x6, 0x8000, 0x8, 0x1, 0x1, 0x200, 0xcae, 0xc64, 0xffff, 0x7fff, 0x1, 0x8, 0x3c0, 0x9, 0x0, 0x6d3, 0xfffffff3, 0x9, 0x476b3752, 0xff, 0x0, 0x9, 0x7ff, 0x4, 0x3, 0x4, 0x7, 0x7249, 0x7, 0xffff8001, 0x95f, 0x8, 0x0, 0x1000, 0x800, 0x0, 0xfff, 0xf2, 0x0, 0x3, 0xffff, 0x0, 0x0, 0x8000, 0x9, 0x4, 0xcc6, 0xffe01000, 0x22, 0xd56, 0xfffffff0, 0x3bb8, 0x10, 0x140, 0x81, 0x9, 0x40, 0x2, 0x2, 0x4, 0x3, 0x0, 0x3, 0xf, 0x0, 0xc527, 0x9, 0x8, 0x1, 0xffff86fd, 0x7, 0x2, 0x8, 0x3, 0x9, 0x5, 0x0, 0x4, 0xc12, 0x7f, 0x0, 0x0, 0x80000000, 0x6f3, 0x7, 0x9, 0x7, 0x9, 0x4, 0x2, 0xc9, 0xaf8, 0x3, 0x80000000, 0xad8c, 0x4, 0x2, 0xea9, 0x9a1, 0x5, 0x1, 0x4, 0x8, 0x5, 0x10000, 0x3, 0x7fb, 0xdbbb, 0x4, 0x2]}]}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1}]}}]}, 0x884}, 0x1, 0x0, 0x0, 0x20041090}, 0xd0)

2.844675661s ago: executing program 8 (id=1717):
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2040000, 0x0)
socket(0x1, 0x80805, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100000020008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0x22)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8)
r1 = syz_open_dev$vbi(&(0x7f0000000140), 0x1, 0x2)
ioctl$VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000040)={0x5, @pix={0xb78d0f0, 0x27, 0x47425247, 0x0, 0x6, 0x0, 0x5, 0x0, 0x0, 0x3, 0x2, 0x7}})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00')
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
r2 = syz_open_dev$vbi(0x0, 0x3, 0x2)
ioctl$VIDIOC_S_OUTPUT(r2, 0xc004562f, &(0x7f0000000000)=0x1)
ioctl$sock_SIOCOUTQNSD(0xffffffffffffffff, 0x894b, &(0x7f00000000c0))
socket(0x40000000015, 0x5, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newtaction={0x9c, 0x30, 0x1, 0x70bd25, 0x0, {}, [{0x88, 0x1, [@m_mpls={0x84, 0x1, 0x0, 0x0, {{0x9}, {0x4}, {0x57, 0x4, "d90300f75efe2ddbc3d652a8526a30c3a8bcf3a1ba0bd1b0e53184b0b68ab1ca011d9bca8b03f9df80ec730321f7fd578a0512d6b7f1093fdfd80b3b1537ecab9dc083fe4eda4fe256617ec8584986207f2ec2"}, {0xc}, {0xc}}}]}]}, 0x9c}, 0x1, 0x0, 0x0, 0xeb756673eed151e1}, 0x0)
io_setup(0x81, &(0x7f0000000400)=<r3=>0x0)
io_submit(r3, 0x1, &(0x7f0000000000)=[&(0x7f0000001180)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x9}])
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x80000)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10)

1.655483756s ago: executing program 2 (id=1718):
ioctl$VIDIOC_ENUMAUDIO(0xffffffffffffffff, 0xc0345641, &(0x7f0000001480)={0x80, "c21fead35dacaffab15599d9c7d075f15b9bab055e859ab2bfa6e8d1ffe1ec7c", 0x1})
openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
socket$vsock_stream(0x28, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0)
r0 = openat$rtc(0xffffffffffffff9c, 0x0, 0x140, 0x0)
ioctl$RTC_UIE_ON(r0, 0x7003)
ioctl$RTC_SET_TIME(r0, 0x4024700a, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x1000000, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0x0, 0xf}, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="04131d07c9000a00c9800500c8001000c8000500c800005c17ed622021c9ff30b638735bfdc9354e6d3ec836b2927e7260054e061c000000000000000000000000000000003eae28c592d297843d50adc4f3b46c00db5543"], 0x20)
unshare(0x6a040000)
socket$unix(0x1, 0x0, 0x0)
ioperm(0x7, 0x4, 0x7)
r2 = syz_clone(0x1002200, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)

1.653869093s ago: executing program 6 (id=1719):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r2, 0x0, 0x0)
rmdir(&(0x7f0000000000)='./file0\x00')
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00'})
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[], 0x60}, 0x1, 0x0, 0x0, 0x81}, 0x24044884)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r5)
r6 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_buf(r6, 0x0, 0x9, &(0x7f0000000280)=""/117, &(0x7f0000000340)=0x75)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
r7 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r7, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8)

1.644507431s ago: executing program 3 (id=1730):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x48040}, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r5)
socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
r7 = socket(0x400000000010, 0x3, 0x0)
r8 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000022c0)=@newtfilter={0xea4, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r9, {0x5, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0xe70, 0x2, [@TCA_MATCHALL_ACT={0xe6c, 0x2, [@m_pedit={0xe68, 0x1, 0x0, 0x0, {{0xa}, {0xe3c, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe38, 0x4, {{{0xffffffff, 0xdb7, 0x5, 0x7, 0x9}, 0xd, 0xeb, [{0x3, 0xc, 0x88, 0xfffffffa, 0x0, 0x40}]}, [{0x2, 0x8, 0xfff, 0x8, 0x7ff, 0x7}, {0x626, 0x5, 0x5, 0xe38b, 0x54, 0x3bf}, {0x59, 0xffff, 0x4, 0xffffffff, 0x4, 0x9}, {0xb, 0x1355, 0x4, 0x8, 0x51b, 0x806}, {0x4, 0x5, 0xf02, 0xffff, 0xe, 0x94a}, {0x3, 0x6, 0x7, 0x0, 0x8, 0x4}, {0x2f, 0x3, 0xb, 0x0, 0x9, 0xf}, {0x6f4c, 0x80000001, 0x8000a3, 0x200, 0x913, 0x8001}, {0x1f0, 0x10000, 0xfffffff8, 0x0, 0x3, 0x8000}, {0xc, 0x5, 0x8, 0x0, 0x101, 0x4}, {0x200, 0x8, 0xfc3, 0xffffffff, 0xf, 0x1}, {0x2, 0x2, 0x662, 0x7, 0x4}, {0x0, 0x9511, 0xf, 0xfffff001, 0x0, 0x81a}, {0x6, 0x5, 0x7ff, 0x7, 0xffff}, {0x7a, 0x5, 0x800, 0x6, 0x6, 0x1}, {0x600000, 0x9e, 0x8039, 0x102d, 0x90, 0x9}, {0xffd, 0xa7, 0x200, 0x101, 0x3, 0xffffff01}, {0x3, 0x200, 0xffffffff, 0x4, 0x4, 0x500}, {0x7, 0x8, 0x8, 0x7, 0x3, 0x4000}, {0xd831fc23, 0x81, 0x8, 0x6, 0xffff, 0x5b}, {0x1, 0x4, 0x9, 0x9, 0xee, 0xa0e}, {0x9, 0x1, 0x7, 0x1, 0xc, 0xf0}, {0x40, 0x0, 0x0, 0x4, 0x1}, {0x6, 0x7, 0x0, 0x1, 0x7, 0x200}, {0x6, 0x10001, 0x0, 0x8, 0xf31d, 0x95}, {0x2, 0xfffffffe, 0xe, 0x5, 0x7ffb, 0xffffffc3}, {0x3, 0x400, 0x4, 0x3ff, 0x0, 0x61b9f92}, {0x1, 0x349, 0x7f, 0x6, 0x1, 0x7fff}, {0x188, 0x2, 0x418b3d83, 0xc, 0x3, 0x8}, {0x1ff, 0x8, 0x8, 0x7, 0x1000, 0x4}, {0x7f33eafe, 0xffffffff, 0xb, 0x2, 0x7, 0x8}, {0x1, 0x7f, 0x7, 0x9, 0x3, 0x6}, {0x80f469, 0x2, 0x401, 0x4, 0x8, 0x4}, {0x5, 0x2, 0x6, 0x1, 0x401, 0x2}, {0x0, 0x7fffffff, 0x4, 0x4, 0x6, 0x8515}, {0x5, 0x7, 0x8001, 0x76, 0x8000, 0xffffffff}, {0xc0f, 0x6, 0x1, 0x4, 0x200, 0xa7a2ee47}, {0x8, 0x2, 0x4e, 0xff, 0x7, 0x6}, {0x6, 0x2a, 0x63a8, 0x4, 0x288a6aae, 0x1}, {0xc52, 0x0, 0xfff, 0xe3c, 0x8, 0x10}, {0x80, 0xb, 0x8, 0x1, 0xa, 0x1}, {0x7, 0x9, 0x5, 0x4, 0x9, 0x80000001}, {0x5, 0x5, 0xffff, 0x3, 0x96e, 0x800}, {0x3, 0xa, 0x6, 0xffff1836, 0x9, 0x7f}, {0xd4, 0x100, 0x1, 0x2, 0x9, 0x9}, {0xcf680000, 0x3b9e, 0x28b7, 0x1, 0x4, 0x5}, {0xf8cd, 0x5, 0x900, 0xffffffeb, 0x1, 0x7}, {0x9, 0x24fd, 0x7, 0x80, 0x237e078f, 0x80}, {0x6, 0x55, 0x7, 0x101, 0xfffffffb, 0x1}, {0x8, 0x7, 0x80000008, 0xf9, 0x877, 0x7c}, {0xd732, 0x6, 0x2, 0x7, 0x1}, {0x81, 0x8, 0x6, 0xffffffff, 0xa, 0x5}, {0x8, 0xc, 0xeb6, 0x8, 0x80, 0xfffffffe}, {0x5, 0x56b, 0x0, 0x1, 0x9, 0x3}, {0x6, 0x8, 0x6, 0x9, 0xfffffff8, 0x3}, {0x6, 0xa5cb, 0x100, 0x9, 0x400, 0x7}, {0xfffffffa, 0x4, 0x6, 0x4756, 0x4002b13, 0x80}, {0x4, 0x1c0000, 0x7, 0xe, 0x0, 0x2}, {0x6, 0x1, 0x6, 0x4, 0x202, 0xb}, {0x425, 0x0, 0x3, 0x4f, 0x7, 0x8}, {0x4, 0x8, 0xd9b, 0x4, 0x9, 0x9}, {0xff, 0x8, 0x2, 0x0, 0x930, 0xc3c}, {0x85f, 0x3, 0x0, 0xcd4, 0x7, 0x484}, {0x2, 0x2, 0x0, 0x9, 0x7, 0x40}, {0x400001ff, 0x5, 0x7, 0x6, 0x400, 0x3ff}, {0xa, 0x5, 0x80000001, 0x5, 0x5, 0x7}, {0x2, 0x5, 0x80, 0xfffffffd}, {0xcd, 0xfac, 0xb19d, 0x6, 0x4}, {0xc, 0x3, 0x1, 0x7, 0x7fff, 0x8}, {0x81, 0x10, 0x1, 0x273, 0x1, 0xd}, {0x5c39c017, 0x7f, 0xffff7fff, 0x5, 0x3, 0x5}, {0x2, 0x3, 0x8, 0x81, 0xa, 0x9b7b}, {0x4, 0x39, 0xc, 0xb4c, 0xd, 0x6}, {0x9, 0x303a, 0x6, 0x6, 0x7, 0x6}, {0x2, 0xfffff942, 0x4, 0x4, 0x0, 0x7}, {0x0, 0x10001, 0x0, 0x4, 0x401, 0x3}, {0x65, 0x7, 0x9, 0xff, 0x2, 0x8}, {0xe, 0x200, 0x8, 0x7fff, 0x7, 0x8}, {0xf, 0xfffffffb, 0x8, 0x2, 0x1, 0x7}, {0x3, 0x7, 0x2, 0x1a, 0x3, 0x100}, {0xe, 0x7, 0x6, 0x6c95, 0x10000}, {0x6, 0x5, 0x2, 0x921, 0x8000, 0x20}, {0x795c, 0x494d, 0xfff, 0x80, 0x7fff, 0x3}, {0xbd9, 0x6, 0xb, 0xfffffffc, 0x0, 0x8}, {0x9, 0xfffffff7, 0x2, 0x2, 0xf68, 0x7}, {0x5, 0x4, 0x8, 0x7, 0xf5c, 0x8}, {0x1, 0x0, 0x5419, 0xc, 0x9, 0x7}, {0x3ff, 0x3, 0x1037, 0x5, 0xd, 0x10000}, {0xb, 0x9, 0x101, 0xb99, 0x2e7, 0x8}, {0x3, 0x8001, 0x10001, 0x6, 0x54f7, 0x6}, {0x1, 0x5, 0x8, 0x1, 0x400, 0xd}, {0x8, 0x6, 0xfff, 0xce, 0x1b, 0x8}, {0x8, 0x9, 0x2bd, 0xffff79af, 0x7, 0x3}, {0x7, 0x0, 0x6, 0x1, 0x6, 0x5}, {0x7, 0xe, 0x7, 0xfff, 0x7, 0x2}, {0x0, 0x8, 0x585, 0x4, 0x2}, {0x9, 0x200, 0x1, 0x8702, 0xffff8a6e, 0x9}, {0x200, 0x2, 0x4, 0xc, 0x3, 0x6}, {0xe, 0x6, 0x0, 0x9, 0x8, 0xb5}, {0x100, 0x5, 0x2400000, 0x8, 0x0, 0x8000}, {0x0, 0xfffffff0, 0x101, 0xd786, 0x7}, {0x5, 0x6, 0x5, 0x0, 0x97, 0x10001}, {0x2, 0x45c9, 0x100, 0x5, 0x6, 0x337bc25c}, {0x7f, 0x10, 0x6, 0x834, 0x5, 0x4e8e}, {0x0, 0x4, 0x14, 0x2, 0x2, 0x4}, {0x8001, 0x0, 0x25, 0x869, 0x3, 0x7}, {0xa, 0x9, 0x100, 0x4, 0x7, 0x8000}, {0x8, 0x4, 0x8, 0x8, 0x1, 0x2}, {0x7, 0x1, 0x400, 0x6, 0x5}, {0x6, 0xfffffff7, 0x6, 0xe7, 0x401, 0x610ddc80}, {0x6, 0x1ff, 0x0, 0x0, 0x7f}, {0x6, 0x0, 0x1fbb, 0x5, 0xe53, 0x73}, {0x8, 0x8000, 0x0, 0x10, 0x4e5ae85, 0x1}, {0x5, 0xa8e, 0x2, 0x4, 0x1, 0x8}, {0x5, 0x0, 0x7559, 0x800, 0x7507f659, 0x1000}, {0x4, 0xa3, 0xad4, 0x0, 0x4, 0x9d2}, {0x4, 0x0, 0x17c, 0x3ff, 0xfffffffc, 0xff}, {0xd, 0x81, 0x8, 0x6, 0x0, 0x2}, {0xfffffffa, 0xa, 0xffffff96, 0x5, 0x6, 0xffd9}, {0x7ff, 0x7ff, 0xfffffff8, 0x1, 0x3ff}, {0x0, 0x9, 0x8, 0x2, 0xdec9, 0x5}, {0x9, 0x9, 0x800, 0x8, 0x1, 0x5}, {0x1, 0xfff, 0x10001, 0x6, 0x80, 0x5}, {0xffffffff, 0xd55c, 0x68, 0xfffffffd, 0xa5b7, 0x10001}, {0x9, 0x9, 0x80, 0x6e0, 0x8, 0x389}, {0xa0, 0x3111013c, 0x8, 0x1, 0x80000000, 0x93fb}, {0x1, 0x9, 0x6, 0x5, 0x32, 0x800}, {0x7, 0x76, 0x5, 0x4, 0x101, 0x9}], [{}, {0x5}, {0x3, 0x1}, {0x1}, {0x1, 0x1}, {}, {0x2, 0x1}, {0x2}, {0x0, 0x1}, {0x854056177ef68b07, 0x1}, {0x1}, {0x1}, {0x0, 0x1}, {0x3, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {0x1, 0x6fb9e8e116338fa4}, {0x4, 0x1}, {0x2, 0x1}, {0x0, 0xebb446fe48414d9f}, {}, {0x2, 0x1}, {0x7, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {0x5}, {0x0, 0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x2, 0x1}, {0x4, 0x1}, {0x4}, {0x4}, {0x4, 0x1}, {0x4}, {0x1}, {0x1}, {0x0, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x4}, {0x1}, {0x3, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {}, {0x0, 0x1}, {0x3, 0x1}, {0x1, 0x1}, {0x4}, {0x1}, {0x4, 0x1}, {}, {0x1}, {0x3}, {0x3}, {0x4}, {0x3, 0x1}, {0x3, 0x1}, {0x1}, {0x4, 0x1}, {0x4}, {0x4}, {0x0, 0x1}, {0x2, 0x1}, {}, {0x0, 0x1}, {0x5, 0x1}, {0x1}, {0x0, 0x1}, {0x5}, {0x3, 0x1}, {0x3, 0x1}, {}, {0x3, 0x1}, {}, {0x3}, {0x1, 0x1}, {0x0, 0x1}, {0x2}, {0x4}, {0x4}, {}, {}, {0x7}, {0x2, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {0x4, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {0x5}, {0x3}, {0x4, 0x1}, {0x4, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x0, 0x1}, {0x3}, {0x4}, {0x3, 0x1}, {0x5}, {0x2, 0x1}, {0x5, 0x1}, {0x3}, {0x5}, {0x2}, {}, {0x2, 0x1}, {0x2}, {0x2}, {0x3, 0x1}, {0x1}, {0x1}, {0x4}, {0x0, 0x1}, {0x1}, {0x0, 0x1}, {0x2, 0x1}, {0x2}, {0x3, 0x1}, {0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x5}], 0x1}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}]}, 0xea4}, 0x1, 0x0, 0x0, 0x10}, 0x0)
setsockopt$sock_attach_bpf(r4, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r4, &(0x7f0000000000)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r6, 0x28}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000180)="27030200084014000e00002fb96dffff1144ee163cddcb000000800000827600000000000000", 0x26}, {&(0x7f0000000780)="f058050000007f8f", 0x300}], 0x2}, 0x5)

1.488548376s ago: executing program 4 (id=1720):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r1, &(0x7f0000000240)={0x2, 0x4e20, @loopback}, 0x10)
bind$inet(r1, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000000)={0x3, [0x0, 0x0, <r2=>0x0]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r1, 0x84, 0x5, &(0x7f00000004c0)={r2, @in={{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x42}}}}, 0x84)
sendmsg$xdp(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4090}, 0x0)
sendmsg$alg(r1, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
writev(r3, &(0x7f00000005c0)=[{&(0x7f00000000c0)="052f", 0x2}], 0x1)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r3, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x6c, r5, 0x1, 0x0, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e26, 0x44, @loopback={0x5f0000000000002d, 0x2e}, 0x7f2a}}, {0x20, 0x2, @in6={0xa, 0x4e21, 0xfffffff9, @mcast2, 0x5}}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x40}, 0x0)
getsockopt(0xffffffffffffffff, 0x200000000114, 0x271e, 0x0, &(0x7f0000000040))
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_SPLIT(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x40080b1}, 0x80010)

1.348108625s ago: executing program 8 (id=1721):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r2, 0x0, 0x0)
rmdir(&(0x7f0000000000)='./file0\x00')
r5 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002abd7000fddbdf250700000008000300", @ANYRES32=r6, @ANYBLOB="0c009900ff070000700000001400040073797a6b616c6c6572300000000000000800050006"], 0x60}, 0x1, 0x0, 0x0, 0x81}, 0x24044884)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r7)
r8 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_buf(r8, 0x0, 0x9, &(0x7f0000000280)=""/117, &(0x7f0000000340)=0x75)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
r9 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r9, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8)

