last executing test programs:

5m13.831031299s ago: executing program 2 (id=3):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x14, 0x13, 0xa01, 0x0, 0x0, {0x7}}, 0x14}}, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x3, &(0x7f0000000340)=@framed, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f0000000000)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x10, &(0x7f0000000140)={[{@norecovery}]}, 0xee, 0x474, &(0x7f00000004c0)="$eJzs3EtsG0UfAPD/rvNo+viSr5RHSwuBgqh4JE36oAcuIJA4gIQEhyJOIUmrUrdBTZBoVUHhUI6oEnfEEYk7Eie4IOCAkLjCHVWqql5aOBmtvZs6jp06tRu3+PeT1p7ZXWfm79mxxzN2Auhb49lNErE1Iv6IiNFaduUJ47W7G9fOz/597fxsEpXKm1eT6nnXr52fLU4tHrellqlUIoaz5HCTci++EzFTLs+fyfOTS6fen1w8e+65E6dmjs8fnz89feTIwQN7hg5PH+oovjS/z+K6vuujhd07X3370uuzRy+9+/M3WX235sfr47gtWbQNxmvPbqNHs5snOyrsrvJrdrOtbkcy0PrkiQ2oEO0rRUTWXIPV/j8apRhZPjYar3za08oBd1SlUqk0e3/OXagA/2FJ9LoGQG8Ub/TZ599i26Chx13hyou1D0BZ3DfyrXZkYHnuYLDh8203jUfE0Qv/fJlt0Y15CACAW/g+G/8822z8l8YDdef9L19DGYuI/0fE9oi4LyJ2RMT9EdVzH4yIh9ZZfuMKyerxT3r5tgJrUzb+eyFf21o5/itGfzFWynPbqvEPJsdOlOf358/JvhgczvJTa5Txw8u/f16kNzUcqx//ZVtWfjEWzOtxeaBhgm5uZmmm07gLVz6J2DXQLP4kimWcJCJ2RsSu2yzjxNNf72517Nbxr2GNdaZ2Vb6KeKrW/hdiRfw3myppuT459fzh6UOTm6I8v3+yuCpW++W3i2+0Kr+j+Lsga//NTa//5VXgsWRTxOLZcyer67WL6y/j4p+f1fXpFavLWfzptxHrvv6Hkreq6aF834czS0tnpiKGktdW75+++dgiX5yfxb9vb/P+v72uxg9HRHYR74mIR/JF3KztHouIxyNi7xrx//TSE++1Oraq/UeK+NeYle+iLP65W7V/1Lf/+hOlkz9+13b8Tdv/YDW1L9/TzutfuxXs5LkDAACAe0Va/Q58kk4sp9N0YqL2Hf4dsTktLywuPXNs4YPTc7Xvyo/FYFrMdI3WzYdO5XPDRX66IX8gnzf+ojRSzU/MLpTneh089LktLfp/5q9Sr2sH3HFdWEcD7lH6P/Qv/R/6l/4P/Uv/h/7VrP9/3IN6ABvP+z/0L/0f+pf+D/1L/4e+1PK38WlHP/nvcaL43wkd/J2rvY+i48TInSwi0t4H2BeJgU4u43YSw00P9fiFCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoEv+DQAA//9L2OJW")
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000940)=ANY=[], 0xa4}}, 0x0)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f00000001c0), 0x2, 0x51a, &(0x7f0000001200)="$eJzs3U9sI1cZAPBvJsnam6ZNCj0AKnQphQWt1k68bVT1QjlVCFVC9MhhGxInimLHUeyUJuwhe+SORCVOcOLMAYkDUk/ckTjAjUs5IBVYgRokJFx5bGedP06sbGJv499PGvnNvLG/93Y071mfN/MCGFu3ImI/Im5ExLsRMds5nnS2eLO9tc775NGD5YNHD5aTaDbf+WeS1beORc97Wp7pfGY+In7wVsSPkmNB/xRR393bWKpUytudQ8VGdatY3927u15dWiuvlTdLpcWFxfnX771WurS+vlT9zcc3I+L3v/vyR3/c/9ZPWs2a6dT19uMytbs+dRinZTIivncVwUZgotOfGxd584XexGVKI+JzEfFydv/PxkR2NY86epm+PcTWAQBXodmcjeZs7z4AcN2lWQ4sSQudXMBMpGmh0M7hvRDTaaVWb9xZre1srrRzZXMxla6uV8rznVzhXEwlq+uT5YWs3N2vlEvH9u9FxPMR8bPczWy/sFyrrIzyiw8AjLFnjs3//8m1538A4JrLPy7mRtkOAGB48qNuAAAwdOZ/ABg/5n8AGD/mfwAYP+Z/ABg/5n8AGCvff/vt1tY86Dz/euW93Z2N2nt3V8r1jUJ1Z7mwXNveKqzVamvZM3uq531epVbbWng1dt4vNsr1RrG+u3e/WtvZbNzPnut9vzw1lF4BAGd5/qUP/5JExP4bN7Mtep73f+5c/eJVtw64SumoGwCMzMSoGwCMzMnVvoBxIR8P4+v/zWYzetbujYiHh6Weh4H2/S9CHwwUJrVuKDx9bn/xCfL/wGea/D+Mr4vl/32Xh+tA/h/GV7OZWPMfAMaMHD+QnFPf+/v/fLNnZ7Df/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBamsm2JC101gKfiTQtFCKejYi5mEpW1yvl+Yh4LiL+nJvKtfYXIsK6QQDwWZb+Pems/3V79pWZ47U3cv/NZa8R8eNfvPPz95caje2FiBvJvw6PNz7oHC+Nov0AwHm683R3Hu/65NGD5e42zPZ8/J324qKtuAedrV0zGZPZaz7LNUz/O+nst7W+r0xcQvz9hxHxhdP6n2S5kbnOyqfH47diPzvU+OmR+GlW135t/Vt8/hLaAuPmw9b48+Zp918at7LX0+//fDZCPbnu+HdwYvxLD8e/iT7j361BY7z6h++eONicbdc9jPjSZMRB98N7xp9u/KRP/FcGjP/XF7/ycr+65i8jbsdp/U+OxCo2qlvF+u7e3fXq0lp5rbxZKi0uLM6/fu+1UjHLURe7meqT/vHGnef6xW/1f7pP/Pw5/f/6gP3/1f/e/eFXz4j/za+dfv1fOCN+a078xoDxl6Z/m+9X14q/0qf/513/OwPG/+hveysDngoADEF9d29jqVIpbz95IX/mOellhBigkETsX3GIx4Xcr3/61vkn54bWngsWol/VxNPSwmtTyD0dzRigMOqRCbhqj2/6UbcEAAAAAAAAAAAAAADoZxh/TjTqPgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB9fRoAAP//j4/W2A==")
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./bus\x00', 0x0)
r5 = fsopen(&(0x7f00000000c0)='sysfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)

5m9.255113737s ago: executing program 2 (id=8):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
write$cgroup_subtree(r1, &(0x7f0000000440)=ANY=[@ANYBLOB="8fedcb5d07081175f37538e486"], 0xfdef)

4m56.18290507s ago: executing program 2 (id=12):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000009b6ca206d0414c34000ffff000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00000000000000"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000080b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10)
syz_usb_control_io$hid(r0, &(0x7f0000000680)={0x24, &(0x7f0000000500)=ANY=[@ANYBLOB='\x00\f\r'], 0x0, 0x0, 0x0}, 0x0)

4m54.440272856s ago: executing program 2 (id=17):
r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000100)='io_uring_register\x00', r1}, 0x10)
r2 = syz_io_uring_setup(0x371d, &(0x7f0000000440)={0x0, 0x0, 0x400, 0xa, 0xffffff}, &(0x7f0000000380), &(0x7f0000000400))
socket$nl_route(0x10, 0x3, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)

4m53.265026874s ago: executing program 2 (id=20):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@my=0x1})
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r1, 0x28, 0x0, &(0x7f0000000080)=0x7f, 0x8)
syz_usb_connect(0x0, 0x36, 0x0, 0x0)

4m49.966346822s ago: executing program 2 (id=28):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL802154_CMD_NEW_INTERFACE(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000002c0)={0x1c, r1, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@NL802154_ATTR_IFINDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20040000}, 0x4004)

4m35.970691489s ago: executing program 32 (id=23):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
write$cgroup_subtree(r1, &(0x7f0000000440)=ANY=[@ANYBLOB="8fedcb5d07081175f37538e486"], 0xfdef)

4m34.924373055s ago: executing program 33 (id=28):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL802154_CMD_NEW_INTERFACE(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000002c0)={0x1c, r1, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@NL802154_ATTR_IFINDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20040000}, 0x4004)

4m14.244646468s ago: executing program 3 (id=140):
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./file0\x00', 0x200008, &(0x7f0000000480)=ANY=[], 0x1, 0x5514, &(0x7f00000079c0)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnbnLTBuI4gP5tcIF+qKjqvlfpDo7RI3TZZcUBegkO0AW5Qi7AGcguR4ggwuMQiFigeLCV6D3JDGPZP2YQLGbGGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4JruqtX85u+Pf21ztrt28vQGAAAAOGdTreb1m2mqf2rOf2lOfWvqRUSUEXFu7D6IDyeZgyaner7+//H11Ys23EbUCfvPGDXHx4j42RwPX6/9LQAAAMD7tV4sZ2m0nl6mfTeILqVJm/Lzr0x5RURU0/tMaeU+73umsPr3PYw/mdLqCaxxprA05TbMlXaR+u9+mLUbHxVFKsqztx0ama3vAABAhwYnRbejEAAAALr0u+8G0I8inpYyD0uBo1Q0y3uTkxoAAADwBhV9NwAAAAC4zOT1t9bj/472/9vl3P/PAwkAAABwubT/HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANe0qVbz9WI5a5uz3bWTpzcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAj+/OOAiEQBmGwd31nMvc/rDRoampSBcLH3xgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAb373l/8TU+NMMvfaWHoeSdZOja1TY+/cOPrD+Po1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFzsz0sKhEAQRMGc8b+Tvv9hJUHPIEIENDyqqEUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAX/e6X/xNT40wyd9pYOh5J1q4aW1eNvQeNowfj7d8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFzs3L9v3FQcAPBn+3yhBcQR0A1BCCQGWOj1Wlq6IQZQxMCfgBSl1xJ65UebgVYVIgsbytwFwYgQEihs/R86t1KXsnW4IUjMQfbZOV8SiSOo9iX5fKTn97Xl+H2fT4ry9XMOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDR6fxIn2aYzjuPi2IPtO6tZ/3BPn7m3+Wgpa1kc1Zn00fBqdSfqNpcIAAAAJ0dS1vchhMfp1nLWx528/k/Lc7Ka/8fnx3FZz++t+8u+rP2z9sfvT17eHagzHie76JW14eDs/lRaT2+W8+2Ffz2jld/5/NlLkn8g8UcbL43S/H5G39+//0E7DxfqyBYAOIwzZV8E5d9DWd9vMjEAToxWpfAu6/+k02xOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHUYbYRnyzgKISy1JnHm4fad1YP6e5uPlsp28e7dzfDt5JrZJdIQwpW14eBsrbOZbzdv3b62MhwObtQfvBZCaGr094rpX/tkhpNDaOT+CKaDnYVD/nhcfNhzMYsjEzT4SwkAgGMpLVpW1z9Ot5azY9FiCDs/Tdf/b1biMGP9/+TTiw+qY1Xr/35tM5xD8fRub/36l72bt26/vXZ95erg6uDzd8713+2fv3ThwqVe/qyk54kJAAAA/0+7aNX6P17cv/5/uhKHGev/r37of1MdK1H/H2iy6Nd0JgAAACfbi6///Vd0wPGo3Q5fr6yv3+iPt7v758bbBlL9zxaKVq3/k8WmswIAAADqMNqIptb/L1fiMOP6/3M/v/Jr9ZpJCOFUsf5/ZvWL4eX6pjPX6vh34qbnCAAAQLNOFa26/p/m7//Hu688xCGEt94Yx8XXAM5U/ycffvdLdazq+//n65viXIq74/uR990QWt2mMwIAAOA4e6ZoWbH/Z7q1/Nlvpz9ue/8fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoG7/BAAA//+ObD7G")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28012, r0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0xe)

