last executing test programs:

35.098301623s ago: executing program 1:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
r1 = socket$inet6(0xa, 0x806, 0x0)
bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e23}, 0x1c)
listen(r1, 0x3)
r2 = socket$inet_dccp(0x2, 0x6, 0x0)
connect$inet(r2, &(0x7f0000772000)={0x2, 0x4e23}, 0x10)
r3 = accept4(r1, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), r3)
recvmmsg(r2, &(0x7f0000007940), 0x55, 0x0, 0x0)
sendmmsg(r2, &(0x7f0000000bc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

34.724815099s ago: executing program 1:
r0 = syz_io_uring_setup(0x46bb, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000680)={&(0x7f0000000500)=@sco={0x1f, @none}, 0x80, 0x0}})
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x100, 0xfd, 0x9, 0x1, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000), 0xcff5, r4}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000500), 0x0, 0x4, r4}, 0x38)
io_uring_enter(r0, 0x291c, 0x0, 0x0, 0x0, 0x0)

34.418206261s ago: executing program 1:
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000002280)={[{@mpol={'mpol', 0x3d, {'interleave', '=static', @val={0x3a, [0x30]}}}}]})
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
mount$bind(&(0x7f0000000200)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2001008, 0x0)
mount$bind(&(0x7f0000000600)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x11080, 0x0)
mount$bind(&(0x7f0000000180)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r0, &(0x7f00000023c0)={0x2020}, 0x2020)

34.196915294s ago: executing program 1:
r0 = syz_open_dev$swradio(&(0x7f00000000c0), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000080)={0x0, 0xb, 0x0, "a0e0f75acb43c4bdf45200"})

33.716891008s ago: executing program 1:
r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
close(r0)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000140)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r0, 0x3b82, &(0x7f00000000c0)={0x18, r2, 0x1, 0x0, &(0x7f0000000080)=[{0x0, 0x40000000000007}]})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000280)={0x48, 0x2, r2})

32.862769555s ago: executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x30, r1, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_PORT={0x6}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8}]}]}, 0x30}}, 0x0)

24.298440087s ago: executing program 4:
r0 = accept(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x800051, &(0x7f00000002c0)={[{@jqfmt_vfsv0}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80}}, {@noload}, {@noblock_validity}, {@init_itable}, {@noblock_validity}]}, 0x0, 0x454, &(0x7f0000000d40)="$eJzs3M9vFFUcAPDvTH+g/GpF/MEPtYrGxh8tLajEeNFo4kETEz3gsbaFIAs1tCZCiKIheDQk3o2JFxP/Ak96MerJxCveDQkxXEQvjpndGdiW3bLb7rLAfj7JkPd23vDed2be9s17uxtA3xrL/0kiNkfEhYhIa9llBcaKclcun5795/Lp2SSy7O2/kmq5vy+fni2LlsdtKjLjaUR6NoldDepdPHnq6EylMn+iyE8uHftgcvHkqWePHJs5PH94/vj0gQP790298Pz0cx2JcyRv686PF3bveP3d82/OHjz/3i/f5e3dXOyvj6Mzhqpn7cUme5/obGU991+WZWU6GextW2hd3t+3F3frhRiJgbNbr+4bidc+62njgK7Ksiybbr77TAbcwZLodQuA3ij/0OfPv+V2k4Yet4RLL0fEYC3+K8VW2zNYfTaK4tloS5fqH4uIg2f+/SrfoivzEAAAy/2Qj3+eaTT+S+P+unJbizWU0Yi4JyK2RcS9xdzxfRHVsg9ExINt1j+2In/9+Ce92OCwbKDNeprJx38vFWtby8d/5egvRgeK3JZq/EPJoSOV+b3FORmPoQ15fmqVOn589fcvmu2rH//lW15/ORYs2nFxcMPyY+ZmlmbWE3O9S59G7BxsFH8S5TJOEhE7ImLnGus48tS3u5vtu3H8q+jAOlP2dcSTtet/JlbEX0pWX5+cvCsq83sny7vier/+du6tZvWvK/4OyK//xob3/9X4R5P69drF9us498fnTZ9p1nr/DyfvVNPDxWsfzSwtnZiKGE7euP71ugnuMl+Wz+Mf39O4/2+La2diV0TkN/FDEfFwRDxStP3RiHgsIvasEv/Przz+/trj7648/rm2rn/7iYGjP33frP7Wrv/+amq8eKWV979WG7iecwcAAAC3i7T6GfgknbiaTtOJidpn+LfHxrSysLj09KGFD4/P1T4rPxpDaTnTNVI3HzpVzA2X+ekV+X3FvPGXA3dX8xOzC5W5XgcPfW5Tk/6f+7NTiyzArcv3taB/6f/Qv9be/71zwO1OL4b+pf9D/2rU/z/pQTuAm8/ff+hfbfX/4doPYgB3hpX9/1yLxw13oS3AzWX8D31pPd/rv2EiiW79z9cS8U3E6mWSLtbex4lIb4lm9FFisOVftehEotfvTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ3xfwAAAP//J3Lp3g==")
mkdirat(0xffffffffffffff9c, &(0x7f0000000740)='./file0/../file0\x00', 0x0)
mkdirat(r1, &(0x7f0000000880)='./file0\x00', 0x145)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
quotactl$Q_QUOTAON(0xffffffff80000202, &(0x7f0000000000), 0x0, &(0x7f0000000080)='./file0\x00')
r4 = fsmount(0xffffffffffffffff, 0x1, 0x75)
ioctl$F2FS_IOC_MOVE_RANGE(r3, 0xc020f509, &(0x7f00000003c0)={r0, 0x1dc8, 0x2, 0x3aa2160})
flistxattr(0xffffffffffffffff, &(0x7f00000011c0)=""/4112, 0x1010)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_opts(r5, 0x29, 0x36, &(0x7f0000000040)=@fragment, 0x8)
getsockopt$inet6_opts(r5, 0x29, 0x36, 0xfffffffffffffffe, &(0x7f0000000840)=0x7)
r6 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0)
io_setup(0xfff, &(0x7f0000000380)=<r7=>0x0)
io_submit(r7, 0x1, &(0x7f0000000080)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0}])
ioctl$AUTOFS_DEV_IOCTL_VERSION(r4, 0xc0189371, &(0x7f00000006c0))
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r6, 0xc0c89425, &(0x7f00000005c0)={"b42ee897e8fde002a2d7d89c3348e984", 0x0, 0x0, {0x1}, {0xffffffffffff9619, 0x80000001}, 0x20, [0x7, 0xffffffffffffffff, 0x200, 0x101, 0x3, 0x1f, 0x7f, 0x0, 0xdc63, 0x8, 0x6, 0x1ff, 0x2, 0x9, 0x8b, 0x7fffffffffffffff]})
syz_genetlink_get_family_id$wireguard(&(0x7f0000000800), 0xffffffffffffffff)
r8 = openat$zero(0xffffffffffffff9c, &(0x7f0000000280), 0x46203, 0x0)
write$binfmt_misc(r2, &(0x7f0000000480)={'syz0', "dbbbe4c1ed51e0b17d1df21c06b6c7d9e83fb0083ccd0d3fa5423ff57389c5ef8e0f7ba18776c82cd7f34a0a5b500b3f72b42b0c02d7e932ce7e713e5cb10b7725b74f78a8aca0087b93b8f3b964edf52dc517df52374649ba4fe7660c06861be973a2f177e10fcf10bb9d0df062c78598e795ce7531c3eb5f35695e70aaa740bd037d5465f4b9295192b4452a6448f472a80389b0727cbfc59f6f65248017d16c6e9f371e7094c8abe86edbc7860805a55fac5cfb30f23b6cfb9f3553d52dbf272734d0918b5e12eaa250a4dff1f09584dde541ee61fef6fed31229bd56aef306834443668c6449f22a7b03be06be9fe7689bea"}, 0xf8)
pivot_root(&(0x7f0000000400)='./file0\x00', &(0x7f0000000580)='./file0/../file0\x00')
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r8, {0x2}}, './file0/../file0\x00'})
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="340000001000050700"/20, @ANYRES32=0x0, @ANYBLOB="00000000001000e7130012800b000100627203000000000000000281"], 0x34}}, 0x0)
getsockopt$IP_SET_OP_GET_BYINDEX(r9, 0x1, 0x53, &(0x7f0000000000)={0x7, 0x7, 0x2}, &(0x7f0000000040)=0x28)
r10 = socket(0x10, 0x2, 0x0)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000940)={&(0x7f00000009c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002abd7000ffdbdf251200000008000600fbff0000080007000000000008000900020000000800070009000000f0491fc0cf3093ccd3ef572f719d2243fae183ea845d83fc42cdca9dd027186a66371bcdba9534a0d5bf08"], 0x34}, 0x1, 0x0, 0x0, 0x40e1}, 0x80)
sendmmsg$alg(r10, &(0x7f0000000200), 0x4924924924926d3, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r10, 0x89fb, &(0x7f00000007c0)={'sit0\x00', &(0x7f0000000780)={@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, @dev={0xac, 0x14, 0x14, 0x42}, 0x8, 0x10}})

22.955734662s ago: executing program 4:
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "fe1d0e1cff001704000000341300"}})

22.572053402s ago: executing program 4:
r0 = creat(&(0x7f0000000600)='./file0\x00', 0xecf86c37d53049cc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000840)=0x5)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
dup(0xffffffffffffffff)
accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x0)
write$binfmt_script(r0, &(0x7f0000000840)={'#! ', './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x104)
close(0xffffffffffffffff)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r4 = userfaultfd(0x1)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0))
r5 = io_uring_setup(0x3eae, &(0x7f0000000080)={0x0, 0x0, 0x8})
io_uring_register$IORING_REGISTER_BUFFERS(r5, 0x0, &(0x7f00000001c0)=[{&(0x7f0000001700)=""/4095, 0xfff}, {&(0x7f0000000240)=""/98, 0x62}], 0x2)
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_COPY(r4, 0xc028aa05, &(0x7f0000000080)={&(0x7f0000c15000/0x1000)=nil, &(0x7f0000508000/0x4000)=nil, 0x1000})
r6 = socket(0x10, 0x803, 0x0)
io_setup(0x0, &(0x7f0000000180)=<r7=>0x0)
r8 = open(&(0x7f0000000780)='./bus\x00', 0x1051fc, 0x0)
io_submit(r7, 0x1, &(0x7f0000001d00)=[&(0x7f00000000c0)={0x0, 0x0, 0x8, 0x7, 0x0, r8, &(0x7f0000000300)="70bf3e7e8fe7e90f80000000000000001ab3f3115f", 0x15, 0x401}])
getsockname$packet(r6, &(0x7f0000000040)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000080)=0x14)
sendmsg$nl_route_sched(r8, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=@getqdisc={0x30, 0x26, 0x100, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r9, {0x8, 0xc}, {0x1, 0x7}, {0xb, 0xe}}, [{0x4}, {0x4}, {0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x24000001}, 0x4002041)

22.550299319s ago: executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_PIT(r1, 0xaea3, 0x0)

22.25488853s ago: executing program 0:
syz_mount_image$minix(&(0x7f0000000040), &(0x7f0000000140)='./file1\x00', 0x804002, &(0x7f00000006c0)=ANY=[@ANYRES8=0x0, @ANYRESOCT, @ANYBLOB="460d5bffafc0a24ca686d2c2ffb4cf5f4526b7b05719201d1a6e11d86a17ace724da5d1a5cdd19fa42d681b65e6790d2ac839840c5628a8896cd2e7ce77a90f74e8c5ccdf73368a3e69a57b6bede0bf83968b8ae88af8fc5817af7c290021a01915daf57fbcbeb65d1ff41896d95c8f78907c929e0f3c7295e31395bed34a95de71671aa7a75c829f1d02b8223cc29301f7eb37942f09192bdb6ef582d4fc9f8e41f37674753", @ANYRES16, @ANYRESDEC, @ANYRESOCT=0x0, @ANYRESOCT=0x0, @ANYRES16=0x0, @ANYRESDEC=0x0], 0xd, 0x1b4, &(0x7f0000000340)="$eJzs3E/u0kAUwPE3tNKC/1DUhTGRxIVupIBK4k6PglAJsagRNxAW6AU8g/eThXHjSkynpcSBQsBK8cf3s6DTvpn2degkLyRFAJytF1ITJUoK4c49t/KlqvJOCcCRLOLtrwWA82P9jLa1vBMBcGTzl6Jr/2/fpzWxikldsGyF8VkU70rBXqsf5p9E7tpxXLlSMuuLryIPl+NV2Rz+IzxSTuKXjXBRn//Rg+X1r8hVuSbXpSI35KZU4+v3kvF39i1/nH0HAABwESip74qndLikP0vyehD4Dd3T8Oqp7hXGm6nnL+p4a2vcup+en6PH17vvgt7W+wCwrmCuf2Xupq3/iJWs/83sHesfQH5G48mbThD4H7JtOHLAKPfPfBaOSOaJrRrOPzvzKTdUVt+7I+YRO5MMS6mhz7IpFD40WU7UNJ6gTGdeXOPIzOwTVtN5Pht2dHUrToPfxYAz4H0cvvdG48njwbDT9/v+21aj8bz97Emz3fJ0Ze9tr+8B/L9WZUDemQAAAAAAAAAAAAAAgEPdktt5pwAAAADgSHa/uhT/589fvGCU9z0CAHByfgcAAP//qK8IkA==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0)
write$cgroup_int(r0, &(0x7f0000000380), 0x1040c)
close(r0)

21.27644455s ago: executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
syz_mount_image$exfat(&(0x7f0000000400), &(0x7f0000000240)='./file0\x00', 0x2000084c, &(0x7f0000000880)=ANY=[@ANYBLOB='umask=00000000000000000000011,discard,dmask=00000000000000000000007,uid=', @ANYRESHEX=0x0, @ANYBLOB=',dmask=00000000000000000000152,fmask=00000000000000000000006,gid=', @ANYRESOCT=r0, @ANYBLOB=',uid=', @ANYRESHEX=0xee00, @ANYBLOB="2c646973636172642c00ce6fb92f3b6892859719d513fb2b724d78e448737550f435f5dc50947a837ac494c7c5eb9c5beb42ba26aa26d209487904b0dd87d0e214ea5f0d0f93cd17bbcd11398e4f3de48c458ac42a36d259c1947b981eec266c1568a7b1911a194200b826832913e757be58730ef2d7f818c529bc84b3566eff9e"], 0x81, 0x14f5, &(0x7f0000001580)="$eJzs3AuYjlXXOPC99t43Y5r0NMlh2GuvmycNtkmSHBJySJIkSXJKSJokSUgMOSUNSchxkhyGkBymMWmcz4eckyavNEkSklPY/0vv+33e9+v9vr7v//b/u65v1u+69jV7zf2s9ax71lzz3PdzXfP80HNUvRb1azcjIvEvgb9+SRFCxAghhgkhbhBCBEKISvGV4q8cL6Ag5V97EvbnejT9WnfAriWef97G88/beP55G88/b+P55208/7yN55+38fwZy8u2zyl2I6+8u/j9/7yMX///F8ktP/mbjeVv7vU/SOH55208/7yN55+38fzzNp5/3sbz/9+v1n9xjOeft/H8GcvLrvX7z7yu7brWv3+MMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxvKGc/4qLYT4t/217osxxhhjjDHGGGN/Hp//WnfAGGOMMcYYY4yx//dASKGEFoHIJ/KLGFFAxIrrRJy4XhQUN4iIuFHEi5tEIXGzKCyKiKKimEgQxUUJYQQKK0iEoqQoJaLiFlFa3CoSRRlRVpQTTpQXSeI2UUHcLiqKO0QlcaeoLO4SVURVUU1UF3eLGuIeUVPUErXFvaKOqCvqifriPtFA3C8aigdEI/GgaCweEk3Ew6KpeEQ0E4+K5uIx0UI8LlqKJ0Qr0Vq0EW1Fu/+r/FdEX/Gq6Cf6ixQxQAwUr4lBYrAYIoaKYeJ1MVy8IUaIN0WqGClGibfEaPG2GCPeEWPFODFevCsmiIlikpgspoipIk28J6aJ98V08YGYIWaKWWK2SBdzxFzxoZgn5osF4iOxUHwsFonFYolYKjLEJyJTLBNZ4lOxXHwmssUKsVKsEqvFGrFWrBPrxQaxUWwSm8UWsVVsE9vF52KH2Cl2id1ij9gr9okvxH7xpTggvhI54uv/Yf7Z/5DfCwQIkCBBg4Z8kA9iIAZiIRbiIA4KQkGIQATiIR4KQSEoDIWhKBSFBEiAElACEBAICEpCSYhCFEpDaUiERCgLZcGBgyRIggpwO1SEilAJKkFlqAxVoCpUhepQHWpADagJNaE21IY6UAfqQT24D+6D+6EhNIRG0AgaQ2NoAk2gKTSFZtAMmkNzaAEtoCW0hFbQCtpAG2gH7aA9tIcO0AE6QSfoDJ2hC3SBZEiGrtAVukE36A7doQf0gJ7QE3pBb+gNr8Ar8Cq8Cv2hjhwAA2EgDIJBMASGwlB4HYbDG/AGvAmpMBJGwVvwFrwNY+AMjIVxMB7GQw05ESbBZCA5FdIgDabBNJgO02EGzISZMBvSYQ7MhbkwD+bDfPgIFsLH8DEshsWwFDIgAzJhGWRBFiyHs5ANK2AlrILVsAZWwzpYD+tgI2yCjbAFtsA22Aafw+ewE3bCbtgNe2EvfAFfwJfwJaRCDuTAQTgIh+AQHIbDkAu5cASOwFE4CsfgGByH43ACTsIpOAmn4TScgbNwDs7BBbgAF+GlhO+a7y2zIVXIK7TUMp/MJ2NkjIyVsTJOxsmCsqCMyIiMl/GykCwkC8vCsqgsKhNkgiwhS0iUKEmGsqQsKaMyKkvL0jJRJsqysqx00skkmSQryAqyoqwoK8k7ZWV5l6wiq8qOrrqsLmvITq6mrCVry9qyjqwr68n6sr5sIBvIhrKhbCQbycaysWwiH5ZN5QAYAo/KK5NpIUdCSzkKWsnWso1sK9+GJ2V7OQY6yI6yk3xajoOx0EW2d8nyOdlVToJu8gU5GV6UPeRU6Clflr1kb9lHviL7yg6un+wvZ8AAOVDOhkFysBwih8p5UFdemVg9+aZMlSPlKPmWXApvyzHyHTlWjpPj5btygpwoJ8nJcoqcKtPke3KafF9Olx/IGXKmnCVny3Q5R86VH8p5cr5cID+SC+XHcpFcLJfIpTJDfiIz5TKZJT+Vy+VnMluukCvlKrlarpFr5Tq5Xm6QG+UmuVlukVvlNrldfi53yJ1yl9wt98i9cp/8Qu6XX8oD8iuZI7+WB+Vf5CH5jTwsv5W58jt5RH4vj8of5DH5ozwuf5In5El5Sv4sT8tf5Bl5Vp6T5+UF+au8KC/Jy9JLoUBJpZRWgcqn8qsYVUDFqutUnLpeFVQ3qIi6UcWrm1QhdbMqrIqooqqYSlDFVQllFCqrSIWqpCqlouoWVVrdqhJVGVVWlVNOlVdJ6jZVQd2uKqo7VCV1p6qs7lJVVFVVTVVXd6sa6h5VU9VStdW9qo6qq+qp+uo+1UDdrxqqB1Qj9aBqrB5STdTDqql6RDVTj6rm6jHVQj2uWqonVCvVWrVRbVU79aRqr55SHVRH1Uk9rTqrZ1QX9axKVs+prup51U29oLqrF1UP9ZLqqV5WvVRv1UddUpeVV/1Uf5WiBqiB6jU1SA1WQ9RQNUy9roarN9QI9aZKVSPVKPWWGq3eVmPUO2qsGqfGq3fVBDVRTVKT1RQ1VaWp99Q09b6arj5QM9RMNUvNVulqjhryt0oL/hv57/+T/BG/Pfs2tV19rnaonWqX2q32qL1qn9qn9qv96oA6oHJUjjqoDqpD6pA6rA6rXJWrjqgj6qg6qo6pY+q4Oq5OqJPqvPpZnVa/qDPqrDqrzqsL6oK6+LefgdCgpVZa60Dn0/l1jC6gY/V1Ok5frwvqG3RE36jj9U26kL5ZF9ZFdFFdTCfo4rqENhq11aRDXVKX0lF9iy6tb9WJuowuq8tpp8vrJH3bv5z/R/210+10e91ed9AddCfdSXfWnXUX3UUn62TdVXfV3XQ33V131z10D91T99S9dC/dR/fRfXVf3U/30yk6RQ/Ur+lBerAeoofqYfp1PVwP1yP0CJ2qU/UoPUqP1qP1GD1Gj9Vj9Xg9Xk/QE/QkPUlP0VN0mk7T0/Q0PV1P1zP0DD1Lz9LpOl3P1XP1PD1PL9AL9EK9UC/Si/QSvURn6AydqTN1ls7Sy/Vyna1X6BV6lV6l1+g1ep1epzfoDXqT3qS36C06W2/X2/UOvUPv0rv0Hr1H79P79H69Xx/QB3SOztEH9UF9SB/Sh/Vhnatz9RF9RB/VR/UxfUwf18f1CX1Cn9Kn9Gl9Wp/RZ/Q5fU5f0Bf0RX1RX9aXr1z2BTKQgQ50kC/IF8QEMUFsEBvEBXFBwaBgEAkiQXwQHxQKbg4KB0WCokGxICEoHpQITICBDSgIg5JBqSAa3BKUDm4NEoMyQdmgXOCC8kFScFtQIbg9qBjcEVQK7gwqB3cFVYKqQbWgenB3UCO4J6gZ1ApqB/cGdYK6Qb2gfnBf0CC4P2gYPBA0Ch4MGgcPBU2Ch4OmwSNBs+DRoHnwWNAieDxoGTwRtApaB22CtkG7P7W+92eKPOX6mf4mxQwwA81rZpAZbIaYoWaYed0MN2+YEeZNk2pGmlHmLTPavG3GmHfMWDPOjDfvmglmoplkJpspZqpJM++ZaeZ9M918YGaYmWaWmW3SzRwz13xo5pn5ZoH5yCw0H5tFZrFZYpaaDPOJyTTLTJb51Cw3n5lss8KsNKvMarPGrDXrzHqzwWw0m8xms8VsNdvMdvO52WF2ml1mt9lj9pp95guz33xpDpivTI752hw0fzGHzDfmsPnW5JrvzBHzvTlqfjDHzI/muPnJnDAnzSnzszltfjFnzFlzzpw3F8yv5qK5ZC4bf+Xi/srLO2rUmA/zYQzGYCzGYhzGYUEsiBGMYDzGYyEshIWxMBbFopiACVgCS+AVhIQlsSRGMYqlsTQmYiKWxbLo0GESJmEFrIAVsSJWwkpYGStjFayC1bAa3o134z14D9bCWngv3ot1sS7Wx/rYABtgQ2yIjbARNsbG2ASbYFNsis2wGTbH5tgCW2BLbImtsBW2wTbYDtthe2yPHbADdsJO2Bk7YxfsgsmYjF2xK3bDbtgdu2MP7IE9sSf2wl7YB/tgX+yL/bAfpmAKDsSBOAgH4RAcgsNwGA7H4TgCR2AqpuIoHIWjcTSOwTE4FsfheHwXJ+BEnISTcQpOxTRMw2k4DafjdJyBM3AWzsJ0TMe5OBfn4TxcgAtwIS7ERbgIl+ASzMAMzMRMzMIsXI7LMRuzcSWuxNW4GtfiWlyP63EjbsTNuBm34lbcjttxB+7AXbgL9+Ae3If7cD/uxwN4AHMwBw/iQTyEh/AwHsZczMUjeASP4lE8hsfwOB7HE3gCT+EpPI2n8QyewXN4Di/gr3gRL+Fl9BhjpYi119k4e70taG+wMbaA/fu4qC1mE2xxW8IaW9gW+YcYrbWJtowta8tZZ8vbJHvb7+IqtqqtZqvbu20Ne4+t+bu4gb3fNrQP2Eb2QVvf3vcPcWP7kG1iH7dN7RO2mW1tm9u2toV93La0T9hWtrVtY9vazvYZ28U+a5Ptc7arff53caZdZtfbDXaj3WT32y/tOXveHrU/2Av2V9vP9rfD7Ot2uH3DjrBv2lQ78nfxePuunWAn2kl2sp1ip/4unmVn23Q7x861H9p5dv7v4gz7iV1os+wiu9gusUt/i6/0lGU/tcvtZzbbrrAr7Sq72q6xa+26f+91ld1it9ptdp/9wu6wO+0uu9vusXt/i6+cxwH7lc2xX9sj9nt7yH5jD9tjNtd+91t85fyO2R/tcfuTPWFP2lP2Z3va/mLP2LO/nf+Vc//ZXrKXrbeCgCQp0hRQPspPMVSAYuk6iqPrqSDdQBG6keLpJipEN1NhKkJFqRglUHEqQYaQLBGFVJJKUZRuodJ0KyVSGSpL5chReUqi26gC3U4V6Q6qRHdSZbqLqlBVqkbV6W6qQfdQTapFteleqkN1qR7Vp/uoAd1PDekBakQPUmN6iJrQw9SUHqFm9Cg1p8eoBT1OLekJakWtqQ21pXb0JLWnp6gDdaRO9DR1pmeoCz1LyfQcdaXnqRu9QN3pRepBL1FPepl6UW/qQ69QX3qV+lF/SqEBNJBeo0E0mIbQUBpGr9NweoNG0JuUSiNpFL1Fo+ltGkPv0FgaR+PpXZpAE2kSTaYpNJXS6D2aRu/TdPqAZtBMmkWzKZ3m0Fz6kObRfFpAH9FC+pgW0WJaQkspgz6hTFpGWfQpLafPKJtW0EpaRatpDa2ldbSeNtBG2kSbaQttpW20nT6nHbSTdtFu2kN7aR99QfvpSzpAX1EOfU0H6S90iL6hw/Qt5dJ3dIS+p6P0Ax2jH+k4/UQn6CSdop/pNP1CZ+gsnaPzdIF+pYt0iS6TJxFCKEMV6jAI84X5w5iwQBgbXhfGhdeHBcMbwkh4Yxgf3hQWCm8OC4dFwqJhsTAhLB6WCE2IoQ0pDMOSYakwGt4Slg5vDRPDMmHZsFzowvJhUnhbWCG8PawY3hFWCu8MK4d3hVXCquHjD1YP7w5rhPeENcNaYe3w3rBOWDesF9YP7wsbhPeHDcMHwkbhg2HF8KGwSfhw2DR8JGwWPho2Dx8LW4SPhy3DJ8JWYeuwTdg2bBc+GbYPnwo7hB3DTuHTYefwmbBL+GyYHD4Xdg2f/8PjKeGAcGD4Wvha6P0Dakl0aTQj+kk0M7osmhX9NLo8+lk0O7oiujK6Kro6uia6Nrouuj66Iboxuim6ObolujW6Lep9/fzCgZNOOe0Cl8/ldzGugIt117k4d70r6G5wEXeji3c3uULuZlfYFXFFXTGX4Iq7Es44dNaRC11JV8pF3S2utLvVJboyrqwr55wr75JcW9fOtXPt3VOug+voOrmn3dPuGfeMe9Y9655zXd3zrpt7wXV3L7oe7iX3knvZ9XK9XR/3iuvrXnX9XH+X4lLcQDfQDXKD3BA3xA1zw9xwN9yNcCNcqkt1o9woN9qNdmPcGDfWjXXj3Xg3wU1wk9wkN8VNcWkuzU1z09x0N93NcDPcLDfLpbt0N9fNdfPcPLfALXALExe6RW6RW+KWuAyX4TJdpstyWW65W+6yXbZb6Va61W61W+vWuvVuvdvoNrrNbrPb6ra67W672+F2uF1ul9vj9rh9bp/b7/a7A+6Ay3E57qA76A65Q+6w+9bluu/cEfe9O+p+cMfcj+64+8mdcCfdKfezO+1+cWfcWXfOnXcX3K/uorvkLjvv0iLvRaZF3o9Mj3wQmRGZGZkVmR1Jj8yJzI18GJkXmR9ZEPkosjDycWRRZHFkSWRpJCPySSQzsiySFfk0sjzyWSQ7siKyMrIqsjqyJuJ98R2hL+lL+ai/xZf2t/pEX8aX9eW88+V9kr/NV/C3+4r+Dl/J3+kr+7t8FV/VV/NP+Fa+tW/j2/p2/knf3j/lO/iOvpN/2nf2z/gu/lmf7J/zXf3zvpt/wXf3L/oe/iXf07/se/nevo9/xff1r/p+vr9P8QP8QP+aH+QH+yF+qB/mX/fD/Rt+hH/Tp/qRfpR/y4/2b/sx/h0/1o/z4/27foKf6Cf5yX6Kn+rT/Ht+mn/fT/cf+Bl+pp/lZ/t0P8fP9R/6eX6+X+A/8gv9x36RX+yX+KU+w3/iM/0yn+U/9cv9Zz7br/Ar/Sq/2q/xa/06v95v8Bv9Jr/Zb/Fb/Ta/3X/ud/idfpff7ff4vX6f/8Lv91/6A/4rn+O/9gf9X/wh/40/7L/1uf47f8R/74/6H/wx/6M/7n/yJ/xJf8r/7E/7X/wZf9af8+f9Bf+rv+gv+cv8P2uMMcYYY/8t6g+OD/gn35N/W1cMFEJcv7NY7n+subnwX/eDZULniBDiuf49H/23VadOSkrK3x6brURQarEQInI1P5+4Gq8QncQzIll0FBX+aX+DZe8L9Af1o3cKEft3OTHiany1/u3/Sf0nnx6fWTk8F/9f1F8sRGKpqzkFxNX4av2K/0n9Iu3/oP8C36QJ0eHvcuLE1fhq/STxlHheJP/DIxljjDHGGGOMsb8aLKt1/6P75yv35wn6ak5+cTX+o/tzxhhjjDHGGGOMXXsv9u7z7JPJyR2784Y3vOHNv2+u9V8mxhhjjDHG2J/t6kX/te6EMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhjLu/5/fJzYtT5HxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhj7Fr7PwEAAP//SOc8Mw==")
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000280)='./file0\x00', &(0x7f0000000440)='./file0/../file0/file0\x00', 0x0, 0x2809c11, 0x0)
mount$bind(&(0x7f00000006c0)='./file0\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0xadc51, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000400)='./file0/../file0/file0\x00', 0x0, 0x2885013, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='mounts\x00')
read$FUSE(r1, &(0x7f000000c1c0)={0x2020}, 0x2020)

