last executing test programs:

11m44.416224484s ago: executing program 0 (id=48):
ioctl$DRM_IOCTL_MODE_ADDFB2(0xffffffffffffffff, 0xc06864b8, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="fc00000019000100000000000000000000000000000000000000000000000000fc01000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000b93760000000000000000000000000000000000000000000200000000000000010000000000000044000500ac141400000000000000000000000000000000003c00000000000000000000000000000000000000000000000000000001"], 0xfc}, 0x1, 0x0, 0x0, 0x24008040}, 0x20040000)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=@updpolicy={0xb8, 0x19, 0x1, 0xfffffffc, 0x25dfdbfb, {{@in6=@dev={0xfe, 0x80, '\x00', 0x16}, @in6=@local, 0x4e1e, 0x0, 0x4e24, 0x0, 0xa, 0x0, 0x60, 0x2b}, {0x1, 0x8, 0xfffffffffffffffe, 0x40000000, 0xf1, 0x18, 0x1, 0xfffffffffffffffe}, {0x77, 0x5, 0x0, 0x7fff}, 0x8, 0x0, 0x1, 0x1, 0x3}}, 0xb8}}, 0x0)
sendto$inet6(r1, &(0x7f0000000240)="8a", 0x1, 0x51, &(0x7f0000000080)={0xa, 0x3, 0x1, @dev={0xfe, 0x80, '\x00', 0x17}, 0x9}, 0x1c)

11m39.231004006s ago: executing program 0 (id=61):
r0 = socket(0x28, 0x5, 0x0)
getpid()
r1 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f00000001c0)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(0xffffffffffffffff, 0xc1105518, 0x0)
bind$vsock_stream(r0, &(0x7f0000000040), 0x10)
listen(r0, 0xc)
r2 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x34f}, &(0x7f00000002c0)=<r3=>0x0, &(0x7f0000000080)=<r4=>0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_LINKAT={0x27, 0x0, 0x0, r5, 0x0, 0x0, 0xffffffffffffffff, 0x1400})
io_uring_enter(r2, 0x47bc, 0x0, 0x0, 0x0, 0x0)

11m35.734830479s ago: executing program 0 (id=69):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
sendto$inet6(r3, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)

11m34.454781657s ago: executing program 0 (id=71):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
setresuid(0xee01, 0x0, 0x0)
sendmmsg$unix(r0, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001780)=[@cred={{0x1c}}], 0x20}}], 0x1, 0x0)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', 0x845, &(0x7f00000005c0)={[{@shortname_winnt}, {@shortname_winnt}, {@shortname_lower}, {@shortname_winnt}, {@shortname_winnt}, {@fat=@discard}, {@fat=@check_strict}, {@shortname_mixed}, {@shortname_winnt}, {@rodir}, {@shortname_win95}, {@fat=@sys_immutable}, {@utf8}]}, 0x0, 0x274, &(0x7f0000000780)="$eJzs3MGLG1UYAPDPbNvdbmmzBxEUxIde9BLa9S8I0oK4oKyNqAdh6mY17JgsmbgSEdubV/+O4tGboP4De/HmXbwsguClBzHSJONm10BbaZzV/H4Q5su8+fLeTGbCNwN5R29/+dHebtHYzQZRW0tRi7gT9yI27kdTT0yXtXF8IWbdiZcu/fbjs2++8+5rza2t69sp3WjefHkzpXTluW8/+eyr578fXHrr6yvfrMbhxntHv27+dPjU4dNHf9wsP703SFm61esNslt5O+10ir1GSm/k7axop063aPdPtO/mvf39Ycq6O5fX9/vtokhZd5j22sM06KVBf5iyD7JONzUajXR5PZbNyiNntO5ub2fNhQyGKlyct7Lfb2Yrcxtbd/+NQQEAZ0tV9f+HnSJ1itR9UP1fC/X/4qj/l8H9+n99ev2epP4HAAAAAAAAAAAAAID/gnujUX00GtXLZflajYi1iCjfVz1OFsP3v9xm/ri3FpF/cdA6aE2Wk/bmbnQij3ZcPR/x+/h8mJrEN17dun41jW3Ed/ntaf7tg9ZKrJb5pY35+dcm+elk/vlYn+1/M+rx5Pz8zbn5F+LFF2byG1GPH96PXuSxMz6vj/M/v5bSK69vncq/ON4OAAAA/g8a6S9/u38ftzdSOW3IqfbJyuPnA1F/wPOBU/fX5+KZc9XtNwAAACyTYvjpXpbn7b7g0QKHbuFBLSIq6v2XiDgbB+GxBj9/PLnqH2bjqn+ZAACAx+246K96JAAAAAAAAAAAAAAAAAAAALC8HnbysHL7fzL32Ex3K9XsJQAAAAAAAAAAAAAAAAAAAAAAAJwNfwYAAP//xsMhSw==")
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00')
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000500)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1333404, 0x0)
mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x11080, 0x0)
mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0)
read$FUSE(r1, &(0x7f0000002140)={0x2020}, 0x2100)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r2, 0x26, &(0x7f0000000380)={0x300, 0x0, 0x103ff})
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18020000fcffffff000000000000210085000000360000009500070000000000b83f3584230b8f5ec8921327291cf4880dd3a91af830f8a476ba1b51d4eb67103b000000000000000000000000000000640f9922d207e93470686f20ad"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, '\x00', 0x0, @xdp}, 0x70)

11m33.020130498s ago: executing program 0 (id=75):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x4000074, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x0, @dev}, 0x10)
sendmmsg$inet(r3, &(0x7f0000005240), 0x4000095, 0x0)
setsockopt$inet_buf(r3, 0x0, 0x4, 0x0, 0x0)

11m30.757238364s ago: executing program 0 (id=80):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x3, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000ffc000/0x4000)=nil)
brk(0x55555ede5ffe)

11m29.539718683s ago: executing program 32 (id=80):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x3, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000ffc000/0x4000)=nil)
brk(0x55555ede5ffe)

10m33.020815518s ago: executing program 4 (id=213):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
splice(r2, 0x0, r1, 0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xffffffffffffff1a, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)

10m30.904581826s ago: executing program 4 (id=216):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x7, 0x0, 0x0, 0x0, 0x2}, {}, 0x0, 0x0, 0x1}}, 0xb8}}, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="b80000001d0067"], 0xb8}}, 0x0)

10m29.745336436s ago: executing program 4 (id=218):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800"/13], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kfree\x00', r0}, 0x10)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x1, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000500)={'syzkaller0\x00', 0x7101})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa802, 0x0)
close(r2)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0xb, 0xd}, {}, {0x8, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x48050}, 0x40004)
recvmmsg(r5, &(0x7f0000005140)=[{{0x0, 0x0, &(0x7f0000001a80)=[{&(0x7f0000000640)=""/216, 0xd8}, {&(0x7f00000052c0)=""/235, 0xeb}, {&(0x7f0000003080)=""/4096, 0x1000}], 0x3}, 0x3}], 0x1b00, 0x0, 0x0)

10m21.604469077s ago: executing program 4 (id=235):
r0 = socket$kcm(0xa, 0x1, 0x106)
sendmsg$kcm(r0, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x4001, 0x0, @empty}, 0x80, 0x0}, 0x20000001)
r1 = socket$kcm(0xa, 0x1, 0x106)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$xdp(0x2c, 0x3, 0x0)
sendmsg$kcm(r1, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x20000011)
r3 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000140)="1400000023000b6c8cfffdfccabb00f90429fc60", 0x14}], 0x1}, 0x2400c000)

10m19.413381496s ago: executing program 4 (id=240):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x837, &(0x7f0000000180)={0x0, 0x2b94, 0x80, 0x4, 0x3cf}, &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000000)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000100)=@IORING_OP_TIMEOUT={0xb, 0x41, 0x0, 0x0, 0x9, &(0x7f00000000c0), 0x1, 0x4})
io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0)
r5 = syz_io_uring_setup(0x10f, &(0x7f00000000c0)={0x0, 0x59fa, 0x400, 0x8, 0x2}, 0x0, 0x0)
io_uring_register$IORING_REGISTER_FILES(r5, 0x2, 0x0, 0x0)
dup(0xffffffffffffffff)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)

10m16.058094768s ago: executing program 4 (id=259):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000500)={'syzkaller0\x00', 0x7101})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa802, 0x0)
close(r3)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0xb, 0xd}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004)

10m0.788976069s ago: executing program 33 (id=259):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000500)={'syzkaller0\x00', 0x7101})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa802, 0x0)
close(r3)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0xb, 0xd}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004)

25.050652366s ago: executing program 3 (id=1562):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
r4 = syz_open_procfs(0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_MODE_SETGAMMA(r4, 0xc02064a5, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x400)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000380)=[<r6=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r5, 0xc05064a7, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r6})

23.642542393s ago: executing program 3 (id=1566):
r0 = semget$private(0x0, 0x1, 0x202)
semtimedop(r0, 0x0, 0x0, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24044800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000500)=@raw={'raw\x00', 0x3c1, 0x3, 0x410, 0x270, 0x168, 0x9, 0x0, 0xb, 0x370, 0x250, 0x250, 0x370, 0x250, 0x3, 0x0, {[{{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @rand_addr=' \x01\x00', [], [], 'ip6tnl0\x00', 'sit0\x00', {}, {}, 0x6c}, 0x6000000, 0x200, 0x240, 0x0, {0x0, 0x28e}, [@common=@inet=@hashlimit3={{0x158}, {'veth1_to_batadv\x00', {0x0, 0x7ff, 0x0, 0x0, 0x0, 0x6, 0x1000}}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x0, 0x0, "48c01c5140d722edd3fb24545886bbd1be494201b400"}}}, {{@uncond, 0x0, 0xd0, 0x100, 0x0, {}, [@common=@inet=@set2={{0x28}}]}, @common=@inet=@SET2={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x470)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000200)=ANY=[@ANYBLOB="ec000000210001002dbd7000fedbdf25fe880000000000000000000000000101ac1414bb0000000000000000000000004e240002000700010a0080a000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="af6b6e00010000009c0011001901010000000000000000000000000020010000000000000000000000000001ac14143e0000000000c8b100"], 0xec}}, 0x20000000)

21.475631058s ago: executing program 3 (id=1569):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2f00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000700000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r2}, 0x10)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
io_setup(0x2, &(0x7f0000000200)=<r4=>0x0)
r5 = eventfd2(0x0, 0x0)
io_getevents(r4, 0x1, 0x1, &(0x7f0000000080)=[{}], 0x0)
io_submit(r4, 0x1, &(0x7f0000000680)=[&(0x7f0000000000)={0x1802, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x3, r5}])

14.239759996s ago: executing program 3 (id=1584):
r0 = socket(0x40000000015, 0x5, 0x0)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000580)}, 0x0)
add_key(&(0x7f0000000040)='ceph\x00', 0x0, &(0x7f0000000240)="0100000200373a4541062101a59e", 0xe, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
getpid()
close(0x3)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', 0x0})

13.357964861s ago: executing program 5 (id=1586):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
syz_open_dev$MSR(0x0, 0x0, 0x0)
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
r3 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x101121)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
r5 = syz_io_uring_setup(0x1c57, &(0x7f0000000300)={0x0, 0x40ac, 0x10000, 0x2, 0x3f, 0x0, r4}, &(0x7f0000000180)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3})
io_uring_enter(r5, 0x2def, 0x4000, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x4, 0x8, 0x3, 0xfffffffffffffffd, 0x3, 0x0, 0x0, 0x400}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x1e}, 0x0, 0x0)
openat$adsp1(0xffffffffffffff9c, 0x0, 0x140201, 0x0)
mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', 0x0, 0x0, 0x0)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000001340)="05a1193002c37e6ce1bd4fe95426db06e4842b13f4d302f282744f2609568580", 0x20)

12.640091852s ago: executing program 3 (id=1589):
syz_mount_image$ext4(&(0x7f0000000bc0)='ext4\x00', &(0x7f0000000240)='./file1\x00', 0x4000, &(0x7f00000000c0), 0x2, 0xbb8, &(0x7f00000017c0)="$eJzs3M1rXFUbAPDn3kymaZv3nfTlRawbIyItiNOkkmKLYCsVNy4E3QoN6aSETD9IIjVpFhP9B0RdC24EtSgu7LobRbdutN0qLoQisVEQ0cidjyQ2mTS1M70x/f3gzD3nnpl5nmcuM/cemJkA7luD2U0asT8iTiURpeb+NCKK9V5fRK1xv6XF+bFfF+fHklhefumnJJKIuLk4P9Z6rqS53dsc9EXE188m8b831sednp2bHK1WK1PN8aGZsxcOTc/OPTFxdvRM5Uzl3PCRp0YOjxwZOjrSsVp/++74lV8eef6H2u8f/nH557ffT+J49Dfn1tbRKYMxuPKarFWIiNFOB8tJT7OetXUmhds8KO1yUgAAtJWuuYZ7IErRE6sXb6X4/JtckwMAAAA6YrknYhkAAADY4RLrfwAAANjhWt8DuLk4P9Zq+X4j4d66cSIiBhr1LzVbY6YQtfq2L3ojYs/NJNb+rDVpPOyuDUbE99ePfpK16NLvkDdTW4iIBzc6/km9/oH6r7jX159GxFAH4g/eMv431X+8A/Hzrh+A+9PVE40T2frzX7py/RMbnP8KG5y7/om8z3+t67+lddd/q/X3tLn+e3GLMS598O7FdnNZ/U9fee7jVsviZ9u7KuoO3FiIeKiwUf3JSv1Jm/pPbTFG6c+LlXZzede//F7Egdi4/pZk8/8nOjQ+Ua0MNW43jLHw1chH7eLnXX92/Pe0qb/1/0/tjv+FLcZ45eTJT9ftvL7a3bz+9Mdi8nK9V2zueW10ZmZqOKKYvLB+/+HNc2ndp/UcWf0HH938/b9R/dlnQq35OmRrgYXmNhu/fkvMZy5f+qxdPq31X57H/3Sb47+2/i8L64//m1uM8dgXbx1sN7d2/Zu1LH5rLQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALWlE9EeSllf6aVouR+yNiP/HnrR6fnrm8fHzr547nc1FDERvOj5RrQxFRKkxTrLxcL2/Oj58y/jJiNgXEe+UdtfH5bHz1dN5Fw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCKvRHRH0lajog0IpZKaVou550VAAAA0HEDeScAAAAAdJ31PwAAAOx81v8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB02b6Hr15LIqJ2bHe9ZYrNud5cMwO6Lc07ASA3PXknAOSmkHcCQG7ucI3vcgF2oOQ2831tZ3Z1PBcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtq8D+69eSyKidmx3vWWKzbneXDMDui3NOwEgNz2bTRbuXR7AvectDvcva3wguc183+p9an+f2dW1nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYfvrrLUnLEVFs7iuXI/4TEQPRm4xPVCtDEfHfiPi21LsrGw/nnDMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACdNz07NzlarVamsk4azc7KHp3VTtJ4xWrbJR+du+wUY1uksU07eX8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQh+nZucnRarUyNZ13JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDepmfnJker1cpUFzt51wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQH7+CgAA//9gfgp0")
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file3\x00', 0x0, 0x0)
unlinkat$binderfs_device(0xffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00')
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10)
r2 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
ioctl$EVIOCGMASK(r2, 0x80104592, &(0x7f0000000300)={0x0, 0xffffffffffffff36, &(0x7f0000000200)="952bb3e006ae9a4c3a"})
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)=<r4=>0x0)
timer_settime(r4, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_open_dev$evdev(&(0x7f0000000a80), 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

12.544677036s ago: executing program 1 (id=1590):
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000540), 0xfffffdd8)
ioctl$IOMMU_HWPT_INVALIDATE$TEST(0xffffffffffffffff, 0x3b8d, &(0x7f0000000100)={0x20, 0x0, &(0x7f00000000c0)=[{0x0, 0x2}, {0x0, 0x3}, {0x0, 0x3}, {}, {0x1, 0x1}, {0x1, 0x1}], 0xdeadbeef, 0x8, 0x6})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), 0xffffffffffffffff)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240"], 0x7c}}, 0x4000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
recvmsg(0xffffffffffffffff, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000780)=""/212, 0xd4}], 0x1}, 0x2001)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

12.133534908s ago: executing program 1 (id=1592):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000080)='mounts\x00')
syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000980)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000000240)={[{@nobarrier}, {@uid}, {@creator={'creator', 0x3d, "bd3d66f1"}}, {@creator={'creator', 0x3d, "64eb8ba9"}}, {@nodecompose}, {@part={'part', 0x3d, 0x2}}, {@barrier}]}, 0x3, 0x6a4, &(0x7f0000001b40)="$eJzs3U9sHFcdB/DvbDbrbJBS918aEFKtRqqgEYmdVUmQkBoQQjlEKIJLr1biNFY2aeW4KK0Q2QAFiRMn1AOHIhQOPSGEkMoJUc5ISFw4+R6JG4ccAKOZnV2v7Y1jJ7HXbT8faTzv7Zv33m9+nT+7s402wGfW+ddzsJci509cuFXWV+52uit3O9cH5SRTSRpJs79K0U6Kj5Nz6S/5fPliPVzxoHlevfdR0Xz/w06/1qyXavvGVv02GbtlLzk0rBxIMtMv/mfbw24ar1qqcS6tjfeIimHcZcKODxIHk7a6SW+tsfHQ7ts/b4F963b/vrnJdHI4/btr+T4g9dXh4VeGydvy2tTbuzgAAABgt4z9LD/qqfu5n1s5sjfhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKdD0f/NwKJeGoPyTIrB7/+3Rn5TvzXhcB/Te1eq1XefmnQgAAAAAAAAAPBYXryf+7mVI4P6alF95/9SVXmu+vu5vJ2bWchSTuZW5rOc5SxlLsn0yECtW/PLy0tzm3v+MmXP1dXV23XP02N7nl4fV29joOP+T4NNGwEAAAAAAADAZ9aPcn7t+38AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgPiuRAf1Utzw3K02k0kxxK0ipmhpu3JhrsE/DnSQcAAAAAu69dr48U/+sXVovqM//R6nP/obydG1nOYpbTzUIuV88C+p/6G3/vdbordzvXy2XzwN/4147iqEZM/9nD+Jlnqy2eH/Y4n2/nezmRmVzMUhbz/cxnOQuZybeq0nyKTNdPL6ZX7rYziHVzvOfW1S5ujO3FkXIZ37EqknauZLGK7WQutQahN+rtjo3M9sdWsmHGO2V2itdq28zR5Xpd7tEv6vX+MF3t+cFhRmbr3JfZeHo075tzv8PjZONMc2kMn0E9tzZLWd040yPl/HC9LnP9093N+Q4fpa3PRO/nZW1w9B3dOufJl//xl4tXGzeuXb1y88T+OYwe0cZjojOSiRe2lYlumYneY2Ti0OPE/+S06mz0r6I7u1q+VPU9ksV8J2/mchZyJrOZy9nM5ms5nU5Oj+T1+a3zWp1rjZ2da8e/VBfKe9LPRu5Ne2bqQQ1lXp8eyevolW66aht9ZS1Lz2wjS0Ur47P0z7GhNL9QF8o5fjxyx5m8jZmYG8nEs1tn4tf/XU1ys3vj2tLV+be2Od/L9bo8bd9bf23+zRPZoZ2rd7c8Xp4p/2Olf9sYPTrKtmcHbRvy1aq/cWnWg61ra6U6n/ttDztTy5GO3hk3Ur/thbGzdKq2YyNt697l5M10h+9CANjHDr9yuNW+1/5b+4P2T9pX2xcOfXPq7NQXWzn41+afDvyu8dvG14tX8kF+mCOTjhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4Nbr7z7rX5bndhaR8W0njCA94Z2zRIRf+V1v7Y909qYWqrI+r3Sbbo3ppEzO0k+yJ1ae7BXFMZ03Rh+Eo7aQzjSXJtn/zAHbAbTi1ff+vUzXfe/cri9fk3Ft5YuHH67JnXznS+Onf71JXF7sJs/++kowR2w9rbgElHAgAAAAAAAAAAAGzXXvzzhjHTFr0J7CsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwyXT+9Rzspcjc7MnZsr5yt9Mtl0F5bctmkkaS4gdJ8XFyLv0l0yPDFQ+a59V7H/3q5fc/7KyN1Rxs39jQ7w//Xl3d4V706iUzSQ7U64eb2tZ4l0bG6+0wsL5iuIdlwo4PEgeT9v8AAAD//x5LB84=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
read$FUSE(r2, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r6=>0x0})
sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x1c, r1, 0x305, 0x0, 0x0, {0x7}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r6}]}, 0x1c}}, 0x20000000)

10.510345982s ago: executing program 1 (id=1595):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15)
syz_clone(0x20000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

10.382451531s ago: executing program 6 (id=1596):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f0000000340)={0x80, 0x40000094, 0x0, 0x0})
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r4, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0)
preadv(r4, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000003c0)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x8001)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0006"], 0x1c}}, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

9.77934302s ago: executing program 5 (id=1598):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000}, 0x43)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000540)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB='\a'], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r2, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r0}, 0x20)
sendmmsg$inet6(r0, &(0x7f0000002440)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000600)="e2", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000480)}}], 0x56, 0x10)