4m13.373938991s ago: executing program 3 (id=142):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000001007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setresuid(0xee01, 0xee01, 0x0)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000001340)={0x0, 0x0, &(0x7f0000001300)={&(0x7f0000001280)=ANY=[@ANYBLOB='B'], 0x4c}}, 0x0)
write$binfmt_misc(r2, &(0x7f0000001280), 0x6)

4m12.840984798s ago: executing program 3 (id=143):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x7, 0x0, 0x0, &(0x7f0000000140)='GPL\x00', 0x2, 0x95, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="01000000040000000800000008"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB='ya\x00\x00\x00\x00\x00\x00\x00\x00~'], 0x1c}}, 0x0)

4m10.554396872s ago: executing program 3 (id=145):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x80)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='devpts\x00', 0x0, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x18d811, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
mount$tmpfs(0x0, &(0x7f0000000400)='./file0/../file0\x00', &(0x7f00000001c0), 0x0, 0x0)
umount2(&(0x7f00000002c0)='./file0\x00', 0x0)

4m9.764657983s ago: executing program 3 (id=148):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000002800)={0x24, 0x0, 0x0, &(0x7f0000002780)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0xc, "bd89bc7d"}]}}, 0x0}, 0x0)
syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, 0x0, &(0x7f00000009c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x860}}, 0x0, 0x0, 0x0}, &(0x7f0000000f80)={0x84, &(0x7f0000000b40)={0x40, 0x10}, &(0x7f0000000bc0)={0x0, 0xa, 0x1, 0x5}, 0x0, &(0x7f0000000c40)={0x20, 0x0, 0x4, {0x3, 0x6}}, &(0x7f0000000c80)={0x20, 0x0, 0x4, {0x88, 0x2}}, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000dc0)={0x40, 0x13, 0x6}, 0x0, 0x0, 0x0, &(0x7f0000000ec0)={0x40, 0x1c, 0x1, 0x44}, &(0x7f0000000f00)={0x40, 0x1e, 0x1, 0x8d}, 0x0})
keyctl$search(0xa, 0x0, 0x0, &(0x7f0000000840)={'syz', 0x3}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x41b}}, 0x0, 0x0}, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f1, &(0x7f0000000340)={'sit0\x00', 0x0})
syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="000302000000"], 0x0, 0x0}, 0x0)
syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f0000000080)={0x0, 0x22, 0x7b, {0x7b, 0xc, "a8274cb9df8b2577c54f324a9e0a3aa7d55f99b258f0e0e5306e262cf7cd6e28930f554d58c9e5bd3e022836dcc5c68bc7892f014a87cf6212e59498a097091c49bf20b886f97cfce57d2638701badce4f4a71e77d32416740a5b3d6ff73f35e4383f721785545959a838ff78be05cb61a3a1612951597fdc7"}}, &(0x7f0000000140)={0x0, 0x3, 0x26, @string={0x26, 0x3, "66bb3fbee21d1c7f74b5d1b6337e1e00a988e221f3ed3faee828926e39ebf41385c2ee98"}}, &(0x7f0000001140)={0x0, 0xf, 0x5, {0x5, 0xf, 0x5}}, &(0x7f00000001c0)={0x20, 0x29, 0xf, {0xf, 0x29, 0x10, 0x0, 0xb6, 0x8, "e69e349c", "b91e3954"}}, &(0x7f0000000200)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x3c, 0x8, 0x1, 0xc8, 0x8, 0x0, 0x9}}}, 0x0)

4m8.352052294s ago: executing program 3 (id=161):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004", @ANYRES32=0x1], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0xd, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b5af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000026000000850000000700000095"], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000005c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000640)="d9b9547ed3c0021a6fd6a67ab922", 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

4m7.399253468s ago: executing program 34 (id=161):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004", @ANYRES32=0x1], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0xd, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b5af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000026000000850000000700000095"], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000005c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000640)="d9b9547ed3c0021a6fd6a67ab922", 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

3m55.62510213s ago: executing program 4 (id=202):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb01001800000000000000400000004000000002000000000000000000000f00"], 0x0, 0x5a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)

3m55.266483296s ago: executing program 4 (id=203):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000e00000850000001b000000b700000000fa000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
syz_clone3(&(0x7f0000000680)={0x102000080, 0x0, 0x0, 0x0, {0x24}, 0x0, 0x0, 0x0, 0x0}, 0xa1)

3m54.464079747s ago: executing program 4 (id=205):
r0 = open(&(0x7f00009e1000)='./file0\x00', 0x48141, 0x0)
fcntl$setlease(r0, 0x400, 0x1)
openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x20001, 0x0)
r1 = open(&(0x7f0000000200)='./bus\x00', 0x1612c2, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/locks\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x200)
fcntl$getflags(r0, 0x401)

3m54.27714529s ago: executing program 4 (id=206):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x80)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='devpts\x00', 0x0, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x18d811, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
mount$tmpfs(0x0, &(0x7f0000000400)='./file0/../file0\x00', &(0x7f00000001c0), 0x0, 0x0)
umount2(&(0x7f00000002c0)='./file0\x00', 0x0)

3m52.91344188s ago: executing program 4 (id=207):
r0 = inotify_init1(0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x5, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1d, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r2}, 0x10)
close(r0)

3m49.911055694s ago: executing program 4 (id=211):
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x20241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket(0x400000000010, 0x3, 0xfffffffe)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa1000000000000070100"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0xffffffffffffff8f)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4}, 0x6e)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_int(r4, 0x6, 0x22, 0x0, &(0x7f0000000180))

3m49.748475326s ago: executing program 35 (id=211):
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x20241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket(0x400000000010, 0x3, 0xfffffffe)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa1000000000000070100"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0xffffffffffffff8f)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4}, 0x6e)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_int(r4, 0x6, 0x22, 0x0, &(0x7f0000000180))

2m27.733028987s ago: executing program 7 (id=488):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000040), &(0x7f0000000280)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x18)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r2}, 0x10)
socket$packet(0x11, 0x3, 0x300)

2m27.465248501s ago: executing program 7 (id=491):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r1 = socket$packet(0x11, 0x3, 0x300)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xf, &(0x7f00000006c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x8000}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000040)=r2, 0x4)
syz_emit_ethernet(0x6a, &(0x7f0000000180)={@link_local, @dev, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0x30, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x500, {0x0, 0x6, "508359", 0x2c, 0x0, 0x0, @private1, @private1}}}}}}}, 0x0)

2m27.144946536s ago: executing program 7 (id=495):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x4, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000740), 0x101800, 0x0)
ioctl$RTC_AIE_ON(r2, 0x7001)

2m26.262017519s ago: executing program 7 (id=500):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x80)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
umount2(&(0x7f00000002c0)='./file0\x00', 0x0)

2m26.15640436s ago: executing program 7 (id=501):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000700000000000000000000850000002300000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x8f, &(0x7f00000002c0)=""/143, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000680)='kmem_cache_free\x00', r0}, 0x18)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r3, &(0x7f0000000440)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_INIT(r3, &(0x7f00000001c0)={0x50, 0x0, 0x0, {0x7, 0x2b, 0x4, 0x800000, 0x4, 0x400, 0x5, 0x1, 0x0, 0x0, 0x1, 0x74}}, 0x50)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
getxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)=@known='trusted.overlay.nlink\x00', 0x0, 0x0)