21.037940278s ago: executing program 4:
bpf$PROG_LOAD(0x5, 0x0, 0x18)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x0, 0x27, &(0x7f0000004440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7", @ANYRES32, @ANYBLOB="0000000000000000b70200000000", @ANYRES32, @ANYBLOB="0000c5230000000000b7020000080000008500000086000000956683ab69a3d2ebfb783affb6b6df647eae9237ca422425280a8f67a16ff8d4c2764b5d0021fd9f464528f5cdf3bfdcf2351536663d2f97b096bd795c3ee0bf7ed630f481226d0b32ddf8f14359923f9de0f6fb2a2278a72540f1f3edfdb11c64549e"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000000)=0x4b)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000"], &(0x7f00000000c0)='syzkaller\x00'}, 0x90)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004540)={&(0x7f0000000100)={{0x14, 0x3ea}, [], {0x14, 0x3fa}}, 0x28}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8946, &(0x7f0000000900)={'wlan1\x00', @random='\x00\x00\x00 \x00'})
bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000100))
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000040)={0x0, "d2c4924d08b1e00000000000000000f3f70000000400000000fcff00"})
ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f0000000040)=ANY=[@ANYRES64=r3])
syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000740)='./file0\x00', 0x8102, &(0x7f0000000080), 0x7, 0x50a, &(0x7f00000001c0)="$eJzs3d9rY1kdAPDvvW3mZ9d00Yd1wbW4K51FJ2m37m7xYXcF0acFdX2vpU1LadqUJp2dlkW6+AcIMqjgk0++CP4BgsyfIMKAvouKIs6M8+CLRm5yM9PExHZq0mDz+cBpzrkn937PScnNOTmX3AAm1lxEvBcR70bE6xFRzLeneYrjdsqe9/jRR2tZSqLZ/OBvSST5ts6xkvzxZr7btYj41tcj4mGz2Ru3fni0vVqtVvbzcrmxs1euHx7d3tpZ3axsVnaXlhbfWn57+c3lhXP37c6J/GxEvPPVP/3w+z/72ju/+uKHv1/5y63vJnn/o6cfw9R+TQqt16JjOiL2RxFsDKby/hSywr1xtwYAgNOk+Rjuc63xfzGmWqM5AAAA4DJpvjvTWrtpAgAAAJdWGhEzkaSl/FqAmUjTUql9De+n4kZardUbX9ioHeyuZ3URs1FIN7aqlYX8WuHZKCRZeTG/xrZTfqOnvBQRL0bEveL1Vrm0Vquuj/vLDwAAAJgQN3vm/0+K7fn/maQjbhwAAAAwPLPjbgAAAAAwcub/AAAAcPmZ/wMAAMCl9o33389Ss3P/6/U7hwfbtTu31yv17dLOwVpprba/V9qs1TZbv9m3c9rxqrXa3pdi9+BuuVGpN8r1w6OVndrBbmNlq+sW2AAAAMAFevGz93+XRMTxl6+3UiQRV/K6wpjbBozWc/2E5x+f5q6Moi3AxZoadwOAsZkedwOAsTHHB5JT6gdevPPr4bcFAAAYjflP96z/h/V/mBRu4QmTy/o/TK4+6/8uCYAJUTACgIk3+vX/ZvO5GgQAAAzdTCslaSlfC5yJNC2VIl5o3RagkGxsVSsLEfGJiPhtsXA1Ky+29kxOnTMAAAAAAAAAAAAAAAAAAAAAAAAAAG3NZhLNc3hynp0AAACAsYhI/5zk9/+aL7420/v9wJXkH8XWY0R8+JMPfnR3tdHYX8y2P3y6vfHjfPsbp3zZ4GbjAAAAMDrTz7KdeXpnHg8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAw/T40UdrnXSRcf/6lYiY7Rd/Oq61Hq9FISJu/D2J6RP7JRExNYT4xx9HxEv94idZs2I2b0Vv/DQiro85/s0hxIdJdj87/7zX7/2Xxlzrsf/7bzpP/6uT57/sdHAyfuf8NzXg/PfCGWO8/OAX5YHxP454ebr/+acTPxkQ/9WBEa92lb7z7aOjQc9s/jRivu/nT9IVq9zY2SvXD49ub+2sblY2K7tLS4tvLb+9/ObyQnljq1rJ//aN8YPP/PJfrUzav/83BsSfPaX/rw3sf7d/Prj76JPtbKFf/Fuvdsefy+teGhA/zT/7Pp/ns/r5Tv64nT/plZ//5pU8+x8fWVn89QH9P+3/f+uM/X/9m9/7wxmfCgBcgPrh0fZqtVrZH3lmrn9VZ0R0Uc2QOX8mGfIBV4rt//tUdFd1hv7nP3I2lcqO0F2VDVvH/Rr+32TGd04CAABG49mg/wxP7lpwvzq6RgEAAAAAAAAAAAAAAAAAAMCEuYifE+uNeTyergIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/Ff/DgAA//+L5Mex")
r4 = syz_open_procfs(0x0, &(0x7f0000000080)='mounts\x00')
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/crypto\x00', 0x0, 0x0)
read$FUSE(r5, &(0x7f0000000200)={0x2020}, 0x2020)
mount(&(0x7f0000000300), &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='sysfs\x00', 0x0, 0x0)
pipe2$9p(0x0, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f00000043c0)=ANY=[], 0x15)
getpeername$qrtr(r5, &(0x7f0000000180), &(0x7f0000004240)=0xc)
syz_fuse_handle_req(r4, &(0x7f0000002240)="afaddbba376e1bba12e2f2262ec7a1f5b377313a7bcf2d9b013196c2f0f94bc244fc0dc1c1bfbd4ed45229ce0cb7ca58f4b8d430b30d6ad8e8a56099ff70f31257cbe8710542fbedf009e1a5799fb06a7e0301b43d31008caf089c4a5a49dc50ea4c476f63a8b0aa08dd78d9ff39d8dfafbe2c41ff5d2331dd2e9d784247d5272cdcd13e6d9d7a03fa6b0622e6f130e0489bf9105a2a511d6f5b7da1100ecfe5d6ce64f4aac5c00c26d636ac66f059201a3a790b946da4808f1d665484847b61faab09a5e4b45a17c4c55b64ecf6933705c22c85317cc5edeba3e9260033f6bac869ac3b08ed1c55ae3119c78761be6d934c3757d5f10079243e4f06429907163f81855b74887146d875d0e6ab4d5c7032e84c33ea24bb93b2ab6eaec0feeca93f006a0d2bc2bd601f2ede8f32b5fa2e37e0ad1460b8839676dedef30fb684f6fddfcd9a84f3efd78d076c996d92a186e921e16e5ac7aa1f70c585b3752cc1312876c758219645ad0a5540bc82074a497ffc3717c8e139c09b3d2e21fff27e12db18540448f7ff7b637f87b7a717a60a23934e4be7f55ac10d2c09098fa13c9f1c5ed9ba61cc3ddc320b5409071d2ddd25d5b8f79475e80b3b8257b25fad2c59c31c5855560f2600de1930cb1f2e57aed4fb0b79fa7aac52d54a73d62f424cbad6f82ce5d5749cce356f892488ed149283e51dfdded96136a90b5e0c63d1728a82c324b1dd756b9f9b257a9e7f4b07a007e8ed37274d686e4b1667b315b640cb610d48fbe98c07ddb82250e9399b1e705e3f805969b9a003902e2e7b85cb9e2171f5bd180fbb9bd26805fce0b2c6f87cd7d02a579ac24a5391ad2eec8868425034c5dc19dc7581bc0162ecb37a172175a859b143284e3146dfa01731b6ceca8e458cbdf8d785300d12c50c3bd9ca4b72cbb0480711b2cfe820c31887289b29fed60c04548ee3e24acaeed283a9400cbba31e1317ec6158ece4ce56af53e46e182a6d441ba04520f0e8b45b56eb378ddb17ef5d57b27941032e7c917313f555838ba5397816757da7bedb6c5ac760239455cf09861026920c2ab3119a3257d2eb61e8dac7c39ee5880cdfb7c4fcbcf28dc4fcceb81e81f5fbbc0179fe22fbac014b118ed1ec81652d34a67b53a9a8ee468d8e927a77ae79f381a249501d3055e7da0b7a8847850f4e35aaf5b5dd4338326da84d93091035bf10b80b3e79badd38fd5d2b9fdf0b0923c96193d93ae4d8753980f8c73e980934686f11acb266c161751367dc05e6ae5175bd304ae6b1fc016ff2a01eb05a1ba7ebf1b91cf25dc14852984acdfb008a5df08d5c8619c9211320b87a5f1b3902531050a147af6a7134316a7735ad310f6241258bd9b79e2dee1461840dfdd905bc2e17d55b49694a68f36bf4a64fb2f5a483b633398abaff7917d9f1216d70368ad4c8e4fcfb040040f32e8a6a534d02c4187fbd19b85f35f8c119e06e3dabaa210a649117722816b5a91c5125c84482d414edcd992c79aa80fd568a884c99d43b77a87daa96f662c53fba7367ee147daf620bc6d13d32c3d9cdf8095962a9bcb85a93b6598750cdbbf5925a2a0875afd1e58a568b89815ae420ea9553ed487a55393115a8907aaf3982827be1534576c257b8594b48d0d71fa1f56dd096a6ea3f7fa339b51585d36ef72d0bb0da4c2c84ace8d16be3ead998187df0e59045541b0a1e79e5ee5b1a55d8fcd157d49df504b6fc031c5fd1e01a8ee2ae9f84df78ef03595642a7812d737ad2595b922ee618823b53ae2594dc15193c7206591e9b16689c3d5bd4b4b8d6851c2e7f0550ba0178a64b8d3c08bfa35f064576ccac39e7936e2e10fd27785f66053580b45e9c93d666bb7d4eff042da50774049f0948b150a660e08e82fc352636cfa0fdc9409316e402440aba8ab8944840838d8121a76274a5f929101e25c2a7c0ccf84831c8981258b21679dd92b7c44a78acfd706cd25f8878873683a6f5aebc81d45375aefcb484bf517ec13dc814fdf390cd39f764a008777c9db7b22b1c7eb556a5f51fe9755916f84db7401744c015c1100b3d3cb8264b26c022d7f6441cd0f099681d7d9df8b3c9c6d153d6d0c30fefded15e74c7a9b5832032552ef6bfb3863330edac33a33df4a4839d661bf10ab6aed5d2093b57450ce6dd2fae63096d07e47b8ba3c5225625f6c8d98e007b49b907a4ca511aeefaf8ae3cf10ed63bf3a7dc0f7b0c1e48e6af2b158dc1ea12335ab91acaabacc104e79968f89999aec3b694aecc6783dfeb9a8efc140f18583d113454145bfbe1fe480bfb7de71fb394d08f453926208d5d595e09df3fa216fe78a2693c2c2a29cadb2c2e86ae09e912bd2ed18559a0f8b5f131b780fc8037081aa98eed56795f1bb5b44300f73b7ceb080d7c9b022b7246a93f7784aa3475e05e125d50b3a0cee066c609add2716ec88a70e1f0c79344b0cc80a543c28b970a186aefa24e9246882e790053d652b2175565a12916ce13f1865a40d34a9cc6555a7072b091e6e8b9c2c7137bca71cccc56e33281badaa73a30e67ff5ac9f489ab35bff85aa1daa10b23f4ca0d55f5850e6af0c5ac755364dcbd8c8cbd4bc76bfd220cb12d46361ef68dc9f90601a46a56140d19d05fe5be799c3af81340c9f07e252aa1768a5dfb4a0536481313d985d8ecb36cdbaa6891e0608ae5a842d9580400977d8a855308b85d1bd70e57523ca5c153640a2e7a778c9df5ad48e230d881c06e0222bba818738ee67ddb7cc2034d25a3ca5d259be6ad63f6cd84938be096d2ab5df0fa7249b57c7653a2c6a016d2890dbf6620c52e4594358c0711dea1bc6fbddb44f500bcbe64f269bf17e0c6c5d8e18ec56d3519706efb6c868d34643e48e5d05c91f458f8f3e0c6befc8511dfa508f5c26eafce1077a082abf8a868ddd62206f39e125cdfb52be753ac96f39341b797d23a3d173d783932271996f482fb80d8022700ab96efe2df6c19370fdf2030d784578a05594eb7905ab5125fc543713dad95d4467cd76f35de43e79a6eb5ede4edc8afb04ab682cf282ac865165329688e7a9a181cc42f9bc31c0203d5c4f8583f7f03ce0b69a5e7e5af7a87d8477dfe1ec64ec8e1132d7f36d3ce6c41dcbd347a50ba51c16340376f50f093269266f97a0b3570675d1bd54f7fccc8f99b264dcff9d057df961a6a4dc4268791091cc08208bd62e1088ca07ca5a2fa849978036554806fdfd9dcf231b28872715eb7b6f65b5ef064c49f0ad04e5bf4f50612a5f313b65eecf07c2b79f65a8b03058a043fcf4ca62a71027db9c2e5311febf53e8027d92f14ea0958000d1d388a323bdc70f6a2bffedd7d7697523b0c4add0e1234e35629014afd1789288e9ca6d65b49e5e2d31631da7674376781e7be087b9cdb58098744e4d6b9ffc2dd82d02ebe3886b869aae44f7080252dafd6d00718c5ddd1ef66d5a950ecd79a87ff35d286259e758e0a4bc552abe99a19d0abe5614e5e0474b8552c0b30cff0d44c816c7e23bec85bf466f7ab534b38e6d97fda0f42a3e2ad15d0f242b41818d7d0d99118a0c3230288a4fb7d18b19000cc58f46d26fefc703a00e6b5c592ad7e34caf29b9acf1d6cf3eec647b86ef3c5d5a8151914ec82320c546b92139e5c2ef2c7906413a0755d6bdb53441ef21a0d2d1400b4e024f4fd924a600d098f88649190cdb74a2390e497941743b87ff0d3e3016bc0f149b600232efa3a0403cbb6695520ad6aa4393c4f1cf201ac140e4a5e31bfdc1da895b0f38dd25d126cefd05fcde00f6f2afdb4e93c70cc3a6696c660c497b68072c3cfa7132d71a799cc1222c250df2aecee7d7656b888ccf61e9a572f76ba0a7d287ae7490365bd610bf9df142d131ee4324af19fb451e984a79b43026f516bec5e88a6aae9c6d37e13adfd2c99428dbd3dfab9ea008e15d01a2cada5c1e9482fd6e10de25ad362c83c27e913c6f27bed3dc5515d2e65eca95109c001782715fb897f3e572efda7196f96ec781f1e93201202a9596030d1936b25288dedde240d70dd3d01e5cd91e318a1ae3630d136e8e267deaac70079bf3282f93b08d12c9eb3f0b4617119857af8634531c922c75ca8b674e7cdf51a425fc0bb7f77c6a07e6a98293f991d7ba26e994d63cbb40becf54bdb74805006d55210e04bb31e8f97041cc9c345d8cc4783cf40a3007437872583ce7490a408f9d4d85d0fd063140e33078eb143d001f574ab412d8ab0affd504eacc1cf77ad14e2f3b7e78fb9ee66edb99fd6667e51bc522a6b61c0a7e81456097ce62b79fbf12dea8df4356f205f9ca4c0633aed65a0581952802be787bdbde12cd344f6cd0cd21cc3ce7515407051f61a8d686f25dd7dad9b3c8f9bd5ee578dd636028238eff03906b67751b275cd37d39b9c2458fa6b3bfeb9969ea1471ff982287efe8f31e3d50aa2a357c033691c78b5509c93272d674debc6a3a03a0ba7df7aa929888930de1b6a5aee0f599ea50ad079e183667142884be38b6715dbc6638c83a80f95bf9bad4e18bbd900da87964b7199ef9f49e3a1ae030d42107baba0e1170e48cd1b66d0bc63f1bded9748a2b8bea4a7d4b04e2d8dbd3b174d4a822470c2ffe4103fd2ecf0f9986935ae43cc8f2ed1e48ce542b197e6fee4ec1bd6f600a290d4e882b2fef318412aabd3fd1c9a57c313b81340bcded3505c0edd12fb88ec07e3743aaf48d93a3664a038953a3048f267c8f6b130e0d183f982cb4385dedf41e3dd68b0a00a8deb882476fe38cffce5f04c9dfd55a009051ef0608721d429b1f4731708d1c092eebe88382debdd0be1c6cb59ccf8d1951f350df8ca79972b3d35f420fd68b602ecaf29a94a0efe785042e8101d462a78ee0e215c380e7b115b74fe9b99d0762a0798d7e308d8594a158b28476dc1de2f4fa4bb68b9325d4bfb491212331eba8f2fabf611300d21fa9c7941306098a9ef3b5e66a40c3060bdc8f707956bcd95545db971d573b1cd9e4e9252b97d36a8a505855e8189b85cef25b736add58e74a67695e8f8e59a3bd97ed858a7c355ff674fd8402fa271bd3e50ccf88070408d31e76e9f166bd44f58fdfd682f8bdcc389ea33b4eee566f9a7e6174abcae98c0aacffae73c5b29fc5d210e35f7d42270b265ffde2de3d45439f8d71e371be19b0f2954bb9530ea5cc18f525c9c79990da81aac6c69550120d3c8ee98d82d8b6de6e59f86f41347d206411aa3a1cc39f841e8daf6a78f700170a140432126d3cd7c3b53cb592fd3aaaf7a45d02a8a537704cb5ea8d165315757d9477f0d52006525ef830dd7d16e82f9ef127689501ee55e2f69b79de0bab64b8325aa1f4bcae387fe84ed1baeecaa42413f684a1db7a120cb73853838f03565ade441ee66cb5f648e165fe617c539f6dec4f12a5f738171e8971184a9d6a14a123bf3cf888fc9e1253d6f98c26b3061e6358d36bdfdfdc85924b9114aec973f4d0e2d4b0c8cd66bf32fd208bb7485cb9c730c8d6e368fbf8fac16be225bcc8d320980f8f6d73ab1ed01d3db4a7e2c275da0fa6ee3eac4fb6b3831ce90b9d654a5039d0be542c3341ccae50193954a233b81e54a191e6cf1e0685ada89e21723ea1e836441d6b7d3da1d41e4e04f7cf770fdde3086c6dcc28b2bc4527b03fd5ca3fd5ce90c4ae665c34386d6bd423d391ea4a13bf62395846afd7bc8417889c02fe34373f20621d20d4912f1acef23169e7b45c7656643d1961fd1151a2a0df5b73fcb022a83d1b8b9a3669e00924a5af0d63bafb044eaaf09497f09187511254fe0d7343909f2b11ddea84191cbd14db3636c5458227ef53f8bd17bc933190958edcaf90453525b81cb0a2cc3088ae5c19fc7aa71b531ebf141a16bc11853bb82c320d21bd2ecf6556894fc586e253b659ab1545ee63e8a9a2d31765d07bc8ce446316aaf712cac59fa4e9d92e002c4421d2318e8b8dcbd67d1b9ca688d3d204a764e83e2d9b92cecd794b5f4763f482210165786b2892dd3a84b35c9348965de9f34ea2211d6062746c1053cd7d58cbef089c67209f301122fbcebd7ee15f627a78ccec7541a7b23f1f19f00238edadad3850fadea580aacf3f09261be6fd456d19c6c9b32e27f355178f0f8c4c9783b976a5555a198ad175274cbcf57ea23926fd38db0256ada2207115077ab6f0037c67a27532e68122ac57c990c581754736d72a81f4bba6d7a2ca7805873856a38c137e8a0b5741dcf16f3431d086e28ca138e2e75d129bff24137c930fb1f227083ed7055ad54d59d66fd4ec309b84767595a39d418d763b7f9c603d18d7992b2718cff68ad4975d1130b997a3a1f4fd27f583f95bf24cfdd49da653efe58d9a34703acca628938c8f395c701b1037151a3190d2eb174763fa78395b3e56bd716c8fe28d4e71d313e590561bf133c8a804c0c7f19453e0fcbf7315071120141780cf195ed34560ad38ecc7b81274768f96e37d6e655be2227eee8d0d1eea5e0c22502233377f56dab09a3f404e6216d65987066904c075bf09e39221dfc90f8c843abc9b145b9d5d7addf62d9016b8ee38b3a6c3d74f0656b3dc719782f6ea5cfb924e81e632d408d4b41c1aa56794c9a03c3527c826e2dc125b503d567536efef5c33e63507022f9615a503e52105f1357b8268a586e62a435b89f0aa4577baad3bda26c531e16ff99658f36fa86c2708d6a8142baf8db30db3fde91f51fe0ef9a19c9f4d79b16117ea59b8d92a9eb9cc4291f8fb758eea16dfffe3536ec690c02f767f36d4c1e93612dd09d6072501d5823adaa0183773b8ce6a841c1d78e97b364e527e5f2a5e185b1a9edbe425bb7c690d46fa65132d27834b0f1c06f69890fc5be997f7391da6324a2155b447470071f2435097e2ca46c0ee0dbda72d06dff6ef260934d198bad8a010023f2b8a04512732dcbb0ddc7c93cef9657dc4652789ad846958f9d696bd028d7e7f3b5876c25c01af0d252a2064c3a8663deb4d3f4692904152f758035f1746bbf8af5ced2837363de3a923a1ac1c1fb9d5258158d8f0b44e27a893820deb4f721f8cad92d7bdcfe26c098339719ce02bc54cf93b8760b36b6d8b7e2342e5ce7002dd9f46dc89fab1e878d574937e6969cb51a6f8a347ebcd48ce645aebcc2f7ed8e53c2564cdb80dad1040869650f5e16f334c19a479c4ae387648a372650d25101ba0deff30a944ca5cfefbbfaf0984687e5a2cb736b46f8df2a36784f4671f531c11c921cf4701de5b3395df8d88771326b3d7e2ff41b524abc75b9cdbdf40854f31c6a7e7847aea31900bcfe0b1311657ac591daffa773c6945c8444be06ddc0d5b49a4f713e04c7a78c423ca2177dc8c5ea898f5938105e8d5c560a4120a7d1444d546b09650b611013b9680f710cb843396aac34b91da40240098daad3672c45e35ff9bc804557d5b6ff3a46d455c7c8840e158a301b675de37558c4147c08fed3571af29da4d4a9ed9747f3c44a6f2cdfc7ac2be01b4180feb1997638a6fbd86227a0cec71b47312c0e3db7675f5939278008b93eaee1c09d7df8abf9e4d973c22c2b8a5743bec84fca15c855f231f15427b9e7d23f52b74e95577883322224a9cbdaf312afd780982666848d5e6e3dc403fa1061cc2c8914672e963909c14fb3612bca05aec976495c621f7fdb96ecb6714f966e3a44849ec256dbc9656d2d3166764a9608b6a91c9145367e764749d57a58d8e0b196921aa0e4520d6be238ccf9bdc462b63d02f95b36d62b93783f33bc56cb9cb224fccdadba782363b558985bedc9f079fb7bcb7cf91402bfbd8ece7e2840421fd2c1319728022ed81b4f24a9de307b127e09542fbfdf37e320dcf33c701f07cd1a64dfdf1bb3b34f303dff533b1ffa1abd7babc08395039b0f1165f132f5b131a47f51fab324d9502a3266a35cf6dfff372557b73bfb685ea46d2c38375231300ba10c6e16fcc873dc366f1cb7550659ccba00767bee15485c91aeee4a97d7af962d2f44e96e620bb2208410ef8aeb32c024e289668cad3c4e82e9fb0d76bd8d0343bd6fbd3460818594cca97be3d3140a244089b2ef22414b1fe8a4c1cd337532ed215bd7b73bb03753dbf26ec8e6d664dff003797bd34fc72fb6fcfdc916bd62b2ccb7193aee70869499b2349e6a4fcb35a9cba8dd8998de8afa734b854dc71e47f0103b0ff1c38562190def665509c76f037e393f8fe7ae05d8a4030640d99fda6f6e70d08709277e315e35e51a78dd3e1e47ee9cb06b9279989b97f42dae2cfd85296b570c3fe0f2615fadc33b09176b6e8c41978aa118ae407c3d8d12474d1aaab08b4067615d77c4373ac50715d9e9384461eb373790bbfe1b38976047eabb6ba9ecb4950110ceb95fbd11b32ed0b22b6d0c40bdcb44e9a08cca1e29dcf35da2db25606186a000bf157554ba7c55530dc3281336a272d9bc76814e2335db48c9980246214475f4dbc397e46d0b05cb1387d0551599ee0b67d612c085135f89472e99b275a48f7a90d2c6f377d023bc0f2ec69906856d4d05e94892d8aec469f800a76232f6b60fe170bde18df4702ae94556b976390d6aec61e6d017ebabe20fe7d0469b72207aff967865cc8dec893596449c640f486b2a8829d2973f65aadbd8b001f065b43ad57665887e1919f87a7e4d6e16b9beaf6099afffe31dca58f2869e707fa5f04d581ebcb8af9050a14a5a9fb333884e50a444563282118ab9c843f8152a7765901f392b32b22db3867bef3ef05fa41286bffc556e5357ae22bcde91e5a0d80dab8d0d83aa1d60f25b14dec69dcf15f3dc48e677b684c61d51c124bff09702d8e1e663cb87a7efefdbcf3576178e7dd614e3266b7f83f338250ffcf64260c7ca621c4750fe0345483202adab46eeb42779759e4974707b23e12bcc63371a9c1a39e681dd2bb6d2d304f3baefc9b38e16aeb4b33df166c0e19186b0fc8269bd9cd96d5b3adda68ccb9be58963a3865291d767fd6f8f133f30b9404ed1231cfa93d21d5f16941252650f6684b6499adef0aeae110ba35f9c611a08b57e3f219c2bd7bd5ffff509aa7cddd73bc62e681dabd8f15b24fd924f6ab00fbb2b16cc6af67fbeea2960ab6f5f98f1a6d0a870ccf10e3ba73d48e0ef1b38bfd7463b30309683e65dbf90776ab30cbf0e762c86c9864e27ca9a95e15a7b9d0b902f3dff2c8db81373ab7edc5eaf45a6230ff72837bed6fd2f0b3bcf829b5b75bbfa1b18af3c9f7490381eae64b553921c4da40db5a17afee6658acaf6a2eb1d381e1ccd9ec4e68eeae2f3e0d5de21a453ef99d99d65d6a067dff051822b9cacf5f1110e2972e2724c979b0c6c8bf5295716022c47c8f4af702bcfe1060602ba8f4be94815dd22ba2ee0d76f46eb4fd816d7e7b88a37a9cb65f1ef32e6cc6d101de6e94050eed22f6c0299a7cfb74a5f5f6ef4683f071839943017e0b58c8cc5a77251909888ab6f69b0e18b8ed8905654578f1604c620f7d8bcb0a0010a2b71a1b8d11e34f7c674912fbb61fad795b6fd455cf4feeff71d865d92ae41c3a5935d7ee5c28706de5cd4733a26320bc5e79b4352b63d7d320c69a63d9057187799ae483a6e9dc7ce101851cd598319173ab4ac49bf3b25ec8bd9fe8b664c87722223f1ee8c1b613e78729072ebcd51b7b9e3c5dd22b17b0dccf6a177b9fe279f56644476acb27f5c4a7bff77d0416dead2231d8f8ee44e6618ddcc2b9e34919bf21fa986d9e6b9d54c007e2f15293808b065c62aad7f9f42b0f39361528328071c4b5df273d2b41e2b9881a8c215fbb0280fd79a77570f93855d5d795a89613e0b4be1d8b1f50864637471d694ac417216294b08a4226fe098dee8d410bc3828ef27777489b9e6e3701e6ccf13151070b027fb53b00ee3a5e780348f47d314d04b353c76f920c69d571d7b674d2b1f9ad1597bd6f36e5ff82981d2158990e21b7102b20fbdbcbd2c2c25da51aceff00a1e7a56c8f75f9bf3655d6142ac74cbc8ee70ffec7a45bf1c4a3b6a65f629494670a84088a802598909031871dd576a5d47d911b509b0799e7178657dd66943ddc2666b7cae6b996c8b55b7cf0a6b9ce396cc3e262ebb83c2f640ec6a80538823a83fb3b74c8b51a8cbb18b4925b8045530ce8283c962561e3da3f7843720b4dc6afbe5278fe9a964860b88e33aedb298b61910e5c3ea4971e02cf869d5e68e8a95215e0e207af9b7e48f3452dc9aaf0bf15202932e71552a1f79a6482afc0c104fc70f3ffeb153a249620dafb5ef82308e97113ba4aee10301ea19ec5f0f2d643fba39a4a5f039003187255c1cd9a7d54253ab0c6f8c09cf51ea635d945231386fd891d80483ddb4f4d8e68a62a71b61bbd75b74fdff1610949508d33d740a72c633dde4db6a4cdc92a7de18a7b9ceec93ef8e130fbee0b66d7c4d3eb3d92d41f89b3bc7f276f275f827a5f5d4eee0ed7c0a90ca0a6639a974ed1311422372d7a84305ed6154a80f9cf4dc52a717c5ba57aa2e4fc2adb9da2b5c246706777fce38f6aba54534701314df2bb1725ec00b40bf6281ea0f45f3d085836934a8c884bbc3a89fca0240525fbc58969e7772709a3eb827e4da5035c852be598c14a36f71c78ca002bdc4161da2daf8db5303185b9dc97302a2df8f3adb1acfc5a19faa3066318892b44276606f537475b03d28b01182eba9be649c74b35dca086e4bbe0e9d6c5f3edf6c929e3ace7419cc7b106fe74d1b81eb675dd361a8099f8327cb99a72b1b83e194fd90c92450a6525445b7f2aac705920793ea1e0f1b33c754a0460fc681716fa70a383f81c6cf95f49e54baaae984bf931e9bd28942e5c4e90f57d2d398299669af06e62fcf860dec6158982f80331060f24af75ac27bf05e3652a822d6421c26c2dd33ddf1ce60d4c7a74abba565bec2e18b7a5cf21ac63c8271ac2c00ed736bc14998448dc4c19c5f50f9f9c75b4dc546a33c26e8ea26ab2ab05de5f4a346831bf743abd4119079d42df45b461258cbf1ca05370229802f7e0430c5496cac07658ac3ce55ad783a55b3414c0572dc3632a368c9395af43ad25a0e1fa3569366492bb9063a64b77a4d0001208ad093f98c1c3482e97015dcbae76f173bdce59db0bfd1015de911b3b652bae2dfba64f496e7bab5735fc3b683ffe19750b73ea2491b1f7a2be4db9ca703f11c360d7b2ef8f49b9d262900de5476f682bf7d526497f7825cebf9f136a4d6b347d1874fa6fe441fb95d338080b2a5268cfaea8fed039a1900028c4aecf225e0bb328522c2944f2a7281daebb2dd52d312be1c5824cb19317021d10ba3b89d02763677172ce0ae6ca996b147a934a266e75b2bf35d523b7f9eddf0afe102d4ee9db8926d10be781bbaa25b815ea2dad9a9908a827be0c0e5b6b960e99b702d76b2af58a2afe7eb1e2cf30e660cf6296bd11607c33e85fefbff67b0dd74c5110236048da6d92eabda02925f0816ec048cb1333894aa172ee73d5e3c833e3858a0e219debc74d89bda90c70f88bbe41c943375840ceb55064b2f2b239cfc769582cd410f1bdb26fc78d9728a30899b3460405b157a1dcd33b31fb6e2a4113e4bb41214aae4a037f99f8", 0x2000, &(0x7f0000007080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

20.645587158s ago: executing program 0:
r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x13, 0x80801)
ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000000)=@usbdevfs_driver={0x0, 0x80805513, 0x0})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f0000000400)={'wg1\x00', <r2=>0x0})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f00000008c0), 0xffffffffffffffff)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r5, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r3, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000900)={0x20, r4, 0x1, 0x0, 0x0, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}]}, 0x20}}, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.idle_time\x00', 0x26e1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000013"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x4c1842, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000280)={'syzkaller0\x00', 0x1000})
close(0xffffffffffffffff)
r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0x5, [@struct={0x0, 0x1, 0x0, 0x4, 0x0, 0x8, [{0x0, 0x3}]}, @ptr, @restrict={0x3, 0x0, 0x0, 0x4, 0x4}]}, {0x0, [0x0, 0x0, 0x2e]}}, 0x0, 0x4d}, 0x20)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000017c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, r7, 0x0, 0x1}, 0x48)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000009c0))
write$binfmt_aout(r0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0701091f70010000d8020000040000005d030000ff010000000000000000000068ab34f1091a17155834cdb74745782181dc56a9745b1d15a787007de1c283452df45a36a9fe89c0b51664ba8bcfcdbd0f73a76a4e74601bc736a108cdad0777cec24ab2cc19488499e6fb1d985abf6d3fc677543bf813d451204a6e0fe219e11d40cdfbbf8da68380b9d130d2c352dc0140cc69f1f13c550be49493270100000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000027c61b820000000000000000000000000000000000000000000000000000c52f214ce5a77481e35ea680e9d3feab"], 0x1a1)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0)
write$cgroup_devices(r6, &(0x7f0000000840)=ANY=[@ANYBLOB="1e0308004d6b71ef288563018270200806"], 0xffdd)
msgsnd(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0300000000000000a2c775123584f1ec5cad0868b3658c1e1873fe8e49af9148f9f7eb4a5ea959da4aaf081a366aaf0fe7ea8c2b2c27084ac452b16ee327f98e9b68758e70c6969423abc18de4197fc698973e4ea5b212dab372ee2971562ccaa41b4e1c490c958d6d3ed3eee5dcdf0413931b49ce948f0daade7493891f", @ANYRES64=r3, @ANYRESHEX=r3], 0x0, 0x800)

19.953792196s ago: executing program 0:
syz_mount_image$erofs(&(0x7f0000000040), &(0x7f00000004c0)='./file0\x00', 0x1000000, &(0x7f0000000240)=ANY=[@ANYBLOB="00058639aa6f0bfbe4b28434ef119376977b00fffbcec7a5fc1f5a72d4fe24156a9f971990e4f372b7"], 0x0, 0x17d, &(0x7f0000001ac0)="$eJzsmLFP+kAUx7/vyg/yMy6uLg4SxcHSFjUuxLA5mogaNwlUghYx0EGYdPH/cHZwdvOPMM7qYFwY3Uxqej3oQQR10MT4PsPj+7h313evyXcoGIb5szw+vNyvFe+EAWASaaTU/89GXCO0+tfb83Jraj1/OfeUv041robPIwBB8PnnJwDcFAz4Kg+Cwd1p9VuE6OstCCwovQOCqfQeBLaVdkHYVfpA042w3jT3a55rlhteJRRWGOwwOGHIDffXPSNUtP5IW2+1O4clz3Ob3yg+ml+3IJDX+tPfV282ljY/GwK20jkQNpVeRao3m2gk2v2nE/H5xg/fnwULFr9NxP4UXBDmNX9KaP6R9evH2Va7s1irl6pu1T1ynNyKtWRZy05WGlEUx/jff+lPE9r5/0bUJimJk5LvN+0o9nMniu85rpD+J5CZjfLQ+5Mju4nWSe0jqTLGmHKGYRiGYRiGYRiGYRiGYZgvMAOSX0EldIo4GcDZkNVvAQAA///an3MA")
chdir(&(0x7f0000000380)='./file0\x00')
chdir(&(0x7f0000000140)='./file0\x00')
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)

18.982971757s ago: executing program 0:
r0 = socket(0x2, 0x80805, 0x0)
setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000480)={0x0, @in6={{0xa, 0x0, 0x0, @loopback}}}, 0x90)

17.052086989s ago: executing program 2:
setsockopt(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000001c0)="010000000000060000071a8001", 0xd)
r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x8, 0x0, {0x9, @vbi={0x0, 0x0, 0x0, 0x0, [0x0, 0x800]}}})

16.89846335s ago: executing program 2:
pipe(&(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
close(r2)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x4ffe2, 0x0)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_GETMODE(r5, 0x5601, &(0x7f0000001140))
openat(0xffffffffffffff9c, 0x0, 0x143042, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x143042, 0x0)

16.212082487s ago: executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)

15.979426838s ago: executing program 4:
r0 = socket$nl_audit(0x10, 0x3, 0x9)
gettid()
sendmsg$netlink(r0, &(0x7f0000009700)={0x0, 0x0, &(0x7f0000009540)=[{&(0x7f0000000100)={0x10}, 0x10}, {&(0x7f00000009c0)={0x10, 0x3ea}, 0x10}], 0x2}, 0x0)

15.896996194s ago: executing program 4:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
close(r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500))
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
r2 = fcntl$dupfd(r1, 0x0, r0)
pread64(r2, &(0x7f000001a240)=""/102400, 0x19000, 0x0)

12.427294719s ago: executing program 2:
syz_open_dev$sndpcmp(&(0x7f0000000b00), 0x0, 0x0)
open(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = syz_io_uring_setup(0x24aa, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000080)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r0, 0xa3f, 0x0, 0x0, 0x0, 0x0)

12.048394514s ago: executing program 2:
creat(&(0x7f0000000bc0)='./file0\x00', 0x0)
mount$cgroup(0x0, &(0x7f00000016c0)='./file0\x00', &(0x7f0000001700), 0x0, &(0x7f0000001740)={[{@subsystem='net_cls'}]})

11.81662349s ago: executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_VENDOR(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, r1, 0x709, 0x0, 0x0, {{}, {@void, @void, @void}}, [@NL80211_ATTR_VENDOR_ID={0x8}]}, 0x1c}}, 0x0)