1.272002437s ago: executing program 6 (id=1722):
ioctl$TCSETAF(0xffffffffffffffff, 0x5408, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, &(0x7f00000000c0))
r3 = fsopen(&(0x7f0000000000)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, 0x0, &(0x7f0000005fc0)='//\xf2/\x06\b/\xdf/o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcf\xcb\x92\xf1\x83\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000080)='source', &(0x7f0000000400)='//\xf2/\x06\b\xa30\\\x00\x00\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas\x9d\x14\xe3\v\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7Gl\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\n\x8c<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/\xd15)\xeatn\xa3\x88\x13i\xb6\x7ft\x95\xd7\x01o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x94\x00\x00\x00\x00\x00\x00\x00g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xef\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xba\xec\x99@\xd2\t\n\xb1o', 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r4 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe)
keyctl$update(0x2, r4, 0x0, 0x0)
r5 = syz_open_dev$swradio(&(0x7f0000002440), 0x0, 0x2)
ioctl$VIDIOC_STREAMOFF(r5, 0x40045613, &(0x7f0000002480)=0x2)
write$UHID_SET_REPORT_REPLY(0xffffffffffffffff, &(0x7f00000007c0)=ANY=[], 0xffe0)

1.175825771s ago: executing program 3 (id=1723):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x8e40, 0x0)
close(r1)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000980)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084)
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000008c0)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r5, {0xffff}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x4, [0x7, 0xd, 0x0, 0xf, 0x10, 0x2, 0x24, 0x2, 0xf, 0x10, 0xf, 0x7, 0x9, 0x4, 0x1, 0x4], 0x3, [0xb, 0x3, 0x5, 0x2002, 0x1, 0x4, 0x786, 0xd09, 0xff05, 0x2, 0xb, 0x3, 0x5, 0x2, 0x10, 0x100], [0xfff1, 0x5, 0xffff, 0xfff5, 0x4, 0xb, 0x1, 0x9, 0x3fd, 0x2, 0x5, 0x42, 0xfffc, 0x3, 0x1]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r8, {0x4}, {0xffff}, {0x2, 0xfff3}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x4, [0xc, 0x9, 0x0, 0xf, 0x10, 0x2, 0x6, 0x2, 0x8, 0x2, 0x0, 0x1, 0x8, 0x1, 0x10, 0x4], 0x3, [0xc, 0x101, 0x7fff, 0x2002, 0x1, 0x4, 0x6, 0xd03, 0xff05, 0x2, 0xb, 0x3, 0x5, 0x6, 0xd, 0x100], [0xfff1, 0x5, 0xffff, 0xfff5, 0x4, 0x8, 0x7, 0x2a, 0x401, 0x2, 0xc, 0x40, 0xfffc, 0x3, 0x4]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x810}, 0x0)
r9 = socket$packet(0x11, 0x2, 0x300)
sendto$packet(r9, 0x0, 0x0, 0x48040, &(0x7f00000001c0)={0x11, 0x7, r8, 0x1, 0x6, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x14)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r10)
sendmsg$TIPC_CMD_ENABLE_BEARER(r10, &(0x7f00000002c0)={0x0, 0xeaff, &(0x7f0000000340)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r11, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x44081}, 0x40000)

387.630086ms ago: executing program 2 (id=1724):
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x48800, 0x0)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r1 = io_uring_setup(0x1b7f, &(0x7f0000000500)={0x0, 0xc89b, 0x2000, 0x0, 0x20002f7})
r2 = socket$inet(0x2, 0x80001, 0x84)
ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x83, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x9, 0x0})
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffffb)
io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f00000000c0)={0xfdfdffff, 0xfffffff7, 0x1, 0x4, 0x15, "518aba4d000000000000000000000000002000"})
dup(r0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x100, 0x0)
ioctl$TCXONC(r3, 0x540a, 0x2)
ioctl$TIOCSPTLCK(r3, 0x40045431, &(0x7f0000000000))
ioctl$TIOCPKT(r3, 0x5420, &(0x7f0000000200)=0x1b)
r4 = ioctl$TIOCGPTPEER(r3, 0x5441, 0x3)
ioctl$TCXONC(r4, 0x540a, 0x2)

363.905232ms ago: executing program 8 (id=1725):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0000}]})
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x1001, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x129240, 0x0)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f00000000c0)={0xc})
close_range(r0, 0xffffffffffffffff, 0x0)

290.199684ms ago: executing program 4 (id=1726):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2e, &(0x7f0000000340)={0x7, {{0x2, 0x0, @multicast2}}, {{0x2, 0x400, @dev={0xac, 0x14, 0x14, 0x17}}}}, 0x108)
getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000000340)=""/224, &(0x7f00000001c0)=0xe0)
ioctl$sock_SIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000140))
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x20008814)
sendmsg$NL80211_CMD_DEL_INTERFACE(r0, 0x0, 0x0)
r1 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x749})
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040)={0x140000008})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
madvise(&(0x7f0000c0c000/0x1000)=nil, 0x1000, 0x4)
readv(r1, &(0x7f00000002c0)=[{&(0x7f0000000100)=""/163, 0xa3}], 0x1)
r3 = io_uring_setup(0x6a76, &(0x7f0000000180)={0x0, 0x7e52, 0x0, 0x40, 0x374})
r4 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$UHID_CREATE2(r4, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f0000000280)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000000640)={[{@dioread_nolock}, {@jqfmt_vfsv1}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x6}}], [{@seclabel}, {@rootcontext={'rootcontext', 0x3d, 'user_u'}}, {@euid_eq}, {@mask={'mask', 0x3d, 'MAY_APPEND'}}, {@pcr={'pcr', 0x3d, 0x4000000007}}, {@dont_appraise}]}, 0x4, 0xbaf, &(0x7f00000017c0)="$eJzs3M1rXFUbAPDn3ny2zftO+vIi1k0jIi2o07SSYotgKxU3LgTdCg3ppIRMP0giNWkWE/0HRF0LbgS1KF3YdTcKbt1o3VpcCEVioyCikTsfSWxmkrSd5Ibk94Mz95w5d+Z5nrlM7j0wNwHsWgPZQxpxICLOJhGF+vNpRHRXe70Rldp+C/OzI7/Pz44ksbj42i9JJBFxd352pPFeSX27rz7ojYhvX0zif++sjjs5PTM+XC6XJurjI1MXLh+ZnJ55ZuzC8PnS+dLFo8efGzo2dHzwxFDbav3jx1M3fnv85Z8qf37617Vf3/84iVPRV59bWUe7DMTA0meyUmdEDLc7WE466vWsrDPpXOdF6SYnBQBAS+mKa7hHohAdsXzxVoivvss1OQAAAKAtFjsiFgEAAIAdLrH+BwAAgB2u8TuAu/OzI42W7y8Sttad0xHRX6t/od5qM51RqW57oysi9t5NYuVtrUntZQ9tICJu/3Dii6zFJt2HvJbKXEQ82uz4J9X6+6t3ca+uP42IwTbEH7hnvN3qf7q7df2n2hA/7/oB2J1unq6dyFaf/9Kl659ocv7rbHLuehB5n/8a138Lq67/luvvaHH99+oGY1z95MMrreay+p+/8dLnjZbFz7YPVdR9uDMX8Vhns/qTpfqTFvWf3WCMwt9XSq3m8q5/8aOIQ9G8/oZk7f9PdGR0rFwarD02jTH3zdBnreLnXX92/Pe2qH+94395gzHeOHPmequ59etPf+5OXq/2uuvPvDU8NTVxNKI7eWX188fqN7S30Nin8R5Z/YefWPv736z+LESl/jlka4G5+jYbv31PzBeuXf1yrfqztV+ex//cAx7/dzcY48mv3zvcam7l+jdrWfzbSW0tDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANaUT0RZIWl/ppWixG7IuI/8fetHxpcuqp0UtvXjyXzUX0R1c6OlYuDUZEoTZOsvHRan95fOye8bMRsT8iPijsqY6LI5fK5/IuHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCX7IqIvkrQYEWlELBTStFjMOysAAACg7frzTgAAAADYdNb/AAAAsPNZ/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALDJ9h+8eSuJiMrJPdWW6a7PdeWaGbDZ0rwTAHLTkXcCQG46804AyM19rvFdLsAOlKwz39typqftuQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwfR06cPNWEhGVk3uqLdNdn+tq+oqDW5gdsJnSvBMActOx1mTn1uUBbD1fcdi9mq/xgd0kWWe+d3mfyr9nejYtJwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2n75qS9JiRKTVfpoWixH/iYj+6EpGx8qlwYj4b0R8X+jqycY9eScNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA201Oz4wPl8ulCR0dnXw7yfZIo9bJ+y8TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB5mJyeGR8ul0sTk3lnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAORtcnpmfLhcLk1soHP9fnZe0cm7RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8vNPAAAA///5ZQ4Q")
r5 = syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042)
ioctl$HIDIOCGFEATURE(r5, 0xc0404807, &(0x7f0000000040)={0x4, "61d2be22a9ae314238991451f45a8e0bd5fdaa3fb4a39f3a5fb5d38174b5059d260d6c6ed11266be7fc0b8de6b3b9609f90a23c7f3947cabefc185f238de1ad2"})
close_range(r3, 0xffffffffffffffff, 0x0)

128.282863ms ago: executing program 6 (id=1727):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = fsopen(&(0x7f0000000500)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
fchdir(r4)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f00000001c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000340)='./file0\x00', &(0x7f0000000140), 0x200800, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
ptrace$ARCH_SHSTK_LOCK(0x1e, r0, 0x0, 0x5003)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000440)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1/file0'}}]})

25.467873ms ago: executing program 3 (id=1728):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x20000840)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket$xdp(0x2c, 0x3, 0x0)
io_submit(0x0, 0x2000000000000211, &(0x7f0000000840)=[&(0x7f00000004c0)={0x0, 0x0, 0x0, 0x8, 0x9, r3, 0x0}])
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x6, 0x14, &(0x7f0000001740)=@ringbuf={{0x18, 0x8}, {{}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1ab92b}, {0x85, 0x0, 0x0, 0x8}, {0x4}}, {{0x5, 0x0, 0x4, 0x9, 0x0, 0x1, 0x2000}}, [@tail_call], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x9}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000080), 0x900, 0x0)
ioctl$FBIO_WAITFORVSYNC(r4, 0x40044620, 0x0)
clock_adjtime(0x0, &(0x7f0000000040)={0x37db, 0xf423b, 0xfffffffffffffffc, 0x0, 0x0, 0x9, 0xfffffffffffffffc, 0x1, 0x3, 0x80000, 0x7ff, 0x0, 0x0, 0xfffffffffffffffd, 0x2, 0xf11b, 0x1, 0x8, 0x0, 0x0, 0x2, 0xb17, 0xffffffffffffffff, 0x5c43, 0x1, 0x6})

0s ago: executing program 2 (id=1729):
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x80000002)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='huge=always'])
chdir(&(0x7f0000000140)='./file0\x00')
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000001080)={0x200000, 0x200000})
r4 = syz_open_dev$usbfs(&(0x7f0000000040), 0x80006f, 0x81501)
ioctl$USBDEVFS_SUBMITURB(r4, 0x8038550a, &(0x7f0000000240)=@urb_type_control={0x2, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0})
write$binfmt_script(r3, &(0x7f0000000000), 0x208e24b)

kernel console output (not intermixed with test programs):