2m25.806229486s ago: executing program 7 (id=504):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f0000000240), 0x1, 0x4b6, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvvW1pKYUWJfFHVBBRNISZdoCGsMKNxhASI3HlAmo7NE1nOk1nirSyKP+DiSSu9E9wYeLChJV7d7pzgwsTVOILfclbzMudmZZSOm3fo8x96Xw+ycm9555hvt/D9J4zPW3nBNC3LkTERkSciIgHETHeuZ50Stxul+xxr189md189WQ2iWbz3n+TVnt2LXb8m8ypznOORMTPfhzxy+TduPW19cWZSqW80qkXG9XlYn1t/epCdWa+PF9eKpWmp6Ynb167UTqyvp6v/vHljxbu/Pwvf/7mi79t/ODXWVpjnbad/ThK7a4PbcfJDEbEnQ8RLAcDnf6cyDsRPpc0Ir4UERez+7+ZdzYAQC80m+PRHN9ZBwCOu7S1Bpakhc5awFikaaHQXsM7F6NppVZvXHlYW12aa6+VTcRQ+nChUp7srBVOxFCS1ada52/qpV31axFxNiJ+M3yyVS/M1ipzeb7xAYA+dmrX/P/RcHv+BwCOuZG8EwAAes78DwD9x/wPAP3H/A8A/cf8DwD9x/wPAP3H/A8AfeWnd+9mpbnZ+fzruUdrq4u1R1fnyvXFQnV1tjBbW1kuzNdq863P7Kke9HyVWm156nqsPi42yvVGsb62fr9aW11q3G99rvf98lBPegUA7Ofs+ef/SCJi49bJVokdezmYq+F4S/NOAMjNQN4JALkZzDsBIDe+xwf22KL3LV1/RejZ0ecC9Mblr1n/h35l/R/6l/V/6F/W/6F/NZuJPf8BoM9Y4wf8/B8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+u7FWSdJCZy/wsUjTQiHidERMxFDycKFSnoyIMxHx9+Gh4aw+lXfSAMB7Sv+ddPb/ujx+aWx364nk4+HWMSJ+9bt7v30802isTGXX/7d9vfGsc72UR/4AwEG25umteXzL61dPZrdKL/N5+cP25qJZ3M1OabcMxmDrOBJDETH6/6RTb8verwwcQfyNpxHx1b36n7TWRiY6O5/ujp/FPt3T+Olb8dNWW/uY/V98+QhygX7zPBt/bu91/6VxoXXc+/4faY1Q729r/Nt8Z/xLt8e/gS7j34XDxrj+1590bXsa8fXBveIn2/GTLvEvHTL+P7/xrYvd2pq/j7gce8ffGavYqC4X62vrVxeqM/Pl+fJSqTQ9NT1589qNUrG1Rl3cWql+139uXTmzX/9Hu8QfOaD/3z1k///wyYNffHuf+N//zt6v/7l94mdz4vcOGX9m9E9dt+/O4s916f9Br/+VQ8Z/8a/1uUM+FADogfra+uJMpVJecdKzk+y92xcgDSe5nWRfAUfxPF/5gKnmPTIBH9qbmz7vTAAAAAAAAAAAAAAAgG568QdPefcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA4+vTAAAA//+0tdao")
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x141442, 0x38)
syz_genetlink_get_family_id$batadv(0x0, r0)
write$UHID_INPUT(r0, &(0x7f0000001a40)={0x8, {"715b1a6a9fca300288d0d6f164694e9be52056879d4f7f9e17a2f387a1e887ad9fea8a741f3a85292a8ca98e1512f586966362501755a16514ded809c856f4e58261695dbfb4d87cd5d13b78c6cf696afecb55cca3e7607479bc2ceded20d446347481aa05e3083992814f23f6ba955daa8c5988fcc3e1f4a1657a94b74a6161fb233fa5146129889ae615315f974fd1e2c6db572e40a4ec1325c81eff25243f2fbe74fc9cc389297c04d98213ca54c33fe33622c7ebe8f6e9712c07be77c43bddb575411faf61123d450d3c608e581d9d1fd5562abd932bbdf7e7d6329df9831959a3c38906aefc04f438f74482b6e4ec9501b6b43d08d910bda46b866e1cdc06b2447775f53c6aa87b73a284167aee5e05fc8d867afd4b6b8c3ec81a23be5df245d8e21aa8a630de4b680f34fee2af9de02aeaf31aa7d15edbee78a2a7a621305217678c619a19d41e927e798df495ff28a6485e978bb29cf5f82e31ee8e142134e0845f5c1eaa9664c7dbbfcfcd9dc0567fd447f25de86bea1c28e8a9973e3d5f00e74d022f2b9a97ff08f404af3911f7f086643bfd9004c2500b1684e73c885374cb382bcb37fc82a31c79991b2547fbbba3c005b4d88825488599a8cf0cdaebb4d137232516c9f897d72d034a5b69d03be108000958495e3c0f9b7b31f7684236be8772de10aef1446909f13fb49b4516d00f889efe72769585f4e1ffaa5fc9c0dbfa7b05efbaa14a3e240cf7603c6a487f4355f92bc22c262f496e2f30eef1b95cf28235c0273f295a136f122539ceccb412f7c08a019efb4c270a417db7deb6973a6d0370df72d12456b2d2187c4abdb632bc6323eaaa10f6e8c829d9b556b04498de35a355907c9a17b99b2effaca8ffbfe486493740f3dded005e8bf91b417e2cde579f9232c04807dd2f2da29faf183dee67430972a0c85ee9e9319a7b55b03b3db7d2623f3b16da80eee507de1f18b298a045f32970903d4ee04f99c8a6c086c93f465ad8493f3f2e057999467ea9755042b593a33f5f909ba7eb4c14be439964ff2c5ff2367710438f2d306e721042b39499b21b034cf9a95048a43e8d96eb88c7e372ee61e7a909b6e947d416b2ac672fa3683771cf6986bda28ccd50c448e31985adf2b836349d8e1ac3ea17dd9256bac1f3c47f39953fceddef2e12b9956ad44347142d836ef531528fd9cbc0c132ac6e270c9f5e4d950d62b788dfb1d537be9629a02f945897bdd5168d73d78ec3a7651465949f5027dcd0affb6b24063499d4afb57b80aa62efaefe607fb9073c79d7083c629bf11a56527fe85a41c3d347c7ef54c85a6e6d046994101ae7627e74d14337a9bb042f5f0aeca0a6199dedb3e4b1aa30760131e8d76d43d9991ac1b3c443b25d7c4c8153d1c7763e6f2fda8c402d97668f6aa61f8e28d568320ed190ca635c74d9948adcaa53776a2db303b848723b414bd192511f557f2a466822acecfa3ce6f9bfd60c0144b1a55294387238fbb196addf0502ee9af4108682d056f8965ce4fca03d8ecdcf5f302eaea2de59bf663b15bf8a20ce874ff7d3958fe6da3301b678c2930129b3cb4413400388a59ae939c58d00003d93a57a980e0f4ef35751e059ef6c06cffa4f5c3f8ba1ba67f0160390ec77311e4e67d921bb40a29d448f274da50115c2c67baa3d6f39f9ddfaf3e67392d9e3802c353f0b855c927d6a45e445f58526a09793bcc2e72163fb1b7a779d99f230bd95e597cacb0b8343dcf1be080f18040fe288b157b01b074d25fe44ab6b3c0362f1931f6b174412a8d6a2a645270e7430b3884ac16930105786e469d1d8bcf9ed4010ee3accf78ecc138a8b11c15798eeb29ef4fc3bc5b376807348e1647148c35a1aa3d7ed05dc3a11274887f04f035837a9ea81fcb5eaccd4f43f2f6bbf3c426f72e1423c9175c2b234be0fd3c40c15e5e35c5c7359c894e95f82797c48fdca7ef07a6fa6f0dd0bb9a24c4a38900be369c27b285c67e60f8814f67d86caba122def954662ae2c6f4f99cfbb55214c61216e8c8f84e9b172129642d754a49c923c6c6f1ba85f6418d9a678517a9a080be7224244f2bc1d99d93ddcb25a3d2e0a6b4b868f877760b019c8c475c3e0b90109c21c309e7bc0ffc48753aeb70e7884c8eac52b2fb8576ae917199bfeea255da4b54667320798db03440fabaebb1e8e181506bf93ac67ba128a14c9dcc45d9f07ddfea21e7da2bf4215bc73e82e9a7187cd5fa7c17f7710f2cdf59bb22ce786328af52f17349c42ca7bce681619246b8b467b7b4c60125ea5687e1cd9bf36a67023759a8baeccb60e84c7102f2844368ea8358f7ac1f9a21c1229eda8a1a273b999a74f39d38e1b6aec92d120f2c4ca0b2852844b5529eb40db91749f221568850f23f089dd704434b6fe736ab7eb67ebd52943000770e0a57c6ff7c1420a225fdeca0cddcf4083a3f5f9fb37490dfdf2c8aae282558c8a4af6ec41f7788d6340053ff69311489323c403becde20ae84c6a8968717e8923c13723be082aab3edd7cf0fd1b2a1f64692911d9e49c4d7d20f8c9364c454fdb51ff376abbae26df57ab7d458772a919879ea7caada2c17fb0cc9d0f377860d8b58fd81952f50d732adc73e470c1f5778a49d7f3d507e5ab5cb798420f3a56d9d3ad76b75e5d41921a7ae04099968867c816f6d44c4a41cefbe31623d6899a00c28454bdc0ea17f284dcb39a0221989e3c2bbcc5556e8f870bbf98be4b57be438797f7b595f35527911371cc324cd4c76d4ea68cfdd1eed120ec16e89e4ec4c5ac28039de8b3aa451e1e55631d599612e94630ad3d67ba79e03c4ff023e8ddfd10c09517df736a01af5488a87f551c7e8e41dd0d0d10c58f3053cbdef2c4fd72e51c2d9724360687ab6d0395023626bbfcab24737a50bb27d78ebfe11b5e40a71b2141254074b3dca3cf45456ea1860704b0d5da04710667bf6454c81b33b5b429d2764afd13338d60b928140c05e0b7f41c6fb1961961edfa959b911216ca2357d8171b3673b454b5017bbf34dabdf5fd0d7fb602399ec434f40bc04566d6e418713cc7e849b7deb3ef014b8ec7a602000000000000000340d0bbf09a6965013c68317d7a2e07bcd3bcaa7cd2cbf34d64534e1ff9cb4ba32d9a5cde63e2da7dfdfcc86886a0ee01fa0d95b78a12085d6dfb62d622049286d628a8950b55dc71058b6dec200049738824a8200023be3f93e740f2a8d241e57deeb642ff28140eed1424db3cf2fafdd8a7d9fc80a7a54da30029ef65df2e7900059ab1141985376e7f9f46e712b4536ed4e0629d284f56eef0906d21536427333d8a7d6d7e74591031a526eea16a627c5d9f399ec4628a26d9812b68b501716b602564504ab8f16e76a19c608ac550fa52fb80af1e81b48abf13c9996cf47f34d8e943b7d48de31c0d5d794af157c16209d3c0632c2801ab17f05de2c2fb9b9b8c0a257c18a832ac743c9341042af1e56619154fc4f7b20c8de3edbb1636f0a098ed6f6858c27905b00798fd8bedda5eaeeb12ff19943dad0a7f069a9e01dfc9730568784a07c0a6b01623b11a1e6f86cab4d95bf256cd28b00c17b5df66dd4c393471f0f18c68aeae404f5f3fb66bbfd62f1511b35caddad004408fe3b182edf81ad50ac3a639121236968c6be1ba7f7bee6409a91f4c7caf077c2a94c6d8d547cc680a1d7e6cd57c326e7a2f642ab76591565c5f4271cbf64ed2be12d770e927cba3cfa0fb89452285a69fe205bc9943eee4466ca8f9998997e2c1a1fe782c9e2241c51dc008bb8f6fe9a49edefae6f43d3e0cd207439745dfd4c347058a4ec3c3fbd56f3108b9a034600f78dc5c889621a6b78e2f7256034d53ae7877de459b6895d5849eb4a8099a62a4bd50d5b4d48cf82fae64985e1e22435fe5d505000000ed5d8ee03a6d1675b7b75d47b8e20a44c05812b36cc2e31947a02c48262c5a875e562dbd4a1a8d045a37afabb28079d3904f53d466e5abab09b8e5e0a56dbae4c4cd9bc6640b47cc6616b2e7cf19c6e9591d32ab0cf87880c81d63948a508ad0cbd50e348d399daf51efb2b96ef9d56a8ba89d04bf5e7d4f7353f71d1a6cb78da6644574664d08e848cf0000b16d6acf70f072a02578ab02b3209fe8a06dad5c741cb5eb483f809c4c35307595f00d00bf6a1474aef94cfe913d08c612387172aabc802c17753c6ccd752eaa81e7eefd61c037f958e23bcb9c1510ea47bcaefa72f070809de9f79faede74c87231411b17b357382974bcd334cf983c85ad9e1844cdbd9181a5bb976c35b6a638ae8dd20119858f8c525d735779b2f8e244ed2fc0d900445fe1fe775b4bcb1d2e8d4577d6234ddfcad7fe7abf716d9f4b4a6ee83be812cdda17ec43a895a5c03e5359cce3de61d9736f8a4d66051891b1431f2e61a324f252bd0e9b32e23bd31a5405642bbd2cdc5d3e45b56530568f05a72d475a7d3505b26d9fcdaeb30a62ddf09bcd9e59c1f34e375149782b8019a7a9883fd93397acb338af428f1e015a671b5c11651d3c0168f747fdc6e1fb084bdcbd760adce881492b2bbb76c0a1327e76c9c7ce0afff2f80ec30f2be04d9f93a9b291cc01bcc03f7b67e16a7f1bcc838aab9240df99691a2781da614fdcecf5115382e1357460f4b8e3a577d3ae922379eadc2416d40028c785905bb43a41f5fb7189a8704b8e492c86bd82d0560f81796693e74f08739b632e5226d3c3a963caf5db455ac20288d472611e7dc243531fd66718e94daa2bf93a30a38e6a497a50f2472a72bf9c4689e54105c44cd074bb87e087735791b436d6553c5f2b61ff75dc64ba597b77f7ea42a0ec14dc08107e7bbe97ae519beb5e18a8859493afd097d4609a3a2025fe9603b85f2b1350336d92e15d0bdea3a42bb8775ff2b38bab72ec27e77452c93a05a798ec789a6a012047481ea8e1a8dfc77a9f0f6ddebb9f3503702b147f663f01f70cdfc29afe0cfd7823823fa2e139ea7d1a010a67bb3a31e620aff5cbe1a99ac3cd0f91c472dd021213edf5a9225941b575e27f99c0cb94eb9598a443ec7665335305895ebc28e3f8d34adf6aa37084f823d293ba9dcb2f73d88457d0a55c9202dd309a9b36daa4e50c8f9c93ec7644a7a730b6b947f0f2381a34d67bce50e790a7655a34a2f70723f360af014befa4fd3dbbb8bc2f1461eb48b987b8b772b3ad31a1077c59ef45e4b2870739454ef56402115ab427527e67b6a6a97b2bb3d7a2c13d2a55d1032a64b83efc13939589e46abd78bcc493529cf38581fe3160b2c6eb5a9ac6cee0b05618e51450af077fba0dc943089f112e67a2c654ad94157e95295219d0bbab3a02a2c9ec08ce9d904a703760dc41a7943d5230391c2e19aff36c390365cfd796434c3decf733d8f09789af0b990f4f9b791cf0d677f34d85fc2b3583b21737955cbaa098963bfa39755f335329f265db75c5d406a0a91ed76563a3ed5f3d2877c2b4b81dc1eaccde6d642c0d8791482e27c64103fc87a55ae91e7adf49ddc1dace5c3108d6a496d678ec5ba09b2a9e6990cb63ac3e4b787661800d11c73da87bf5d297c1fb531aa105d30464b0e023e4212a0d4a0ac119c1568280d49d084729e680a0f453a725ed08454fa874cf22f5718e2afd995a1d7a9ae92e0a49307f1b322367dc12b3673708024a85fcc643bd00", 0x1000}}, 0x1006)