8.488956572s ago: executing program 3:
r0 = creat(&(0x7f0000000600)='./file0\x00', 0xecf86c37d53049cc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000840)=0x5)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
dup(0xffffffffffffffff)
accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x0)
write$binfmt_script(r0, &(0x7f0000000840)={'#! ', './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x104)
close(0xffffffffffffffff)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r4 = userfaultfd(0x1)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0))
r5 = io_uring_setup(0x3eae, &(0x7f0000000080)={0x0, 0x0, 0x8})
io_uring_register$IORING_REGISTER_BUFFERS(r5, 0x0, &(0x7f00000001c0)=[{&(0x7f0000001700)=""/4095, 0xfff}, {&(0x7f0000000240)=""/98, 0x62}], 0x2)
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_COPY(r4, 0xc028aa05, &(0x7f0000000080)={&(0x7f0000c15000/0x1000)=nil, &(0x7f0000508000/0x4000)=nil, 0x1000})
r6 = socket(0x10, 0x803, 0x0)
io_setup(0x0, &(0x7f0000000180)=<r7=>0x0)
r8 = open(&(0x7f0000000780)='./bus\x00', 0x1051fc, 0x0)
io_submit(r7, 0x1, &(0x7f0000001d00)=[&(0x7f00000000c0)={0x0, 0x0, 0x8, 0x7, 0x0, r8, &(0x7f0000000300)="70bf3e7e8fe7e90f80000000000000001ab3f3115f", 0x15, 0x401}])
getsockname$packet(r6, &(0x7f0000000040)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000080)=0x14)
sendmsg$nl_route_sched(r8, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=@getqdisc={0x30, 0x26, 0x100, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r9, {0x8, 0xc}, {0x1, 0x7}, {0xb, 0xe}}, [{0x4}, {0x4}, {0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x24000001}, 0x4002041)

7.260716521s ago: executing program 3:
syz_mount_image$minix(&(0x7f0000000140), &(0x7f0000000040)='./file1\x00', 0x804008, &(0x7f0000000100)=ANY=[], 0x5a, 0x20d, &(0x7f0000000200)="$eJzs3L9u00AAx/Gf40BIQfwVf8RUCQmxkEBbqcpGFzZeAImhakNV4UJpWBohQV+CnZWJR+BNWBnagY2JQ2dfwHFSfHFIHOHvR2rj2Pfzndue765RIgCV9Sj+HuiMe26Mebcs6ekTSbVSmwZgxox7/GkAVE9I1wcq6mQjjMf/L4H09fvbrWP3dc5z/nCykSwS7PrhOJVvnhZ4lskfBfHj7fpwfknS+ZFwfXT+8jHJ383Uf8G3/a7+pUy+4Z1Prv/eneH8RUmXJF2WdEXSVUnXpPi01+UOpOrfztR/Kzl85NkMAAAAAAD+yq4+W4Mnvov+bL7lU/LB2L129fx8N+qOP+qhluQfFoyfdfWvTJlfzbQpl3vBteHyra1X0XbBNgBF1dL9P9/IHcK//2vsv7PCKft/Pc5/KJgGqq132H+xGUXdg7ltSJOm7FBZvNLmYONbbuFPdkM/kldGZv/TGNxM7Z5ln1TgCs/t96X8Mu9zyjR10DMe55n7xuvHyextBlXYQSm9pz/tCYNsP60PdaLPqT+kKDJhb/8fXJc9oQl/3yjCMu5OAGap/WZvv9077N/f3dvc6e50X66tdzrra6srnXY8LW9PtTgHsMj+DPpltwQAAAAAAAAAAAAAABR1Q9LNyWOnfrwHAAAAgMU1+RuDGhO/najsawQAAAAAAAAAAAAA4H/3KwAA//9/rD04")
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000000)='./control\x00', 0x0)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
unlink(&(0x7f0000002200)='./file0\x00')

7.020141201s ago: executing program 3:
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r3, &(0x7f0000000240)={0x2, 0x4e20, @multicast1}, 0x10)
connect$inet(r3, &(0x7f0000ccb000)={0x2, 0x4e20, @local}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001a00)=ANY=[@ANYBLOB="18000000030000000000000026d0000095002b000000000093adff012255f674412d02000000880b5f04596a5e99fce658be2f200c699223886d8be4b50000005ab527ee3697f98125f30e6326996a3cfee33025a30b45bdcf2c69d105e5e55a1d273683623f1a5dc6e3c7e20eb7a98ecf3bd2cf898e924abe26ac296f660e69ba982fd76e00dcff7f0000ca6b78ad833488cfe4109eaf009eddcf21f5c63cde2f00150200000001000000520a0000151d010000000100bf00000000cc587424363da52001a3cdf2000000db74596fd72c002a60c1bc7dc8c38b7d2e13c50424b9dd1145d03ff45f70685c6bd9ff41c69b7de406e89dcbb7677e65a88a8407a9e7f9c0e91028b0856eb1ed9474480737a55ebb0bd701f7fb21135c6172eba7eb8a341f07e5a2d1e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d93a433f50479387467824262852c7939db5672d07cdbe8e14abf56497e5d56dbe37551b870b2851c3f0a1a9ebfcba105a6ccdd01b0f04edb256c0200000073f6db43661bd7f0e2536ffbfe5ca31b4083145531458b7d1e341c6b351ebc5223f54d6bec93f4ef088e5d1be2515226988d664709ff03f1aa3dc7f1580ace9bf2afd28d0700000000000000d6eb372713255012e028cb2654d493a0b43bf21375709f348f5eda2967199cc936859a538100070000000000dc10e13ef227f627a40000ad1fa253d33fa74f172d3407ae4e1e347c0c6ef9dd2b6bb700000000000000000c586272c3f4d79bc36315745cb149f3cb385e6add14652003c7cdd3324f07d134d3a6c718bbd1aafe1140cff0be4c6f8df084c5e9734ae30aa9af030025f01ab03a9b1074407136bc506031f0916a39d3057d55183612b39e73ae8e6dc30356886a831836469e2051d937eb85f3f2d5ae2c1dca476b97419a3b76ed62409d004d7fbe362145d19605d760df4c5124ca325d374b371867a79b35c6617fc3327191fbf514573f0e30d1d60be2168fffc2f3dccd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257bc9110971b749ccd74089ed6b86f81ca3ba47d8f71d290ed1b1a11f7a67125170c88c3b6a50692cc0064fc6bbd312536ac15016c85c6332226401b110da9c786eeca22debc99335587b54c13c3107008fa069af8223b38ced735c2d906551004d8dc10d88738488da01ffa4add56474573c964a270000f2f16625c0c10200000000c7a5ca60fdad159f2e44171f39638410020000004825d081f2d987f05c534187738655d7dc958f2046fa0c1619a6554b82d9c162eb61ca74f1ffdaccf0ea5f06e0fca8b27ff3983ab74fd3d560700a1fab44e77e312b3b129e000302d613916c9bcf9f0000fac73a5b6bfb27f88dba816020be760f7b45e001efada8000000000000fdaf4660402f7b3b79a433e08074ea2462974a00040000eb01352638f56dae0249d15ba8767259658878b7492cfbacde9b57cf4de00788adce638190f3570e0b4c80ef682df22201270955afb6008846557ee3bc09fda6dbb6550d597300eb82a184c96ffde5a30e5433e866665b98ca2002c804c22ff2634b7bfbf5c0d586cda5b45fd00dede1e88a4d41dee7cc76d7a23d06acb1d2d4c58faea84158bb440df2a694f4cdcaa4f65c22efffffffffffdd00000000d503d79986958115ae07b70f991430b7fb475d77b869ee02000000000000000000001ffff0ef89b2a68d2b05c995445d8a7700bcdfbec74fb2dd163e863315e84498dfb52bb93f6c9084659ce777ddac563c8596c2b1d8180289a61faa95a82bf1cfb7f2fd7252e9322abe282c33445d443a67467893b9bf0d1c8130ae6b226900000635376413c29f7c6f7b7e29b9a0c64e68328661f0c06e21f7d7dc22174ea4447a6f60edef3a4168d40200fbc71104512efe8e5d7d934aa289b4bd2b870000000000000000000007000000002000000000009b777883a02f0593dfc4cb4114b9f9cf4ad155110cc6ace2b322ac31bfa27847c799c8009a1ea5b98e525e6383ad7fd9795170e7b11e247603c2ff49a11459c7f606d729d3979676bffb3049166bb84a0f061991bd57c2566c10c282352aba05b6164ef876915a3f2491e4793e590dcc71de10da96366c1e992c0068c940dd4422c9882d3aa0f8a797b8fea6efcfb5276b7679f15559edaa977504cc0b2f777acb907ebf5fc14add71d0bca37405ded69b77ab4a3d7487fd04000000de17e1e13b93669b79556abb722d9c085b189b5fd1f30e8dc813f608830b110001732135e8e7262f290000923bfb6b41ff3792cee2fc37eee739c3e36a4bc80112968ec0d8902eced1fe552018014a463abbbf7ccd6a92a5734e3ebfca9b6e88e031f31de2183652e77c164c646a1cfd3710aa4205d8d4d4f974133ccb1e49feb42664eccd809c0ba8917eda87489e8946d5c8156197bcb66fd5606c63e3389ee9e8552381646365066ef9a36a449c96485c22ad1aa423b7b89efbc6cd54000bb0ea5f4f1e8773144fb6ac9a44d43593d77e66aa7ed7f3d4e7b211590c738888d02b2dbb0b2ba73ec72e1d8d7360a128499dd19e1e7b9b0671f4f58515b45ecb9964f3c4ddb8234391d514f8d996d8d6dd7f8fadfee2d7a0035638ce27c2936cb04b30a0eb0cde0000000000000040000000ec3c12ecee8fc3a40000000000000000e215b00ce2570b930723cbadb4033d1b8aaa2cfb3fb89e4a6e89737fd6232218a9e0c099d1eb59d60b3cca089785642f327139bc4394fb6d547a9b3c22599e780c1da7433fb47615d372e3fffe9703e37d5c87d513165278650738efcc04d27b766cf7f60066edd292f6c8a2174f391ed164bb1816819ceb3e378e776d422bc946cd9501accebeac3a5b31d8abc68ae537cd44a04e6bc21c35a7beab2610c51e593676bf635a20f597f4631b91454d182f826071f5210bd6d93173589929b23801e63c2266fde13b5a04b8d48be057c752bc415a756ea9b4d34156c4f73dd5e5924ef101a5fcdaf37c7ba2c4a9de9b000000000000000000000000000000a73b862e4b63c245616b522345587d0ee65a6902bdd0abd941e8aba37510b222ae544f395edd1b92ad53fc68f08ea00edc5e10d768836169dd296d56b306e8b75778c37571792a6c3d8b02ef378ebd59422cdd008bef6f80a80a68641ea5ed4f1126bb676098c10bf663eb3fb8c839364d28fd046dc64b35f9c3397ce6f4ad357b0000000000090000000088c7a8e2638f650a6f04a6f33a090f59414d6ebcbc687e66d600000000bd0a58ea6d36fc2cf9b9a71c137a2a22adb1006f371d4faf47285fd66fe0389afb96854bb360edcdf11b4ff6dd578bba93e949d240cde9b5836cb46032484dc19c93db7b6e5afa10547c78e76a3111557346e52566df196fd630561bb908fff4d2e19562aabd43742a26a43799f8636fa04ceb40c9e4ca1cfbbc7b949cd245a3ee118fd0d4f639444539af8766028d4ac4d4c548e290199e0dacbb4f6796b39bf32934d941ba2f88e3ebd0cf8e24f99eca86e4ca9b2cd2b54044a7fc4631572a6378a32df288785f146275c1f548e2a0c1016744e05f9de5044373d7650125027547eefe7b2d8c8871bb65395fae99d8456883705bfdfb00001854b2e5efa8aaf25827d659f592b1575281ec125de7fb91cd81d91dcb19f5cdf1e1e2b4a8a1389753a09110538689e38e07fb2dc72bd4fd11d7bc16aac5d85c6101bb722895248e463a5fb45ce0e564e90cb19d5993b471687ae4165e29cf2f58082115f5f8569896eedfd798733223e6d6584997510c374912ab798bd4af4654c01bb2c411bc36468ddd62b4eba5cfc8953526e0e5b1359797956152d0098ce47c62c3fe5a23219389622b7f65bf03527d25c3941b9cf1ffeedf6d99082bb57ea871c12213cc40900f83033bc18c529171fae324c315bc6ce358831d0230412212acfd5fc8d5cb0d028cf568e8bb40e27befe2ff01f7c6674a4d86d900633ea36641e0a781ea0ea7f2d928b8b22e2f97dd13348927375baea6863bef4acf4299096ada5cdd2a0eaafaa760a79d102d1e0c0000000000000000007926653b8d79ce16a432f124786a0bc3c5b7d196822492ae1ccf91aeac16406ad6f9cd3d96d57fceba8360ae49f73351814c9c2972f11064aaf3739d9100f9c0e4d0cb17d50c82e305ba7d62cf1cc6da26e34982a8c74dd8122cf5b5e7c34fd2712a0cef05e4d8ec7dd363219676bd9b19943185b132eb35a695e208dfa5cecdb1d6425c8879063c0f11bd64291a4209ee6dc1d9e9010013f6148c603e6a335e298efd6ab5cccc47a2c568c6afec54f8251bd840752addf200371361c9eedf05ed98585cf6d99e9e56055064bda2d373369761238c278147cd0eb7799f6b9c9fcaa3fd282154994f5b25420c86db9b6401e885de1c615a719a1c83e8fbbb181282dbaf3313a4e4a4877e9f37607e2cd6da0cf6371ec06a75f5a4206b2418ad8897ae149085d63f01f22eca44033234b3930b4d5da756669a1d59d69e7de54abf439988ed7ec33c2d0a901bb0985a24878984d8a4340fa9a356d100926fb5f2ef9976366a61b8cc2bcb1c072b0e9c564852388e1edff10d75b3832792e471cc15b40380f94d834243080158603fbc9134d6983c540525447478984611c0d9666941bfc0a30db47a8828b6e5c51aee2094599b4ce52795750e1764f1657ca8c5633c71287239dddf5c651496f7bbd148c937f083d2e4e0197dbc6ff0649c749707b17399b1d7efad23abb8b40b38704737e15662ae4913a4a001cd3b71c7af75b5ffad9780650c800a40ca80ddc41987919142fd28dbf22db5f4c435415a03455e1d55d1783ccef97d7e4655cf839d06f06e137bbe462a03b3100231914b19739dd57b4f12d026ad0c7fd3"], &(0x7f00002bf000)='GPL\x00', 0x4, 0x436, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffc95}, 0x48)
r5 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r5, 0x89e0, &(0x7f0000000180)={r3, r4})
sendmmsg$inet(r5, &(0x7f0000007fc0)=[{{0x0, 0x0, &(0x7f0000007b40)=[{&(0x7f0000000200)="e2", 0x100000}], 0x1}, 0x700}, {{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000001c0)=' ', 0x1}], 0x1}}], 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r5, 0x89e2, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x14)
msgget$private(0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(0xffffffffffffffff, 0xc0845657, &(0x7f0000000100)={0x0, @bt={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}})
open(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020692500000000002020207b1af80000b703000000000000850000009b000000950000000000000000000000000000000000000000000000619a0119d7ae"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, 0x0)

3.410744431s ago: executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)

1.551526ms ago: executing program 3:
syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f0000000080)='./file2\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="6e6f61636c2c66617374626f6f74006e6f6c616b7974696d652c66737c6e635f6d6f64653d7374726963742c00943117d12f8dd1f756501f9b3320f59cbfb96561be7420d1d3cff9acece8a4a6a6e4ed8e7c4e791c8750448fe792dda6f215756c0b2ce2746a15156ff1c3b988522badc39d4443eb56b466b74c8325348efff88ee91189898912a9c0a46fcfa48ef117c9eb129652a6ca2216d710bc8a7dd69044934d6b3c979a31bd5b077d4cedc40ef1f54ff5dca6ab8e96552fdb07e5f8912f3bd3d0d383997e8212e4f5e0fff1a1939dee17b8d2518868575604bc51b9cbd9eb31a42a7c07d2ff5f91a20bacb9e9a72a2dc5d7bd3d54ee6e2c04b9212f9b6526c7b7f93f587243a70e9f0d54e4411cb101f227a8add5021c1b121dad14f577a9807ce4bdfe6bda328bbaf25c4c250cce649974ebe565929a26f5a7b80587fdd52c00d9b91577b03bc99ad01d7761a8993455a6120e653241794c28c7c98d146ffbf125a87e64b4fb20185a10062fe8b1e5499e81770f9b0d481fc6221c053848459233a5922ebba66704cdd592d946dc2264c5971bdaff77f855617e64b8eeea0dc0f3b46cfebe178c9c6b1459b90b3ee74281b94c0b16fed4690d0b5a8576f540cc0619f06bd4b8218fdeaf45004db67caa29d01b3fd8a20282b46f891c28639ad398bba2e45d66e794b9a0566cd8abbc0025098220412b224ae69875a348cf0025bf2a5d5bf3a7376d5da45e5aaf7555620642e53c21b6aee5213728859a4c16d5ba5bd3ad716b5a63b60077f9720e1c1ef897c4a01c785a6035ffbb08fc58b43effca6e73905488836fcf5463e988ce32c837a24c4248786dfa760e0c859b6dcb3ed4986227dd07b9e7940573d76f725ebe0aba785cccef42d6a92510ea118dc038eb35cef2f5fe244567f3af411afd06e9c500da949123fb23fc67201ebbfbc30dc278c91eed0dfac998881f1484709bad9776dee56cbde8bf6d", @ANYRES8=0x0, @ANYRES64], 0x43, 0x5542, &(0x7f0000007240)="$eJzs3M2LG2UYAPBndrv9ti7iwVsHirALTWi2H+itaosf2FKqHjxpNklD2iSzbNLsuiB48Cge/E9EwZNH/wYPnr2JB8WbUMnMRLtqQdl8tN3fD5Jn3jdvnnnesASemSUBHFqr6W+/JHEmTkTEckScjhgfP0giIpksulqEFyLibEQsPfRIyvk/J45GxMmIODNOXuRMype+OD86d/nnt3799vtjR059+c0Pi9s1sGgvRkRvqzje6RUxaxfxbjlfH3Xy2Ls0KmPxQu9eOc6KuNPazDPs1Cfr6nm82C7WZ1v3B+N4p1tvjGO7cyef3+oXJxyM2pM8+Rvu1rfzcbO1mcfOIMtje6+oa3ev+G7bGwyLPM0y30d5+hgOJ7GYb+22iv1s3ctjoz8s54u8WbO1O46jMk6+extZt5nXsXmAD/ox93anf383HbW2B52sn16u1l6q1q5UattZszVsXarUe80rl9K1dne8rDJs1XtX21nW7raqjay3nq61G41KrZauXWttdur9tFarXqxeqFxeL4/Op6/ffC/tNtO1cXy1078/7HQH6Z1sOy3esZ5uVC++vJ6eq6Xv3LiV3rp9/fqNW+9+cO39m6/cePO1ctE/ykrXNi5sbFRqFyobtfVDtP9Py6KnuH84kGTRBQA8eR7R/4f+H5il2fX/27cjZt//xwz7//J0+v/Hrf897P3/DPYPB/J/+/+PZ1QHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABz9+PKV2/kB6vF+FQ5/0w59Vw5TiJiKSIe/IvlOLov53KZZ+UR61f+VsN3SeQZxuc4Vj5ORsTV8vH7s7P+FAAAAODp9fUnZz8vuvXiaXXRBTFPxUWbpdMfTilfEhErqz9NKdvS+On5KSXL/76PxO6UsuUXsI5PKVlxye3ItLL9J8v7wvGHQlKEpbmWAwAAzMX+TmC+XQgAAADz9NmiC2AxkpjcypzcC87/8/6vG4In9o0AAACAJ1Cy6AIAAACAmcv7f7//BwAAAE+34vf/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiDnbvJWRqI4wD8b6F8+BGJce9V3MEpjEdw6dJwAC/BynW9ghfgDBg3HsFQQ6cQNIImTIu+eZ6k73T6lh8zBBJmJgwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQJ++VPXq0/uXH27N2TfNJCKaP5hfuidPbwAAAIDf2VX1qj1ZpPrj7vrT7tLzrl5ERHlh8D6KyVni7JRTXbi/+qUNnyPahMNzTLvjUUS86o7vz/p+FQAAAODh2q43y4jR4bT9s7h3gxhSmrQpn7zJlFdERLX4limtPOS9yBTWvr/H8S5TWjuBNcsUlqbcxrnS/kr7cT/N2s3OiiIV5fXHZ+s7AAAwoDQSOH7fH3YUAgAAwJDe3rsB9OT19X8XcVzKPC0FTlPRLe/Nf6oBAAAA/6Hi3g0AAAAAeteO/3dV/fFr5Nz/L/2mwP5/AAAA8G9I+/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQp11Vr7brzfLWnH1zmzy9AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjB/ryjQAiEQRjsXd+ZzP0PKw2amppUgfDxNwYDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDmd3/5PzE1ziRzr42l55Fk7dTYOjX2zo2jP4yvXwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABf785ICIRAEUTBn/O+k739YSdAziBABDY8qatEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfNHvfvk/MTXOJHOnjaXjkWTtqrF11dh70Dh6MN7+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABc79+8bNxUHAPzZPl9JARECyhAGkBhgoem1tHQDBlDEwJ+AFKXXEnrlR5uBVhUoCxtk7oLKiBASKGydWTu3UpewdchQJOag5x+JQy/igNY+ms9Heve+tnx+3+ermnz9fAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGrbb+/FWXyZLeO02nf7/rWV2N/5Sx/d3Li7EFuMkzaT/n+YaW4k890lAgAAwOGQVLV9Vm1v5ZtLsU9ni/o/r4+LNf+Np/feE8bU/XVf1/6x/fLzved3B5stx4knPbc6Gh5/MJ3eo5vpdHvmb4/oFVe+uPeSFR9I+t76c9t5cT2Tr2/deqdfhEfayBYAONDOwT+Mj5Xd1o0qqH8fiv2gpfQAONx6jcK7rv+z2W5zAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGjD9np4so6TEMJCby+O7ty/tjKuv7lxd6Fup69f32ieM54iDyGcWx0Nj7c4l2l3+crVC8uj0fBS+8GLIYSuRn+zmv6FDyY4OIROro/gIQVp9WFPSz5l8Ou/f/tO/a/3EWX4Vghh1NF/SAAAPLbyqsW6fivfXIr7krkQdr7bX/+/0ojDhPX/vQ9P3y4O/ibdN16s/wftTXHqLa5d/HTx8pWrr61eXD4/PD/8+PUTgzcGJ8+cOnVmsbhXsuiOCQAAAP9Nv2rN+j+de3D9/2gjDhPW/599O/iiOVam/h9rb9Gv60wAAAAOt2df+uP3ZMz+pN8Pny+vrV0alK+72yfK1w5S/ceOVK1Z/2dzXWcFAAAAtGF7Pdm3/n+2EYcJ1/+f+v6FH5vnzEIIM9X6/7GVT0Zn25vOVHuYXx7+8oDvyXc9RwAAALo1U7Xm+n9ePP+f7j7ykIYQXn25jKs/AzhR/Z+9+9UPzbGaz/+fbG+KUymdL69H0c+H0JvvOiMAAAAeZ09ULRb7v+WbSx/9dPT9vuf/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANr2ZwAAAP//Gg03mw==")
open(&(0x7f0000000080)='./file0\x00', 0x48062, 0x0)
open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f00000000c0), &(0x7f0000000000)='./bus\x00', &(0x7f0000000140)='ubifs\x00', 0x0, 0x0)

0s ago: executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='freezer.self_freezing\x00', 0x275a, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000180081064e81f782db", 0xd}], 0x1}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1502"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80)
ioctl$TUNSETOFFLOAD(r1, 0x4010744d, 0x20000000)

kernel console output (not intermixed with test programs):