 to 2048
[  311.266708][ T8245] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  312.616388][ T1311] ieee802154 phy0 wpan0: encryption failed: -22
[  312.622715][ T1311] ieee802154 phy1 wpan1: encryption failed: -22
[  314.339624][   T30] audit: type=1800 audit(1782086588.631:85): pid=8261 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.454" name="file1" dev="loop1" ino=1369 res=0 errno=0
[  314.849964][ T8080] bridge0: port 1(bridge_slave_0) entered blocking state
[  314.909449][ T8080] bridge0: port 1(bridge_slave_0) entered disabled state
[  315.027663][ T8080] bridge_slave_0: entered allmulticast mode
[  315.141481][ T8080] bridge_slave_0: entered promiscuous mode
[  315.358865][ T8268] loop1: detected capacity change from 0 to 512
[  315.377359][ T8080] bridge0: port 2(bridge_slave_1) entered blocking state
[  315.419066][ T8080] bridge0: port 2(bridge_slave_1) entered disabled state
[  315.438217][ T8268] EXT4-fs error (device loop1): ext4_iget_extra_inode:5179: inode #15: comm syz.1.460: corrupted in-inode xattr: invalid size in ea xattr
[  315.449536][ T8080] bridge_slave_1: entered allmulticast mode
[  315.469501][ T8080] bridge_slave_1: entered promiscuous mode
[  315.596414][ T8080] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  315.617515][ T8268] loop1: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[  315.625936][    C0] EXT4-fs (loop1): error count since last fsck: 1
[  315.641739][    C0] EXT4-fs (loop1): initial error at time 1782086590: ext4_iget_extra_inode:5179: inode 15
[  315.651733][    C0] EXT4-fs (loop1): last error at time 1782086590: ext4_iget_extra_inode:5179: inode 15
[  315.663766][ T8268] EXT4-fs error (device loop1): ext4_orphan_get:1402: comm syz.1.460: couldn't read orphan inode 15 (err -117)
[  315.679545][ T8268] loop1: lost filesystem error report for type 5 error -117
[  315.709919][ T8268] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  315.712811][ T8080] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  316.406065][ T8080] team0: Port device team_slave_0 added
[  316.415351][ T8080] team0: Port device team_slave_1 added
[  316.536538][ T8080] batman_adv: batadv0: Adding interface: batadv_slave_0
[  316.555544][ T8080] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  316.635592][ T8281] loop7: detected capacity change from 0 to 4096
[  316.651268][ T8080] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  316.663441][ T5622] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  316.718780][ T8080] batman_adv: batadv0: Adding interface: batadv_slave_1
[  316.749515][ T8080] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  316.755452][ T8287] netlink: 'syz.5.465': attribute type 1 has an invalid length.
[  316.959958][ T8080] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  317.625522][ T8296] netlink: 28 bytes leftover after parsing attributes in process `syz.5.465'.
[  318.070389][ T8296] 8021q: adding VLAN 0 to HW filter on device bond1
[  318.373619][ T8304] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  318.847409][ T8292] bond1: (slave geneve2): making interface the new active one
[  318.862430][ T8306] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  318.996542][ T8292] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  319.029347][ T8310] netlink: 28 bytes leftover after parsing attributes in process `syz.2.468'.
[  319.480157][ T6134] netdevsim netdevsim5 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  319.499729][ T8313] netlink: 28 bytes leftover after parsing attributes in process `syz.4.469'.
[  319.552206][ T6134] netdevsim netdevsim5 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  319.624120][ T8080] hsr_slave_0: entered promiscuous mode
[  319.807597][ T8080] hsr_slave_1: entered promiscuous mode
[  319.828332][ T5282] 8021q: adding VLAN 0 to HW filter on device eth12
[  319.969628][ T6134] netdevsim netdevsim5 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  321.831101][ T8330] binder: 8318:8330 ioctl c0306201 0 returned -14
[  322.089641][ T8330] binder: BINDER_SET_CONTEXT_MGR already set
[  322.528198][ T8330] binder: 8318:8330 ioctl 4018620d 200000001000 returned -16
[  322.606979][ T8330] binder: 8318:8330 ioctl c0306201 0 returned -14
[  322.827344][ T8080] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  322.839563][ T8080] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  323.047943][ T8080] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  323.717983][   T29] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  323.915084][ T8080] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  324.086832][ T8080] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  324.095984][   T29] usb 5-1: Using ep0 maxpacket: 32
[  324.107275][   T29] usb 5-1: config 0 has no interfaces?
[  324.119730][   T29] usb 5-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[  324.133319][ T8080] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  324.140736][   T29] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  324.157292][ T8080] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  324.235019][ T8361] loop7: detected capacity change from 0 to 8
[  324.282983][ T8361] SQUASHFS error: xz decompression failed, data probably corrupt
[  324.291378][ T8361] SQUASHFS error: Failed to read block 0x108: -5
[  324.298794][ T8361] SQUASHFS error: Unable to read metadata cache entry [106]
[  324.306175][ T8361] SQUASHFS error: Unable to read inode 0x11f
[  324.626056][   T29] usb 5-1: Product: syz
[  324.632116][   T29] usb 5-1: Manufacturer: syz
[  324.645970][   T29] usb 5-1: SerialNumber: syz
[  324.653840][ T8360] loop1: detected capacity change from 0 to 256
[  324.653946][   T29] usb 5-1: config 0 descriptor??
[  324.669594][ T8080] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  324.676818][ T8360] exfat: Bad value for 'errors'
[  324.705402][ T8358] loop5: detected capacity change from 0 to 2048
[  324.754876][ T8358] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  325.501494][ T8366] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1314: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  325.892686][ T5862] usb 5-1: USB disconnect, device number 3
[  326.267042][ T8080] 8021q: adding VLAN 0 to HW filter on device bond0
[  326.594794][ T8384] netlink: 28 bytes leftover after parsing attributes in process `syz.1.483'.
[  326.672805][ T8388] netlink: 'syz.4.484': attribute type 1 has an invalid length.
[  326.683540][ T8080] 8021q: adding VLAN 0 to HW filter on device team0
[  326.770084][ T5624] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  326.833940][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  326.841879][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  326.883415][ T8388] netlink: 28 bytes leftover after parsing attributes in process `syz.4.484'.
[  326.974311][ T8393] bond2: (slave geneve2): making interface the new active one
[  327.007733][ T8393] bond2: (slave geneve2): Enslaving as an active interface with an up link
[  327.062007][ T8401] [U] 
[  327.065652][ T8388] 8021q: adding VLAN 0 to HW filter on device bond2
[  327.088586][ T8402] netlink: 28 bytes leftover after parsing attributes in process `syz.5.485'.
[  327.145242][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  327.152417][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  327.187880][   T49] netdevsim netdevsim4 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  327.220521][   T49] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  327.261619][   T49] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  327.294740][   T49] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  327.323298][ T5282] 8021q: adding VLAN 0 to HW filter on device eth11
[  327.352159][ T8406] syzkaller0: entered promiscuous mode
[  327.368791][ T8406] syzkaller0: entered allmulticast mode
[  327.468647][ T8414] netlink: 28 bytes leftover after parsing attributes in process `syz.4.499'.
[  330.117524][ T8430] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  331.245708][ T8428] binder: 8427:8428 ioctl c0306201 0 returned -14
[  331.305768][ T8443] binder: BINDER_SET_CONTEXT_MGR already set
[  331.491600][ T8443] binder: 8427:8443 ioctl 4018620d 200000001000 returned -16
[  331.526444][ T8428] binder: 8427:8428 ioctl c0306201 0 returned -14
[  332.145751][ T8448] loop4: detected capacity change from 0 to 40427
[  332.171978][ T8448] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  332.180547][ T8448] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  332.197134][ T8448] F2FS-fs (loop4): invalid crc value
[  332.213438][ T8448] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  332.257157][ T8448] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  332.271526][ T8448] F2FS-fs (loop4): Try to recover 1th superblock, ret: -30
[  332.279197][ T8448] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  332.348694][ T8453] mac80211_hwsim hwsim5 syzkaller0: entered promiscuous mode
[  332.408996][ T8453] mac80211_hwsim hwsim5 syzkaller0: entered allmulticast mode
[  332.738204][ T8461] loop7: detected capacity change from 0 to 2048
[  333.630762][ T8461] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  334.404029][ T4937] Bluetooth: hci4: unexpected event for opcode 0x0c7c
[  335.000082][ T8491] [U] 
[  336.322460][ T6808] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  336.374565][ T8080] 8021q: adding VLAN 0 to HW filter on device batadv0
[  336.491281][ T8505] mac80211_hwsim hwsim5 syzkaller0: left promiscuous mode
[  336.507637][ T8505] mac80211_hwsim hwsim5 syzkaller0: left allmulticast mode
[  336.598967][ T8507] loop5: detected capacity change from 0 to 1024
[  337.335808][ T8515] netlink: 24 bytes leftover after parsing attributes in process `syz.5.512'.
[  338.099104][ T8520] mac80211_hwsim hwsim5 syzkaller0: entered promiscuous mode
[  338.119430][ T8520] mac80211_hwsim hwsim5 syzkaller0: entered allmulticast mode
[  338.686107][ T8529] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  340.095931][    T0] NOHZ tick-stop error: local softirq work is pending, handler #06!!!
[  340.155933][    T0] NOHZ tick-stop error: local softirq work is pending, handler #06!!!
[  342.245521][ T8080] veth0_vlan: entered promiscuous mode
[  342.355606][ T8080] veth1_vlan: entered promiscuous mode
[  342.356608][ T8557] netlink: 28 bytes leftover after parsing attributes in process `syz.2.520'.
[  342.505944][    T0] NOHZ tick-stop error: local softirq work is pending, handler #04!!!
[  343.963582][ T8080] veth0_macvtap: entered promiscuous mode
[  344.248892][ T8080] veth1_macvtap: entered promiscuous mode
[  344.605236][ T8571] loop4: detected capacity change from 0 to 2048
[  344.733892][ T8080] batman_adv: batadv0: Interface activated: batadv_slave_0
[  345.366516][ T8571] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  345.429837][ T8080] batman_adv: batadv0: Interface activated: batadv_slave_1
[  346.488658][   T12] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  346.536979][   T12] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  346.593874][   T12] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  346.624955][ T5623] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  346.637578][   T12] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  346.768532][ T8599] syz.1.528 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  351.058402][ T8620] siw: device registration error -23
[  351.871411][ T1110] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  351.906018][ T1110] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  351.984701][ T8630] netlink: 28 bytes leftover after parsing attributes in process `syz.1.534'.
[  352.006281][ T6134] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  352.247469][ T6134] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  352.437452][ T8626] mac80211_hwsim hwsim5 syzkaller0: left promiscuous mode
[  352.478296][ T8626] mac80211_hwsim hwsim5 syzkaller0: left allmulticast mode
[  352.675861][ T8635] netlink: 28 bytes leftover after parsing attributes in process `syz.4.538'.
[  352.770918][   T30] audit: type=1326 audit(1782086627.601:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8624 comm="syz.2.536" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbe5db9ce59 code=0x0
[  353.785112][ T8646] tipc: Started in network mode
[  353.811805][ T8646] tipc: Node identity 080211000001, cluster identity 4711
[  353.851172][ T8646] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  353.934818][ T8649] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) !
[  354.428939][ T5627] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  354.443394][ T5627] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  354.455100][ T5627] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  354.824037][ T5627] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  354.833507][ T5627] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  355.268601][   T47] tipc: Node number set to 134418688
[  355.280783][ T8665] loop1: detected capacity change from 0 to 8
[  355.393911][ T8665] SQUASHFS error: xz decompression failed, data probably corrupt
[  355.401738][ T8665] SQUASHFS error: Failed to read block 0x108: -5
[  355.408855][ T8665] SQUASHFS error: Unable to read metadata cache entry [106]
[  355.416187][ T8665] SQUASHFS error: Unable to read inode 0x11f
[  356.973094][ T5627] Bluetooth: hci6: command tx timeout
[  358.604089][ T8692] loop4: detected capacity change from 0 to 512
[  358.717030][ T8692] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  359.026126][ T4937] Bluetooth: hci6: command tx timeout
[  359.118501][   T84] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  359.205255][ T8703] EXT4-fs warning (device loop4): dx_probe:836: inode #2: comm syz.4.548: Unimplemented hash flags: 0x0001
[  359.217889][ T8703] EXT4-fs warning (device loop4): dx_probe:933: inode #2: comm syz.4.548: Corrupt directory, running e2fsck is recommended
[  359.647417][ T5627] Bluetooth: hci0: command 0x0405 tx timeout
[  359.798432][ T8708] netlink: 28 bytes leftover after parsing attributes in process `syz.7.550'.
[  359.862982][ T8711] mac80211_hwsim hwsim5 syzkaller0: entered promiscuous mode
[  359.890519][ T8711] mac80211_hwsim hwsim5 syzkaller0: entered allmulticast mode
[  360.020772][ T8683] uprobe: syz.5.546:8683 failed to unregister, leaking uprobe
[  360.045610][ T5623] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  360.130195][ T8683] uprobe: syz.5.546:8683 failed to unregister, leaking uprobe
[  360.193855][   T84] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  360.373023][   T84] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  360.867079][ T8735] netlink: 28 bytes leftover after parsing attributes in process `syz.5.553'.
[  361.588073][ T5627] Bluetooth: hci6: command tx timeout
[  361.606181][ T8730] mac80211_hwsim hwsim9 syzkaller0: left promiscuous mode
[  361.820050][ T8730] mac80211_hwsim hwsim9 syzkaller0: left allmulticast mode
[  363.816031][ T5627] Bluetooth: hci6: command tx timeout
[  364.339791][   T84] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  364.369548][ T8745] loop4: detected capacity change from 0 to 2048
[  365.140590][ T8745] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  365.143812][ T8754] batman_adv: batadv0: Adding interface: gretap1
[  365.155812][ T8754] batman_adv: batadv0: The MTU of interface gretap1 is too small (1382) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  365.182016][ T8754] batman_adv: batadv0: Interface activated: gretap1
[  365.242611][ T8661] lo speed is unknown, defaulting to 1000
[  365.613586][ T8761] loop7: detected capacity change from 0 to 1024
[  365.625381][   T84] bridge_slave_1: left allmulticast mode
[  365.689154][   T84] bridge_slave_1: left promiscuous mode
[  365.885206][   T84] bridge0: port 2(bridge_slave_1) entered disabled state
[  365.951574][   T84] bridge_slave_0: left allmulticast mode
[  366.011456][   T84] bridge_slave_0: left promiscuous mode
[  366.050160][ T8777] loop4: detected capacity change from 0 to 1024
[  366.109938][ T8779] netlink: 24 bytes leftover after parsing attributes in process `syz.7.559'.
[  366.148851][   T84] bridge0: port 1(bridge_slave_0) entered disabled state
[  366.199517][ T8777] EXT4-fs: Ignoring removed mblk_io_submit option
[  366.388928][ T8777] EXT4-fs: inline encryption not supported
[  366.446979][ T8777] EXT4-fs (loop4): can't mount with data_err=abort, fs mounted w/o journal
[  366.479336][ T8783] netlink: 28 bytes leftover after parsing attributes in process `syz.5.565'.
[  367.820404][   T30] audit: type=1326 audit(1782086642.361:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8776 comm="syz.4.563" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe52239ce59 code=0x0
[  368.163341][ T5627] Bluetooth: hci4: Malformed LE Event: 0x0d
[  368.377552][ T8798] siw: device registration error -23
[  368.676897][   T84] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  368.688861][   T84] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  368.699066][   T84] bond0 (unregistering): Released all slaves
[  371.752894][ T8661] bridge0: port 1(bridge_slave_0) entered blocking state
[  371.773141][ T8661] bridge0: port 1(bridge_slave_0) entered disabled state
[  371.798007][ T8661] bridge_slave_0: entered allmulticast mode
[  371.812138][ T8661] bridge_slave_0: entered promiscuous mode
[  371.906915][   T84] hsr_slave_0: left promiscuous mode
[  371.939508][   T84] hsr_slave_1: left promiscuous mode
[  372.124073][   T84] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  372.133104][   T84] batman_adv: batadv0: Removing interface: batadv_slave_0
[  372.173602][   T84] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  372.193662][   T84] batman_adv: batadv0: Removing interface: batadv_slave_1
[  372.906625][ T1311] ieee802154 phy0 wpan0: encryption failed: -22
[  373.147390][ T1311] ieee802154 phy1 wpan1: encryption failed: -22
[  373.467988][   T84] veth1_macvtap: left promiscuous mode
[  373.487212][   T84] veth0_macvtap: left promiscuous mode
[  373.501925][   T84] veth1_vlan: left promiscuous mode
[  373.517178][   T84] veth0_vlan: left promiscuous mode
[  376.504627][   T84] team0 (unregistering): Port device team_slave_1 removed
[  376.571913][   T84] team0 (unregistering): Port device team_slave_0 removed
[  377.274140][ T8661] bridge0: port 2(bridge_slave_1) entered blocking state
[  377.298781][ T8661] bridge0: port 2(bridge_slave_1) entered disabled state
[  377.322339][ T8661] bridge_slave_1: entered allmulticast mode
[  377.355698][ T8661] bridge_slave_1: entered promiscuous mode
[  377.383650][ T8832] batman_adv: batadv0: Adding interface: gretap1
[  377.390853][ T8832] batman_adv: batadv0: The MTU of interface gretap1 is too small (1382) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  377.417075][ T8832] batman_adv: batadv0: Interface activated: gretap1
[  377.733228][ T8866] mac80211_hwsim hwsim17 syzkaller0: entered promiscuous mode
[  377.741594][ T8866] mac80211_hwsim hwsim17 syzkaller0: entered allmulticast mode
[  377.880265][ T8661] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  377.934764][ T8661] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  378.073719][ T8661] team0: Port device team_slave_0 added
[  378.085880][ T8889] MPI: mpi too large (107144 bits)
[  378.119447][ T8891] netlink: 28 bytes leftover after parsing attributes in process `syz.2.581'.
[  378.300932][ T8661] team0: Port device team_slave_1 added
[  378.396407][   T30] audit: type=1326 audit(1782086653.221:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8884 comm="syz.1.580" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb2abb9ce59 code=0x0
[  379.142012][ T8661] batman_adv: batadv0: Adding interface: batadv_slave_0
[  379.156939][ T8661] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  379.216962][ T8661] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  379.366018][ T8661] batman_adv: batadv0: Adding interface: batadv_slave_1
[  379.373007][ T8661] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  379.452044][ T8661] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  379.607689][ T8908] netlink: 28 bytes leftover after parsing attributes in process `syz.1.597'.
[  379.639909][ T5627] Bluetooth: hci0: Malformed LE Event: 0x0d
[  379.823671][ T8661] hsr_slave_0: entered promiscuous mode
[  379.830424][ T8661] hsr_slave_1: entered promiscuous mode
[  381.163680][ T8919] loop4: detected capacity change from 0 to 512
[  381.225054][ T8919] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  381.477580][ T8919] ext4 filesystem being mounted at /109/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  382.783166][ T8931] netlink: 8 bytes leftover after parsing attributes in process `syz.4.588'.
[  382.984034][ T5623] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  384.802823][ T8951] batman_adv: batadv0: Adding interface: gretap1
[  384.810279][ T8951] batman_adv: batadv0: The MTU of interface gretap1 is too small (1382) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  384.835788][ T8951] batman_adv: batadv0: Interface activated: gretap1
[  385.914631][ T8964] netlink: 476 bytes leftover after parsing attributes in process `syz.1.607'.
[  386.142999][ T8661] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  386.169294][ T8661] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  386.195616][ T8661] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  386.223549][ T8661] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  386.252758][ T8661] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  386.293720][ T8661] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  386.339215][ T8661] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  386.390929][ T8661] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  386.625781][ T8661] 8021q: adding VLAN 0 to HW filter on device bond0
[  386.682145][ T8661] 8021q: adding VLAN 0 to HW filter on device team0
[  386.743158][   T76] bridge0: port 1(bridge_slave_0) entered blocking state
[  386.750719][   T76] bridge0: port 1(bridge_slave_0) entered forwarding state
[  386.981683][ T8661] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  387.054638][ T8661] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  387.250133][ T8997] loop7: detected capacity change from 0 to 1024
[  387.302609][ T6014] bridge0: port 2(bridge_slave_1) entered blocking state