2m25.692439797s ago: executing program 36 (id=504):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f0000000240), 0x1, 0x4b6, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvvW1pKYUWJfFHVBBRNISZdoCGsMKNxhASI3HlAmo7NE1nOk1nirSyKP+DiSSu9E9wYeLChJV7d7pzgwsTVOILfclbzMudmZZSOm3fo8x96Xw+ycm9555hvt/D9J4zPW3nBNC3LkTERkSciIgHETHeuZ50Stxul+xxr189md189WQ2iWbz3n+TVnt2LXb8m8ypznOORMTPfhzxy+TduPW19cWZSqW80qkXG9XlYn1t/epCdWa+PF9eKpWmp6Ynb167UTqyvp6v/vHljxbu/Pwvf/7mi79t/ODXWVpjnbad/ThK7a4PbcfJDEbEnQ8RLAcDnf6cyDsRPpc0Ir4UERez+7+ZdzYAQC80m+PRHN9ZBwCOu7S1Bpakhc5awFikaaHQXsM7F6NppVZvXHlYW12aa6+VTcRQ+nChUp7srBVOxFCS1ada52/qpV31axFxNiJ+M3yyVS/M1ipzeb7xAYA+dmrX/P/RcHv+BwCOuZG8EwAAes78DwD9x/wPAP3H/A8A/cf8DwD9x/wPAP3H/A8AfeWnd+9mpbnZ+fzruUdrq4u1R1fnyvXFQnV1tjBbW1kuzNdq863P7Kke9HyVWm156nqsPi42yvVGsb62fr9aW11q3G99rvf98lBPegUA7Ofs+ef/SCJi49bJVokdezmYq+F4S/NOAMjNQN4JALkZzDsBIDe+xwf22KL3LV1/RejZ0ecC9Mblr1n/h35l/R/6l/V/6F/W/6F/NZuJPf8BoM9Y4wf8/B8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+u7FWSdJCZy/wsUjTQiHidERMxFDycKFSnoyIMxHx9+Gh4aw+lXfSAMB7Sv+ddPb/ujx+aWx364nk4+HWMSJ+9bt7v30802isTGXX/7d9vfGsc72UR/4AwEG25umteXzL61dPZrdKL/N5+cP25qJZ3M1OabcMxmDrOBJDETH6/6RTb8verwwcQfyNpxHx1b36n7TWRiY6O5/ujp/FPt3T+Olb8dNWW/uY/V98+QhygX7zPBt/bu91/6VxoXXc+/4faY1Q729r/Nt8Z/xLt8e/gS7j34XDxrj+1590bXsa8fXBveIn2/GTLvEvHTL+P7/xrYvd2pq/j7gce8ffGavYqC4X62vrVxeqM/Pl+fJSqTQ9NT1589qNUrG1Rl3cWql+139uXTmzX/9Hu8QfOaD/3z1k///wyYNffHuf+N//zt6v/7l94mdz4vcOGX9m9E9dt+/O4s916f9Br/+VQ8Z/8a/1uUM+FADogfra+uJMpVJecdKzk+y92xcgDSe5nWRfAUfxPF/5gKnmPTIBH9qbmz7vTAAAAAAAAAAAAAAAgG568QdPefcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA4+vTAAAA//+0tdao")
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x141442, 0x38)
syz_genetlink_get_family_id$batadv(0x0, r0)
write$UHID_INPUT(r0, &(0x7f0000001a40)={0x8, {"715b1a6a9fca300288d0d6f164694e9be52056879d4f7f9e17a2f387a1e887ad9fea8a741f3a85292a8ca98e1512f586966362501755a16514ded809c856f4e58261695dbfb4d87cd5d13b78c6cf696afecb55cca3e7607479bc2ceded20d446347481aa05e3083992814f23f6ba955daa8c5988fcc3e1f4a1657a94b74a6161fb233fa5146129889ae615315f974fd1e2c6db572e40a4ec1325c81eff25243f2fbe74fc9cc389297c04d98213ca54c33fe33622c7ebe8f6e9712c07be77c43bddb575411faf61123d450d3c608e581d9d1fd5562abd932bbdf7e7d6329df9831959a3c38906aefc04f438f74482b6e4ec9501b6b43d08d910bda46b866e1cdc06b2447775f53c6aa87b73a284167aee5e05fc8d867afd4b6b8c3ec81a23be5df245d8e21aa8a630de4b680f34fee2af9de02aeaf31aa7d15edbee78a2a7a621305217678c619a19d41e927e798df495ff28a6485e978bb29cf5f82e31ee8e142134e0845f5c1eaa9664c7dbbfcfcd9dc0567fd447f25de86bea1c28e8a9973e3d5f00e74d022f2b9a97ff08f404af3911f7f086643bfd9004c2500b1684e73c885374cb382bcb37fc82a31c79991b2547fbbba3c005b4d88825488599a8cf0cdaebb4d137232516c9f897d72d034a5b69d03be108000958495e3c0f9b7b31f7684236be8772de10aef1446909f13fb49b4516d00f889efe72769585f4e1ffaa5fc9c0dbfa7b05efbaa14a3e240cf7603c6a487f4355f92bc22c262f496e2f30eef1b95cf28235c0273f295a136f122539ceccb412f7c08a019efb4c270a417db7deb6973a6d0370df72d12456b2d2187c4abdb632bc6323eaaa10f6e8c829d9b556b04498de35a355907c9a17b99b2effaca8ffbfe486493740f3dded005e8bf91b417e2cde579f9232c04807dd2f2da29faf183dee67430972a0c85ee9e9319a7b55b03b3db7d2623f3b16da80eee507de1f18b298a045f32970903d4ee04f99c8a6c086c93f465ad8493f3f2e057999467ea9755042b593a33f5f909ba7eb4c14be439964ff2c5ff2367710438f2d306e721042b39499b21b034cf9a95048a43e8d96eb88c7e372ee61e7a909b6e947d416b2ac672fa3683771cf6986bda28ccd50c448e31985adf2b836349d8e1ac3ea17dd9256bac1f3c47f39953fceddef2e12b9956ad44347142d836ef531528fd9cbc0c132ac6e270c9f5e4d950d62b788dfb1d537be9629a02f945897bdd5168d73d78ec3a7651465949f5027dcd0affb6b24063499d4afb57b80aa62efaefe607fb9073c79d7083c629bf11a56527fe85a41c3d347c7ef54c85a6e6d046994101ae7627e74d14337a9bb042f5f0aeca0a6199dedb3e4b1aa30760131e8d76d43d9991ac1b3c443b25d7c4c8153d1c7763e6f2fda8c402d97668f6aa61f8e28d568320ed190ca635c74d9948adcaa53776a2db303b848723b414bd192511f557f2a466822acecfa3ce6f9bfd60c0144b1a55294387238fbb196addf0502ee9af4108682d056f8965ce4fca03d8ecdcf5f302eaea2de59bf663b15bf8a20ce874ff7d3958fe6da3301b678c2930129b3cb4413400388a59ae939c58d00003d93a57a980e0f4ef35751e059ef6c06cffa4f5c3f8ba1ba67f0160390ec77311e4e67d921bb40a29d448f274da50115c2c67baa3d6f39f9ddfaf3e67392d9e3802c353f0b855c927d6a45e445f58526a09793bcc2e72163fb1b7a779d99f230bd95e597cacb0b8343dcf1be080f18040fe288b157b01b074d25fe44ab6b3c0362f1931f6b174412a8d6a2a645270e7430b3884ac16930105786e469d1d8bcf9ed4010ee3accf78ecc138a8b11c15798eeb29ef4fc3bc5b376807348e1647148c35a1aa3d7ed05dc3a11274887f04f035837a9ea81fcb5eaccd4f43f2f6bbf3c426f72e1423c9175c2b234be0fd3c40c15e5e35c5c7359c894e95f82797c48fdca7ef07a6fa6f0dd0bb9a24c4a38900be369c27b285c67e60f8814f67d86caba122def954662ae2c6f4f99cfbb55214c61216e8c8f84e9b172129642d754a49c923c6c6f1ba85f6418d9a678517a9a080be7224244f2bc1d99d93ddcb25a3d2e0a6b4b868f877760b019c8c475c3e0b90109c21c309e7bc0ffc48753aeb70e7884c8eac52b2fb8576ae917199bfeea255da4b54667320798db03440fabaebb1e8e181506bf93ac67ba128a14c9dcc45d9f07ddfea21e7da2bf4215bc73e82e9a7187cd5fa7c17f7710f2cdf59bb22ce786328af52f17349c42ca7bce681619246b8b467b7b4c60125ea5687e1cd9bf36a67023759a8baeccb60e84c7102f2844368ea8358f7ac1f9a21c1229eda8a1a273b999a74f39d38e1b6aec92d120f2c4ca0b2852844b5529eb40db91749f221568850f23f089dd704434b6fe736ab7eb67ebd52943000770e0a57c6ff7c1420a225fdeca0cddcf4083a3f5f9fb37490dfdf2c8aae282558c8a4af6ec41f7788d6340053ff69311489323c403becde20ae84c6a8968717e8923c13723be082aab3edd7cf0fd1b2a1f64692911d9e49c4d7d20f8c9364c454fdb51ff376abbae26df57ab7d458772a919879ea7caada2c17fb0cc9d0f377860d8b58fd81952f50d732adc73e470c1f5778a49d7f3d507e5ab5cb798420f3a56d9d3ad76b75e5d41921a7ae04099968867c816f6d44c4a41cefbe31623d6899a00c28454bdc0ea17f284dcb39a0221989e3c2bbcc5556e8f870bbf98be4b57be438797f7b595f35527911371cc324cd4c76d4ea68cfdd1eed120ec16e89e4ec4c5ac28039de8b3aa451e1e55631d599612e94630ad3d67ba79e03c4ff023e8ddfd10c09517df736a01af5488a87f551c7e8e41dd0d0d10c58f3053cbdef2c4fd72e51c2d9724360687ab6d0395023626bbfcab24737a50bb27d78ebfe11b5e40a71b2141254074b3dca3cf45456ea1860704b0d5da04710667bf6454c81b33b5b429d2764afd13338d60b928140c05e0b7f41c6fb1961961edfa959b911216ca2357d8171b3673b454b5017bbf34dabdf5fd0d7fb602399ec434f40bc04566d6e418713cc7e849b7deb3ef014b8ec7a602000000000000000340d0bbf09a6965013c68317d7a2e07bcd3bcaa7cd2cbf34d64534e1ff9cb4ba32d9a5cde63e2da7dfdfcc86886a0ee01fa0d95b78a12085d6dfb62d622049286d628a8950b55dc71058b6dec200049738824a8200023be3f93e740f2a8d241e57deeb642ff28140eed1424db3cf2fafdd8a7d9fc80a7a54da30029ef65df2e7900059ab1141985376e7f9f46e712b4536ed4e0629d284f56eef0906d21536427333d8a7d6d7e74591031a526eea16a627c5d9f399ec4628a26d9812b68b501716b602564504ab8f16e76a19c608ac550fa52fb80af1e81b48abf13c9996cf47f34d8e943b7d48de31c0d5d794af157c16209d3c0632c2801ab17f05de2c2fb9b9b8c0a257c18a832ac743c9341042af1e56619154fc4f7b20c8de3edbb1636f0a098ed6f6858c27905b00798fd8bedda5eaeeb12ff19943dad0a7f069a9e01dfc9730568784a07c0a6b01623b11a1e6f86cab4d95bf256cd28b00c17b5df66dd4c393471f0f18c68aeae404f5f3fb66bbfd62f1511b35caddad004408fe3b182edf81ad50ac3a639121236968c6be1ba7f7bee6409a91f4c7caf077c2a94c6d8d547cc680a1d7e6cd57c326e7a2f642ab76591565c5f4271cbf64ed2be12d770e927cba3cfa0fb89452285a69fe205bc9943eee4466ca8f9998997e2c1a1fe782c9e2241c51dc008bb8f6fe9a49edefae6f43d3e0cd207439745dfd4c347058a4ec3c3fbd56f3108b9a034600f78dc5c889621a6b78e2f7256034d53ae7877de459b6895d5849eb4a8099a62a4bd50d5b4d48cf82fae64985e1e22435fe5d505000000ed5d8ee03a6d1675b7b75d47b8e20a44c05812b36cc2e31947a02c48262c5a875e562dbd4a1a8d045a37afabb28079d3904f53d466e5abab09b8e5e0a56dbae4c4cd9bc6640b47cc6616b2e7cf19c6e9591d32ab0cf87880c81d63948a508ad0cbd50e348d399daf51efb2b96ef9d56a8ba89d04bf5e7d4f7353f71d1a6cb78da6644574664d08e848cf0000b16d6acf70f072a02578ab02b3209fe8a06dad5c741cb5eb483f809c4c35307595f00d00bf6a1474aef94cfe913d08c612387172aabc802c17753c6ccd752eaa81e7eefd61c037f958e23bcb9c1510ea47bcaefa72f070809de9f79faede74c87231411b17b357382974bcd334cf983c85ad9e1844cdbd9181a5bb976c35b6a638ae8dd20119858f8c525d735779b2f8e244ed2fc0d900445fe1fe775b4bcb1d2e8d4577d6234ddfcad7fe7abf716d9f4b4a6ee83be812cdda17ec43a895a5c03e5359cce3de61d9736f8a4d66051891b1431f2e61a324f252bd0e9b32e23bd31a5405642bbd2cdc5d3e45b56530568f05a72d475a7d3505b26d9fcdaeb30a62ddf09bcd9e59c1f34e375149782b8019a7a9883fd93397acb338af428f1e015a671b5c11651d3c0168f747fdc6e1fb084bdcbd760adce881492b2bbb76c0a1327e76c9c7ce0afff2f80ec30f2be04d9f93a9b291cc01bcc03f7b67e16a7f1bcc838aab9240df99691a2781da614fdcecf5115382e1357460f4b8e3a577d3ae922379eadc2416d40028c785905bb43a41f5fb7189a8704b8e492c86bd82d0560f81796693e74f08739b632e5226d3c3a963caf5db455ac20288d472611e7dc243531fd66718e94daa2bf93a30a38e6a497a50f2472a72bf9c4689e54105c44cd074bb87e087735791b436d6553c5f2b61ff75dc64ba597b77f7ea42a0ec14dc08107e7bbe97ae519beb5e18a8859493afd097d4609a3a2025fe9603b85f2b1350336d92e15d0bdea3a42bb8775ff2b38bab72ec27e77452c93a05a798ec789a6a012047481ea8e1a8dfc77a9f0f6ddebb9f3503702b147f663f01f70cdfc29afe0cfd7823823fa2e139ea7d1a010a67bb3a31e620aff5cbe1a99ac3cd0f91c472dd021213edf5a9225941b575e27f99c0cb94eb9598a443ec7665335305895ebc28e3f8d34adf6aa37084f823d293ba9dcb2f73d88457d0a55c9202dd309a9b36daa4e50c8f9c93ec7644a7a730b6b947f0f2381a34d67bce50e790a7655a34a2f70723f360af014befa4fd3dbbb8bc2f1461eb48b987b8b772b3ad31a1077c59ef45e4b2870739454ef56402115ab427527e67b6a6a97b2bb3d7a2c13d2a55d1032a64b83efc13939589e46abd78bcc493529cf38581fe3160b2c6eb5a9ac6cee0b05618e51450af077fba0dc943089f112e67a2c654ad94157e95295219d0bbab3a02a2c9ec08ce9d904a703760dc41a7943d5230391c2e19aff36c390365cfd796434c3decf733d8f09789af0b990f4f9b791cf0d677f34d85fc2b3583b21737955cbaa098963bfa39755f335329f265db75c5d406a0a91ed76563a3ed5f3d2877c2b4b81dc1eaccde6d642c0d8791482e27c64103fc87a55ae91e7adf49ddc1dace5c3108d6a496d678ec5ba09b2a9e6990cb63ac3e4b787661800d11c73da87bf5d297c1fb531aa105d30464b0e023e4212a0d4a0ac119c1568280d49d084729e680a0f453a725ed08454fa874cf22f5718e2afd995a1d7a9ae92e0a49307f1b322367dc12b3673708024a85fcc643bd00", 0x1000}}, 0x1006)