8.657235317s ago: executing program 5 (id=1600):
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x800, &(0x7f00000006c0)={[{@iocharset={'iocharset', 0x3d, 'maccroatian'}}, {@umask={'umask', 0x3d, 0x6}}, {@namecase}, {}, {@fmask={'fmask', 0x3d, 0x8}}, {@discard}, {@fmask={'fmask', 0x3d, 0x7}}, {@gid}, {@errors_continue}, {@allow_utime={'allow_utime', 0x3d, 0xce38}}]}, 0x1, 0x1528, &(0x7f00000037c0)="$eJzs3AuYT9X6OPD3XWvtMSS+TXIZ1lrv5ptclkmSXJLkkiRJkuSWkDTJkYTEEJI0JCG5DEkMIblMTBr3+/2SkCRNkoTklqz/M+FxOnX+p/M7/XKe37yf59mP9X73ftd+9/f9XvbeZubbrkNrNaldvRERwX8EL/yTBACxADAQAPICQAAA5ePKx2Wtzykx6T/bCftzPZh6pStgVxL3P3vj/mdv3P/sjfufvXH/szfuf/bG/c/euP+MZWebphW6hpfsu/D9/+yMv///D8ksM/bLNWWu6wYQ80dTuP/ZG/f//6zgj2zE/c/euP/ZVeyVLoD9F+D3f3aQ45+u4f5nb9x/xrKzK33/+UovEPkvew6O5LzQmL/q+BljjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMsb/AaX+ZAoBL4ytdF2OMMcYYY4wxxv48PseVroAxxhhjjDHGGGP/+xAESFAQQAzkgFjICblAAMDVkAfyQgSugTi4FvLBdZAfCkBBKATxUBiKgAYDFghCKArFIArXQ3G4AUpASSgFpcFBGUiAG6Es3ATl4GYoD7dABbgVKkIlqAxV4DaoCrdDNbgDqsOdUANqQi2oDXdBHbgb6sI9UA/uhfpwHzSA+6EhPACN4EFoDA9BE3gYmsIj0AyaQwtoCa3+R/nPQ094AXpBb0iCPtAXXoR+0B8GwEswEF6GQfAKDIZXIRmGwFB4DYbB6zAc3oARMBJGwZswGt6CMTAWxsF4SIEJMBHehknwDkyGd2EKTIVUmAbT4T2YATNhFrwPs+EDmANzYR7MhzT4EBbAQkiHj2ARfAwZsBiWwFJYBsthBayEVbAa1sBaWAfrYQNshE2wGbbAVtgG22EHfAI74VPYBbthD3wGe+HzfzP/1D/kd0NAQIECFSqMwRiMxVjMhbkwN+bGPJgHIxjBOIzDfJgP82N+LIgFMR7jsQgWQYMGCQmLYlGMYhSLY3EsgSWwFJZChw4TMAHL4k1YDstheSyPFbACVsRKWAmrYBWsilWxGlbD6lgda2ANrIW18C68C/tgXayL9bAe1sf6l25PYSNshI2xMTbBJtgUm2IzbIYtsAW2wlbYGltjG2yD7bAdtsf22AE7YCImYkfsiJ2wE3bGztgFu2BX7IrdsDt2z3w+B+AL+AL2xhqiD/bFvtgPk3MMwJfwJXwZB+Er+Aq+isk4BIfia/gavo7D8SSOwJE4CkdhVfEWjsGxSGI8pmAKTsSJOAknYVah7+JUTMVpOB2n4wyciTPxfZyNH+AHOBfn4nxMwzRcgAsxHdNxEZ7CDFyMS3ApLsPluAxX4ipciWtwLa7B9bgeN+JG3IybcStuxe24HT9BBYCf4m7cjcm4F/fiPtyH+3E/HsADmImZeBAP4iE8hIfxMB7BI3gUj+FxPIYn8ASexFN4Gk/jWTyL5/DZ+K8bf1JydTKILEooESNiRKyIFblELpFb5BZ5RB4RERERJ+JEPpFP5Bf5RUFRUMSLeFFEFBFGGEEijAEAERVRUVwUFyVECVFKlBJOOJEgEkRZUVaUE+VEeXGLqCBuFRVFJdHWVRFVRFXRzlUTd4jqorqoIWqKWqK2qC3qiDqirqgr6ol6or6oLxqI+0VD0QcH4IMiqzNNxBBsKoZiM9FcyIufYK3FcGwj2op24nExEkdgB9HaJYqnREcxBjuJv4mx+IzoIsZjV/Gc6Ca6ix7iedFTtHG9RG8xGfuIvmIq9hP9xQDxkpiBNcX7ODtnLfGqSBZDxFDxmpiPr4vh4g0xQowUo8SbYrR4S4wRY8U4MV6kiAlionhbTBLviMniXTFFTBWpYpqYLt4TM8RMMUu8L2aLD8QcMVfME/NFmvhQLBALRbr4SCwSH4sMsVgsEUvFMrFcrBArxSqxWqwRa8U6sV5sEBvFJrFZbBFbxTaxXewQn4id4lOxS+wWe8RnYq/4XOwTX4j94ktxQHwlMsXX4qD4RhwS34rD4jtxRHwvjopj4rj4QZwQP4qT4pQ4Lc6Is+IncU78LM4LL0CiFFJKJQMZI3PIWJlT5pJXydwyuPjsXiPj5LUyn7xO5pcFZEFZSMbLwrKI1NJIK0mGsqgsJqPyellc3iBLyJKylCwtnSwjE+SNsqy8SZaTN8vy8hZZQd4qK8pKsrKsIm+TVeXtEiIX9lFD1pS1ZG15l0yCu2VdeY+sJ++V9eV9soG8XzaUD8hG8kHZWD4km8iHZVP5iGwmm8sWsqVsJR+VreVjso1sK9vJx2V7+YTsIJ+UifIp2VH6iy+RZ2QX+azsKp+T3WR32UP+LM9LL3vJ3hL6gOwrX5T9ZH85IBYA5MtykHxFDpavymQ5RA6Vr8lh8nU5XL4hR8iRcpR8U46Wb8kxcqwcJ8fLFDlBTpRvy0nyHTlZviunyKkyVU6TA+TAX2aaJeW/zH/7d/IH/7L3jXKT3Cy3yK1ym9wud8hP5E65U+6Su+QeuUfulXvlPrlP7pf75QF5QGbKTHlQHpSH5CF5WB6WR+QReVQek2fkD/KE/FGelKfkKXlGnpVn5bmLzwEoVEJJpVSgYlQOFatyqlzqKpVbXa3yqLwqoq5RcepalU9dp/KrAqqgKqTiVWFVRGlllFWkQlVUFVNRdT1efMGoUqq0cqqMSlA3/jv5qri6QZVQJX+Vf6m+pH9SXyvVSrVWrVUb1Ua1U+1Ue9VedVAdVKJKVB1VR9VJdVKdVWfVRXVRXVVX1U11Uz1UD9VT9VS9VC+VpJJUX/Wi6qf6qwHqJTVQvawGqUFqsBqsklWyGqqGqmFqmBquhqsRaoQapUap0Wq0GqPGqHFqnEpRKWqimqgmqUlqspqspqgpKlWlqulqupqhZqhZapaarWarOWqOmqfmqTSVphaoBSpdpatFapHKUIvVYrVULVXL1XK1Uq1Uq9VqtVatVevVepWhNqlNaovaorapbWqH2qF2qp1ql9ql9qg9aq/aq/apfWq/2q8OqAMqU2Wqg+qgOqQOqcPqsDqijqij6qg6ro6rE+qEOqlOqtPqtDqrzqpz6pw6r85nnfYFIhCBClQQE8QEsUFskCvIFeQOcgd5gjxBJIgEcUFckC+4LsgfFAgKBoWC+KBwUCTQgQlsIC42PRpcHxQPbghKBCWDUkHpwAVlgoTgxqBscFNQLrg5KB/cElQIbg0qBpWCykGV4LaganB7UC24I6ge3BnUCGoGtYLawV1BneDuoG5wT1AvuDeoH9wXNAjuDxoGDwSNggeDxsFDQZPg4aBp8EjQLGgetAhaBq3+1Pm9P1ngMddL99ZJuo/uq1/U/XR/PUC/pAfql/Ug/YoerF/VyXqIHqpf08P063q4fkOP0CP1KP2mHq3f0mP0WD1Oj9cpeoKeqN/Wk/Q7erJ+V0/RU3Wqnqan6/f0DD1Tz9Lv69n6Az1Hz9Xz9Hydpj/UC/RCna4/0ov0xzpDL9ZL9FK9TC/XK/RKvUqv1mv0Wr1Or9cb9Ea9SW/WW/RWvU1v1zv0J3qn/lTv0rv1Hv2Z3qs/1/v0F3q//lIf0F/pTP21Pqi/0Yf0t/qw/k4f0d/ro/qYPq5/0Cf0j/qkPqVP6zP6rP5Jn9M/6/PaZ53cZ329G2WUiTExJtbEmlwml8ltcps8Jo+JmIiJM3Emn8ln8pv8pqApaOJNvCliipgsZMgUNUVN1ERNcVPclDAlTClTyjjjTIJJMGVNWVPOlDPlTXlTwVQwFU1FU9lUNreZ28zt5nZzh7nD3GnuNDVNTVPb1DZ1TB1T19Q19Uw9U9/UNw1MA9PQNDSNTCPT2DQ2TUwT09Q0Nc1MM9PCtDCtTCvT2rQ2bUwb0860M+1Ne9PBdDCJJtF0NB1NJ9PJdDadTRfTxXQ1XU030830MD1MT9PT9DK9TJJJMn1NX9PP9DMDzAAz0Aw0g8wgM9gMNskm2Qw1Q80wM8wMN8PNCDPSjMo6UTVvmTFmrBlnxpsUk2ImmolmkplkJpvJZoqZYlJNqpluppsZZoaZZWaZ2Wa2mWPmmHlmnkkzaWaBWWDSTbpZZBaZDJNhlpglZplZZlaYFWaVWWXWmDVmHawzG8wGs8lsMlvMFrPNbDM7zA6z0+w0u8wus8fsMXvNXrPP7DP7zX5zwBwwmSbTHDQHzSFzyBw2h80Rc8QcNUfNcXPcnDAnzElz0pw2p81ZU+Di96U3sTanzWWvsrnt1TaPzWv/MS5oC9l4W9gWsdrmtwV+FRtrbQlb0paypa2zZWyCvfE3cUVbyVa2Vexttqq93Vb7TVzH3m3r2ntsPXuvrW3v+lVc395nG9iHbUNEANvcNrYtbRP7sG1qH7HNbHPbwra07e0TtoN90ibap2xH+/Rv4gV2oV1lV9s1dq3dZXfb0/aMPWS/tWftT7aX7W0H2pftIPuKHWxftcl2yG/iUfZNO9q+ZcfYsXacHf+beIqdalPtNDvdvmdn2Jm/idPsh3a2Tbdz7Fw7z87/Jc6qKd1+ZBfZj22GDWCJXWqX2eV2hV15qVaf1663G+xGu9N+arfYrXab3W53XDoRtrvtHvuZ3Ws/twftN3a//dIesIdtpv36lzjr+A7b7+wR+709ao/Z4/YHe8L+qC5lZx37D/Zne956C4QEJElRQDGUg2IpJ+Wiqyg3XU15KC9F6BqKo2spH11H+akAFaRCFE+FqQhpMmSJKKSiVIyidD1dKq8UlSZHZSiBbqSydBOVo5upPN1CFehWqkiVqDJVoduoKt1O1egOqk53Ug2qSbWoNt1Fdehuqkv3UD26l+rTfdSA7qeG9AA1ogepMT1ETehhakqPUDNqTi2oJbWiR6k1PUZtqC21o8epPT1BHehJSqSnqCM9TZ3ob9SZnqEu9Cx1peeoG3WnHvQ89aQXqBf1piTqQ33pRepH/WkAvUQD6WUaRK/QYHqVkmkIDaXXaBi9TsPpDRpBI2kUvUmj6S0aQ2NpHI2nFJpAE+ltmkTv0GR6l6bQVEqlaTSd3qMZNJNm0fs0mz6gOTSX5tF8SqMPaQEtpHT6iBbRx5RBi2kJLaVltJxW0EpaRatpDa2ldbSeNtBG2kSbaQttpW20nXbQJ7STPqVdtJv20Ge0lz6nffQF7acv6QB9RZn0NR2kb+gQfUuH6Tvfm76no3SMjtMPdIJ+pJN0ik7TGTpLP9E5+pnOkycIMRShDFUYhDFhjjA2zBnmCq8Kc4dXh3nCvGEkvCaMC68N84XXhfnDAmHBsFAYHxYOi4Q6NKENKQzDomGxMBpeHxYPbwhLhCXDUmHp0IVlwoTwxrBseFNYLrw5LB/eElYIbw0rhpXCh++tEt4WVg1vD6uFd4TVwzvDGmHNsFZYO7wrrBPeHdYN7wnrhfeG5cL7wgbh/WHD8IGwUfhg2Dh8KGwSPhw2DR8Jm4XNwxZhy7BV+GjYOnwsbBO2DduFj4ftwyfCDuGTYWL4VNgxfPqX9fct/Ofrk8I+Yd/wxfDF0Pt75Lzo/Gha9MPogujCaHr0o+ii6MfRjOji6JLo0uiy6PLoiujK6Kro6uia6Nrouuj66Iboxqj3tXOAQyecdMoFLsblcLEup8vlrnK53dUuj8vrIu4aF+eudfncdS6/K+AKukIu3hV2RZx2xllHLnRFXTEXdde74u4GV8KVdKVcaedcGZfgWrpWrpVr7R5zbVxb18497h53T7gn3JPuSfeU6+iedp3c31xn94zr4p51z7rnXDfX3fVwz7uebkKeC+/JJNfX9XX9XD83wA1wA91AN8gNcoPdYJfskt1QN9QNc8PccDfcjXAj3Cg3yo12o90YN8aNc+NciktxE91EN8lNcpPdZDfFTXGpLtVNd9PdDDfDVZ15YS9z3Bw3z81zaS7NLXBZ54zpbpFb5DJchlvilrhlbplb4Va4VW6VW+PWuHVundvgNrhNbpPb4ra4bW6b2+F2uJ1up9vl816Y1O11+9w+t9/tdwfcVy7Tfe0Oum/cIfetO+y+c0fc9+6oO+aOux/cCfejO+lOudPujDvrfnLn3M/uvPMuJTIhMjHydmRS5J3I5Mi7kSmRqZHUyLTI9Mh7kRmRmZFZkfcjsyMfROZE5kbmReZH0iIfRhZEFkbSIx9FFkU+jmREFkeWRJZGlkWWR7wvvCX0RX0xH/XX++L+Bl/Cl/SlfGnvfBmf4G/0Zf1Nvpy/2Zf3t/gK/lZf0Vfylf0jvplv7lv4lr6Vf9S39o/5Nr6tb+cf9+39E76Df9In+qd8R/+07+T/5jv7Z3wX/6zv6p/z3Xx338M/73v6F3wv39sn+T6+r3/R9/P9/QD/kh/oX/aD/Ct+sH/VJ/shfqh/zQ/zr/vh/g0/wo/0o2Le9KMvXSLDeJ/iJ/iJ/m0/yb/jJ/t3/RQ/1af6aX66f8/P8DP9LP++n+0/8HP8XD/Pz/dp/kO/wC/06f4jv8h/7DP84ks3lf0Kv9Kv8qv9Gr/Wr/Pr/Qa/0W/ym/0Wv9Vv89v9Dv+J3+k/9bv8br/Hf+b3+s/9Pv+F3++/9Af8Vz7Tf+0P+m/8If+tP+y/80f89/6oP+aP+x/8Cf+jP+lP+dP+jD/rf/Ln/M/+PP/OGmOMMcbYHzLh8lD8es2F2/l9fidH/N3GfQHg6q2FMv9+fdYZ5br8F8b9RXz7CAA81bvrg5eWGjWSkpIubpshISg2F+DS/wRliYHL8WJoB09AIrSFsr9bf3/R/Sz9i/mjtwDk+rucWLgcX57/CwBM+p35H3181IIK4em4/8/8cwFKFLuckxMux4uh3S/3V9pCuX9Sf4HW/6L+nF+mALT5u5zccDm+XH8CPAZPQ+KvtmSMMcYYY4wxxi7oLyp3vnT9eeknPn/v+jxeXc7JAZfjf3V9zhhjjDHGGGOMsSvvme49nnw0MbFt539/UO1/lPWHB03hf2tmHvzuwHuAS48oAPgPJwTIGsi/8ig2/yX7Sr741vnHVcvO+AD+O1r5Zwyu8AcTY4wxxhhj7E93+aT/14+rK1UQY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDGWDf0Vf07sSh8jY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxdqX9vwAAAP//kfb+pw==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bf"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
io_setup(0x987, &(0x7f00000001c0))
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb01001800000000000000340000003400000002000000000000000000000d0300000000000000000000010500200080000000000000000000000300000000030000"], 0x0, 0x4e}, 0x28)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90)
getdents64(r4, &(0x7f0000000f80)=""/4096, 0x1000)

8.152837148s ago: executing program 6 (id=1601):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socket(0x2c, 0x4, 0x0)
sched_setscheduler(r0, 0x1, &(0x7f0000000280)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, 0x0, 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180)='rpc_pipefs\x00', 0x0, 0x0)

8.119474737s ago: executing program 1 (id=1602):
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000040)=ANY=[@ANYRES16], 0x1000f)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="12000000020000000400000002"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r3}, &(0x7f0000000580)=0x2, &(0x7f00000005c0)=r0}, 0x20)
r4 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x8a73, 0x100, 0x22, 0x1b7}, &(0x7f0000000300)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000000)=0x103, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)=""/15, 0xf}], 0x1})
io_uring_enter(r4, 0x47ba, 0x3000000, 0x0, 0x0, 0x0)

6.955416213s ago: executing program 5 (id=1604):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b708000002001e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000d00)='sched_switch\x00', r4}, 0x10)
r5 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r5, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x27}}, 0x5}, 0x1c)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001440), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001500)={0x2c, r7, 0x1, 0x4000, 0x0, {}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}]}]}, 0x2c}}, 0x0)

6.362593121s ago: executing program 1 (id=1605):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15)
syz_clone(0x20000, 0x0, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

6.361322441s ago: executing program 2 (id=1606):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
r5 = syz_io_uring_setup(0x110, &(0x7f00000000c0)={0x0, 0x10, 0x0, 0x3, 0x80}, &(0x7f0000000180)=<r6=>0x0, &(0x7f0000000280)=<r7=>0x0)
io_uring_register$IORING_REGISTER_FILES(r5, 0x2, &(0x7f0000000300)=[r4], 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x1, 0x6000, @fd_index, 0x80000001, 0x0, 0x0, 0xf})
io_uring_enter(r5, 0x47f6, 0x0, 0x0, 0x0, 0x0)

6.343185208s ago: executing program 6 (id=1615):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
pipe(&(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
close(r5)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000480)={'wlan1\x00', <r10=>0x0})
r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r11, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32=r10, @ANYBLOB="08002600901500000800570080"], 0x2c}}, 0x80)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r12=>0x0})
sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16=r7, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r12, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c090000560333"], 0x398}}, 0x0)
write$binfmt_misc(r4, &(0x7f0000000000), 0xfffffecc)
splice(r3, 0x0, r5, 0x0, 0x4ffe6, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)

5.282775005s ago: executing program 5 (id=1607):
prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x85}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000480)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=@updpolicy={0x17c, 0x19, 0x1, 0x0, 0x0, {{@in6=@ipv4={'\x00', '\xff\xff', @empty}, @in=@dev={0xac, 0x14, 0x14, 0x42}, 0x0, 0x0, 0x0, 0x8000, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0xff}}, [@tmpl={0xc4, 0x5, [{{@in6=@mcast1, 0x4d2, 0x33}, 0xa, @in6=@empty, 0x3501, 0x1, 0x0, 0x3b, 0x83, 0x5, 0x7}, {{@in6=@local, 0x4d6, 0x3c}, 0xa, @in=@remote, 0x3502, 0x2, 0x0, 0x7, 0x7f, 0x0, 0x4}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4d3, 0x2b}, 0x0, @in=@private=0xa010100, 0x3502, 0x5, 0x0, 0xd1, 0xe, 0x47b, 0x3}]}]}, 0x17c}}, 0x4000)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r4 = syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x800, &(0x7f0000001880)={[{@allow_utime={'allow_utime', 0x3d, 0xc2}}, {@namecase}, {@errors_remount}, {@umask={'umask', 0x3d, 0x10}}, {@fmask={'fmask', 0x3d, 0x5}}, {@iocharset={'iocharset', 0x3d, 'iso8859-14'}}, {@gid}, {@umask={'umask', 0x3d, 0x3}}, {@discard}, {}, {@allow_utime={'allow_utime', 0x3d, 0x400002}}], [{@defcontext={'defcontext', 0x3d, 'user_u'}}, {@obj_user={'obj_user', 0x3d, 'iocharset'}}]}, 0x1, 0x152a, &(0x7f0000000340)="$eJzs3AuYjtXaOPD7Xms9Y0h6m+QwrLXuhzc5LJMkOSTJIUmSJMkpIWmSLQmJIaekIQnJYUgOQ0gOE5PG+ZDzKSFJmiQJySlZ/2vC327X/vbe3+7Lvvbcv+t6r1n3u557Pet57/ewnuedmW+7DK3ZuFa1hkQE/xa88CMJAGIBYCAAXAMAAQCUiysXl9WfU2LSv7cT9sd6KPVKz4BdSVz/7I3rn71x/bM3rn/2xvXP3rj+2RvXP3vj+jOWnW2aXvBavmXfG1//z8748/+/SGbpsV+uLX19V4CYfzaF65+9cf3/awX/zEZc/+yN659dxV7pCbD/APz6zw5y/N0ern/2xvVnLDv7c683y/+47xsg8uc+Bgqu/DH/6vgZY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjLE/wWl/mQKAS+0rPS/GGGOMMcYYY4z9cXyOKz0DxhhjjDHGGGOM/d9DECBBQQAxkANiISfkAgEAV0MeuAYicC3EwXWQF66HfJAfCkBBiIdCUBg0GLBAEEIRKApRuAGKwY1QHEpASSgFDkpDAtwEZeBmKAu3QDm4FcrDbVABKkIlqAy3QxW4A6rCnVAN7oLqUANqQi24G2rDPVAH7oW6cB/Ug/uhPjwADeBBaAgPQSN4GBrDI9AEHoWm0AyaQwto+b/KfwF6wIvQE3pBEvSGPvAS9IV+0B8GwEB4GQbBKzAYXoVkGAJD4TUYBq/DcHgDRsBIGAVvwmh4C8bAWBgH4yEFJsBEeBsmwTswGabAVJgGqTAdZsC7MBNmwWx4D+bA+zAX5sF8WABp8AEshEWQDh/CYvgIMmAJLIVlsBxWwEpYBathDayFj2EdrIcNsBE2wWbYAlthG2yHHfAJ7IRPYRfshj3wGeyFz//F/FN/k98VAQEFClSoMAZjMBZjMRfmwtyYG/NgHoxgBOMwDvNiXsyH+bAAFsB4jMfCWBgNGiQkLIJFMIpRLIbFsDgWx5JYEh06TMAELIM3Y1ksi+WwHJbH8lgBK2JFrIyVsQpWwapYFathNayO1bEm1sS78W7sjXWwDtbFulgP6126PIUNsSE2wkbYGBtjE2yCTbEpNsfm2BJbYitsha2xNbbFttgO22F7bI+JmIgdsAN2xI7YCTthZ+yMXbALdsVu2C3zhRyAL+KL2Auri97YB/tgX0zO0R8H4AB8GQfhK/gKvorJOASH4mv4Gr6Ow/EkjsCROApHYRXxFo7BsUhiPKZgCk7EiTgJJ+FknIJTcBqm4nScgTNwJs7CWfgezsH38X2ch/NwAaZhGi7ERZiO6bgYT2EGLsGluAyX4wpcjqtwNa7CtfgxrsX1uB434kbcjJtxK27F7bgdP0EFgJ/ibtyNybgX9+I+3If7cT8ewAOYiZl4EA/iITyEh/EwHsEjeBSP4XE8hifwBJ7EU3gaT+NZPIvn8Ln4rxt9UmJNMogsSigRI2JErIgVuUQukVvkFnlEHhEREREn4kRekVfkE/lEAVFAxIt4UVgUFkYYQSKMAQARFVFRTBQTxUVxUVKUFE44kSASRBlRRpQVZUU5casoL24TFURF0cZJUVlUEW1dVXGnqCaqieqihqgpaolaoraoLeqIOqKuqCvqiXqivnhANBC9sT8+JLIq01gMwSZiKDYVzYS8+A7WSgzH1qKNaCueECNxBLYXrVyieFp0EGOwo/iLGIvPis5iPHYRz4uuopvoLl4QPURr11P0EpOxt+gjpmFf0U/0FwPETKwh3sM5OWuKV0WyGCKGitfEAnxdDBdviBFipBgl3hSjxVtijBgrxonxIkVMEBPF22KSeEdMFlPEVDFNpIrpYoZ4V8wUs8Rs8Z6YI94Xc8U8MV8sEGniA7FQLBLp4kOxWHwkMsQSsVQsE8vFCrFSrBKrxRqxVnws1on1YoPYKDaJzWKL2Cq2ie1ih/hE7BSfil1it9gjPhN7xedin/hC7BdfigPiK5EpvhYHxTfikPhWHBbfiSPie3FUHBPHxQ/ihPhRnBSnxGlxRpwVP4lz4mdxXngBEqWQUioZyBiZQ8bKnDKXvErmlsHFR/daGSevk3nl9TKfzC8LyIIyXhaShaWWRlpJMpRFZFEZlTfIYvJGWVyWkCVlKelkaZkgb5Jl5M2yrLxFlpO3yvLyNllBVpSVZGV5u6wi75AQubCP6rKGrClrybtlEtwj68h7ZV15n6wn75f15QOygXxQNpQPyUbyYdlYPiKbyEdlU9lMNpctZEv5mGwlH5etZRvZVj4h28knZXv5lEyUT8sO0l98ijwrO8vnZBf5vOwqu8nu8md5XnrZU/aS0BtkH/mS7Cv7yf5ygBwoX5aD5CtysHxVJsshcqh8TQ6Tr8vh8g05Qo6Uo+SbcrR8S46RY+U4OV6myAlyonxbTpLvyMlyipwqp8lUOV32vzjSbCn/Yf7bv5M/+Je9b5Sb5Ga5RW6V2+R2uUN+InfKnXKX3CX3yD1yr9wr98l9cr/cLw/IAzJTZsqD8qA8JA/Jw/KwPCKPyKPymDwjf5An5I/ypDwlT8kz8qw8K89dfAxAoRJKKqUCFaNyqFiVU+VSV6nc6mqVR12jIupaFaeuU3nV9Sqfyq8KqIIqXhVShZVWRllFKlRFVFEVVTfgxSeMKqlKKadKqwR107+Sr4qpG1VxVeJX+Zfml/R35tdStVStVCvVWrVWbVVb1U61U+1Ve5WoElUH1UF1VB1VJ9VJdVadVRfVRXVVXVV31V31UD1UT9VTJakk1Ue9pPqqfqq/GqAGqpfVIDVIDVaDVbJKVkPVUDVMDVPD1XA1Qo1Qo9QoNVqNVmPUGDVOjVMpKkVNVBPVJDVJTVaT1VQ1VaWqVDVDzVAz1Uw1W81Wc9QcNVfNVfPVfJWm0tRCtVClq3S1WC1WGWqJWqKWqWVqhVqhVqlVao1ao7LWX+vVepWhNqlNaovaorapbWqH2qF2qp1ql9ql9qg9aq/aq/apfWq/2q8OqAMqU2Wqg+qgOqQOqcPqsDqijqij6qg6ro6rE+qEOqlOqtPqtDqrzqpz6pw6r85nLfsCEYhABSqICWKC2CA2yBXkCnIHuYM8QZ4gEkSCuCAuyBtcH+QL8gcFgoJBfFAoKBzowAQ2EBeLHg1uCIoFNwbFgxJByaBU4ILSQUJwU1AmuDkoG9wSlAtuDcoHtwUVgopBpaBycHtQJbgjqBrcGVQL7gqqBzWCmkGt4O6gdnBPUCe4N6gb3BfUC+4P6gcPBA2CB4OGwUNBo+DhoHHwSNAkeDRoGjQLmgctgpZ/6Pjen8z/uOupe+kk3Vv30S/pvrqf7q8H6IH6ZT1Iv6IH61d1sh6ih+rX9DD9uh6u39Aj9Eg9Sr+pR+u39Bg9Vo/T43WKnqAn6rf1JP2Onqyn6Kl6mk7V0/UM/a6eqWfp2fo9PUe/r+fqeXq+XqDT9Ad6oV6k0/WHerH+SGfoJXqpXqaX6xV6pV6lV+s1eq3+WK/T6/UGvVFv0pv1Fr1Vb9Pb9Q79id6pP9W79G69R3+m9+rP9T79hd6vv9QH9Fc6U3+tD+pv9CH9rT6sv9NH9Pf6qD6mj+sf9An9oz6pT+nT+ow+q3/S5/TP+rz2WYv7rI93o4wyMSbGxJpYk8vkMrlNbpPH5DEREzFxJs7kNXlNPpPPFDAFTLyJN4VNYZOFDJkipoiJmqgpZoqZ4qa4KWlKGmecSTAJpowpY8qasqacKWfKm/KmgqlgKplK5nZzu7nD3GHuNHeau8xdpoapYWqZWqa2qW3qmDqmrqlr6pl6pr6pbxqYBqahaWgamUamsWlsmpgmpqlpapqb5qalaWlamVamtWlt2pq2pp1pZ9qb9ibRJJoOpoPpaDqaTqaT6Ww6my6mi+lqupruprvpYXqYnqanSTJJpo/pY/qavqa/6W8GmoFmkBlkBpvBJtkkm6FmqBlmhpnhZrgZYUaaUVkLVfOWGWPGmnFmvEkxKWaimWgmmUlmsplsppqpJtWkmhlmhplpZprZZraZY+aYuWaumW/mmzSTZhaahSbdpJvFZrHJMBlmqVlqlpvlZqVZaVab1WatWWvWwTqzwWwwm8wms8VsMdvMNrPD7DA7zU6zy+wye8wes9fsNfvMPrPf7DcHzAGTaTLNQXPQHDKHzGFz2BwxR8xRc9QcN8fNCXPCnDQnzWlz2pw1+S9+XnoTa3PaXPYqm9tebfPYa+zfxgVsQRtvC9nCVtt8Nv+vYmOtLW5L2JK2lHW2tE2wN/0mrmAr2kq2sr3dVrF32Kq/iWvbe2wde6+ta++ztezdv4rr2fttffuIbYAIYJvZRraFbWwfsU3so7apbWab2xa2nX3StrdP2UT7tO1gn/lNvNAusqvtGrvWfmx32d32tD1jD9lv7Vn7k+1pe9mB9mU7yL5iB9tXbbId8pt4lH3TjrZv2TF2rB1nx/8mnmqn2VQ73c6w79qZdtZv4jT7gZ1j0+1cO8/Otwt+ibPmlG4/tIvtRzbDBrDULrPL7Qq70q76/3NdZtfbDXaj3Wk/tVvsVrvNbrc7Li2E7W67x35m99rP7UH7jd1vv7QH7GGbab/+Jc46vsP2O3vEfm+P2mP2uP3BnrA/qkvZWcf+g/3ZnrfeAiEBSVIUUAzloFjKSbnoKspNV1MeuoYidC3F0XWUl66nfJSfClBBiqdCVJg0GbJEFFIRKkpRuoEuTa8klSJHpSmBbqIydDOVpVuoHN1K5ek2qkAVqRJVptupCt1BVelOqkZ3UXWqQTWpFt1NtekeqkP3Ul26j+rR/VSfHqAG9CA1pIeoET1MjekRakKPUlNqRs2pBbWkx6gVPU6tqQ21pSeoHT1J7ekpSqSnqQM9Qx3pL9SJnqXO9Bx1oeepK3Wj7vQC9aAXqSf1oiTqTX3oJepL/ag/DaCB9DINoldoML1KyTSEhtJrNIxep+H0Bo2gkTSK3qTR9BaNobE0jsZTCk2gifQ2TaJ3aDJNoak0jVJpOs2gd2kmzaLZ9B7NofdpLs2j+bSA0ugDWkiLKJ0+pMX0EWXQElpKy2g5raCVtIpW0xpaSx/TOlpPG2gjbaLNtIW20jbaTjvoE9pJn9Iu2k176DPaS5/TPvqC9tOXdIC+okz6mg7SN3SIvqXD9J3vRd/TUTpGx+kHOkE/0kk6RafpDJ2ln+gc/UznyROEGIpQhioMwpgwRxgb5gxzhVeFucOrwzzhNWEkvDaMC68L84bXh/nC/GGBsGAYHxYKC4c6NKENKQzDImHRMBreEBYLbwyLhyXCkmGp0IWlw4TwprBMeHNYNrwlLBfeGpYPbwsrhBXDR+6rHN4eVgnvCKuGd4bVwrvC6mGNsGZYK7w7rB3eE9YJ7w3rhveFZcP7w/rhA2GD8MGwYfhQ2Ch8OGwcPhI2CR8Nm4bNwuZhi7Bl+FjYKnw8bB22CduGT4TtwifD9uFTYWL4dNghfOaX/vsX/f3+pLB32Cd8KXwp9P5eOT+6IJoW/SC6MLoomh79MLo4+lE0I7okujS6LLo8uiK6Mroqujq6Jro2+nF0XXR9dEN0Y9T7WjnAoRNOOuUCF+NyuFiX0+VyV7nc7mqXx13jIu5aF+euc3nd9S6fy+8KuIIu3hVyhZ12xllHLnRFXFEXdTe4Yu5GV9yVcCVdKedcaZfgWriWrqVr5R53rV0b19Y94Z5wT7on3VPuKfe06+CecR3dX1wn96zr7J5zz7nnXVfXzXV3L7gebkKeC6/JJNfH9XF9XV/X3/V3A91AN8gNcoPdYJfskt1QN9QNc8PccDfcjXAj3Cg3yo12o90YN8aNc+NciktxE91EN8lNcpPdZDfVTXWpLtXNcDPcTDfTVZl1YS9z3Vw33813aS7NLXRZa8Z0t9gtdhkuwy11S91yt9ytdCvdarfarXVr3Tq3zm1wG9wmt8ltcVvcNrfN7XA73E630+3y11wY1O11+9w+t9/tdwfcVy7Tfe0Oum/cIfetO+y+c0fc9+6oO+aOux/cCfejO+lOudPujDvrfnLn3M/uvPMuJTIhMjHydmRS5J3I5MiUyNTItEhqZHpkRuTdyMzIrMjsyHuROZH3I3Mj8yLzIwsiaZEPIgsjiyLpkQ8jiyMfRTIiSyJLI8siyyMrIt4X2hL6Ir6oj/obfDF/oy/uS/iSvpR3vrRP8Df5Mv5mX9bf4sv5W315f5uv4Cv6Sv5R39Q38819C9/SP+Zb+cd9a9/Gt/VP+Hb+Sd/eP+UT/dO+g3/Gd/R/8Z38s76zf8538c/7rr6b7+5f8D38i76n7+WTfG/fx7/k+/p+vr8f4Af6l/0g/4of7F/1yX6IH+pf88P86364f8OP8CP9qJg3/ehLp8gw3qf4CX6if9tP8u/4yX6Kn+qn+VQ/3c/w7/qZfpaf7d/zc/z7fq6f5+f7BT7Nf+AX+kU+3X/oF/uPfIZfcumisl/pV/nVfo1f6z/26/x6v8Fv9Jv8Zr/Fb/Xb/Ha/w3/id/pP/S6/2+/xn/m9/nO/z3/h9/sv/QH/lc/0X/uD/ht/yH/rD/vv/BH/vT/qj/nj/gd/wv/oT/pT/rQ/48/6n/w5/7M/z3+zxhhjjDH2T5lwuSl+3XPhcn7v38kRf7VxHwC4emvBzL/uz1pRrst3od1PxLeLAMDTvbo8dOlWvXpSUtLFbTMkBEXnAVz6JihLDFyOl0BbeBISoQ2U+d359xPdztI/GD96K0Cuv8qJhcvx5fG/AMCk3xn/sSdGLSwfno77H8afB1C86OWcnHA5XgJtf7m+0gbK/p3552/1D+af88sUgNZ/lZMbLseX558Aj8MzkPirLRljjDHGGGOMsQv6iUqdLp1/XvqNz987P49Xl3NywOX4H52fM8YYY4wxxhhj7Mp7tlv3px5LTGzT6V9vVP1fZf3TjSbwfzUyN3634T3ApXsUAPybAwJkNeSfeRSb/5R9JV986fxt1/IzPoD/jFL+EY0r/MbEGGOMMcYY+8NdXvT/+n51pSbEGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4xlQ3/GvxO70sfIGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMXWn/LwAA//9+qv+4")
r5 = accept4(r1, &(0x7f0000000040)=@l2={0x1f, 0x0, @fixed}, &(0x7f0000000180)=0x80, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r4)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r5, &(0x7f0000001a40)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000001a00)={&(0x7f00000019c0)={0x24, r6, 0x1, 0x70bd27, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x8848}]}, 0x24}, 0x1, 0x0, 0x0, 0x24040045}, 0x0)
mount$nfs(&(0x7f00000000c0)='\xb2\x83\x87J9I\xc3i\xe4\x81\xc5:\xccLD\x9d\xd8\xc7\x90v\x8b\x00\x00\x01\x00\x00\x00\x00\x00h#\xfacl\x01\x8cC\x1f|\xa5\xcb\x8f\xe5WJ\x00>\xf2\xd6\t\xf4I\xc5\xcb\x15A\xb5\xbbG\x9e\xea\xc4\x03\xf2\xf5\xf4\xa1\x9c\xe0Q<=\xb1\x9b,vjn\x8b[0\xd9\xcb\xf8\x1a\xdf\x9e\x89\x91H\xf4\x11p\xd2\x96\x82\xd9)6\xcdm\x88\x91\x1dv\xff\xb3\xad\x8b\x82\xcdR\x98\x80k1\xce}\x90\xe8e\xdb\xb1HL\x1d%\xc4\x1atCt\xb4\x00\xb29E\x87-\xd1\xcd\xf3w\"\v\xf3`\x06x\xb4TQ\x8dB\a\xe4\xe2\xf8\xd6%C\xf9\xd6~\xf80\xfcE\xa0\x80\x0e\"\xb0\a\x88\xbc\x7fbn\x02\xeb\x9b\x04\x1d\t', &(0x7f0000000000)='./file0\x00', 0x0, 0x123b058, 0x0)