[  387.309818][ T6014] bridge0: port 2(bridge_slave_1) entered forwarding state
[  387.362989][ T8997] EXT4-fs: Ignoring removed mblk_io_submit option
[  387.477183][ T8997] EXT4-fs: inline encryption not supported
[  387.975731][ T8997] EXT4-fs (loop7): can't mount with data_err=abort, fs mounted w/o journal
[  388.152916][ T8998] lo speed is unknown, defaulting to 1000
[  388.675695][   T30] audit: type=1326 audit(1782086663.501:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8996 comm="syz.7.600" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f82a119ce59 code=0x0
[  390.295467][ T9027] MPI: mpi too large (107144 bits)
[  391.888677][ T9045] netlink: 8 bytes leftover after parsing attributes in process `syz.1.605'.
[  392.139429][ T9042] vivid-000: =================  START STATUS  =================
[  392.173464][ T9042] vivid-000: Radio HW Seek Mode: Bounded
[  392.191312][ T9042] vivid-000: Radio Programmable HW Seek: false
[  392.213629][ T9042] vivid-000: RDS Rx I/O Mode: Block I/O
[  392.238918][ T9042] vivid-000: Generate RBDS Instead of RDS: false
[  392.277875][ T9042] vivid-000: RDS Reception: true
[  392.306291][ T9042] vivid-000: RDS Program Type: 0 inactive
[  392.334637][ T9042] vivid-000: RDS PS Name:  inactive
[  392.358328][ T9042] vivid-000: RDS Radio Text:  inactive
[  392.524657][ T9042] vivid-000: RDS Traffic Announcement: false inactive
[  392.818570][ T9042] vivid-000: RDS Traffic Program: false inactive
[  393.252041][ T9042] vivid-000: RDS Music: false inactive
[  393.370516][ T9042] vivid-000: ==================  END STATUS  ==================
[  393.812346][ T8661] 8021q: adding VLAN 0 to HW filter on device batadv0
[  394.344198][ T9073] overlayfs: failed to clone upperpath
[  394.436704][ T9087] lo speed is unknown, defaulting to 1000
[  395.532242][ T9091] batman_adv: batadv0: Adding interface: gretap1
[  395.538732][ T9091] batman_adv: batadv0: The MTU of interface gretap1 is too small (1382) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  395.564407][ T9091] batman_adv: batadv0: Interface activated: gretap1
[  396.581612][ T8661] veth0_vlan: entered promiscuous mode
[  396.646631][ T8661] veth1_vlan: entered promiscuous mode
[  396.763565][ T8661] veth0_macvtap: entered promiscuous mode
[  396.801062][ T8661] veth1_macvtap: entered promiscuous mode
[  396.900386][ T8661] batman_adv: batadv0: Interface activated: batadv_slave_0
[  397.171969][ T8661] batman_adv: batadv0: Interface activated: batadv_slave_1
[  398.129742][ T6134] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  398.148157][ T6134] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  398.260558][ T6134] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  398.576403][ T6134] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  399.396077][ T9113] tipc: Started in network mode
[  399.464668][ T9113] tipc: Node identity 080211000001, cluster identity 4711
[  399.514598][ T9113] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  399.710545][ T9116] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  399.765089][ T9113] tipc: Resetting bearer <eth:syzkaller0>
[  399.988272][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  399.998093][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  401.124464][   T24] tipc: Node number set to 134418688
[  401.590307][ T9130] siw: device registration error -23
[  402.273354][ T6593] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  402.332912][ T6593] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  402.657135][ T9134] loop7: detected capacity change from 0 to 256
[  402.672450][ T9136] loop8: detected capacity change from 0 to 1024
[  402.703610][ T9134] exfat: Deprecated parameter 'utf8'
[  402.744243][ T9136] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  402.877908][ T9134] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0xe3908169, utbl_chksum : 0xe619d30d)
[  404.588678][ T8661] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  404.916734][ T5627] Bluetooth: unknown link type 56
[  404.922097][ T5627] Bluetooth: hci2: connection err: -111
[  405.309394][ T9160] lo speed is unknown, defaulting to 1000
[  407.027639][ T9173] batman_adv: batadv0: Adding interface: gretap1
[  407.034119][ T9173] batman_adv: batadv0: The MTU of interface gretap1 is too small (1382) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  407.059849][ T9173] batman_adv: batadv0: Interface activated: gretap1
[  410.247909][ T9182] tipc: Started in network mode
[  410.253588][ T9182] tipc: Node identity fe878f5ac878, cluster identity 4711
[  410.262160][ T9182] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  410.278051][ T9182] syzkaller0: entered promiscuous mode
[  410.284574][ T9182] syzkaller0: entered allmulticast mode
[  410.303918][ T9182] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  410.644725][ T9182] tipc: Resetting bearer <eth:syzkaller0>
[  411.040097][ T9187] loop7: detected capacity change from 0 to 32768
[  411.084661][ T9187] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.645 (9187)
[  411.105698][ T9187] BTRFS info (device loop7): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  411.116091][ T9187] BTRFS info (device loop7): using sha256 checksum algorithm
[  411.359250][ T9180] tipc: Resetting bearer <eth:syzkaller0>
[  411.407205][ T9187] BTRFS info (device loop7): enabling ssd optimizations
[  411.415273][ T9187] BTRFS info (device loop7): turning on sync discard
[  411.423186][ T9187] BTRFS info (device loop7): enabling free space tree
[  411.430966][ T9187] BTRFS info (device loop7): use zlib compression, level 3
[  411.724986][ T9180] tipc: Disabling bearer <eth:syzkaller0>
[  412.076561][   T29] tipc: Node number set to 922718042
[  412.619705][   T30] audit: type=1800 audit(1782086687.171:90): pid=9210 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.645" name="file1" dev="loop7" ino=260 res=0 errno=0
[  414.191812][ T6808] BTRFS info (device loop7): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  414.907958][ T9231] lo speed is unknown, defaulting to 1000
[  419.269279][ T9253] loop5: detected capacity change from 0 to 1024
[  419.302912][ T9253] EXT4-fs: Ignoring removed mblk_io_submit option
[  419.352830][ T5627] Bluetooth: hci6: Malformed LE Event: 0x0d
[  419.361160][ T9253] EXT4-fs: inline encryption not supported
[  419.434217][ T9253] EXT4-fs (loop5): can't mount with data_err=abort, fs mounted w/o journal
[  419.497800][ T9260] netlink: 28 bytes leftover after parsing attributes in process `syz.2.660'.
[  419.846904][   T30] audit: type=1326 audit(1782086694.671:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9252 comm="syz.5.657" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7feb9bf9ce59 code=0x0
[  426.641101][ T9332] mac80211_hwsim hwsim5 syzkaller0: left promiscuous mode
[  426.654028][ T9332] mac80211_hwsim hwsim5 syzkaller0: left allmulticast mode
[  429.419865][ T9354] lo speed is unknown, defaulting to 1000
[  430.289985][ T9362] loop8: detected capacity change from 0 to 1024
[  430.367291][ T9362] EXT4-fs: Ignoring removed mblk_io_submit option
[  430.621416][ T9362] EXT4-fs: inline encryption not supported
[  431.166243][ T9362] EXT4-fs (loop8): can't mount with data_err=abort, fs mounted w/o journal
[  432.899192][   T30] audit: type=1326 audit(1782086707.351:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9361 comm="syz.8.677" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f392c19ce59 code=0x0
[  434.298812][ T1311] ieee802154 phy0 wpan0: encryption failed: -22
[  434.308256][ T1311] ieee802154 phy1 wpan1: encryption failed: -22
[  435.446392][ T9393] lo speed is unknown, defaulting to 1000
[  435.755833][ T9396] NILFS (nullb0): couldn't find nilfs on the device
[  436.473271][ T9398] loop8: detected capacity change from 0 to 1024
[  436.514662][ T9398] EXT4-fs (loop8): ext4_check_descriptors: Checksum for group 0 failed (46272!=20869)
[  436.525413][ T9398] EXT4-fs (loop8): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  436.551785][ T9398] EXT4-fs (loop8): corrupt root inode, run e2fsck
[  436.559004][ T9398] EXT4-fs (loop8): mount failed
[  444.344751][ T9423] netlink: 4 bytes leftover after parsing attributes in process `syz.2.692'.
[  446.883812][ T9432] netlink: 28 bytes leftover after parsing attributes in process `syz.2.697'.
[  447.592193][ T9442] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  447.690690][ T9442] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  448.127341][ T4937] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  448.139358][ T4937] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  448.148473][ T4937] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  448.161414][ T4937] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  448.172332][ T4937] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  448.834100][   T86] netdevsim netdevsim5 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  448.873366][   T86] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  448.905139][   T86] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  449.001588][   T86] netdevsim netdevsim5 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  449.047563][   T86] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  449.073837][   T86] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  449.176583][   T86] netdevsim netdevsim5 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  449.202520][   T86] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  449.233352][   T86] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  449.504387][   T86] bridge_slave_1: left allmulticast mode
[  449.537107][   T86] bridge_slave_1: left promiscuous mode
[  449.557064][   T86] bridge0: port 2(bridge_slave_1) entered disabled state
[  449.596973][   T86] bridge_slave_0: left allmulticast mode
[  449.612302][   T86] bridge_slave_0: left promiscuous mode
[  449.621590][   T86] bridge0: port 1(bridge_slave_0) entered disabled state
[  450.216333][ T4937] Bluetooth: hci5: command tx timeout
[  450.219501][   T86] batman_adv: batadv0: Interface deactivated: gretap1
[  450.384826][   T86] batman_adv: batadv0: Removing interface: gretap1
[  450.430609][   T86] bond1 (unregistering): (slave geneve2): Releasing active interface
[  450.617545][   T86] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  450.636954][   T86] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  450.650794][   T86] bond0 (unregistering): Released all slaves
[  450.663256][   T86] bond1 (unregistering): Released all slaves
[  450.749912][   T86] tipc: Disabling bearer <eth:syzkaller0>
[  450.772613][   T86] tipc: Left network mode
[  450.903920][ T9444] lo speed is unknown, defaulting to 1000
[  450.953818][   T86] hsr_slave_0: left promiscuous mode
[  450.963574][   T86] hsr_slave_1: left promiscuous mode
[  450.974702][   T86] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  450.988194][   T86] batman_adv: batadv0: Removing interface: batadv_slave_0
[  450.999276][   T86] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  451.009168][   T86] batman_adv: batadv0: Removing interface: batadv_slave_1
[  451.032071][   T86] veth1_macvtap: left promiscuous mode
[  451.050825][   T86] veth0_macvtap: left promiscuous mode
[  451.057285][   T86] veth1_vlan: left promiscuous mode
[  451.063230][   T86] veth0_vlan: left promiscuous mode
[  451.480719][   T86] team0 (unregistering): Port device team_slave_1 removed
[  451.496606][   T86] team0 (unregistering): Port device team_slave_0 removed
[  451.712661][ T6589] smbdirect: ib_dev[syz0] removed
[  451.746906][ T5282] 8021q: adding VLAN 0 to HW filter on device eth13
[  452.296476][ T4937] Bluetooth: hci5: command tx timeout
[  452.388987][ T9444] bridge0: port 1(bridge_slave_0) entered blocking state
[  452.397639][ T9444] bridge0: port 1(bridge_slave_0) entered disabled state
[  452.406360][ T9444] bridge_slave_0: entered allmulticast mode
[  452.415574][ T9444] bridge_slave_0: entered promiscuous mode
[  452.425689][ T9444] bridge0: port 2(bridge_slave_1) entered blocking state
[  452.434871][ T9444] bridge0: port 2(bridge_slave_1) entered disabled state
[  452.443639][ T9444] bridge_slave_1: entered allmulticast mode
[  452.452148][ T9444] bridge_slave_1: entered promiscuous mode
[  452.496792][ T9444] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  452.510351][ T9444] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  452.580973][ T9444] team0: Port device team_slave_0 added
[  452.590477][ T9444] team0: Port device team_slave_1 added
[  452.643233][ T9444] batman_adv: batadv0: Adding interface: batadv_slave_0
[  452.653904][ T9444] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  452.687754][ T9444] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  452.702670][ T9444] batman_adv: batadv0: Adding interface: batadv_slave_1
[  452.711433][ T9444] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  452.743531][ T9444] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  452.842865][ T9444] hsr_slave_0: entered promiscuous mode
[  452.851668][ T9444] hsr_slave_1: entered promiscuous mode
[  452.859801][ T9444] debugfs: 'hsr0' already exists in 'hsr'
[  452.871670][ T9444] Cannot create hsr debugfs directory
[  452.883664][ T5282] 8021q: adding VLAN 0 to HW filter on device eth14
[  453.146180][ T9444] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  453.157727][ T9444] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  453.168382][ T9444] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  453.183375][ T9444] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  453.193708][ T9444] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  453.210674][ T9444] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  453.221121][ T9444] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  453.236124][ T9444] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  453.377365][ T9444] 8021q: adding VLAN 0 to HW filter on device bond0
[  453.414252][ T9444] 8021q: adding VLAN 0 to HW filter on device team0
[  453.437816][ T1153] bridge0: port 1(bridge_slave_0) entered blocking state
[  453.445722][ T1153] bridge0: port 1(bridge_slave_0) entered forwarding state
[  453.463318][ T1153] bridge0: port 2(bridge_slave_1) entered blocking state
[  453.471931][ T1153] bridge0: port 2(bridge_slave_1) entered forwarding state
[  453.927287][ T5282] 8021q: adding VLAN 0 to HW filter on device eth15
[  454.366268][ T4937] Bluetooth: hci5: command tx timeout
[  454.607469][ T9444] 8021q: adding VLAN 0 to HW filter on device batadv0
[  455.120507][ T5282] 8021q: adding VLAN 0 to HW filter on device eth16
[  455.210818][ T9444] veth0_vlan: entered promiscuous mode
[  455.233467][ T9444] veth1_vlan: entered promiscuous mode
[  455.301750][ T9444] veth0_macvtap: entered promiscuous mode
[  455.315670][ T9444] veth1_macvtap: entered promiscuous mode
[  455.354310][ T9444] batman_adv: batadv0: Interface activated: batadv_slave_0
[  455.381305][ T9444] batman_adv: batadv0: Interface activated: batadv_slave_1
[  455.404193][ T3314] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  455.418773][ T3314] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  455.434632][ T3314] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  455.447776][ T3314] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  455.575579][ T1153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  455.588748][ T1153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  455.637147][ T1153] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  455.647259][ T1153] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  456.898122][ T4937] Bluetooth: hci5: command tx timeout
[  457.176759][ T9574] loop8: detected capacity change from 0 to 256
[  457.198267][ T9574] exfat: Unknown parameter '18446744073709551615)±sZ-‘ýê9HižTHK½ïs€ª�ã^¸¤®ü½ˆÚù6
[  457.198267][ T9574] ‚¥°I›¾ñ…Y2hø�ê�HH9Ÿˆ¼Ø!¬¬:ïz-kL‘ü OÏ­LPct͘…C.÷
ËéØ6Ì_.O‚BÒ‚ÃQ“C¸Ø|ª'
[  458.318236][ T9577] loop9: detected capacity change from 0 to 1024
[  458.661367][ T9577] EXT4-fs: Ignoring removed mblk_io_submit option
[  458.809174][ T9584] NILFS (nullb0): couldn't find nilfs on the device
[  459.842067][ T9586] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  459.963956][ T9577] EXT4-fs: inline encryption not supported
[  460.246236][ T9577] EXT4-fs (loop9): can't mount with data_err=abort, fs mounted w/o journal
[  462.108423][   T30] audit: type=1326 audit(1782086736.131:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9576 comm="syz.9.700" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6a8739ce59 code=0x0
[  467.059475][ T9617] netlink: 28 bytes leftover after parsing attributes in process `syz.8.707'.
[  472.021836][ T9672] netlink: 4 bytes leftover after parsing attributes in process `syz.4.720'.
[  477.897659][ T5627] Bluetooth: hci6: command 0x0406 tx timeout
[  480.532411][ T5627] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  480.962071][ T5627] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  480.975036][ T5627] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  480.985646][ T5627] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  480.996688][ T5627] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  483.096123][ T5627] Bluetooth: hci2: command tx timeout
[  483.886052][ T9704] lo speed is unknown, defaulting to 1000
[  484.014353][ T9704] lo speed is unknown, defaulting to 1000
[  484.021202][ T9704] lo speed is unknown, defaulting to 1000
[  484.028114][ T9704] smbdirect: ib_dev[syz0]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000
[  484.043675][ T9704] smbdirect: ib_dev[syz0]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6
[  484.062541][ T9704] smbdirect: ib_dev[syz0]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008
[  484.085118][ T9704] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  484.124184][ T9704] lo speed is unknown, defaulting to 1000
[  484.133198][ T9704] lo speed is unknown, defaulting to 1000
[  484.142002][ T9704] lo speed is unknown, defaulting to 1000
[  484.181132][ T9704] lo speed is unknown, defaulting to 1000
[  484.188724][ T9704] lo speed is unknown, defaulting to 1000
[  484.197225][ T9704] lo speed is unknown, defaulting to 1000
[  484.300451][   T36] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  484.474055][   T36] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  484.578958][   T36] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  484.694895][   T36] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  484.999386][   T36] bridge_slave_1: left allmulticast mode
[  485.027008][   T36] bridge_slave_1: left promiscuous mode
[  485.042898][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  485.053822][   T36] bridge_slave_0: left allmulticast mode
[  485.061158][   T36] bridge_slave_0: left promiscuous mode
[  485.068603][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  485.091335][   T36] batman_adv: batadv0: Interface deactivated: gretap1
[  485.166466][ T5627] Bluetooth: hci2: command tx timeout
[  485.231445][   T36] batman_adv: batadv0: Removing interface: gretap1
[  485.282704][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  485.296724][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  485.318485][   T36] bond0 (unregistering): Released all slaves
[  485.371507][ T9705] lo speed is unknown, defaulting to 1000
[  485.394151][   T36] tipc: Left network mode
[  485.611146][   T36] hsr_slave_0: left promiscuous mode
[  485.621169][   T36] hsr_slave_1: left promiscuous mode
[  485.629306][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  485.640434][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  485.650280][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  485.659510][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  485.674558][   T36] veth1_macvtap: left promiscuous mode
[  485.682113][   T36] veth0_macvtap: left promiscuous mode
[  485.690841][   T36] veth1_vlan: left promiscuous mode
[  485.699680][   T36] veth0_vlan: left promiscuous mode
[  486.137148][   T36] team0 (unregistering): Port device team_slave_1 removed
[  486.173033][   T36] team0 (unregistering): Port device team_slave_0 removed
[  486.711496][ T9705] bridge0: port 1(bridge_slave_0) entered blocking state
[  486.720211][ T9705] bridge0: port 1(bridge_slave_0) entered disabled state
[  486.729221][ T9705] bridge_slave_0: entered allmulticast mode
[  486.737813][ T9705] bridge_slave_0: entered promiscuous mode
[  486.747885][ T9705] bridge0: port 2(bridge_slave_1) entered blocking state
[  486.757383][ T9705] bridge0: port 2(bridge_slave_1) entered disabled state
[  486.773130][ T9705] bridge_slave_1: entered allmulticast mode
[  486.781676][ T9705] bridge_slave_1: entered promiscuous mode
[  486.819871][ T9705] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  486.833901][ T9705] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  486.873274][ T9705] team0: Port device team_slave_0 added
[  486.888050][ T9705] team0: Port device team_slave_1 added
[  486.917453][ T9705] batman_adv: batadv0: Adding interface: batadv_slave_0
[  486.925926][ T9705] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  486.958786][ T9705] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  486.974469][ T9705] batman_adv: batadv0: Adding interface: batadv_slave_1
[  486.984115][ T9705] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  487.017448][ T9705] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  487.088966][ T9705] hsr_slave_0: entered promiscuous mode
[  487.096591][ T9705] hsr_slave_1: entered promiscuous mode
[  487.105834][ T9705] debugfs: 'hsr0' already exists in 'hsr'
[  487.113009][ T9705] Cannot create hsr debugfs directory
[  487.247235][ T5627] Bluetooth: hci2: command tx timeout
[  487.740040][ T9705] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  487.754342][ T9705] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  487.766222][ T9705] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  487.778996][ T9705] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  487.790790][ T9705] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  487.802994][ T9705] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  487.813369][ T9705] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  487.824612][ T9705] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  487.999445][ T9705] 8021q: adding VLAN 0 to HW filter on device bond0