1m58.668924193s ago: executing program 9 (id=628):
write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r1}, 0x10)
execve(0x0, 0x0, 0x0)

1m58.592725374s ago: executing program 9 (id=631):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000010000000a00000008"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000100), &(0x7f0000000140)='%pK    \x00'}, 0x20)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="180200000000000000000000000000008500000017000000950000000000000060bda108010da26a15544b2a4c738e0fa0f897aa278b325764f2dcd6b865984f599ffe6cad199d36bc80e98b17249acf845992d69cc4a092d0655f0e225d2f568bd76a618d10b49d26440819e5f1e36c54"], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r4, r1, 0x25, 0x0, @void}, 0x10)
syz_emit_ethernet(0xfdef, &(0x7f0000000380)=ANY=[], 0x0)

1m57.588638248s ago: executing program 9 (id=637):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000240)={'wg0\x00'})
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="7f454c4600020906ffffffffffffffff03003e0000000000000100000000000040000000000000009a010000000000000000000000003800030000000100000051e574640900000087000000000000000e0000000000000000000000000000800500000000000000bf04000000000000ffffffffffffffff0700000003000000ff030000000000000300000000000000050000000000000005000000000000000000000000000010040000000000000003"], 0xe8)
close(r1)
execveat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0, 0x0)

1m57.192675444s ago: executing program 9 (id=642):
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000001c0)='./file1\x00', 0x3014850, &(0x7f00000006c0)={[{@noquota}, {@barrier_val={'barrier', 0x3d, 0x1000}}, {@grpjquota}, {@noauto_da_alloc}, {@dioread_lock}]}, 0x3, 0x4c5, &(0x7f0000001cc0)="$eJzs3U1rW1caAOD3ynbiJM7YmZlFJjCZMJPBCTOR7HiSmFlkPFDaVaBpunddWzbGsmUsOYlNKA79AYXSL9pVV90Uui6Fkp9QCoF2X0ppCW2SLrpoqyL5qkld+YtYVmI9Dxzfcz+k9z0W90hH56IbQNs6EREjEdEREacjojfdnklLrKyW6nH37t4Yr5YkKpUr3yaRpNvqz5Wky0Ppw7oj4rlnIl5Mfh+3tLQ8M1Yo5BfS9Vx5dj5XWlo+Mz07NpWfys+NDA2eH74wfG54YMfaevGpr9545b2nL37872tfjH5z6qVqWj3pvofbsRUrWzxuteldtf9FXWdELGwn2GOsI21PV6sTAQBgS6qf8f8YEX+PiPtvtzobAAAAoBkq/+uJH5OICgAAALBnZWrXwCaZbHotQE9kMtns6jW8f46DmUKxVP7XZHFxbmL1Wtm+6MpMThfyA+m1wn3RlVTXB2v1B+tn16wPRcSRiHit90BtPTteLEy0+ssPAAAAaBOH1oz/v+9dHf8DAAAAe0xfqxMAAAAAms74HwAAAPa+dcf/SefuJgIAAAA0w7OXLlVLpX7/64mrS4szxatnJvKlmezs4nh2vLgwn50qFqdqv9k3u9nzFYrF+f/E3OL1XDlfKudKS8ujs8XFufJo7b7eo3n3iQYAAIDdd+Rvtz5PImLlvwdqpWpfum8LY/WR5mYHNFNme4cnzcoD2H0drU4AaBkX+EL7Mh8PbDKwf33N+ja/NgAAAB4H/X95pPl/84HwBDOQh/Zl/h/al/l/aF/m/6HN7d/8kO71dnyyw7kAAABN01MrSSabzgX2RCaTzUYcrt0WoCuZnC7kByLiDxHxWW/X/ur6YKuTBgAAAAAAAAAAAAAAAAAAAAAAAIAnTKWSRAUAAADY0yIyXyfpjfz7e0/2rP1+YF/yQ29tGRHX3rny5vWxcnlhsLr9u1+3l99Kt5+tbwEAAABaqT5Or4/jAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAn3bt7Y7xedjPunf9HRF+j+J3RXVt2f9gbEQfvJ9H50OOSiOjYgfgrNyPiaKP4STWt6EuzWBs/ExEHWhz/0A7Eh3Z2q9r/jFTPv641518mTtSWjc+/zrQ8qjsn1uv/MvX+r9bPNer/Dm/81N31yrHbH+TWjX8z4lhn4/6nHj95xP73heeXl9fbV3k3on+T959qrFx5dj5XWlo+Mz07NpWfys8NDQ2eH74wfG54IDc5XcinfxvGePWvH/28UfsPNoy/2v9u1P6TW2z/T7ev3/3TBvFP/aPx6390g/jV//0/0/eB6v7+en1ltf6w4+9/enyj9k+s0/7NXv9TW2z/6csvf7nFQwGAXVBaWp4ZKxTyCyoqKnuvcjk90bf98BZ3TAAAwI578KG/1ZkAAAAAAAAAAAAAAAAAAABA+2r6j5Dt/+0vC3S3rqkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABv6JQAA///dfdKW")
syz_mount_image$ext4(&(0x7f0000000880)='ext2\x00', &(0x7f0000000000)='./file1\x00', 0x21000e, &(0x7f0000000380), 0xde, 0x52d, &(0x7f0000001500)="$eJzs3c1vHGcZAPBnxrvBaVzsAodSqR+iQUkF2Y1r2loc2iIQt0qgcg+WvbGsrLORd93GVgWO+AOQEIJKnDhxQeLGBQnlT0BIlcgdAQIhSOHAARg0s7Ops8wmtrIfqf37Se/uO+/szvO8G+/sOx+ZCeDUeiEi3oyIuYh4KSIWy/a0LHHQL/nrPrz73npe8ua3/5ZEUrZFFNV7zpVvm+8/Veru7V9ba7dbO+V0s7d9o9nd27+0tb222dpsXV9ZWX519bXVV1Yvj6Wfeb9e/9qffvT9n3399V9/8d3fX/nLxe/kSX+1nD/o1/gUn17cKR7r+WdxTy0idsYbbGbmyv7UZ50IAABHko9SPxURnyvG/4sxV4zmCsNDuvnpZwcAAACMQ/bGQvw7icgAAACAE+uNiFiIJG2U5wIsRJo2Gv1zeD8TT6TtTrf3haud3esb+byIpainV7farcvlObVLUU/y6eWi/tH0y0PTKxHxVET8cPFsMd1Y77Q3Zr3zAwAAAE6Jc0Pb//9c7G//AwAAACfM0qwTAAAAACZu1PZ/MuU8AAAAgMlx/B8AAABOtG+89VZessH9rzfe2du91nnn0kare62xvbveWO/s3GhsdjqbxTX7th+0rHpEtDudG1+K2L3Z7LW6vWZ3b//Kdmf3eu/KlvsHAgAAwKw89fztO0lEHHz5bFFyZ/KHuRFvcK4AnBjpcV78x8nlAUzfqJ/5IzgzzjyA6avNOgFgdg5mnQAwa/dd6qNiUHD45J379hn8ZnI5AQAA43Xhs7fvfLfi+H+tPJ8fOLmOdfwfOFEe4fg/8DHn+D+cXvVjjQBuTTATYFYedquPkRfvqDr+X3lmcJY9dFkAAMBELRTl+bRRHgtciDRtNCKeLP6rfz25utVuXY6IT0bE7xbrn8inl4t3Jm4PCAAAAAAAAAAAAAAAAAAAAAAAAABHlGVJZAAAAMCJFpH+OSnv/3Vh8fzC8P6BM8m/FqO8pde7P3n7xzfXer2d5bz97/fae++X7S/PYg8GAAAAnEa1B84dbKcPtuMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJw+vPve+qBMM+5fvxIRS1XxazFfPM9HPSKe+EcStUPvSyJibgzxD25FxNNV8ZM8rVgqsxiOn0bE2enEfzbLssr458YQH06z2/n6582q718aLxTP1d//Wlke1X3rvzO/PDQnvbf+mxux/nvyiDGe+eAXzZHxb0U8U6te/wziJyPiv1i1wIoP5dvf2t//v8b+wiP7acSFyt+f5L5Yzd72jWZ3b//S1vbaZmuzdX1lZfnV1ddWX1m93Ly61W6Vj1Uh4gfP/uq/Q9H/k/UV/Y8R8Zce0v/zeaV+qDEbDlMG++Dm3U/3q/WhRRTxL75Y/ff39APi538Tny9/B/L5Fwb1g379sOd+/tvnKhMr42+M6P/D/v0vjlrokJe++b0/HPGlAMAUdPf2r621262diVfez7JsWrGOXon0qC8uhotT/cSmWxmM7iYWYv5x6emUK+cfjzSOUxnHni0AAOBx89Ggf9aZAAAAAAAAAAAAAAAAAAAAwOnV3Yt00pcTG455MJuuAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA80P8CAAD//yOS2ac=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r1, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0x40305829, &(0x7f00000003c0)={0x17c04, 0xffffffffffffffff, 0x4ea, 0x10001, 0x0, 0x8})