tors = 2 limit=0
[ 1547.719084][T21577] erofs: (device loop3): mounted with root inode @ nid 36.
[ 1547.731502][T14724] syz-executor.2: attempt to access beyond end of device
[ 1547.731502][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1547.745610][T14724] syz-executor.2: attempt to access beyond end of device
[ 1547.745610][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1547.822302][T14724] syz-executor.2: attempt to access beyond end of device
[ 1547.822302][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1547.901045][T14724] syz-executor.2: attempt to access beyond end of device
[ 1547.901045][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1547.901116][T14724] syz-executor.2: attempt to access beyond end of device
[ 1547.901116][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1547.901176][T14724] syz-executor.2: attempt to access beyond end of device
[ 1547.901176][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1547.901233][T14724] syz-executor.2: attempt to access beyond end of device
[ 1547.901233][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1547.990868][T21588] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1548.073703][T21581] syz-executor.2[21581] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1548.134250][T21581] syz-executor.2[21581] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1548.185280][ T5196] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[ 1548.360688][T21334] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1548.400887][T21334] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1548.427097][ T5196] usb 4-1: New USB device found, idVendor=249c, idProduct=9002, bcdDevice=de.ad
[ 1548.454967][ T5196] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1548.473260][ T5196] usb 4-1: config 0 descriptor??
[ 1548.480929][T21334] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1548.513769][T21334] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1548.830972][ T5196] snd-usb-hiface 4-1:0.0: probe with driver snd-usb-hiface failed with error -22
[ 1549.601584][T18356] usb 4-1: USB disconnect, device number 21
[ 1550.024292][T21612] pim6reg: entered allmulticast mode
[ 1550.093257][T21612] pim6reg: left allmulticast mode
[ 1550.269368][T21334] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1550.523118][T21334] 8021q: adding VLAN 0 to HW filter on device team0
[ 1550.647305][ T5194] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1550.654548][ T5194] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1550.762293][T18356] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1550.769644][T18356] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1551.268676][ T1247] ieee802154 phy1 wpan1: encryption failed: -22
[ 1551.993847][T21659] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1552.531972][T21334] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1552.586717][T14724] bio_check_eod: 10352 callbacks suppressed
[ 1552.586759][T14724] syz-executor.2: attempt to access beyond end of device
[ 1552.586759][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1552.696229][T14724] syz-executor.2: attempt to access beyond end of device
[ 1552.696229][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1552.759589][T14724] syz-executor.2: attempt to access beyond end of device
[ 1552.759589][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1552.876577][T14724] syz-executor.2: attempt to access beyond end of device
[ 1552.876577][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1552.914173][T14724] syz-executor.2: attempt to access beyond end of device
[ 1552.914173][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1552.979759][T14724] syz-executor.2: attempt to access beyond end of device
[ 1552.979759][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1553.001696][T14724] syz-executor.2: attempt to access beyond end of device
[ 1553.001696][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1553.027145][T14724] syz-executor.2: attempt to access beyond end of device
[ 1553.027145][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1553.064518][T14724] syz-executor.2: attempt to access beyond end of device
[ 1553.064518][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1553.106073][T14724] syz-executor.2: attempt to access beyond end of device
[ 1553.106073][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1553.285219][T21672] fuse: Unknown parameter '0x0000000000000003'
[ 1553.368403][T21334] veth0_vlan: entered promiscuous mode
[ 1553.537576][T21334] veth1_vlan: entered promiscuous mode
[ 1553.699244][T21334] veth0_macvtap: entered promiscuous mode
[ 1553.749261][T21677] loop3: detected capacity change from 0 to 256
[ 1553.892061][T15982] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1553.901615][T21334] veth1_macvtap: entered promiscuous mode
[ 1553.920084][T15982] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1553.931461][T15982] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1553.939938][T15982] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1553.959114][T15982] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[ 1553.971172][T15982] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1554.206989][T21334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1554.255736][T21334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1554.289174][T21334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1554.317509][T21334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1554.334978][T21334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1554.357897][T21334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1554.395017][T21334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1554.450810][T21334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1554.478840][T21334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1554.509905][T21334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1554.549835][T21334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1554.585042][T21334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1554.605183][T21334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1554.635012][T21334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1554.645042][T21334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1554.663980][T21334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1554.705814][T21334] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1554.906114][T21334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1554.940140][T21334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1554.962215][T21334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1554.991010][T21334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1555.007424][T21334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1555.020966][T21334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1555.032068][T21334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1555.043002][T21334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1555.053337][T21334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1555.073417][T21334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1555.091574][T21334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1555.113224][T21334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1555.135429][T21334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1555.172514][T21334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1555.203564][T21334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1555.225127][T21334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1555.252942][T21334] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1555.407782][T21334] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1555.425526][T21334] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1555.446492][T21334] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1555.477894][T21334] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1556.046048][ T9597] Bluetooth: hci4: command tx timeout
[ 1556.572792][T21718] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1556.625082][T21718] netlink: 'syz-executor.3': attribute type 25 has an invalid length.
[ 1556.692186][T21517] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1556.720921][T21517] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1556.895520][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1556.915383][T21679] chnl_net:caif_netlink_parms(): no params data found
[ 1556.935443][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1557.484672][T21679] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1557.492830][T21679] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1557.505436][T21679] bridge_slave_0: entered allmulticast mode
[ 1557.515507][   T51] usb 4-1: new full-speed USB device number 22 using dummy_hcd
[ 1557.526708][T21679] bridge_slave_0: entered promiscuous mode
[ 1557.592104][T21679] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1557.600151][T21679] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1557.607525][T14724] bio_check_eod: 13367 callbacks suppressed
[ 1557.607543][T14724] syz-executor.2: attempt to access beyond end of device
[ 1557.607543][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1557.639973][T21679] bridge_slave_1: entered allmulticast mode
[ 1557.657573][T21679] bridge_slave_1: entered promiscuous mode
[ 1557.742384][   T51] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1557.765720][T14724] syz-executor.2: attempt to access beyond end of device
[ 1557.765720][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1557.785976][   T51] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 10
[ 1557.815129][T14724] syz-executor.2: attempt to access beyond end of device
[ 1557.815129][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1557.841820][   T51] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 65535, setting to 64
[ 1557.862795][T14724] syz-executor.2: attempt to access beyond end of device
[ 1557.862795][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1557.926998][   T51] usb 4-1: New USB device found, idVendor=15c2, idProduct=0040, bcdDevice= 7.fb
[ 1557.935563][T14724] syz-executor.2: attempt to access beyond end of device
[ 1557.935563][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1557.951354][   T51] usb 4-1: New USB device strings: Mfr=7, Product=130, SerialNumber=11
[ 1557.966178][   T51] usb 4-1: Product: syz
[ 1557.975848][   T51] usb 4-1: Manufacturer: syz
[ 1557.986135][   T51] usb 4-1: SerialNumber: syz
[ 1557.995731][T14724] syz-executor.2: attempt to access beyond end of device
[ 1557.995731][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1558.016290][   T51] usb 4-1: config 0 descriptor??
[ 1558.033246][T21732] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1558.080660][T21679] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1558.125504][T20118] Bluetooth: hci4: command tx timeout
[ 1558.126561][   T51] input: iMON Panel, Knob and Mouse(15c2:0040) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input31
[ 1558.171065][T14724] syz-executor.2: attempt to access beyond end of device
[ 1558.171065][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1558.183222][T21679] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1558.187374][T14724] syz-executor.2: attempt to access beyond end of device
[ 1558.187374][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1558.212231][T14724] syz-executor.2: attempt to access beyond end of device
[ 1558.212231][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1558.228478][T14724] syz-executor.2: attempt to access beyond end of device
[ 1558.228478][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1558.445962][T20118] Bluetooth: hci2: command 0x0406 tx timeout
[ 1558.797703][T21679] team0: Port device team_slave_0 added
[ 1558.934119][T21679] team0: Port device team_slave_1 added
[ 1559.126143][   T51] rc_core: IR keymap rc-imon-pad not found
[ 1559.133188][   T51] Registered IR keymap rc-empty
[ 1559.192692][   T51] imon 4-1:0.0: Looks like you're trying to use an IR protocol this device does not support
[ 1559.252518][   T51] imon 4-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[ 1559.315721][T21679] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1559.322806][T21679] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1559.345514][   T51] imon:send_packet: packet tx failed (-71)
[ 1559.476087][   T51] imon 4-1:0.0: remote input dev register failed
[ 1559.501825][   T51] imon 4-1:0.0: imon_init_intf0: rc device setup failed
[ 1559.702105][T21679] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1559.918095][T21758] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 1559.991537][T21760] loop3: detected capacity change from 0 to 4096
[ 1560.026696][   T51] imon 4-1:0.0: unable to initialize intf0, err 0
[ 1560.033190][   T51] imon:imon_probe: failed to initialize context!
[ 1560.045264][T21760] ntfs3: loop3: Different NTFS sector size (2048) and media sector size (512).
[ 1560.067236][   T51] imon 4-1:0.0: unable to register, err -19
[ 1560.092199][   T51] usb 4-1: USB disconnect, device number 22
[ 1560.122977][T21679] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1560.155940][T21760] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[ 1560.163435][T21679] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1560.189452][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1560.206243][ T9597] Bluetooth: hci4: command tx timeout
[ 1560.299693][T21679] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1560.428476][T21760] ntfs3: loop3: ino=21, The size of extended attributes must not exceed 64KiB
[ 1560.667359][T21773] tipc: MTU too low for tipc bearer
[ 1560.762124][T21779] loop0: detected capacity change from 0 to 256
[ 1560.863113][T21679] hsr_slave_0: entered promiscuous mode
[ 1560.880655][T21679] hsr_slave_1: entered promiscuous mode
[ 1560.886383][T21779] exfat: Deprecated parameter 'utf8'
[ 1560.886413][T21779] exfat: Deprecated parameter 'utf8'
[ 1560.940167][T21779] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x14f16447, utbl_chksum : 0xe619d30d)
[ 1560.981520][T21679] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1561.003121][T21679] Cannot create hsr debugfs directory
[ 1561.690573][T21792] loop0: detected capacity change from 0 to 256
[ 1562.073846][   T29] audit: type=1326 audit(2000009219.963:1768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21804 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a0a47cea9 code=0x7ffc0000
[ 1562.157046][   T29] audit: type=1326 audit(2000009219.993:1769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21804 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a0a47cea9 code=0x7ffc0000
[ 1562.278744][   T29] audit: type=1326 audit(2000009219.993:1770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21804 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9a0a47cea9 code=0x7ffc0000
[ 1562.305645][ T9597] Bluetooth: hci4: command tx timeout
[ 1562.328878][T21679] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1562.336503][   T29] audit: type=1326 audit(2000009219.993:1771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21804 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a0a47cea9 code=0x7ffc0000
[ 1562.455126][   T29] audit: type=1326 audit(2000009219.993:1772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21804 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a0a47cea9 code=0x7ffc0000
[ 1562.518631][T21797] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 1562.563651][   T29] audit: type=1326 audit(2000009220.013:1773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21804 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9a0a47cea9 code=0x7ffc0000
[ 1562.621801][T14724] bio_check_eod: 6821 callbacks suppressed
[ 1562.621825][T14724] syz-executor.2: attempt to access beyond end of device
[ 1562.621825][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1562.642031][T14724] syz-executor.2: attempt to access beyond end of device
[ 1562.642031][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1562.659005][T14724] syz-executor.2: attempt to access beyond end of device
[ 1562.659005][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1562.674004][T14724] syz-executor.2: attempt to access beyond end of device
[ 1562.674004][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1562.688179][   T29] audit: type=1326 audit(2000009220.103:1774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21804 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a0a47cea9 code=0x7ffc0000
[ 1562.723291][T14724] syz-executor.2: attempt to access beyond end of device
[ 1562.723291][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1562.745339][   T29] audit: type=1326 audit(2000009220.103:1775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21804 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f9a0a47a627 code=0x7ffc0000
[ 1562.789342][T14724] syz-executor.2: attempt to access beyond end of device
[ 1562.789342][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1562.807422][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1562.813872][   T29] audit: type=1326 audit(2000009220.103:1776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21804 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9a0a4402e9 code=0x7ffc0000
[ 1562.856281][T14724] syz-executor.2: attempt to access beyond end of device
[ 1562.856281][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1562.902817][T14724] syz-executor.2: attempt to access beyond end of device
[ 1562.902817][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1562.919783][   T29] audit: type=1326 audit(2000009220.103:1777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21804 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f9a0a47a627 code=0x7ffc0000
[ 1562.922119][T21679] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1562.942654][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1563.015410][T14724] syz-executor.2: attempt to access beyond end of device
[ 1563.015410][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1563.120225][T14724] syz-executor.2: attempt to access beyond end of device
[ 1563.120225][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1563.192319][T21812] loop3: detected capacity change from 0 to 4096
[ 1563.220052][T21812] ntfs3: loop3: Different NTFS sector size (2048) and media sector size (512).
[ 1563.390640][T21812] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[ 1563.434668][T21679] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1563.668646][T21830] loop0: detected capacity change from 0 to 47
[ 1563.748210][T21812] ntfs3: loop3: ino=21, The size of extended attributes must not exceed 64KiB
[ 1564.850420][T21838] loop0: detected capacity change from 0 to 256
[ 1564.900220][T21679] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1564.946956][T21838] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[ 1565.358470][T21841] program syz-executor.4 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1566.975213][T21852] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 1567.115907][T21862] loop3: detected capacity change from 0 to 4096
[ 1567.165000][T21862] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512).
[ 1567.505253][T21862] ntfs3: loop3: ino=1d, "file1" failed to parse mft record
[ 1567.540361][T14249] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1567.568421][T21862] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[ 1567.634014][T14724] bio_check_eod: 6626 callbacks suppressed
[ 1567.634032][T14724] syz-executor.2: attempt to access beyond end of device
[ 1567.634032][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1567.709405][T14724] syz-executor.2: attempt to access beyond end of device
[ 1567.709405][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1567.723199][T21862] ntfs3: loop3: ino=1d, "file1" attr_set_size
[ 1567.746649][T14724] syz-executor.2: attempt to access beyond end of device
[ 1567.746649][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1567.761360][T20118] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 1567.806356][T20118] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 1567.816780][T20118] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 1567.831942][T20118] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 1567.839050][T14724] syz-executor.2: attempt to access beyond end of device
[ 1567.839050][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1567.839270][T14724] syz-executor.2: attempt to access beyond end of device
[ 1567.839270][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1567.839327][T14724] syz-executor.2: attempt to access beyond end of device
[ 1567.839327][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1567.902188][T20118] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[ 1567.920005][T20118] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 1568.004397][T14249] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1568.017156][T14724] syz-executor.2: attempt to access beyond end of device
[ 1568.017156][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1568.105680][T14724] syz-executor.2: attempt to access beyond end of device
[ 1568.105680][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1568.130067][T21679] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1568.137604][T14724] syz-executor.2: attempt to access beyond end of device
[ 1568.137604][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1568.151521][T14724] syz-executor.2: attempt to access beyond end of device
[ 1568.151521][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1568.181353][T21679] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1568.249543][T14249] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1568.305363][T21679] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1568.332507][T21679] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1568.604518][T14249] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1569.592601][T21873] loop3: detected capacity change from 0 to 32768
[ 1569.636818][T21873] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor.3 (21873)
[ 1569.698635][T21873] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[ 1569.734790][T21873] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[ 1569.751707][T14249] bridge_slave_1: left allmulticast mode
[ 1569.757590][T14249] bridge_slave_1: left promiscuous mode
[ 1569.763328][T14249] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1569.791370][T21873] BTRFS info (device loop3): using free-space-tree
[ 1569.917426][T14249] bridge_slave_0: left allmulticast mode
[ 1569.945967][T14249] bridge_slave_0: left promiscuous mode
[ 1569.951811][T14249] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1570.027071][T21873] BTRFS info (device loop3): rebuilding free space tree
[ 1570.045543][ T9597] Bluetooth: hci7: command tx timeout
[ 1570.473006][T21873] BTRFS info (device loop3 state M): max_inline set to 0
[ 1570.603588][   T29] kauditd_printk_skb: 64 callbacks suppressed
[ 1570.603611][   T29] audit: type=1804 audit(2000009228.493:1842): pid=21908 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir4070327743/syzkaller.IuBrRH/335/bus/bus" dev="loop3" ino=263 res=1 errno=0
[ 1571.106314][T18375] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[ 1572.145101][ T9597] Bluetooth: hci7: command tx timeout
[ 1572.635182][T14724] bio_check_eod: 8738 callbacks suppressed
[ 1572.635207][T14724] syz-executor.2: attempt to access beyond end of device
[ 1572.635207][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1572.705578][T14724] syz-executor.2: attempt to access beyond end of device
[ 1572.705578][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1572.782884][T14724] syz-executor.2: attempt to access beyond end of device
[ 1572.782884][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1572.964415][T14249] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1572.975471][T14724] syz-executor.2: attempt to access beyond end of device
[ 1572.975471][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1573.033261][T14249] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1573.050029][T14724] syz-executor.2: attempt to access beyond end of device
[ 1573.050029][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1573.091379][T14249] bond0 (unregistering): Released all slaves
[ 1573.145325][T14724] syz-executor.2: attempt to access beyond end of device
[ 1573.145325][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1573.184668][T14724] syz-executor.2: attempt to access beyond end of device
[ 1573.184668][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1573.211612][T14724] syz-executor.2: attempt to access beyond end of device
[ 1573.211612][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1573.247161][T14724] syz-executor.2: attempt to access beyond end of device
[ 1573.247161][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1573.315613][T14724] syz-executor.2: attempt to access beyond end of device
[ 1573.315613][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1573.349567][T21904] syzkaller0: entered promiscuous mode
[ 1573.365031][T21904] syzkaller0: entered allmulticast mode
[ 1573.486400][   T29] audit: type=1326 audit(2000009231.383:1843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21914 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde1c87cea9 code=0x7ffc0000
[ 1573.544990][   T29] audit: type=1326 audit(2000009231.433:1844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21914 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde1c87cea9 code=0x7ffc0000
[ 1573.605042][   T29] audit: type=1326 audit(2000009231.433:1845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21914 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fde1c87cea9 code=0x7ffc0000
[ 1573.676067][   T29] audit: type=1326 audit(2000009231.433:1846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21914 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde1c87cea9 code=0x7ffc0000
[ 1573.752387][   T29] audit: type=1326 audit(2000009231.433:1847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21914 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde1c87cea9 code=0x7ffc0000
[ 1573.795642][   T29] audit: type=1326 audit(2000009231.433:1848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21914 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fde1c87cea9 code=0x7ffc0000
[ 1573.836153][   T29] audit: type=1326 audit(2000009231.433:1849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21914 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde1c87cea9 code=0x7ffc0000
[ 1573.885790][   T29] audit: type=1326 audit(2000009231.433:1850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21914 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fde1c87a627 code=0x7ffc0000
[ 1573.938288][   T29] audit: type=1326 audit(2000009231.433:1851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21914 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fde1c8402e9 code=0x7ffc0000
[ 1574.005047][ T6740] usb 4-1: new full-speed USB device number 23 using dummy_hcd
[ 1574.205748][ T9597] Bluetooth: hci7: command tx timeout
[ 1574.213123][ T6740] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1574.230758][ T6740] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 10
[ 1574.241977][ T6740] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 65535, setting to 64
[ 1574.302509][ T6740] usb 4-1: New USB device found, idVendor=15c2, idProduct=0040, bcdDevice= 7.fb
[ 1574.312929][ T6740] usb 4-1: New USB device strings: Mfr=7, Product=130, SerialNumber=11
[ 1574.321417][ T6740] usb 4-1: Product: syz
[ 1574.327519][ T6740] usb 4-1: Manufacturer: syz
[ 1574.332157][ T6740] usb 4-1: SerialNumber: syz
[ 1574.359864][ T6740] usb 4-1: config 0 descriptor??
[ 1574.375797][T21919] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1574.389434][ T6740] input: iMON Panel, Knob and Mouse(15c2:0040) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input33
[ 1574.775242][ T6740] rc_core: IR keymap rc-imon-pad not found
[ 1574.781420][ T6740] Registered IR keymap rc-empty
[ 1574.805261][ T6740] imon 4-1:0.0: Looks like you're trying to use an IR protocol this device does not support
[ 1574.830269][ T6740] imon 4-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[ 1574.853025][ T6740] imon:send_packet: packet tx failed (-71)
[ 1574.915159][ T6740] imon 4-1:0.0: remote input dev register failed
[ 1574.921883][ T6740] imon 4-1:0.0: imon_init_intf0: rc device setup failed
[ 1575.028782][ T6740] imon 4-1:0.0: unable to initialize intf0, err 0
[ 1575.045261][ T6740] imon:imon_probe: failed to initialize context!
[ 1575.051643][ T6740] imon 4-1:0.0: unable to register, err -19
[ 1575.064528][ T6740] usb 4-1: USB disconnect, device number 23
[ 1575.532364][T21926] Bluetooth: MGMT ver 1.23
[ 1575.894463][T13887] sysv_free_block: flc_count > flc_size
[ 1575.910476][T13887] sysv_free_block: flc_count > flc_size
[ 1575.925212][T13887] sysv_free_block: flc_count > flc_size
[ 1575.935006][T13887] sysv_free_block: flc_count > flc_size
[ 1575.940609][T13887] sysv_free_block: flc_count > flc_size
[ 1576.003906][T13887] sysv_free_block: flc_count > flc_size
[ 1576.009741][T13887] sysv_free_block: flc_count > flc_size
[ 1576.026265][T13887] sysv_free_block: flc_count > flc_size
[ 1576.075129][T13887] sysv_free_block: flc_count > flc_size
[ 1576.080767][T13887] sysv_free_block: flc_count > flc_size
[ 1576.095574][T13887] sysv_free_inode: inode 0,1,2 or nonexistent inode
[ 1576.285455][ T9597] Bluetooth: hci7: command tx timeout
[ 1576.374233][T21928] loop3: detected capacity change from 0 to 32768
[ 1576.421055][   T29] kauditd_printk_skb: 10 callbacks suppressed
[ 1576.421076][   T29] audit: type=1800 audit(2000009234.313:1862): pid=21928 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=5 res=0 errno=0
[ 1577.648287][T14724] bio_check_eod: 19909 callbacks suppressed
[ 1577.648312][T14724] syz-executor.2: attempt to access beyond end of device
[ 1577.648312][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1577.853068][   T29] audit: type=1800 audit(2000009235.723:1863): pid=21934 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1957 res=0 errno=0
[ 1577.940497][T14724] syz-executor.2: attempt to access beyond end of device
[ 1577.940497][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1578.047793][T14724] syz-executor.2: attempt to access beyond end of device
[ 1578.047793][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1578.109472][T14724] syz-executor.2: attempt to access beyond end of device
[ 1578.109472][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1578.415329][T14724] syz-executor.2: attempt to access beyond end of device
[ 1578.415329][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1578.465949][T14724] syz-executor.2: attempt to access beyond end of device
[ 1578.465949][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1578.515617][T14724] syz-executor.2: attempt to access beyond end of device
[ 1578.515617][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1578.531232][T14724] syz-executor.2: attempt to access beyond end of device
[ 1578.531232][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1578.545289][T14724] syz-executor.2: attempt to access beyond end of device
[ 1578.545289][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1578.559144][T14724] syz-executor.2: attempt to access beyond end of device
[ 1578.559144][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1578.632881][T21936] loop3: detected capacity change from 0 to 64
[ 1579.095169][    C1] DEBUG: waiting rtnl_mutex for 564 jiffies.
[ 1579.101306][    C1] task:syz-executor.1  state:D stack:19728 pid:21679 tgid:21679 ppid:21668  flags:0x00000002
[ 1579.111553][    C1] Call Trace:
[ 1579.114898][    C1]  <TASK>
[ 1579.117874][    C1]  __schedule+0x17e8/0x4a20
[ 1579.122461][    C1]  ? __pfx___schedule+0x10/0x10
[ 1579.127390][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1579.132465][    C1]  ? __mutex_trylock_common+0x92/0x2e0
[ 1579.138004][    C1]  ? schedule+0x90/0x320
[ 1579.142284][    C1]  schedule+0x14b/0x320
[ 1579.146518][    C1]  schedule_preempt_disabled+0x13/0x30
[ 1579.152026][    C1]  __mutex_lock+0x6a4/0xd70
[ 1579.156607][    C1]  ? __mutex_lock+0x527/0xd70
[ 1579.161322][    C1]  ? rtnetlink_rcv_msg+0x839/0x1170
[ 1579.166597][    C1]  ? __pfx___mutex_lock+0x10/0x10
[ 1579.171680][    C1]  ? rtnl_lock+0xe7/0x130
[ 1579.176081][    C1]  rtnetlink_rcv_msg+0x839/0x1170
[ 1579.181197][    C1]  ? rtnetlink_rcv_msg+0x208/0x1170
[ 1579.186483][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1579.192003][    C1]  ? is_bpf_text_address+0x285/0x2a0
[ 1579.197460][    C1]  ? __pfx_validate_chain+0x10/0x10
[ 1579.202702][    C1]  ? __pfx_validate_chain+0x10/0x10
[ 1579.207972][    C1]  ? arch_stack_walk+0x16d/0x1b0
[ 1579.212954][    C1]  ? mark_lock+0x9a/0x360
[ 1579.217366][    C1]  ? __pfx_validate_chain+0x10/0x10
[ 1579.222609][    C1]  ? __lock_acquire+0x1359/0x2000
[ 1579.227746][    C1]  ? mark_lock+0x9a/0x360
[ 1579.232209][    C1]  ? __lock_acquire+0x1359/0x2000
[ 1579.237320][    C1]  netlink_rcv_skb+0x1e3/0x430
[ 1579.242140][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1579.247690][    C1]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1579.253044][    C1]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1579.258308][    C1]  netlink_unicast+0x7ea/0x980
[ 1579.263126][    C1]  ? __pfx_netlink_unicast+0x10/0x10