5.101881438s ago: executing program 2 (id=1608):
bind$rxrpc(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000b00)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f00000005c0)=ANY=[@ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
r4 = add_key(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)
r5 = add_key$keyring(&(0x7f0000000340), 0x0, 0x0, 0x0, r4)
add_key(&(0x7f0000000540)='keyring\x00', &(0x7f0000000ac0)={'syz', 0x0}, 0x0, 0x0, r5)
prctl$PR_SET_SECCOMP(0x4e, 0x1, 0x0)

4.029304838s ago: executing program 3 (id=1609):
execveat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0xc02, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84242, 0x0)
r3 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000001ac0)={r2, 0x4000, {0x0, 0x0, 0x0, 0x2ead, 0x7fff, 0x0, 0x0, 0x0, 0x4, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174ff10000000000000010e200"}})
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50)
socket$inet(0x2, 0x2, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$sock_ifreq(r4, 0x89b0, &(0x7f0000000240)={'ip_vti0\x00', @ifru_ivalue=0xfffffff2})
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mknod$loop(0x0, 0x208c, 0x0)

3.448420965s ago: executing program 5 (id=1610):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/96, 0x128000, 0x800}, 0x20)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000000)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000006580)={&(0x7f0000006540)='contention_begin\x00', r2, 0x0, 0x4000000}, 0x18)
setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000140)=0x20, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000080)={'batadv_slave_0\x00', <r3=>0x0})
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f00000003c0)=0x40, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000100)=0x20, 0x4)
bind$xdp(r0, &(0x7f00000002c0)={0x2c, 0x0, r3}, 0x10)
setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000540)=0x5000, 0x4)
r4 = socket$netlink(0x10, 0x3, 0xb)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000ff0000000000000a58000000060a0b040000000000000000020000002c0004802800018007000100637400001c000280050003001b000000080002400000001108000440000000040900010073797a30000000000900020073797a32"], 0x80}}, 0x0)
bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2fffffffd}, 0xc)
syz_mount_image$jfs(&(0x7f0000000400), &(0x7f0000000180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2010002, &(0x7f0000000300)=ANY=[], 0x1, 0x6055, &(0x7f0000000440)="$eJzs3c1vHGcdB/Dfvnj9UtpGFapC1EOaQmkpzXsC5a0pBw5wAAnlTCLXrQIpoCQgWkXEVQ6IC/AnwKUXDv1H+jegXpGIlHDqgTJo7OdxxuO11yHxzq6fz0fazPzm2dl9Jl+PZ9c7s08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPHDH/z0TC8irvw2LTgS8YUYRPQjluv6eNQzl/L9hxFxNDaa4/mIGCxG1Otv/PNsxPmI+OSZiPsPbq/Wi8/usx8XTt+68fmPvv+PP/z57tGfv/2zj9rtP/niuY//eCfiyI/f+PjzO09m2wEAAKAUVVVVvfQ2/1h6f9/vulMAwFTk43+V5OVqtVqtfqL1n/qz1R91oXVTNd6dZhER68116tcMPo4HgDmzHp913QU6JP+iDSPiqa47Acy0Xtcd4EDcf3B7tZfy7TWPB8c32/PfKbflv97bur5jt+kk7XNMpvXzdTcG8dwu/VmeUh9mSc6/387/ymb7KN3voPOflt3yH21e+lScnP+gnX/Ltvz/EhFzm39/bP6lyvkPHyX/9cEc7//yBwAAAADg8Mt//z/S8ee/i4+/Kfuy1+e/x6fUBwAAAAAAAAB40h53/L8txv8DAACAmVW/V6/99ZmHy3b7LrZ6+eVexNOt+wOFSRfLrHTdDwAAAAAAAAAAAAAoyXDzHN7LvYiFiHh6ZaWqqvrW1K4f1eOuP+9K334oWde/5AEAYNMnz7Su5e9FLEXE5VQurKysVNXS8kq1Ui0v5tezo8WlarnxvjZP62WLo328IB6OqvrBlhrrNU16vzypvf149XONqsE+OjYdHYUNAMnm0ei+I9IhU1XPRtevcpgP9v/Dx/7PfnT9cwoAAAAcvKqqql76Ou9jaXy/ftedAgCmYSkf/9ufC6jntP70hdnqj1qtVqtnqm6qxrvTLCJivblO/ZrBcPwAMGfW47Ouu0CH5F+0YUQc7boTwEzrdd0BDsT9B7dXeynfXvN4kMZ3z+eCbMt/vbexXl5/3HSS9jkm0/r5uhuDeG6X/jw/pT7Mkpx/v53/lc32UbrfQec/LbvlX2/nkQ7607Wc/6Cdf8vhyb8/Nv9S5fyHj5T/QP4AAAAAADDD8t//j/j8N28yAAAAAAAAAMyd+w9ur+brXvPn/y+MuV+vOef6z0Mj59/bd/6u/z1Mcv79dv6tE3IGjfl7bz3M/98Pbq9+dOtfX8rTmc9/YTCqn3uh1x8M0zk/1cI7cS2ux1qc3nH/YQwa7Wd2tC9sW//shPZzO9pHdftybj8Zq/GruB5vb7UvTjgxamlCezWhPec/sP8XKec/bNzq/FdSe681rd37sL9jv29Oxz3Ppb//5+Wde9f03Y3B1rY11dt3ooP+bPyfPDWK39xcu3Hyd1dv3bpxJtJk29KzkSZPWM5/Id1y/q+8tNmef+8399d7H44eOf9ZcTeGu+b/UmO+3t5Xp9y3LuT8R+mW889HoPH7/zznv/v+/1oH/QEAAAAAAAAAAAAAAIC9VFW1cYnopYi4mK7/6eraTABguvLxv0rycrVarVar1YevbqrGe7NZxNL2derXDL8f92AAwCz7b0R8umPpPzvpC9M3Pn+KkL/vr55+uevOAFN18/0PfnH1+vW1Gze77gkAAAAAAAAA8P/K438eb4z/vHEeUGvc6G3jv74Vx+d2/M/+aLAx1nnaoBdj7/G/T2xr3zn+93DC8y3s1Tia3N/FCe1LE9rHXujRkPN/MWWc8z+WNqyk8V9f6aA/Xcv5n0hjPef8v9q6XzP/6m/znH9/W/6nbr3361M33//g9WvvXX137d21X545ffH8uQvnz124cOqda9fXTm/+O/7B9ty550POP4997TzQsuT8c+byL0vO/yupln9Zcv4vp1r+Zcn559d78i9Lzj+/95F/WXL+r6Za/mXJ+X8t1fIvS87/tVTLvyw5/6+nWv5lyfm/nmr5lyXnfzLV8i9Lzv9UquVflpx//oRL/mXJ+eczG+Rflpz/2VTLvyw5/3Opln9Zcv7nUy3/suT8L6Ra/mXJ+V9MtfzLkvP/RqrlX5ac/zdTLf+y5PzfSLX8y5Lz/1aq5V+WnP+3Uy3/suT8v5Nq+Zcl5//dVG/lP+i2X0xHzv97qbb/lyXn/2aq5V+Wh9//b8aMGTN5puvfTAAAAAAAAAAAAABA2zROJ+56GwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP+xAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhR04EAAAAAAA8n9thKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqirs3V2MXOV9P/BnX702JPgfCCHEAdsY4oSF3fUbOMSJ8/qnpE0pCWnTJjWOvTZO/FavnQBCZSm0JQpSkdoLetE0idIoUluBokhNJYqQGqm9K1dJUaWolbiwVKgclERKBWw1c57n2ZnZ2Zlde9eeOefzQfjnnTkz88yZM7P7Xes7AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQKNNH53+04EQQu3/+h/rQ7i89ve1YW/ty9ldl3qFAAAAwIV6o/7n312RT9i7hAs1bPMv1/3bD+bm5ubCF187++afz83lMzaGMLQmhPp5yb/+6hdzjdtEj4WxgcGGrwe73PxQl/OHu5w/0uX80S7nr+ly/liX8xfsgAXWFr+PqV/Zlvpf1xe7NFwVRurnbWlzqccG1gwOpt/l1A3ULzM3cigcCUfDdJhccJmB+n8hPLepdlt3hnRbgw23tSGEcO5nDx9IaxiI+3hLaLqxusbH7tUPh42v/ezhA989/co7282uu2HBSkPYurm2zsdDmP91VRgIa/I+SescbFjnhjbrHGpa50D9crW/t67z3BLXme73WFznix3WuSGe9sANIYTZsOg2rR4Lg2Fdy63m/T1WHBG166g9lG8Lw8s6TjYt4TipXeblG5qPk9ZjMu3/TXGfDC+yhsaH49VHRxfs9/M6TtYW19wLx2rtuu+u3ejYWOOvVpuO1do2D9+4+DHQ9rFrcwzkY7nhGNjc7RgYHB2qHwOD82ve3HQMTC24zGAYqN/W2Rs7HwMTp4+dnJh58KFbjhzbf3j68PTxqcldO7bv3LF9586JQ0eOTk8Wfy5vl/aRdWEwH4Ob42tNOgbf07Jt4yE5960Veh7E16FeeB7U7vtnbqot6PLBsMgxXtvm8a0X/jzI3/cbngfDDc+Dtq+pbZ4Hw0t4HtS2Obd1ad8zhxv+b7eGVXktrK9poCe+H9Zu8/PvXfy1cENc1xPvW+73w6EFx0C6WwPxuVc7Jf+8N3Z73C8Lj4tra2dcNhrOzEyfuvWB/adPn5oKcVwUVzY8Vq3Hy7qG+xQWHC+Dyz5e9v7t6zdd2+b09XFfjd3c+bGqbbNjvPNjVX91b96fo6HYn02nbgtxrLCLvT/bfTer7c+cJTrsz9o2j99y4T8L5lzS8Po30u31b2hkuHj9G8p7Y6Tp9W/hQzNUX1kI525Z2uvfSPz/Yr/+XdUjr3+1ffX5WzsfA7VtnphY7jEw3PH174Y4B+J63hsTw1hD7n+zfv5scZg2PJZdj5vh4ZF43AynW2w+brYvuEzt2mq3vXXy/I6brTc0P1ZNP7eU8Lip7au/mOx83NS2eWHqwl871qa/Nrx2jHY7BkaGRmvrHckHQfF6N7c2HQO3hgPhRDgaDubL1B7l2m2Nb1vaMTAa/7/Yrx3X9MgxUNtXT2/rfAzUtvnR9pX92WlrPCVv0/CzU+vvFxbL/NcOz19f625bycdqOK7zYz/+VD6tXYaobfPKjuXmjM776eZ4ymVt9lPr82exY/pguDj76Zq4zqM7O/9uqrbNVbuWeDztDSG8NPVS/fdd8fe73z/z4x80/d633e+UX5p66a6Je36ynPUDAHD+3qz/OTta/KzZ8C/WS/n3fwAAAKAvpNw/GGcm/wMAAEBppNw/FGcm/wMAAEBppNw/HGdWkfx//+27n3njkZDfDXAuSuen3XD3B4vtUsd7Nn69cW5e7fSPfGfkma89srTbHgwhvH7Xu9puf/8H07oKJ9M63998+gLXXL+k27/v3vntGt8/4dzu4vrT/VnqYZC6ys9NbKtf78YHp+rzhbtCfd4z+8RjxfUXX6ftz24vtv+r+KYlew8NNF1+a1zPljg3xveUuXvv/H6ozXS5ZzZc989Xfnb+9tLlBja/tX43n/7D4nrTe0Q9dWWxfbrfi63/n77+vWdq2z9wY/v1PzLYfv1n4/W+HOev9hTbN+7zrzWs/4/j+tPtpcvd+u3n267/2XcU2z8bj4tvxtm6/g//2bvfaPd4pdvZe0dxuXT7k7/cUb9cur50/a3rH3tkqml/tF7/C68V17PnKz8fatw+nZ5uJ7nvjubjeyA+vk098hDC9/4kNO3n8IHicv/Ysv50fSfvaL/+m1vWeXLg+vrl5+/P+qb79Y2/2db2/qb17P379U3356mPx/332sSPatd79p54PMbz//fF4vpa38v02Y83v96k7b+5vnjepuubaFn/Uy3rn72+tu+6r//O14r1P/uhNU3r3/uJeDzdWcxu6z/811c0Xf5b3y0ej1NfHT9+YubMkYMNe7XxebxmbO26yy5/y1uviK+lrV/vO3H6/ulTGyc3ToawsQ/fMnC11//tOP+nGLMrfwuFn/y8OO6e/GTxfes9vyi+fiqefl98PNP3x2/85UjT8dr6uM9+qJgXuv73xXU8v8Tt3/H1/7p+SRue/cJzZ/7hj15p/bkg3Z+Tbx+r37+nN11dP2/gheL81terbv7z7c3P658OT9bnD+N+nYvvzLz56uL2Wq8/vTfJk58unr/pJ7l0+dDyfiLrh5rvx4Wu/6fx55jnr2l+/UvHxw8faXk35/VhoLaE2fj6EGaL89NWaX8/ee7qtreX3ocnzL5zOctc1MyDMxNHjxw/88DE6emZ0xMzDz6079iJM8dP76u/d+m+L3W7/Pzze139+X1weteOUH+2nyjGKquv/y2Xbv0n7z1w8LbJmw5OH9p/5tDpe09Onzp8YGbmwPTBmZv2Hzo0/dVulz9ycM/Utt3bb9s2fvjIwT237969fff4keMnassoFtXFrskvjx8/ta9+kZk9O3ZP7dy5Y3L82ImD03tum5wcP9Pt8vXvTeO1S39l/NT00f2njxybHp858tD0nqndu3Zt6/ruj8dOHprZOHHqzPGJMzPTpyaK+7LxdP3k2ve+bpenGmZOxNe7FgPxp/PP3bwrvz9uzXceXfSqik2afzwNr8b3gkrf37p9nXL/SJxZRfI/AAAAVEHK/fGN/+fPkP8BAACgNFLuXxNnJv8DAABAaaTcXyT/sfzx71XJ/yvV/39U/79O/1//P+j/Z/r/+v9B//+i9f+XSv+/+X7o/5eg/38J16//r/9Pd73W/4+5P6wNwb//AwAAQEml3L8uzkz+BwAAgNJIuf+yODP5HwAAAEoj5f7L48wqkv99/r/+v/5/p/5/2nbh+gcb1q//r/8fLk7/f8t/6/8voP+v/x/0/8/bpe7P9/v6e7D/v1b/n17Ta/3/lPvfEmdWkfwPAAAAVZBy/1vjzOR/AAAAKI2U+6+IM5P/AQAAoDRS7l8fZ1aR/K//r//frf//+tzcXHX7/z7/v5H+/yXv//v8/zb0//X/g/7/ebvU/fl+X38P9v99/j89p9f6/yn3/784s4rkfwAAAKiClPvfFmcm/wMAAEBppNx/ZZyZ/A8AAAClkXL/VXFmS8//gyu/qounmv3/l0MI+v/B5//r/7esU///kvf/h4L+/7Lp/+v/B/3/83ap+/P9vn79f/1/uuu1/n/K/W+PM/Pv/wAAAFAaKfdfHWcm/wMAAEBppNz/jjgz+R8AAABKI+X+a+LMKpL/q9n/9/n/+v8F/f/mddb7/6ONt6T/n/r/6TSf/79Ea+f/qv+v/9+J/r/+fz+vvwT9/wH9f1Zbr/X/U+5/Z5xZRfI/AAAAVEHK/dfGmcn/AAAAUBop978rzkz+BwAAgNJIuX9DnFnf5//BJW2l/6//r/+v/+/z/3vm8//L0/9v0F/9/8W/d+r/F/T/m61c/392fgH6/32z/hL0/33+P6uu1/r/Kfe/O86s7/M/AAAAkKTcf12cmfwPAAAApZFy//VxZvI/AAAAlEbK/RvjzCqS//X/9f/1//X/9f/1/1dTf/X/F6f/X9D/b+bz//X/9f/1/+ms1/r/KfdvijOrSP4HAACAKki5f3OcmfwPAAAApZFy/w1xZvI/AAAAlEbK/VvizCqS//X/9f/1//X/m/r/1zXekv6//v+F0//X/+9E/1//v5/Xr/+v/093vdb/T7n/xjiziuR/AAAAqIKU+2+KM5P/AQAAoDRS7n9PnJn8DwAAAKWRcv/WOLOK5P8l9/8HQgj6/4vS/2+/fv3/Ve7/D/n8/6D/3/P0//X/O9H/1//v5/Xr/+v/012v9f9T7n9vnFlF8j8AAABUQcr974szk/8BAACgNFLuvznOTP4HAACA0ki5fzzOrCL53+f/6//r//dx/381Pv9f/z/T/18Z+v/6/53o/+v/9/P6K9f/H23+Uv+fpei1/n/K/bfEmVUk/wMAAEAVpNx/a5yZ/A8AAAClkXL/RJyZ/A8AAAB9abjNaSn3T8aZVST/X9T+f8sDsLz+/3/o/+v/6/9H+v/6//1E/1//v5NK9/+H9P/7ff2V6/+30P9nKXqt/59y/1ScWUXyPwAAAFRByv3b4szkfwAAACiNlPu3x5nJ/wAAAFAaKffviDOrSP73+f/6//r/+v/6//r/q0n/X/+/k0r3/33+f9+vX/9f/59mg21O67X+f8r9O+PMKpL/AQAAoApS7t8VZyb/AwAAQGmk3H9bnJn8DwAAAKWRcv/tcWYVyf/6//r/+v/6//r/+v+rSf+/ev3/dv3Pxej/6//38/r1//X/6a7X+v8p9++OM6tI/gcAAIAqSLn//XFm8j8AAACURsr9d8SZyf8AAADQVzr10FLu/0CcWUXyv/5/2fv/c2v0//X/9f87r1//fyUtfAHW/69e/38569f/1//v5/Xr/+v/012v9f9T7t8TZ1aR/A8AAABVkHL/B+PM5H8AAAAojZT7PxRnJv8DAABAaaTcvzfOrCL5X/+/7P1/n/+v/6//3239+v+rS/9f/78T/f/+7P/HH1v0/3uo/187hvT/6UW91v9Puf/DcWYVyf8AAABQBSn3fyTOTP4HAACA0ki5/6NxZvI/AAAAlEbK/R+LM6tI/tf/1//X/9f/1//X/19N+v+r1v+vvxTq/xf0/8/Ppe7P9/v6e6n/7/P/6VW91v9Puf/jcWYVyf8AAABQBSn3fyLOTP4HAACA0ki5///Hmcn/AAAAUBop998ZZ1aR/K//r/9fhv7/o/r/+v/6/z1L/9/n/3ei/6//38/r1//X/6e7Xuv/p9z/a3FmFcn/AAAAUAUp998VZyb/AwAAQGmk3P/JODP5HwAAAPrM6KLnpNz/63FmFcn/+v8Xp/8/mK9f/9/n/696//+XQf+/Tv+/N+j/6/93ov+v/9/P69f/1/+nu17r/6fc/xtxZhXJ/wAAAFAFKfd/Ks5M/gcAAIDSSLn/N+PM5H8AAAAojZT7744zK2H+b1cqXOn+f+vlO6n3/8NACBXo//v8f/3/4PP/9f8b9qr+/8rR/9f/D/r/5+1S9+f7ff36//r/dNdr/f+U+38rzqyE+R8AAACqKuX+e+LM5H8AAAAojZT7Px1nJv8DAABAaaTc/5k4s4rkf5//r/+v/6//r/+v/7+a9P/1/zvR/9f/7+f16//r/9Ndr/X/U+6/N86sIvkfAAAAqiDl/s/Gmcn/AAAAUBop9/92nJn8DwAAAKWRcv/vxJlVJP+vVv9/ZAm3rf+v/x/0//X/9f/1/y9QP/b/a69hK9n///fHl769/n/z/dD/1//X/9f/Z3X1Wv8/5f7PxZlVJP8DAABAFaTc/7txZvI/AAAAlEbK/b8XZyb/AwAAQGmk3P/5OLOK5H+f/6//r/+v/6//r/+/mvT/ff5/J+fT/1/TcHn9/wtzqfvz/b5+/X/9f7rrtf5/yv1fiDOrSP4HAACAKki5//fjzJaT/4dXelUAAADASkq5f1+cmX//BwAAgNJIuf++OLOK5P8V6P8PBv1//X/9/7bHg/6//r/+v/6//n9nPv9f/7+f16//r/9Pd73W/0+5f3+c2d7mmwEAAAD6V8r9X4wzq8i//wMAAEAVpNx/IM5M/gcAAIDSSLn/YJxZRfK/z//X/9f/1//X/9f/X036//r/nej/6//38/r1//X/6a7X+v8p90/HmVUk/wMAAEAVpNx/KM5M/gcAAIDSSLn/cJyZ/A8AAAClkXL//XFmFcn/+v/6//r/le3/v/j9lnXq/+v/rwb9f/3/TvT/9f/7ef36//r/dNdr/f+U+4/EmVUk/wMAAEAVpNz/pTgz+R8AAABKI+X+L8eZyf8AAABQGin3H40zq0j+1//X/9f/r2z/3+f/R/r/q0v/X/+/E/1//f9+Xr/+v/4/3fVa/z/l/mNxZhXJ/wAAAFAFKfcfjzOT/wEAAKA0Uu4/EWcm/wMAAEBppNx/Ms6sIvlf/395/f+BRbqB59f/X6P/r/+v/6//r/9/gfT/L1L/Px7b+v/N9P/1//X/9f/prNf6/yn3/0GcWUXyPwAAAFRByv2n4szkf+D/2Luv3czuqo/jT8q8k+gVEpfAHSBOOOWYI64BiTug94QeaiD03kJvoUMooffee+8EQq9SUGbWWo4de2/b8WPv/V+fz0GWmKCwJzNC+Sn66g8AAAwjd//94xb7HwAAAIaRu/8BcUuT/X96/f/ld/iRNfb/B/H+//7fr//X/+v/9f/6/0H6/6D/303/r/8fpP8/v9H/syVL6/9z9z8wbmmy/wEAAKCD3P0PilvsfwAAABhG7v4Hxy32PwAAAAwjd/9D4pYm+39h7/9XzaH/1/9v9P/6/z1/P/X/+v/96P/1/xv9/7GddT+/9u8fqP/3/j9bs7T+P3f/Q+OWJvsfAAAAOsjd/7C4xf4HAACAYeTuf3jcYv8DAADAMHL3PyJuabL/F9b/73yX/l//r//X/+/5+6n/1//vR/+v/9/o/4/trPv5tX+//l//z7yl9f+5+x8ZtzTZ/wAAANBB7v5HxS32PwAAAAwjd/+j4xb7HwAAAIaRu/+quGW//X/+tL7q9Oj/9f/6f/2//l//v036f/3/FP2//n/N36//1/8zb2n9f+7+q+MW//4fAAAAhpG7/zFxi/0PAAAAw8jd/9i4xf4HAACAYeTuf1zc0mT/6//1//p//f/p9f/n9f/6/xOn/9f/b/T/x3bW/fzav1//r/9n3tL6/9z9j49bmux/AAAA6CB3/xPiFvsfAAAAhpG7/4lxi/0PAAAAw8jd/6S4pcn+1//r//X/+n/v/+v/t0n/r/+fov/X/6/5+/X/+n/mbb3/v881F+5h+//c/dfELU32PwAAAHSQu//JcYv9DwAAAMPI3f+UuMX+BwAAgGHk7n9q3NJk/+v/9f87/f+tl+j/9f/6/50f1/+fDP2//n+K/l//v+bv1//r/5m39f5/pvff+59z9z8tbmmy/wEAAKCD3P1Pj1vsfwAAABhG7v5nxC32PwAAAAwjd/+1cUuT/a//1/97/1//r//X/2+T/l//P0X/r/9f8/dP9f/3OsT36//pYGn9f+7+Z8YtTfY/AAAAdJC7/1lxi/0PAAAAw8jdf13cYv8DAADAMHL3PztuabL/9f/6f/2//n93/39py/7/th/T/2+H/l//P0X/r/9f8/d7/1//z7yl9f+5+58TtzTZ/wAAANBB7v7nxi32PwAAAAwjd//z4hb7HwAAAIaRu//5cUuT/a//1//r//X/d+r9/8vG6P+9/789+n/9/xT9v/5/zd+/tf7/2nve9n+Y+n+GsLT+P3f/C+KWJvsfAAAAOsjd/8K4xf4HAACAYeTuf1HcYv8DAADAmu0KsXL3vzhuabL/79j/7y5x9f+HM2j/f+slG/2//n/HyO//6/+3R/+v/59y2P5/o/+vn4v+fznf7/1//T/zltb/5+5/SdzSZP8DAABAB7n7Xxq32P8AAAAwjNz9L4tb7H8AAAAYRu7+l8ctTfa/9/8X0f9XxbKw/t/7//r/XT8v/b/+/zj0//r/Kd7/1/+v+fv1//p/5i2t/8/d/4q4pcn+BwAAgA5y978ybrH/AQAAYBi5+18Vt9j/AAAAMIzc/a+OW5rs/xPo/y/X/w/7/r/+X/+/6+el/9f/H4f+X/8/Rf+/f/9/xQH/e/r/ZX2//l//z7yl9f+5+6+PW5rsfwAAAOggd/9r4hb7HwAAAIaRu/+1cYv9DwAAAMPI3f+6uKXJ/j+o/7/l/y/+ee//H47+f//v1//r//X/+n/9v/5/iv7f+/9r/n79v/6feUvr/3P3vz5uabL/AQAAoIPc/W+IW+x/AAAAGEbu/jfGLfY/AAAADCN3/5vilib7/wTe/9/T/99N/6//1//HXWj//3/519H/X6T/3y79v/5/iv5f/7+6779k53eU/l//z7yl9f+5+98ctzTZ/wAAANBB7v63xC32PwAAAAwjd/9b4xb7HwAAAIaRu/9tcUuT/X/y/b/3//X/R+z/L9X/J+//x6+r/l//fwT6f/3/Rv9/bPp/7//r/9m2pfX/uftviFua7H8AAADoIHf/2+MW+x8AAACGkbv/HXGL/Q8AAADDyN3/zrilyf7X/+v/z7z/9/5/0f/Hr6v+X/9/BPp//f9G/39sW+nnr9T/6//1/+xYWv+fu/9dcUuT/Q8AAAAd5O5/d9xi/wMAAMAwcve/J26x/wEAAGAYufvfG7c02f/6f/2//n/x/f8Ne3+/6f/1/2ui/9/T/99b/397+v+j9/8XnH3/f0P80nj/fxH9f/zAVfp/lmdp/X/u/vfFLU32PwAAAHSQu//9cYv9DwAAAMPI3X9j3GL/AwAAwDBy938gbmmy//X/a+//73tzfIH+f9z+3/v/cfX/+v/9rK7/9/7/Lvr/Ad//1/97/1//z+0srf/P3f/BuKXJ/gcAAIAOcvd/KG6x/wEAAGAYufs/HLfY/wAAADCM3P03xS1N9r/+f+39v/f/9f/6f/3/sun/9f9T9P/6/zV/v/5f/8+8pfX/N+36K/Tb/wAAANDBRy788YrNR+MW+x8AAACGkbv/Y3GL/Q8AAADDyN3/8bilyf7X/+v/9f/6/zvd/1+t/9/o/w+k/9f/T9H/H6X/v/jPavr/5Xy//l//z7yl9f+5+z8RtzTZ/wAAANBB7v5Pxi32PwAAAAwjd/+n4hb7HwAAAIaRu//TccM97nJ2n3Syzh3w49Gb6//1//p//b/3//X/26T/1/9P0f97/3/N36//1/8zbwv9/623/2fHo/b/ufs/E7f49/8AAAAwjNz9n41b7H8AAAAYRu7+m+IW+x8AAACG8bkLf7xi8/m4pcn+1//r//X/W+3/767/1//r//X/+v+D6f/1/2v+fv2//p95W+j/dzlq/5+7/wtxS5P9DwAAAB3k7v9i3GL/AwAAwDBy938pbrH/AQAAYBi5+78ctzTZ//p//b/+3/v/+n/9/zbp//X/U/T/+v81f7/+X//PvKX1/7n7vxK3NNn/AAAA0EHu/q/GLfY/AAAADCN3/9fiFvsfAAAAhpG7/+txS5P9r//X/+v/9f/6f/3/Nun/9f9T9P/6/zV/v/5f/8+8pfX/ufu/Ebc02f8AAADQQe7+b8Yt9j8AAAAMI3f/t+IW+x8AAACGkbv/23FLk/0/cv8/9V/T/1+k/9f/b/T/+v8t0//r/6fo//X/a/5+/b/+n3lL6/9z938nbmmy/wEAAKCD3P3fjVvsfwAAABhG7v7vxS32PwAAAAwjd//345Ym+3/k/n/KSff/5+Lq//X/G/1/0f/r/zf6f/3/DP2//n/N36//1/8z74z6/3ObA/r/3P0/iFua7H8AAADoIHf/D+MW+x8AAACGkbv/R3GL/Q8AAADDyN3/47hlnP1/vxsn/qT+3/v/+n/9v/5f/79N+n/9/xT9v/5/zd+v/9f/M29p7//n7v9J3DLO/gcAAID2cvf/NG6x/wEAAGAYuft/FrfY/wAAADCM3P0/j1ua7H/9v/5f/9+q/79so//X/58y/b/+f4r+X/+/5u/X/+v/mbe0/j93/y/ilib7HwAAADrI3f/LuMX+BwAAgGHk7v9V3GL/AwAAwDBy9/86bmmy//X/+n/9f6v+3/v/+v9Tp//X/0/R/+v/1/z9+n/9P/OW1v/n7v9N3NJk/wMAAEAHuft/G7fY/wAAADCM3P2/i1vsfwAAABhG7v7fxy1N9r/+X/+v/19q/3/x96D+X/+v/5+m/9f/b/T/x3bW/fzav3+i/7/r9vv/8/p/VmFp/X/u/pvjlib7HwAAADrI3f+HuMX+BwAAgGHk7v9j3GL/AwAAwDBy998StzTZ//p//f+Q/f/5Efp/7//r//X/h6H/1/9v9P/Hdtb9/Nq/f+z3/6+c/fnr/zmMpfX/ufv/FLc02f8AAADQQe7+P8ct9j8AAAAMI3f/X+IW+x8AAACGkbv/r3FLk/2v/9f/H73/P1c/78X2/0O8/6//1//r/w9D/6//36y4/7/u+os/rP9f5/eP3f97/5+TsbT+P3f/3+KWJvsfAAAAOsjd//e4xf4HAACAYeTu/0fcYv8DAADAMHL3/zNuabL/9f/6/yHf/9f/N+7/r9T/L0zL/j9/3+n/Z3Xv/73/v+7vH7v/v0z/z4lYWv+fu/9fcUuT/Q8AAAAd5O7/d9xi/wMAAMAwcvf/J26x/wEAAGAYufv/G7c02f/6f/2//l//P1b/7/3/pWnZ/3v//9D0//r/NX//2P2/9/85GUvr/3P3/y8AAP//eowtdQ==")
chown(&(0x7f0000000080)='./file1\x00', 0x0, 0x0)