1m54.06626292s ago: executing program 9 (id=654):
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000000d00)=ANY=[@ANYRES32=0x0, @ANYRESOCT, @ANYRES16=0x0, @ANYBLOB="b022fd84099290ab8ebe39cfc17f80bc2926131e9437a1dea9ca1756900531c14b67f7a9edd0d80c7c73649053153a8d8db6d3c0d3b3fa951f57d14071b61a27d968a0ae7bd580d2d9fd9034451c3ecffae80b234e72fb11e3a60c1208bd5262c5009e3e45582ed4203850292ed682fc5e26f5c2af47718ee5b4f2ed68f0b21b813ec22c4c61d3f22f5a01ebea6c484d8ef4ca90180b4587e0bee2f782fef574aa1e0ebc5d9e42452910d03c12feff7848f72ac5430476b9dc2457a09efdc6f181c408abe7b30cccd2c8fb85389e1cacd4f4b29a3d4a55941bf1bb416203732d6712d5a89470876ae6daec66f3fe1b39982c2781b115e20af7ce0a0c7c77db1073adc6e11597bd9f540f90f60b92dc84a5c764379c0b9426ff4f547182502633aa754dcfc63e46c7cef8e3a0c29bf5184ac150e90d884c59cba3dae7c531fb114534292629d8532c0f67ee37f2c349ea8f28199aff2aa335df5db411287a73adfbfff212cf7b6d277a361c55af160d98b5c3db84da37d80e07269c33f60f111ec3c09d8843e1f5499e71de9b48882b9415d45b20393888ec49f307d535580947b5a5b40b465382aa4a579f317d91792f8ed70e9401863bc0a21d7e15f828ae8f13c673a30cba6f10f89c8a018cc8bbe7072ffe1c5d4ef11f0f82cf967faef8608f8b289245f87607917b0c2578dbbe5186ac78b8cd9a5aff567aebe8a73dd547fdc503885a2df4953f3497688b7b1ede6a2e529b25ecc246a7bcb00077059d7e0100aa20cb4d1dbac6eec0a9f803601c799eddb9b271f0530842291167abffb982fe47a496e884ee3c17850f970cb3ac3342b832b8b984e2eb4836afb7727f7310a347add2a1094cfff7b44516593bbf15f3a9e0e2a788e99bdec6706ae9a39b4f8983ae38d4cdf866d9670de91036ea86646f195ec4b4ce462ea624b8875825262a301f9235496b935506109287bbcf4754e3fa637428a2e39a80cd07ffafd756839abddc721421754fcae705ab432fcdd6f3c004dfad9e6bfa87746dd41649dcd2bf1728a3d6d2ddf27a52957422a27f9e478530873d9f1861b71f2378540648b171bcbd44533723ae1a89e56e2f570c0571eb3c66fac65e3abad003a828f2d21cc990e57b80dd3762fe1204eb320591d6a93f9052b80494b2f52ad89d6374cf33040e2484c3384946450bb65835d65bebb4a91c0f82e598e5aa7ff9ba79f27bbd46240287721d2759fa24cec97658d8f17b3f424293f7253b74dae4b966c8089c546936953d8ce63463c26f1e296f56e17e7f890b6001ed5d9f739036842e989b40c02d3fe5227b1fb08a98f1b1f0c336346698e70171e74e40c5304a356b29c947672f8a0535b7ce3a66b276d09ca3d9fff030e41598649a310875f5b5801c471182c1f617c907f06b5f36a1f9294b0f4a95d0fc98682b1e38f2f94fb08f20c5e5c7afaa9fbbd84734a98dd9b33188f6b79334b09ca8e2de56457242f904b114a2c313b193fe421d7fa97da5ab77f363e83b4698bf903022d13826ded79a905f07f97dc0fc4cc290b969ee37075a4a80a0d86d0696eeea2048ebd1a97f8319b3342e515ae5c9e25ee933d926ae0f31af55aeb07da6508756ac9549ba8bbc0095a17cb647df12f926e595a531d7208ef75cfd6239f65a0584121c75e00f7c77990b90e6350b1a84eba4430979bb726ab02050573af29156bed8e243527593dc0c6de41d0b6775818a96ee97d153826a217e8d7e88c6c44baa781a495afeba3882a06f5b1a87b1e8ee1edf404ac3ade6f5af1f6cd22c01506b5f84befb55c86f79b56e4d5754be8f564f57852f991c2275cbf55937666e022c2b2f0d020156152377859b345f74fe66791421e5571a7900df89c9bef5c3cb19113fae5d524ae2edea5ca91baf096c02e1e860c9b5a97882da598ef1e39fcb61d83f997675a772ac37c0fbe65a9d379b9204a915fdb6a7c7cdbd14c0893cd5e8cfd56f4021756d6c6a25b258a69922a41f3c7bc43b69f46293b381a27ae5a3cfcf2526f8eadcb540ec87d6009d6a2939882140f9a447c5be4328a0681aa3002f6a9dfd836b362fb1d423d7c9571aeb50e2a6acb9ab4e85574baf27b1028db0f6647aa7fe995c1fbf8ab422bb15acf9ae6de73972c9549cb601297bbb1c740e8761af16c4785c4827b5dc5e52f4a82000f6f87670ec19fea4e04e564fc83c0ccf1b7fa2bb9ac3e56addfa7f5f6d1d3d3c92dea5de9fa42f1414a769b0cdc40e306fee0ad66573628b83a07fe087fcb3377848e1a7869e592c83bb594284da28a4f5db381059d56e5d4989042dadbbe6000b66184ca8fe9d293f6c70988f3d7b8ee00546a21aaeca498ae06fa7becc5a55914c7a1ab714d955a8b0bd72e8d6bbf4dd451b525fcbc9fb5c10747dee3c755d39be5c2d52345c56185a8d6cee878b72255acabf7dbefafaed94838532fd01ea6244c4ac929de6846084a07d19de7098e62b613775abe326d402f707c4fbb3968b0aac7f1f27537cbdecee19151b310bcbe2c848ef41eea747e85f87d5a160b2cb6b28d137e30c69770c1651e44a66f8e3394bec03c8256b89fd59bec449c6a2bdb351f53d05e463f75b834624b8c7b557dc38a398d726d0846fc2f062b5b32d10af38ce844c6811aaef73ace1d86813bc37433670f6180f9bd112ae00133077fc7a0bd12d7b4b3a53a3c16a9cb0e8112f18691aa3bd2215afdaa1d00c8ea4f4a302ea9ebc94afaad2549f646a8ae66b953fa9cd649a02c4b152cc6c7b55d99ddc3d0fd1fcd84da355eb02581dba9e4d9dd235d2d4c4e094161440e70926221d76ce70c8762485c8b801550cc208e5d1bfd184e622ff0950a912dd47163c838fd562f09ca1690e76da55a471ec67cb83bbb103975bd4683f0393ec8b843f55ba2c0bdc6c90b50031cfe751792bd5d0cb50c8ee93086794e18c4ed66d6bd09b499f8ff2f63a8920701ab0af5b4b75402b1d65b1eb515dc46e181a1699f21e67349c904f02f8358e28faff2ade65703d14dc2774b02acc731eee0941675502d95e0c32a7304f6e9af85ef220daea0de24cf79e35a59412e62835d3032f88d9ed7befd4f708bfd2d236bd188b6f951bbe13e3add84f111e20324a523426611ec15fb376e7306cbec6867f0b945047a4facf78154e68a66a36972d5a18af1403baa9b4b51fddd072ee1f0087add02485b40323bd708b76406e10a927a913d91c5d771d3aeb3cfafb54b1016785c61ed13060d5f1b550676a656b874fd392ae61c5044218df55cbb72b819990ffdb130fb17a14f7cb5a2a8aafedc6526d83762dbf320f15758030eeecf5652dccf04cdc68827400c768a21daff47212b87357ff0bcb36cae4d113a5d9815b07332cb42329321664d93e43e6dcd6115987007fc623088004f8ac943736eb2a045a25b1bbfbbc97571eabf875d924f6b7b0e524b1afa0ff499473aa7976de83b91928e84f8e445728778fe0e5a356a57f09ed254848cec31b7c5c9c7a2fca21befe15ffc9317e96f7ad582684ce625791b99563781bf64983e77be4f1a5893beec4b560fc15e9c21dd0c29bf2879dfaa257ba5ec97957050d5b2c1f25eb4064488c139dbf88f3b7c70850d6fdbf0603cdd4011bf76e0d9ee5c2b128b50dba5689a8f04d4caf62d777eab31aab4b4195da780901352d284