[  488.027769][ T9705] 8021q: adding VLAN 0 to HW filter on device team0
[  488.042940][ T9316] bridge0: port 1(bridge_slave_0) entered blocking state
[  488.051640][ T9316] bridge0: port 1(bridge_slave_0) entered forwarding state
[  488.074229][ T9316] bridge0: port 2(bridge_slave_1) entered blocking state
[  488.082847][ T9316] bridge0: port 2(bridge_slave_1) entered forwarding state
[  488.403915][ T5282] 8021q: adding VLAN 0 to HW filter on device eth17
[  489.059718][ T9705] 8021q: adding VLAN 0 to HW filter on device batadv0
[  489.163196][ T9705] veth0_vlan: entered promiscuous mode
[  489.187943][ T9705] veth1_vlan: entered promiscuous mode
[  489.256656][ T9705] veth0_macvtap: entered promiscuous mode
[  489.280123][ T9705] veth1_macvtap: entered promiscuous mode
[  489.311746][ T9705] batman_adv: batadv0: Interface activated: batadv_slave_0
[  489.326391][ T5627] Bluetooth: hci2: command tx timeout
[  489.335568][ T9705] batman_adv: batadv0: Interface activated: batadv_slave_1
[  489.382731][ T1110] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  489.404383][ T1110] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  489.429916][ T1110] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  489.452263][ T1110] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  489.499688][ T5282] 8021q: adding VLAN 0 to HW filter on device eth18
[  489.537425][ T1110] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  489.549715][ T1110] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  489.601582][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  489.611805][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  490.419307][ T9832] trusted_key: encrypted_key: key trusted:syz not found
[  493.645720][   T30] audit: type=1326 audit(1782086768.261:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9839 comm="syz.0.727" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f75cb59ce59 code=0x0
[  495.823401][ T1311] ieee802154 phy0 wpan0: encryption failed: -22
[  496.468297][ T1311] ieee802154 phy1 wpan1: encryption failed: -22
[  503.546507][ T5282] 8021q: adding VLAN 0 to HW filter on device eth19
[  508.281100][ T9890] netlink: 4 bytes leftover after parsing attributes in process `syz.8.738'.
[  509.160192][ T9620] IPVS: starting estimator thread 0...
[  509.266139][ T9895] IPVS: using max 32 ests per chain, 76800 per kthread
[  510.649969][ T9897] netlink: 28 bytes leftover after parsing attributes in process `syz.9.746'.
[  511.358672][ T9902] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  511.433122][ T9902] sch_tbf: burst 255 is lower than device syzkaller0 mtu (313) !
[  511.553487][ T9897] tipc: Resetting bearer <eth:syzkaller0>
[  511.724762][ T9897] tipc: Resetting bearer <eth:syzkaller0>
[  512.742601][ T9924] netlink: 28 bytes leftover after parsing attributes in process `syz.7.763'.
[  512.838474][ T9924] mac80211_hwsim hwsim17 syzkaller0: left promiscuous mode
[  512.879972][ T9924] mac80211_hwsim hwsim17 syzkaller0: left allmulticast mode
[  516.859751][ T5282] 8021q: adding VLAN 0 to HW filter on device eth20
[  517.966518][ T9968] netlink: 'syz.9.759': attribute type 21 has an invalid length.
[  517.978586][ T9968] netlink: 132 bytes leftover after parsing attributes in process `syz.9.759'.
[  517.990853][ T9968] netlink: 28 bytes leftover after parsing attributes in process `syz.9.759'.
[  520.721651][ T9987] netlink: 4 bytes leftover after parsing attributes in process `syz.9.762'.
[  525.648529][T10020] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  525.923473][T10025] Bluetooth: MGMT ver 1.23
[  527.588634][T10034] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  528.310959][T10043] loop9: detected capacity change from 0 to 32768
[  528.428869][T10043] XFS (loop9): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  528.715951][T10043] XFS (loop9): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  528.794843][T10043] XFS (loop9): Starting recovery (logdev: internal)
[  528.849736][T10043] XFS (loop9): Ending recovery (logdev: internal)
[  528.880771][T10041] XFS (loop9): Metadata corruption detected at xfs_inobt_verify+0xa1/0x230, xfs_finobt block 0x8 
[  528.895271][T10041] XFS (loop9): Unmount and run xfs_repair
[  528.903137][T10041] XFS (loop9): First 128 bytes of corrupted metadata buffer:
[  528.912923][T10041] 00000000: 41 42 33 42 00 00 00 02 ff ff ff ff ff ff ff ff  AB3B............
[  528.924712][T10041] 00000010: 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00 10  ................
[  528.936630][T10041] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb  ...^T.Lr......N.
[  528.948575][T10041] 00000030: 00 00 00 00 c8 fc 31 e4 00 00 04 4e 00 00 00 02  ......1....N....
[  528.960306][T10041] 00000040: 00 00 04 60 00 00 0b a0 00 00 00 00 00 00 00 00  ...`............
[  528.972250][T10041] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  528.984194][T10041] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  528.996037][T10041] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  529.007889][T10041] XFS (loop9): metadata I/O error in "xfs_btree_read_buf_block+0x24e/0x520" at daddr 0x8 len 8 error 117
[  529.184375][ T9444] XFS (loop9): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  529.240834][ T9444] XFS (loop9): Uncorrected metadata errors detected; please run xfs_repair.
[  529.524094][T10058] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  529.787348][T10058] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  529.801824][T10058] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  529.815545][T10058] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  530.496173][T10058] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  531.537122][T10074] loop9: detected capacity change from 0 to 64
[  531.570673][ T5627] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  531.581919][ T5627] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  531.592178][ T5627] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  531.602550][ T5627] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  531.613005][ T5627] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  532.013066][   T30] audit: type=1800 audit(1782086806.831:95): pid=10074 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.782" name="file1" dev="loop9" ino=21 res=0 errno=0
[  532.709382][ T5627] Bluetooth: hci1: command tx timeout
[  533.737599][ T5627] Bluetooth: hci7: command tx timeout
[  533.778308][ T6014] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  533.988707][ T6014] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  534.148678][ T6014] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  534.345797][ T6014] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  534.741204][ T6014] bridge_slave_1: left allmulticast mode
[  534.754743][ T6014] bridge_slave_1: left promiscuous mode
[  534.767284][ T6014] bridge0: port 2(bridge_slave_1) entered disabled state
[  534.779139][ T5627] Bluetooth: hci1: command tx timeout
[  534.791121][ T6014] bridge_slave_0: left allmulticast mode
[  534.799631][ T6014] bridge_slave_0: left promiscuous mode
[  534.805418][ T6014] bridge0: port 1(bridge_slave_0) entered disabled state
[  534.822194][ T6014] batman_adv: batadv0: Interface deactivated: gretap1
[  534.943444][ T6014] batman_adv: batadv0: Removing interface: gretap1
[  534.996142][ T6014] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  535.011146][ T6014] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  535.035249][ T6014] bond0 (unregistering): Released all slaves
[  535.054251][T10071] lo speed is unknown, defaulting to 1000
[  535.120692][ T6014] tipc: Disabling bearer <eth:syzkaller0>
[  535.133529][ T6014] tipc: Left network mode
[  535.143911][T10056] lo speed is unknown, defaulting to 1000
[  535.324608][ T6014] hsr_slave_0: left promiscuous mode
[  535.347283][ T6014] hsr_slave_1: left promiscuous mode
[  535.366789][ T6014] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  535.393714][ T6014] batman_adv: batadv0: Removing interface: batadv_slave_0
[  535.408502][ T6014] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  535.421817][ T6014] batman_adv: batadv0: Removing interface: batadv_slave_1
[  535.437072][ T6014] veth1_macvtap: left promiscuous mode
[  535.448275][ T6014] veth0_macvtap: left promiscuous mode
[  535.458553][ T6014] veth1_vlan: left promiscuous mode
[  535.466864][ T6014] veth0_vlan: left promiscuous mode
[  535.592931][ T6014] team0 (unregistering): Port device team_slave_1 removed
[  535.609635][ T6014] team0 (unregistering): Port device team_slave_0 removed
[  535.684676][   T84] smbdirect: ib_dev[syz0] removed
[  535.805979][ T5627] Bluetooth: hci7: command tx timeout
[  535.854125][T10071] bridge0: port 1(bridge_slave_0) entered blocking state
[  535.861421][T10071] bridge0: port 1(bridge_slave_0) entered disabled state
[  535.869031][T10071] bridge_slave_0: entered allmulticast mode
[  535.876252][T10071] bridge_slave_0: entered promiscuous mode
[  535.885038][T10071] bridge0: port 2(bridge_slave_1) entered blocking state
[  535.896097][T10071] bridge0: port 2(bridge_slave_1) entered disabled state
[  535.915395][T10071] bridge_slave_1: entered allmulticast mode
[  535.922881][T10071] bridge_slave_1: entered promiscuous mode
[  535.975949][T10071] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  536.005714][T10071] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  536.073678][T10071] team0: Port device team_slave_0 added
[  536.133611][T10071] team0: Port device team_slave_1 added
[  536.188974][T10056] bridge0: port 1(bridge_slave_0) entered blocking state
[  536.200779][T10056] bridge0: port 1(bridge_slave_0) entered disabled state
[  536.211643][T10056] bridge_slave_0: entered allmulticast mode
[  536.221507][T10056] bridge_slave_0: entered promiscuous mode
[  536.245159][T10071] batman_adv: batadv0: Adding interface: batadv_slave_0
[  536.256550][T10071] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  536.291599][T10071] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  536.308362][T10056] bridge0: port 2(bridge_slave_1) entered blocking state
[  536.319415][T10056] bridge0: port 2(bridge_slave_1) entered disabled state
[  536.326658][T10056] bridge_slave_1: entered allmulticast mode
[  536.338823][T10056] bridge_slave_1: entered promiscuous mode
[  536.350437][T10071] batman_adv: batadv0: Adding interface: batadv_slave_1
[  536.360413][T10071] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  536.395391][T10071] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  536.413472][ T6014] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  536.465510][T10056] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  536.507788][T10071] hsr_slave_0: entered promiscuous mode
[  536.518783][T10071] hsr_slave_1: entered promiscuous mode
[  536.524918][T10071] debugfs: 'hsr0' already exists in 'hsr'
[  536.535324][T10071] Cannot create hsr debugfs directory
[  536.549418][T10056] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  536.566850][ T6014] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  536.631541][T10056] team0: Port device team_slave_0 added
[  536.669283][T10056] team0: Port device team_slave_1 added
[  536.682860][ T6014] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  536.746519][T10056] batman_adv: batadv0: Adding interface: batadv_slave_0
[  536.758223][T10056] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  536.794888][T10056] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  536.812655][T10056] batman_adv: batadv0: Adding interface: batadv_slave_1
[  536.823239][T10056] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  536.858225][ T5627] Bluetooth: hci1: command tx timeout
[  536.863967][T10056] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  536.918461][ T6014] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  537.033647][T10056] hsr_slave_0: entered promiscuous mode
[  537.050548][T10056] hsr_slave_1: entered promiscuous mode
[  537.061860][T10056] debugfs: 'hsr0' already exists in 'hsr'
[  537.067725][T10056] Cannot create hsr debugfs directory
[  537.157822][ T6014] bridge_slave_1: left allmulticast mode
[  537.170088][ T6014] bridge_slave_1: left promiscuous mode
[  537.175819][ T6014] bridge0: port 2(bridge_slave_1) entered disabled state
[  537.191580][ T6014] bridge_slave_0: left allmulticast mode
[  537.200125][ T6014] bridge_slave_0: left promiscuous mode
[  537.205875][ T6014] bridge0: port 1(bridge_slave_0) entered disabled state
[  537.285946][ T6014] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  537.301740][ T6014] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  537.312257][ T6014] bond0 (unregistering): Released all slaves
[  537.567889][ T6014] hsr_slave_0: left promiscuous mode
[  537.573966][ T6014] hsr_slave_1: left promiscuous mode
[  537.584673][ T6014] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  537.592094][ T6014] batman_adv: batadv0: Removing interface: batadv_slave_0
[  537.607180][ T6014] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  537.618094][ T6014] batman_adv: batadv0: Removing interface: batadv_slave_1
[  537.632808][ T6014] veth1_macvtap: left promiscuous mode
[  537.638352][ T6014] veth0_macvtap: left promiscuous mode
[  537.649631][ T6014] veth1_vlan: left promiscuous mode
[  537.654954][ T6014] veth0_vlan: left promiscuous mode
[  537.856502][ T6014] team0 (unregistering): Port device team_slave_1 removed
[  537.887862][ T6014] team0 (unregistering): Port device team_slave_0 removed
[  537.900340][ T5627] Bluetooth: hci7: command tx timeout
[  538.549505][T10071] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  538.563768][T10071] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  538.572397][T10071] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  538.581342][T10071] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  538.602202][T10071] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  538.613891][T10071] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  538.622082][T10071] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  538.631851][T10071] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  538.731395][T10071] 8021q: adding VLAN 0 to HW filter on device bond0
[  538.750185][T10071] 8021q: adding VLAN 0 to HW filter on device team0
[  538.765004][ T9660] bridge0: port 1(bridge_slave_0) entered blocking state
[  538.776256][ T9660] bridge0: port 1(bridge_slave_0) entered forwarding state
[  538.802137][ T9315] bridge0: port 2(bridge_slave_1) entered blocking state
[  538.809301][ T9315] bridge0: port 2(bridge_slave_1) entered forwarding state
[  538.932357][ T5627] Bluetooth: hci1: command tx timeout
[  538.943542][T10056] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  538.961411][T10056] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  538.984957][T10056] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  539.011131][T10056] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  539.025590][T10056] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  539.035483][T10056] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  539.050852][T10056] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  539.061405][T10056] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  539.219830][T10056] 8021q: adding VLAN 0 to HW filter on device bond0
[  539.241116][T10056] 8021q: adding VLAN 0 to HW filter on device team0
[  539.258607][ T6014] bridge0: port 1(bridge_slave_0) entered blocking state
[  539.265737][ T6014] bridge0: port 1(bridge_slave_0) entered forwarding state
[  539.292371][ T6014] bridge0: port 2(bridge_slave_1) entered blocking state
[  539.299509][ T6014] bridge0: port 2(bridge_slave_1) entered forwarding state
[  539.689453][T10071] 8021q: adding VLAN 0 to HW filter on device batadv0
[  539.975631][ T5627] Bluetooth: hci7: command tx timeout
[  540.064393][T10056] 8021q: adding VLAN 0 to HW filter on device batadv0
[  540.143761][T10056] veth0_vlan: entered promiscuous mode
[  540.180392][T10056] veth1_vlan: entered promiscuous mode
[  540.194820][T10071] veth0_vlan: entered promiscuous mode
[  540.229086][T10071] veth1_vlan: entered promiscuous mode
[  540.250354][T10056] veth0_macvtap: entered promiscuous mode
[  540.265075][T10056] veth1_macvtap: entered promiscuous mode
[  540.291266][T10056] batman_adv: batadv0: Interface activated: batadv_slave_0
[  540.315391][T10071] veth0_macvtap: entered promiscuous mode
[  540.328086][T10056] batman_adv: batadv0: Interface activated: batadv_slave_1
[  540.343575][T10071] veth1_macvtap: entered promiscuous mode
[  540.355880][ T9315] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  540.365664][ T9315] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  540.396550][ T9315] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  540.408402][ T9315] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  540.427949][T10071] batman_adv: batadv0: Interface activated: batadv_slave_0
[  540.458864][T10071] batman_adv: batadv0: Interface activated: batadv_slave_1
[  540.486299][ T9660] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  540.514791][ T9660] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  540.527305][ T6014] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  540.538659][ T6014] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  540.563290][ T6014] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  540.576954][ T6014] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  540.621310][ T6014] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  540.635407][ T6014] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  540.693791][ T9660] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  540.728700][ T9660] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  540.815349][ T6014] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  540.967343][ T6014] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  541.245650][T10309] program syz.4.796 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  542.843293][T10344] netlink: 28 bytes leftover after parsing attributes in process `syz.4.785'.
[  543.014619][T10344] mac80211_hwsim hwsim8 syzkaller0: left promiscuous mode
[  543.129740][T10344] mac80211_hwsim hwsim8 syzkaller0: left allmulticast mode
[  543.278215][T10351] netlink: 4 bytes leftover after parsing attributes in process `syz.3.784'.
[  543.767490][T10347] tipc: Resetting bearer <eth:syzkaller0>
[  543.991281][T10357] netlink: 28 bytes leftover after parsing attributes in process `syz.6.786'.
[  545.435707][ T5282] 8021q: adding VLAN 0 to HW filter on device eth1
[  545.447003][T10364] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  547.213846][T10396] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check.
[  547.735991][T10392] loop6: detected capacity change from 0 to 2048
[  547.760377][T10392] NILFS (loop6): broken superblock, retrying with spare superblock (blocksize = 1024)
[  547.809399][T10392] NILFS (loop6): mounting unchecked fs
[  547.835911][T10392] NILFS (loop6): recovery complete
[  548.009162][T10408] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  548.696922][   T30] audit: type=1804 audit(1782086823.521:96): pid=10413 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.798" name="/newroot/3/file0/bus" dev="loop6" ino=18 res=1 errno=0
[  548.824467][   T30] audit: type=1800 audit(1782086823.551:97): pid=10392 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.798" name="file1" dev="loop6" ino=15 res=0 errno=0
[  549.045469][T10421] netlink: 436 bytes leftover after parsing attributes in process `syz.9.805'.
[  549.055067][T10421] netlink: 16 bytes leftover after parsing attributes in process `syz.9.805'.
[  550.279320][T10425] netlink: 28 bytes leftover after parsing attributes in process `syz.2.808'.
[  550.311553][T10431] netlink: 28 bytes leftover after parsing attributes in process `syz.4.807'.
[  551.303491][T10445] ubi0: attaching mtd0
[  551.316104][T10445] ubi0: scanning is finished
[  552.177355][T10453] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  552.194833][T10453] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  552.709442][T10455] $Hÿ: renamed from bond0 (while UP)
[  553.060739][T10455] $Hÿ: entered promiscuous mode
[  553.066127][T10455] bond_slave_0: entered promiscuous mode
[  553.081042][T10455] bond_slave_1: entered promiscuous mode
[  553.117250][T10445] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4
[  555.029722][ T5627] Bluetooth: unknown link type 56
[  555.034886][ T5627] Bluetooth: hci5: connection err: -111
[  555.725335][ T5282] 8021q: adding VLAN 0 to HW filter on device eth3
[  557.650561][ T1311] ieee802154 phy0 wpan0: encryption failed: -22
[  557.658484][ T1311] ieee802154 phy1 wpan1: encryption failed: -22
[  558.190558][T10497] netlink: 28 bytes leftover after parsing attributes in process `syz.4.827'.
[  558.216871][T10496] netlink: 28 bytes leftover after parsing attributes in process `syz.6.826'.
[  558.380960][T10504] netlink: 4 bytes leftover after parsing attributes in process `syz.2.830'.
[  558.949224][ T5772] IPVS: starting estimator thread 0...
[  559.068928][T10517] IPVS: using max 13 ests per chain, 31200 per kthread
[  560.826127][T10504] macvtap1: entered promiscuous mode
[  560.836256][T10504] team0: entered promiscuous mode
[  560.847676][T10504] team_slave_0: entered promiscuous mode
[  560.853814][T10504] team_slave_1: entered promiscuous mode
[  560.868251][T10504] macvtap1: entered allmulticast mode
[  560.880453][T10504] team0: entered allmulticast mode
[  560.891351][T10504] team_slave_0: entered allmulticast mode
[  560.897176][T10504] team_slave_1: entered allmulticast mode
[  560.945567][T10504] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  561.117598][ T5282] 8021q: adding VLAN 0 to HW filter on device eth2
[  562.916468][T10561] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  563.499658][T10564] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  563.509360][T10564] block device autoloading is deprecated and will be removed.
[  566.153118][T10585] netlink: 28 bytes leftover after parsing attributes in process `syz.9.846'.
[  568.434114][T10613] netlink: 28 bytes leftover after parsing attributes in process `syz.9.850'.
[  573.055340][ T5627] Bluetooth: unknown link type 56
[  573.060445][ T5627] Bluetooth: hci3: connection err: -111