3.421561226s ago: executing program 6 (id=1611):
socket$inet6(0xa, 0x5, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6c, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000300)={0x5})
socket$inet_sctp(0x2, 0x5, 0x84)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000001b00)={0x1c, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@typed={0x8, 0xc, 0x0, 0x0, @u32=0x1}]}, 0x1c}}, 0x20000000)

3.291681313s ago: executing program 2 (id=1612):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
utimensat(0xffffffffffffffff, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = socket$igmp6(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MFC(r4, 0x29, 0x22, &(0x7f0000000100)={{0xa, 0xffff, 0x101, @empty, 0xfffffffc}, {0xa, 0x0, 0x0, @dev}, 0x0, {[0x10000, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0xfffffffd]}}, 0x5c)

2.213245705s ago: executing program 2 (id=1613):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000540)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000003000200850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$LOOP_CTL_GET_FREE(r5, 0x4c82)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000001e00"], 0x55}}, 0x4000000)

2.212858174s ago: executing program 6 (id=1614):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
socket$inet6_sctp(0xa, 0x1, 0x84)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000340)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
r4 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x2000000, @mcast1, 0x5}, 0x1c)
sendmmsg$inet6(r4, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r5)

967.131138ms ago: executing program 2 (id=1616):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000500)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r3, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r4, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000bc0)={{{@in=@loopback, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x2, 0x0, 0x8, 0x8, 0x4}, {0x4}, 0x0, 0x0, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0x3f}, 0x80, 0x32}, 0x0, @in6=@empty, 0x0, 0x0, 0x0, 0x8}}, 0xe8)
r5 = syz_genetlink_get_family_id$l2tp(&(0x7f00000008c0), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x34, r5, 0x1, 0x1070bd2c, 0x4, {0x5}, [@L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa8}]}, 0x34}, 0x1, 0x0, 0x0, 0x20008000}, 0x30)

965.89935ms ago: executing program 6 (id=1617):
openat$dir(0xffffffffffffff9c, &(0x7f0000001a00)='./file1\x00', 0x40, 0xdc)
r0 = syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x80000)
r1 = socket(0x2, 0x2, 0x0)
r2 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_SET_SOCK(r0, 0xab00, r1)
ioctl$NBD_DO_IT(r2, 0xab03)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x100000000)
mount(&(0x7f0000000000)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000004a00)='./file1\x00', &(0x7f0000000080)='udf\x00', 0x2008087, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x18)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0xf, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0)
getpid()

857.205611ms ago: executing program 1 (id=1618):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
inotify_add_watch(0xffffffffffffffff, 0x0, 0xa000032a)
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000840)='./file0\x00', 0xe1000a42)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_UNLINK(r4, 0x40044160, 0x3)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x4008044)

0s ago: executing program 2 (id=1619):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000070000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r5=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=@newlink={0x48, 0x10, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r5}, @IFLA_ADDRESS={0xa}]}, 0x48}, 0x1, 0x0, 0x0, 0x45844}, 0x0)

kernel console output (not intermixed with test programs):