[ 1579.268465][    C1]  ? __virt_addr_valid+0x183/0x520
[ 1579.273615][    C1]  ? __check_object_size+0x49c/0x900
[ 1579.278968][    C1]  ? bpf_lsm_netlink_send+0x9/0x10
[ 1579.284131][    C1]  netlink_sendmsg+0x8db/0xcb0
[ 1579.288982][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1579.294325][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1579.300389][    C1]  ? aa_sock_msg_perm+0x91/0x160
[ 1579.305400][    C1]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 1579.310721][    C1]  ? security_socket_sendmsg+0x87/0xb0
[ 1579.316270][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1579.321612][    C1]  __sock_sendmsg+0x221/0x270
[ 1579.326411][    C1]  __sys_sendto+0x3a4/0x4f0
[ 1579.330953][    C1]  ? __pfx___sys_sendto+0x10/0x10
[ 1579.336067][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1579.342091][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1579.348492][    C1]  __x64_sys_sendto+0xde/0x100
[ 1579.353289][    C1]  do_syscall_64+0xf3/0x230
[ 1579.357847][    C1]  ? clear_bhb_loop+0x35/0x90
[ 1579.362565][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1579.368526][    C1] RIP: 0033:0x7fdddf07eb9c
[ 1579.372988][    C1] RSP: 002b:00007ffd4eba4590 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[ 1579.381494][    C1] RAX: ffffffffffffffda RBX: 00007fdddfce4620 RCX: 00007fdddf07eb9c
[ 1579.389535][    C1] RDX: 0000000000000028 RSI: 00007fdddfce4670 RDI: 0000000000000003
[ 1579.397575][    C1] RBP: 0000000000000000 R08: 00007ffd4eba45e4 R09: 000000000000000c
[ 1579.405721][    C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[ 1579.413717][    C1] R13: 0000000000000000 R14: 00007fdddfce4670 R15: 0000000000000000
[ 1579.421796][    C1]  </TASK>
[ 1579.424851][    C1] DEBUG: waiting rtnl_mutex for 597 jiffies.
[ 1579.430986][    C1] task:syz-executor.0  state:D stack:21024 pid:21863 tgid:21863 ppid:21860  flags:0x00000002
[ 1579.441214][    C1] Call Trace:
[ 1579.444522][    C1]  <TASK>
[ 1579.447519][    C1]  __schedule+0x17e8/0x4a20
[ 1579.452092][    C1]  ? __pfx___schedule+0x10/0x10
[ 1579.457019][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1579.462093][    C1]  ? __mutex_trylock_common+0x92/0x2e0
[ 1579.467726][    C1]  ? schedule+0x90/0x320
[ 1579.472014][    C1]  schedule+0x14b/0x320
[ 1579.476244][    C1]  schedule_preempt_disabled+0x13/0x30
[ 1579.481741][    C1]  __mutex_lock+0x6a4/0xd70
[ 1579.486324][    C1]  ? __mutex_lock+0x527/0xd70
[ 1579.491054][    C1]  ? rtnetlink_rcv_msg+0x839/0x1170
[ 1579.496333][    C1]  ? __pfx___mutex_lock+0x10/0x10
[ 1579.501453][    C1]  ? rtnl_lock+0xe7/0x130
[ 1579.505877][    C1]  rtnetlink_rcv_msg+0x839/0x1170
[ 1579.511031][    C1]  ? rtnetlink_rcv_msg+0x208/0x1170
[ 1579.516312][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1579.521814][    C1]  ? is_bpf_text_address+0x285/0x2a0
[ 1579.527195][    C1]  ? __pfx_validate_chain+0x10/0x10
[ 1579.532440][    C1]  ? __pfx_validate_chain+0x10/0x10
[ 1579.537733][    C1]  ? arch_stack_walk+0x16d/0x1b0
[ 1579.542718][    C1]  ? mark_lock+0x9a/0x360
[ 1579.547121][    C1]  ? __pfx_validate_chain+0x10/0x10
[ 1579.552365][    C1]  ? __lock_acquire+0x1359/0x2000
[ 1579.557472][    C1]  ? mark_lock+0x9a/0x360
[ 1579.561869][    C1]  ? __lock_acquire+0x1359/0x2000
[ 1579.567012][    C1]  netlink_rcv_skb+0x1e3/0x430
[ 1579.571850][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1579.577428][    C1]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1579.582815][    C1]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1579.588095][    C1]  netlink_unicast+0x7ea/0x980
[ 1579.592906][    C1]  ? __pfx_netlink_unicast+0x10/0x10
[ 1579.598254][    C1]  ? __virt_addr_valid+0x183/0x520
[ 1579.603430][    C1]  ? __check_object_size+0x49c/0x900
[ 1579.608785][    C1]  ? bpf_lsm_netlink_send+0x9/0x10
[ 1579.613950][    C1]  netlink_sendmsg+0x8db/0xcb0
[ 1579.618808][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1579.624147][    C1]  ? aa_sock_msg_perm+0x91/0x160
[ 1579.629164][    C1]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 1579.634497][    C1]  ? security_socket_sendmsg+0x87/0xb0
[ 1579.640120][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1579.645481][    C1]  __sock_sendmsg+0x221/0x270
[ 1579.650216][    C1]  __sys_sendto+0x3a4/0x4f0
[ 1579.654775][    C1]  ? __pfx___sys_sendto+0x10/0x10
[ 1579.659926][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1579.665997][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1579.672385][    C1]  __x64_sys_sendto+0xde/0x100
[ 1579.677292][    C1]  do_syscall_64+0xf3/0x230
[ 1579.681834][    C1]  ? clear_bhb_loop+0x35/0x90
[ 1579.686592][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1579.692536][    C1] RIP: 0033:0x7f5ef8c7eb9c
[ 1579.697035][    C1] RSP: 002b:00007fffc0c6c6a0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[ 1579.705524][    C1] RAX: ffffffffffffffda RBX: 00007f5ef98e4620 RCX: 00007f5ef8c7eb9c
[ 1579.713552][    C1] RDX: 000000000000003c RSI: 00007f5ef98e4670 RDI: 0000000000000003
[ 1579.721599][    C1] RBP: 0000000000000000 R08: 00007fffc0c6c6f4 R09: 000000000000000c
[ 1579.729637][    C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[ 1579.737677][    C1] R13: 0000000000000000 R14: 00007f5ef98e4670 R15: 0000000000000000
[ 1579.745743][    C1]  </TASK>
[ 1579.748832][    C1] DEBUG: waiting rtnl_mutex for 633 jiffies.
[ 1579.754839][    C1] task:kworker/u8:6    state:D stack:24240 pid:21517 tgid:21517 ppid:2      flags:0x00004000
[ 1579.765138][    C1] Workqueue: ipv6_addrconf addrconf_dad_work
[ 1579.771449][    C1] Call Trace:
[ 1579.774769][    C1]  <TASK>
[ 1579.777790][    C1]  __schedule+0x17e8/0x4a20
[ 1579.782386][    C1]  ? __pfx___schedule+0x10/0x10
[ 1579.787330][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1579.792488][    C1]  ? __mutex_trylock_common+0x92/0x2e0
[ 1579.798037][    C1]  ? kthread_data+0x52/0xd0
[ 1579.802597][    C1]  ? schedule+0x90/0x320
[ 1579.806944][    C1]  ? wq_worker_sleeping+0x66/0x240
[ 1579.812122][    C1]  ? schedule+0x90/0x320
[ 1579.816450][    C1]  schedule+0x14b/0x320
[ 1579.820679][    C1]  schedule_preempt_disabled+0x13/0x30
[ 1579.826229][    C1]  __mutex_lock+0x6a4/0xd70
[ 1579.830795][    C1]  ? mark_lock+0x9a/0x360
[ 1579.835304][    C1]  ? __mutex_lock+0x527/0xd70
[ 1579.840058][    C1]  ? addrconf_dad_work+0xd0/0x16f0
[ 1579.845268][    C1]  ? __pfx___mutex_lock+0x10/0x10
[ 1579.850455][    C1]  ? rtnl_lock+0xe7/0x130
[ 1579.854844][    C1]  addrconf_dad_work+0xd0/0x16f0
[ 1579.859890][    C1]  ? __pfx_addrconf_dad_work+0x10/0x10
[ 1579.865524][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1579.871911][    C1]  ? process_scheduled_works+0x945/0x1830
[ 1579.877698][    C1]  process_scheduled_works+0xa2c/0x1830
[ 1579.883327][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1579.889392][    C1]  ? assign_work+0x364/0x3d0
[ 1579.894033][    C1]  worker_thread+0x86d/0xd50
[ 1579.898727][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1579.904672][    C1]  ? __kthread_parkme+0x169/0x1d0
[ 1579.909791][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1579.914990][    C1]  kthread+0x2f0/0x390
[ 1579.919104][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1579.924260][    C1]  ? __pfx_kthread+0x10/0x10
[ 1579.928941][    C1]  ret_from_fork+0x4b/0x80
[ 1579.933406][    C1]  ? __pfx_kthread+0x10/0x10
[ 1579.938083][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1579.942927][    C1]  </TASK>
[ 1579.946020][    C1] DEBUG: holding rtnl_mutex for 667 jiffies.
[ 1579.952034][    C1] task:syz-executor.4  state:D stack:25072 pid:21900 tgid:21899 ppid:20592  flags:0x00004006
[ 1579.962288][    C1] Call Trace:
[ 1579.965643][    C1]  <TASK>
[ 1579.968619][    C1]  __schedule+0x17e8/0x4a20
[ 1579.973195][    C1]  ? __pfx___schedule+0x10/0x10
[ 1579.978132][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1579.983221][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1579.989204][    C1]  ? schedule+0x90/0x320
[ 1579.993483][    C1]  schedule+0x14b/0x320
[ 1579.997740][    C1]  synchronize_rcu_expedited+0x684/0x830
[ 1580.003544][    C1]  ? __pfx_synchronize_rcu_expedited+0x10/0x10
[ 1580.009936][    C1]  ? __pfx_wait_rcu_exp_gp+0x10/0x10
[ 1580.015297][    C1]  ? __pfx___might_resched+0x10/0x10
[ 1580.020623][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1580.026675][    C1]  ? __pfx_autoremove_wake_function+0x10/0x10
[ 1580.032791][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1580.039221][    C1]  synchronize_rcu+0x11b/0x360
[ 1580.044043][    C1]  ? __pfx_synchronize_rcu+0x10/0x10
[ 1580.049433][    C1]  lockdep_unregister_key+0x4b7/0x540
[ 1580.054901][    C1]  ? __pfx_lockdep_unregister_key+0x10/0x10
[ 1580.060852][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[ 1580.066158][    C1]  ? __qdisc_destroy+0x150/0x410
[ 1580.071147][    C1]  ? kfree+0x149/0x360
[ 1580.075297][    C1]  ? __pfx_pfifo_fast_destroy+0x10/0x10
[ 1580.080901][    C1]  __qdisc_destroy+0x165/0x410
[ 1580.085757][    C1]  dev_shutdown+0x9b/0x440
[ 1580.090243][    C1]  unregister_netdevice_many_notify+0x977/0x16b0
[ 1580.096674][    C1]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[ 1580.103488][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1580.109572][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1580.115997][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[ 1580.121253][    C1]  unregister_netdevice_queue+0x303/0x370
[ 1580.127062][    C1]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[ 1580.133369][    C1]  __tun_detach+0x6b6/0x1600
[ 1580.138118][    C1]  tun_chr_close+0x108/0x1b0
[ 1580.142749][    C1]  ? __pfx_tun_chr_close+0x10/0x10
[ 1580.147935][    C1]  __fput+0x406/0x8b0
[ 1580.151984][    C1]  task_work_run+0x24f/0x310
[ 1580.156675][    C1]  ? __pfx_task_work_run+0x10/0x10
[ 1580.161861][    C1]  get_signal+0x15e6/0x1740
[ 1580.166459][    C1]  ? __pfx_get_signal+0x10/0x10
[ 1580.171371][    C1]  arch_do_signal_or_restart+0x96/0x830
[ 1580.177005][    C1]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1580.183204][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1580.189267][    C1]  ? syscall_exit_to_user_mode+0xa3/0x370
[ 1580.195152][    C1]  syscall_exit_to_user_mode+0xc9/0x370
[ 1580.200758][    C1]  do_syscall_64+0x100/0x230
[ 1580.205440][    C1]  ? clear_bhb_loop+0x35/0x90
[ 1580.210159][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1580.216130][    C1] RIP: 0033:0x7f5f72e7cea9
[ 1580.220582][    C1] RSP: 002b:00007f5f729ff0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1580.229071][    C1] RAX: 0000000000000000 RBX: 00007f5f72fb3f80 RCX: 00007f5f72e7cea9
[ 1580.237113][    C1] RDX: 0000000020000040 RSI: 00000000400454ca RDI: 0000000000000004
[ 1580.245154][    C1] RBP: 00007f5f72eebff4 R08: 0000000000000000 R09: 0000000000000000
[ 1580.253164][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1580.261208][    C1] R13: 000000000000000b R14: 00007f5f72fb3f80 R15: 00007ffd1212c608
[ 1580.269283][    C1]  </TASK>
[ 1580.272335][    C1] DEBUG: waiting rtnl_mutex for 690 jiffies.
[ 1580.278376][    C1] task:kworker/u8:5    state:D stack:20184 pid:14249 tgid:14249 ppid:2      flags:0x00004000
[ 1580.288621][    C1] Workqueue: netns cleanup_net
[ 1580.293437][    C1] Call Trace:
[ 1580.296770][    C1]  <TASK>
[ 1580.299740][    C1]  __schedule+0x17e8/0x4a20
[ 1580.304317][    C1]  ? __pfx___schedule+0x10/0x10
[ 1580.309247][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1580.314321][    C1]  ? __mutex_trylock_common+0x92/0x2e0
[ 1580.319891][    C1]  ? kthread_data+0x52/0xd0
[ 1580.324455][    C1]  ? schedule+0x90/0x320
[ 1580.328776][    C1]  ? wq_worker_sleeping+0x66/0x240
[ 1580.333959][    C1]  ? schedule+0x90/0x320
[ 1580.338273][    C1]  schedule+0x14b/0x320
[ 1580.342481][    C1]  schedule_preempt_disabled+0x13/0x30
[ 1580.348016][    C1]  __mutex_lock+0x6a4/0xd70
[ 1580.352569][    C1]  ? __mutex_lock+0x527/0xd70
[ 1580.357339][    C1]  ? ieee80211_unregister_hw+0x55/0x2c0
[ 1580.362937][    C1]  ? __pfx___mutex_lock+0x10/0x10
[ 1580.368042][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1580.373986][    C1]  ? rcu_is_watching+0x15/0xb0
[ 1580.378835][    C1]  ? rtnl_lock+0xe7/0x130
[ 1580.383208][    C1]  ieee80211_unregister_hw+0x55/0x2c0
[ 1580.388661][    C1]  mac80211_hwsim_del_radio+0x2c2/0x4c0
[ 1580.394257][    C1]  ? __pfx_mac80211_hwsim_del_radio+0x10/0x10
[ 1580.400423][    C1]  hwsim_exit_net+0x5c1/0x670
[ 1580.405176][    C1]  ? __pfx_hwsim_exit_net+0x10/0x10
[ 1580.410418][    C1]  ? __ip_vs_dev_cleanup_batch+0x239/0x260
[ 1580.416310][    C1]  cleanup_net+0x802/0xcc0
[ 1580.420779][    C1]  ? __pfx_cleanup_net+0x10/0x10
[ 1580.425834][    C1]  ? process_scheduled_works+0x945/0x1830
[ 1580.431599][    C1]  process_scheduled_works+0xa2c/0x1830
[ 1580.437250][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1580.443282][    C1]  ? assign_work+0x364/0x3d0
[ 1580.447957][    C1]  worker_thread+0x86d/0xd50
[ 1580.452611][    C1]  ? __kthread_parkme+0x169/0x1d0
[ 1580.457723][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1580.462879][    C1]  kthread+0x2f0/0x390
[ 1580.467114][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1580.472271][    C1]  ? __pfx_kthread+0x10/0x10
[ 1580.476948][    C1]  ret_from_fork+0x4b/0x80
[ 1580.481416][    C1]  ? __pfx_kthread+0x10/0x10
[ 1580.486096][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1580.490930][    C1]  </TASK>
[ 1580.493980][    C1] DEBUG: waiting rtnl_mutex for 638 jiffies.
[ 1580.500043][    C1] task:syz-executor.2  state:D stack:26112 pid:21923 tgid:21922 ppid:20046  flags:0x00000006
[ 1580.510310][    C1] Call Trace:
[ 1580.513629][    C1]  <TASK>
[ 1580.516633][    C1]  __schedule+0x17e8/0x4a20
[ 1580.521211][    C1]  ? __pfx___schedule+0x10/0x10
[ 1580.526151][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1580.531221][    C1]  ? __mutex_trylock_common+0x92/0x2e0
[ 1580.536767][    C1]  ? schedule+0x90/0x320
[ 1580.541062][    C1]  schedule+0x14b/0x320
[ 1580.545293][    C1]  schedule_preempt_disabled+0x13/0x30
[ 1580.550799][    C1]  __mutex_lock+0x6a4/0xd70
[ 1580.555390][    C1]  ? __mutex_lock+0x527/0xd70
[ 1580.560120][    C1]  ? nl80211_vendor_cmd_dump+0x8e/0x1600
[ 1580.565845][    C1]  ? __pfx___mutex_lock+0x10/0x10
[ 1580.570934][    C1]  ? rtnl_lock+0xe7/0x130
[ 1580.575387][    C1]  nl80211_vendor_cmd_dump+0x8e/0x1600
[ 1580.580895][    C1]  ? trace_kmalloc+0x1f/0xd0
[ 1580.585558][    C1]  ? kmalloc_node_track_caller_noprof+0x242/0x440
[ 1580.592024][    C1]  ? __build_skb_around+0x245/0x3d0
[ 1580.597295][    C1]  ? __pfx_nl80211_vendor_cmd_dump+0x10/0x10
[ 1580.603317][    C1]  ? __alloc_skb+0x28f/0x440
[ 1580.607986][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1580.614109][    C1]  ? __pfx___alloc_skb+0x10/0x10
[ 1580.619131][    C1]  genl_dumpit+0x107/0x1a0
[ 1580.623592][    C1]  netlink_dump+0x645/0xd80
[ 1580.628203][    C1]  ? __pfx_netlink_dump+0x10/0x10
[ 1580.633295][    C1]  ? __asan_memset+0x23/0x50
[ 1580.637962][    C1]  ? genl_start+0x4a8/0x6d0
[ 1580.642511][    C1]  __netlink_dump_start+0x59d/0x780
[ 1580.647807][    C1]  genl_rcv_msg+0x88c/0xec0
[ 1580.652438][    C1]  ? mark_lock+0x9a/0x360
[ 1580.656859][    C1]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1580.661926][    C1]  ? __pfx_genl_start+0x10/0x10
[ 1580.666848][    C1]  ? __pfx_genl_dumpit+0x10/0x10
[ 1580.671819][    C1]  ? __pfx_genl_done+0x10/0x10
[ 1580.676665][    C1]  ? __pfx_lock_acquire+0x10/0x10
[ 1580.681724][    C1]  ? __pfx_nl80211_vendor_cmd_dump+0x10/0x10
[ 1580.687827][    C1]  ? __pfx___might_resched+0x10/0x10
[ 1580.693175][    C1]  netlink_rcv_skb+0x1e3/0x430
[ 1580.698036][    C1]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1580.703104][    C1]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1580.708641][    C1]  ? __netlink_deliver_tap+0x77e/0x7c0
[ 1580.714167][    C1]  genl_rcv+0x28/0x40
[ 1580.718301][    C1]  netlink_unicast+0x7ea/0x980
[ 1580.723150][    C1]  ? __pfx_netlink_unicast+0x10/0x10
[ 1580.728540][    C1]  ? __virt_addr_valid+0x183/0x520
[ 1580.733746][    C1]  ? __check_object_size+0x49c/0x900
[ 1580.739141][    C1]  ? bpf_lsm_netlink_send+0x9/0x10
[ 1580.744348][    C1]  netlink_sendmsg+0x8db/0xcb0
[ 1580.749228][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1580.754567][    C1]  ? __import_iovec+0x536/0x820
[ 1580.759495][    C1]  ? aa_sock_msg_perm+0x91/0x160
[ 1580.764476][    C1]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 1580.769853][    C1]  ? security_socket_sendmsg+0x87/0xb0
[ 1580.775401][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1580.780760][    C1]  __sock_sendmsg+0x221/0x270
[ 1580.785550][    C1]  ____sys_sendmsg+0x525/0x7d0
[ 1580.790379][    C1]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1580.795778][    C1]  __sys_sendmsg+0x2b0/0x3a0
[ 1580.800422][    C1]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1580.805673][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1580.812063][    C1]  ? do_syscall_64+0x100/0x230
[ 1580.816912][    C1]  ? do_syscall_64+0xb6/0x230
[ 1580.821625][    C1]  do_syscall_64+0xf3/0x230
[ 1580.826216][    C1]  ? clear_bhb_loop+0x35/0x90
[ 1580.830958][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1580.836965][    C1] RIP: 0033:0x7f9a0a47cea9
[ 1580.841416][    C1] RSP: 002b:00007f9a0b2010c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1580.849919][    C1] RAX: ffffffffffffffda RBX: 00007f9a0a5b3f80 RCX: 00007f9a0a47cea9
[ 1580.858152][    C1] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000003
[ 1580.866188][    C1] RBP: 00007f9a0a4ebff4 R08: 0000000000000000 R09: 0000000000000000
[ 1580.874201][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1580.882335][    C1] R13: 000000000000000b R14: 00007f9a0a5b3f80 R15: 00007ffcc0b58848
[ 1580.890427][    C1]  </TASK>
[ 1580.893488][    C1] DEBUG: waiting rtnl_mutex for 644 jiffies.
[ 1580.899531][    C1] task:kworker/1:2     state:D stack:19600 pid:785   tgid:785   ppid:2      flags:0x00004000
[ 1580.909803][    C1] Workqueue: events linkwatch_event
[ 1580.915124][    C1] Call Trace:
[ 1580.918433][    C1]  <TASK>
[ 1580.921406][    C1]  __schedule+0x17e8/0x4a20
[ 1580.926012][    C1]  ? __pfx___schedule+0x10/0x10
[ 1580.930907][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1580.936995][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1580.942061][    C1]  ? kick_pool+0x1bd/0x620
[ 1580.946550][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1580.951877][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[ 1580.957171][    C1]  ? schedule+0x90/0x320
[ 1580.961460][    C1]  schedule+0x14b/0x320
[ 1580.965696][    C1]  schedule_preempt_disabled+0x13/0x30
[ 1580.971242][    C1]  __mutex_lock+0x6a4/0xd70
[ 1580.975829][    C1]  ? __mutex_lock+0x527/0xd70
[ 1580.980563][    C1]  ? linkwatch_event+0xe/0x60
[ 1580.985321][    C1]  ? __pfx___mutex_lock+0x10/0x10
[ 1580.990408][    C1]  ? process_scheduled_works+0x945/0x1830
[ 1580.996199][    C1]  ? rtnl_lock+0xe7/0x130
[ 1581.000571][    C1]  ? process_scheduled_works+0x945/0x1830
[ 1581.006365][    C1]  linkwatch_event+0xe/0x60
[ 1581.010916][    C1]  process_scheduled_works+0xa2c/0x1830
[ 1581.016580][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1581.022619][    C1]  ? assign_work+0x364/0x3d0
[ 1581.027285][    C1]  worker_thread+0x86d/0xd50
[ 1581.031926][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1581.037913][    C1]  ? __kthread_parkme+0x169/0x1d0
[ 1581.042992][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1581.048182][    C1]  kthread+0x2f0/0x390
[ 1581.052296][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1581.057523][    C1]  ? __pfx_kthread+0x10/0x10
[ 1581.062168][    C1]  ret_from_fork+0x4b/0x80
[ 1581.066671][    C1]  ? __pfx_kthread+0x10/0x10
[ 1581.071322][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1581.076183][    C1]  </TASK>
[ 1581.079235][    C1] 
[ 1581.079235][    C1] Showing all locks held in the system:
[ 1581.087004][    C1] 3 locks held by kworker/u8:1/12:
[ 1581.092156][    C1] 3 locks held by kworker/1:2/785:
[ 1581.097329][    C1]  #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 1581.108426][    C1]  #1: ffffc900036b7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 1581.119513][    C1]  #2: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60
[ 1581.128651][    C1] 2 locks held by getty/4846:
[ 1581.133350][    C1]  #0: ffff88802b0410a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1581.143232][    C1]  #1: ffffc90002f0e2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10
[ 1581.153465][    C1] 3 locks held by kworker/1:7/6740:
[ 1581.158734][    C1]  #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 1581.169832][    C1]  #1: ffffc900036d7d00 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 1581.180947][    C1]  #2: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xe/0x20
[ 1581.191472][    C1] 1 lock held by syz-executor.4/13887:
[ 1581.196994][    C1]  #0: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0
[ 1581.206095][    C1] 4 locks held by kworker/u8:5/14249:
[ 1581.211497][    C1]  #0: ffff888015ed5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 1581.222496][    C1]  #1: ffffc90009567d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 1581.233152][    C1]  #2: ffffffff8f5e2c90 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0
[ 1581.242678][    C1]  #3: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: ieee80211_unregister_hw+0x55/0x2c0
[ 1581.252655][    C1] 2 locks held by syz-executor.2/14724:
[ 1581.258282][    C1] 3 locks held by kworker/u8:6/21517:
[ 1581.263698][    C1]  #0: ffff88802ab50148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 1581.275419][    C1]  #1: ffffc90009487d00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 1581.288353][    C1]  #2: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xd0/0x16f0
[ 1581.297907][    C1] 1 lock held by syz-executor.1/21679:
[ 1581.303400][    C1]  #0: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x839/0x1170
[ 1581.313033][    C1] 1 lock held by syz-executor.0/21863:
[ 1581.318557][    C1]  #0: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x839/0x1170
[ 1581.328272][    C1] 2 locks held by syz-executor.4/21900:
[ 1581.333860][    C1]  #0: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0
[ 1581.343046][    C1]  #1: ffffffff8e33a878 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830
[ 1581.354049][    C1] 3 locks held by syz-executor.2/21923:
[ 1581.359653][    C1]  #0: ffffffff8f655cd0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40
[ 1581.367978][    C1]  #1: ffff88801c68a678 (nlk_cb_mutex-GENERIC){+.+.}-{3:3}, at: __netlink_dump_start+0x119/0x780
[ 1581.378655][    C1]  #2: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: nl80211_vendor_cmd_dump+0x8e/0x1600
[ 1581.388739][    C1] 1 lock held by syz-executor.3/21937:
[ 1581.394227][    C1]  #0: ffff888079d86a18 (&mm->mmap_lock){++++}-{3:3}, at: vm_mmap_pgoff+0x17c/0x3d0
[ 1581.403757][    C1] 4 locks held by syz-executor.3/21938:
[ 1581.409369][    C1]  #0: ffff888079d86a18 (&mm->mmap_lock){++++}-{3:3}, at: __mm_populate+0x1b0/0x460
[ 1581.418899][    C1]  #1: ffffc90000a18c00 (net/core/rtnetlink.c:82){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650
[ 1581.429137][    C1]  #2: ffffffff8e3354a0 (rcu_read_lock){....}-{1:2}, at: report_rtnl_holders+0x20/0x2d0
[ 1581.439020][    C1]  #3: ffffffff8e3354a0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0
[ 1581.448996][    C1] 
[ 1581.451350][    C1] =============================================
[ 1581.451350][    C1] 
[ 1582.531715][    C1] DEBUG: waiting rtnl_mutex for 907 jiffies.
[ 1582.537849][    C1] task:syz-executor.1  state:D stack:19728 pid:21679 tgid:21679 ppid:21668  flags:0x00000002
[ 1582.548123][    C1] Call Trace:
[ 1582.551455][    C1]  <TASK>
[ 1582.554432][    C1]  __schedule+0x17e8/0x4a20
[ 1582.559079][    C1]  ? __pfx___schedule+0x10/0x10
[ 1582.563987][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1582.569127][    C1]  ? __mutex_trylock_common+0x92/0x2e0
[ 1582.574693][    C1]  ? schedule+0x90/0x320
[ 1582.579061][    C1]  schedule+0x14b/0x320
[ 1582.583272][    C1]  schedule_preempt_disabled+0x13/0x30
[ 1582.588819][    C1]  __mutex_lock+0x6a4/0xd70
[ 1582.593412][    C1]  ? __mutex_lock+0x527/0xd70
[ 1582.598185][    C1]  ? rtnetlink_rcv_msg+0x839/0x1170
[ 1582.603442][    C1]  ? __pfx___mutex_lock+0x10/0x10
[ 1582.608577][    C1]  ? rtnl_lock+0xe7/0x130
[ 1582.612951][    C1]  rtnetlink_rcv_msg+0x839/0x1170
[ 1582.618061][    C1]  ? rtnetlink_rcv_msg+0x208/0x1170
[ 1582.623320][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1582.628973][    C1]  ? is_bpf_text_address+0x285/0x2a0
[ 1582.634314][    C1]  ? __pfx_validate_chain+0x10/0x10
[ 1582.639600][    C1]  ? __pfx_validate_chain+0x10/0x10
[ 1582.644904][    C1]  ? arch_stack_walk+0x16d/0x1b0
[ 1582.649907][    C1]  ? mark_lock+0x9a/0x360
[ 1582.654286][    C1]  ? __pfx_validate_chain+0x10/0x10
[ 1582.654942][T14724] bio_check_eod: 14528 callbacks suppressed
[ 1582.654961][T14724] syz-executor.2: attempt to access beyond end of device
[ 1582.654961][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1582.659545][    C1]  ? __lock_acquire+0x1359/0x2000
[ 1582.684179][    C1]  ? mark_lock+0x9a/0x360
[ 1582.685100][T14724] syz-executor.2: attempt to access beyond end of device
[ 1582.685100][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1582.688573][    C1]  ? __lock_acquire+0x1359/0x2000
[ 1582.707374][    C1]  netlink_rcv_skb+0x1e3/0x430
[ 1582.712214][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1582.717779][    C1]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1582.723155][    C1]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1582.728473][    C1]  netlink_unicast+0x7ea/0x980
[ 1582.733307][    C1]  ? __pfx_netlink_unicast+0x10/0x10
[ 1582.738679][    C1]  ? __virt_addr_valid+0x183/0x520
[ 1582.742800][T14724] syz-executor.2: attempt to access beyond end of device
[ 1582.742800][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1582.743850][    C1]  ? __check_object_size+0x49c/0x900
[ 1582.762978][    C1]  ? bpf_lsm_netlink_send+0x9/0x10
[ 1582.768209][    C1]  netlink_sendmsg+0x8db/0xcb0
[ 1582.773046][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1582.776205][T14724] syz-executor.2: attempt to access beyond end of device
[ 1582.776205][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1582.778396][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1582.798128][    C1]  ? aa_sock_msg_perm+0x91/0x160
[ 1582.803125][    C1]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 1582.808493][    C1]  ? security_socket_sendmsg+0x87/0xb0
[ 1582.813999][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1582.815125][T14724] syz-executor.2: attempt to access beyond end of device
[ 1582.815125][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1582.819347][    C1]  __sock_sendmsg+0x221/0x270
[ 1582.837795][    C1]  __sys_sendto+0x3a4/0x4f0
[ 1582.842353][    C1]  ? __pfx___sys_sendto+0x10/0x10
[ 1582.847505][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1582.853560][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1582.860003][    C1]  __x64_sys_sendto+0xde/0x100
[ 1582.863015][T14724] syz-executor.2: attempt to access beyond end of device
[ 1582.863015][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1582.864807][    C1]  do_syscall_64+0xf3/0x230
[ 1582.883028][    C1]  ? clear_bhb_loop+0x35/0x90
[ 1582.887796][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1582.893770][    C1] RIP: 0033:0x7fdddf07eb9c
[ 1582.898256][    C1] RSP: 002b:00007ffd4eba4590 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[ 1582.900954][T14724] syz-executor.2: attempt to access beyond end of device
[ 1582.900954][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1582.906731][    C1] RAX: ffffffffffffffda RBX: 00007fdddfce4620 RCX: 00007fdddf07eb9c
[ 1582.906756][    C1] RDX: 0000000000000028 RSI: 00007fdddfce4670 RDI: 0000000000000003
[ 1582.906775][    C1] RBP: 0000000000000000 R08: 00007ffd4eba45e4 R09: 000000000000000c
[ 1582.906793][    C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[ 1582.906810][    C1] R13: 0000000000000000 R14: 00007fdddfce4670 R15: 0000000000000000
[ 1582.906849][    C1]  </TASK>
[ 1582.906863][    C1] DEBUG: waiting rtnl_mutex for 946 jiffies.
[ 1582.906877][    C1] task:syz-executor.0  state:D stack:21024 pid:21863 tgid:21863 ppid:21860  flags:0x00000002
[ 1582.960917][T14724] syz-executor.2: attempt to access beyond end of device
[ 1582.960917][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1582.963663][    C1] Call Trace:
[ 1582.977292][T14724] syz-executor.2: attempt to access beyond end of device
[ 1582.977292][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1582.979851][    C1]  <TASK>
[ 1582.979873][    C1]  __schedule+0x17e8/0x4a20
[ 1582.979933][    C1]  ? __pfx___schedule+0x10/0x10
[ 1582.979970][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1582.980004][    C1]  ? __mutex_trylock_common+0x92/0x2e0
[ 1582.980055][    C1]  ? schedule+0x90/0x320
[ 1582.980086][    C1]  schedule+0x14b/0x320
[ 1582.980120][    C1]  schedule_preempt_disabled+0x13/0x30
[ 1582.980152][    C1]  __mutex_lock+0x6a4/0xd70
[ 1582.980192][    C1]  ? __mutex_lock+0x527/0xd70
[ 1582.980230][    C1]  ? rtnetlink_rcv_msg+0x839/0x1170
[ 1582.980271][    C1]  ? __pfx___mutex_lock+0x10/0x10
[ 1582.980320][    C1]  ? rtnl_lock+0xe7/0x130
[ 1582.980350][    C1]  rtnetlink_rcv_msg+0x839/0x1170
[ 1582.980394][    C1]  ? rtnetlink_rcv_msg+0x208/0x1170
[ 1582.980436][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1582.980472][    C1]  ? is_bpf_text_address+0x285/0x2a0
[ 1582.980515][    C1]  ? __pfx_validate_chain+0x10/0x10
[ 1582.980558][    C1]  ? __pfx_validate_chain+0x10/0x10
[ 1582.980608][    C1]  ? arch_stack_walk+0x16d/0x1b0
[ 1582.980646][    C1]  ? mark_lock+0x9a/0x360
[ 1582.980677][    C1]  ? __pfx_validate_chain+0x10/0x10
[ 1582.980715][    C1]  ? __lock_acquire+0x1359/0x2000
[ 1582.980768][    C1]  ? mark_lock+0x9a/0x360
[ 1582.980824][    C1]  ? __lock_acquire+0x1359/0x2000
[ 1582.980896][    C1]  netlink_rcv_skb+0x1e3/0x430
[ 1582.980932][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1582.980971][    C1]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1582.981033][    C1]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1582.981069][    C1]  netlink_unicast+0x7ea/0x980
[ 1582.981112][    C1]  ? __pfx_netlink_unicast+0x10/0x10
[ 1582.981139][    C1]  ? __virt_addr_valid+0x183/0x520
[ 1582.981179][    C1]  ? __check_object_size+0x49c/0x900
[ 1582.981212][    C1]  ? bpf_lsm_netlink_send+0x9/0x10
[ 1582.981247][    C1]  netlink_sendmsg+0x8db/0xcb0
[ 1582.981298][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1582.981350][    C1]  ? aa_sock_msg_perm+0x91/0x160
[ 1582.981381][    C1]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 1582.981412][    C1]  ? security_socket_sendmsg+0x87/0xb0
[ 1582.981450][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1582.981482][    C1]  __sock_sendmsg+0x221/0x270
[ 1582.981524][    C1]  __sys_sendto+0x3a4/0x4f0
[ 1582.981567][    C1]  ? __pfx___sys_sendto+0x10/0x10
[ 1582.981626][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1583.019897][T14724] syz-executor.2: attempt to access beyond end of device
[ 1583.019897][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1583.024586][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1583.251870][    C1]  __x64_sys_sendto+0xde/0x100
[ 1583.256726][    C1]  do_syscall_64+0xf3/0x230
[ 1583.261272][    C1]  ? clear_bhb_loop+0x35/0x90
[ 1583.266032][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1583.271977][    C1] RIP: 0033:0x7f5ef8c7eb9c
[ 1583.276461][    C1] RSP: 002b:00007fffc0c6c6a0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[ 1583.284944][    C1] RAX: ffffffffffffffda RBX: 00007f5ef98e4620 RCX: 00007f5ef8c7eb9c
[ 1583.292976][    C1] RDX: 000000000000003c RSI: 00007f5ef98e4670 RDI: 0000000000000003
[ 1583.301021][    C1] RBP: 0000000000000000 R08: 00007fffc0c6c6f4 R09: 000000000000000c
[ 1583.309056][    C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[ 1583.317125][    C1] R13: 0000000000000000 R14: 00007f5ef98e4670 R15: 0000000000000000
[ 1583.325182][    C1]  </TASK>
[ 1583.328233][    C1] DEBUG: waiting rtnl_mutex for 991 jiffies.
[ 1583.334232][    C1] task:kworker/u8:6    state:D stack:24240 pid:21517 tgid:21517 ppid:2      flags:0x00004000
[ 1583.344480][    C1] Workqueue: ipv6_addrconf addrconf_dad_work
[ 1583.350571][    C1] Call Trace:
[ 1583.353886][    C1]  <TASK>
[ 1583.356892][    C1]  __schedule+0x17e8/0x4a20
[ 1583.361488][    C1]  ? __pfx___schedule+0x10/0x10
[ 1583.366443][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1583.371510][    C1]  ? __mutex_trylock_common+0x92/0x2e0
[ 1583.377050][    C1]  ? kthread_data+0x52/0xd0
[ 1583.381599][    C1]  ? schedule+0x90/0x320
[ 1583.385919][    C1]  ? wq_worker_sleeping+0x66/0x240
[ 1583.391103][    C1]  ? schedule+0x90/0x320
[ 1583.395420][    C1]  schedule+0x14b/0x320
[ 1583.399621][    C1]  schedule_preempt_disabled+0x13/0x30
[ 1583.405148][    C1]  __mutex_lock+0x6a4/0xd70
[ 1583.409696][    C1]  ? mark_lock+0x9a/0x360
[ 1583.414109][    C1]  ? __mutex_lock+0x527/0xd70
[ 1583.418871][    C1]  ? addrconf_dad_work+0xd0/0x16f0
[ 1583.424036][    C1]  ? __pfx___mutex_lock+0x10/0x10
[ 1583.429158][    C1]  ? rtnl_lock+0xe7/0x130
[ 1583.433557][    C1]  addrconf_dad_work+0xd0/0x16f0