[  573.090328][T10654] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  573.728068][ T5282] 8021q: adding VLAN 0 to HW filter on device eth4
[  574.834367][T10681] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  574.933984][ T5627] Bluetooth: hci5: command 0x0406 tx timeout
[  575.846075][ T9544] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  576.239539][ T9544] usb 10-1: config 213 has an invalid interface number: 3 but max is 0
[  576.259983][T10692] random: crng reseeded on system resumption
[  576.283088][ T9544] usb 10-1: config 213 has no interface number 0
[  576.303382][ T9544] usb 10-1: config 213 interface 3 altsetting 216 endpoint 0xE has invalid maxpacket 1024, setting to 64
[  576.330845][ T9544] usb 10-1: config 213 interface 3 altsetting 216 endpoint 0x8 has invalid maxpacket 1024, setting to 64
[  576.361521][ T9544] usb 10-1: config 213 interface 3 altsetting 216 bulk endpoint 0xA has invalid maxpacket 32
[  576.402578][ T9544] usb 10-1: config 213 interface 3 altsetting 216 has a duplicate endpoint with address 0x8, skipping
[  576.414030][ T9544] usb 10-1: config 213 interface 3 altsetting 216 endpoint 0x5 has invalid maxpacket 1023, setting to 64
[  576.426528][ T9544] usb 10-1: config 213 interface 3 altsetting 216 endpoint 0x4 has an invalid bInterval 0, changing to 7
[  576.465071][ T9544] usb 10-1: config 213 interface 3 has no altsetting 0
[  576.481229][ T9544] usb 10-1: New USB device found, idVendor=19d2, idProduct=0133, bcdDevice=21.e2
[  576.495683][ T9544] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  577.483086][ T9544] usb 10-1: Product: syz
[  577.522843][ T9544] usb 10-1: Manufacturer: syz
[  577.546918][ T9544] usb 10-1: SerialNumber: syz
[  577.593635][ T9544] usb 10-1: can't set config #213, error -71
[  577.623151][ T9544] usb 10-1: USB disconnect, device number 2
[  577.783436][T10715] netlink: 28 bytes leftover after parsing attributes in process `syz.9.877'.
[  577.882956][T10713] netlink: 'syz.3.876': attribute type 1 has an invalid length.
[  577.952889][T10713] netlink: 28 bytes leftover after parsing attributes in process `syz.3.876'.
[  577.981288][T10713] netdevsim netdevsim3 netdevsim2: entered allmulticast mode
[  580.085422][T10736] loop9: detected capacity change from 0 to 32768
[  580.107549][T10736] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop9 (7:9) scanned by syz.9.881 (10736)
[  580.151710][T10748] fuse: fd is not a fuse device
[  580.184559][ T5282] 8021q: adding VLAN 0 to HW filter on device eth21
[  580.197538][T10736] BTRFS info (device loop9): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  580.426071][T10736] BTRFS info (device loop9): using sha256 checksum algorithm
[  580.497451][T10738] mac80211_hwsim hwsim21 syzkaller0: entered promiscuous mode
[  580.516803][T10738] mac80211_hwsim hwsim21 syzkaller0: entered allmulticast mode
[  580.550092][T10741] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  580.891671][T10736] BTRFS info (device loop9): enabling ssd optimizations
[  580.898668][T10736] BTRFS info (device loop9): turning on sync discard
[  580.937314][T10736] BTRFS info (device loop9): enabling free space tree
[  581.711637][T10736] BTRFS info (device loop9): use zlib compression, level 3
[  582.426776][T10790] netlink: 4 bytes leftover after parsing attributes in process `syz.8.889'.
[  582.821406][ T9444] BTRFS info (device loop9): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  582.904903][T10796] syzkaller0: entered promiscuous mode
[  582.934542][T10796] syzkaller0: entered allmulticast mode
[  583.044624][T10796] tipc: Started in network mode
[  583.127456][T10796] tipc: Node identity 524990e9f0ec, cluster identity 4711
[  583.480983][T10796] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  583.589553][T10793] tipc: Resetting bearer <eth:syzkaller0>
[  583.706142][ T5786] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  583.724263][T10793] tipc: Disabling bearer <eth:syzkaller0>
[  583.758340][T10058] Bluetooth: hci6: unexpected event for opcode 0x0c58
[  583.910708][ T5786] usb 5-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  583.935454][ T5786] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  583.960449][ T5786] usb 5-1: Product: syz
[  583.983820][ T5282] 8021q: adding VLAN 0 to HW filter on device eth22
[  583.996119][ T5786] usb 5-1: Manufacturer: syz
[  584.031369][ T5786] usb 5-1: SerialNumber: syz
[  584.754378][T10823] netlink: 28 bytes leftover after parsing attributes in process `syz.9.893'.
[  584.775522][T10831] netlink: 28 bytes leftover after parsing attributes in process `syz.8.900'.
[  584.804659][T10831] mac80211_hwsim hwsim21 syzkaller0: left promiscuous mode
[  585.011012][T10831] mac80211_hwsim hwsim21 syzkaller0: left allmulticast mode
[  585.347737][ T5786] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[  585.368330][ T5786] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -32
[  585.378942][ T5786] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  585.469110][ T5786] lan78xx 5-1:1.0: probe with driver lan78xx failed with error -32
[  586.004074][ T5786] usb 5-1: USB disconnect, device number 4
[  587.227913][T10858] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  589.083871][T10867] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  589.317998][T10866] tipc: Disabling bearer <eth:syzkaller0>
[  590.535636][T10890] netlink: 28 bytes leftover after parsing attributes in process `syz.9.912'.
[  591.598777][T10901] netlink: 28 bytes leftover after parsing attributes in process `syz.3.915'.
[  592.132111][T10913] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[  592.548606][T10922] netlink: 28 bytes leftover after parsing attributes in process `syz.2.921'.
[  600.090504][T10985] xt_hashlimit: size too large, truncated to 1048576
[  601.049463][T10991] netlink: 28 bytes leftover after parsing attributes in process `syz.2.934'.
[  602.444459][T11003] netlink: 28 bytes leftover after parsing attributes in process `syz.6.940'.
[  602.682722][T11010] netlink: 28 bytes leftover after parsing attributes in process `syz.8.939'.
[  603.946586][T11031] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  604.561118][T11028] netlink: 28 bytes leftover after parsing attributes in process `syz.4.947'.
[  604.606034][T11040] random: crng reseeded on system resumption
[  606.814061][T11058] netlink: 28 bytes leftover after parsing attributes in process `syz.8.964'.
[  608.371292][T11073] program syz.9.956 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  609.015505][T11076] netlink: 28 bytes leftover after parsing attributes in process `syz.6.958'.
[  610.821425][T11088] netlink: 28 bytes leftover after parsing attributes in process `syz.2.953'.
[  611.903517][T11104] netlink: 28 bytes leftover after parsing attributes in process `syz.6.961'.
[  612.317371][T11119] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  614.098544][T11131] netlink: 28 bytes leftover after parsing attributes in process `syz.3.971'.
[  614.646560][   T30] audit: type=1326 audit(1782086889.431:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11132 comm="syz.2.972" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbe5db9ce59 code=0x0
[  615.186543][T11153] netlink: 28 bytes leftover after parsing attributes in process `syz.3.975'.
[  616.624949][T11170] netlink: 28 bytes leftover after parsing attributes in process `syz.4.979'.
[  617.372728][T11184] trusted_key: syz.8.981 sent an empty control message without MSG_MORE.
[  618.118891][ T5282] 8021q: adding VLAN 0 to HW filter on device eth12
[  618.874456][ T1311] ieee802154 phy0 wpan0: encryption failed: -22
[  618.882949][ T1311] ieee802154 phy1 wpan1: encryption failed: -22
[  620.955925][T11217] netlink: 28 bytes leftover after parsing attributes in process `syz.2.989'.
[  622.518302][T11241] IPv6: NLM_F_CREATE should be specified when creating new route
[  622.530492][T11241] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  622.537698][T11241] IPv6: NLM_F_CREATE should be set when creating new route
[  622.595573][T11237] netlink: 28 bytes leftover after parsing attributes in process `syz.2.994'.
[  626.048426][ T5282] 8021q: adding VLAN 0 to HW filter on device eth23
[  628.409995][T11289] netlink: 'syz.8.1007': attribute type 1 has an invalid length.
[  628.458351][T11294] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1009'.
[  628.552597][T11300] rdma_op ffff88807d7bb9f0 conn xmit_rdma 0000000000000000
[  629.247641][T11289] 8021q: adding VLAN 0 to HW filter on device bond1
[  629.342798][T11309] bond1: (slave dummy0): making interface the new active one
[  629.351903][T11309] bond1: (slave dummy0): Enslaving as an active interface with an up link
[  629.415098][T11302] netlink: 28 bytes leftover after parsing attributes in process `syz.8.1007'.
[  629.853236][T11302] bond1: entered allmulticast mode
[  630.480444][T11302] dummy0: entered allmulticast mode
[  630.679018][T11323] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1013'.
[  631.747361][T11341] overlayfs: failed to clone upperpath
[  632.998038][T11353] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  634.620358][T11366] fuse: fd is not a fuse device
[  635.257410][T11369] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.1023'.
[  635.272280][T11369] openvswitch: netlink: Message has 512 unknown bytes.
[  635.863720][T11373] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  636.147492][T11371] syz_tun: entered allmulticast mode
[  636.329561][T11371] netlink: 12 bytes leftover after parsing attributes in process `syz.8.1025'.
[  636.609202][T11386] binder: 11385:11386 ioctl 4018620d 0 returned -22
[  637.440688][T11392] binder: 11385:11392 ioctl c0306201 0 returned -14
[  638.906147][T11406] netlink: 28 bytes leftover after parsing attributes in process `syz.9.1031'.
[  639.203436][T11401] netlink: 'syz.6.1030': attribute type 1 has an invalid length.
[  639.552386][T11401] 8021q: adding VLAN 0 to HW filter on device bond1
[  639.651083][T11416] mac80211_hwsim hwsim23 syzkaller0: entered promiscuous mode
[  639.690928][T11416] mac80211_hwsim hwsim23 syzkaller0: entered allmulticast mode
[  639.717413][T11401] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1030'.
[  639.756572][T11401] bond1: entered allmulticast mode
[  639.805783][T11401] bond1: (slave dummy0): making interface the new active one
[  639.916780][T11401] dummy0: entered allmulticast mode
[  639.954228][T11401] bond1: (slave dummy0): Enslaving as an active interface with an up link
[  642.370406][ T9620] IPVS: starting estimator thread 0...
[  642.489092][T11445] IPVS: using max 32 ests per chain, 76800 per kthread
[  645.230164][T11468] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1049'.
[  645.388779][T11475] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1051'.
[  645.780990][T11485] overlayfs: failed to clone upperpath
[  646.867394][   T29] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  647.244688][T10058] Bluetooth: hci3: unexpected event for opcode 0x2040
[  647.744840][T11513] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  648.576897][T11513] batman_adv: batadv0: Removing interface: batadv_slave_1
[  649.757342][   T29] usb 4-1: unable to get BOS descriptor or descriptor too short
[  649.949861][   T29] usb 4-1: unable to read config index 0 descriptor/start: -71
[  649.957476][   T29] usb 4-1: can't read configurations, error -71
[  650.300883][T11543] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1067'.
[  651.209351][T11555] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1069'.
[  651.696682][T10058] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  651.705003][T10058] Bluetooth: hci3: Injecting HCI hardware error event
[  651.716642][T10058] Bluetooth: hci3: hardware error 0x00
[  654.060789][T10058] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  654.828256][T11611] tipc: Can't bind to reserved service type 1
[  657.980429][T11636] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  658.356563][T11641] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1088'.
[  659.866184][T11648] netlink: 28 bytes leftover after parsing attributes in process `syz.8.1089'.
[  660.287417][T10058] Bluetooth: hci7: command 0x0406 tx timeout
[  660.287429][ T5627] Bluetooth: hci1: command 0x0406 tx timeout
[  660.374583][ T5627] Bluetooth: hci5: hardware error 0x02
[  661.888449][T11683] loop9: detected capacity change from 0 to 128
[  661.920477][T11683] ext4: Unknown parameter 'fsmagic'
[  662.390637][T11683] loop9: detected capacity change from 0 to 4096
[  663.875023][ T5627] Bluetooth: hci5: Opcode 0x0c03 failed: -110
[  663.936941][T11683] EXT4-fs: Ignoring removed mblk_io_submit option
[  664.191182][T11683] EXT4-fs (loop9): Test dummy encryption mode enabled
[  664.680232][T11683] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  665.546325][T11724] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1107'.
[  665.682330][ T9444] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  666.699800][T11741] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1109'.
[  667.661758][   T30] audit: type=1326 audit(1782086938.376:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11742 comm="syz.9.1111" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6a8739ce59 code=0x0
[  671.272939][T11789] mac80211_hwsim hwsim27 syzkaller0: entered promiscuous mode
[  671.397790][T11789] mac80211_hwsim hwsim27 syzkaller0: entered allmulticast mode
[  672.086453][T11750] syz.4.1110 (11750): drop_caches: 2
[  672.421183][T11805] netlink: 28 bytes leftover after parsing attributes in process `syz.9.1123'.
[  672.482156][T11805] mac80211_hwsim hwsim23 syzkaller0: left promiscuous mode
[  672.489405][T11805] mac80211_hwsim hwsim23 syzkaller0: left allmulticast mode
[  673.230410][T11837] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  673.338038][T11836] mac80211_hwsim hwsim23 syzkaller0: entered promiscuous mode
[  673.497034][T11836] mac80211_hwsim hwsim23 syzkaller0: entered allmulticast mode
[  677.116248][T11872] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  677.618661][T11888] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1143'.
[  684.919291][ T1311] ieee802154 phy0 wpan0: encryption failed: -22
[  684.928113][ T1311] ieee802154 phy1 wpan1: encryption failed: -22
[  686.031875][T11884] syz.3.1142 (11884): drop_caches: 2
[  686.272357][T11970] loop9: detected capacity change from 0 to 4096
[  686.343092][T11977] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1163'.
[  687.472372][T11990] hub 8-0:1.0: USB hub found
[  687.478740][T11990] hub 8-0:1.0: 1 port detected
[  690.841005][   T30] audit: type=1326 audit(1782086960.348:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12030 comm="syz.3.1179" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2c4179ce59 code=0x0
[  691.246731][T12046] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  694.612440][T12097] loop9: detected capacity change from 0 to 1024
[  694.662223][T12097] EXT4-fs: Ignoring removed nomblk_io_submit option
[  694.721336][T12097] EXT4-fs: inline encryption not supported
[  694.786773][T12097] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  694.877828][T12097] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  694.953498][T12107] fuse: fd is not a fuse device
[  697.759446][ T9444] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  698.613828][T12131] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  703.486663][T12189] netlink: 28 bytes leftover after parsing attributes in process `syz.9.1213'.
[  704.788887][T12189] mac80211_hwsim hwsim23 syzkaller0: left promiscuous mode
[  704.890798][T12189] mac80211_hwsim hwsim23 syzkaller0: left allmulticast mode
[  707.750363][T12247] Illegal XDP return value 4294967294 on prog  (id 73) dev N/A, expect packet loss!
[  708.114485][ T5627] Bluetooth: hci6: hardware error 0x02
[  709.510840][T12259] loop9: detected capacity change from 0 to 4096
[  709.699116][T12259] ntfs3(loop9): ino=19, mi_enum_attr
[  709.717084][T12259] ntfs3(loop9): Mark volume as dirty due to NTFS errors
[  710.751423][ T5627] Bluetooth: hci6: Opcode 0x0c03 failed: -110
[  712.648397][T12307] netlink: 28 bytes leftover after parsing attributes in process `syz.8.1242'.
[  715.787406][T12354] lo speed is unknown, defaulting to 1000
[  715.793215][T12354] lo speed is unknown, defaulting to 1000
[  715.799410][T12354] lo speed is unknown, defaulting to 1000
[  715.805752][T12354] smbdirect: ib_dev[syz2]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000
[  715.819996][T12354] smbdirect: ib_dev[syz2]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6
[  715.837106][T12354] smbdirect: ib_dev[syz2]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008
[  715.851039][T12354] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  715.868041][T12354] lo speed is unknown, defaulting to 1000
[  715.874519][T12354] lo speed is unknown, defaulting to 1000
[  715.880960][T12354] lo speed is unknown, defaulting to 1000
[  715.887440][T12354] lo speed is unknown, defaulting to 1000
[  715.893903][T12354] lo speed is unknown, defaulting to 1000
[  715.900420][T12354] lo speed is unknown, defaulting to 1000
[  716.741760][T12360] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  716.748397][T12360] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  716.756692][T12360] vhci_hcd vhci_hcd.0: Device attached
[  716.771114][T12362] vhci_hcd: connection closed
[  716.771613][T11280] vhci_hcd vhci_hcd.3: stop threads
[  716.817389][T11280] vhci_hcd vhci_hcd.3: release socket
[  716.847668][T11280] vhci_hcd vhci_hcd.3: disconnect device
[  716.875212][T12365] tipc: Started in network mode
[  716.880230][T12365] tipc: Node identity ac14143e, cluster identity 4711
[  716.887288][T12365] tipc: New replicast peer: 172.30.1.7
[  716.893163][T12365] tipc: Enabled bearer <udp:syz0>, priority 10
[  716.907336][T12365] netlink: 60 bytes leftover after parsing attributes in process `syz.6.1255'.
[  718.105151][ T5355] tipc: Node number set to 2886997054
[  719.196147][T12385] syz.3.1260 (12385) used greatest stack depth: 19464 bytes left
[  719.695457][T12397] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check.
[  721.243002][T12418] ceph: No mds server is up or the cluster is laggy
[  721.917274][T12426] NILFS (nullb0): couldn't find nilfs on the device
[  722.668979][T12437] blktrace: Concurrent blktraces are not allowed on loop6
[  727.396077][T12477] lo speed is unknown, defaulting to 1000
[  735.023740][T12544] mac80211_hwsim hwsim23 syzkaller0: entered promiscuous mode
[  735.141672][T12544] mac80211_hwsim hwsim23 syzkaller0: entered allmulticast mode
[  739.395125][T12593] netlink: 28 bytes leftover after parsing attributes in process `syz.8.1308'.
[  739.972240][ T5772] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  740.463426][ T5772] usb 5-1: Using ep0 maxpacket: 8
[  740.532784][ T5772] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  740.577345][ T5772] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  740.650105][ T5772] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  740.704147][ T5772] usb 5-1: New USB device found, idVendor=0458, idProduct=4018, bcdDevice= 0.00
[  740.774800][T12618] loop9: detected capacity change from 0 to 512
[  740.775600][ T5772] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  740.788707][T12618] EXT4-fs: Ignoring removed nomblk_io_submit option
[  740.854328][ T5772] usb 5-1: config 0 descriptor??
[  740.996862][T12618] EXT4-fs error (device loop9): ext4_iget_extra_inode:5179: inode #15: comm syz.9.1317: corrupted in-inode xattr: invalid ea_ino
[  741.069321][T12618] loop9: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[  741.072124][T12618] EXT4-fs error (device loop9): ext4_orphan_get:1402: comm syz.9.1317: couldn't read orphan inode 15 (err -117)
[  741.081447][    C1] EXT4-fs (loop9): error count since last fsck: 1
[  741.081477][    C1] EXT4-fs (loop9): initial error at time 1782087006: ext4_iget_extra_inode:5179: inode 15
[  741.081530][    C1] EXT4-fs (loop9): last error at time 1782087006: ext4_iget_extra_inode:5179: inode 15
[  741.643679][T12618] loop9: lost filesystem error report for type 5 error -117
[  741.644922][T12618] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  742.192840][T12595] netlink: 'syz.4.1312': attribute type 1 has an invalid length.
[  743.246832][T12602] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1312'.
[  743.629285][T12595] bond3: entered promiscuous mode
[  743.656535][T12595] bond3: entered allmulticast mode
[  743.673102][T12595] 8021q: adding VLAN 0 to HW filter on device bond3
[  743.787052][T12602] bond3 (unregistering): Released all slaves
[  745.272302][ T5772] usbhid 5-1:0.0: can't add hid device: -71
[  745.278340][ T5772] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  745.388549][ T5772] usb 5-1: USB disconnect, device number 5
[  746.655571][T12684] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1329'.
[  746.705046][ T9444] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  747.266348][T12702] fuse: fd is not a fuse device
[  747.942576][T12699] mac80211_hwsim hwsim8 syzkaller0: entered promiscuous mode
[  747.955111][T12705] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1335'.
[  748.017945][T12699] mac80211_hwsim hwsim8 syzkaller0: entered allmulticast mode
[  751.591744][ T1311] ieee802154 phy0 wpan0: encryption failed: -22
[  751.591813][ T1311] ieee802154 phy1 wpan1: encryption failed: -22
[  752.530295][T12755] overlayfs: failed to clone upperpath
[  753.254380][T12752] netlink: 28 bytes leftover after parsing attributes in process `syz.8.1346'.
[  754.435800][T12788] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check.
[  757.912826][T12825] lo speed is unknown, defaulting to 1000
[  758.613444][T12829] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  759.408272][T12844] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1366'.
[  759.475255][T12844] mac80211_hwsim hwsim8 syzkaller0: left promiscuous mode
[  759.527794][T12844] mac80211_hwsim hwsim8 syzkaller0: left allmulticast mode
[  760.400437][   T30] audit: type=1804 audit(1782087023.994:101): pid=12854 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.9.1364" name="/newroot/108/bus/bus" dev="overlay" ino=611 res=1 errno=0
[  760.818923][T12852] overlayfs: failed to clone upperpath
[  761.122179][T12861] fuse: fd is not a fuse device