k: 4 bytes leftover after parsing attributes in process `syz.3.10'.
[   79.701175][ T6004] netlink: 'syz.2.11': attribute type 4 has an invalid length.
[   79.777236][ T6007] netlink: 'syz.2.11': attribute type 4 has an invalid length.
[   80.817836][ T6016] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   81.790073][ T1210] cfg80211: failed to load regulatory.db
[   81.813103][ T6023] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   85.462152][ T6053] netlink: 'syz.1.24': attribute type 83 has an invalid length.
[   87.418358][ T6073] netlink: 'syz.4.30': attribute type 4 has an invalid length.
[   87.426112][ T6073] netlink: 152 bytes leftover after parsing attributes in process `syz.4.30'.
[   87.480200][ T6073] : renamed from bond0 (while UP)
[   88.491038][ T6073] syz.4.30 (6073) used greatest stack depth: 19528 bytes left
[   90.612794][ T6099] loop4: detected capacity change from 0 to 512
[   90.797697][ T6099] =======================================================
[   90.797697][ T6099] WARNING: The mand mount option has been deprecated and
[   90.797697][ T6099]          and is ignored by this kernel. Remove the mand
[   90.797697][ T6099]          option from the mount to silence this warning.
[   90.797697][ T6099] =======================================================
[   92.056091][ T6099] EXT4-fs error (device loop4): ext4_read_inode_bitmap:139: comm syz.4.35: Invalid inode bitmap blk 4 in block_group 0
[   93.232213][ T6099] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   93.506355][ T6114] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm ext4lazyinit: bg 0: block 13: invalid block bitmap
[   93.990089][ T5850] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   94.752175][ T6129] netlink: 24 bytes leftover after parsing attributes in process `syz.4.42'.
[   98.006580][ T6163] loop4: detected capacity change from 0 to 2048
[   98.136508][ T6163] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[   99.923977][ T5908] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  100.096876][ T5908] usb 2-1: config 0 has no interfaces?
[  100.125392][ T5908] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  100.152345][ T5908] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  100.186868][ T5908] usb 2-1: SerialNumber: syz
[  100.206283][ T5908] usb 2-1: config 0 descriptor??
[  100.412312][    C0] vcan0: j1939_tp_rxtimer: 0xffff888057b5d400: rx timeout, send abort
[  100.759902][ T6177] netlink: 277 bytes leftover after parsing attributes in process `syz.1.58'.
[  100.782048][ T5908] usb 2-1: USB disconnect, device number 2
[  101.014398][ T5967] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  101.232787][ T6196] loop4: detected capacity change from 0 to 2048
[  101.300506][ T6196] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  102.033790][ T5967] usb 4-1: Using ep0 maxpacket: 32
[  102.044992][ T5967] usb 4-1: config 0 has an invalid interface number: 16 but max is 0
[  102.053983][ T5967] usb 4-1: config 0 has no interface number 0
[  102.061555][ T5967] usb 4-1: config 0 interface 16 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  102.072428][ T5967] usb 4-1: config 0 interface 16 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8
[  102.101292][ T5967] usb 4-1: New USB device found, idVendor=0499, idProduct=102a, bcdDevice=85.2d
[  102.771231][ T5967] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  102.781430][ T5967] usb 4-1: Product: syz
[  102.785911][ T5967] usb 4-1: Manufacturer: syz
[  102.790515][ T5967] usb 4-1: SerialNumber: syz
[  102.821155][ T6201] bridge_slave_0: left allmulticast mode
[  102.829938][ T5967] usb 4-1: config 0 descriptor??
[  102.854792][ T6201] bridge_slave_0: left promiscuous mode
[  102.864496][ T6190] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  102.893470][ T6190] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  102.906501][ T6201] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.134761][ T5967] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  103.201284][ T6209] Cannot find add_set index 0 as target
[  104.400963][ T6201] bridge_slave_1: left allmulticast mode
[  104.410298][ T6201] bridge_slave_1: left promiscuous mode
[  104.452514][ T6201] bridge0: port 2(bridge_slave_1) entered disabled state
[  104.492579][ T5967] usb 4-1: USB disconnect, device number 2
[  105.658338][ T6201] bond0: (slave bond_slave_0): Releasing backup interface
[  105.682287][ T6221] udevd[6221]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.16/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  105.887524][    C1] Illegal XDP return value 16128 on prog  (id 15) dev bond_slave_1, expect packet loss!
[  106.294619][ T6201] bond0: (slave bond_slave_1): Releasing backup interface
[  106.367120][ T6230] loop0: detected capacity change from 0 to 128
[  106.395237][ T6201] team0: Port device team_slave_0 removed
[  106.462917][ T6201] team0: Port device team_slave_1 removed
[  106.963838][ T6201] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  106.992337][ T6201] batman_adv: batadv0: Removing interface: batadv_slave_0
[  107.029437][ T6201] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  107.076340][ T6201] batman_adv: batadv0: Removing interface: batadv_slave_1
[  107.430502][ T6246] process 'syz.4.74' launched './file2' with NULL argv: empty string added
[  107.605034][ T6214] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  107.932010][ T6245] netlink: 28 bytes leftover after parsing attributes in process `syz.3.76'.
[  109.589929][   T36] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  110.545022][   T36] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  111.176800][   T36] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  112.009899][   T36] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  112.258102][ T5857] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  112.267082][ T5857] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  112.275937][ T5857] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  112.283908][ T5857] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  112.292816][ T5857] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  114.384317][ T5857] Bluetooth: hci1: command tx timeout
[  114.656928][ T6294] chnl_net:caif_netlink_parms(): no params data found
[  115.616833][   T36] bridge_slave_1: left allmulticast mode
[  115.622581][   T36] bridge_slave_1: left promiscuous mode
[  115.684231][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  115.768904][   T36] bridge_slave_0: left allmulticast mode
[  115.825173][   T36] bridge_slave_0: left promiscuous mode
[  115.831367][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  115.831514][ T6331] loop3: detected capacity change from 0 to 256
[  116.079371][ T6331] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  116.103360][ T6331] exFAT-fs (loop3): Medium has reported failures. Some data may be lost.
[  116.368720][ T6331] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c1d22, utbl_chksum : 0xe619d30d)
[  116.439187][ T5857] Bluetooth: hci1: command tx timeout
[  116.686507][ T6343] loop4: detected capacity change from 0 to 512
[  116.732313][ T6343] EXT4-fs: Ignoring removed mblk_io_submit option
[  116.918553][ T6343] EXT4-fs: inline encryption not supported
[  116.959526][ T6343] EXT4-fs: Ignoring removed mblk_io_submit option
[  117.204579][ T6343] EXT4-fs (loop4): Test dummy encryption mode enabled
[  117.536884][ T6343] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  117.642790][ T6343] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  117.734381][ T6343] EXT4-fs (loop4): 1 truncate cleaned up
[  117.879052][ T6343] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  117.985265][ T6343] fscrypt: AES-256-XTS using implementation "xts-aes-aesni-avx"
[  118.561808][ T5857] Bluetooth: hci1: command tx timeout
[  118.907305][ T5850] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  118.956059][ T6374] loop3: detected capacity change from 0 to 2048
[  119.112539][ T6374] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  119.373172][   T30] audit: type=1800 audit(1752853189.316:2): pid=6374 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.104" name="file1" dev="loop3" ino=1346 res=0 errno=0
[  119.400940][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  119.417710][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  119.625458][ T5915] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  119.666820][   T36] bond0 (unregistering): Released all slaves
[  119.927118][ T6388] /dev/sg0: Can't lookup blockdev
[  120.382028][ T5915] usb 5-1: Using ep0 maxpacket: 8
[  120.396743][ T5915] usb 5-1: config 0 has an invalid interface number: 99 but max is 0
[  120.623082][ T5862] Bluetooth: hci1: command tx timeout
[  120.636588][ T5915] usb 5-1: config 0 has no interface number 0
[  120.665898][ T5915] usb 5-1: New USB device found, idVendor=12d1, idProduct=88d5, bcdDevice=1d.2a
[  120.675142][ T5915] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  121.588743][ T5915] usb 5-1: Product: syz
[  121.592910][ T5915] usb 5-1: Manufacturer: syz
[  121.617044][ T5915] usb 5-1: SerialNumber: syz
[  121.699534][ T5915] usb 5-1: config 0 descriptor??
[  121.732765][ T6294] bridge0: port 1(bridge_slave_0) entered blocking state
[  121.755038][ T6294] bridge0: port 1(bridge_slave_0) entered disabled state
[  121.762308][ T6294] bridge_slave_0: entered allmulticast mode
[  121.785301][ T6294] bridge_slave_0: entered promiscuous mode
[  121.812585][ T6294] bridge0: port 2(bridge_slave_1) entered blocking state
[  121.833569][ T6294] bridge0: port 2(bridge_slave_1) entered disabled state
[  121.843881][ T6294] bridge_slave_1: entered allmulticast mode
[  121.861904][ T6294] bridge_slave_1: entered promiscuous mode
[  121.902044][ T6397] netlink: 4 bytes leftover after parsing attributes in process `syz.2.110'.
[  121.962303][ T5915] option 5-1:0.99: GSM modem (1-port) converter detected
[  122.180158][ T6294] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  122.280866][ T6294] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  123.104877][ T6404] could not allocate digest TFM handle sha1-avx2
[  123.306339][   T43] usb 5-1: USB disconnect, device number 2
[  123.324465][   T43] option 5-1:0.99: device disconnected
[  124.903627][ T6294] team0: Port device team_slave_0 added
[  124.949054][ T6433] loop3: detected capacity change from 0 to 256
[  124.961035][   T36] hsr_slave_0: left promiscuous mode
[  125.108250][   T36] hsr_slave_1: left promiscuous mode
[  125.152366][ T6433] exFAT-fs (loop3): error, The cluster chain has a loop
[  125.165821][ T6433] exFAT-fs (loop3): failed to count the number of clusters in root
[  125.176479][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  125.207537][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  125.207603][ T6433] exFAT-fs (loop3): failed to recognize exfat type
[  125.978202][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  125.986603][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  126.472698][ T6438] loop2: detected capacity change from 0 to 1024
[  126.667774][ T6437] hfsplus: inconsistency in B*Tree (9,1,255,1,0)
[  126.707530][ T6437] hfsplus: xattr searching failed
[  126.726381][   T36] veth1_macvtap: left promiscuous mode
[  126.737159][ T6438] hfsplus: inconsistency in B*Tree (9,1,255,1,0)
[  126.743768][   T30] audit: type=1800 audit(1752853196.686:3): pid=6437 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.120" name="memory.events" dev="loop2" ino=26 res=0 errno=0
[  126.743893][   T36] veth0_macvtap: left promiscuous mode
[  126.778776][   T36] veth1_vlan: left promiscuous mode
[  126.810321][ T6438] hfsplus: xattr searching failed
[  126.818604][ T6437] hfsplus: inconsistency in B*Tree (9,1,255,1,0)
[  126.825212][ T6437] hfsplus: xattr search failed
[  126.830141][ T6437] hfsplus: inconsistency in B*Tree (9,1,255,1,0)
[  126.853096][ T6437] hfsplus: xattr search failed
[  126.858543][   T36] veth0_vlan: left promiscuous mode
[  127.045051][ T6437] hfsplus: unable to mark blocks free: error -4
[  127.063482][ T6437] hfsplus: can't free extent
[  127.221584][   T65] hfsplus: b-tree write err: -5, ino 4
[  130.923187][ T6463] netlink: 168 bytes leftover after parsing attributes in process `syz.3.125'.
[  132.162867][ T6474] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  132.842929][ T5831] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  132.850663][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  132.857031][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  134.109700][ T6481] netlink: 4 bytes leftover after parsing attributes in process `syz.3.131'.
[  135.677168][   T36] team0 (unregistering): Port device team_slave_1 removed
[  135.751729][   T36] team0 (unregistering): Port device team_slave_0 removed
[  136.805665][ T6294] team0: Port device team_slave_1 added
[  137.227962][ T6507] netlink: 24 bytes leftover after parsing attributes in process `syz.3.138'.
[  137.355918][ T6294] batman_adv: batadv0: Adding interface: batadv_slave_0
[  137.365006][ T6294] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  137.412320][ T6294] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  137.439311][ T6294] batman_adv: batadv0: Adding interface: batadv_slave_1
[  137.462892][ T6294] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  137.654515][ T6294] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  138.775283][ T6294] hsr_slave_0: entered promiscuous mode
[  138.839061][ T6294] hsr_slave_1: entered promiscuous mode
[  138.949092][ T6294] debugfs: 'hsr0' already exists in 'hsr'
[  138.975616][ T6294] Cannot create hsr debugfs directory
[  139.021146][ T6526] bridge1: entered allmulticast mode
[  139.164696][ T6536] netlink: 4 bytes leftover after parsing attributes in process `syz.4.143'.
[  140.382516][ T6550] xt_TPROXY: Can be used only with -p tcp or -p udp
[  141.047878][ T6551] netlink: 28 bytes leftover after parsing attributes in process `syz.3.147'.
[  141.235952][ T6549] netlink: 28 bytes leftover after parsing attributes in process `syz.3.147'.
[  141.497319][ T6294] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  141.529053][ T6294] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  141.580242][ T6294] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  141.609710][ T6294] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  141.624292][ T6563] loop4: detected capacity change from 0 to 2048
[  141.699384][ T6563]  loop4: p1 p2 < > p3 < p5 p6 > p4
[  141.718436][ T6563] loop4: partition table partially beyond EOD, truncated
[  141.769688][ T6563] loop4: p2 start 4278190080 is beyond EOD, truncated
[  141.809360][ T6563] loop4: p4 size 8192 extends beyond EOD, truncated
[  141.866907][ T6563] loop4: p6 size 8192 extends beyond EOD, truncated
[  142.007882][ T6294] 8021q: adding VLAN 0 to HW filter on device bond0
[  142.039084][ T6579] loop3: detected capacity change from 0 to 512
[  142.045781][ T5214]  loop4: p1 p2 < > p3 < p5 p6 > p4
[  142.059093][ T5214] loop4: partition table partially beyond EOD, truncated
[  142.072421][ T6579] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  142.090298][ T5214] loop4: p2 start 4278190080 is beyond EOD, truncated
[  142.139270][ T6294] 8021q: adding VLAN 0 to HW filter on device team0
[  142.146153][ T5972] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  142.160420][ T6579] EXT4-fs (loop3): 1 truncate cleaned up
[  142.171423][ T5214] loop4: p4 size 8192 extends beyond EOD, truncated
[  142.188398][ T6411] bridge0: port 1(bridge_slave_0) entered blocking state
[  142.195490][ T6411] bridge0: port 1(bridge_slave_0) entered forwarding state
[  142.230382][ T5214] loop4: p6 size 8192 extends beyond EOD, truncated
[  142.286254][ T6579] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  142.315077][ T6175] bridge0: port 2(bridge_slave_1) entered blocking state
[  142.322304][ T6175] bridge0: port 2(bridge_slave_1) entered forwarding state
[  142.341740][ T5972] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 119, changing to 10
[  143.147471][ T5972] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  143.177916][ T5972] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  143.198432][ T5972] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  143.219410][ T5972] usb 5-1: config 0 descriptor??
[  143.655561][ T5972] keytouch 0003:0926:3333.0001: fixing up Keytouch IEC report descriptor
[  143.762155][ T5972] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.0001/input/input5
[  143.852561][ T6593] loop2: detected capacity change from 0 to 4096
[  143.852876][ T6563] netlink: 12 bytes leftover after parsing attributes in process `syz.4.150'.
[  143.882085][ T5841] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  144.101747][ T5972] keytouch 0003:0926:3333.0001: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0
[  144.103391][ T6598] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  144.289641][ T5972] usb 5-1: USB disconnect, device number 3
[  144.551954][ T6294] 8021q: adding VLAN 0 to HW filter on device batadv0
[  144.608114][ T6601] fido_id[6601]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory
[  147.267204][ T6632] overlayfs: overlapping lowerdir path
[  147.888385][ T6649] xt_CT: You must specify a L4 protocol and not use inversions on it
[  148.571266][ T6294] veth0_vlan: entered promiscuous mode
[  148.655205][ T6294] veth1_vlan: entered promiscuous mode
[  148.867759][ T6294] veth0_macvtap: entered promiscuous mode
[  148.885401][ T6294] veth1_macvtap: entered promiscuous mode
[  149.356861][ T6294] batman_adv: batadv0: Interface activated: batadv_slave_0
[  149.623063][ T6294] batman_adv: batadv0: Interface activated: batadv_slave_1
[  149.700209][ T6175] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  149.803088][ T6175] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  149.854283][ T6175] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  150.113397][   T12] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  150.245042][ T6677] binder_alloc: 6676: binder_alloc_buf, no vma
[  150.610314][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  151.237482][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  151.835486][  T152] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  151.863066][  T152] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  152.211736][ T6691] xt_connbytes: Forcing CT accounting to be enabled
[  152.253873][ T6691] Cannot find add_set index 0 as target
[  154.073064][   T43] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  154.237303][   T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  154.250292][   T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  154.262063][   T43] usb 5-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00
[  154.378760][   T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  154.437555][   T43] usb 5-1: config 0 descriptor??
[  156.258169][   T43] hid-led 0003:27B8:01ED.0002: hidraw0: USB HID v0.00 Device [HID 27b8:01ed] on usb-dummy_hcd.4-1/input0
[  156.332321][   T43] hid-led 0003:27B8:01ED.0002: ThingM blink(1) initialized
[  156.416309][ T1210] usb 5-1: USB disconnect, device number 4
[  156.614300][ T6743] fido_id[6743]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory
[  157.117319][   T43] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  157.623031][   T43] usb 6-1: Using ep0 maxpacket: 32
[  158.508331][   T43] usb 6-1: config 2 has an invalid interface number: 66 but max is 0
[  158.516661][   T43] usb 6-1: config 2 has no interface number 0
[  158.522828][   T43] usb 6-1: config 2 interface 66 altsetting 0 endpoint 0xC has an invalid bInterval 0, changing to 7
[  158.788798][   T43] usb 6-1: New USB device found, idVendor=046d, idProduct=08c6, bcdDevice= b.5d
[  158.849455][   T43] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  158.880085][   T43] usb 6-1: Product: syz
[  158.924833][   T43] usb 6-1: Manufacturer: syz
[  158.929442][   T43] usb 6-1: SerialNumber: syz
[  159.027595][   T43] usb 6-1: Found UVC 0.00 device syz (046d:08c6)
[  159.292832][   T43] usb 6-1: No valid video chain found.
[  160.119772][ T6795] loop1: detected capacity change from 0 to 512
[  160.165764][ T6795] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  160.261077][ T6795] EXT4-fs (loop1): 1 truncate cleaned up
[  160.508124][ T6795] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  160.810390][ T6795] syz.1.194 (pid 6795) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[  160.874703][ T6802] netlink: 12 bytes leftover after parsing attributes in process `syz.1.194'.
[  161.130086][   T43] usb 6-1: USB disconnect, device number 2
[  161.194696][ T5853] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  161.877601][ T6813] loop2: detected capacity change from 0 to 1024
[  162.113079][   T30] audit: type=1800 audit(1752853232.056:4): pid=6812 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.199" name="file1" dev="loop2" ino=20 res=0 errno=0
[  162.389738][ T6829] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input6
[  162.460620][ T6832] Device name cannot be null; rc = [-22]
[  163.451350][ T6836] loop2: detected capacity change from 0 to 128
[  163.485941][ T6836] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  163.547899][ T6836] ext4 filesystem being mounted at /50/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  165.122833][ T6848] loop1: detected capacity change from 0 to 65
[  165.149405][ T6848] bfs: Unknown parameter '�0xffffffffffffffff��K�g�paI��y�����_n}⪝Eg�S�:�i���6|�� }Ʀ�t�
׬(!��#�4!Ӏ�P{C]߭[Dԟ$$zV���u�>�������8�o�w�A�Xj���V#���G�ͫ�05C��<3!lk��<��xN�Ѥ��#�m����e|���|�{�QjF�)#!�m
[  165.149405][ T6848] �Tؚ���r`h��# &~z~Sv'
[  165.307728][ T6853] bridge1: entered allmulticast mode
[  165.849097][ T5847] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  167.184514][   T30] audit: type=1326 audit(1752853237.126:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6877 comm="syz.2.212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fec98e9a9 code=0x7ffc0000
[  167.904606][   T30] audit: type=1326 audit(1752853237.236:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6877 comm="syz.2.212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fec98e9a9 code=0x7ffc0000
[  167.926627][    C1] vkms_vblank_simulate: vblank timer overrun
[  168.383985][   T30] audit: type=1326 audit(1752853237.286:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6877 comm="syz.2.212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4fec98e9a9 code=0x7ffc0000
[  168.406219][   T30] audit: type=1326 audit(1752853237.286:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6877 comm="syz.2.212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fec98e9a9 code=0x7ffc0000
[  168.443180][   T30] audit: type=1326 audit(1752853237.286:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6877 comm="syz.2.212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fec98e9a9 code=0x7ffc0000
[  168.502491][   T30] audit: type=1326 audit(1752853237.306:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6877 comm="syz.2.212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4fec98e9a9 code=0x7ffc0000
[  168.533108][   T30] audit: type=1326 audit(1752853237.306:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6877 comm="syz.2.212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fec98e9a9 code=0x7ffc0000
[  168.555580][   T30] audit: type=1326 audit(1752853237.306:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6877 comm="syz.2.212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fec98e9a9 code=0x7ffc0000
[  168.577628][    C1] vkms_vblank_simulate: vblank timer overrun
[  168.995354][ T6882] loop1: detected capacity change from 0 to 32768
[  169.036999][   T30] audit: type=1326 audit(1752853237.306:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6877 comm="syz.2.212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4fec98e9a9 code=0x7ffc0000
[  169.137759][   T30] audit: type=1326 audit(1752853237.306:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6877 comm="syz.2.212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fec98e9a9 code=0x7ffc0000
[  169.380863][ T6882] workqueue: Failed to create a rescuer kthread for wq "ocfs2_wq": -EINTR
[  169.398188][ T6882] (syz.1.207,6882,1):ocfs2_initialize_super:2227 ERROR: status = -12
[  169.716356][ T6910] netlink: 168 bytes leftover after parsing attributes in process `syz.4.216'.
[  170.227127][ T6882] (syz.1.207,6882,1):ocfs2_fill_super:1177 ERROR: status = -12
[  171.812256][ T6921] syzkaller0: entered promiscuous mode
[  171.831920][ T6921] syzkaller0: entered allmulticast mode
[  171.881285][ T6933] netlink: 'syz.5.221': attribute type 10 has an invalid length.
[  171.913887][ T6934] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input7
[  172.204954][ T6931] warning: `syz.5.221' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  172.432650][ T6933] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  174.433423][ T6962] trusted_key: syz.5.226 sent an empty control message without MSG_MORE.
[  175.892591][ T6975] netlink: 168 bytes leftover after parsing attributes in process `syz.5.229'.
[  178.331066][ T6946] tipc: Started in network mode
[  178.336173][ T6946] tipc: Node identity 4, cluster identity 4711
[  178.348369][ T6946] tipc: Node number set to 4
[  180.553486][ T7011] xt_connbytes: Forcing CT accounting to be enabled
[  180.560146][ T7011] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  181.555143][ T7030] loop3: detected capacity change from 0 to 2048
[  182.025955][ T7030] NILFS (loop3): invalid segment: Magic number mismatch
[  182.093129][ T7030] NILFS (loop3): trying rollback from an earlier position
[  182.333010][ T7030] NILFS (loop3): recovery complete
[  182.369435][ T7036] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  183.256169][ T7047] 9pnet_fd: p9_fd_create_tcp (7047): problem connecting socket to 127.0.0.1
[  184.487241][ T7063] overlayfs: overlapping lowerdir path
[  185.148297][ T7056] syzkaller0: entered promiscuous mode
[  185.219252][ T7056] syzkaller0: entered allmulticast mode
[  185.856826][ T7074] hub 6-0:1.0: USB hub found
[  185.862107][ T7074] hub 6-0:1.0: 1 port detected
[  191.223825][ T5846] Bluetooth: hci0: command 0x0406 tx timeout
[  191.229984][ T5846] Bluetooth: hci4: command 0x0406 tx timeout
[  191.237044][ T5846] Bluetooth: hci2: command 0x0406 tx timeout
[  191.275762][   T51] Bluetooth: hci3: command 0x0406 tx timeout
[  191.574901][ T7108] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  191.606428][ T7108] CIFS: Unable to determine destination address
[  194.282463][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  194.290061][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  194.654800][   T30] kauditd_printk_skb: 19 callbacks suppressed
[  194.654816][   T30] audit: type=1800 audit(1752853264.586:34): pid=7133 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.268" name="bus" dev="overlay" ino=367 res=0 errno=0
[  198.782176][ T7159] loop3: detected capacity change from 0 to 256
[  198.795310][ T7159] exfat: Deprecated parameter 'utf8'
[  198.800746][ T7159] exfat: Unknown parameter '���V�NK�E̟��sys_to_size_dir'
[  200.941635][ T7170] loop5: detected capacity change from 0 to 1024
[  201.088204][ T5857] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  201.102789][ T5857] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  201.115658][ T5857] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  201.133185][ T5857] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  201.143849][ T5857] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  201.882136][ T7185] netlink: 36 bytes leftover after parsing attributes in process `syz.2.282'.
[  202.110030][ T7190] overlayfs: overlapping lowerdir path
[  202.750829][ T7184] netlink: 28 bytes leftover after parsing attributes in process `syz.1.280'.
[  202.841963][ T7182] netlink: 28 bytes leftover after parsing attributes in process `syz.1.280'.
[  203.233893][ T5862] Bluetooth: hci5: command tx timeout
[  204.176035][ T7173] chnl_net:caif_netlink_parms(): no params data found
[  205.317725][ T5862] Bluetooth: hci5: command tx timeout
[  206.244173][   T30] audit: type=1800 audit(1752853276.186:35): pid=7233 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.288" name="/" dev="fuse" ino=0 res=0 errno=0
[  206.813659][ T6175] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  207.393077][ T5862] Bluetooth: hci5: command tx timeout
[  207.696639][ T6175] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  208.231151][ T7173] bridge0: port 1(bridge_slave_0) entered blocking state
[  208.256411][ T7173] bridge0: port 1(bridge_slave_0) entered disabled state
[  208.271091][ T7173] bridge_slave_0: entered allmulticast mode
[  208.289658][ T7173] bridge_slave_0: entered promiscuous mode
[  208.331380][ T7261] random: crng reseeded on system resumption
[  208.375206][ T6175] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  208.543343][ T7263] x_tables: duplicate underflow at hook 1
[  208.818073][ T7173] bridge0: port 2(bridge_slave_1) entered blocking state
[  209.346211][ T7173] bridge0: port 2(bridge_slave_1) entered disabled state
[  209.353518][ T7173] bridge_slave_1: entered allmulticast mode
[  209.361775][ T7173] bridge_slave_1: entered promiscuous mode
[  209.514246][ T5862] Bluetooth: hci5: command tx timeout
[  209.652179][ T6175] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  211.437497][ T7173] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  211.463458][ T7173] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  213.189513][ T7173] team0: Port device team_slave_0 added
[  213.658352][ T7300] loop3: detected capacity change from 0 to 512
[  213.697361][ T7173] team0: Port device team_slave_1 added
[  213.734478][ T7300] EXT4-fs (loop3): Test dummy encryption mode enabled
[  213.805332][ T7300] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  214.037693][ T7300] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00cc018, mo2=0002]
[  214.086016][ T7300] System zones: 1-12
[  214.145414][ T7308] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  214.711738][ T7173] batman_adv: batadv0: Adding interface: batadv_slave_0
[  214.724487][ T7300] EXT4-fs (loop3): 1 truncate cleaned up
[  214.732121][ T7173] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  214.760264][ T7300] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  214.848759][ T7173] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  214.880913][ T7173] batman_adv: batadv0: Adding interface: batadv_slave_1
[  214.888660][ T7173] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  214.983110][ T7173] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  215.019877][ T5841] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  216.983615][ T6175] bridge_slave_1: left allmulticast mode
[  216.989358][ T6175] bridge_slave_1: left promiscuous mode
[  217.033485][ T6175] bridge0: port 2(bridge_slave_1) entered disabled state
[  217.748581][ T6175] bridge_slave_0: left allmulticast mode
[  217.771202][ T6175] bridge_slave_0: left promiscuous mode
[  217.787672][ T6175] bridge0: port 1(bridge_slave_0) entered disabled state
[  218.771553][   T30] audit: type=1326 audit(1753377576.720:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7329 comm="syz.1.310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4d0b78e9a9 code=0x7fc00000
[  219.975159][ T7347] loop1: detected capacity change from 0 to 128