[ 1583.438682][    C1]  ? __pfx_addrconf_dad_work+0x10/0x10
[ 1583.444199][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1583.450644][    C1]  ? process_scheduled_works+0x945/0x1830
[ 1583.456450][    C1]  process_scheduled_works+0xa2c/0x1830
[ 1583.462173][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1583.468252][    C1]  ? assign_work+0x364/0x3d0
[ 1583.472891][    C1]  worker_thread+0x86d/0xd50
[ 1583.477577][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1583.483525][    C1]  ? __kthread_parkme+0x169/0x1d0
[ 1583.488633][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1583.493908][    C1]  kthread+0x2f0/0x390
[ 1583.498072][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1583.503228][    C1]  ? __pfx_kthread+0x10/0x10
[ 1583.507898][    C1]  ret_from_fork+0x4b/0x80
[ 1583.512360][    C1]  ? __pfx_kthread+0x10/0x10
[ 1583.517036][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1583.521870][    C1]  </TASK>
[ 1583.524950][    C1] DEBUG: holding rtnl_mutex for 1025 jiffies.
[ 1583.531049][    C1] task:syz-executor.4  state:R  running task     stack:25072 pid:21900 tgid:21899 ppid:20592  flags:0x0000400e
[ 1583.542892][    C1] Call Trace:
[ 1583.546248][    C1]  <IRQ>
[ 1583.549127][    C1]  sched_show_task+0x578/0x740
[ 1583.554736][    C1]  ? report_rtnl_holders+0x183/0x2d0
[ 1583.560115][    C1]  ? __pfx__printk+0x10/0x10
[ 1583.564757][    C1]  ? __pfx_sched_show_task+0x10/0x10
[ 1583.570158][    C1]  report_rtnl_holders+0x1ba/0x2d0
[ 1583.575368][    C1]  ? report_rtnl_holders+0x20/0x2d0
[ 1583.580627][    C1]  call_timer_fn+0x18e/0x650
[ 1583.585318][    C1]  ? call_timer_fn+0xc0/0x650
[ 1583.590070][    C1]  ? __pfx_report_rtnl_holders+0x10/0x10
[ 1583.595857][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[ 1583.601043][    C1]  ? __pfx_report_rtnl_holders+0x10/0x10
[ 1583.606776][    C1]  ? __pfx_report_rtnl_holders+0x10/0x10
[ 1583.612481][    C1]  ? __pfx_report_rtnl_holders+0x10/0x10
[ 1583.618295][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1583.623542][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[ 1583.628840][    C1]  ? __pfx_report_rtnl_holders+0x10/0x10
[ 1583.634620][    C1]  __run_timer_base+0x66a/0x8e0
[ 1583.639587][    C1]  ? __pfx___run_timer_base+0x10/0x10
[ 1583.645066][    C1]  run_timer_softirq+0xb7/0x170
[ 1583.650852][    C1]  handle_softirqs+0x2c4/0x970
[ 1583.655708][    C1]  ? __irq_exit_rcu+0xf4/0x1c0
[ 1583.660574][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[ 1583.665962][    C1]  ? irqtime_account_irq+0xd4/0x1e0
[ 1583.671232][    C1]  __irq_exit_rcu+0xf4/0x1c0
[ 1583.675910][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[ 1583.681187][    C1]  irq_exit_rcu+0x9/0x30
[ 1583.685505][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[ 1583.691223][    C1]  </IRQ>
[ 1583.694194][    C1]  <TASK>
[ 1583.697228][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1583.703256][    C1] RIP: 0010:preempt_schedule_irq+0xf6/0x1c0
[ 1583.709235][    C1] Code: 89 f5 49 c1 ed 03 eb 0d 48 f7 03 08 00 00 00 0f 84 8b 00 00 00 bf 01 00 00 00 e8 55 7b ce f5 e8 c0 c0 06 f6 fb bf 01 00 00 00 <e8> 95 ad ff ff 43 80 7c 3d 00 00 74 08 4c 89 f7 e8 35 62 65 f6 48
[ 1583.729020][    C1] RSP: 0018:ffffc900094b7500 EFLAGS: 00000286
[ 1583.735169][    C1] RAX: 2886f762eabe9100 RBX: 1ffff92001296ea8 RCX: ffffffff816fafba
[ 1583.743186][    C1] RDX: dffffc0000000000 RSI: ffffffff8bcac1a0 RDI: 0000000000000001
[ 1583.751276][    C1] RBP: ffffc900094b75b0 R08: ffffffff92fcb74f R09: 1ffffffff25f96e9
[ 1583.759417][    C1] R10: dffffc0000000000 R11: fffffbfff25f96ea R12: 1ffff92001296ea0
[ 1583.767640][    C1] R13: 1ffff92001296ea4 R14: ffffc900094b7520 R15: dffffc0000000000
[ 1583.775704][    C1]  ? mark_lock+0x9a/0x360
[ 1583.780130][    C1]  ? __pfx_preempt_schedule_irq+0x10/0x10
[ 1583.785945][    C1]  irqentry_exit+0x5e/0x90
[ 1583.790418][    C1]  asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1583.795948][    C1] RIP: 0010:synchronize_rcu+0x0/0x360
[ 1583.801465][    C1] Code: e1 07 80 c1 03 38 c1 0f 8c 97 fe ff ff 4c 89 f7 e8 05 b8 7f 00 e9 8a fe ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 e4 e0 48
[ 1583.821176][    C1] RSP: 0018:ffffc900094b7678 EFLAGS: 00000206
[ 1583.827333][    C1] RAX: dffffc0000000000 RBX: 1ffff92001296ed8 RCX: ffffffff947c3803
[ 1583.835389][    C1] RDX: 0000000000000001 RSI: ffffffff8bcace80 RDI: ffffffff8c200760
[ 1583.843428][    C1] RBP: ffffc900094b7758 R08: ffffffff947b319f R09: 1ffffffff28f6633
[ 1583.851543][    C1] R10: dffffc0000000000 R11: fffffbfff28f6634 R12: ffffffff947aedf8
[ 1583.859624][    C1] R13: 1ffff92001296ed4 R14: 0000000000000a07 R15: ffffc900094b76c0
[ 1583.867812][    C1]  lockdep_unregister_key+0x4b7/0x540
[ 1583.873260][    C1]  ? __pfx_lockdep_unregister_key+0x10/0x10
[ 1583.879245][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[ 1583.884513][    C1]  ? __qdisc_destroy+0x150/0x410
[ 1583.889550][    C1]  ? kfree+0x149/0x360
[ 1583.893699][    C1]  ? __pfx_pfifo_fast_destroy+0x10/0x10
[ 1583.899451][    C1]  __qdisc_destroy+0x165/0x410
[ 1583.904289][    C1]  dev_shutdown+0x9b/0x440
[ 1583.908806][    C1]  unregister_netdevice_many_notify+0x977/0x16b0
[ 1583.915257][    C1]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[ 1583.922077][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1583.928142][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1583.934517][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[ 1583.939826][    C1]  unregister_netdevice_queue+0x303/0x370
[ 1583.945638][    C1]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[ 1583.951939][    C1]  __tun_detach+0x6b6/0x1600
[ 1583.956628][    C1]  tun_chr_close+0x108/0x1b0
[ 1583.961260][    C1]  ? __pfx_tun_chr_close+0x10/0x10
[ 1583.966459][    C1]  __fput+0x406/0x8b0
[ 1583.970512][    C1]  task_work_run+0x24f/0x310
[ 1583.975194][    C1]  ? __pfx_task_work_run+0x10/0x10
[ 1583.980370][    C1]  get_signal+0x15e6/0x1740
[ 1583.984965][    C1]  ? __pfx_get_signal+0x10/0x10
[ 1583.989903][    C1]  arch_do_signal_or_restart+0x96/0x830
[ 1583.995551][    C1]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1584.001745][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1584.007918][    C1]  ? syscall_exit_to_user_mode+0xa3/0x370
[ 1584.013706][    C1]  syscall_exit_to_user_mode+0xc9/0x370
[ 1584.019380][    C1]  do_syscall_64+0x100/0x230
[ 1584.024025][    C1]  ? clear_bhb_loop+0x35/0x90
[ 1584.028791][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1584.034822][    C1] RIP: 0033:0x7f5f72e7cea9
[ 1584.039321][    C1] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 1584.059086][    C1] RSP: 002b:00007f5f729ff0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1584.067596][    C1] RAX: 0000000000000000 RBX: 00007f5f72fb3f80 RCX: 00007f5f72e7cea9
[ 1584.075658][    C1] RDX: 0000000020000040 RSI: 00000000400454ca RDI: 0000000000000004
[ 1584.083671][    C1] RBP: 00007f5f72eebff4 R08: 0000000000000000 R09: 0000000000000000
[ 1584.091728][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1584.099818][    C1] R13: 000000000000000b R14: 00007f5f72fb3f80 R15: 00007ffd1212c608
[ 1584.107886][    C1]  </TASK>
[ 1584.110943][    C1] DEBUG: waiting rtnl_mutex for 1074 jiffies.
[ 1584.117062][    C1] task:kworker/u8:5    state:D stack:20184 pid:14249 tgid:14249 ppid:2      flags:0x00004000
[ 1584.127301][    C1] Workqueue: netns cleanup_net
[ 1584.132116][    C1] Call Trace:
[ 1584.135482][    C1]  <TASK>
[ 1584.138448][    C1]  __schedule+0x17e8/0x4a20
[ 1584.143031][    C1]  ? __pfx___schedule+0x10/0x10
[ 1584.147969][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1584.153047][    C1]  ? __mutex_trylock_common+0x92/0x2e0
[ 1584.158605][    C1]  ? kthread_data+0x52/0xd0
[ 1584.163163][    C1]  ? schedule+0x90/0x320
[ 1584.167496][    C1]  ? wq_worker_sleeping+0x66/0x240
[ 1584.172652][    C1]  ? schedule+0x90/0x320
[ 1584.176971][    C1]  schedule+0x14b/0x320
[ 1584.181176][    C1]  schedule_preempt_disabled+0x13/0x30
[ 1584.186719][    C1]  __mutex_lock+0x6a4/0xd70
[ 1584.191310][    C1]  ? __mutex_lock+0x527/0xd70
[ 1584.196082][    C1]  ? ieee80211_unregister_hw+0x55/0x2c0
[ 1584.201684][    C1]  ? __pfx___mutex_lock+0x10/0x10
[ 1584.206797][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1584.212745][    C1]  ? rcu_is_watching+0x15/0xb0
[ 1584.217598][    C1]  ? rtnl_lock+0xe7/0x130
[ 1584.221975][    C1]  ieee80211_unregister_hw+0x55/0x2c0
[ 1584.227432][    C1]  mac80211_hwsim_del_radio+0x2c2/0x4c0
[ 1584.233032][    C1]  ? __pfx_mac80211_hwsim_del_radio+0x10/0x10
[ 1584.239187][    C1]  hwsim_exit_net+0x5c1/0x670
[ 1584.243910][    C1]  ? __pfx_hwsim_exit_net+0x10/0x10
[ 1584.249192][    C1]  ? __ip_vs_dev_cleanup_batch+0x239/0x260
[ 1584.255088][    C1]  cleanup_net+0x802/0xcc0
[ 1584.259554][    C1]  ? __pfx_cleanup_net+0x10/0x10
[ 1584.264546][    C1]  ? process_scheduled_works+0x945/0x1830
[ 1584.270344][    C1]  process_scheduled_works+0xa2c/0x1830
[ 1584.276007][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1584.282128][    C1]  ? assign_work+0x364/0x3d0
[ 1584.286794][    C1]  worker_thread+0x86d/0xd50
[ 1584.291470][    C1]  ? __kthread_parkme+0x169/0x1d0
[ 1584.296584][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1584.301733][    C1]  kthread+0x2f0/0x390
[ 1584.305880][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1584.311036][    C1]  ? __pfx_kthread+0x10/0x10
[ 1584.315798][    C1]  ret_from_fork+0x4b/0x80
[ 1584.320261][    C1]  ? __pfx_kthread+0x10/0x10
[ 1584.324930][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1584.329763][    C1]  </TASK>
[ 1584.332814][    C1] DEBUG: waiting rtnl_mutex for 1022 jiffies.
[ 1584.338942][    C1] task:syz-executor.2  state:D stack:26112 pid:21923 tgid:21922 ppid:20046  flags:0x00000006
[ 1584.349190][    C1] Call Trace:
[ 1584.352500][    C1]  <TASK>
[ 1584.355500][    C1]  __schedule+0x17e8/0x4a20
[ 1584.360080][    C1]  ? __pfx___schedule+0x10/0x10
[ 1584.365462][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1584.370539][    C1]  ? __mutex_trylock_common+0x92/0x2e0
[ 1584.376107][    C1]  ? schedule+0x90/0x320
[ 1584.380399][    C1]  schedule+0x14b/0x320
[ 1584.384601][    C1]  schedule_preempt_disabled+0x13/0x30
[ 1584.390149][    C1]  __mutex_lock+0x6a4/0xd70
[ 1584.394715][    C1]  ? __mutex_lock+0x527/0xd70
[ 1584.399488][    C1]  ? nl80211_vendor_cmd_dump+0x8e/0x1600
[ 1584.405201][    C1]  ? __pfx___mutex_lock+0x10/0x10
[ 1584.410296][    C1]  ? rtnl_lock+0xe7/0x130
[ 1584.414676][    C1]  nl80211_vendor_cmd_dump+0x8e/0x1600
[ 1584.420224][    C1]  ? trace_kmalloc+0x1f/0xd0
[ 1584.424896][    C1]  ? kmalloc_node_track_caller_noprof+0x242/0x440
[ 1584.431368][    C1]  ? __build_skb_around+0x245/0x3d0
[ 1584.436648][    C1]  ? __pfx_nl80211_vendor_cmd_dump+0x10/0x10
[ 1584.442671][    C1]  ? __alloc_skb+0x28f/0x440
[ 1584.447339][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1584.453463][    C1]  ? __pfx___alloc_skb+0x10/0x10
[ 1584.458485][    C1]  genl_dumpit+0x107/0x1a0
[ 1584.462952][    C1]  netlink_dump+0x645/0xd80
[ 1584.467577][    C1]  ? __pfx_netlink_dump+0x10/0x10
[ 1584.472668][    C1]  ? __asan_memset+0x23/0x50
[ 1584.477340][    C1]  ? genl_start+0x4a8/0x6d0
[ 1584.481894][    C1]  __netlink_dump_start+0x59d/0x780
[ 1584.487203][    C1]  genl_rcv_msg+0x88c/0xec0
[ 1584.491777][    C1]  ? mark_lock+0x9a/0x360
[ 1584.496197][    C1]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1584.501267][    C1]  ? __pfx_genl_start+0x10/0x10
[ 1584.506194][    C1]  ? __pfx_genl_dumpit+0x10/0x10
[ 1584.511166][    C1]  ? __pfx_genl_done+0x10/0x10
[ 1584.516050][    C1]  ? __pfx_lock_acquire+0x10/0x10
[ 1584.521119][    C1]  ? __pfx_nl80211_vendor_cmd_dump+0x10/0x10
[ 1584.527186][    C1]  ? __pfx___might_resched+0x10/0x10
[ 1584.532534][    C1]  netlink_rcv_skb+0x1e3/0x430
[ 1584.537391][    C1]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1584.542470][    C1]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1584.547847][    C1]  ? __netlink_deliver_tap+0x77e/0x7c0
[ 1584.553378][    C1]  genl_rcv+0x28/0x40
[ 1584.557559][    C1]  netlink_unicast+0x7ea/0x980
[ 1584.562386][    C1]  ? __pfx_netlink_unicast+0x10/0x10
[ 1584.567755][    C1]  ? __virt_addr_valid+0x183/0x520
[ 1584.572923][    C1]  ? __check_object_size+0x49c/0x900
[ 1584.578293][    C1]  ? bpf_lsm_netlink_send+0x9/0x10
[ 1584.583458][    C1]  netlink_sendmsg+0x8db/0xcb0
[ 1584.588323][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1584.593686][    C1]  ? __import_iovec+0x536/0x820
[ 1584.598619][    C1]  ? aa_sock_msg_perm+0x91/0x160
[ 1584.603603][    C1]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 1584.608971][    C1]  ? security_socket_sendmsg+0x87/0xb0
[ 1584.614486][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1584.619854][    C1]  __sock_sendmsg+0x221/0x270
[ 1584.624585][    C1]  ____sys_sendmsg+0x525/0x7d0
[ 1584.629451][    C1]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1584.634810][    C1]  __sys_sendmsg+0x2b0/0x3a0
[ 1584.639492][    C1]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1584.644706][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1584.651115][    C1]  ? do_syscall_64+0x100/0x230
[ 1584.655963][    C1]  ? do_syscall_64+0xb6/0x230
[ 1584.660686][    C1]  do_syscall_64+0xf3/0x230
[ 1584.665268][    C1]  ? clear_bhb_loop+0x35/0x90
[ 1584.669992][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1584.675962][    C1] RIP: 0033:0x7f9a0a47cea9
[ 1584.680416][    C1] RSP: 002b:00007f9a0b2010c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1584.689003][    C1] RAX: ffffffffffffffda RBX: 00007f9a0a5b3f80 RCX: 00007f9a0a47cea9
[ 1584.697062][    C1] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000003
[ 1584.705194][    C1] RBP: 00007f9a0a4ebff4 R08: 0000000000000000 R09: 0000000000000000
[ 1584.713287][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1584.721344][    C1] R13: 000000000000000b R14: 00007f9a0a5b3f80 R15: 00007ffcc0b58848
[ 1584.724843][T21945] loop3: detected capacity change from 0 to 40427
[ 1584.735839][    C1]  </TASK>
[ 1584.735856][    C1] DEBUG: waiting rtnl_mutex for 1029 jiffies.
[ 1584.735873][    C1] task:kworker/1:2     state:D stack:19600 pid:785   tgid:785   ppid:2      flags:0x00004000
[ 1584.735920][    C1] Workqueue: events linkwatch_event
[ 1584.735954][    C1] Call Trace:
[ 1584.735965][    C1]  <TASK>
[ 1584.735981][    C1]  __schedule+0x17e8/0x4a20
[ 1584.736042][    C1]  ? __pfx___schedule+0x10/0x10
[ 1584.736076][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1584.736109][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1584.736143][    C1]  ? kick_pool+0x1bd/0x620
[ 1584.736180][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1584.755212][T21945] F2FS-fs (loop3): Invalid log blocks per segment (4278190089)
[ 1584.755504][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[ 1584.760660][T21945] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[ 1584.763950][    C1]  ? schedule+0x90/0x320
[ 1584.792876][T21945] F2FS-fs (loop3): invalid crc value
[ 1584.797432][    C1]  schedule+0x14b/0x320
[ 1584.797480][    C1]  schedule_preempt_disabled+0x13/0x30
[ 1584.797512][    C1]  __mutex_lock+0x6a4/0xd70
[ 1584.797550][    C1]  ? __mutex_lock+0x527/0xd70
[ 1584.832396][T21945] F2FS-fs (loop3): Found nat_bits in checkpoint
[ 1584.837827][    C1]  ? linkwatch_event+0xe/0x60
[ 1584.858200][    C1]  ? __pfx___mutex_lock+0x10/0x10
[ 1584.863301][    C1]  ? process_scheduled_works+0x945/0x1830
[ 1584.869109][    C1]  ? rtnl_lock+0xe7/0x130
[ 1584.873503][    C1]  ? process_scheduled_works+0x945/0x1830
[ 1584.879335][    C1]  linkwatch_event+0xe/0x60
[ 1584.884013][    C1]  process_scheduled_works+0xa2c/0x1830
[ 1584.889717][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1584.895802][    C1]  ? assign_work+0x364/0x3d0
[ 1584.900452][    C1]  worker_thread+0x86d/0xd50
[ 1584.905142][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1584.911091][    C1]  ? __kthread_parkme+0x169/0x1d0
[ 1584.916200][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1584.921361][    C1]  kthread+0x2f0/0x390
[ 1584.925512][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1584.930672][    C1]  ? __pfx_kthread+0x10/0x10
[ 1584.935449][    C1]  ret_from_fork+0x4b/0x80
[ 1584.939915][    C1]  ? __pfx_kthread+0x10/0x10
[ 1584.944560][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1584.949438][    C1]  </TASK>
[ 1584.952511][    C1] DEBUG: waiting rtnl_mutex for 845 jiffies.
[ 1584.958558][    C1] task:syz-executor.4  state:D stack:17824 pid:13887 tgid:13886 ppid:11264  flags:0x00004002
[ 1584.968820][    C1] Call Trace:
[ 1584.972145][    C1]  <TASK>
[ 1584.975237][    C1]  __schedule+0x17e8/0x4a20
[ 1584.979827][    C1]  ? __pfx___schedule+0x10/0x10
[ 1584.980172][T21945] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[ 1584.984713][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1584.996910][    C1]  ? __mutex_trylock_common+0x92/0x2e0
[ 1585.002469][    C1]  ? schedule+0x90/0x320
[ 1585.006793][    C1]  schedule+0x14b/0x320
[ 1585.011000][    C1]  schedule_preempt_disabled+0x13/0x30
[ 1585.015116][T21945] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1585.016520][    C1]  __mutex_lock+0x6a4/0xd70
[ 1585.028534][    C1]  ? __mutex_lock+0x527/0xd70
[ 1585.033267][    C1]  ? tun_chr_close+0x3e/0x1b0
[ 1585.038026][    C1]  ? __pfx___mutex_lock+0x10/0x10
[ 1585.043133][    C1]  ? rtnl_lock+0xe7/0x130
[ 1585.047545][    C1]  tun_chr_close+0x3e/0x1b0
[ 1585.052094][    C1]  ? __pfx_tun_chr_close+0x10/0x10
[ 1585.057293][    C1]  __fput+0x406/0x8b0
[ 1585.059481][T21945] UBIFS error (pid: 21945): cannot open "./file0", error -22
[ 1585.061327][    C1]  task_work_run+0x24f/0x310
[ 1585.065516][   T29] audit: type=1804 audit(2000009242.953:1864): pid=21945 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir4070327743/syzkaller.IuBrRH/346/file2/file0" dev="loop3" ino=10 res=1 errno=0
[ 1585.068773][    C1]  ? __pfx_task_work_run+0x10/0x10
[ 1585.104408][    C1]  ? do_exit+0xa22/0x28e0
[ 1585.108831][    C1]  ? kmem_cache_free+0x145/0x350
[ 1585.113837][    C1]  do_exit+0xa27/0x28e0
[ 1585.118116][    C1]  ? __pfx_do_exit+0x10/0x10
[ 1585.122758][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1585.128823][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1585.135234][    C1]  ? cgroup_freezing+0x2a8/0x350
[ 1585.140230][    C1]  do_group_exit+0x207/0x2c0
[ 1585.144903][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1585.150136][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[ 1585.155617][    C1]  get_signal+0x16a1/0x1740
[ 1585.160157][    C1]  ? kasan_quarantine_put+0xdc/0x230
[ 1585.165534][    C1]  ? __pfx_get_signal+0x10/0x10
[ 1585.170427][    C1]  ? do_sys_openat2+0x17a/0x1d0
[ 1585.175354][    C1]  ? __might_fault+0xaa/0x120
[ 1585.180113][    C1]  arch_do_signal_or_restart+0x96/0x830
[ 1585.185767][    C1]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1585.191988][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1585.198061][    C1]  ? syscall_exit_to_user_mode+0xa3/0x370
[ 1585.203831][    C1]  syscall_exit_to_user_mode+0xc9/0x370
[ 1585.209470][    C1]  do_syscall_64+0x100/0x230
[ 1585.214105][    C1]  ? clear_bhb_loop+0x35/0x90
[ 1585.218878][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1585.224934][    C1] RIP: 0033:0x7ff03de7cea9
[ 1585.229648][    C1] RSP: 002b:00007ff03eb390c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1585.238151][    C1] RAX: ffffffffffffffe4 RBX: 00007ff03dfb3f80 RCX: 00007ff03de7cea9
[ 1585.246367][    C1] RDX: 000000000000275a RSI: 0000000020000040 RDI: ffffffffffffff9c
[ 1585.254386][    C1] RBP: 00007ff03deebff4 R08: 0000000000000000 R09: 0000000000000000
[ 1585.262437][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1585.270480][    C1] R13: 000000000000000b R14: 00007ff03dfb3f80 R15: 00007ffecc856a38
[ 1585.278544][    C1]  </TASK>
[ 1585.281622][    C1] DEBUG: waiting rtnl_mutex for 842 jiffies.
[ 1585.287664][    C1] task:kworker/1:7     state:D stack:21392 pid:6740  tgid:6740  ppid:2      flags:0x00004000
[ 1585.297932][    C1] Workqueue: events switchdev_deferred_process_work
[ 1585.304575][    C1] Call Trace:
[ 1585.307932][    C1]  <TASK>
[ 1585.310893][    C1]  __schedule+0x17e8/0x4a20
[ 1585.315506][    C1]  ? __pfx___schedule+0x10/0x10
[ 1585.320400][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1585.326463][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1585.331531][    C1]  ? kick_pool+0x45c/0x620
[ 1585.336017][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1585.341427][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[ 1585.346711][    C1]  ? schedule+0x90/0x320
[ 1585.351083][    C1]  schedule+0x14b/0x320
[ 1585.355318][    C1]  schedule_preempt_disabled+0x13/0x30
[ 1585.360830][    C1]  __mutex_lock+0x6a4/0xd70
[ 1585.365448][    C1]  ? __mutex_lock+0x527/0xd70
[ 1585.370176][    C1]  ? switchdev_deferred_process_work+0xe/0x20
[ 1585.376354][    C1]  ? __pfx___mutex_lock+0x10/0x10
[ 1585.381430][    C1]  ? process_scheduled_works+0x945/0x1830
[ 1585.387228][    C1]  ? rtnl_lock+0xe7/0x130
[ 1585.391656][    C1]  ? process_scheduled_works+0x945/0x1830
[ 1585.397453][    C1]  switchdev_deferred_process_work+0xe/0x20
[ 1585.403399][    C1]  process_scheduled_works+0xa2c/0x1830
[ 1585.409061][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1585.415132][    C1]  ? assign_work+0x364/0x3d0
[ 1585.419768][    C1]  worker_thread+0x86d/0xd50
[ 1585.424405][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1585.430494][    C1]  ? __kthread_parkme+0x169/0x1d0
[ 1585.435692][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1585.440880][    C1]  kthread+0x2f0/0x390
[ 1585.445023][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1585.450173][    C1]  ? __pfx_kthread+0x10/0x10
[ 1585.454803][    C1]  ret_from_fork+0x4b/0x80
[ 1585.459306][    C1]  ? __pfx_kthread+0x10/0x10
[ 1585.463946][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1585.468805][    C1]  </TASK>
[ 1585.471860][    C1] 
[ 1585.471860][    C1] Showing all locks held in the system:
[ 1585.479730][    C1] 3 locks held by kworker/1:2/785:
[ 1585.484901][    C1]  #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 1585.495989][    C1]  #1: ffffc900036b7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 1585.507074][    C1]  #2: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60
[ 1585.516195][    C1] 2 locks held by getty/4846:
[ 1585.520911][    C1]  #0: ffff88802b0410a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1585.530822][    C1]  #1: ffffc90002f0e2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10
[ 1585.541054][    C1] 3 locks held by kworker/1:7/6740:
[ 1585.546316][    C1]  #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 1585.557407][    C1]  #1: ffffc900036d7d00 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 1585.568498][    C1]  #2: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xe/0x20
[ 1585.578974][    C1] 1 lock held by syz-executor.4/13887:
[ 1585.584485][    C1]  #0: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0
[ 1585.593575][    C1] 4 locks held by kworker/u8:5/14249:
[ 1585.599002][    C1]  #0: ffff888015ed5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 1585.609986][    C1]  #1: ffffc90009567d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 1585.620627][    C1]  #2: ffffffff8f5e2c90 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0
[ 1585.630176][    C1]  #3: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: ieee80211_unregister_hw+0x55/0x2c0
[ 1585.640142][    C1] 2 locks held by syz-executor.2/14724:
[ 1585.645847][    C1] 1 lock held by syz-executor.3/18375:
[ 1585.651336][    C1]  #0: ffffffff8e33a878 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830
[ 1585.662449][    C1] 3 locks held by kworker/u8:6/21517:
[ 1585.667892][    C1]  #0: ffff88802ab50148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 1585.679675][    C1]  #1: ffffc90009487d00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 1585.692591][    C1]  #2: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xd0/0x16f0
[ 1585.702126][    C1] 1 lock held by syz-executor.1/21679:
[ 1585.707670][    C1]  #0: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x839/0x1170
[ 1585.717296][    C1] 1 lock held by syz-executor.0/21863:
[ 1585.722792][    C1]  #0: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x839/0x1170
[ 1585.732491][    C1] 4 locks held by syz-executor.4/21900:
[ 1585.738091][    C1]  #0: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0
[ 1585.747632][    C1]  #1: ffffc90000a18c00 (net/core/rtnetlink.c:82){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650
[ 1585.757936][    C1]  #2: ffffffff8e3354a0 (rcu_read_lock){....}-{1:2}, at: report_rtnl_holders+0x20/0x2d0
[ 1585.767800][    C1]  #3: ffffffff8e3354a0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0
[ 1585.777858][    C1] 3 locks held by syz-executor.2/21923:
[ 1585.783443][    C1]  #0: ffffffff8f655cd0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40
[ 1585.791827][    C1]  #1: ffff88801c68a678 (nlk_cb_mutex-GENERIC){+.+.}-{3:3}, at: __netlink_dump_start+0x119/0x780
[ 1585.802501][    C1]  #2: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: nl80211_vendor_cmd_dump+0x8e/0x1600
[ 1585.812593][    C1] 
[ 1585.814976][    C1] =============================================
[ 1585.814976][    C1] 
[ 1585.833494][T18375] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[ 1585.865737][T18375] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[ 1586.847692][    C1] DEBUG: waiting rtnl_mutex for 1339 jiffies.
[ 1586.853850][    C1] task:syz-executor.1  state:D stack:19728 pid:21679 tgid:21679 ppid:21668  flags:0x00000002
[ 1586.864100][    C1] Call Trace:
[ 1586.867540][    C1]  <TASK>
[ 1586.870590][    C1]  __schedule+0x17e8/0x4a20
[ 1586.875183][    C1]  ? __pfx___schedule+0x10/0x10
[ 1586.880073][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1586.885159][    C1]  ? __mutex_trylock_common+0x92/0x2e0
[ 1586.890701][    C1]  ? schedule+0x90/0x320
[ 1586.894993][    C1]  schedule+0x14b/0x320
[ 1586.899198][    C1]  schedule_preempt_disabled+0x13/0x30
[ 1586.904704][    C1]  __mutex_lock+0x6a4/0xd70
[ 1586.909319][    C1]  ? __mutex_lock+0x527/0xd70
[ 1586.914059][    C1]  ? rtnetlink_rcv_msg+0x839/0x1170
[ 1586.919342][    C1]  ? __pfx___mutex_lock+0x10/0x10
[ 1586.924441][    C1]  ? rtnl_lock+0xe7/0x130
[ 1586.928852][    C1]  rtnetlink_rcv_msg+0x839/0x1170
[ 1586.933934][    C1]  ? rtnetlink_rcv_msg+0x208/0x1170
[ 1586.939225][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1586.944736][    C1]  ? is_bpf_text_address+0x285/0x2a0
[ 1586.950119][    C1]  ? __pfx_validate_chain+0x10/0x10
[ 1586.955411][    C1]  ? __pfx_validate_chain+0x10/0x10
[ 1586.960662][    C1]  ? arch_stack_walk+0x16d/0x1b0
[ 1586.965680][    C1]  ? mark_lock+0x9a/0x360
[ 1586.970050][    C1]  ? __pfx_validate_chain+0x10/0x10
[ 1586.975335][    C1]  ? __lock_acquire+0x1359/0x2000
[ 1586.980431][    C1]  ? mark_lock+0x9a/0x360
[ 1586.984804][    C1]  ? __lock_acquire+0x1359/0x2000
[ 1586.990036][    C1]  netlink_rcv_skb+0x1e3/0x430
[ 1586.994893][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1587.000408][    C1]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1587.005810][    C1]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1587.011065][    C1]  netlink_unicast+0x7ea/0x980
[ 1587.015937][    C1]  ? __pfx_netlink_unicast+0x10/0x10
[ 1587.021274][    C1]  ? __virt_addr_valid+0x183/0x520
[ 1587.026488][    C1]  ? __check_object_size+0x49c/0x900
[ 1587.031821][    C1]  ? bpf_lsm_netlink_send+0x9/0x10
[ 1587.037015][    C1]  netlink_sendmsg+0x8db/0xcb0
[ 1587.041849][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1587.047313][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1587.053363][    C1]  ? aa_sock_msg_perm+0x91/0x160
[ 1587.058400][    C1]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 1587.063754][    C1]  ? security_socket_sendmsg+0x87/0xb0
[ 1587.069316][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1587.074663][    C1]  __sock_sendmsg+0x221/0x270
[ 1587.079443][    C1]  __sys_sendto+0x3a4/0x4f0
[ 1587.084066][    C1]  ? __pfx___sys_sendto+0x10/0x10
[ 1587.089201][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1587.095288][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1587.101673][    C1]  __x64_sys_sendto+0xde/0x100
[ 1587.106596][    C1]  do_syscall_64+0xf3/0x230
[ 1587.111314][    C1]  ? clear_bhb_loop+0x35/0x90
[ 1587.116085][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1587.122032][    C1] RIP: 0033:0x7fdddf07eb9c
[ 1587.126519][    C1] RSP: 002b:00007ffd4eba4590 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[ 1587.135032][    C1] RAX: ffffffffffffffda RBX: 00007fdddfce4620 RCX: 00007fdddf07eb9c
[ 1587.143049][    C1] RDX: 0000000000000028 RSI: 00007fdddfce4670 RDI: 0000000000000003
[ 1587.151182][    C1] RBP: 0000000000000000 R08: 00007ffd4eba45e4 R09: 000000000000000c
[ 1587.159226][    C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[ 1587.167270][    C1] R13: 0000000000000000 R14: 00007fdddfce4670 R15: 0000000000000000
[ 1587.175340][    C1]  </TASK>
[ 1587.178397][    C1] DEBUG: waiting rtnl_mutex for 1373 jiffies.
[ 1587.184500][    C1] task:syz-executor.0  state:D stack:21024 pid:21863 tgid:21863 ppid:21860  flags:0x00000002
[ 1587.194850][    C1] Call Trace:
[ 1587.198191][    C1]  <TASK>
[ 1587.201154][    C1]  __schedule+0x17e8/0x4a20
[ 1587.205755][    C1]  ? __pfx___schedule+0x10/0x10
[ 1587.210653][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1587.215764][    C1]  ? __mutex_trylock_common+0x92/0x2e0
[ 1587.221306][    C1]  ? schedule+0x90/0x320
[ 1587.225634][    C1]  schedule+0x14b/0x320
[ 1587.229832][    C1]  schedule_preempt_disabled+0x13/0x30
[ 1587.235363][    C1]  __mutex_lock+0x6a4/0xd70
[ 1587.240108][    C1]  ? __mutex_lock+0x527/0xd70
[ 1587.244835][    C1]  ? rtnetlink_rcv_msg+0x839/0x1170
[ 1587.250115][    C1]  ? __pfx___mutex_lock+0x10/0x10
[ 1587.255238][    C1]  ? rtnl_lock+0xe7/0x130
[ 1587.259614][    C1]  rtnetlink_rcv_msg+0x839/0x1170
[ 1587.264702][    C1]  ? rtnetlink_rcv_msg+0x208/0x1170
[ 1587.269999][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1587.275543][    C1]  ? is_bpf_text_address+0x285/0x2a0
[ 1587.280894][    C1]  ? __pfx_validate_chain+0x10/0x10
[ 1587.286189][    C1]  ? __pfx_validate_chain+0x10/0x10
[ 1587.291472][    C1]  ? arch_stack_walk+0x16d/0x1b0
[ 1587.296509][    C1]  ? mark_lock+0x9a/0x360
[ 1587.300896][    C1]  ? __pfx_validate_chain+0x10/0x10
[ 1587.306193][    C1]  ? __lock_acquire+0x1359/0x2000
[ 1587.311288][    C1]  ? mark_lock+0x9a/0x360
[ 1587.315711][    C1]  ? __lock_acquire+0x1359/0x2000
[ 1587.320853][    C1]  netlink_rcv_skb+0x1e3/0x430
[ 1587.325710][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1587.331231][    C1]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1587.336662][    C1]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1587.342011][    C1]  netlink_unicast+0x7ea/0x980
[ 1587.346871][    C1]  ? __pfx_netlink_unicast+0x10/0x10
[ 1587.352232][    C1]  ? __virt_addr_valid+0x183/0x520
[ 1587.357432][    C1]  ? __check_object_size+0x49c/0x900
[ 1587.362767][    C1]  ? bpf_lsm_netlink_send+0x9/0x10
[ 1587.367973][    C1]  netlink_sendmsg+0x8db/0xcb0
[ 1587.372844][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1587.378269][    C1]  ? aa_sock_msg_perm+0x91/0x160
[ 1587.383266][    C1]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 1587.388634][    C1]  ? security_socket_sendmsg+0x87/0xb0
[ 1587.394171][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1587.399551][    C1]  __sock_sendmsg+0x221/0x270
[ 1587.404382][    C1]  __sys_sendto+0x3a4/0x4f0
[ 1587.408984][    C1]  ? __pfx___sys_sendto+0x10/0x10
[ 1587.414089][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1587.420160][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1587.426585][    C1]  __x64_sys_sendto+0xde/0x100
[ 1587.431421][    C1]  do_syscall_64+0xf3/0x230
[ 1587.436005][    C1]  ? clear_bhb_loop+0x35/0x90
[ 1587.440740][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1587.446714][    C1] RIP: 0033:0x7f5ef8c7eb9c
[ 1587.451177][    C1] RSP: 002b:00007fffc0c6c6a0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[ 1587.459724][    C1] RAX: ffffffffffffffda RBX: 00007f5ef98e4620 RCX: 00007f5ef8c7eb9c
[ 1587.467973][    C1] RDX: 000000000000003c RSI: 00007f5ef98e4670 RDI: 0000000000000003
[ 1587.476072][    C1] RBP: 0000000000000000 R08: 00007fffc0c6c6f4 R09: 000000000000000c
[ 1587.484090][    C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[ 1587.492162][    C1] R13: 0000000000000000 R14: 00007f5ef98e4670 R15: 0000000000000000
[ 1587.500269][    C1]  </TASK>
[ 1587.503339][    C1] DEBUG: waiting rtnl_mutex for 1408 jiffies.
[ 1587.509494][    C1] task:kworker/u8:6    state:D stack:24240 pid:21517 tgid:21517 ppid:2      flags:0x00004000
[ 1587.519785][    C1] Workqueue: ipv6_addrconf addrconf_dad_work
[ 1587.525894][    C1] Call Trace:
[ 1587.529218][    C1]  <TASK>
[ 1587.532271][    C1]  __schedule+0x17e8/0x4a20
[ 1587.536894][    C1]  ? __pfx___schedule+0x10/0x10
[ 1587.541806][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1587.546925][    C1]  ? __mutex_trylock_common+0x92/0x2e0
[ 1587.552445][    C1]  ? kthread_data+0x52/0xd0
[ 1587.557036][    C1]  ? schedule+0x90/0x320
[ 1587.561330][    C1]  ? wq_worker_sleeping+0x66/0x240
[ 1587.566530][    C1]  ? schedule+0x90/0x320