885bf417eb05367ee1b5f2f8c5cfe7f0394fb977f3a3f96084375e22ccf6c3ee4659d68d2b1948a4a1783a4db2282c67d39613fa67be4dd144793b76c09dd563ef3d169f34318acbd62d3b2d64f9173d16e9801132918c3390172c6f64d049b4c894d593419e5f4d5a513fc5a64ddcd05b034e6d16fe88ff89a520c464f842ad5a62a6fc46f0e9d56d05d6f5e625d25f537cca62910981dd463255318d8273db13d27fdc6c17c2c54776ba3a246c413957f297b8ecb1adb5c3f1d4d8e4d7705bdb9268f956d2845b68511edd51cdc5d05de5d6d4b3f573592986fed325f1f3c6a9ef7740f9d843e11981d1ca515c7e722ec4d691c5e4d3a146e39bcf407f66418f754bb2508cb4cc843aa9d8eb63850e5b9103682ecc1fc8f972f394be9d31cb9efd0f693d4ec41fe8d0993b45d2f422f9ab604d3371c1bda1daa3206a027c4de5c8f2cf6d1fc7e6d1423a6c71e84f24e0a4dfbf4a331deff2ae649df9681a08846efc9f0001e7ef106f1bfa25ee2799b13f1f076e30e58078d186afb65301497e982478babf143972cc7072f70829b8faee46e56a1451ff7ddd0dd35816bfa29eee361de60fbc3222e89d70f1495be94d0e82072a0e572e3055c905552e6c45d2af3d4f505a99d947667059c1c92ce2d3549077539c4cec4c07337361eeb9f78813bf9e77b0a79f391ae6eb663deb53317f61ef8ddffdbd0ca2d8095c10c106b0968325bc1e88829d92399b809f1b881e9b9f0aeada5c5ee20fd0866070e3d5d41e62f5b6d2d25441babcdf9d3dc8ae3c140a6f352daf00ed38e248b236acd27f24bdebae0f272a5820ef77fb603fe3cc910a9d842129259e61d25dcf546cd770e4cccab470b20fa5f5972a6dd15853483de6e032f9726c166e81e8e0f9db4df397cc4a10b6e58708a31f48d7d2bae4ef92828c37088068b2ae433110dc7c08e6017d8b26e4e0382ca8fa62dc6f53c4cc2f0f78af72335c494f57f2414afe247e2291c395895bb18f701b6f4331feb759110c543dd94a238e782ad552047677558a50e7683d71a9e222fd19a9343e1d64528640a8099dedd19e4c747dda18ff25b15bddf750a54533b6ecfc75ad4a2909485f7fd759d45c74727b2e7300eae71a8784f5dd7f25b4b000ed3254264131cbbae316fb3a3bfbeb309dd2d18104629db354f447791eb882bf0333a520b8dba745b673d071b07e1de3e02fe751a1cf5908435b1a38edbd60483abdb15452c868844ceb96c449ab72999a55c79f9ce7405797142ef7095b4caf99d7bbe51cd4e963e4ffbbd2648761abd3894b5420a0add261ff9c0eff61aafd1ac5195ff15cadb5b0c7ce34d4d2d68146f3dae677e833b8be0f8a876153bb65398def38e4bf539d3a00047b19c483062fc1c2547b7d4f7d99b7035212ccfffeeb21ed7bbd6165ac7fbafbca3cef86fff655305706dd0baa607c50543bb0d66f0f4dbdd9c365fdb7b875dc5e7ee59afccc321ad1e31cc84687afda71231bb2e4dc3ce79ff3ce4bbafed8821a5b71bbf3844f110e2dd9557b596ac792d97506d22c0410bce435e20fa2e2d435361b5b6ac85f44763769723a7b629258f45e10578f70bef2e9c05af8032e357697dfcd30de9b3e953a36d6cb7a03ce69288b663f692793904dd8fb4ab6dc31ddf7f6942ef84c1e68c78bf9974f830ee2fccca84113cee98b47ed41a87fe610c5348dc38d4ada19862772317a70754870347ad87dbbb4c52349b0261aa8e108fcf387b24d4e2a77ba76e8472fd74ab6fa021277a24ef7a48d395b0fd1f9c0cf83bac56b433ffbfe5984a362e337969febf259988162c2b4842bd2fc0b230fee93a085003e615088abfe41889f7b5e0f380ffe55b66c1f7419993c3dd4aac5891494a183ddca2e415e1749489c925715f3c44d94b90d2d735f2b923bdbbbf1646580ab135356a9ee29bc19e73ded9a33798a69d248574e0c9e9f40a1c1ba52bc66a578d08b75f271a9e9f447efede09d6b3b57e0aa6322c18fd6f5e1c9d2753e0a6513cc04124ab89802eb9c504f0e5550868ab597629d7cc7447ed1b01b2ff4cf511aa098710b208b5aa0f595039a2f0e7294c5fe3b0c3e6c40000000000000000000000000000000002588beb10115f4b22f4ac997c86c49201ee9dceb2142ae61555bbbc4ef8cdd468a8ffbe6cbfc8877dd87292c70e10669bc99d8d5710f7719cc2cffc86cd529b6da2511d07aef4a1d9533ab58a76f80ad7fe91a17397d3c83481", @ANYRES8, @ANYRES64], 0x8, 0x2eb, &(0x7f00000004c0)="$eJzs3E1PE10UwPHTF0pbAmXx5DGaGG50o5sJVNdKYyAxNpEgNb4kJgNMtenYkpkGU2NEV26NH8IFYcmORPkCbNzpxo07NiYuZGEc0+kMhTKAlNIi/H8JmcPce6b3zgzk3AnD+r23T4t5W8vrFQnHlYRERDZEBiUsvpC3DbtxTLZ6JZf7fnw+f+f+g1uZbHZsUqnxzNSVtFJqYOjDsxcJr9tKr6wNPlr/nv629v/a2fXfU08KtirYqlSuKF1Nl79W9GnTULMFu6gpNWEaum2oQsk2rHp7ud6eN8tzc1Wll2b7k3OWYdtKL1VV0aiqSllVrKqKPNYLJaVpmupPCvaTW5yc1DMtJs+0eTA4IpaV0SMiktjRklvsyoAAAEBXNdf/YVHtrP+XLqxW+u4uD3j1/0osqP6/+qV+rG31f1xEAut///MD63/9YPX/zorodDlU/Y/jYSi2Y1eoEdYarYye9H5+Xa8fLg27AfU/AAAAAAAAAAAAAAAAAAAAAAD/gg3HSTmOk/K3/leviMRFxP8+IDUiIte7MGS00SGuP06Axot70QER8818bj5X33odVkXEFEOGJSW/3PvBU4v9N49UzaB8NBe8/IX5XMRtyeSl4OaPSKpHmvMdZ/xmdmxE1W3P75Hk1vy0pOS/4Px0YH5MLl3ckq9JSj7NSFlMmXXH0ch/OaLUjdvZpvyE2w8AAAAAgJNAU5sC1++atlt7PX9zfd38fCDSWF8PB67Po3Iu2t25AwAAAABwWtjV50XdNA1rjyAh+/dpPYge0ZH9Gf5tlv+3DEc30z0C/8O3NcW9nW0/LaEDnJZdgrC0kjVUm4067Cz8x0a79ZGJ0c5fQTc48+79z/Yd8NpyfJ+Zth5E9r4Bejr2CwgAAABAxzSKfn/PaHcHBAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAKdSJ/47W7TkCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx8WfAAAA//+SWQVN")
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x18)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz1\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0x8, 0x8, 0x80, 0x2, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0xff, 0x0, 0x5, 0x4, 0x0, 0x7, 0x3c5b, 0x1, 0x24, 0xd, 0x1, 0x4, 0xffffffff, 0xe661, 0x0, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x242, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x0, 0x5, 0x4, 0x8, 0x3ff, 0x80, 0x0, 0x5, 0x3, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0xe, 0x4, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x9, 0x8, 0x9, 0x6, 0x47, 0x8000, 0x1, 0xfe000000, 0x8, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x3038, 0x3e7, 0xb, 0x5, 0x4, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0xffff, 0xa620, 0x1, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x4, 0xc8, 0x7ff, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x8, 0x6, 0x226, 0x5, 0x5, 0x8, 0x30b1d693, 0xa23, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c)
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0)