[  221.541540][ T7357] netlink: 'syz.5.315': attribute type 66 has an invalid length.
[  224.613754][ T6175]  (unregistering): (slave bond_slave_0): Releasing backup interface
[  224.624468][ T6175]  (unregistering): (slave bond_slave_1): Releasing backup interface
[  224.642663][ T6175]  (unregistering): Released all slaves
[  224.669596][ T7173] hsr_slave_0: entered promiscuous mode
[  224.680245][ T7173] hsr_slave_1: entered promiscuous mode
[  224.689372][ T7173] debugfs: 'hsr0' already exists in 'hsr'
[  224.702154][ T7173] Cannot create hsr debugfs directory
[  228.269147][   T30] audit: type=1326 audit(1753377586.220:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7432 comm="syz.1.336" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4d0b78e9a9 code=0x0
[  230.193567][ T6175] hsr_slave_0: left promiscuous mode
[  230.240535][ T6175] hsr_slave_1: left promiscuous mode
[  230.247128][ T6175] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  230.256290][ T6175] batman_adv: batadv0: Removing interface: batadv_slave_0
[  230.965566][ T6175] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  231.016022][ T6175] batman_adv: batadv0: Removing interface: batadv_slave_1
[  231.326077][ T6175] veth1_macvtap: left promiscuous mode
[  231.340418][ T6175] veth0_macvtap: left promiscuous mode
[  231.357542][ T6175] veth1_vlan: left promiscuous mode
[  231.362893][ T6175] veth0_vlan: left promiscuous mode
[  231.378969][ T7472] loop5: detected capacity change from 0 to 128
[  231.423793][ T7472] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  231.496743][ T7472] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  233.676164][ T6175] team0 (unregistering): Port device team_slave_1 removed
[  233.708731][ T6175] team0 (unregistering): Port device team_slave_0 removed
[  234.638614][ T7501] netlink: 96 bytes leftover after parsing attributes in process `syz.5.349'.
[  234.849047][ T7173] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  234.937920][ T7173] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  235.044963][ T7173] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  235.619061][ T7173] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  236.092898][ T7536] openvswitch: netlink: VXLAN extension message has 45 unknown bytes.
[  236.920674][ T7539] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  236.927292][ T7539] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  236.971327][ T7173] 8021q: adding VLAN 0 to HW filter on device bond0
[  236.982716][ T7539] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  236.989180][ T7539] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  237.188861][ T7173] 8021q: adding VLAN 0 to HW filter on device team0
[  237.974052][   T65] bridge0: port 1(bridge_slave_0) entered blocking state
[  237.981226][   T65] bridge0: port 1(bridge_slave_0) entered forwarding state
[  238.320630][ T7539] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  238.348218][ T7539] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  238.396533][ T7539] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  238.403923][ T7539] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  238.438248][   T65] bridge0: port 2(bridge_slave_1) entered blocking state
[  238.445434][   T65] bridge0: port 2(bridge_slave_1) entered forwarding state
[  238.509107][ T7552] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  238.612556][ T7539] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  238.671471][ T7539] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  238.677896][ T7539] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  238.714622][ T7539] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  238.993468][ T5862] Bluetooth: hci0: command 0x0406 tx timeout
[  239.080011][ T5862] Bluetooth: hci2: command 0x0406 tx timeout
[  239.871949][   T30] audit: type=1800 audit(1753377597.820:38): pid=7582 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.364" name="bus" dev="overlay" ino=254 res=0 errno=0
[  240.388039][ T5862] Bluetooth: hci4: command 0x0406 tx timeout
[  240.433417][ T5862] Bluetooth: hci1: command 0x0c1a tx timeout
[  240.753104][ T5862] Bluetooth: hci5: command 0x0405 tx timeout
[  241.086736][ T5862] Bluetooth: hci0: command 0x0406 tx timeout
[  241.149242][ T7173] 8021q: adding VLAN 0 to HW filter on device batadv0
[  241.163422][ T5862] Bluetooth: hci2: command 0x0406 tx timeout
[  242.455851][ T5862] Bluetooth: hci4: command 0x0406 tx timeout
[  242.587310][ T5862] Bluetooth: hci1: command 0x0c1a tx timeout
[  242.833451][ T5862] Bluetooth: hci5: command 0x0405 tx timeout
[  243.085924][ T7622] Invalid ELF header magic: != ELF
[  244.120127][ T7627] netlink: 4 bytes leftover after parsing attributes in process `syz.5.372'.
[  244.693193][ T5862] Bluetooth: hci1: command 0x0c1a tx timeout
[  244.924140][ T5862] Bluetooth: hci5: command 0x0405 tx timeout
[  245.010502][ T7639] netlink: 4 bytes leftover after parsing attributes in process `syz.5.372'.
[  246.130340][ T7652] netlink: 4 bytes leftover after parsing attributes in process `syz.3.376'.
[  246.161238][ T7173] veth0_vlan: entered promiscuous mode
[  246.266231][ T7658] loop5: detected capacity change from 0 to 16
[  246.328962][ T7173] veth1_vlan: entered promiscuous mode
[  246.333828][ T7658] erofs (device loop5): mounted with root inode @ nid 36.
[  246.682728][ T7173] veth0_macvtap: entered promiscuous mode
[  247.008282][ T7173] veth1_macvtap: entered promiscuous mode
[  247.125731][ T7173] batman_adv: batadv0: Interface activated: batadv_slave_0
[  247.177871][ T7173] batman_adv: batadv0: Interface activated: batadv_slave_1
[  247.303548][   T12] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  247.358347][   T12] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  247.404653][ T6294] erofs (device loop5): bogus dirent @ nid 46
[  247.430578][ T6294] erofs (device loop5): invalid de[0].nameoff 0 @ nid 89
[  247.454512][   T12] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  247.491126][ T6294] erofs (device loop5): invalid de[0].nameoff 0 @ nid 89
[  247.508695][   T12] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  248.561951][ T7688] netlink: 4 bytes leftover after parsing attributes in process `syz.1.385'.
[  248.854348][ T3582] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  248.864705][ T3582] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  248.968970][ T6175] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  248.987286][ T6175] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  249.446950][ T7697] loop3: detected capacity change from 0 to 40427
[  249.629380][ T7697] F2FS-fs (loop3): invalid crc value
[  249.766878][ T7697] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  249.779624][ T7697] F2FS-fs (loop3): Start checkpoint disabled!
[  249.872545][ T7697] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  252.049705][ T3582] kworker/u8:7: attempt to access beyond end of device
[  252.049705][ T3582] loop3: rw=1, sector=45096, nr_sectors = 8 limit=40427
[  252.231754][   T30] audit: type=1804 audit(1753377610.170:39): pid=7732 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.392" name="/newroot/52/file0" dev="tmpfs" ino=302 res=1 errno=0
[  252.349793][   T12] kworker/u8:0: attempt to access beyond end of device
[  252.349793][   T12] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  252.452529][   T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  252.452557][   T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  252.452568][   T12] Workqueue: writeback wb_workfn (flush-7:3)
[  252.452602][   T12] Call Trace:
[  252.452610][   T12]  <TASK>
[  252.452618][   T12]  dump_stack_lvl+0x189/0x250
[  252.452644][   T12]  ? __pfx_dump_stack_lvl+0x10/0x10
[  252.452663][   T12]  ? __pfx_queue_work_on+0x10/0x10
[  252.452678][   T12]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  252.452701][   T12]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  252.452734][   T12]  f2fs_handle_critical_error+0x37c/0x540
[  252.452767][   T12]  f2fs_write_end_io+0x886/0xb60
[  252.452805][   T12]  __submit_merged_bio+0x27a/0x6a0
[  252.452840][   T12]  __submit_merged_write_cond+0x255/0x530
[  252.452869][   T12]  f2fs_write_data_pages+0x261d/0x3000
[  252.452924][   T12]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  252.452954][   T12]  ? unwind_next_frame+0xa5/0x2390
[  252.452995][   T12]  ? ret_from_fork_asm+0x1a/0x30
[  252.453020][   T12]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  252.453059][   T12]  ? __lock_acquire+0xab9/0xd20
[  252.453088][   T12]  ? __update_page_owner_handle+0x5a/0x570
[  252.453120][   T12]  ? __lock_acquire+0xab9/0xd20
[  252.453145][   T12]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  252.453163][   T12]  do_writepages+0x32b/0x550
[  252.453190][   T12]  ? reacquire_held_locks+0x127/0x1d0
[  252.453205][   T12]  ? writeback_sb_inodes+0x384/0x1010
[  252.453244][   T12]  __writeback_single_inode+0x145/0xff0
[  252.453266][   T12]  ? do_raw_spin_unlock+0x122/0x240
[  252.453290][   T12]  writeback_sb_inodes+0x6c7/0x1010
[  252.453336][   T12]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  252.453397][   T12]  ? rcu_is_watching+0x15/0xb0
[  252.453419][   T12]  wb_writeback+0x43b/0xaf0
[  252.453443][   T12]  ? queue_io+0x311/0x590
[  252.453464][   T12]  ? __pfx_wb_writeback+0x10/0x10
[  252.453491][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[  252.453516][   T12]  wb_workfn+0x409/0xef0
[  252.453547][   T12]  ? __pfx_wb_workfn+0x10/0x10
[  252.453567][   T12]  ? __lock_acquire+0xab9/0xd20
[  252.453598][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[  252.453626][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[  252.453644][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[  252.453663][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[  252.453686][   T12]  process_scheduled_works+0xade/0x17b0
[  252.453733][   T12]  ? __pfx_process_scheduled_works+0x10/0x10
[  252.453771][   T12]  worker_thread+0x8a0/0xda0
[  252.453817][   T12]  kthread+0x70e/0x8a0
[  252.453839][   T12]  ? __pfx_worker_thread+0x10/0x10
[  252.453853][   T12]  ? __pfx_kthread+0x10/0x10
[  252.453876][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[  252.453897][   T12]  ? lockdep_hardirqs_on+0x9c/0x150
[  252.453916][   T12]  ? __pfx_kthread+0x10/0x10
[  252.453936][   T12]  ret_from_fork+0x3f9/0x770
[  252.453954][   T12]  ? __pfx_ret_from_fork+0x10/0x10
[  252.453975][   T12]  ? __switch_to_asm+0x39/0x70
[  252.453993][   T12]  ? __switch_to_asm+0x33/0x70
[  252.454011][   T12]  ? __pfx_kthread+0x10/0x10
[  252.454031][   T12]  ret_from_fork_asm+0x1a/0x30
[  252.454066][   T12]  </TASK>
[  252.791718][   T12] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  253.189255][ T7743] fuse: Bad value for 'fd'
[  253.248993][   T30] audit: type=1800 audit(1753377611.200:40): pid=7743 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.395" name="file1" dev="tmpfs" ino=539 res=0 errno=0
[  255.768070][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  255.774519][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  257.742667][ T7793] loop3: detected capacity change from 0 to 1024
[  257.822327][ T7797] bridge_slave_0: left allmulticast mode
[  257.893136][ T7797] bridge_slave_0: left promiscuous mode
[  257.898965][ T7797] bridge0: port 1(bridge_slave_0) entered disabled state
[  258.935446][ T7797] bridge_slave_1: left allmulticast mode
[  258.941096][ T7797] bridge_slave_1: left promiscuous mode
[  258.965783][   T30] audit: type=1800 audit(1753377616.910:41): pid=7793 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.404" name="file1" dev="loop3" ino=20 res=0 errno=0
[  259.051464][ T7797] bridge0: port 2(bridge_slave_1) entered disabled state
[  259.915350][ T7797] bond0: (slave bond_slave_0): Releasing backup interface
[  260.093282][ T7797] bond0: (slave bond_slave_1): Releasing backup interface
[  260.320608][ T7797] team0: Port device team_slave_0 removed
[  261.022216][ T7797] team0: Port device team_slave_1 removed
[  261.051826][ T7797] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  261.073427][ T7797] batman_adv: batadv0: Removing interface: batadv_slave_0
[  261.104048][ T7797] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  261.123094][ T7797] batman_adv: batadv0: Removing interface: batadv_slave_1
[  261.540021][ T7833] syz.1.412 uses obsolete (PF_INET,SOCK_PACKET)
[  261.756392][ T5967] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  262.607074][ T5967] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  262.628730][ T5967] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  262.797584][ T5967] usb 7-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  262.860114][ T5967] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  262.871514][ T5967] usb 7-1: SerialNumber: syz
[  263.065052][ T1210] usb 6-1: new full-speed USB device number 3 using dummy_hcd
[  263.118224][ T5967] usb 7-1: 0:2 : does not exist
[  263.647818][ T1210] usb 6-1: config 0 has no interfaces?
[  263.659048][ T1210] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  263.670891][ T1210] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  263.690161][ T1210] usb 6-1: SerialNumber: syz
[  263.704620][ T1210] usb 6-1: config 0 descriptor??
[  263.888884][ T5967] usb 7-1: USB disconnect, device number 2
[  263.972604][   T43] usb 6-1: USB disconnect, device number 3
[  264.011991][ T7857] netlink: 4 bytes leftover after parsing attributes in process `syz.3.419'.
[  264.193950][ T7857] bridge_slave_1: left allmulticast mode
[  264.204355][ T7857] bridge_slave_1: left promiscuous mode
[  264.210135][ T7857] bridge0: port 2(bridge_slave_1) entered disabled state
[  264.848686][ T7857] bridge_slave_0: left promiscuous mode
[  264.906745][ T7857] bridge0: port 1(bridge_slave_0) entered disabled state
[  266.111784][ T7871] loop6: detected capacity change from 0 to 1024
[  266.720522][   T30] audit: type=1800 audit(1753377624.670:42): pid=7871 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.424" name="file1" dev="loop6" ino=20 res=0 errno=0
[  269.263542][   T30] audit: type=1800 audit(1753377627.220:43): pid=7879 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.424" name="file1" dev="loop6" ino=20 res=0 errno=0
[  270.264504][ T7909] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  273.611440][ T7938] loop6: detected capacity change from 0 to 256
[  275.883172][ T7949] loop5: detected capacity change from 0 to 16
[  275.910721][ T7949] erofs: Unknown parameter ''
[  276.104748][ T7957] netlink: 48 bytes leftover after parsing attributes in process `syz.1.443'.
[  277.306606][ T7942] loop3: detected capacity change from 0 to 40427
[  277.873766][ T5857] Bluetooth: hci5: command 0x0405 tx timeout
[  280.771932][ T7994] 9pnet: p9_errstr2errno: server reported unknown error 18446744073
[  280.875394][ T7978] loop3: detected capacity change from 0 to 8
[  280.888732][ T7978] SQUASHFS error: zlib decompression failed, data probably corrupt
[  280.896790][ T7978] SQUASHFS error: Failed to read block 0x9b: -5
[  280.903050][ T7978] SQUASHFS error: Unable to read metadata cache entry [99]
[  280.910237][ T7978] SQUASHFS error: Unable to read inode 0x127
[  281.794927][ T8003] tipc: Started in network mode
[  281.799816][ T8003] tipc: Node identity 6, cluster identity 4711
[  281.807211][ T8003] tipc: Node number set to 6
[  283.731073][ T8021] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  288.849286][ T8054] libceph: resolve '.
[  288.849286][ T8054] #)|.��f��ǝ�a���2s�o�w���?�'�%ЏKAq�f��C���z�e�Sb3L)Hy�o����������Ǥ�Y�M�����h�E$
[  288.849286][ T8054] ' (ret=-3): failed
[  292.390179][ T8084] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  292.397698][ T8084] IPv6: NLM_F_CREATE should be set when creating new route
[  293.141180][ T8098] loop3: detected capacity change from 0 to 2048
[  294.147012][ T8098] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  297.575034][ T5841] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  303.924671][ T8179] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  304.714845][ T8183] netlink: 36 bytes leftover after parsing attributes in process `syz.5.504'.
[  304.732306][ T8183] netlink: 8 bytes leftover after parsing attributes in process `syz.5.504'.
[  309.907599][   T30] audit: type=1800 audit(1753377667.660:44): pid=8192 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.507" name="bus" dev="ramfs" ino=16886 res=0 errno=0
[  310.285101][ T8227] netlink: 12 bytes leftover after parsing attributes in process `syz.6.517'.
[  310.946036][ T8244] ptrace attach of "./syz-executor exec"[6294] was attempted by "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
[  311.841566][ T8252] netlink: 'syz.1.526': attribute type 1 has an invalid length.
[  312.233155][ T8254] libceph: resolve '.
[  312.233155][ T8254] #)|.��f��ǝ�a���2s�o�w���?�'�%ЏKAq�f��C���z�e�Sb3L)Hy�o����������Ǥ�Y�M�����h�E$
[  312.233155][ T8254] ' (ret=-3): failed
[  313.500581][ T8265] bond1: (slave geneve2): making interface the new active one
[  313.511884][ T8265] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  314.445050][  T152] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  315.178264][  T152] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  315.224364][ T8252] bond1: (slave bridge1): Enslaving as an active interface with a down link
[  315.233322][  T152] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  315.242455][  T152] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  317.524156][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  317.842022][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  318.684048][   T24] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  319.023023][   T24] usb 7-1: Using ep0 maxpacket: 16
[  319.851845][   T24] usb 7-1: config 0 has an invalid interface number: 68 but max is 0
[  319.860071][   T24] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  319.871682][   T24] usb 7-1: config 0 has no interface number 0
[  319.905929][   T24] usb 7-1: config 0 interface 68 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  321.088064][   T30] audit: type=1800 audit(1753377678.720:45): pid=8325 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.545" name="/" dev="9p" ino=4611686018427387906 res=0 errno=0
[  321.131061][   T24] usb 7-1: string descriptor 0 read error: -71
[  321.139603][   T24] usb 7-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=dc.c4
[  321.152021][   T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  321.223773][   T24] usb 7-1: config 0 descriptor??
[  321.484664][   T24] usb 7-1: can't set config #0, error -71
[  321.523823][   T24] usb 7-1: USB disconnect, device number 3
[  321.911930][ T8333] batman_adv: batadv0: Adding interface: dummy0
[  321.918226][ T8333] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  321.944058][ T8333] batman_adv: batadv0: Interface activated: dummy0
[  321.960728][ T8333] batadv0: mtu less than device minimum
[  321.968581][ T8333] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  321.979777][ T8333] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  321.990842][ T8333] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  322.001918][ T8333] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  322.013037][ T8333] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  322.024129][ T8333] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  322.035250][ T8333] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  322.046329][ T8333] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  322.057416][ T8333] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  324.065775][ T8346] vlan2: entered promiscuous mode
[  324.083396][ T8346] vlan2: entered allmulticast mode
[  324.103442][ T8346] hsr_slave_1: entered allmulticast mode
[  324.897009][ T8355] netlink: 4 bytes leftover after parsing attributes in process `syz.5.551'.
[  326.151818][ T8372] netlink: 'syz.3.558': attribute type 10 has an invalid length.
[  326.696578][ T8372] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  328.879335][ T8402] loop6: detected capacity change from 0 to 40427
[  328.953264][ T8402] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[  328.961082][ T8402] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  328.975694][ T8402] F2FS-fs (loop6): invalid crc value
[  329.157168][ T8402] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  329.172638][ T8402] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  329.180181][ T8402] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  331.121501][ T8434] capability: warning: `syz.2.576' uses deprecated v2 capabilities in a way that may be insecure
[  331.535005][ T8435] Zero length message leads to an empty skb
[  332.012994][ T5908] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  332.213001][ T5908] usb 6-1: Using ep0 maxpacket: 8
[  332.321736][ T5908] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  332.340893][ T5908] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  332.349338][ T5908] usb 6-1: Product: syz
[  332.354473][ T5908] usb 6-1: Manufacturer: syz
[  332.359075][ T5908] usb 6-1: SerialNumber: syz
[  332.374987][ T5908] usb 6-1: config 0 descriptor??
[  333.510390][   T30] audit: type=1326 audit(1753377691.090:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8448 comm="syz.3.580" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc51018e9a9 code=0x0
[  333.534308][ T5908] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  334.787777][ T5908] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -110
[  334.816150][ T8470] netlink: 44 bytes leftover after parsing attributes in process `syz.3.584'.
[  334.841223][ T5908] usb 6-1: USB disconnect, device number 4
[  335.801417][ T8477] loop5: detected capacity change from 0 to 2048
[  336.984831][ T8477] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  337.459991][   T30] audit: type=1800 audit(1753377695.150:47): pid=8477 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.585" name="file1" dev="loop5" ino=15 res=0 errno=0
[  337.470532][ T8501] net_ratelimit: 10 callbacks suppressed
[  337.470547][ T8501] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0x3
[  337.746209][ T8504] lo speed is unknown, defaulting to 1000
[  337.753239][ T8504] lo speed is unknown, defaulting to 1000
[  337.776213][ T8504] lo speed is unknown, defaulting to 1000
[  338.305071][ T8504] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  338.321957][ T8504] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  338.473419][ T8504] lo speed is unknown, defaulting to 1000
[  338.573467][ T8504] lo speed is unknown, defaulting to 1000
[  338.591109][ T8504] lo speed is unknown, defaulting to 1000
[  338.610567][ T8504] lo speed is unknown, defaulting to 1000
[  338.628052][ T8504] lo speed is unknown, defaulting to 1000
[  340.197791][ T6294] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  340.452583][ T8529] netlink: 'syz.2.597': attribute type 1 has an invalid length.
[  341.294939][ T8537] loop6: detected capacity change from 0 to 65
[  341.428267][ T8537] BFS-fs: bfs_fill_super(): Impossible last inode number 2097665 > 513 on loop6
[  341.438039][   T24] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  342.265008][   T24] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  342.440020][   T24] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  342.524439][   T24] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  342.545520][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  342.555387][   T24] usb 6-1: SerialNumber: syz
[  343.599091][   T24] usb 6-1: 0:2 : does not exist
[  343.870015][   T24] usb 6-1: unit 255 not found!
[  344.517626][ T8553] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  344.754678][   T24] usb 6-1: 5:0: cannot get min/max values for control 1 (id 5)
[  344.905786][   T24] usb 6-1: 5:0: cannot get min/max values for control 2 (id 5)
[  344.936231][   T24] usb 6-1: 5:0: cannot get min/max values for control 3 (id 5)
[  345.032782][   T24] usb 6-1: USB disconnect, device number 5
[  345.118302][ T8566] netlink: 4 bytes leftover after parsing attributes in process `syz.2.606'.
[  345.159642][ T5848] udevd[5848]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  347.044658][ T8584] 8021q: adding VLAN 0 to HW filter on device bond0
[  347.317137][ T8585] loop5: detected capacity change from 0 to 40427
[  347.347425][ T8585] F2FS-fs (loop5): invalid crc value
[  347.485324][ T8585] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  347.496792][ T8585] F2FS-fs (loop5): Start checkpoint disabled!
[  347.659214][ T8584] bond0: (slave rose0): Enslaving as an active interface with an up link
[  347.958250][ T8585] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  348.388030][ T8600] F2FS-fs (loop5): ino:10, start:0, end:8192, need to trigger GC to reclaim enough free segment when checkpoint is enabled
[  348.496607][   T12] kworker/u8:0: attempt to access beyond end of device
[  348.496607][   T12] loop5: rw=2049, sector=45096, nr_sectors = 24 limit=40427
[  348.525354][   T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  348.525378][   T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  348.525388][   T12] Workqueue: writeback wb_workfn (flush-7:5)
[  348.525414][   T12] Call Trace:
[  348.525421][   T12]  <TASK>
[  348.525429][   T12]  dump_stack_lvl+0x189/0x250
[  348.525453][   T12]  ? __pfx_dump_stack_lvl+0x10/0x10
[  348.525471][   T12]  ? __pfx_queue_work_on+0x10/0x10
[  348.525485][   T12]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  348.525508][   T12]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  348.525544][   T12]  f2fs_handle_critical_error+0x37c/0x540
[  348.525577][   T12]  f2fs_write_end_io+0x886/0xb60
[  348.525618][   T12]  __submit_merged_bio+0x27a/0x6a0
[  348.525649][   T12]  __submit_merged_write_cond+0x255/0x530
[  348.525681][   T12]  f2fs_write_data_pages+0x261d/0x3000
[  348.525739][   T12]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  348.525851][   T12]  ? f2fs_write_meta_pages+0x357/0x450
[  348.525880][   T12]  ? __lock_acquire+0xab9/0xd20
[  348.525908][   T12]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  348.525927][   T12]  do_writepages+0x32b/0x550
[  348.525955][   T12]  ? reacquire_held_locks+0x127/0x1d0
[  348.525971][   T12]  ? writeback_sb_inodes+0x384/0x1010
[  348.526003][   T12]  __writeback_single_inode+0x145/0xff0
[  348.526033][   T12]  ? do_raw_spin_unlock+0x122/0x240
[  348.526058][   T12]  writeback_sb_inodes+0x6c7/0x1010
[  348.526112][   T12]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  348.526183][   T12]  ? rcu_is_watching+0x15/0xb0
[  348.526212][   T12]  wb_writeback+0x43b/0xaf0
[  348.526245][   T12]  ? queue_io+0x311/0x590
[  348.526270][   T12]  ? __pfx_wb_writeback+0x10/0x10
[  348.526302][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[  348.526330][   T12]  wb_workfn+0x409/0xef0
[  348.526369][   T12]  ? __pfx_wb_workfn+0x10/0x10
[  348.526395][   T12]  ? __lock_acquire+0xab9/0xd20
[  348.526430][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[  348.526461][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[  348.526481][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[  348.526502][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[  348.526528][   T12]  process_scheduled_works+0xade/0x17b0
[  348.526587][   T12]  ? __pfx_process_scheduled_works+0x10/0x10
[  348.526631][   T12]  worker_thread+0x8a0/0xda0
[  348.526681][   T12]  kthread+0x70e/0x8a0
[  348.526704][   T12]  ? __pfx_worker_thread+0x10/0x10
[  348.526720][   T12]  ? __pfx_kthread+0x10/0x10
[  348.526742][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[  348.526763][   T12]  ? lockdep_hardirqs_on+0x9c/0x150
[  348.526782][   T12]  ? __pfx_kthread+0x10/0x10
[  348.526803][   T12]  ret_from_fork+0x3f9/0x770
[  348.526823][   T12]  ? __pfx_ret_from_fork+0x10/0x10
[  348.526848][   T12]  ? __switch_to_asm+0x39/0x70
[  348.526865][   T12]  ? __switch_to_asm+0x33/0x70
[  348.526882][   T12]  ? __pfx_kthread+0x10/0x10
[  348.526903][   T12]  ret_from_fork_asm+0x1a/0x30
[  348.526942][   T12]  </TASK>
[  348.526949][   T12] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  348.848606][   T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  348.848631][   T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  348.848641][   T12] Workqueue: writeback wb_workfn (flush-7:5)
[  348.848666][   T12] Call Trace:
[  348.848673][   T12]  <TASK>
[  348.848681][   T12]  dump_stack_lvl+0x189/0x250
[  348.848706][   T12]  ? __pfx_dump_stack_lvl+0x10/0x10
[  348.848724][   T12]  ? __pfx_queue_work_on+0x10/0x10
[  348.848739][   T12]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  348.848761][   T12]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  348.848796][   T12]  f2fs_handle_critical_error+0x37c/0x540
[  348.848828][   T12]  f2fs_write_end_io+0x886/0xb60
[  348.848866][   T12]  __submit_merged_bio+0x27a/0x6a0
[  348.848895][   T12]  __submit_merged_write_cond+0x255/0x530
[  348.848928][   T12]  f2fs_write_data_pages+0x261d/0x3000
[  348.848994][   T12]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  348.849109][   T12]  ? f2fs_write_meta_pages+0x357/0x450
[  348.849138][   T12]  ? __lock_acquire+0xab9/0xd20
[  348.849165][   T12]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  348.849182][   T12]  do_writepages+0x32b/0x550
[  348.849208][   T12]  ? reacquire_held_locks+0x127/0x1d0
[  348.849223][   T12]  ? writeback_sb_inodes+0x384/0x1010
[  348.849249][   T12]  __writeback_single_inode+0x145/0xff0
[  348.849268][   T12]  ? do_raw_spin_unlock+0x122/0x240
[  348.849288][   T12]  writeback_sb_inodes+0x6c7/0x1010
[  348.849330][   T12]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  348.849386][   T12]  ? rcu_is_watching+0x15/0xb0
[  348.849408][   T12]  wb_writeback+0x43b/0xaf0
[  348.849433][   T12]  ? queue_io+0x311/0x590
[  348.849454][   T12]  ? __pfx_wb_writeback+0x10/0x10
[  348.849480][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[  348.849502][   T12]  wb_workfn+0x409/0xef0
[  348.849531][   T12]  ? __pfx_wb_workfn+0x10/0x10
[  348.849552][   T12]  ? __lock_acquire+0xab9/0xd20
[  348.849579][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[  348.849604][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[  348.849620][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[  348.849637][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[  348.849657][   T12]  process_scheduled_works+0xade/0x17b0
[  348.849702][   T12]  ? __pfx_process_scheduled_works+0x10/0x10
[  348.849737][   T12]  worker_thread+0x8a0/0xda0
[  348.849775][   T12]  kthread+0x70e/0x8a0
[  348.849793][   T12]  ? __pfx_worker_thread+0x10/0x10
[  348.849805][   T12]  ? __pfx_kthread+0x10/0x10
[  348.849822][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[  348.849839][   T12]  ? lockdep_hardirqs_on+0x9c/0x150
[  348.849855][   T12]  ? __pfx_kthread+0x10/0x10
[  348.849871][   T12]  ret_from_fork+0x3f9/0x770
[  348.849887][   T12]  ? __pfx_ret_from_fork+0x10/0x10
[  348.849906][   T12]  ? __switch_to_asm+0x39/0x70
[  348.849920][   T12]  ? __switch_to_asm+0x33/0x70
[  348.849934][   T12]  ? __pfx_kthread+0x10/0x10
[  348.849950][   T12]  ret_from_fork_asm+0x1a/0x30
[  348.849981][   T12]  </TASK>
[  348.850202][   T12] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  349.155688][   T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  349.155712][   T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  349.155722][   T12] Workqueue: writeback wb_workfn (flush-7:5)