[ 1587.570826][    C1]  schedule+0x14b/0x320
[ 1587.575075][    C1]  schedule_preempt_disabled+0x13/0x30
[ 1587.580592][    C1]  __mutex_lock+0x6a4/0xd70
[ 1587.585203][    C1]  ? mark_lock+0x9a/0x360
[ 1587.589601][    C1]  ? __mutex_lock+0x527/0xd70
[ 1587.594363][    C1]  ? addrconf_dad_work+0xd0/0x16f0
[ 1587.599573][    C1]  ? __pfx___mutex_lock+0x10/0x10
[ 1587.604662][    C1]  ? rtnl_lock+0xe7/0x130
[ 1587.609066][    C1]  addrconf_dad_work+0xd0/0x16f0
[ 1587.614071][    C1]  ? __pfx_addrconf_dad_work+0x10/0x10
[ 1587.619616][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1587.626038][    C1]  ? process_scheduled_works+0x945/0x1830
[ 1587.631837][    C1]  process_scheduled_works+0xa2c/0x1830
[ 1587.637484][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1587.643521][    C1]  ? assign_work+0x364/0x3d0
[ 1587.648213][    C1]  worker_thread+0x86d/0xd50
[ 1587.652867][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1587.658884][    C1]  ? __kthread_parkme+0x169/0x1d0
[ 1587.663960][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1587.667403][T14724] bio_check_eod: 23473 callbacks suppressed
[ 1587.667423][T14724] syz-executor.2: attempt to access beyond end of device
[ 1587.667423][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1587.669118][    C1]  kthread+0x2f0/0x390
[ 1587.675077][T14724] syz-executor.2: attempt to access beyond end of device
[ 1587.675077][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1587.688640][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1587.688674][    C1]  ? __pfx_kthread+0x10/0x10
[ 1587.688709][    C1]  ret_from_fork+0x4b/0x80
[ 1587.688742][    C1]  ? __pfx_kthread+0x10/0x10
[ 1587.697806][T14724] syz-executor.2: attempt to access beyond end of device
[ 1587.697806][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1587.706599][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1587.706663][    C1]  </TASK>
[ 1587.711905][T14724] syz-executor.2: attempt to access beyond end of device
[ 1587.711905][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1587.716352][    C1] DEBUG: holding rtnl_mutex for 1444 jiffies.
[ 1587.716370][    C1] task:syz-executor.4  state:D stack:25072 pid:21900 tgid:21899 ppid:20592  flags:0x00004006
[ 1587.716418][    C1] Call Trace:
[ 1587.716430][    C1]  <TASK>
[ 1587.716447][    C1]  __schedule+0x17e8/0x4a20
[ 1587.723533][T14724] syz-executor.2: attempt to access beyond end of device
[ 1587.723533][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1587.725493][    C1]  ? __pfx___schedule+0x10/0x10
[ 1587.725537][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1587.725566][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1587.725610][    C1]  ? schedule+0x90/0x320
[ 1587.725637][    C1]  schedule+0x14b/0x320
[ 1587.725668][    C1]  synchronize_rcu_expedited+0x684/0x830
[ 1587.725706][    C1]  ? __pfx_synchronize_rcu_expedited+0x10/0x10
[ 1587.725757][    C1]  ? __pfx_wait_rcu_exp_gp+0x10/0x10
[ 1587.725791][    C1]  ? __pfx___might_resched+0x10/0x10
[ 1587.725817][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1587.725843][    C1]  ? __pfx_autoremove_wake_function+0x10/0x10
[ 1587.725871][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1587.725908][    C1]  synchronize_rcu+0x11b/0x360
[ 1587.725941][    C1]  ? __pfx_synchronize_rcu+0x10/0x10
[ 1587.725988][    C1]  lockdep_unregister_key+0x4b7/0x540
[ 1587.750357][T14724] syz-executor.2: attempt to access beyond end of device
[ 1587.750357][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1587.761241][    C1]  ? __pfx_lockdep_unregister_key+0x10/0x10
[ 1587.761283][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[ 1587.761327][    C1]  ? __qdisc_destroy+0x150/0x410
[ 1587.805315][T14724] syz-executor.2: attempt to access beyond end of device
[ 1587.805315][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1587.806955][    C1]  ? kfree+0x149/0x360
[ 1587.811987][T14724] syz-executor.2: attempt to access beyond end of device
[ 1587.811987][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1587.817852][    C1]  ? __pfx_pfifo_fast_destroy+0x10/0x10
[ 1587.817895][    C1]  __qdisc_destroy+0x165/0x410
[ 1587.817933][    C1]  dev_shutdown+0x9b/0x440
[ 1587.817973][    C1]  unregister_netdevice_many_notify+0x977/0x16b0
[ 1587.827604][T14724] syz-executor.2: attempt to access beyond end of device
[ 1587.827604][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1587.832083][    C1]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[ 1587.842007][T14724] syz-executor.2: attempt to access beyond end of device
[ 1587.842007][T14724] loop2: rw=0, sector=6491554, nr_sectors = 2 limit=0
[ 1587.843565][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1588.005610][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1588.012002][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[ 1588.017299][    C1]  unregister_netdevice_queue+0x303/0x370
[ 1588.023079][    C1]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[ 1588.029425][    C1]  __tun_detach+0x6b6/0x1600
[ 1588.034080][    C1]  tun_chr_close+0x108/0x1b0
[ 1588.038744][    C1]  ? __pfx_tun_chr_close+0x10/0x10
[ 1588.043908][    C1]  __fput+0x406/0x8b0
[ 1588.048012][    C1]  task_work_run+0x24f/0x310
[ 1588.052760][    C1]  ? __pfx_task_work_run+0x10/0x10
[ 1588.057972][    C1]  get_signal+0x15e6/0x1740
[ 1588.062539][    C1]  ? __pfx_get_signal+0x10/0x10
[ 1588.067478][    C1]  arch_do_signal_or_restart+0x96/0x830
[ 1588.073082][    C1]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1588.079312][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1588.085394][    C1]  ? syscall_exit_to_user_mode+0xa3/0x370
[ 1588.091172][    C1]  syscall_exit_to_user_mode+0xc9/0x370
[ 1588.096813][    C1]  do_syscall_64+0x100/0x230
[ 1588.101466][    C1]  ? clear_bhb_loop+0x35/0x90
[ 1588.106234][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1588.112168][    C1] RIP: 0033:0x7f5f72e7cea9
[ 1588.116652][    C1] RSP: 002b:00007f5f729ff0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1588.125130][    C1] RAX: 0000000000000000 RBX: 00007f5f72fb3f80 RCX: 00007f5f72e7cea9
[ 1588.133135][    C1] RDX: 0000000020000040 RSI: 00000000400454ca RDI: 0000000000000004
[ 1588.141184][    C1] RBP: 00007f5f72eebff4 R08: 0000000000000000 R09: 0000000000000000
[ 1588.149236][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1588.157280][    C1] R13: 000000000000000b R14: 00007f5f72fb3f80 R15: 00007ffd1212c608
[ 1588.165345][    C1]  </TASK>
[ 1588.168398][    C1] DEBUG: waiting rtnl_mutex for 1480 jiffies.
[ 1588.174502][    C1] task:kworker/u8:5    state:D stack:20184 pid:14249 tgid:14249 ppid:2      flags:0x00004000
[ 1588.184759][    C1] Workqueue: netns cleanup_net
[ 1588.189617][    C1] Call Trace:
[ 1588.192928][    C1]  <TASK>
[ 1588.195926][    C1]  __schedule+0x17e8/0x4a20
[ 1588.200505][    C1]  ? __pfx___schedule+0x10/0x10
[ 1588.205435][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1588.210522][    C1]  ? __mutex_trylock_common+0x92/0x2e0
[ 1588.216074][    C1]  ? kthread_data+0x52/0xd0
[ 1588.220627][    C1]  ? schedule+0x90/0x320
[ 1588.224943][    C1]  ? wq_worker_sleeping+0x66/0x240
[ 1588.230102][    C1]  ? schedule+0x90/0x320
[ 1588.234389][    C1]  schedule+0x14b/0x320
[ 1588.238631][    C1]  schedule_preempt_disabled+0x13/0x30
[ 1588.244146][    C1]  __mutex_lock+0x6a4/0xd70
[ 1588.248744][    C1]  ? __mutex_lock+0x527/0xd70
[ 1588.253479][    C1]  ? ieee80211_unregister_hw+0x55/0x2c0
[ 1588.259124][    C1]  ? __pfx___mutex_lock+0x10/0x10
[ 1588.264201][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1588.270183][    C1]  ? rcu_is_watching+0x15/0xb0
[ 1588.275028][    C1]  ? rtnl_lock+0xe7/0x130
[ 1588.279414][    C1]  ieee80211_unregister_hw+0x55/0x2c0
[ 1588.284891][    C1]  mac80211_hwsim_del_radio+0x2c2/0x4c0
[ 1588.290497][    C1]  ? __pfx_mac80211_hwsim_del_radio+0x10/0x10
[ 1588.296659][    C1]  hwsim_exit_net+0x5c1/0x670
[ 1588.301390][    C1]  ? __pfx_hwsim_exit_net+0x10/0x10
[ 1588.306689][    C1]  ? __ip_vs_dev_cleanup_batch+0x239/0x260
[ 1588.312561][    C1]  cleanup_net+0x802/0xcc0
[ 1588.317077][    C1]  ? __pfx_cleanup_net+0x10/0x10
[ 1588.322085][    C1]  ? process_scheduled_works+0x945/0x1830
[ 1588.327889][    C1]  process_scheduled_works+0xa2c/0x1830
[ 1588.333534][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1588.339606][    C1]  ? assign_work+0x364/0x3d0
[ 1588.344251][    C1]  worker_thread+0x86d/0xd50
[ 1588.348954][    C1]  ? __kthread_parkme+0x169/0x1d0
[ 1588.354045][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1588.359236][    C1]  kthread+0x2f0/0x390
[ 1588.363365][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1588.368559][    C1]  ? __pfx_kthread+0x10/0x10
[ 1588.373207][    C1]  ret_from_fork+0x4b/0x80
[ 1588.377795][    C1]  ? __pfx_kthread+0x10/0x10
[ 1588.382443][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1588.387321][    C1]  </TASK>
[ 1588.390370][    C1] DEBUG: waiting rtnl_mutex for 1428 jiffies.
[ 1588.396498][    C1] task:syz-executor.2  state:D stack:26112 pid:21923 tgid:21922 ppid:20046  flags:0x00000006
[ 1588.406758][    C1] Call Trace:
[ 1588.410065][    C1]  <TASK>
[ 1588.413027][    C1]  __schedule+0x17e8/0x4a20
[ 1588.417644][    C1]  ? __pfx___schedule+0x10/0x10
[ 1588.422548][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1588.427654][    C1]  ? __mutex_trylock_common+0x92/0x2e0
[ 1588.433169][    C1]  ? schedule+0x90/0x320
[ 1588.437493][    C1]  schedule+0x14b/0x320
[ 1588.441695][    C1]  schedule_preempt_disabled+0x13/0x30
[ 1588.447232][    C1]  __mutex_lock+0x6a4/0xd70
[ 1588.451810][    C1]  ? __mutex_lock+0x527/0xd70
[ 1588.456584][    C1]  ? nl80211_vendor_cmd_dump+0x8e/0x1600
[ 1588.462253][    C1]  ? __pfx___mutex_lock+0x10/0x10
[ 1588.467351][    C1]  ? rtnl_lock+0xe7/0x130
[ 1588.471733][    C1]  nl80211_vendor_cmd_dump+0x8e/0x1600
[ 1588.477356][    C1]  ? trace_kmalloc+0x1f/0xd0
[ 1588.481986][    C1]  ? kmalloc_node_track_caller_noprof+0x242/0x440
[ 1588.488476][    C1]  ? __build_skb_around+0x245/0x3d0
[ 1588.493734][    C1]  ? __pfx_nl80211_vendor_cmd_dump+0x10/0x10
[ 1588.499793][    C1]  ? __alloc_skb+0x28f/0x440
[ 1588.504426][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1588.510582][    C1]  ? __pfx___alloc_skb+0x10/0x10
[ 1588.515604][    C1]  genl_dumpit+0x107/0x1a0
[ 1588.520271][    C1]  netlink_dump+0x645/0xd80
[ 1588.524848][    C1]  ? __pfx_netlink_dump+0x10/0x10
[ 1588.529989][    C1]  ? __asan_memset+0x23/0x50
[ 1588.534642][    C1]  ? genl_start+0x4a8/0x6d0
[ 1588.539297][    C1]  __netlink_dump_start+0x59d/0x780
[ 1588.544586][    C1]  genl_rcv_msg+0x88c/0xec0
[ 1588.549169][    C1]  ? mark_lock+0x9a/0x360
[ 1588.553565][    C1]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1588.558688][    C1]  ? __pfx_genl_start+0x10/0x10
[ 1588.563582][    C1]  ? __pfx_genl_dumpit+0x10/0x10
[ 1588.568597][    C1]  ? __pfx_genl_done+0x10/0x10
[ 1588.573445][    C1]  ? __pfx_lock_acquire+0x10/0x10
[ 1588.578569][    C1]  ? __pfx_nl80211_vendor_cmd_dump+0x10/0x10
[ 1588.584633][    C1]  ? __pfx___might_resched+0x10/0x10
[ 1588.590023][    C1]  netlink_rcv_skb+0x1e3/0x430
[ 1588.594902][    C1]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1588.599965][    C1]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1588.605352][    C1]  ? __netlink_deliver_tap+0x77e/0x7c0
[ 1588.610894][    C1]  genl_rcv+0x28/0x40
[ 1588.615031][    C1]  netlink_unicast+0x7ea/0x980
[ 1588.619848][    C1]  ? __pfx_netlink_unicast+0x10/0x10
[ 1588.625275][    C1]  ? __virt_addr_valid+0x183/0x520
[ 1588.630454][    C1]  ? __check_object_size+0x49c/0x900
[ 1588.635826][    C1]  ? bpf_lsm_netlink_send+0x9/0x10
[ 1588.640986][    C1]  netlink_sendmsg+0x8db/0xcb0
[ 1588.645848][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1588.651184][    C1]  ? __import_iovec+0x536/0x820
[ 1588.656113][    C1]  ? aa_sock_msg_perm+0x91/0x160
[ 1588.661301][    C1]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 1588.666674][    C1]  ? security_socket_sendmsg+0x87/0xb0
[ 1588.672206][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1588.677574][    C1]  __sock_sendmsg+0x221/0x270
[ 1588.682308][    C1]  ____sys_sendmsg+0x525/0x7d0
[ 1588.687162][    C1]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1588.692512][    C1]  __sys_sendmsg+0x2b0/0x3a0
[ 1588.697186][    C1]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1588.702400][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1588.708822][    C1]  ? do_syscall_64+0x100/0x230
[ 1588.713633][    C1]  ? do_syscall_64+0xb6/0x230
[ 1588.718404][    C1]  do_syscall_64+0xf3/0x230
[ 1588.722958][    C1]  ? clear_bhb_loop+0x35/0x90
[ 1588.727809][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1588.733750][    C1] RIP: 0033:0x7f9a0a47cea9
[ 1588.738235][    C1] RSP: 002b:00007f9a0b2010c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1588.746722][    C1] RAX: ffffffffffffffda RBX: 00007f9a0a5b3f80 RCX: 00007f9a0a47cea9
[ 1588.754725][    C1] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000003
[ 1588.762762][    C1] RBP: 00007f9a0a4ebff4 R08: 0000000000000000 R09: 0000000000000000
[ 1588.770804][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1588.778848][    C1] R13: 000000000000000b R14: 00007f9a0a5b3f80 R15: 00007ffcc0b58848
[ 1588.786920][    C1]  </TASK>
[ 1588.789975][    C1] DEBUG: waiting rtnl_mutex for 1434 jiffies.
[ 1588.796108][    C1] task:kworker/1:2     state:D stack:19600 pid:785   tgid:785   ppid:2      flags:0x00004000
[ 1588.806366][    C1] Workqueue: events linkwatch_event
[ 1588.811627][    C1] Call Trace:
[ 1588.814970][    C1]  <TASK>
[ 1588.817939][    C1]  __schedule+0x17e8/0x4a20
[ 1588.822519][    C1]  ? __pfx___schedule+0x10/0x10
[ 1588.827462][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1588.833500][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1588.838618][    C1]  ? kick_pool+0x1bd/0x620
[ 1588.843092][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1588.848377][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[ 1588.853636][    C1]  ? schedule+0x90/0x320
[ 1588.857965][    C1]  schedule+0x14b/0x320
[ 1588.862170][    C1]  schedule_preempt_disabled+0x13/0x30
[ 1588.867709][    C1]  __mutex_lock+0x6a4/0xd70
[ 1588.872273][    C1]  ? __mutex_lock+0x527/0xd70
[ 1588.877041][    C1]  ? linkwatch_event+0xe/0x60
[ 1588.881765][    C1]  ? __pfx___mutex_lock+0x10/0x10
[ 1588.886878][    C1]  ? process_scheduled_works+0x945/0x1830
[ 1588.892641][    C1]  ? rtnl_lock+0xe7/0x130
[ 1588.897049][    C1]  ? process_scheduled_works+0x945/0x1830
[ 1588.902833][    C1]  linkwatch_event+0xe/0x60
[ 1588.907417][    C1]  process_scheduled_works+0xa2c/0x1830
[ 1588.913039][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1588.919113][    C1]  ? assign_work+0x364/0x3d0
[ 1588.923759][    C1]  worker_thread+0x86d/0xd50
[ 1588.928448][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1588.934402][    C1]  ? __kthread_parkme+0x169/0x1d0
[ 1588.939517][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1588.944680][    C1]  kthread+0x2f0/0x390
[ 1588.948840][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1588.954002][    C1]  ? __pfx_kthread+0x10/0x10
[ 1588.958683][    C1]  ret_from_fork+0x4b/0x80
[ 1588.963159][    C1]  ? __pfx_kthread+0x10/0x10
[ 1588.967847][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1588.972681][    C1]  </TASK>
[ 1588.975781][    C1] DEBUG: waiting rtnl_mutex for 1248 jiffies.
[ 1588.981873][    C1] task:syz-executor.4  state:D stack:17824 pid:13887 tgid:13886 ppid:11264  flags:0x00004002
[ 1588.992122][    C1] Call Trace:
[ 1588.995488][    C1]  <TASK>
[ 1588.998458][    C1]  __schedule+0x17e8/0x4a20
[ 1589.003042][    C1]  ? __pfx___schedule+0x10/0x10
[ 1589.007990][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1589.013063][    C1]  ? __mutex_trylock_common+0x92/0x2e0
[ 1589.018621][    C1]  ? schedule+0x90/0x320
[ 1589.022942][    C1]  schedule+0x14b/0x320
[ 1589.027185][    C1]  schedule_preempt_disabled+0x13/0x30
[ 1589.032688][    C1]  __mutex_lock+0x6a4/0xd70
[ 1589.037287][    C1]  ? __mutex_lock+0x527/0xd70
[ 1589.042026][    C1]  ? tun_chr_close+0x3e/0x1b0
[ 1589.046782][    C1]  ? __pfx___mutex_lock+0x10/0x10
[ 1589.051870][    C1]  ? rtnl_lock+0xe7/0x130
[ 1589.056267][    C1]  tun_chr_close+0x3e/0x1b0
[ 1589.060813][    C1]  ? __pfx_tun_chr_close+0x10/0x10
[ 1589.066001][    C1]  __fput+0x406/0x8b0
[ 1589.070042][    C1]  task_work_run+0x24f/0x310
[ 1589.074686][    C1]  ? __pfx_task_work_run+0x10/0x10
[ 1589.079898][    C1]  ? do_exit+0xa22/0x28e0
[ 1589.084277][    C1]  ? kmem_cache_free+0x145/0x350
[ 1589.089322][    C1]  do_exit+0xa27/0x28e0
[ 1589.093551][    C1]  ? __pfx_do_exit+0x10/0x10
[ 1589.098241][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1589.104271][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1589.110689][    C1]  ? cgroup_freezing+0x2a8/0x350
[ 1589.115734][    C1]  do_group_exit+0x207/0x2c0
[ 1589.120381][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1589.125655][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[ 1589.130909][    C1]  get_signal+0x16a1/0x1740
[ 1589.135502][    C1]  ? kasan_quarantine_put+0xdc/0x230
[ 1589.140870][    C1]  ? __pfx_get_signal+0x10/0x10
[ 1589.145784][    C1]  ? do_sys_openat2+0x17a/0x1d0
[ 1589.150676][    C1]  ? __might_fault+0xaa/0x120
[ 1589.155445][    C1]  arch_do_signal_or_restart+0x96/0x830
[ 1589.161043][    C1]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1589.167316][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1589.173391][    C1]  ? syscall_exit_to_user_mode+0xa3/0x370
[ 1589.179228][    C1]  syscall_exit_to_user_mode+0xc9/0x370
[ 1589.184833][    C1]  do_syscall_64+0x100/0x230
[ 1589.189593][    C1]  ? clear_bhb_loop+0x35/0x90
[ 1589.194323][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1589.200386][    C1] RIP: 0033:0x7ff03de7cea9
[ 1589.204887][    C1] RSP: 002b:00007ff03eb390c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1589.213347][    C1] RAX: ffffffffffffffe4 RBX: 00007ff03dfb3f80 RCX: 00007ff03de7cea9
[ 1589.221399][    C1] RDX: 000000000000275a RSI: 0000000020000040 RDI: ffffffffffffff9c
[ 1589.229443][    C1] RBP: 00007ff03deebff4 R08: 0000000000000000 R09: 0000000000000000
[ 1589.237497][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1589.245539][    C1] R13: 000000000000000b R14: 00007ff03dfb3f80 R15: 00007ffecc856a38
[ 1589.253569][    C1]  </TASK>
[ 1589.256661][    C1] DEBUG: waiting rtnl_mutex for 1240 jiffies.
[ 1589.262750][    C1] task:kworker/1:7     state:D stack:21392 pid:6740  tgid:6740  ppid:2      flags:0x00004000
[ 1589.272993][    C1] Workqueue: events switchdev_deferred_process_work
[ 1589.279670][    C1] Call Trace:
[ 1589.282980][    C1]  <TASK>
[ 1589.285980][    C1]  __schedule+0x17e8/0x4a20
[ 1589.290567][    C1]  ? __pfx___schedule+0x10/0x10
[ 1589.295499][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1589.301530][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1589.306645][    C1]  ? kick_pool+0x45c/0x620
[ 1589.311110][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1589.316378][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[ 1589.321625][    C1]  ? schedule+0x90/0x320
[ 1589.325949][    C1]  schedule+0x14b/0x320
[ 1589.330162][    C1]  schedule_preempt_disabled+0x13/0x30
[ 1589.335696][    C1]  __mutex_lock+0x6a4/0xd70
[ 1589.340253][    C1]  ? __mutex_lock+0x527/0xd70
[ 1589.345023][    C1]  ? switchdev_deferred_process_work+0xe/0x20
[ 1589.351133][    C1]  ? __pfx___mutex_lock+0x10/0x10
[ 1589.356251][    C1]  ? process_scheduled_works+0x945/0x1830
[ 1589.362017][    C1]  ? rtnl_lock+0xe7/0x130
[ 1589.366423][    C1]  ? process_scheduled_works+0x945/0x1830
[ 1589.372186][    C1]  switchdev_deferred_process_work+0xe/0x20
[ 1589.378247][    C1]  process_scheduled_works+0xa2c/0x1830
[ 1589.383878][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1589.389963][    C1]  ? assign_work+0x364/0x3d0
[ 1589.394621][    C1]  worker_thread+0x86d/0xd50
[ 1589.399298][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1589.405276][    C1]  ? __kthread_parkme+0x169/0x1d0
[ 1589.410361][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1589.415589][    C1]  kthread+0x2f0/0x390
[ 1589.419712][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1589.424909][    C1]  ? __pfx_kthread+0x10/0x10
[ 1589.429546][    C1]  ret_from_fork+0x4b/0x80
[ 1589.434017][    C1]  ? __pfx_kthread+0x10/0x10
[ 1589.438701][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1589.443524][    C1]  </TASK>
[ 1589.446602][    C1] 
[ 1589.446602][    C1] Showing all locks held in the system:
[ 1589.454359][    C1] 3 locks held by ksoftirqd/1/24:
[ 1589.459445][    C1]  #0: ffffc900001e7a40 (net/core/rtnetlink.c:82){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650
[ 1589.469653][    C1]  #1: ffffffff8e3354a0 (rcu_read_lock){....}-{1:2}, at: report_rtnl_holders+0x20/0x2d0
[ 1589.479540][    C1]  #2: ffffffff8e3354a0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0
[ 1589.489515][    C1] 3 locks held by kworker/1:2/785:
[ 1589.494666][    C1]  #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 1589.505763][    C1]  #1: ffffc900036b7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 1589.516861][    C1]  #2: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60
[ 1589.525985][    C1] 2 locks held by getty/4846:
[ 1589.530698][    C1]  #0: ffff88802b0410a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1589.540584][    C1]  #1: ffffc90002f0e2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10
[ 1589.550844][    C1] 3 locks held by kworker/1:7/6740:
[ 1589.556109][    C1]  #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 1589.567191][    C1]  #1: ffffc900036d7d00 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 1589.578291][    C1]  #2: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xe/0x20
[ 1589.588965][    C1] 1 lock held by syz-executor.4/13887:
[ 1589.594465][    C1]  #0: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0
[ 1589.603573][    C1] 4 locks held by kworker/u8:5/14249:
[ 1589.609019][    C1]  #0: ffff888015ed5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 1589.620038][    C1]  #1: ffffc90009567d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 1589.630726][    C1]  #2: ffffffff8f5e2c90 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0
[ 1589.640339][    C1]  #3: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: ieee80211_unregister_hw+0x55/0x2c0
[ 1589.650324][    C1] 2 locks held by syz-executor.2/14724:
[ 1589.655949][    C1] 3 locks held by kworker/u8:6/21517:
[ 1589.661347][    C1]  #0: ffff88802ab50148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 1589.673142][    C1]  #1: ffffc90009487d00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 1589.686108][    C1]  #2: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xd0/0x16f0
[ 1589.695644][    C1] 1 lock held by syz-executor.1/21679:
[ 1589.701130][    C1]  #0: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x839/0x1170
[ 1589.710754][    C1] 1 lock held by syz-executor.0/21863:
[ 1589.716361][    C1]  #0: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x839/0x1170
[ 1589.725968][    C1] 2 locks held by syz-executor.4/21900:
[ 1589.731539][    C1]  #0: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0
[ 1589.740713][    C1]  #1: ffffffff8e33a878 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830
[ 1589.751765][    C1] 3 locks held by syz-executor.2/21923:
[ 1589.757382][    C1]  #0: ffffffff8f655cd0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40
[ 1589.765707][    C1]  #1: ffff88801c68a678 (nlk_cb_mutex-GENERIC){+.+.}-{3:3}, at: __netlink_dump_start+0x119/0x780
[ 1589.776359][    C1]  #2: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: nl80211_vendor_cmd_dump+0x8e/0x1600
[ 1589.786425][    C1] 2 locks held by syz-executor.3/21951:
[ 1589.792087][    C1]  #0: ffffffff8ee49ba8 (ppp_mutex){+.+.}-{3:3}, at: ppp_ioctl+0x112/0x1cd0
[ 1589.800927][    C1]  #1: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: ppp_ioctl+0x78b/0x1cd0
[ 1589.809864][    C1] 1 lock held by syz-executor.3/21952:
[ 1589.815476][    C1]  #0: ffffffff8ee49ba8 (ppp_mutex){+.+.}-{3:3}, at: ppp_ioctl+0x112/0x1cd0
[ 1589.824287][    C1] 
[ 1589.826673][    C1] =============================================
[ 1589.826673][    C1] 
[ 1590.744500][T14724] ==================================================================
[ 1590.752665][T14724] BUG: KASAN: use-after-free in sysv_new_inode+0xfd3/0x1170
[ 1590.760007][T14724] Read of size 2 at addr ffff888050a1a1ce by task syz-executor.2/14724
[ 1590.768266][T14724] 
[ 1590.770592][T14724] CPU: 1 PID: 14724 Comm: syz-executor.2 Not tainted 6.10.0-rc3-next-20240611-syzkaller #0
[ 1590.780652][T14724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 1590.790705][T14724] Call Trace:
[ 1590.793984][T14724]  <TASK>
[ 1590.796921][T14724]  dump_stack_lvl+0x241/0x360
[ 1590.801603][T14724]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1590.806809][T14724]  ? __pfx__printk+0x10/0x10
[ 1590.811443][T14724]  ? _printk+0xd5/0x120
[ 1590.815644][T14724]  ? __virt_addr_valid+0x183/0x520
[ 1590.820778][T14724]  ? __virt_addr_valid+0x183/0x520
[ 1590.825922][T14724]  print_report+0x169/0x550
[ 1590.830461][T14724]  ? __virt_addr_valid+0x183/0x520
[ 1590.835588][T14724]  ? __virt_addr_valid+0x183/0x520
[ 1590.840727][T14724]  ? __virt_addr_valid+0x44e/0x520
[ 1590.845852][T14724]  ? __phys_addr+0xba/0x170
[ 1590.850369][T14724]  ? sysv_new_inode+0xfd3/0x1170
[ 1590.855333][T14724]  kasan_report+0x143/0x180
[ 1590.859847][T14724]  ? sysv_new_inode+0xfd3/0x1170
[ 1590.864795][T14724]  sysv_new_inode+0xfd3/0x1170
[ 1590.869579][T14724]  ? __pfx_sysv_new_inode+0x10/0x10
[ 1590.874798][T14724]  ? _raw_spin_unlock+0x28/0x50
[ 1590.879658][T14724]  ? __d_add+0x500/0x800
[ 1590.883908][T14724]  sysv_mknod+0x4e/0xe0
[ 1590.888087][T14724]  ? __pfx_sysv_create+0x10/0x10
[ 1590.893027][T14724]  path_openat+0x1425/0x3280
[ 1590.897647][T14724]  ? __pfx_path_openat+0x10/0x10
[ 1590.902610][T14724]  do_filp_open+0x235/0x490
[ 1590.907128][T14724]  ? __pfx_do_filp_open+0x10/0x10
[ 1590.912189][T14724]  ? _raw_spin_unlock+0x28/0x50
[ 1590.917079][T14724]  ? alloc_fd+0x5a1/0x640
[ 1590.921420][T14724]  do_sys_openat2+0x13e/0x1d0
[ 1590.926112][T14724]  ? __might_fault+0xaa/0x120
[ 1590.930800][T14724]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1590.936011][T14724]  ? rcu_is_watching+0x15/0xb0
[ 1590.940786][T14724]  ? __rseq_handle_notify_resume+0x353/0x14e0
[ 1590.946894][T14724]  __x64_sys_openat+0x247/0x2a0
[ 1590.951778][T14724]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1590.957161][T14724]  ? do_syscall_64+0x100/0x230
[ 1590.961929][T14724]  ? do_syscall_64+0xb6/0x230
[ 1590.966618][T14724]  do_syscall_64+0xf3/0x230
[ 1590.971129][T14724]  ? clear_bhb_loop+0x35/0x90
[ 1590.975819][T14724]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1590.981723][T14724] RIP: 0033:0x7f39c0c7cea9
[ 1590.986146][T14724] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 1591.005754][T14724] RSP: 002b:00007f39c1adf0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1591.014180][T14724] RAX: ffffffffffffffda RBX: 00007f39c0db3f80 RCX: 00007f39c0c7cea9
[ 1591.022167][T14724] RDX: 000000000000275a RSI: 0000000020000040 RDI: ffffffffffffff9c
[ 1591.030139][T14724] RBP: 00007f39c0cebff4 R08: 0000000000000000 R09: 0000000000000000
[ 1591.038113][T14724] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1591.046081][T14724] R13: 000000000000004d R14: 00007f39c0db3f80 R15: 00007ffdabb85588
[ 1591.054056][T14724]  </TASK>
[ 1591.057070][T14724] 
[ 1591.059387][T14724] The buggy address belongs to the physical page:
[ 1591.065804][T14724] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x69873 pfn:0x50a1a
[ 1591.074918][T14724] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 1591.082049][T14724] page_type: 0xbfffffff(buddy)
[ 1591.086817][T14724] raw: 00fff00000000000 ffffea000100cf88 ffffea00020bbc48 0000000000000000
[ 1591.095404][T14724] raw: 0000000000069873 0000000000000000 00000000bfffffff 0000000000000000
[ 1591.103981][T14724] page dumped because: kasan: bad access detected
[ 1591.110487][T14724] page_owner tracks the page as freed
[ 1591.115853][T14724] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 14724, tgid 14723 (syz-executor.2), ts 1466832828846, free_ts 1581599991773
[ 1591.134269][T14724]  post_alloc_hook+0x1f3/0x230
[ 1591.139050][T14724]  get_page_from_freelist+0x2cbd/0x2d70
[ 1591.144622][T14724]  __alloc_pages_noprof+0x256/0x6c0
[ 1591.149843][T14724]  alloc_pages_mpol_noprof+0x3e8/0x680
[ 1591.155306][T14724]  folio_alloc_noprof+0x128/0x180
[ 1591.160348][T14724]  filemap_alloc_folio_noprof+0xdf/0x500
[ 1591.165985][T14724]  do_read_cache_folio+0xed/0x820
[ 1591.171031][T14724]  do_read_cache_page+0x30/0x200
[ 1591.175990][T14724]  sysv_find_entry+0x1af/0x410
[ 1591.180758][T14724]  sysv_inode_by_name+0x98/0x1f0
[ 1591.185704][T14724]  sysv_lookup+0x6b/0xe0
[ 1591.189955][T14724]  path_openat+0x1033/0x3280
[ 1591.194551][T14724]  do_filp_open+0x235/0x490
[ 1591.199062][T14724]  do_sys_openat2+0x13e/0x1d0
[ 1591.203745][T14724]  __x64_sys_openat+0x247/0x2a0
[ 1591.208601][T14724]  do_syscall_64+0xf3/0x230
[ 1591.213105][T14724] page last free pid 14724 tgid 14723 stack trace:
[ 1591.219601][T14724]  free_unref_folios+0x103a/0x1b00
[ 1591.224898][T14724]  shrink_folio_list+0x3276/0x8ce0
[ 1591.230033][T14724]  evict_folios+0xb2b/0x2700
[ 1591.234710][T14724]  try_to_shrink_lruvec+0x9ab/0xbb0
[ 1591.239912][T14724]  shrink_lruvec+0x551/0x3070
[ 1591.244593][T14724]  shrink_node+0xb1f/0x4160
[ 1591.249100][T14724]  do_try_to_free_pages+0x78c/0x1cf0
[ 1591.254393][T14724]  try_to_free_mem_cgroup_pages+0x48f/0xb10
[ 1591.260280][T14724]  try_charge_memcg+0x704/0x1850
[ 1591.265220][T14724]  obj_cgroup_charge+0x38a/0x630
[ 1591.270163][T14724]  __memcg_slab_post_alloc_hook+0x1b1/0x7e0
[ 1591.276059][T14724]  kmem_cache_alloc_noprof+0x1de/0x2a0
[ 1591.281523][T14724]  alloc_buffer_head+0x2a/0x290
[ 1591.286376][T14724]  folio_alloc_buffers+0x241/0x5b0
[ 1591.291504][T14724]  create_empty_buffers+0x3a/0x740
[ 1591.296624][T14724]  block_read_full_folio+0x25c/0xcd0
[ 1591.301905][T14724] 
[ 1591.304221][T14724] Memory state around the buggy address:
[ 1591.309840][T14724]  ffff888050a1a080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 1591.317895][T14724]  ffff888050a1a100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 1591.325961][T14724] >ffff888050a1a180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 1591.334016][T14724]                                               ^
[ 1591.340424][T14724]  ffff888050a1a200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 1591.348490][T14724]  ffff888050a1a280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 1591.356545][T14724] ==================================================================
[ 1591.365200][    C1] DEBUG: waiting rtnl_mutex for 1791 jiffies.
[ 1591.371304][    C1] task:syz-executor.1  state:D stack:19728 pid:21679 tgid:21679 ppid:21668  flags:0x00000002
[ 1591.381646][    C1] Call Trace:
[ 1591.384994][    C1]  <TASK>
[ 1591.387952][    C1]  __schedule+0x17e8/0x4a20
[ 1591.392523][    C1]  ? __pfx___schedule+0x10/0x10
[ 1591.397465][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1591.402513][    C1]  ? __mutex_trylock_common+0x92/0x2e0
[ 1591.408049][    C1]  ? schedule+0x90/0x320
[ 1591.412329][    C1]  schedule+0x14b/0x320
[ 1591.416646][    C1]  schedule_preempt_disabled+0x13/0x30
[ 1591.422154][    C1]  __mutex_lock+0x6a4/0xd70
[ 1591.426713][    C1]  ? __mutex_lock+0x527/0xd70
[ 1591.431418][    C1]  ? rtnetlink_rcv_msg+0x839/0x1170
[ 1591.436673][    C1]  ? __pfx___mutex_lock+0x10/0x10
[ 1591.441737][    C1]  ? rtnl_lock+0xe7/0x130
[ 1591.446114][    C1]  rtnetlink_rcv_msg+0x839/0x1170
[ 1591.451172][    C1]  ? rtnetlink_rcv_msg+0x208/0x1170
[ 1591.456409][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1591.461890][    C1]  ? is_bpf_text_address+0x285/0x2a0
[ 1591.467215][    C1]  ? __pfx_validate_chain+0x10/0x10
[ 1591.472494][    C1]  ? __pfx_validate_chain+0x10/0x10
[ 1591.477728][    C1]  ? arch_stack_walk+0x16d/0x1b0
[ 1591.482787][    C1]  ? mark_lock+0x9a/0x360
[ 1591.487190][    C1]  ? __pfx_validate_chain+0x10/0x10
[ 1591.492447][    C1]  ? __lock_acquire+0x1359/0x2000
[ 1591.497537][    C1]  ? mark_lock+0x9a/0x360
[ 1591.501893][    C1]  ? __lock_acquire+0x1359/0x2000
[ 1591.506967][    C1]  netlink_rcv_skb+0x1e3/0x430
[ 1591.511752][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1591.517257][    C1]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1591.522593][    C1]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1591.527843][    C1]  netlink_unicast+0x7ea/0x980
[ 1591.532650][    C1]  ? __pfx_netlink_unicast+0x10/0x10
[ 1591.537974][    C1]  ? __virt_addr_valid+0x183/0x520
[ 1591.543119][    C1]  ? __check_object_size+0x49c/0x900
[ 1591.548444][    C1]  ? bpf_lsm_netlink_send+0x9/0x10
[ 1591.553606][    C1]  netlink_sendmsg+0x8db/0xcb0
[ 1591.558426][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1591.563752][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1591.569791][    C1]  ? aa_sock_msg_perm+0x91/0x160
[ 1591.574758][    C1]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 1591.580108][    C1]  ? security_socket_sendmsg+0x87/0xb0
[ 1591.585630][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1591.590941][    C1]  __sock_sendmsg+0x221/0x270
[ 1591.595666][    C1]  __sys_sendto+0x3a4/0x4f0