[  762.986941][T12885] xt_hashlimit: size too large, truncated to 1048576
[  763.931702][T12895] netlink: 28 bytes leftover after parsing attributes in process `syz.9.1378'.
[  764.052839][T12895] mac80211_hwsim hwsim23 syzkaller0: left promiscuous mode
[  764.305303][T12895] mac80211_hwsim hwsim23 syzkaller0: left allmulticast mode
[  768.764941][T12949] loop9: detected capacity change from 0 to 256
[  770.273112][T12957] can0: slcan on ttyS3.
[  770.363848][T12956] can0 (unregistered): slcan off ttyS3.
[  770.530349][T12961] FAT-fs (loop9): error, invalid access to FAT (entry 0x00000001)
[  771.102607][T12968] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1395'.
[  771.197305][T12968] mac80211_hwsim hwsim27 syzkaller0: left promiscuous mode
[  771.402730][T12968] mac80211_hwsim hwsim27 syzkaller0: left allmulticast mode
[  772.121047][T12981] netlink: 'syz.9.1396': attribute type 12 has an invalid length.
[  773.385094][T13002] ceph: No mds server is up or the cluster is laggy
[  774.030145][T12992] lo speed is unknown, defaulting to 1000
[  777.805189][T13057] netlink: 28 bytes leftover after parsing attributes in process `syz.9.1410'.
[  778.113159][T13066] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1414'.
[  780.361680][ T9544] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  783.837094][ T9544] usb 10-1: unable to read config index 0 descriptor/start: -71
[  783.854101][T13121] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1427'.
[  783.888761][ T9544] usb 10-1: can't read configurations, error -71
[  783.893730][T13125] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1429'.
[  785.089709][T13142] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  785.640081][T13154] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1445'.
[  787.237431][T13163] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  787.662296][ T9620] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  787.747008][ T9620] hid-generic 0000:0000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  787.884187][T13166] loop9: detected capacity change from 0 to 4096
[  787.983947][T13166] ext4: Unknown parameter 'seclabel'
[  788.013274][T13181] NILFS (nullb0): couldn't find nilfs on the device
[  789.829910][T13197] netlink: 'syz.6.1441': attribute type 1 has an invalid length.
[  789.833808][T13198] mac80211_hwsim hwsim8 syzkaller0: entered promiscuous mode
[  789.894678][T13199] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1441'.
[  789.914955][T13198] mac80211_hwsim hwsim8 syzkaller0: entered allmulticast mode
[  790.020654][T13197] bond2: entered promiscuous mode
[  790.030506][T13197] bond2: entered allmulticast mode
[  790.049477][T13197] 8021q: adding VLAN 0 to HW filter on device bond2
[  790.097791][T13199] bond2 (unregistering): Released all slaves
[  790.480988][T13214] lo speed is unknown, defaulting to 1000
[  792.216790][T13234] ceph: No mds server is up or the cluster is laggy
[  792.228140][   T24] libceph: connect (1)[c::]:6789 error -101
[  792.515450][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  792.953271][T13240] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1450'.
[  794.486914][T13266] lo speed is unknown, defaulting to 1000
[  797.010214][T13283] ipvlan2: entered allmulticast mode
[  797.015645][T13283] batadv_slave_1: entered allmulticast mode
[  797.045435][T13283] batman_adv: batadv0: Adding interface: ipvlan2
[  797.054742][T13283] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  797.086379][T13283] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  797.099749][T13283] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  797.112316][T13283] batman_adv: batadv0: Interface activated: ipvlan2
[  797.812993][T13295] lo speed is unknown, defaulting to 1000
[  799.797604][T13305] netlink: 28 bytes leftover after parsing attributes in process `syz.8.1466'.
[  801.630736][ T5627] Bluetooth: hci7: unexpected event for opcode 0x0000
[  801.654505][T13331] netlink: 28 bytes leftover after parsing attributes in process `syz.8.1470'.
[  803.139074][ T5355] IPVS: starting estimator thread 0...
[  803.291335][T13345] IPVS: using max 32 ests per chain, 76800 per kthread
[  803.542982][T13348] mac80211_hwsim hwsim23 syzkaller0: entered promiscuous mode
[  803.652519][T13348] mac80211_hwsim hwsim23 syzkaller0: entered allmulticast mode
[  805.407625][T13364] mac80211_hwsim hwsim27 syzkaller0: entered promiscuous mode
[  805.444715][T13364] mac80211_hwsim hwsim27 syzkaller0: entered allmulticast mode
[  806.286215][ T5627] Bluetooth: hci7: Controller not accepting commands anymore: ncmd = 0
[  806.295282][ T5627] Bluetooth: hci7: Injecting HCI hardware error event
[  806.302356][ T5627] Bluetooth: hci7: hardware error 0x00
[  806.886911][T13386] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1483'.
[  808.582203][T13367] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  809.238678][ T5627] Bluetooth: hci7: Opcode 0x0c03 failed: -110
[  809.411429][T13398] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1486'.
[  810.367991][T13418] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  816.744677][T13480] netlink: 28 bytes leftover after parsing attributes in process `syz.9.1503'.
[  817.432062][T13480] mac80211_hwsim hwsim23 syzkaller0: left promiscuous mode
[  817.439816][T13480] mac80211_hwsim hwsim23 syzkaller0: left allmulticast mode
[  818.075201][ T1311] ieee802154 phy0 wpan0: encryption failed: -22
[  818.092892][ T1311] ieee802154 phy1 wpan1: encryption failed: -22
[  821.573991][T13512] mac80211_hwsim hwsim23 syzkaller0: entered promiscuous mode
[  821.693000][T13512] mac80211_hwsim hwsim23 syzkaller0: entered allmulticast mode
[  822.231123][T13537] lo speed is unknown, defaulting to 1000
[  824.262608][T13556] loop9: detected capacity change from 0 to 8
[  824.285805][T13555] netlink: 28 bytes leftover after parsing attributes in process `syz.8.1523'.
[  825.375959][T13556] loop9: detected capacity change from 0 to 40427
[  825.440786][T13556] F2FS-fs (loop9): Corrupted extension count (64 + 1 > 64)
[  825.448237][T13556] F2FS-fs (loop9): Can't find valid F2FS filesystem in 1th superblock
[  825.466888][T13556] F2FS-fs (loop9): Image doesn't support compression
[  825.486068][T13556] F2FS-fs (loop9): invalid crc value
[  826.698801][T13562] netlink: 'syz.6.1525': attribute type 12 has an invalid length.
[  827.343628][ T5627] Bluetooth: hci4: unexpected event for opcode 0x2040
[  828.010901][T12747] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  828.055300][T13556] F2FS-fs (loop9): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  828.091896][T13556] F2FS-fs (loop9): Start checkpoint disabled!
[  828.187687][T13556] F2FS-fs (loop9): f2fs_disable_checkpoint() finish, err:0
[  828.298908][T12747] usb 4-1: config 2 has an invalid descriptor of length 110, skipping remainder of the config
[  828.319960][T12747] usb 4-1: too many endpoints for config 2 interface 0 altsetting 105: 111, using maximum allowed: 30
[  828.374254][T12747] usb 4-1: config 2 interface 0 altsetting 105 has 0 endpoint descriptors, different from the interface descriptor's value: 111
[  828.396540][T12747] usb 4-1: config 2 interface 0 has no altsetting 0
[  829.468027][T12747] usb 4-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=da.47
[  829.812712][T12747] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  829.849473][T12747] usb 4-1: Product: syz
[  829.872248][T12747] usb 4-1: Manufacturer: syz
[  829.876893][T12747] usb 4-1: SerialNumber: syz
[  830.147165][T13607] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1534'.
[  830.400560][T12747] usb 4-1: USB disconnect, device number 7
[  831.834856][ T5627] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  831.843628][ T5627] Bluetooth: hci4: Injecting HCI hardware error event
[  831.851411][ T5627] Bluetooth: hci4: hardware error 0x00
[  833.278944][T13642] ipvlan2: entered allmulticast mode
[  833.284407][T13642] batadv_slave_1: entered allmulticast mode
[  833.292662][T13642] batman_adv: batadv0: Adding interface: ipvlan2
[  833.299057][T13642] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  833.324609][T13642] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  833.335184][T13642] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  833.345067][T13642] batman_adv: batadv0: Interface activated: ipvlan2
[  833.987598][T13654] fuse: fd is not a fuse device
[  834.448421][ T5627] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  834.935433][T13666] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  838.524423][T13706] mac80211_hwsim hwsim27 syzkaller0: left promiscuous mode
[  838.648078][T13706] mac80211_hwsim hwsim27 syzkaller0: left allmulticast mode
[  839.790341][T13724] netlink: 91 bytes leftover after parsing attributes in process `syz.4.1562'.
[  842.318105][T13751] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  843.649160][T13771] lo speed is unknown, defaulting to 1000
[  849.139027][ T5627] Bluetooth: hci1: hcon ffff888029858000 sent 1 < count 10
[  849.634016][T13831] lo speed is unknown, defaulting to 1000
[  852.152993][T13846] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  853.708663][T13869] netlink: 28 bytes leftover after parsing attributes in process `syz.8.1596'.
[  855.931112][T13899] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1607'.
[  857.175439][T13905] netlink: 28 bytes leftover after parsing attributes in process `syz.9.1609'.
[  857.221033][T13905] mac80211_hwsim hwsim23 syzkaller0: left promiscuous mode
[  857.248516][T13905] mac80211_hwsim hwsim23 syzkaller0: left allmulticast mode
[  858.689071][T13920] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  860.739916][T13938] lo speed is unknown, defaulting to 1000
[  865.932783][T13988] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  866.625178][T13996] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  870.288114][T14036] ipvlan2: entered allmulticast mode
[  870.293427][T14036] batadv_slave_1: entered allmulticast mode
[  870.558176][T14036] batman_adv: batadv0: Adding interface: ipvlan2
[  870.564528][T14036] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  871.146734][T14036] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  871.163191][T14036] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  871.181527][T14036] batman_adv: batadv0: Interface activated: ipvlan2
[  872.091620][T14061] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  873.589158][T14080] veth0_macvtap: left promiscuous mode
[  873.672518][T14080] veth0_macvtap: entered promiscuous mode
[  873.758986][T12747] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  874.204611][T12747] usb 5-1: config 255 has an invalid interface number: 97 but max is 0
[  874.220666][T12747] usb 5-1: config 255 has no interface number 0
[  874.276122][T12747] usb 5-1: config 255 interface 97 has no altsetting 0
[  874.404630][T12747] usb 5-1: New USB device found, idVendor=0424, idProduct=cf19, bcdDevice=71.90
[  874.422832][T12747] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  874.448224][T12747] usb 5-1: Product: syz
[  874.452420][T12747] usb 5-1: Manufacturer: syz
[  874.457031][T12747] usb 5-1: SerialNumber: syz
[  875.277321][T14108] Set syz0 is full, maxelem 0 reached
[  876.722166][T14124] netlink: 'syz.8.1673': attribute type 21 has an invalid length.
[  876.730270][T14124] netlink: 132 bytes leftover after parsing attributes in process `syz.8.1673'.
[  876.739665][T14124] netlink: 28 bytes leftover after parsing attributes in process `syz.8.1673'.
[  877.003194][T14122] loop9: detected capacity change from 0 to 4096
[  877.355182][T12747] rndis_host 5-1:255.97: rndis: master #0/0000000000000000 slave #1/0000000000000000
[  877.657201][T14122] NILFS error (device loop9): nilfs_bmap_lookup_at_level: broken bmap (inode number=6)
[  877.668157][T14129] NILFS (loop9): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  877.856469][T14122] NILFS (loop9): mounting fs with errors
[  879.288360][T12747] usb 5-1: USB disconnect, device number 6
[  882.317977][T14165] netlink: 28 bytes leftover after parsing attributes in process `syz.9.1682'.
[  883.536784][T14182] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  884.973850][ T1311] ieee802154 phy0 wpan0: encryption failed: -22
[  884.989622][ T1311] ieee802154 phy1 wpan1: encryption failed: -22
[  885.873440][T14204] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  885.886342][T14202] mac80211_hwsim hwsim23 syzkaller0: entered promiscuous mode
[  886.049819][T14202] mac80211_hwsim hwsim23 syzkaller0: entered allmulticast mode
[  889.079702][T14235] netlink: 28 bytes leftover after parsing attributes in process `syz.9.1702'.
[  890.053899][T14235] mac80211_hwsim hwsim23 syzkaller0: left promiscuous mode
[  890.084829][T14235] mac80211_hwsim hwsim23 syzkaller0: left allmulticast mode
[  892.093340][T14266] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  894.041850][   T30] audit: type=1326 audit(1782087147.861:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14283 comm="syz.8.1717" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f392c19ce59 code=0x0
[  894.214529][T14294] mac80211_hwsim hwsim27 syzkaller0: entered promiscuous mode
[  894.222246][T14294] mac80211_hwsim hwsim27 syzkaller0: entered allmulticast mode
[  894.250245][T14278] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  894.327500][T14296] lo speed is unknown, defaulting to 1000
[  895.409337][T14315] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  895.791277][   T24] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  896.083254][T14340] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  896.090628][T14340] overlayfs: failed to set xattr on upper
[  896.096452][T14340] overlayfs: ...falling back to redirect_dir=nofollow.
[  896.103443][T14340] overlayfs: ...falling back to index=off.
[  896.109366][T14340] overlayfs: ...falling back to uuid=null.
[  896.487650][T14341] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  896.494649][T14341] overlayfs: failed to set xattr on upper
[  896.500358][T14341] overlayfs: ...falling back to redirect_dir=nofollow.
[  896.507496][T14341] overlayfs: ...falling back to index=off.
[  896.513466][T14341] overlayfs: ...falling back to uuid=null.
[  896.519314][T14341] overlayfs: conflicting lowerdir path
[ 1009.171382][    C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[ 1009.178394][    C1] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P9/1:b..l P14324/1:b..l
[ 1009.187487][    C1] rcu: 	(detected by 1, t=10503 jiffies, g=57517, q=402 ncpus=2)
[ 1009.195929][    C1] task:syz.8.1725      state:R  running task     stack:27336 pid:14324 tgid:14324 ppid:8661   task_flags:0x40004c flags:0x00080000
[ 1009.209504][    C1] Call Trace:
[ 1009.212983][    C1]  <TASK>
[ 1009.215935][    C1]  __schedule+0x125c/0x6730
[ 1009.220458][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1009.226127][    C1]  ? do_raw_spin_unlock+0x145/0x1e0
[ 1009.231569][    C1]  ? __pfx___schedule+0x10/0x10
[ 1009.236604][    C1]  ? folio_remove_rmap_ptes+0x7e0/0xdd0
[ 1009.242192][    C1]  ? preempt_schedule_thunk+0x16/0x40
[ 1009.248123][    C1]  preempt_schedule_common+0x42/0xc0
[ 1009.253602][    C1]  preempt_schedule_thunk+0x16/0x40
[ 1009.258861][    C1]  _raw_spin_unlock+0x3e/0x50
[ 1009.263576][    C1]  __zap_vma_range+0x24b4/0x4a30
[ 1009.268567][    C1]  ? __pfx___zap_vma_range+0x10/0x10
[ 1009.273923][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1009.279679][    C1]  unmap_vmas+0x299/0x5f0
[ 1009.284063][    C1]  ? srso_alias_safe_ret+0x4/0x7
[ 1009.289032][    C1]  ? __pfx_unmap_vmas+0x10/0x10
[ 1009.293999][    C1]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1009.300101][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1009.305873][    C1]  ? mas_next_slot+0x10a3/0x1960
[ 1009.310848][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1009.316621][    C1]  exit_mmap+0x1ef/0xa00
[ 1009.320937][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1009.326594][    C1]  ? lock_acquire+0x301/0x370
[ 1009.331367][    C1]  ? __pfx_exit_mmap+0x10/0x10
[ 1009.336165][    C1]  ? rcu_is_watching+0x12/0xc0
[ 1009.340964][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1009.346852][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1009.352508][    C1]  ? uprobe_clear_state+0x5f/0x260
[ 1009.357858][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1009.363527][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1009.369188][    C1]  ? __mutex_unlock_slowpath+0x35d/0x930
[ 1009.374883][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1009.380552][    C1]  ? arch_uprobe_clear_state+0x107/0x150
[ 1009.386235][    C1]  __mmput+0x12a/0x410
[ 1009.390327][    C1]  mmput+0x67/0x80
[ 1009.394066][    C1]  do_exit+0x8b1/0x2ae0
[ 1009.398337][    C1]  ? preempt_schedule_thunk+0x16/0x40
[ 1009.403749][    C1]  ? __pfx_do_exit+0x10/0x10
[ 1009.408465][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1009.414127][    C1]  ? preempt_schedule_thunk+0x16/0x40
[ 1009.419542][    C1]  do_group_exit+0xd5/0x2a0
[ 1009.424423][    C1]  __x64_sys_exit_group+0x3e/0x50
[ 1009.429478][    C1]  x64_sys_call+0x102c/0x1530
[ 1009.434187][    C1]  do_syscall_64+0x115/0x870
[ 1009.439149][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1009.445495][    C1] RIP: 0033:0x7f392c19ce59
[ 1009.450102][    C1] RSP: 002b:00007fff5fb1f098 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 1009.458656][    C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f392c19ce59
[ 1009.466909][    C1] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000
[ 1009.476555][    C1] RBP: 00007fff5fb1f0fc R08: 0000000000000000 R09: 00000000000927c0
[ 1009.484722][    C1] R10: 0000000000000001 R11: 0000000000000246 R12: 00000000000000c7
[ 1009.492708][    C1] R13: 00000000000927c0 R14: 00000000000d54e5 R15: 00007fff5fb1f150
[ 1009.500701][    C1]  </TASK>
[ 1009.503719][    C1] task:kworker/0:0     state:R  running task     stack:25528 pid:9     tgid:9     ppid:2      task_flags:0x4208060 flags:0x00080000
[ 1009.517623][    C1] Workqueue: events_power_efficient gc_worker
[ 1009.523724][    C1] Call Trace:
[ 1009.527081][    C1]  <TASK>
[ 1009.530168][    C1]  __schedule+0x125c/0x6730
[ 1009.534876][    C1]  ? rcu_is_watching+0x12/0xc0
[ 1009.539716][    C1]  ? __virt_addr_valid+0x22a/0x430
[ 1009.544879][    C1]  ? __pfx___schedule+0x10/0x10
[ 1009.549825][    C1]  ? irqentry_exit+0x24d/0xa00
[ 1009.554803][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1009.560557][    C1]  ? rcu_is_watching+0x12/0xc0
[ 1009.565436][    C1]  preempt_schedule_irq+0x50/0x90
[ 1009.570827][    C1]  irqentry_exit+0x205/0xa00
[ 1009.575450][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1009.581127][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1009.587123][    C1] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70
[ 1009.593261][    C1] Code: e6 e9 5d 00 48 89 df 5b e9 cd 7d 63 00 be 03 00 00 00 5b e9 d2 39 f5 02 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 65 8b 05 25 22 07 12 48 8b 34 24 65 48 8b 15 01 22 07
[ 1009.613419][    C1] RSP: 0018:ffffc900000e7b40 EFLAGS: 00000246
[ 1009.619700][    C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff89b79a9a
[ 1009.627681][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88801def5d00
[ 1009.635701][    C1] RBP: 000000000000e65d R08: 0000000000000005 R09: 0000000000000000
[ 1009.643791][    C1] R10: 0000000000000000 R11: 1ffff11004d8209a R12: dffffc0000000000
[ 1009.651766][    C1] R13: 0000000000040000 R14: 000000000000732e R15: 0000000000001770
[ 1009.659750][    C1]  ? gc_worker+0x92a/0x1630
[ 1009.664379][    C1]  gc_worker+0x937/0x1630
[ 1009.668742][    C1]  ? __pfx_gc_worker+0x10/0x10
[ 1009.673530][    C1]  ? lock_acquire+0x301/0x370
[ 1009.678217][    C1]  ? rcu_is_watching+0x12/0xc0
[ 1009.683104][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1009.688753][    C1]  ? rcu_is_watching+0x12/0xc0
[ 1009.693570][    C1]  process_one_work+0xa23/0x1940
[ 1009.698551][    C1]  ? __pfx_process_one_work+0x10/0x10
[ 1009.704046][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1009.709699][    C1]  worker_thread+0x5ef/0xe50
[ 1009.714337][    C1]  ? kthread+0x13a/0x450
[ 1009.718604][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1009.723743][    C1]  kthread+0x370/0x450
[ 1009.727836][    C1]  ? __pfx_kthread+0x10/0x10
[ 1009.732448][    C1]  ret_from_fork+0x72b/0xd50
[ 1009.737139][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[ 1009.742263][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1009.747917][    C1]  ? __switch_to+0x800/0x10f0
[ 1009.752621][    C1]  ? __switch_to_asm+0x39/0x70
[ 1009.757581][    C1]  ? __pfx_kthread+0x10/0x10
[ 1009.762547][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1009.767367][    C1]  </TASK>
[ 1009.770380][    C1] rcu: rcu_preempt kthread starved for 10440 jiffies! g57517 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[ 1009.781616][    C1] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[ 1009.791584][    C1] rcu: RCU grace-period kthread stack dump:
[ 1009.797504][    C1] task:rcu_preempt     state:R  running task     stack:28416 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00080000
[ 1009.811174][    C1] Call Trace:
[ 1009.814456][    C1]  <TASK>
[ 1009.817386][    C1]  __schedule+0x125c/0x6730
[ 1009.822074][    C1]  ? rcu_is_watching+0x12/0xc0
[ 1009.826860][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1009.832628][    C1]  ? trace_irq_enable.constprop.0+0x122/0x160
[ 1009.838862][    C1]  ? __pfx___schedule+0x10/0x10
[ 1009.843822][    C1]  ? rcu_is_watching+0x12/0xc0
[ 1009.848613][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1009.854358][    C1]  ? lock_release+0x24d/0x310
[ 1009.859053][    C1]  schedule+0xdd/0x390
[ 1009.863199][    C1]  schedule_timeout+0x127/0x280
[ 1009.868090][    C1]  ? __pfx_schedule_timeout+0x10/0x10
[ 1009.873492][    C1]  ? prepare_to_swait_event+0xdf/0x4a0
[ 1009.878988][    C1]  ? __pfx_process_timeout+0x10/0x10
[ 1009.884449][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1009.890105][    C1]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 1009.895986][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1009.901656][    C1]  ? prepare_to_swait_event+0xdf/0x4a0
[ 1009.907308][    C1]  rcu_gp_fqs_loop+0x1a9/0x900