[  349.155749][   T12] Call Trace:
[  349.155756][   T12]  <TASK>
[  349.155764][   T12]  dump_stack_lvl+0x189/0x250
[  349.155789][   T12]  ? __pfx_dump_stack_lvl+0x10/0x10
[  349.155808][   T12]  ? __pfx_queue_work_on+0x10/0x10
[  349.155823][   T12]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  349.155846][   T12]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  349.155881][   T12]  f2fs_handle_critical_error+0x37c/0x540
[  349.155914][   T12]  f2fs_write_end_io+0x886/0xb60
[  349.155953][   T12]  __submit_merged_bio+0x27a/0x6a0
[  349.155985][   T12]  __submit_merged_write_cond+0x255/0x530
[  349.156017][   T12]  f2fs_write_data_pages+0x261d/0x3000
[  349.156077][   T12]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  349.156186][   T12]  ? f2fs_write_meta_pages+0x357/0x450
[  349.156216][   T12]  ? __lock_acquire+0xab9/0xd20
[  349.156251][   T12]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  349.156271][   T12]  do_writepages+0x32b/0x550
[  349.156300][   T12]  ? reacquire_held_locks+0x127/0x1d0
[  349.156317][   T12]  ? writeback_sb_inodes+0x384/0x1010
[  349.156350][   T12]  __writeback_single_inode+0x145/0xff0
[  349.156372][   T12]  ? do_raw_spin_unlock+0x122/0x240
[  349.156397][   T12]  writeback_sb_inodes+0x6c7/0x1010
[  349.156453][   T12]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  349.156524][   T12]  ? rcu_is_watching+0x15/0xb0
[  349.156552][   T12]  wb_writeback+0x43b/0xaf0
[  349.156585][   T12]  ? queue_io+0x311/0x590
[  349.156611][   T12]  ? __pfx_wb_writeback+0x10/0x10
[  349.156644][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[  349.156672][   T12]  wb_workfn+0x409/0xef0
[  349.156712][   T12]  ? __pfx_wb_workfn+0x10/0x10
[  349.156738][   T12]  ? __lock_acquire+0xab9/0xd20
[  349.156773][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[  349.156805][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[  349.156824][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[  349.156844][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[  349.156869][   T12]  process_scheduled_works+0xade/0x17b0
[  349.156930][   T12]  ? __pfx_process_scheduled_works+0x10/0x10
[  349.156976][   T12]  worker_thread+0x8a0/0xda0
[  349.157025][   T12]  kthread+0x70e/0x8a0
[  349.157049][   T12]  ? __pfx_worker_thread+0x10/0x10
[  349.157065][   T12]  ? __pfx_kthread+0x10/0x10
[  349.157088][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[  349.157108][   T12]  ? lockdep_hardirqs_on+0x9c/0x150
[  349.157128][   T12]  ? __pfx_kthread+0x10/0x10
[  349.157149][   T12]  ret_from_fork+0x3f9/0x770
[  349.157170][   T12]  ? __pfx_ret_from_fork+0x10/0x10
[  349.157195][   T12]  ? __switch_to_asm+0x39/0x70
[  349.157214][   T12]  ? __switch_to_asm+0x33/0x70
[  349.157231][   T12]  ? __pfx_kthread+0x10/0x10
[  349.157258][   T12]  ret_from_fork_asm+0x1a/0x30
[  349.157296][   T12]  </TASK>
[  349.157304][   T12] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  351.346777][ T8634] netlink: 4 bytes leftover after parsing attributes in process `syz.1.625'.
[  354.175467][ T8659] sctp: [Deprecated]: syz.5.632 (pid 8659) Use of int in max_burst socket option.
[  354.175467][ T8659] Use struct sctp_assoc_value instead
[  357.390668][ T8686] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  357.876438][ T8698] bridge_slave_0: left allmulticast mode
[  357.892462][ T8698] bridge_slave_0: left promiscuous mode
[  357.898429][ T8698] bridge0: port 1(bridge_slave_0) entered disabled state
[  357.916258][ T8698] bridge_slave_1: left allmulticast mode
[  357.922043][ T8698] bridge_slave_1: left promiscuous mode
[  357.928032][ T8698] bridge0: port 2(bridge_slave_1) entered disabled state
[  358.129883][ T8698] bond0: (slave bond_slave_0): Releasing backup interface
[  358.142585][ T8698] bond0: (slave bond_slave_1): Releasing backup interface
[  358.167655][ T8698] team0: Port device team_slave_0 removed
[  358.211611][ T8698] team0: Port device team_slave_1 removed
[  358.218044][ T8698] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  358.225589][ T8698] batman_adv: batadv0: Removing interface: batadv_slave_0
[  358.235945][ T8698] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  358.243551][ T8698] batman_adv: batadv0: Removing interface: batadv_slave_1
[  358.279880][ T8703] bond0: (slave vxlan0): Enslaving as an active interface with an up link
[  358.297230][ T8704] team0: Mode changed to "activebackup"
[  358.320079][ T8706] vlan0: entered promiscuous mode
[  358.345273][ T8706] team0: Port device vlan0 added
[  358.351676][   T12] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  358.360907][   T12] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  358.372611][   T12] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  358.383473][ T8708] tipc: Started in network mode
[  358.388420][ T8708] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711
[  358.396527][ T8708] tipc: Enabled bearer <eth:team0>, priority 0
[  358.406548][   T12] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  359.474658][ T1210] tipc: Node number set to 11578026
[  360.520708][ T8727] sctp: [Deprecated]: syz.1.650 (pid 8727) Use of int in max_burst socket option.
[  360.520708][ T8727] Use struct sctp_assoc_value instead
[  362.885100][ T8749] netlink: 'syz.1.657': attribute type 1 has an invalid length.
[  362.991494][ T8749] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address
[  363.038537][ T8749] bond2: (slave vxcan3): Error -95 calling set_mac_address
[  363.185158][ T8751] gretap1: entered promiscuous mode
[  363.208785][ T8751] bond2: (slave gretap1): making interface the new active one
[  363.230836][ T8751] bond2: (slave gretap1): Enslaving as an active interface with an up link
[  364.163542][ T8753] macvlan2: entered promiscuous mode
[  364.168868][ T8753] macvlan2: entered allmulticast mode
[  364.228010][ T8753] bond2: entered promiscuous mode
[  364.278858][ T8753] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  364.321509][ T8753] bond2: (slave macvlan2): the slave hw address is in use by the bond; giving it the hw address of gretap1
[  364.745652][ T8753] bond2: left promiscuous mode
[  369.285877][    C1] vxcan1: j1939_tp_rxtimer: 0xffff888057e6d400: rx timeout, send abort
[  369.794181][    C1] vxcan1: j1939_tp_rxtimer: 0xffff888057e6d400: abort rx timeout. Force session deactivation
[  371.669159][ T8836] gtp0: entered promiscuous mode
[  374.686736][ T8866] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-��:�/": -EINTR
[  376.758980][ T8875] tipc: Started in network mode
[  376.810681][ T8875] tipc: Node identity f61226a4347f, cluster identity 4711
[  376.822477][ T8875] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  376.831636][ T8875] syzkaller0: entered promiscuous mode
[  376.841795][ T8875] syzkaller0: entered allmulticast mode
[  376.861860][ T5967] IPVS: starting estimator thread 0...
[  377.031372][ T8880] IPVS: using max 35 ests per chain, 84000 per kthread
[  377.063322][ T8878] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  377.087039][ T8882] tipc: Resetting bearer <eth:syzkaller0>
[  377.134080][ T8874] tipc: Resetting bearer <eth:syzkaller0>
[  377.336458][ T8874] tipc: Disabling bearer <eth:syzkaller0>
[  379.319732][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  379.326072][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  385.350509][ T8926] loop3: detected capacity change from 0 to 8
[  385.474021][ T8926] MTD: Attempt to mount non-MTD device "/dev/loop3"
[  385.579351][ T8923] loop5: detected capacity change from 0 to 40427
[  385.658269][ T5848] udevd[5848]: incorrect cramfs checksum on /dev/loop3
[  385.674455][ T8923] F2FS-fs (loop5): invalid crc value
[  386.150724][ T8923] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  386.183685][ T8923] F2FS-fs (loop5): Start checkpoint disabled!
[  386.184374][ T8934] overlayfs: failed to clone upperpath
[  386.208720][ T6222] udevd[6222]: incorrect cramfs checksum on /dev/loop3
[  386.281633][ T8923] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  387.004875][   T49] kworker/u8:3: attempt to access beyond end of device
[  387.004875][   T49] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  387.021806][   T49] CPU: 0 UID: 0 PID: 49 Comm: kworker/u8:3 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  387.021829][   T49] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  387.021840][   T49] Workqueue: writeback wb_workfn (flush-7:5)
[  387.021873][   T49] Call Trace:
[  387.021880][   T49]  <TASK>
[  387.021887][   T49]  dump_stack_lvl+0x189/0x250
[  387.021903][   T49]  ? __pfx_dump_stack_lvl+0x10/0x10
[  387.021914][   T49]  ? __pfx_queue_work_on+0x10/0x10
[  387.021923][   T49]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  387.021939][   T49]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  387.021960][   T49]  f2fs_handle_critical_error+0x37c/0x540
[  387.021981][   T49]  f2fs_write_end_io+0x886/0xb60
[  387.022004][   T49]  __submit_merged_bio+0x27a/0x6a0
[  387.022023][   T49]  __submit_merged_write_cond+0x255/0x530
[  387.022043][   T49]  f2fs_write_data_pages+0x261d/0x3000
[  387.022074][   T49]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  387.022135][   T49]  ? f2fs_write_meta_pages+0x357/0x450
[  387.022152][   T49]  ? __lock_acquire+0xab9/0xd20
[  387.022169][   T49]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  387.022180][   T49]  do_writepages+0x32b/0x550
[  387.022198][   T49]  ? reacquire_held_locks+0x127/0x1d0
[  387.022207][   T49]  ? writeback_sb_inodes+0x384/0x1010
[  387.022227][   T49]  __writeback_single_inode+0x145/0xff0
[  387.022248][   T49]  ? do_raw_spin_unlock+0x122/0x240
[  387.022272][   T49]  writeback_sb_inodes+0x6c7/0x1010
[  387.022325][   T49]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  387.022398][   T49]  ? rcu_is_watching+0x15/0xb0
[  387.022419][   T49]  wb_writeback+0x43b/0xaf0
[  387.022444][   T49]  ? queue_io+0x311/0x590
[  387.022460][   T49]  ? __pfx_wb_writeback+0x10/0x10
[  387.022480][   T49]  ? _raw_spin_unlock_irq+0x23/0x50
[  387.022496][   T49]  wb_workfn+0x409/0xef0
[  387.022519][   T49]  ? __pfx_wb_workfn+0x10/0x10
[  387.022539][   T49]  ? __lock_acquire+0xab9/0xd20
[  387.022560][   T49]  ? process_scheduled_works+0x9ef/0x17b0
[  387.022580][   T49]  ? _raw_spin_unlock_irq+0x23/0x50
[  387.022592][   T49]  ? process_scheduled_works+0x9ef/0x17b0
[  387.022606][   T49]  ? process_scheduled_works+0x9ef/0x17b0
[  387.022622][   T49]  process_scheduled_works+0xade/0x17b0
[  387.022656][   T49]  ? __pfx_process_scheduled_works+0x10/0x10
[  387.022682][   T49]  worker_thread+0x8a0/0xda0
[  387.022709][   T49]  kthread+0x70e/0x8a0
[  387.022723][   T49]  ? __pfx_worker_thread+0x10/0x10
[  387.022732][   T49]  ? __pfx_kthread+0x10/0x10
[  387.022745][   T49]  ? _raw_spin_unlock_irq+0x23/0x50
[  387.022758][   T49]  ? lockdep_hardirqs_on+0x9c/0x150
[  387.022771][   T49]  ? __pfx_kthread+0x10/0x10
[  387.022788][   T49]  ret_from_fork+0x3f9/0x770
[  387.022800][   T49]  ? __pfx_ret_from_fork+0x10/0x10
[  387.022816][   T49]  ? __switch_to_asm+0x39/0x70
[  387.022833][   T49]  ? __switch_to_asm+0x33/0x70
[  387.022849][   T49]  ? __pfx_kthread+0x10/0x10
[  387.022874][   T49]  ret_from_fork_asm+0x1a/0x30
[  387.022912][   T49]  </TASK>
[  387.343279][   T49] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  387.779469][ T8948] netlink: 36 bytes leftover after parsing attributes in process `syz.2.708'.
[  387.814120][ T8950] loop3: detected capacity change from 0 to 128
[  388.777397][ T8948] netlink: 16 bytes leftover after parsing attributes in process `syz.2.708'.
[  388.824462][ T8948] netlink: 36 bytes leftover after parsing attributes in process `syz.2.708'.
[  388.838308][ T8947] loop6: detected capacity change from 0 to 4096
[  388.897151][ T8955] netlink: 28 bytes leftover after parsing attributes in process `syz.1.711'.
[  388.907990][ T8948] netlink: 36 bytes leftover after parsing attributes in process `syz.2.708'.
[  388.924230][ T8955] netlink: 8 bytes leftover after parsing attributes in process `syz.1.711'.
[  388.967641][ T8947] NILFS (loop6): invalid segment: Checksum error in segment payload
[  389.003452][ T8956] netlink: 'syz.1.711': attribute type 10 has an invalid length.
[  389.021221][ T8947] NILFS (loop6): trying rollback from an earlier position
[  389.080093][ T8956] bridge0: port 1(team0) entered blocking state
[  389.142659][ T8956] bridge0: port 1(team0) entered disabled state
[  389.188963][ T8947] NILFS (loop6): recovery complete
[  389.257957][ T8956] team0: entered allmulticast mode
[  389.295155][ T8959] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  390.214428][ T8971] netlink: 4 bytes leftover after parsing attributes in process `syz.1.712'.
[  392.105517][ T8993] netlink: 176 bytes leftover after parsing attributes in process `syz.5.706'.
[  393.865137][ T9014] netlink: 'syz.2.724': attribute type 1 has an invalid length.
[  395.186817][ T9014] 8021q: adding VLAN 0 to HW filter on device bond1
[  395.411578][ T9038] netlink: 12 bytes leftover after parsing attributes in process `syz.3.730'.
[  395.423251][ T9019] 8021q: adding VLAN 0 to HW filter on device bond1
[  395.430306][ T9019] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  395.443335][ T9019] bond1: (slave vxcan3): Error -95 calling set_mac_address
[  396.950272][ T9023] gretap1: entered promiscuous mode
[  396.964940][ T9023] bond1: (slave gretap1): making interface the new active one
[  396.978540][ T9023] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  397.214064][ T9030] macvlan2: entered promiscuous mode
[  397.219394][ T9030] macvlan2: entered allmulticast mode
[  397.234299][ T9030] bond1: entered promiscuous mode
[  397.240162][ T9030] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  397.407478][ T9030] bond1: (slave macvlan2): the slave hw address is in use by the bond; giving it the hw address of gretap1
[  397.425639][ T9030] bond1: left promiscuous mode
[  398.024777][ T9043] bridge0: port 1(veth0_to_bond) entered blocking state
[  398.054740][ T9043] bridge0: port 1(veth0_to_bond) entered disabled state
[  398.072235][ T9043] veth0_to_bond: entered allmulticast mode
[  398.097506][ T9043] veth0_to_bond: entered promiscuous mode
[  398.280919][ T9046] vlan2: entered allmulticast mode
[  398.333060][ T9046] veth1: entered allmulticast mode
[  398.453569][ T9046] bridge0: port 2(vlan2) entered blocking state
[  398.459960][ T9046] bridge0: port 2(vlan2) entered disabled state
[  398.468914][ T9046] vlan2: entered promiscuous mode
[  398.474069][ T9046] veth1: entered promiscuous mode
[  399.599230][ T9071] ref_ctr going negative. vaddr: 0x200000ffc002, curr val: -29824, delta: 1
[  399.608490][ T9071] ref_ctr increment failed for inode: 0x18c offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff888030832040
[  399.674244][   T30] audit: type=1804 audit(1753377757.524:48): pid=9071 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.735" name="/newroot/72/file0" dev="tmpfs" ino=396 res=1 errno=0
[  404.361015][ T9106] netlink: 92 bytes leftover after parsing attributes in process `syz.2.744'.
[  404.396527][ T9110] mmap: syz.3.746 (9110) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  413.007251][ T9186] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  413.392984][ T5908] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  413.480785][ T9191] loop5: detected capacity change from 0 to 256
[  413.662945][ T5908] usb 4-1: Using ep0 maxpacket: 16
[  413.731996][ T5908] usb 4-1: config 64 has an invalid interface number: 176 but max is 0
[  414.282909][ T5908] usb 4-1: config 64 has no interface number 0
[  414.289505][ T5908] usb 4-1: config 64 interface 176 has no altsetting 0
[  414.370005][ T5908] usb 4-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=14.8d
[  414.483170][ T5908] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  414.515077][ T5908] usb 4-1: Product: syz
[  414.658693][   T30] audit: type=1800 audit(1753377772.614:49): pid=9194 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.767" name="bus" dev="ramfs" ino=20714 res=0 errno=0
[  414.678304][ T5908] usb 4-1: Manufacturer: syz
[  414.678339][ T5908] usb 4-1: SerialNumber: syz
[  415.493383][ T5908] peak_usb 4-1:64.176 can0: unable to request usb[type=0 value=1] err=-71
[  415.512809][ T5908] peak_usb 4-1:64.176: unable to read PCAN-USB X6 firmware info (err -71)
[  415.742158][ T5908] peak_usb 4-1:64.176: probe with driver peak_usb failed with error -71
[  416.581655][ T5908] usb 4-1: USB disconnect, device number 3
[  418.374693][ T9257] loop5: detected capacity change from 0 to 1024
[  425.650560][ T9306] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  425.791715][ T9310] kvm: pic: single mode not supported
[  425.791881][ T9310] kvm: pic: level sensitive irq not supported
[  425.802290][ T9310] kvm: pic: single mode not supported
[  425.808663][ T9310] kvm: pic: level sensitive irq not supported
[  425.985994][ T9310] kvm: pic: single mode not supported
[  425.992114][ T9310] kvm: pic: level sensitive irq not supported
[  426.031871][ T9313] netlink: 44 bytes leftover after parsing attributes in process `syz.1.788'.
[  426.065709][ T9310] kvm: pic: single mode not supported
[  426.065728][ T9310] kvm: pic: level sensitive irq not supported
[  426.072384][ T9310] kvm: pic: single mode not supported
[  426.078685][ T9310] kvm: pic: level sensitive irq not supported
[  426.090384][ T9310] kvm: pic: single mode not supported
[  426.096717][ T9310] kvm: pic: level sensitive irq not supported
[  428.713389][ T9348] ptrace attach of "./syz-executor exec"[9349] was attempted by "./syz-executor exec"[9348]
[  429.312927][ T9353] netlink: 8 bytes leftover after parsing attributes in process `syz.2.800'.
[  429.662815][ T9353] netlink: 4 bytes leftover after parsing attributes in process `syz.2.800'.
[  432.312117][ T9390] netdevsim netdevsim1: Direct firmware load for ./file0 failed with error -2
[  432.321332][ T9390] netdevsim netdevsim1: Falling back to sysfs fallback for: ./file0
[  437.375710][   T30] audit: type=1800 audit(1753377795.334:50): pid=9439 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.822" name="nullb0" dev="tmpfs" ino=940 res=0 errno=0
[  437.957282][ T9446] netlink: 8 bytes leftover after parsing attributes in process `syz.2.824'.
[  437.966277][ T9446] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  439.980166][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  439.989542][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  440.317396][ T9471] overlayfs: failed to clone upperpath
[  442.013250][   T30] audit: type=1800 audit(1753377799.964:51): pid=9462 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.823" name="bus" dev="ramfs" ino=21064 res=0 errno=0
[  444.477891][ T9502] loop3: detected capacity change from 0 to 2048
[  444.544781][ T9502] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  447.043849][ T9530] SET target dimension over the limit!
[  447.252736][   T30] audit: type=1800 audit(1753377805.204:52): pid=9518 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.840" name="/" dev="9p" ino=2 res=0 errno=0
[  448.717285][ T9545] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  448.943244][ T5967] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[  449.966491][ T5967] usb 4-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  449.982617][ T5967] usb 4-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  450.119005][ T5967] usb 4-1: config 0 interface 0 has no altsetting 0
[  450.144556][ T5967] usb 4-1: New USB device found, idVendor=046d, idProduct=c24f, bcdDevice= 0.00
[  450.191973][ T5967] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  450.304533][ T5967] usb 4-1: config 0 descriptor??
[  450.313346][ T9548] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  451.190995][ T5967] logitech 0003:046D:C24F.0003: unbalanced collection at end of report description
[  451.274004][ T5967] logitech 0003:046D:C24F.0003: parse failed
[  451.312979][ T5967] logitech 0003:046D:C24F.0003: probe with driver logitech failed with error -22
[  451.431736][ T5967] usb 4-1: USB disconnect, device number 4
[  452.523643][   T30] audit: type=1800 audit(1753377810.474:53): pid=9570 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.854" name="bus" dev="ramfs" ino=21981 res=0 errno=0
[  453.076313][ T9589] SET target dimension over the limit!
[  457.603381][ T9621] netlink: 8 bytes leftover after parsing attributes in process `syz.1.867'.
[  462.188432][ T9656] loop5: detected capacity change from 0 to 512
[  462.355967][ T9656] EXT4-fs: Ignoring removed mblk_io_submit option
[  463.158129][ T9656] EXT4-fs error (device loop5): ext4_iget_extra_inode:5103: inode #15: comm syz.5.878: corrupted in-inode xattr: overlapping e_value 
[  463.193549][ T9656] EXT4-fs error (device loop5): ext4_orphan_get:1397: comm syz.5.878: couldn't read orphan inode 15 (err -117)
[  463.258399][ T9656] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  464.872792][ T6294] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  465.870847][ T5915] IPVS: starting estimator thread 0...
[  466.422737][   T30] audit: type=1800 audit(1753377824.374:54): pid=9665 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.879" name="bus" dev="ramfs" ino=22114 res=0 errno=0
[  466.553024][ T9687] IPVS: using max 30 ests per chain, 72000 per kthread
[  473.713535][ T9760] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  473.713535][ T9760] The task syz.2.903 (9760) triggered the difference, watch for misbehavior.
[  473.800886][ T9761] SET target dimension over the limit!
[  477.602600][ T9783] netlink: 'syz.3.913': attribute type 1 has an invalid length.
[  477.629187][ T9783] netlink: 'syz.3.913': attribute type 12 has an invalid length.
[  477.653859][ T9783] netlink: 9472 bytes leftover after parsing attributes in process `syz.3.913'.
[  479.034832][ T9807] loop6: detected capacity change from 0 to 47
[  479.144712][ T9807] MINIX-fs: deleted inode referenced: 9
[  479.165655][ T9807] MINIX-fs: deleted inode referenced: 9
[  480.620676][ T9825] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  481.826559][ T5915] IPVS: starting estimator thread 0...
[  482.112982][ T9837] IPVS: using max 39 ests per chain, 93600 per kthread
[  483.463065][ T9864] syz.3.931 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  484.271442][ T9872] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README
[  484.284908][ T9872] Error validating options; rc = [-22]
[  486.421633][ T9867] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  486.503865][ T9877] loop6: detected capacity change from 0 to 64
[  488.336347][ T9894] kthread_run failed with err -4
[  496.012971][   T30] audit: type=1800 audit(1753377853.904:55): pid=9946 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.952" name="bus" dev="ramfs" ino=22505 res=0 errno=0
[  501.401074][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  501.407745][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  501.704137][ T9992] binder: BINDER_SET_CONTEXT_MGR already set
[  501.751632][ T9992] binder: 9991:9992 ioctl 4018620d 2000000000c0 returned -16
[  501.779687][ T9992] binder: 9991:9992 unknown command 0
[  501.807670][ T9992] binder: 9991:9992 ioctl c0306201 200000000080 returned -22
[  507.200344][   T30] audit: type=1800 audit(1753377865.144:56): pid=10018 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.971" name="bus" dev="ramfs" ino=23605 res=0 errno=0
[  508.914984][T10070] xt_policy: output policy not valid in PREROUTING and INPUT
[  509.746516][T10072] xt_nat: multiple ranges no longer supported
[  510.012558][T10081] netlink: 4 bytes leftover after parsing attributes in process `syz.1.988'.
[  516.398222][T10106] loop6: detected capacity change from 0 to 512
[  516.502902][T10106] EXT4-fs (loop6): Test dummy encryption mode enabled
[  516.513331][T10106] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  517.622981][   T30] audit: type=1800 audit(1753377875.304:57): pid=10120 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.996" name="bus" dev="overlay" ino=858 res=0 errno=0
[  517.653194][T10106] EXT4-fs error (device loop6): ext4_orphan_get:1418: comm syz.6.993: bad orphan inode 131083
[  518.655608][T10106] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  518.871153][T10106] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni"
[  520.108617][ T7173] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  520.145710][T10129] netlink: 'syz.5.997': attribute type 12 has an invalid length.
[  520.153748][T10129] netlink: 9472 bytes leftover after parsing attributes in process `syz.5.997'.
[  523.802258][T10152] tipc: Enabled bearer <udp:syz2>, priority 10
[  523.930844][T10152] tipc: Enabled bearer <eth:team0>, priority 0
[  524.395745][T10167] loop6: detected capacity change from 0 to 16
[  524.440095][T10167] erofs (device loop6): mounted with root inode @ nid 36.
[  524.473281][T10167] erofs (device loop6): bogus lookback distance 1388 @ lcn 42 of nid 36
[  524.485882][T10167] erofs (device loop6): failed to decompress -29 in[58, 4038] out[1851]
[  524.494857][T10167] erofs (device loop6): read error -117 @ 43 of nid 36
[  524.506705][T10167] erofs (device loop6): bogus lookback distance 1388 @ lcn 42 of nid 36
[  524.517126][T10167] erofs (device loop6): failed to decompress -29 in[58, 4038] out[1851]
[  524.525823][T10167] erofs (device loop6): read error -117 @ 43 of nid 36
[  525.885731][T10179] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1011'.
[  525.950956][T10179] unsupported nlmsg_type 40
[  526.876254][T10189] syz.6.1010 (10189) used greatest stack depth: 14624 bytes left
[  527.550259][   T30] audit: type=1326 audit(1753377885.504:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10191 comm="syz.3.1013" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc51018e9a9 code=0x0
[  528.802310][T10218] libceph: resolve '.
[  528.802310][T10218] #)|.��f��ǝ�a���2s�o�w���?�'�%ЏKAq�f��C���z�e�Sb3L)Hy�o����������Ǥ�Y�M�����h�E$
[  528.802310][T10218] ' (ret=-3): failed
[  530.593126][T10228] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1021'.
[  530.606801][T10228] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1021'.
[  532.523181][ T1325] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  532.842430][ T1325] usb 6-1: Using ep0 maxpacket: 32
[  533.378996][   T24] lo speed is unknown, defaulting to 1000
[  533.530387][ T1325] usb 6-1: config 0 has an invalid interface number: 184 but max is 0
[  533.552890][ T1325] usb 6-1: config 0 has no interface number 0
[  533.559091][ T1325] usb 6-1: config 0 interface 184 has no altsetting 0
[  533.640479][ T1325] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  534.175788][T10263] vlan2: entered promiscuous mode
[  534.181139][T10263] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[  534.189950][T10263] vlan2: entered allmulticast mode
[  534.195496][T10263] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[  534.210309][ T1325] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  534.326168][ T1325] usb 6-1: Product: syz
[  534.330361][ T1325] usb 6-1: Manufacturer: syz
[  534.388586][T10265] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1031'.
[  534.401515][ T1325] usb 6-1: SerialNumber: syz
[  534.415444][ T1325] usb 6-1: config 0 descriptor??
[  534.433597][ T1325] smsc75xx v1.0.0
[  534.437254][ T1325] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  534.477039][ T1325] smsc75xx 6-1:0.184: probe with driver smsc75xx failed with error -22
[  535.778541][T10281] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1032'.
[  537.005677][ T1325] usb 6-1: USB disconnect, device number 6
[  540.935905][T10324] x_tables: duplicate underflow at hook 3
[  548.879144][   T30] audit: type=1804 audit(1753377906.374:59): pid=10382 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1058" name="/newroot/196/file0" dev="tmpfs" ino=1037 res=1 errno=0
[  549.325281][T10392] Device name cannot be null; rc = [-22]
[  549.799491][T10394] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1064'.
[  554.330569][   T30] audit: type=1107 audit(1753377912.264:60): pid=10437 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg=''
[  556.013303][T10435] syz.6.1073 (10435): drop_caches: 2
[  563.052548][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  563.074410][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  566.985805][T10531] loop3: detected capacity change from 0 to 512
[  568.229175][T10531] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  569.218240][T10531] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c119, mo2=0002]
[  569.247282][T10531] System zones: 1-12
[  569.286308][T10531] EXT4-fs (loop3): 1 truncate cleaned up
[  569.310805][T10531] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  572.047493][ T5841] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  574.996755][T10598] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1116'.
[  575.013697][T10598] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1116'.
[  575.985023][T10598] bond0: entered promiscuous mode
[  575.992591][T10598] bridge0: entered promiscuous mode
[  576.283726][T10598] hsr1: Slave A (bond0) is not up; please bring it up to get a fully working HSR network
[  576.331878][T10598] hsr1: Slave B (bridge0) is not up; please bring it up to get a fully working HSR network
[  585.840183][T10687] netlink: 'syz.6.1139': attribute type 1 has an invalid length.
[  585.997677][T10687] 8021q: adding VLAN 0 to HW filter on device bond1
[  586.043566][T10687] bond1: (slave veth0_to_bond): Enslaving as an active interface with a down link
[  586.131294][T10689] bond1: (slave veth3): Enslaving as an active interface with a down link
[  586.206534][T10687] vlan2: entered allmulticast mode
[  586.217429][T10687] veth1: entered allmulticast mode
[  586.237555][T10687] veth1: entered promiscuous mode
[  586.254121][T10687] veth1: left promiscuous mode
[  586.274869][T10687] bond1: (slave vlan2): making interface the new active one
[  586.310922][T10687] veth1: entered promiscuous mode
[  586.340200][T10687] vlan2: entered promiscuous mode
[  586.363859][T10687] bond1: (slave vlan2): Enslaving as an active interface with an up link
[  589.497154][T10717] ptrace attach of "./syz-executor exec"[10718] was attempted by "./syz-executor exec"[10717]
[  590.931150][T10735] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1146'.
[  591.029772][T10735] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1146'.
[  601.853553][ T5862] Bluetooth: hci2: SCO packet for unknown connection handle 954
[  603.613902][ T5967] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  604.063187][T10838] loop6: detected capacity change from 0 to 40427
[  604.766935][T10838] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[  604.774846][T10838] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  605.290818][T10838] F2FS-fs (loop6): invalid crc value
[  605.374868][ T5967] usb 6-1: device not accepting address 7, error -71
[  605.401590][T10838] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  605.418233][T10838] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  605.425364][T10838] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  606.283282][   T30] audit: type=1800 audit(2000000035.879:61): pid=10860 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1177" name="file1" dev="loop6" ino=10 res=0 errno=0