[ 1591.600228][    C1]  ? __pfx___sys_sendto+0x10/0x10
[ 1591.605438][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1591.611450][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1591.617831][    C1]  __x64_sys_sendto+0xde/0x100
[ 1591.622643][    C1]  do_syscall_64+0xf3/0x230
[ 1591.627210][    C1]  ? clear_bhb_loop+0x35/0x90
[ 1591.631939][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1591.637944][    C1] RIP: 0033:0x7fdddf07eb9c
[ 1591.642398][    C1] RSP: 002b:00007ffd4eba4590 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[ 1591.650845][    C1] RAX: ffffffffffffffda RBX: 00007fdddfce4620 RCX: 00007fdddf07eb9c
[ 1591.658858][    C1] RDX: 0000000000000028 RSI: 00007fdddfce4670 RDI: 0000000000000003
[ 1591.666882][    C1] RBP: 0000000000000000 R08: 00007ffd4eba45e4 R09: 000000000000000c
[ 1591.674908][    C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[ 1591.682911][    C1] R13: 0000000000000000 R14: 00007fdddfce4670 R15: 0000000000000000
[ 1591.691039][    C1]  </TASK>
[ 1591.694082][    C1] DEBUG: waiting rtnl_mutex for 1824 jiffies.
[ 1591.700193][    C1] task:syz-executor.0  state:D stack:21024 pid:21863 tgid:21863 ppid:21860  flags:0x00000002
[ 1591.710420][    C1] Call Trace:
[ 1591.713721][    C1]  <TASK>
[ 1591.716701][    C1]  __schedule+0x17e8/0x4a20
[ 1591.721260][    C1]  ? __pfx___schedule+0x10/0x10
[ 1591.726186][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1591.731349][    C1]  ? __mutex_trylock_common+0x92/0x2e0
[ 1591.736886][    C1]  ? schedule+0x90/0x320
[ 1591.741164][    C1]  schedule+0x14b/0x320
[ 1591.745379][    C1]  schedule_preempt_disabled+0x13/0x30
[ 1591.750891][    C1]  __mutex_lock+0x6a4/0xd70
[ 1591.755437][    C1]  ? __mutex_lock+0x527/0xd70
[ 1591.760150][    C1]  ? rtnetlink_rcv_msg+0x839/0x1170
[ 1591.765424][    C1]  ? __pfx___mutex_lock+0x10/0x10
[ 1591.770497][    C1]  ? rtnl_lock+0xe7/0x130
[ 1591.774828][    C1]  rtnetlink_rcv_msg+0x839/0x1170
[ 1591.779921][    C1]  ? rtnetlink_rcv_msg+0x208/0x1170
[ 1591.785185][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1591.790704][    C1]  ? is_bpf_text_address+0x285/0x2a0
[ 1591.796037][    C1]  ? __pfx_validate_chain+0x10/0x10
[ 1591.801275][    C1]  ? __pfx_validate_chain+0x10/0x10
[ 1591.806539][    C1]  ? arch_stack_walk+0x16d/0x1b0
[ 1591.811503][    C1]  ? mark_lock+0x9a/0x360
[ 1591.815880][    C1]  ? __pfx_validate_chain+0x10/0x10
[ 1591.821226][    C1]  ? __lock_acquire+0x1359/0x2000
[ 1591.826322][    C1]  ? mark_lock+0x9a/0x360
[ 1591.830678][    C1]  ? __lock_acquire+0x1359/0x2000
[ 1591.835757][    C1]  netlink_rcv_skb+0x1e3/0x430
[ 1591.840569][    C1]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1591.846090][    C1]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1591.851429][    C1]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1591.856684][    C1]  netlink_unicast+0x7ea/0x980
[ 1591.861477][    C1]  ? __pfx_netlink_unicast+0x10/0x10
[ 1591.866798][    C1]  ? __virt_addr_valid+0x183/0x520
[ 1591.871950][    C1]  ? __check_object_size+0x49c/0x900
[ 1591.877295][    C1]  ? bpf_lsm_netlink_send+0x9/0x10
[ 1591.882435][    C1]  netlink_sendmsg+0x8db/0xcb0
[ 1591.887255][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1591.892589][    C1]  ? aa_sock_msg_perm+0x91/0x160
[ 1591.897587][    C1]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 1591.902904][    C1]  ? security_socket_sendmsg+0x87/0xb0
[ 1591.908425][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1591.913721][    C1]  __sock_sendmsg+0x221/0x270
[ 1591.918446][    C1]  __sys_sendto+0x3a4/0x4f0
[ 1591.922992][    C1]  ? __pfx___sys_sendto+0x10/0x10
[ 1591.928097][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1591.934197][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1591.940574][    C1]  __x64_sys_sendto+0xde/0x100
[ 1591.945394][    C1]  do_syscall_64+0xf3/0x230
[ 1591.949913][    C1]  ? clear_bhb_loop+0x35/0x90
[ 1591.954618][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1591.960561][    C1] RIP: 0033:0x7f5ef8c7eb9c
[ 1591.965023][    C1] RSP: 002b:00007fffc0c6c6a0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[ 1591.973457][    C1] RAX: ffffffffffffffda RBX: 00007f5ef98e4620 RCX: 00007f5ef8c7eb9c
[ 1591.981459][    C1] RDX: 000000000000003c RSI: 00007f5ef98e4670 RDI: 0000000000000003
[ 1591.989462][    C1] RBP: 0000000000000000 R08: 00007fffc0c6c6f4 R09: 000000000000000c
[ 1591.997472][    C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[ 1592.005496][    C1] R13: 0000000000000000 R14: 00007f5ef98e4670 R15: 0000000000000000
[ 1592.013521][    C1]  </TASK>
[ 1592.016574][    C1] DEBUG: waiting rtnl_mutex for 1860 jiffies.
[ 1592.022738][    C1] task:kworker/u8:6    state:D stack:24240 pid:21517 tgid:21517 ppid:2      flags:0x00004000
[ 1592.032956][    C1] Workqueue: ipv6_addrconf addrconf_dad_work
[ 1592.039009][    C1] Call Trace:
[ 1592.042312][    C1]  <TASK>
[ 1592.045296][    C1]  __schedule+0x17e8/0x4a20
[ 1592.049848][    C1]  ? __pfx___schedule+0x10/0x10
[ 1592.054727][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1592.059814][    C1]  ? __mutex_trylock_common+0x92/0x2e0
[ 1592.065342][    C1]  ? kthread_data+0x52/0xd0
[ 1592.069874][    C1]  ? schedule+0x90/0x320
[ 1592.074141][    C1]  ? wq_worker_sleeping+0x66/0x240
[ 1592.079271][    C1]  ? schedule+0x90/0x320
[ 1592.083599][    C1]  schedule+0x14b/0x320
[ 1592.087918][    C1]  schedule_preempt_disabled+0x13/0x30
[ 1592.093408][    C1]  __mutex_lock+0x6a4/0xd70
[ 1592.097975][    C1]  ? mark_lock+0x9a/0x360
[ 1592.102328][    C1]  ? __mutex_lock+0x527/0xd70
[ 1592.107042][    C1]  ? addrconf_dad_work+0xd0/0x16f0
[ 1592.112192][    C1]  ? __pfx___mutex_lock+0x10/0x10
[ 1592.117286][    C1]  ? rtnl_lock+0xe7/0x130
[ 1592.121635][    C1]  addrconf_dad_work+0xd0/0x16f0
[ 1592.126622][    C1]  ? __pfx_addrconf_dad_work+0x10/0x10
[ 1592.132120][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1592.138499][    C1]  ? process_scheduled_works+0x945/0x1830
[ 1592.144256][    C1]  process_scheduled_works+0xa2c/0x1830
[ 1592.149894][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1592.155940][    C1]  ? assign_work+0x364/0x3d0
[ 1592.160552][    C1]  worker_thread+0x86d/0xd50
[ 1592.165194][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1592.171130][    C1]  ? __kthread_parkme+0x169/0x1d0
[ 1592.176247][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1592.181392][    C1]  kthread+0x2f0/0x390
[ 1592.185519][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1592.190654][    C1]  ? __pfx_kthread+0x10/0x10
[ 1592.195289][    C1]  ret_from_fork+0x4b/0x80
[ 1592.199747][    C1]  ? __pfx_kthread+0x10/0x10
[ 1592.204375][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1592.209273][    C1]  </TASK>
[ 1592.212320][    C1] DEBUG: holding rtnl_mutex for 1893 jiffies.
[ 1592.218428][    C1] task:syz-executor.4  state:D stack:25072 pid:21900 tgid:21899 ppid:20592  flags:0x00004006
[ 1592.228657][    C1] Call Trace:
[ 1592.231947][    C1]  <TASK>
[ 1592.234963][    C1]  __schedule+0x17e8/0x4a20
[ 1592.239515][    C1]  ? __pfx___schedule+0x10/0x10
[ 1592.244406][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1592.249501][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1592.255465][    C1]  ? schedule+0x90/0x320
[ 1592.259757][    C1]  schedule+0x14b/0x320
[ 1592.264004][    C1]  synchronize_rcu_expedited+0x684/0x830
[ 1592.269703][    C1]  ? __pfx_synchronize_rcu_expedited+0x10/0x10
[ 1592.275929][    C1]  ? __pfx_wait_rcu_exp_gp+0x10/0x10
[ 1592.281242][    C1]  ? __pfx___might_resched+0x10/0x10
[ 1592.286562][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1592.292564][    C1]  ? __pfx_autoremove_wake_function+0x10/0x10
[ 1592.298673][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1592.305079][    C1]  synchronize_rcu+0x11b/0x360
[ 1592.309877][    C1]  ? __pfx_synchronize_rcu+0x10/0x10
[ 1592.315231][    C1]  lockdep_unregister_key+0x4b7/0x540
[ 1592.320636][    C1]  ? __pfx_lockdep_unregister_key+0x10/0x10
[ 1592.326572][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[ 1592.331801][    C1]  ? __qdisc_destroy+0x150/0x410
[ 1592.336796][    C1]  ? kfree+0x149/0x360
[ 1592.340882][    C1]  ? __pfx_pfifo_fast_destroy+0x10/0x10
[ 1592.346480][    C1]  __qdisc_destroy+0x165/0x410
[ 1592.351306][    C1]  dev_shutdown+0x9b/0x440
[ 1592.355775][    C1]  unregister_netdevice_many_notify+0x977/0x16b0
[ 1592.362134][    C1]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[ 1592.368968][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1592.375002][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1592.381362][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[ 1592.386618][    C1]  unregister_netdevice_queue+0x303/0x370
[ 1592.392378][    C1]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[ 1592.398655][    C1]  __tun_detach+0x6b6/0x1600
[ 1592.403287][    C1]  tun_chr_close+0x108/0x1b0
[ 1592.407932][    C1]  ? __pfx_tun_chr_close+0x10/0x10
[ 1592.413064][    C1]  __fput+0x406/0x8b0
[ 1592.417105][    C1]  task_work_run+0x24f/0x310
[ 1592.421736][    C1]  ? __pfx_task_work_run+0x10/0x10
[ 1592.426909][    C1]  get_signal+0x15e6/0x1740
[ 1592.431460][    C1]  ? __pfx_get_signal+0x10/0x10
[ 1592.436347][    C1]  arch_do_signal_or_restart+0x96/0x830
[ 1592.441928][    C1]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1592.448159][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1592.454182][    C1]  ? syscall_exit_to_user_mode+0xa3/0x370
[ 1592.459973][    C1]  syscall_exit_to_user_mode+0xc9/0x370
[ 1592.465589][    C1]  do_syscall_64+0x100/0x230
[ 1592.470214][    C1]  ? clear_bhb_loop+0x35/0x90
[ 1592.474943][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1592.480867][    C1] RIP: 0033:0x7f5f72e7cea9
[ 1592.485353][    C1] RSP: 002b:00007f5f729ff0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1592.493795][    C1] RAX: 0000000000000000 RBX: 00007f5f72fb3f80 RCX: 00007f5f72e7cea9
[ 1592.501832][    C1] RDX: 0000000020000040 RSI: 00000000400454ca RDI: 0000000000000004
[ 1592.509933][    C1] RBP: 00007f5f72eebff4 R08: 0000000000000000 R09: 0000000000000000
[ 1592.517944][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1592.525981][    C1] R13: 000000000000000b R14: 00007f5f72fb3f80 R15: 00007ffd1212c608
[ 1592.533987][    C1]  </TASK>
[ 1592.537152][    C1] DEBUG: waiting rtnl_mutex for 1917 jiffies.
[ 1592.543234][    C1] task:kworker/u8:5    state:D stack:20184 pid:14249 tgid:14249 ppid:2      flags:0x00004000
[ 1592.553553][    C1] Workqueue: netns cleanup_net
[ 1592.558357][    C1] Call Trace:
[ 1592.561653][    C1]  <TASK>
[ 1592.564600][    C1]  __schedule+0x17e8/0x4a20
[ 1592.569152][    C1]  ? __pfx___schedule+0x10/0x10
[ 1592.574010][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1592.579072][    C1]  ? __mutex_trylock_common+0x92/0x2e0
[ 1592.584561][    C1]  ? kthread_data+0x52/0xd0
[ 1592.589098][    C1]  ? schedule+0x90/0x320
[ 1592.593362][    C1]  ? wq_worker_sleeping+0x66/0x240
[ 1592.598501][    C1]  ? schedule+0x90/0x320
[ 1592.602770][    C1]  schedule+0x14b/0x320
[ 1592.606985][    C1]  schedule_preempt_disabled+0x13/0x30
[ 1592.612636][    C1]  __mutex_lock+0x6a4/0xd70
[ 1592.617189][    C1]  ? __mutex_lock+0x527/0xd70
[ 1592.621899][    C1]  ? ieee80211_unregister_hw+0x55/0x2c0
[ 1592.627485][    C1]  ? __pfx___mutex_lock+0x10/0x10
[ 1592.632535][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1592.638460][    C1]  ? rcu_is_watching+0x15/0xb0
[ 1592.643257][    C1]  ? rtnl_lock+0xe7/0x130
[ 1592.647631][    C1]  ieee80211_unregister_hw+0x55/0x2c0
[ 1592.653041][    C1]  mac80211_hwsim_del_radio+0x2c2/0x4c0
[ 1592.658650][    C1]  ? __pfx_mac80211_hwsim_del_radio+0x10/0x10
[ 1592.664761][    C1]  hwsim_exit_net+0x5c1/0x670
[ 1592.669462][    C1]  ? __pfx_hwsim_exit_net+0x10/0x10
[ 1592.674700][    C1]  ? __ip_vs_dev_cleanup_batch+0x239/0x260
[ 1592.680528][    C1]  cleanup_net+0x802/0xcc0
[ 1592.685064][    C1]  ? __pfx_cleanup_net+0x10/0x10
[ 1592.690048][    C1]  ? process_scheduled_works+0x945/0x1830
[ 1592.695839][    C1]  process_scheduled_works+0xa2c/0x1830
[ 1592.701446][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1592.707498][    C1]  ? assign_work+0x364/0x3d0
[ 1592.712138][    C1]  worker_thread+0x86d/0xd50
[ 1592.716808][    C1]  ? __kthread_parkme+0x169/0x1d0
[ 1592.721875][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1592.727058][    C1]  kthread+0x2f0/0x390
[ 1592.731167][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1592.736339][    C1]  ? __pfx_kthread+0x10/0x10
[ 1592.740961][    C1]  ret_from_fork+0x4b/0x80
[ 1592.745421][    C1]  ? __pfx_kthread+0x10/0x10
[ 1592.750061][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1592.754928][    C1]  </TASK>
[ 1592.757978][    C1] DEBUG: waiting rtnl_mutex for 1865 jiffies.
[ 1592.764051][    C1] task:syz-executor.2  state:D stack:26112 pid:21923 tgid:21922 ppid:20046  flags:0x00000006
[ 1592.774264][    C1] Call Trace:
[ 1592.777602][    C1]  <TASK>
[ 1592.780558][    C1]  __schedule+0x17e8/0x4a20
[ 1592.785143][    C1]  ? __pfx___schedule+0x10/0x10
[ 1592.790127][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1592.795208][    C1]  ? __mutex_trylock_common+0x92/0x2e0
[ 1592.800713][    C1]  ? schedule+0x90/0x320
[ 1592.805008][    C1]  schedule+0x14b/0x320
[ 1592.809209][    C1]  schedule_preempt_disabled+0x13/0x30
[ 1592.814711][    C1]  __mutex_lock+0x6a4/0xd70
[ 1592.819291][    C1]  ? __mutex_lock+0x527/0xd70
[ 1592.824011][    C1]  ? nl80211_vendor_cmd_dump+0x8e/0x1600
[ 1592.829700][    C1]  ? __pfx___mutex_lock+0x10/0x10
[ 1592.834760][    C1]  ? rtnl_lock+0xe7/0x130
[ 1592.839132][    C1]  nl80211_vendor_cmd_dump+0x8e/0x1600
[ 1592.844641][    C1]  ? trace_kmalloc+0x1f/0xd0
[ 1592.849276][    C1]  ? kmalloc_node_track_caller_noprof+0x242/0x440
[ 1592.855761][    C1]  ? __build_skb_around+0x245/0x3d0
[ 1592.860998][    C1]  ? __pfx_nl80211_vendor_cmd_dump+0x10/0x10
[ 1592.867052][    C1]  ? __alloc_skb+0x28f/0x440
[ 1592.871683][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1592.877809][    C1]  ? __pfx___alloc_skb+0x10/0x10
[ 1592.882778][    C1]  genl_dumpit+0x107/0x1a0
[ 1592.887243][    C1]  netlink_dump+0x645/0xd80
[ 1592.891779][    C1]  ? __pfx_netlink_dump+0x10/0x10
[ 1592.896860][    C1]  ? __asan_memset+0x23/0x50
[ 1592.901490][    C1]  ? genl_start+0x4a8/0x6d0
[ 1592.906073][    C1]  __netlink_dump_start+0x59d/0x780
[ 1592.911317][    C1]  genl_rcv_msg+0x88c/0xec0
[ 1592.915884][    C1]  ? mark_lock+0x9a/0x360
[ 1592.920281][    C1]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1592.925365][    C1]  ? __pfx_genl_start+0x10/0x10
[ 1592.930249][    C1]  ? __pfx_genl_dumpit+0x10/0x10
[ 1592.935251][    C1]  ? __pfx_genl_done+0x10/0x10
[ 1592.940069][    C1]  ? __pfx_lock_acquire+0x10/0x10
[ 1592.945155][    C1]  ? __pfx_nl80211_vendor_cmd_dump+0x10/0x10
[ 1592.951158][    C1]  ? __pfx___might_resched+0x10/0x10
[ 1592.956489][    C1]  netlink_rcv_skb+0x1e3/0x430
[ 1592.961298][    C1]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1592.966477][    C1]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1592.971801][    C1]  ? __netlink_deliver_tap+0x77e/0x7c0
[ 1592.977309][    C1]  genl_rcv+0x28/0x40
[ 1592.981323][    C1]  netlink_unicast+0x7ea/0x980
[ 1592.986156][    C1]  ? __pfx_netlink_unicast+0x10/0x10
[ 1592.991466][    C1]  ? __virt_addr_valid+0x183/0x520
[ 1592.996615][    C1]  ? __check_object_size+0x49c/0x900
[ 1593.001938][    C1]  ? bpf_lsm_netlink_send+0x9/0x10
[ 1593.007105][    C1]  netlink_sendmsg+0x8db/0xcb0
[ 1593.011908][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1593.017238][    C1]  ? __import_iovec+0x536/0x820
[ 1593.022129][    C1]  ? aa_sock_msg_perm+0x91/0x160
[ 1593.027127][    C1]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 1593.032443][    C1]  ? security_socket_sendmsg+0x87/0xb0
[ 1593.037957][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1593.043282][    C1]  __sock_sendmsg+0x221/0x270
[ 1593.048038][    C1]  ____sys_sendmsg+0x525/0x7d0
[ 1593.052859][    C1]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1593.058216][    C1]  __sys_sendmsg+0x2b0/0x3a0
[ 1593.062844][    C1]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1593.068050][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1593.074406][    C1]  ? do_syscall_64+0x100/0x230
[ 1593.079193][    C1]  ? do_syscall_64+0xb6/0x230
[ 1593.083880][    C1]  do_syscall_64+0xf3/0x230
[ 1593.088431][    C1]  ? clear_bhb_loop+0x35/0x90
[ 1593.093143][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1593.099075][    C1] RIP: 0033:0x7f9a0a47cea9
[ 1593.103486][    C1] RSP: 002b:00007f9a0b2010c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1593.111935][    C1] RAX: ffffffffffffffda RBX: 00007f9a0a5b3f80 RCX: 00007f9a0a47cea9
[ 1593.119965][    C1] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000003
[ 1593.127987][    C1] RBP: 00007f9a0a4ebff4 R08: 0000000000000000 R09: 0000000000000000
[ 1593.136005][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1593.143989][    C1] R13: 000000000000000b R14: 00007f9a0a5b3f80 R15: 00007ffcc0b58848
[ 1593.152003][    C1]  </TASK>
[ 1593.155064][    C1] DEBUG: waiting rtnl_mutex for 1871 jiffies.
[ 1593.161146][    C1] task:kworker/1:2     state:D stack:19600 pid:785   tgid:785   ppid:2      flags:0x00004000
[ 1593.171374][    C1] Workqueue: events linkwatch_event
[ 1593.176644][    C1] Call Trace:
[ 1593.179949][    C1]  <TASK>
[ 1593.182892][    C1]  __schedule+0x17e8/0x4a20
[ 1593.187446][    C1]  ? __pfx___schedule+0x10/0x10
[ 1593.192333][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1593.198364][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1593.203414][    C1]  ? kick_pool+0x1bd/0x620
[ 1593.207875][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1593.213105][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[ 1593.218362][    C1]  ? schedule+0x90/0x320
[ 1593.222640][    C1]  schedule+0x14b/0x320
[ 1593.226866][    C1]  schedule_preempt_disabled+0x13/0x30
[ 1593.232362][    C1]  __mutex_lock+0x6a4/0xd70
[ 1593.236931][    C1]  ? __mutex_lock+0x527/0xd70
[ 1593.241660][    C1]  ? linkwatch_event+0xe/0x60
[ 1593.246377][    C1]  ? __pfx___mutex_lock+0x10/0x10
[ 1593.251445][    C1]  ? process_scheduled_works+0x945/0x1830
[ 1593.257216][    C1]  ? rtnl_lock+0xe7/0x130
[ 1593.261564][    C1]  ? process_scheduled_works+0x945/0x1830
[ 1593.267316][    C1]  linkwatch_event+0xe/0x60
[ 1593.271861][    C1]  process_scheduled_works+0xa2c/0x1830
[ 1593.277567][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1593.283569][    C1]  ? assign_work+0x364/0x3d0
[ 1593.288189][    C1]  worker_thread+0x86d/0xd50
[ 1593.292800][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1593.298735][    C1]  ? __kthread_parkme+0x169/0x1d0
[ 1593.303783][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1593.308912][    C1]  kthread+0x2f0/0x390
[ 1593.312984][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1593.318126][    C1]  ? __pfx_kthread+0x10/0x10
[ 1593.322842][    C1]  ret_from_fork+0x4b/0x80
[ 1593.327325][    C1]  ? __pfx_kthread+0x10/0x10
[ 1593.331941][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1593.336758][    C1]  </TASK>
[ 1593.339798][    C1] DEBUG: waiting rtnl_mutex for 1684 jiffies.
[ 1593.345904][    C1] task:syz-executor.4  state:D stack:17824 pid:13887 tgid:13886 ppid:11264  flags:0x00004002
[ 1593.356121][    C1] Call Trace:
[ 1593.359415][    C1]  <TASK>
[ 1593.362354][    C1]  __schedule+0x17e8/0x4a20
[ 1593.366905][    C1]  ? __pfx___schedule+0x10/0x10
[ 1593.371793][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1593.376891][    C1]  ? __mutex_trylock_common+0x92/0x2e0
[ 1593.382423][    C1]  ? schedule+0x90/0x320
[ 1593.386723][    C1]  schedule+0x14b/0x320
[ 1593.390920][    C1]  schedule_preempt_disabled+0x13/0x30
[ 1593.396432][    C1]  __mutex_lock+0x6a4/0xd70
[ 1593.400985][    C1]  ? __mutex_lock+0x527/0xd70
[ 1593.405698][    C1]  ? tun_chr_close+0x3e/0x1b0
[ 1593.410404][    C1]  ? __pfx___mutex_lock+0x10/0x10
[ 1593.415483][    C1]  ? rtnl_lock+0xe7/0x130
[ 1593.419861][    C1]  tun_chr_close+0x3e/0x1b0
[ 1593.424388][    C1]  ? __pfx_tun_chr_close+0x10/0x10
[ 1593.429637][    C1]  __fput+0x406/0x8b0
[ 1593.433670][    C1]  task_work_run+0x24f/0x310
[ 1593.438302][    C1]  ? __pfx_task_work_run+0x10/0x10
[ 1593.443451][    C1]  ? do_exit+0xa22/0x28e0
[ 1593.447805][    C1]  ? kmem_cache_free+0x145/0x350
[ 1593.452769][    C1]  do_exit+0xa27/0x28e0
[ 1593.456965][    C1]  ? __pfx_do_exit+0x10/0x10
[ 1593.461576][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1593.467581][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1593.473939][    C1]  ? cgroup_freezing+0x2a8/0x350
[ 1593.478941][    C1]  do_group_exit+0x207/0x2c0
[ 1593.483646][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1593.488890][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[ 1593.494130][    C1]  get_signal+0x16a1/0x1740
[ 1593.498687][    C1]  ? kasan_quarantine_put+0xdc/0x230
[ 1593.504020][    C1]  ? __pfx_get_signal+0x10/0x10
[ 1593.508927][    C1]  ? do_sys_openat2+0x17a/0x1d0
[ 1593.513816][    C1]  ? __might_fault+0xaa/0x120
[ 1593.518576][    C1]  arch_do_signal_or_restart+0x96/0x830
[ 1593.524154][    C1]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1593.530356][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1593.536384][    C1]  ? syscall_exit_to_user_mode+0xa3/0x370
[ 1593.542126][    C1]  syscall_exit_to_user_mode+0xc9/0x370
[ 1593.547712][    C1]  do_syscall_64+0x100/0x230
[ 1593.552320][    C1]  ? clear_bhb_loop+0x35/0x90
[ 1593.557046][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1593.562949][    C1] RIP: 0033:0x7ff03de7cea9
[ 1593.567387][    C1] RSP: 002b:00007ff03eb390c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1593.575863][    C1] RAX: ffffffffffffffe4 RBX: 00007ff03dfb3f80 RCX: 00007ff03de7cea9
[ 1593.583860][    C1] RDX: 000000000000275a RSI: 0000000020000040 RDI: ffffffffffffff9c
[ 1593.591900][    C1] RBP: 00007ff03deebff4 R08: 0000000000000000 R09: 0000000000000000
[ 1593.599922][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1593.607935][    C1] R13: 000000000000000b R14: 00007ff03dfb3f80 R15: 00007ffecc856a38
[ 1593.615960][    C1]  </TASK>
[ 1593.619016][    C1] DEBUG: waiting rtnl_mutex for 1676 jiffies.
[ 1593.625124][    C1] task:kworker/1:7     state:D stack:21392 pid:6740  tgid:6740  ppid:2      flags:0x00004000
[ 1593.635349][    C1] Workqueue: events switchdev_deferred_process_work
[ 1593.641981][    C1] Call Trace:
[ 1593.645308][    C1]  <TASK>
[ 1593.648259][    C1]  __schedule+0x17e8/0x4a20
[ 1593.652791][    C1]  ? __pfx___schedule+0x10/0x10
[ 1593.657678][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1593.663758][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1593.668804][    C1]  ? kick_pool+0x45c/0x620
[ 1593.673226][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1593.678461][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[ 1593.683702][    C1]  ? schedule+0x90/0x320
[ 1593.688007][    C1]  schedule+0x14b/0x320
[ 1593.692183][    C1]  schedule_preempt_disabled+0x13/0x30
[ 1593.697682][    C1]  __mutex_lock+0x6a4/0xd70
[ 1593.702212][    C1]  ? __mutex_lock+0x527/0xd70
[ 1593.706945][    C1]  ? switchdev_deferred_process_work+0xe/0x20
[ 1593.713043][    C1]  ? __pfx___mutex_lock+0x10/0x10
[ 1593.718131][    C1]  ? process_scheduled_works+0x945/0x1830
[ 1593.723901][    C1]  ? rtnl_lock+0xe7/0x130
[ 1593.728294][    C1]  ? process_scheduled_works+0x945/0x1830
[ 1593.734050][    C1]  switchdev_deferred_process_work+0xe/0x20
[ 1593.740008][    C1]  process_scheduled_works+0xa2c/0x1830
[ 1593.745649][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1593.751684][    C1]  ? assign_work+0x364/0x3d0
[ 1593.756325][    C1]  worker_thread+0x86d/0xd50
[ 1593.760963][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1593.766919][    C1]  ? __kthread_parkme+0x169/0x1d0
[ 1593.771973][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1593.777118][    C1]  kthread+0x2f0/0x390
[ 1593.781233][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1593.786406][    C1]  ? __pfx_kthread+0x10/0x10
[ 1593.791030][    C1]  ret_from_fork+0x4b/0x80
[ 1593.795505][    C1]  ? __pfx_kthread+0x10/0x10
[ 1593.800117][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1593.804928][    C1]  </TASK>
[ 1593.807967][    C1] DEBUG: waiting rtnl_mutex for 702 jiffies.
[ 1593.813958][    C1] task:syz-executor.3  state:D stack:26400 pid:21951 tgid:21950 ppid:18375  flags:0x00004006
[ 1593.824166][    C1] Call Trace:
[ 1593.827483][    C1]  <TASK>
[ 1593.830443][    C1]  __schedule+0x17e8/0x4a20
[ 1593.835034][    C1]  ? __pfx___schedule+0x10/0x10
[ 1593.839930][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1593.845011][    C1]  ? __mutex_trylock_common+0x92/0x2e0
[ 1593.850503][    C1]  ? schedule+0x90/0x320
[ 1593.854752][    C1]  schedule+0x14b/0x320
[ 1593.858947][    C1]  schedule_preempt_disabled+0x13/0x30
[ 1593.864451][    C1]  __mutex_lock+0x6a4/0xd70
[ 1593.868989][    C1]  ? __mutex_lock+0x527/0xd70
[ 1593.873693][    C1]  ? ppp_ioctl+0x78b/0x1cd0
[ 1593.878236][    C1]  ? __pfx___mutex_lock+0x10/0x10
[ 1593.883309][    C1]  ? rtnl_lock+0xe7/0x130
[ 1593.887703][    C1]  ppp_ioctl+0x78b/0x1cd0
[ 1593.892068][    C1]  ? __pfx_ppp_ioctl+0x10/0x10
[ 1593.896879][    C1]  ? __fget_files+0x3f6/0x470
[ 1593.901581][    C1]  ? __fget_files+0x29/0x470
[ 1593.906235][    C1]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 1593.911211][    C1]  ? security_file_ioctl+0x87/0xb0
[ 1593.916361][    C1]  ? __pfx_ppp_ioctl+0x10/0x10
[ 1593.921166][    C1]  __se_sys_ioctl+0xfc/0x170
[ 1593.925816][    C1]  do_syscall_64+0xf3/0x230
[ 1593.930342][    C1]  ? clear_bhb_loop+0x35/0x90
[ 1593.935054][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1593.940986][    C1] RIP: 0033:0x7fde1c87cea9
[ 1593.945451][    C1] RSP: 002b:00007fde1d5dd0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1593.953900][    C1] RAX: ffffffffffffffda RBX: 00007fde1c9b3f80 RCX: 00007fde1c87cea9
[ 1593.961939][    C1] RDX: 0000000020001400 RSI: 00000000c004743e RDI: 0000000000000004
[ 1593.969953][    C1] RBP: 00007fde1c8ebff4 R08: 0000000000000000 R09: 0000000000000000
[ 1593.977952][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1593.985987][    C1] R13: 000000000000000b R14: 00007fde1c9b3f80 R15: 00007ffe53f00a48
[ 1593.994012][    C1]  </TASK>
[ 1593.997065][    C1] 
[ 1593.997065][    C1] Showing all locks held in the system:
[ 1594.004792][    C1] 3 locks held by kworker/1:2/785:
[ 1594.009911][    C1]  #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 1594.020920][    C1]  #1: ffffc900036b7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 1594.031950][    C1]  #2: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60
[ 1594.040986][    C1] 2 locks held by getty/4846:
[ 1594.045708][    C1]  #0: ffff88802b0410a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1594.055551][    C1]  #1: ffffc90002f0e2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10
[ 1594.065742][    C1] 3 locks held by kworker/1:7/6740:
[ 1594.070957][    C1]  #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 1594.081988][    C1]  #1: ffffc900036d7d00 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 1594.093010][    C1]  #2: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xe/0x20
[ 1594.103450][    C1] 1 lock held by syz-executor.4/13887:
[ 1594.108936][    C1]  #0: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0
[ 1594.117994][    C1] 4 locks held by kworker/u8:5/14249:
[ 1594.123376][    C1]  #0: ffff888015ed5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 1594.134286][    C1]  #1: ffffc90009567d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 1594.144886][    C1]  #2: ffffffff8f5e2c90 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0
[ 1594.154368][    C1]  #3: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: ieee80211_unregister_hw+0x55/0x2c0
[ 1594.164248][    C1] 3 locks held by syz-executor.2/14724:
[ 1594.169830][    C1]  #0: ffff8880549e6420 (sb_writers#42){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90
[ 1594.179168][    C1]  #1: ffff88807eeb0c00 (&type->i_mutex_dir_key#28){+.+.}-{3:3}, at: path_openat+0x7d3/0x3280
[ 1594.189547][    C1]  #2: ffff888023744920 (&sbi->s_lock#3){+.+.}-{3:3}, at: sysv_new_inode+0x128/0x1170
[ 1594.199244][    C1] 3 locks held by kworker/u8:6/21517:
[ 1594.204639][    C1]  #0: ffff88802ab50148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 1594.216299][    C1]  #1: ffffc90009487d00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 1594.229175][    C1]  #2: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xd0/0x16f0
[ 1594.238674][    C1] 1 lock held by syz-executor.1/21679:
[ 1594.244153][    C1]  #0: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x839/0x1170
[ 1594.253733][    C1] 1 lock held by syz-executor.0/21863:
[ 1594.259232][    C1]  #0: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x839/0x1170
[ 1594.268846][    C1] 2 locks held by syz-executor.4/21900:
[ 1594.274402][    C1]  #0: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0
[ 1594.283407][    C1]  #1: ffffffff8e33a878 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830
[ 1594.294364][    C1] 3 locks held by syz-executor.2/21923:
[ 1594.299929][    C1]  #0: ffffffff8f655cd0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40
[ 1594.308167][    C1]  #1: ffff88801c68a678 (nlk_cb_mutex-GENERIC){+.+.}-{3:3}, at: __netlink_dump_start+0x119/0x780
[ 1594.318732][    C1]  #2: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: nl80211_vendor_cmd_dump+0x8e/0x1600
[ 1594.328805][    C1] 2 locks held by syz-executor.3/21951:
[ 1594.334336][    C1]  #0: ffffffff8ee49ba8 (ppp_mutex){+.+.}-{3:3}, at: ppp_ioctl+0x112/0x1cd0
[ 1594.343077][    C1]  #1: ffffffff8f5ef4c8 (rtnl_mutex){+.+.}-{3:3}, at: ppp_ioctl+0x78b/0x1cd0
[ 1594.351947][    C1] 1 lock held by syz-executor.3/21952:
[ 1594.357429][    C1]  #0: ffffffff8ee49ba8 (ppp_mutex){+.+.}-{3:3}, at: ppp_ioctl+0x112/0x1cd0
[ 1594.366256][    C1] 
[ 1594.368586][    C1] =============================================
[ 1594.368586][    C1] 
[ 1594.400326][T14724] Kernel panic - not syncing: KASAN: panic_on_warn set ...
2033/05/18 06:07:32 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF
[ 1594.407558][T14724] CPU: 0 PID: 14724 Comm: syz-executor.2 Not tainted 6.10.0-rc3-next-20240611-syzkaller #0
[ 1594.417556][T14724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 1594.427637][T14724] Call Trace:
[ 1594.430934][T14724]  <TASK>
[ 1594.433887][T14724]  dump_stack_lvl+0x241/0x360
[ 1594.438633][T14724]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1594.443858][T14724]  ? __pfx__printk+0x10/0x10
[ 1594.448483][T14724]  ? preempt_schedule+0xe1/0xf0
[ 1594.453362][T14724]  ? vscnprintf+0x5d/0x90
[ 1594.457724][T14724]  panic+0x349/0x870
[ 1594.461658][T14724]  ? check_panic_on_warn+0x21/0xb0
[ 1594.466811][T14724]  ? __pfx_panic+0x10/0x10
[ 1594.471269][T14724]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 1594.477281][T14724]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1594.483642][T14724]  ? print_report+0x502/0x550
[ 1594.488353][T14724]  check_panic_on_warn+0x86/0xb0
[ 1594.493330][T14724]  ? sysv_new_inode+0xfd3/0x1170
[ 1594.498295][T14724]  end_report+0x77/0x160
[ 1594.502568][T14724]  kasan_report+0x154/0x180
[ 1594.507097][T14724]  ? sysv_new_inode+0xfd3/0x1170
[ 1594.512068][T14724]  sysv_new_inode+0xfd3/0x1170
[ 1594.516881][T14724]  ? __pfx_sysv_new_inode+0x10/0x10
[ 1594.522129][T14724]  ? _raw_spin_unlock+0x28/0x50
[ 1594.527012][T14724]  ? __d_add+0x500/0x800
[ 1594.531301][T14724]  sysv_mknod+0x4e/0xe0
[ 1594.535484][T14724]  ? __pfx_sysv_create+0x10/0x10
[ 1594.541056][T14724]  path_openat+0x1425/0x3280
[ 1594.545711][T14724]  ? __pfx_path_openat+0x10/0x10
[ 1594.550712][T14724]  do_filp_open+0x235/0x490
[ 1594.555254][T14724]  ? __pfx_do_filp_open+0x10/0x10
[ 1594.560322][T14724]  ? _raw_spin_unlock+0x28/0x50
[ 1594.565187][T14724]  ? alloc_fd+0x5a1/0x640
[ 1594.569537][T14724]  do_sys_openat2+0x13e/0x1d0
[ 1594.574277][T14724]  ? __might_fault+0xaa/0x120
[ 1594.579163][T14724]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1594.584403][T14724]  ? rcu_is_watching+0x15/0xb0
[ 1594.589212][T14724]  ? __rseq_handle_notify_resume+0x353/0x14e0
[ 1594.595321][T14724]  __x64_sys_openat+0x247/0x2a0
[ 1594.600211][T14724]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1594.605624][T14724]  ? do_syscall_64+0x100/0x230
[ 1594.610416][T14724]  ? do_syscall_64+0xb6/0x230
[ 1594.615113][T14724]  do_syscall_64+0xf3/0x230
[ 1594.619641][T14724]  ? clear_bhb_loop+0x35/0x90
[ 1594.624345][T14724]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1594.630265][T14724] RIP: 0033:0x7f39c0c7cea9
[ 1594.634704][T14724] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 1594.654343][T14724] RSP: 002b:00007f39c1adf0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1594.662798][T14724] RAX: ffffffffffffffda RBX: 00007f39c0db3f80 RCX: 00007f39c0c7cea9
[ 1594.670800][T14724] RDX: 000000000000275a RSI: 0000000020000040 RDI: ffffffffffffff9c
[ 1594.678800][T14724] RBP: 00007f39c0cebff4 R08: 0000000000000000 R09: 0000000000000000
[ 1594.686793][T14724] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1594.694870][T14724] R13: 000000000000004d R14: 00007f39c0db3f80 R15: 00007ffdabb85588
[ 1594.702883][T14724]  </TASK>
[ 1594.706219][T14724] Kernel Offset: disabled
[ 1594.710544][T14724] Rebooting in 86400 seconds..