[ 1009.912263][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1009.918047][    C1]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[ 1009.923694][    C1]  ? __pfx_rcu_gp_init+0x10/0x10
[ 1009.928820][    C1]  ? __pfx_rcu_gp_cleanup+0x10/0x10
[ 1009.934075][    C1]  ? rcu_is_watching+0x12/0xc0
[ 1009.938903][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1009.944644][    C1]  ? trace_irq_enable.constprop.0+0x122/0x160
[ 1009.950752][    C1]  rcu_gp_kthread+0x179/0x230
[ 1009.955981][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1009.961212][    C1]  ? trace_irq_enable.constprop.0+0x122/0x160
[ 1009.967501][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1009.973160][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1009.978837][    C1]  ? __kthread_parkme+0x18c/0x230
[ 1009.984149][    C1]  ? kthread+0x13a/0x450
[ 1009.988434][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1009.993641][    C1]  kthread+0x370/0x450
[ 1009.997743][    C1]  ? __pfx_kthread+0x10/0x10
[ 1010.002394][    C1]  ret_from_fork+0x72b/0xd50
[ 1010.007103][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[ 1010.012323][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1010.017981][    C1]  ? __switch_to+0x800/0x10f0
[ 1010.022814][    C1]  ? __switch_to_asm+0x39/0x70
[ 1010.027691][    C1]  ? __pfx_kthread+0x10/0x10
[ 1010.032367][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1010.037166][    C1]  </TASK>
[ 1010.040192][    C1] rcu: Stack dump where RCU GP kthread last ran:
[ 1010.046535][    C1] CPU: 1 UID: 0 PID: 9650 Comm: kworker/u8:22 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1010.057935][    C1] Tainted: [L]=SOFTLOCKUP
[ 1010.062277][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1010.072340][    C1] Workqueue: events_unbound toggle_allocation_gate
[ 1010.078880][    C1] RIP: 0010:smp_call_function_many_cond+0x589/0x16c0
[ 1010.085604][    C1] Code: b8 00 00 00 00 00 fc ff df 48 8b 54 24 08 49 89 d5 49 89 d4 49 c1 ed 03 41 83 e4 07 49 01 c5 41 83 c4 03 e8 a9 95 0c 00 f3 90 <41> 0f b6 45 00 41 38 c4 7c 08 84 c0 0f 85 2c 0f 00 00 8b 45 08 31
[ 1010.105233][    C1] RSP: 0018:ffffc90004eff878 EFLAGS: 00000293
[ 1010.111314][    C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff81fca87d
[ 1010.119290][    C1] RDX: ffff888032255d00 RSI: ffffffff81fca857 RDI: ffff888032255d00
[ 1010.127267][    C1] RBP: ffff8880b8443360 R08: 0000000000000005 R09: 0000000000000000
[ 1010.135236][    C1] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000003
[ 1010.143210][    C1] R13: ffffed101708866d R14: 0000000000000001 R15: ffff8880b853c840
[ 1010.151190][    C1] FS:  0000000000000000(0000) GS:ffff88812441a000(0000) knlGS:0000000000000000
[ 1010.160239][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1010.166842][    C1] CR2: 00007f57c153c38e CR3: 000000000e592000 CR4: 0000000000350ef0
[ 1010.174822][    C1] Call Trace:
[ 1010.178139][    C1]  <TASK>
[ 1010.181093][    C1]  ? __pfx_do_sync_core+0x10/0x10
[ 1010.186156][    C1]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[ 1010.192522][    C1]  ? __pfx_text_poke_memcpy+0x10/0x10
[ 1010.198183][    C1]  ? __pfx___text_poke+0x10/0x10
[ 1010.203147][    C1]  ? __pfx_do_sync_core+0x10/0x10
[ 1010.208198][    C1]  on_each_cpu_cond_mask+0x40/0x90
[ 1010.213339][    C1]  ? kmem_cache_alloc_from_sheaf_noprof+0x39/0x190
[ 1010.219994][    C1]  smp_text_poke_batch_finish+0x337/0xc60
[ 1010.226026][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1010.231681][    C1]  ? __pfx_smp_text_poke_batch_finish+0x10/0x10
[ 1010.237963][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1010.243617][    C1]  ? arch_jump_label_transform_queue+0xc0/0x120
[ 1010.249892][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1010.255663][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1010.261328][    C1]  arch_jump_label_transform_apply+0x1c/0x30
[ 1010.267469][    C1]  jump_label_update+0x37a/0x550
[ 1010.272464][    C1]  static_key_enable_cpuslocked+0x1bc/0x270
[ 1010.278385][    C1]  static_key_enable+0x1a/0x20
[ 1010.283179][    C1]  toggle_allocation_gate+0xfe/0x2d0
[ 1010.288754][    C1]  ? __pfx_debug_object_deactivate+0x10/0x10
[ 1010.294754][    C1]  ? __pfx_toggle_allocation_gate+0x10/0x10
[ 1010.300667][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1010.306333][    C1]  ? rcu_is_watching+0x12/0xc0
[ 1010.311124][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1010.316789][    C1]  ? lock_acquire+0x301/0x370
[ 1010.321476][    C1]  ? rcu_is_watching+0x12/0xc0
[ 1010.326297][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1010.332032][    C1]  ? rcu_is_watching+0x12/0xc0
[ 1010.336929][    C1]  process_one_work+0xa23/0x1940
[ 1010.341910][    C1]  ? __pfx_process_one_work+0x10/0x10
[ 1010.347317][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1010.354157][    C1]  worker_thread+0x5ef/0xe50
[ 1010.358788][    C1]  ? kthread+0x13a/0x450
[ 1010.363051][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1010.368191][    C1]  kthread+0x370/0x450
[ 1010.372285][    C1]  ? __pfx_kthread+0x10/0x10
[ 1010.376899][    C1]  ret_from_fork+0x72b/0xd50
[ 1010.381518][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[ 1010.386646][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1010.392295][    C1]  ? __switch_to+0x800/0x10f0
[ 1010.397020][    C1]  ? __switch_to_asm+0x39/0x70
[ 1010.401816][    C1]  ? __pfx_kthread+0x10/0x10
[ 1010.406625][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1010.411491][    C1]  </TASK>
[ 1141.474580][    C1] watchdog: BUG: soft lockup - CPU#1 stuck for 244s! [kworker/u8:22:9650]
[ 1141.474619][    C1] Modules linked in:
[ 1141.474639][    C1] irq event stamp: 0
[ 1141.474654][    C1] hardirqs last  enabled at (0): [<0000000000000000>] 0x0
[ 1141.474689][    C1] hardirqs last disabled at (0): [<ffffffff81c54b8a>] copy_process+0x288a/0x7ff0
[ 1141.474755][    C1] softirqs last  enabled at (0): [<ffffffff81c54bde>] copy_process+0x28de/0x7ff0
[ 1141.474811][    C1] softirqs last disabled at (0): [<0000000000000000>] 0x0
[ 1141.474857][    C1] CPU: 1 UID: 0 PID: 9650 Comm: kworker/u8:22 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1141.474919][    C1] Tainted: [L]=SOFTLOCKUP
[ 1141.474934][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1141.474964][    C1] Workqueue: events_unbound toggle_allocation_gate
[ 1141.475036][    C1] RIP: 0010:smp_call_function_many_cond+0x5b0/0x16c0
[ 1141.475114][    C1] Code: 00 f3 90 41 0f b6 45 00 41 38 c4 7c 08 84 c0 0f 85 2c 0f 00 00 8b 45 08 31 ff 83 e0 01 41 89 c6 89 c6 e8 33 90 0c 00 45 85 f6 <75> d0 e8 79 95 0c 00 e8 74 95 0c 00 83 c3 01 bf 07 00 00 00 48 63
[ 1141.475157][    C1] RSP: 0018:ffffc90004eff878 EFLAGS: 00000202
[ 1141.475189][    C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff81fca87d
[ 1141.475217][    C1] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff888032255d00
[ 1141.475242][    C1] RBP: ffff8880b8443360 R08: 0000000000000005 R09: 0000000000000000
[ 1141.475261][    C1] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000003
[ 1141.475279][    C1] R13: ffffed101708866d R14: 0000000000000001 R15: ffff8880b853c840
[ 1141.475308][    C1] FS:  0000000000000000(0000) GS:ffff88812441a000(0000) knlGS:0000000000000000
[ 1141.475346][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1141.475375][    C1] CR2: 00007f57c153c38e CR3: 000000000e592000 CR4: 0000000000350ef0
[ 1141.475403][    C1] Call Trace:
[ 1141.475417][    C1]  <TASK>
[ 1141.475437][    C1]  ? __pfx_do_sync_core+0x10/0x10
[ 1141.475503][    C1]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[ 1141.475578][    C1]  ? __pfx_text_poke_memcpy+0x10/0x10
[ 1141.475643][    C1]  ? __pfx___text_poke+0x10/0x10
[ 1141.475701][    C1]  ? __pfx_do_sync_core+0x10/0x10
[ 1141.475756][    C1]  on_each_cpu_cond_mask+0x40/0x90
[ 1141.475796][    C1]  ? kmem_cache_alloc_from_sheaf_noprof+0x39/0x190
[ 1141.475853][    C1]  smp_text_poke_batch_finish+0x337/0xc60
[ 1141.475922][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1141.475968][    C1]  ? __pfx_smp_text_poke_batch_finish+0x10/0x10
[ 1141.476030][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1141.476075][    C1]  ? arch_jump_label_transform_queue+0xc0/0x120
[ 1141.476137][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1141.476184][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1141.476233][    C1]  arch_jump_label_transform_apply+0x1c/0x30
[ 1141.476295][    C1]  jump_label_update+0x37a/0x550
[ 1141.476349][    C1]  static_key_enable_cpuslocked+0x1bc/0x270
[ 1141.476403][    C1]  static_key_enable+0x1a/0x20
[ 1141.476453][    C1]  toggle_allocation_gate+0xfe/0x2d0
[ 1141.476503][    C1]  ? __pfx_debug_object_deactivate+0x10/0x10
[ 1141.476552][    C1]  ? __pfx_toggle_allocation_gate+0x10/0x10
[ 1141.476604][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1141.476648][    C1]  ? rcu_is_watching+0x12/0xc0
[ 1141.476695][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1141.476744][    C1]  ? lock_acquire+0x301/0x370
[ 1141.476780][    C1]  ? rcu_is_watching+0x12/0xc0
[ 1141.476827][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1141.476871][    C1]  ? rcu_is_watching+0x12/0xc0
[ 1141.476921][    C1]  process_one_work+0xa23/0x1940
[ 1141.476989][    C1]  ? __pfx_process_one_work+0x10/0x10
[ 1141.477053][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1141.477101][    C1]  worker_thread+0x5ef/0xe50
[ 1141.477167][    C1]  ? kthread+0x13a/0x450
[ 1141.477216][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1141.477271][    C1]  kthread+0x370/0x450
[ 1141.477320][    C1]  ? __pfx_kthread+0x10/0x10
[ 1141.477373][    C1]  ret_from_fork+0x72b/0xd50
[ 1141.477417][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[ 1141.477460][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1141.477504][    C1]  ? __switch_to+0x800/0x10f0
[ 1141.477557][    C1]  ? __switch_to_asm+0x39/0x70
[ 1141.477607][    C1]  ? __pfx_kthread+0x10/0x10
[ 1141.477660][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1141.477723][    C1]  </TASK>
[ 1141.477741][    C1] Sending NMI from CPU 1 to CPUs 0:
[ 1141.899147][    C0] NMI backtrace for cpu 0
[ 1141.899175][    C0] CPU: 0 UID: 0 PID: 14337 Comm: syz.6.1727 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1141.899222][    C0] Tainted: [L]=SOFTLOCKUP
[ 1141.899233][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1141.899253][    C0] RIP: 0010:debug_object_activate+0x5e/0x490
[ 1141.899305][    C0] Code: 48 c7 44 24 28 c8 dd f6 8d 4d 89 cf 48 c7 44 24 30 70 93 07 85 49 c1 ef 03 4b 8d 04 27 c7 00 f1 f1 f1 f1 c7 40 04 f1 f1 00 00 <c7> 40 08 00 00 00 f3 c7 40 0c f3 f3 f3 f3 65 48 8b 05 24 cc 08 0f
[ 1141.899338][    C0] RSP: 0018:ffffc90000007d70 EFLAGS: 00000016
[ 1141.899364][    C0] RAX: fffff52000000fb2 RBX: ffff8880b8428540 RCX: ffffffff81f4be58
[ 1141.899386][    C0] RDX: ffff88802d67be00 RSI: ffffffff8bb2f940 RDI: ffff888022ea0300
[ 1141.899408][    C0] RBP: ffffc90000007e58 R08: 0000000000000005 R09: ffffc90000007d90
[ 1141.899429][    C0] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[ 1141.899449][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffff92000000fb2
[ 1141.899473][    C0] FS:  00007f8755c1e6c0(0000) GS:ffff88812431a000(0000) knlGS:0000000000000000
[ 1141.899503][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1141.899524][    C0] CR2: 00007f2c417ea540 CR3: 00000000622a6000 CR4: 0000000000350ef0
[ 1141.899546][    C0] Call Trace:
[ 1141.899557][    C0]  <IRQ>
[ 1141.899568][    C0]  ? advance_sched+0x76b/0xd20
[ 1141.899613][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1141.899657][    C0]  ? rcu_is_watching+0x12/0xc0
[ 1141.899702][    C0]  ? __pfx_debug_object_activate+0x10/0x10
[ 1141.899747][    C0]  ? __netif_schedule.part.0+0x40/0x2f0
[ 1141.899806][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1141.899845][    C0]  ? do_raw_spin_lock+0x128/0x260
[ 1141.899885][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1141.899927][    C0]  enqueue_hrtimer+0x75/0x2f0
[ 1141.899970][    C0]  __hrtimer_run_queues+0x6ed/0x9c0
[ 1141.900021][    C0]  hrtimer_interrupt+0x3e5/0x940
[ 1141.900107][    C0]  __sysvec_apic_timer_interrupt+0x109/0x470
[ 1141.900155][    C0]  sysvec_apic_timer_interrupt+0x9e/0xc0
[ 1141.900191][    C0]  </IRQ>
[ 1141.900202][    C0]  <TASK>
[ 1141.900213][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1141.900250][    C0] RIP: 0010:preempt_schedule_irq+0x4b/0x90
[ 1141.900285][    C0] Code: 00 00 00 fc ff df 48 89 eb 48 c1 eb 03 48 01 d3 f6 c4 02 75 47 bf 01 00 00 00 e8 d0 11 3e f6 e8 0b 06 7b f6 fb bf 01 00 00 00 <e8> d0 90 ff ff 9c 58 fa f6 c4 02 75 1e bf 01 00 00 00 e8 be b1 3d
[ 1141.900317][    C0] RSP: 0018:ffffc900070d7688 EFLAGS: 00000246
[ 1141.900341][    C0] RAX: 0000000000000001 RBX: ffffed1005acf7c0 RCX: ffffffff8211890f
[ 1141.900363][    C0] RDX: 0000000000000000 RSI: ffffffff8c1d2b80 RDI: 0000000000000001
[ 1141.900383][    C0] RBP: ffff88802d67be00 R08: 0000000000000000 R09: fffffbfff21b4a52
[ 1141.900405][    C0] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 1141.900424][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1141.900450][    C0]  ? trace_irq_enable.constprop.0+0x2f/0x160
[ 1141.900507][    C0]  ? preempt_schedule_irq+0x45/0x90
[ 1141.900548][    C0]  irqentry_exit+0x205/0xa00
[ 1141.900583][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1141.900626][    C0]  asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1141.900661][    C0] RIP: 0010:__skb_try_recv_datagram+0xde/0x500
[ 1141.900716][    C0] Code: 00 31 ff 44 89 e6 e8 51 9e a4 f8 45 85 e4 0f 85 76 03 00 00 e8 93 a3 a4 f8 c7 44 24 68 00 00 00 00 e8 86 a3 a4 f8 8b 6c 24 0c <31> ff 83 e5 40 89 ee e8 26 9e a4 f8 85 ed b8 00 00 00 00 48 c7 c2
[ 1141.900875][    C0] RSP: 0018:ffffc900070d7790 EFLAGS: 00000246
[ 1141.900922][    C0] RAX: 0000000000080000 RBX: ffff888012c10880 RCX: ffffc90024806000
[ 1141.900953][    C0] RDX: 0000000000080000 RSI: ffffffff89649a7a RDI: ffff88802d67be00
[ 1141.901019][    C0] RBP: 0000000000000002 R08: 0000000000000005 R09: 0000000000000000
[ 1141.901057][    C0] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 1141.901085][    C0] R13: ffffc900070d78e8 R14: ffff888012c10968 R15: ffffc900070d78f8
[ 1141.901141][    C0]  ? __skb_try_recv_datagram+0xda/0x500
[ 1141.901227][    C0]  ? __pfx___skb_try_recv_datagram+0x10/0x10
[ 1141.901288][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1141.901343][    C0]  ? __schedule+0x126e/0x6730
[ 1141.901425][    C0]  __unix_dgram_recvmsg+0x1bc/0xc30
[ 1141.901498][    C0]  ? __pfx___unix_dgram_recvmsg+0x10/0x10
[ 1141.901563][    C0]  ? __pfx___schedule+0x10/0x10
[ 1141.901625][    C0]  ? preempt_schedule_irq+0x7b/0x90
[ 1141.901675][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1141.901770][    C0]  ? trace_irq_enable.constprop.0+0x122/0x160
[ 1141.901910][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1141.902027][    C0]  ? irqentry_exit+0x24d/0xa00
[ 1141.902081][    C0]  unix_dgram_recvmsg+0xcd/0x100
[ 1141.902142][    C0]  ? __pfx_unix_dgram_recvmsg+0x10/0x10
[ 1141.902196][    C0]  ____sys_recvmsg+0x5eb/0x670
[ 1141.902250][    C0]  ? __pfx_____sys_recvmsg+0x10/0x10
[ 1141.902315][    C0]  ? rcu_is_watching+0x12/0xc0
[ 1141.902366][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1141.902426][    C0]  ? kfree+0x1e5/0x6c0
[ 1141.902468][    C0]  ? ___sys_recvmsg+0x14d/0x1a0
[ 1141.902519][    C0]  ___sys_recvmsg+0x16a/0x1a0
[ 1141.902564][    C0]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1141.902606][    C0]  ? preempt_schedule_notrace_thunk+0x16/0x30
[ 1141.902679][    C0]  ? __might_fault+0xc5/0x140
[ 1141.902766][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1141.902806][    C0]  ? preempt_schedule_notrace+0x5f/0xd0
[ 1141.902849][    C0]  ? __pfx___might_resched+0x10/0x10
[ 1141.902898][    C0]  do_recvmmsg+0x2f3/0x740
[ 1141.902942][    C0]  ? __pfx_do_recvmmsg+0x10/0x10
[ 1141.902976][    C0]  ? file_init_path+0x48e/0x670
[ 1141.903032][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1141.903133][    C0]  ? do_futex+0x190/0x440
[ 1141.903189][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1141.903228][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1141.903271][    C0]  __x64_sys_recvmmsg+0x22a/0x280
[ 1141.903348][    C0]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[ 1141.903407][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1141.903455][    C0]  ? rcu_is_watching+0x12/0xc0
[ 1141.903531][    C0]  do_syscall_64+0x115/0x870
[ 1141.903574][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1141.903609][    C0] RIP: 0033:0x7f8754d9ce59
[ 1141.903634][    C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1141.903667][    C0] RSP: 002b:00007f8755c1e028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1141.903708][    C0] RAX: ffffffffffffffda RBX: 00007f8755016090 RCX: 00007f8754d9ce59
[ 1141.903730][    C0] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000004
[ 1141.903751][    C0] RBP: 00007f8754e32e6f R08: 0000000000000000 R09: 0000000000000000
[ 1141.903776][    C0] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
[ 1141.903796][    C0] R13: 00007f8755016128 R14: 00007f8755016090 R15: 00007fff054ae4d8
[ 1141.903830][    C0]  </TASK>
[ 1142.574779][    C1] Kernel panic - not syncing: softlockup: hung tasks
[ 1142.582872][    C1] CPU: 1 UID: 0 PID: 9650 Comm: kworker/u8:22 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1142.596058][    C1] Tainted: [L]=SOFTLOCKUP
[ 1142.601218][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1142.611503][    C1] Workqueue: events_unbound toggle_allocation_gate
[ 1142.618072][    C1] Call Trace:
[ 1142.621448][    C1]  <IRQ>
[ 1142.624383][    C1]  dump_stack_lvl+0x100/0x190
[ 1142.629339][    C1]  vpanic+0x552/0x970
[ 1142.633523][    C1]  ? __pfx_vpanic+0x10/0x10
[ 1142.638074][    C1]  ? __entry_text_end+0x1020b5/0x1020b9
[ 1142.643834][    C1]  ? do_raw_spin_unlock+0x145/0x1e0
[ 1142.649668][    C1]  panic+0xd1/0xe0
[ 1142.653410][    C1]  ? __pfx_panic+0x10/0x10
[ 1142.657841][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1142.663520][    C1]  ? __pfx_printk_trigger_flush+0x10/0x10
[ 1142.669291][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1142.674985][    C1]  ? wq_watchdog_touch+0xec/0x1a0
[ 1142.680077][    C1]  ? watchdog_timer_fn.cold+0x5/0x25
[ 1142.685386][    C1]  ? watchdog_timer_fn+0x702/0x7a0
[ 1142.690604][    C1]  watchdog_timer_fn.cold+0x16/0x25
[ 1142.695834][    C1]  ? __pfx_watchdog_timer_fn+0x10/0x10
[ 1142.701306][    C1]  __hrtimer_run_queues+0x13f/0x9c0
[ 1142.706811][    C1]  hrtimer_interrupt+0x3e5/0x940
[ 1142.711884][    C1]  __sysvec_apic_timer_interrupt+0x109/0x470
[ 1142.717984][    C1]  sysvec_apic_timer_interrupt+0x9e/0xc0
[ 1142.723638][    C1]  </IRQ>
[ 1142.726587][    C1]  <TASK>
[ 1142.729600][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1142.735781][    C1] RIP: 0010:smp_call_function_many_cond+0x5b0/0x16c0
[ 1142.742846][    C1] Code: 00 f3 90 41 0f b6 45 00 41 38 c4 7c 08 84 c0 0f 85 2c 0f 00 00 8b 45 08 31 ff 83 e0 01 41 89 c6 89 c6 e8 33 90 0c 00 45 85 f6 <75> d0 e8 79 95 0c 00 e8 74 95 0c 00 83 c3 01 bf 07 00 00 00 48 63
[ 1142.762569][    C1] RSP: 0018:ffffc90004eff878 EFLAGS: 00000202
[ 1142.768703][    C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff81fca87d
[ 1142.776704][    C1] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff888032255d00
[ 1142.784687][    C1] RBP: ffff8880b8443360 R08: 0000000000000005 R09: 0000000000000000
[ 1142.792694][    C1] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000003
[ 1142.800706][    C1] R13: ffffed101708866d R14: 0000000000000001 R15: ffff8880b853c840
[ 1142.808789][    C1]  ? smp_call_function_many_cond+0x5ad/0x16c0
[ 1142.814933][    C1]  ? smp_call_function_many_cond+0x5ad/0x16c0
[ 1142.821046][    C1]  ? __pfx_do_sync_core+0x10/0x10
[ 1142.826110][    C1]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[ 1142.832489][    C1]  ? __pfx_text_poke_memcpy+0x10/0x10
[ 1142.837898][    C1]  ? __pfx___text_poke+0x10/0x10
[ 1142.842867][    C1]  ? __pfx_do_sync_core+0x10/0x10
[ 1142.848177][    C1]  on_each_cpu_cond_mask+0x40/0x90
[ 1142.853338][    C1]  ? kmem_cache_alloc_from_sheaf_noprof+0x39/0x190
[ 1142.859871][    C1]  smp_text_poke_batch_finish+0x337/0xc60
[ 1142.865767][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1142.871440][    C1]  ? __pfx_smp_text_poke_batch_finish+0x10/0x10
[ 1142.878198][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1142.883951][    C1]  ? arch_jump_label_transform_queue+0xc0/0x120
[ 1142.890459][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1142.896147][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1142.901826][    C1]  arch_jump_label_transform_apply+0x1c/0x30
[ 1142.907849][    C1]  jump_label_update+0x37a/0x550
[ 1142.912906][    C1]  static_key_enable_cpuslocked+0x1bc/0x270
[ 1142.918914][    C1]  static_key_enable+0x1a/0x20
[ 1142.923707][    C1]  toggle_allocation_gate+0xfe/0x2d0
[ 1142.929351][    C1]  ? __pfx_debug_object_deactivate+0x10/0x10
[ 1142.935361][    C1]  ? __pfx_toggle_allocation_gate+0x10/0x10
[ 1142.941572][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1142.947230][    C1]  ? rcu_is_watching+0x12/0xc0
[ 1142.952073][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1142.957737][    C1]  ? lock_acquire+0x301/0x370
[ 1142.962463][    C1]  ? rcu_is_watching+0x12/0xc0
[ 1142.967300][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1142.973411][    C1]  ? rcu_is_watching+0x12/0xc0
[ 1142.978765][    C1]  process_one_work+0xa23/0x1940
[ 1142.983755][    C1]  ? __pfx_process_one_work+0x10/0x10
[ 1142.989440][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1142.995130][    C1]  worker_thread+0x5ef/0xe50
[ 1142.999787][    C1]  ? kthread+0x13a/0x450
[ 1143.004136][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1143.009278][    C1]  kthread+0x370/0x450
[ 1143.013389][    C1]  ? __pfx_kthread+0x10/0x10
[ 1143.018006][    C1]  ret_from_fork+0x72b/0xd50
[ 1143.022615][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[ 1143.027746][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1143.033604][    C1]  ? __switch_to+0x800/0x10f0
[ 1143.038507][    C1]  ? __switch_to_asm+0x39/0x70
[ 1143.043478][    C1]  ? __pfx_kthread+0x10/0x10
[ 1143.048123][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1143.052927][    C1]  </TASK>
[ 1144.225145][    C1] Shutting down cpus with NMI
[ 1144.230218][    C1] Kernel Offset: disabled
[ 1144.234580][    C1] Rebooting in 86400 seconds..