[  607.803720][ T7173] syz-executor: attempt to access beyond end of device
[  607.803720][ T7173] loop6: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  608.010087][ T7173] CPU: 0 UID: 0 PID: 7173 Comm: syz-executor Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  608.010115][ T7173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  608.010125][ T7173] Call Trace:
[  608.010133][ T7173]  <TASK>
[  608.010142][ T7173]  dump_stack_lvl+0x189/0x250
[  608.010169][ T7173]  ? __pfx_dump_stack_lvl+0x10/0x10
[  608.010188][ T7173]  ? __pfx_queue_work_on+0x10/0x10
[  608.010203][ T7173]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  608.010226][ T7173]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  608.010258][ T7173]  f2fs_handle_critical_error+0x37c/0x540
[  608.010291][ T7173]  f2fs_write_end_io+0x886/0xb60
[  608.010327][ T7173]  __submit_merged_bio+0x27a/0x6a0
[  608.010348][ T7173]  ? up_write+0x1c4/0x420
[  608.010372][ T7173]  __submit_merged_write_cond+0x44c/0x530
[  608.010405][ T7173]  f2fs_sync_node_pages+0x1479/0x15e0
[  608.010450][ T7173]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  608.010511][ T7173]  ? f2fs_write_checkpoint+0xe43/0x1df0
[  608.010535][ T7173]  ? up_write+0x1c4/0x420
[  608.010550][ T7173]  ? do_raw_spin_unlock+0x122/0x240
[  608.010575][ T7173]  f2fs_write_checkpoint+0xe6f/0x1df0
[  608.010619][ T7173]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  608.010689][ T7173]  ? kill_f2fs_super+0x298/0x6c0
[  608.010717][ T7173]  kill_f2fs_super+0x2c3/0x6c0
[  608.010751][ T7173]  ? __pfx_kill_f2fs_super+0x10/0x10
[  608.010768][ T7173]  ? radix_tree_delete_item+0x2b6/0x400
[  608.010798][ T7173]  ? shrinker_free+0x2ce/0x3e0
[  608.010821][ T7173]  deactivate_locked_super+0xbc/0x130
[  608.010846][ T7173]  cleanup_mnt+0x425/0x4c0
[  608.010866][ T7173]  ? lockdep_hardirqs_on+0x9c/0x150
[  608.010892][ T7173]  task_work_run+0x1d4/0x260
[  608.010916][ T7173]  ? __pfx_task_work_run+0x10/0x10
[  608.010934][ T7173]  ? __x64_sys_umount+0x122/0x160
[  608.010962][ T7173]  ? exit_to_user_mode_loop+0x40/0x110
[  608.010989][ T7173]  exit_to_user_mode_loop+0xec/0x110
[  608.011012][ T7173]  do_syscall_64+0x2bd/0x3b0
[  608.011027][ T7173]  ? lockdep_hardirqs_on+0x9c/0x150
[  608.011049][ T7173]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  608.011066][ T7173]  ? clear_bhb_loop+0x60/0xb0
[  608.011087][ T7173]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  608.011116][ T7173] RIP: 0033:0x7fbff398fcd7
[  608.011137][ T7173] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  608.011151][ T7173] RSP: 002b:00007ffff1a17a98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  608.011170][ T7173] RAX: 0000000000000000 RBX: 00007fbff3a10a8d RCX: 00007fbff398fcd7
[  608.011182][ T7173] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffff1a17b50
[  608.011192][ T7173] RBP: 00007ffff1a17b50 R08: 0000000000000000 R09: 0000000000000000
[  608.011203][ T7173] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffff1a18be0
[  608.011214][ T7173] R13: 00007fbff3a10a8d R14: 000000000009401a R15: 00007ffff1a18c20
[  608.011244][ T7173]  </TASK>
[  608.011625][ T7173] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  611.214912][T10884] loop5: detected capacity change from 0 to 512
[  613.356808][T10906] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1194'.
[  613.545137][T10906] bond_slave_0: entered promiscuous mode
[  613.551052][T10906] bond_slave_1: entered promiscuous mode
[  613.556866][T10906] mac80211_hwsim hwsim13 wlan1: entered promiscuous mode
[  613.603267][T10906] macvtap1: entered promiscuous mode
[  613.608686][T10906] bond0: entered promiscuous mode
[  613.615202][T10906] macvtap1: entered allmulticast mode
[  613.687376][T10906] bond0: entered allmulticast mode
[  613.943111][T10906] bond_slave_0: entered allmulticast mode
[  613.948941][T10906] bond_slave_1: entered allmulticast mode
[  613.959985][T10906] mac80211_hwsim hwsim13 wlan1: entered allmulticast mode
[  613.978441][T10906] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  614.234790][T10918] netlink: 324 bytes leftover after parsing attributes in process `syz.3.1195'.
[  614.244234][T10918] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1195'.
[  616.033320][   T13] vlan2: left promiscuous mode
[  622.701330][T10984] xt_connbytes: Forcing CT accounting to be enabled
[  622.708498][T10984] Cannot find set identified by id 0 to match
[  624.773573][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  624.780006][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  625.005319][T10999] 8021q: VLANs not supported on ipvlan1
[  625.614743][   T30] audit: type=1800 audit(2000000055.789:62): pid=11005 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1222" name="nullb0" dev="tmpfs" ino=1428 res=0 errno=0
[  626.288198][T10991] [U] 
[  626.774063][T11018] netlink: 'syz.1.1224': attribute type 1 has an invalid length.
[  626.921172][T11018] bond3: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  627.089190][T11025] 8021q: adding VLAN 0 to HW filter on device bond3
[  627.097313][ T9238] bond3: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  627.121573][T11031] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1225'.
[  627.132853][T11031] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1225'.
[  627.264412][T11026] veth3: entered promiscuous mode
[  627.272409][T11026] bond3: (slave veth3): Enslaving as a backup interface with a down link
[  627.444193][ T9238] bond3: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  627.533269][T11036] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1227'.
[  627.566266][T11036] vlan0: entered promiscuous mode
[  627.571433][T11036] team0: entered promiscuous mode
[  631.348717][T11065] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  631.658355][T11072] loop5: detected capacity change from 0 to 1024
[  633.671805][T11091] lo speed is unknown, defaulting to 1000
[  633.678122][T11091] lo speed is unknown, defaulting to 1000
[  633.688653][T11091] lo speed is unknown, defaulting to 1000
[  633.781383][T11091] infiniband s: RDMA CMA: cma_listen_on_dev, error -98
[  634.353178][T11090] loop3: detected capacity change from 0 to 32768
[  634.371189][T11091] lo speed is unknown, defaulting to 1000
[  634.378889][T11091] lo speed is unknown, defaulting to 1000
[  634.386630][T11091] lo speed is unknown, defaulting to 1000
[  634.534136][T11091] lo speed is unknown, defaulting to 1000
[  634.541703][T11091] lo speed is unknown, defaulting to 1000
[  634.623751][T11090] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  634.705938][T11090] XFS (loop3): Ending clean mount
[  634.717846][T11090] XFS (loop3): Quotacheck needed: Please wait.
[  634.948602][T11090] XFS (loop3): Quotacheck: Done.
[  637.364566][ T5841] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  639.577737][T11147] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1253'.
[  639.781455][T11140] kvm: kvm [11139]: vcpu1, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111
[  642.392201][T11168] Cannot find add_set index 0 as target
[  651.734565][T11237] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1275'.
[  653.769820][T11247] tipc: Enabled bearer <udp:syz2>, priority 10
[  654.451431][T11247] tipc: Enabled bearer <eth:team0>, priority 0
[  655.708929][ T5908] tipc: Node number set to 3261933220
[  655.759290][T11260] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1283'.
[  656.038011][T11271] loop3: detected capacity change from 0 to 128
[  656.274917][T11271] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  656.291334][T11271] ext4 filesystem being mounted at /241/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  657.087866][T11283] EXT4-fs (loop3): re-mounted 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  657.676981][T11286] No control pipe specified
[  658.735836][ T5841] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  658.926327][T11293] tipc: Enabled bearer <udp:syz2>, priority 10
[  658.951755][T11293] tipc: Enabling of bearer <eth:team0> rejected, already enabled
[  662.746859][T11330] netlink: 'syz.3.1299': attribute type 1 has an invalid length.
[  665.072910][ T5862] Bluetooth: hci0: unexpected event for opcode 0x2006
[  668.313289][T11369] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1311'.
[  668.329799][T11365] loop3: detected capacity change from 0 to 2048
[  668.411774][T11371] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  668.470899][   T30] audit: type=1800 audit(2000000098.639:63): pid=11365 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1310" name="file2" dev="loop3" ino=16 res=0 errno=0
[  669.236362][T11365] NILFS error (device loop3): nilfs_sufile_mark_dirty: active segment 3 is erroneous
[  669.255762][T11365] Remounting filesystem read-only
[  669.395300][ T5841] NILFS (loop3): disposed unprocessed dirty file(s) when stopping log writer
[  672.300436][T11406] ip6t_srh: unknown srh match flags  4000
[  680.018139][T11456] loop6: detected capacity change from 0 to 2048
[  680.072950][T11456] hpfs: hpfs_map_sector(): read error
[  681.969780][T11478] xt_CT: No such helper "pptp"
[  684.944987][   T30] audit: type=1326 audit(2000000115.119:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11494 comm="syz.2.1343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fec98e9a9 code=0x7fc00000
[  685.382131][   T30] audit: type=1326 audit(2000000115.119:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11494 comm="syz.2.1343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=270 compat=0 ip=0x7f4fec98e9a9 code=0x7fc00000
[  685.404945][   T30] audit: type=1326 audit(2000000115.119:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11494 comm="syz.2.1343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fec98e9a9 code=0x7fc00000
[  685.722009][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  685.728933][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  685.950114][T11517] loop5: detected capacity change from 0 to 1024
[  686.886945][ T6117] hfsplus: b-tree write err: -5, ino 4
[  690.186243][T11565] CIFS: Unable to determine destination address
[  694.526827][T11597] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  696.840564][T11625] loop5: detected capacity change from 0 to 40427
[  696.850072][T11625] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  696.858163][T11625] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  696.932860][T11625] F2FS-fs (loop5): invalid crc value
[  697.047968][T11625] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  697.296240][T11625] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  697.306146][T11625] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  700.092409][   T30] audit: type=1800 audit(2000000129.719:67): pid=11652 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1380" name="file1" dev="loop5" ino=10 res=0 errno=0
[  702.092408][ T6294] syz-executor: attempt to access beyond end of device
[  702.092408][ T6294] loop5: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  702.329058][ T6294] CPU: 1 UID: 0 PID: 6294 Comm: syz-executor Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  702.329085][ T6294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  702.329096][ T6294] Call Trace:
[  702.329104][ T6294]  <TASK>
[  702.329112][ T6294]  dump_stack_lvl+0x189/0x250
[  702.329142][ T6294]  ? __pfx_dump_stack_lvl+0x10/0x10
[  702.329161][ T6294]  ? __pfx_queue_work_on+0x10/0x10
[  702.329185][ T6294]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  702.329209][ T6294]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  702.329245][ T6294]  f2fs_handle_critical_error+0x37c/0x540
[  702.329277][ T6294]  f2fs_write_end_io+0x886/0xb60
[  702.329316][ T6294]  __submit_merged_bio+0x27a/0x6a0
[  702.329338][ T6294]  ? up_write+0x1c4/0x420
[  702.329363][ T6294]  __submit_merged_write_cond+0x44c/0x530
[  702.329402][ T6294]  f2fs_sync_node_pages+0x1479/0x15e0
[  702.329447][ T6294]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  702.329502][ T6294]  ? f2fs_write_checkpoint+0xe43/0x1df0
[  702.329528][ T6294]  ? up_write+0x1c4/0x420
[  702.329543][ T6294]  ? do_raw_spin_unlock+0x122/0x240
[  702.329569][ T6294]  f2fs_write_checkpoint+0xe6f/0x1df0
[  702.329615][ T6294]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  702.329686][ T6294]  ? kill_f2fs_super+0x298/0x6c0
[  702.329710][ T6294]  kill_f2fs_super+0x2c3/0x6c0
[  702.329740][ T6294]  ? __pfx_kill_f2fs_super+0x10/0x10
[  702.329758][ T6294]  ? radix_tree_delete_item+0x2b6/0x400
[  702.329788][ T6294]  ? shrinker_free+0x2ce/0x3e0
[  702.329811][ T6294]  deactivate_locked_super+0xbc/0x130
[  702.329837][ T6294]  cleanup_mnt+0x425/0x4c0
[  702.329857][ T6294]  ? lockdep_hardirqs_on+0x9c/0x150
[  702.329884][ T6294]  task_work_run+0x1d4/0x260
[  702.329909][ T6294]  ? __pfx_task_work_run+0x10/0x10
[  702.329927][ T6294]  ? __x64_sys_umount+0x122/0x160
[  702.329955][ T6294]  ? exit_to_user_mode_loop+0x40/0x110
[  702.329982][ T6294]  exit_to_user_mode_loop+0xec/0x110
[  702.330005][ T6294]  do_syscall_64+0x2bd/0x3b0
[  702.330020][ T6294]  ? lockdep_hardirqs_on+0x9c/0x150
[  702.330042][ T6294]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  702.330059][ T6294]  ? clear_bhb_loop+0x60/0xb0
[  702.330081][ T6294]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  702.330098][ T6294] RIP: 0033:0x7f99afb8fcd7
[  702.330114][ T6294] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  702.330129][ T6294] RSP: 002b:00007fff8ee6f9a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  702.330149][ T6294] RAX: 0000000000000000 RBX: 00007f99afc10a8d RCX: 00007f99afb8fcd7
[  702.330161][ T6294] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff8ee6fa60
[  702.330172][ T6294] RBP: 00007fff8ee6fa60 R08: 0000000000000000 R09: 0000000000000000
[  702.330189][ T6294] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff8ee70af0
[  702.330200][ T6294] R13: 00007f99afc10a8d R14: 00000000000ab286 R15: 00007fff8ee70b30
[  702.330233][ T6294]  </TASK>
[  702.624062][ T6294] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  709.123959][T11720] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  709.134268][ T5862] Bluetooth: hci0: unexpected event 0x2f length: 763 > 260
[  713.513109][ T5862] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  713.530330][ T5862] Bluetooth: hci2: Injecting HCI hardware error event
[  713.539722][ T5862] Bluetooth: hci2: hardware error 0x00
[  713.660283][T11776] loop3: detected capacity change from 0 to 64
[  713.678294][T11775] loop5: detected capacity change from 0 to 1024
[  714.391284][T11775] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  714.561976][T11769] kvm: kvm [11768]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111
[  715.563039][ T5862] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  717.940408][T11784] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters
[  718.105719][ T6294] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  718.324572][T11812] loop6: detected capacity change from 0 to 256
[  718.361481][T11812] exfat: Deprecated parameter 'namecase'
[  718.594034][T11812] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0x36bd6320, utbl_chksum : 0xe619d30d)
[  719.638381][T11824] loop6: detected capacity change from 0 to 1024
[  719.645845][T11824] EXT4-fs: Ignoring removed mblk_io_submit option
[  719.652286][T11824] EXT4-fs: Ignoring removed bh option
[  719.739843][T11824] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  721.427820][ T7173] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  722.509443][T11844] loop3: detected capacity change from 0 to 2048
[  724.012543][T11856] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  724.288642][T11857] loop6: detected capacity change from 0 to 8192
[  725.777464][T11864] netlink: 'syz.2.1445': attribute type 1 has an invalid length.
[  725.828033][T11864] 8021q: adding VLAN 0 to HW filter on device bond2
[  725.897837][T11864] vlan3: entered allmulticast mode
[  725.903434][T11864] veth1: entered allmulticast mode
[  725.912501][T11864] bond2: (slave vlan3): making interface the new active one
[  725.920753][T11864] bond2: (slave vlan3): Enslaving as an active interface with an up link
[  730.511945][T11902] loop6: detected capacity change from 0 to 8
[  730.526205][T11902] squashfs: Unknown parameter '�'
[  731.508966][T11906] loop5: detected capacity change from 0 to 4096
[  734.072374][   T30] audit: type=1800 audit(2000000164.239:68): pid=11900 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1456" name="file2" dev="loop5" ino=16 res=0 errno=0
[  734.382460][T11924] loop6: detected capacity change from 0 to 1024
[  734.448220][T11927] trusted_key: encrypted_key: insufficient parameters specified
[  738.847656][T11969] : entered promiscuous mode
[  743.629811][T12013] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1484'.
[  743.721201][T12019] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1484'.
[  744.668723][T12030] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1489'.
[  745.352215][T12032] loop3: detected capacity change from 0 to 4096
[  745.407113][T12032] NILFS (loop3): invalid segment: Checksum error in segment payload
[  745.536392][T12032] NILFS (loop3): trying rollback from an earlier position
[  745.582673][T12032] NILFS (loop3): recovery complete
[  745.718537][T12047] netlink: 112 bytes leftover after parsing attributes in process `syz.5.1493'.
[  746.497632][T12048] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  747.218185][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  747.227969][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  749.160950][   T43] lo speed is unknown, defaulting to 1000
[  749.763557][T12082] xt_TPROXY: Can be used only with -p tcp or -p udp
[  752.284399][T12074] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  756.047763][T12130] ip6t_srh: unknown srh invflags 7D00
[  757.830048][ T5901] IPVS: starting estimator thread 0...
[  757.958009][T12143] IPVS: using max 32 ests per chain, 76800 per kthread
[  760.569156][T12184] netlink: 'syz.2.1531': attribute type 2 has an invalid length.
[  760.576973][T12184] netlink: 119 bytes leftover after parsing attributes in process `syz.2.1531'.
[  762.170557][T12204] syz.6.1533: attempt to access beyond end of device
[  762.170557][T12204] nbd6: rw=0, sector=0, nr_sectors = 2 limit=0
[  765.345900][T12229] overlayfs: failed to clone upperpath
[  771.100286][T12272] loop3: detected capacity change from 0 to 128
[  771.744045][T12272] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  771.826831][T12272] ext4 filesystem being mounted at /293/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  773.040027][ T5841] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  776.979048][T12325] loop5: detected capacity change from 0 to 256
[  777.593378][T12325] FAT-fs (loop5): Directory bread(block 64) failed
[  777.601201][T12325] FAT-fs (loop5): Directory bread(block 65) failed
[  777.608547][T12325] FAT-fs (loop5): Directory bread(block 66) failed
[  778.203884][T12325] FAT-fs (loop5): Directory bread(block 67) failed
[  778.211880][T12325] FAT-fs (loop5): Directory bread(block 68) failed
[  778.218675][T12325] FAT-fs (loop5): Directory bread(block 69) failed
[  778.225438][T12325] FAT-fs (loop5): Directory bread(block 70) failed
[  778.232047][T12325] FAT-fs (loop5): Directory bread(block 71) failed
[  778.238811][T12325] FAT-fs (loop5): Directory bread(block 72) failed
[  778.245482][T12325] FAT-fs (loop5): Directory bread(block 73) failed
[  778.762837][   T30] audit: type=1800 audit(2000000208.889:69): pid=12325 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1564" name="file2" dev="loop5" ino=1048648 res=0 errno=0
[  778.783698][    C1] vkms_vblank_simulate: vblank timer overrun
[  781.299952][T12362] omfs: Invalid superblock (0)
[  787.664411][T12412] loop3: detected capacity change from 0 to 4096
[  787.768642][T12410] syzkaller1: entered promiscuous mode
[  787.775997][T12410] syzkaller1: entered allmulticast mode
[  788.099415][T12425] xt_CT: You must specify a L4 protocol and not use inversions on it
[  788.527411][T12412] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  790.500410][T12438] kvm: kvm [12436]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x800
[  791.402916][   T30] audit: type=1326 audit(2000000221.359:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12452 comm="syz.2.1599" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4fec98e9a9 code=0x0
[  791.641199][T12458] loop5: detected capacity change from 0 to 256
[  791.664635][T12458] exfat: Deprecated parameter 'namecase'
[  791.707428][T12458] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[  792.987196][T12469] 9pnet_virtio: no channels available for device syz
[  795.032501][T12482] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1615'.
[  795.166206][T12487] loop5: detected capacity change from 0 to 256
[  795.176425][T12487] exfat: Deprecated parameter 'namecase'
[  795.733558][T12488] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1615'.
[  795.779866][T12487] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x36bd6320, utbl_chksum : 0xe619d30d)
[  796.623056][ T5841] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  797.907204][T12507] loop6: detected capacity change from 0 to 63
[  797.923637][T12507] Buffer I/O error on dev loop6, logical block 0, async page read
[  797.944371][T12507] Buffer I/O error on dev loop6, logical block 0, async page read
[  798.543364][T12516] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1613'.
[  798.983203][T11859] Buffer I/O error on dev loop6, logical block 0, async page read
[  799.077293][T12517] Buffer I/O error on dev loop6, logical block 0, async page read
[  799.087089][T12507] Buffer I/O error on dev loop6, logical block 0, async page read
[  799.098675][T12507] Buffer I/O error on dev loop6, logical block 0, async page read
[  799.273697][T11859] Buffer I/O error on dev loop6, logical block 0, async page read
[  799.289527][T12517] Buffer I/O error on dev loop6, logical block 0, async page read
[  799.304489][T11859] Buffer I/O error on dev loop6, logical block 0, async page read
[  799.312953][T11859] Buffer I/O error on dev loop6, logical block 0, async page read
[  799.999249][T12528] syz.6.1617: attempt to access beyond end of device
[  799.999249][T12528] nbd6: rw=0, sector=64, nr_sectors = 1 limit=0
[  800.086180][T12528] syz.6.1617: attempt to access beyond end of device
[  800.086180][T12528] nbd6: rw=0, sector=256, nr_sectors = 1 limit=0
[  800.111723][T12528] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=256, location=256
[  800.132991][T12528] ------------[ cut here ]------------
[  800.138520][T12528] WARNING: fs/buffer.c:1125 at bdev_getblk+0x580/0x660, CPU#1: syz.6.1617/12528
[  800.147680][T12528] Modules linked in:
[  800.151955][T12528] CPU: 1 UID: 0 PID: 12528 Comm: syz.6.1617 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  800.163673][T12528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  800.174072][T12528] RIP: 0010:bdev_getblk+0x580/0x660
[  800.179298][T12528] Code: 26 fb ff ff e8 51 cb 79 ff 48 c7 c7 a0 f1 99 8b 48 c7 c6 03 49 9e 8d 4c 89 fa 4c 89 e9 e8 a8 b7 e1 fe eb bd e8 31 cb 79 ff 90 <0f> 0b 90 48 b8 00 00 00 00 00 fc ff df 41 80 3c 07 00 74 08 48 89
[  800.199433][T12528] RSP: 0018:ffffc900152bf6b0 EFLAGS: 00010283
[  800.205570][T12528] RAX: ffffffff8245e5df RBX: ffff888148cc1718 RCX: 0000000000080000
[  800.213623][T12528] RDX: ffffc9001c682000 RSI: 000000000000c560 RDI: 000000000000c561
[  800.222731][T12528] RBP: 0000000000000200 R08: 0000000000000000 R09: ffffffff8215ad3d
[  800.230728][T12528] R10: 0000000000000406 R11: 0000000000000002 R12: ffff888148cc2070
[  800.238809][T12528] R13: ffff888148cc1700 R14: 0000000000000200 R15: 1ffff110291982e3
[  800.246873][T12528] FS:  00007fbff486c6c0(0000) GS:ffff888125ce3000(0000) knlGS:0000000000000000
[  800.255930][T12528] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  800.262524][T12528] CR2: 0000200000000200 CR3: 000000002f87a000 CR4: 00000000003526f0
[  800.270637][T12528] Call Trace:
[  800.274287][T12528]  <TASK>
[  800.277233][T12528]  ? __pfx__udf_err+0x10/0x10
[  800.281930][T12528]  ? __bread_gfp+0x216/0x3c0
[  800.286626][T12528]  __bread_gfp+0x89/0x3c0
[  800.290972][T12528]  udf_read_tagged+0xad/0xe00
[  800.295732][T12528]  udf_check_anchor_block+0x99/0x550
[  800.301027][T12528]  ? udf_get_last_block+0x286/0x360
[  800.306279][T12528]  ? __pfx_udf_check_anchor_block+0x10/0x10
[  800.312166][T12528]  udf_load_vrs+0xa83/0xf20
[  800.316777][T12528]  ? __pfx_udf_load_vrs+0x10/0x10
[  800.322200][T12528]  ? udf_get_last_session+0x100/0x200
[  800.327946][T12528]  udf_fill_super+0x5ad/0x17a0
[  800.332764][T12528]  ? __pfx_udf_fill_super+0x10/0x10
[  800.337967][T12528]  ? set_blocksize+0x21e/0x500
[  800.342783][T12528]  ? sb_set_blocksize+0x104/0x180
[  800.347892][T12528]  ? setup_bdev_super+0x4c1/0x5b0
[  800.352959][T12528]  get_tree_bdev_flags+0x40b/0x4d0
[  800.358060][T12528]  ? __pfx_udf_fill_super+0x10/0x10
[  800.363273][T12528]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  800.368900][T12528]  vfs_get_tree+0x92/0x2b0
[  800.373338][T12528]  do_new_mount+0x2a2/0x9e0
[  800.377827][T12528]  ? ns_capable+0x8a/0xf0
[  800.382135][T12528]  ? __pfx_do_new_mount+0x10/0x10
[  800.387182][T12528]  ? path_mount+0x61c/0xfe0
[  800.391665][T12528]  ? user_path_at+0x44/0x60
[  800.396286][T12528]  __se_sys_mount+0x317/0x410
[  800.400948][T12528]  ? __pfx___se_sys_mount+0x10/0x10
[  800.406184][T12528]  ? do_syscall_64+0xbe/0x3b0
[  800.410844][T12528]  ? __x64_sys_mount+0x20/0xc0
[  800.415629][T12528]  do_syscall_64+0xfa/0x3b0
[  800.420114][T12528]  ? lockdep_hardirqs_on+0x9c/0x150
[  800.425602][T12528]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  800.431654][T12528]  ? clear_bhb_loop+0x60/0xb0
[  800.436812][T12528]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  800.442740][T12528] RIP: 0033:0x7fbff398e9a9
[  800.447152][T12528] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  800.466819][T12528] RSP: 002b:00007fbff486c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  800.475248][T12528] RAX: ffffffffffffffda RBX: 00007fbff3bb6240 RCX: 00007fbff398e9a9
[  800.483236][T12528] RDX: 0000200000000080 RSI: 0000200000004a00 RDI: 0000200000000000
[  800.491189][T12528] RBP: 00007fbff3a10ca1 R08: 0000000000000000 R09: 0000000000000000
[  800.499180][T12528] R10: 0000000002008087 R11: 0000000000000246 R12: 0000000000000000
[  800.507189][T12528] R13: 0000000000000001 R14: 00007fbff3bb6240 R15: 00007ffff1a18808
[  800.515174][T12528]  </TASK>
[  800.518191][T12528] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  800.525449][T12528] CPU: 1 UID: 0 PID: 12528 Comm: syz.6.1617 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  800.536967][T12528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  800.547006][T12528] Call Trace:
[  800.550268][T12528]  <TASK>
[  800.553181][T12528]  dump_stack_lvl+0x99/0x250
[  800.557759][T12528]  ? __asan_memcpy+0x40/0x70
[  800.562335][T12528]  ? __pfx_dump_stack_lvl+0x10/0x10
[  800.567514][T12528]  ? __pfx__printk+0x10/0x10
[  800.572091][T12528]  vpanic+0x281/0x750
[  800.576062][T12528]  ? __pfx__printk+0x10/0x10
[  800.580636][T12528]  ? __pfx_vpanic+0x10/0x10
[  800.585118][T12528]  ? is_bpf_text_address+0x292/0x2b0
[  800.590385][T12528]  ? is_bpf_text_address+0x26/0x2b0
[  800.595563][T12528]  panic+0xb9/0xc0
[  800.599263][T12528]  ? __pfx_panic+0x10/0x10
[  800.603664][T12528]  __warn+0x334/0x4c0
[  800.607624][T12528]  ? bdev_getblk+0x580/0x660
[  800.612194][T12528]  ? bdev_getblk+0x580/0x660
[  800.616764][T12528]  report_bug+0x2be/0x4f0
[  800.621081][T12528]  ? bdev_getblk+0x580/0x660
[  800.625652][T12528]  ? bdev_getblk+0x580/0x660
[  800.630225][T12528]  ? bdev_getblk+0x582/0x660
[  800.634803][T12528]  handle_bug+0x84/0x160
[  800.639031][T12528]  exc_invalid_op+0x1a/0x50
[  800.643513][T12528]  asm_exc_invalid_op+0x1a/0x20
[  800.648345][T12528] RIP: 0010:bdev_getblk+0x580/0x660
[  800.653521][T12528] Code: 26 fb ff ff e8 51 cb 79 ff 48 c7 c7 a0 f1 99 8b 48 c7 c6 03 49 9e 8d 4c 89 fa 4c 89 e9 e8 a8 b7 e1 fe eb bd e8 31 cb 79 ff 90 <0f> 0b 90 48 b8 00 00 00 00 00 fc ff df 41 80 3c 07 00 74 08 48 89
[  800.673108][T12528] RSP: 0018:ffffc900152bf6b0 EFLAGS: 00010283
[  800.679153][T12528] RAX: ffffffff8245e5df RBX: ffff888148cc1718 RCX: 0000000000080000
[  800.687103][T12528] RDX: ffffc9001c682000 RSI: 000000000000c560 RDI: 000000000000c561
[  800.695054][T12528] RBP: 0000000000000200 R08: 0000000000000000 R09: ffffffff8215ad3d
[  800.703002][T12528] R10: 0000000000000406 R11: 0000000000000002 R12: ffff888148cc2070
[  800.710963][T12528] R13: ffff888148cc1700 R14: 0000000000000200 R15: 1ffff110291982e3
[  800.718926][T12528]  ? fs_reclaim_acquire+0x7d/0x100
[  800.724032][T12528]  ? bdev_getblk+0x57f/0x660
[  800.728617][T12528]  ? __pfx__udf_err+0x10/0x10
[  800.733283][T12528]  ? __bread_gfp+0x216/0x3c0
[  800.737865][T12528]  __bread_gfp+0x89/0x3c0
[  800.742175][T12528]  udf_read_tagged+0xad/0xe00
[  800.746844][T12528]  udf_check_anchor_block+0x99/0x550
[  800.752109][T12528]  ? udf_get_last_block+0x286/0x360
[  800.757287][T12528]  ? __pfx_udf_check_anchor_block+0x10/0x10
[  800.763162][T12528]  udf_load_vrs+0xa83/0xf20
[  800.767652][T12528]  ? __pfx_udf_load_vrs+0x10/0x10
[  800.772663][T12528]  ? udf_get_last_session+0x100/0x200
[  800.778060][T12528]  udf_fill_super+0x5ad/0x17a0
[  800.782813][T12528]  ? __pfx_udf_fill_super+0x10/0x10
[  800.787996][T12528]  ? set_blocksize+0x21e/0x500
[  800.792749][T12528]  ? sb_set_blocksize+0x104/0x180
[  800.797757][T12528]  ? setup_bdev_super+0x4c1/0x5b0
[  800.802767][T12528]  get_tree_bdev_flags+0x40b/0x4d0
[  800.807895][T12528]  ? __pfx_udf_fill_super+0x10/0x10
[  800.813076][T12528]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  800.818701][T12528]  vfs_get_tree+0x92/0x2b0
[  800.823093][T12528]  do_new_mount+0x2a2/0x9e0
[  800.827577][T12528]  ? ns_capable+0x8a/0xf0
[  800.831886][T12528]  ? __pfx_do_new_mount+0x10/0x10
[  800.836886][T12528]  ? path_mount+0x61c/0xfe0
[  800.841368][T12528]  ? user_path_at+0x44/0x60
[  800.845859][T12528]  __se_sys_mount+0x317/0x410
[  800.850521][T12528]  ? __pfx___se_sys_mount+0x10/0x10
[  800.855699][T12528]  ? do_syscall_64+0xbe/0x3b0
[  800.860351][T12528]  ? __x64_sys_mount+0x20/0xc0
[  800.865094][T12528]  do_syscall_64+0xfa/0x3b0
[  800.869574][T12528]  ? lockdep_hardirqs_on+0x9c/0x150
[  800.874755][T12528]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  800.880799][T12528]  ? clear_bhb_loop+0x60/0xb0
[  800.885458][T12528]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  800.891328][T12528] RIP: 0033:0x7fbff398e9a9
[  800.895729][T12528] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  800.915312][T12528] RSP: 002b:00007fbff486c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  800.923707][T12528] RAX: ffffffffffffffda RBX: 00007fbff3bb6240 RCX: 00007fbff398e9a9
[  800.931667][T12528] RDX: 0000200000000080 RSI: 0000200000004a00 RDI: 0000200000000000
[  800.939615][T12528] RBP: 00007fbff3a10ca1 R08: 0000000000000000 R09: 0000000000000000
[  800.947564][T12528] R10: 0000000002008087 R11: 0000000000000246 R12: 0000000000000000
[  800.955513][T12528] R13: 0000000000000001 R14: 00007fbff3bb6240 R15: 00007ffff1a18808
[  800.963469][T12528]  </TASK>
[  800.966622][T12528] Kernel Offset: disabled
[  800.970926][T12528] Rebooting in 86400 seconds..