1m52.456890953s ago: executing program 9 (id=663):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f00000006c0)=@raw={'raw\x00', 0x4001, 0x3, 0x3e8, 0x0, 0x0, 0x148, 0x0, 0x148, 0x350, 0x240, 0x240, 0x350, 0x240, 0x7fffffe, 0x0, {[{{@ip={@private=0xa010102, @local, 0x0, 0x0, 'ip6gretap0\x00', 'nicvf0\x00', {}, {}, 0x88, 0x3, 0x10}, 0x0, 0xf8, 0x158, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'wg1\x00', {0x0, 0x0, 0x1ff, 0x100000, 0x0, 0xed, 0x10000007}}}, @common=@unspec=@connmark={{0x30}, {0xfffffff9, 0x8}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, 0x85d, 0xf, [0x10, 0x32, 0x1e, 0x32, 0x2b, 0x25, 0x3f, 0x17, 0x19, 0x22, 0x2c, 0x3d, 0x7, 0x3f, 0x1e, 0x31], 0x0, 0x2, 0x2}}}, {{@ip={@rand_addr=0x64010101, @local, 0xff, 0x0, 'tunl0\x00', 'lo\x00', {0xff}, {}, 0x2e, 0x3, 0x4}, 0x0, 0x190, 0x1f8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x8, 0x9, 0x1, 0x1, 'syz1\x00', 0x2}}, @inet=@rpfilter={{0x28}, {0x8}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0xfff, 0x7e, 0x1c, 'netbios-ns\x00', 'syz0\x00', {0x3}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x448)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendto$inet(r1, &(0x7f0000000b40)="187db8672b07ed55bab31b81a02883913ff0e6aea68e0abc52ee10902c1b41a73b28161203", 0x25, 0x40040c0, &(0x7f0000000340)={0x2, 0x4e21, @loopback}, 0x10)

1m36.614769626s ago: executing program 37 (id=663):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f00000006c0)=@raw={'raw\x00', 0x4001, 0x3, 0x3e8, 0x0, 0x0, 0x148, 0x0, 0x148, 0x350, 0x240, 0x240, 0x350, 0x240, 0x7fffffe, 0x0, {[{{@ip={@private=0xa010102, @local, 0x0, 0x0, 'ip6gretap0\x00', 'nicvf0\x00', {}, {}, 0x88, 0x3, 0x10}, 0x0, 0xf8, 0x158, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'wg1\x00', {0x0, 0x0, 0x1ff, 0x100000, 0x0, 0xed, 0x10000007}}}, @common=@unspec=@connmark={{0x30}, {0xfffffff9, 0x8}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, 0x85d, 0xf, [0x10, 0x32, 0x1e, 0x32, 0x2b, 0x25, 0x3f, 0x17, 0x19, 0x22, 0x2c, 0x3d, 0x7, 0x3f, 0x1e, 0x31], 0x0, 0x2, 0x2}}}, {{@ip={@rand_addr=0x64010101, @local, 0xff, 0x0, 'tunl0\x00', 'lo\x00', {0xff}, {}, 0x2e, 0x3, 0x4}, 0x0, 0x190, 0x1f8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x8, 0x9, 0x1, 0x1, 'syz1\x00', 0x2}}, @inet=@rpfilter={{0x28}, {0x8}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0xfff, 0x7e, 0x1c, 'netbios-ns\x00', 'syz0\x00', {0x3}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x448)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendto$inet(r1, &(0x7f0000000b40)="187db8672b07ed55bab31b81a02883913ff0e6aea68e0abc52ee10902c1b41a73b28161203", 0x25, 0x40040c0, &(0x7f0000000340)={0x2, 0x4e21, @loopback}, 0x10)

54.480785922s ago: executing program 5 (id=853):
r0 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f00000001c0)=@urb_type_interrupt={0x1, {0x1, 0x1}, 0xfffffbff, 0x20, 0x0, 0x0, 0x8, 0x1, 0x0, 0x5, 0x3, 0x0})

53.207640881s ago: executing program 5 (id=860):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000440)='kmem_cache_free\x00', r0}, 0x10)
clock_getres(0x6, 0x0)

52.205576046s ago: executing program 5 (id=864):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$erofs(&(0x7f0000000400), &(0x7f0000000140)='./file1\x00', 0x3000801, &(0x7f0000000840)=ANY=[], 0x1, 0x1f3, &(0x7f0000000500)="$eJzsmb/L00AYx7+XtHl/IIqLg4uDL6jgmyapyrt0qOAoiFXUwaHYWKppK22EtiC0uLj4BwiuLo4ODk4O/gWuOqggONjRTTi5yyW9pmlppWjhfT7Qu28ud8/z3FPyHCQgCOLQ8u3rry/PLx/cOA/gCPawpcZ/mFHPj03P//zi8Q5KV16++fTqQ+vok3dpe0ys4cv7twC8L5sIwXLK49TqHU3vqf4mDJxT+hYY7Ej+5pzzvJRD+GC4o+Y80HQ7Nhj49r12ULvfCHxHNK5oPNEUdf8iqPGIoQZgW0bHOdPud/uDh9Ug8Dtpkeexn5lbq4pF+ZPxlQ2UEGePcwPA7WdPR+Ja5QYOjCR/Lgy4ShfBUFH6AFuwbXuSEm3/J3MT++Yy+/+/4rUUx/f/lVORYMEm7F0Iho0IY90ivxY7LD0iHuhk5MQ4roH6nO8r+rrLsDF/gSxcyIjn424QXP1LyyJjVkaiEjGpT4IzWn3KJaNAIWw+KnT7g/1Gs1r3637L84qXnAuOc9EryEIUtQvq37asT7vJSHwGzGIxCz3xoLo9IOy48roahh0varWKW3nb/inXGNfr0eLTUcfUmZUclCmY+hmyF+qsmT1zOHdPBEEQBEEQBEEQBEEQBEEQ2ZwCk29Z1YcqPgfvmnxD+ScAAP//+tFdLw==")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)

52.048800898s ago: executing program 8 (id=866):
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000))
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32], 0x48)
pipe2$9p(0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b70300000000000085000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$inet6(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
quotactl$Q_GETNEXTQUOTA(0xffffffff80000902, 0x0, 0x0, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f00000009c0)={0x2, 0x6, 0x3, 0x6, 0x2, 0x0, 0x70bd2d, 0x25dfdbfb}, 0x10}}, 0x90)

50.364695022s ago: executing program 5 (id=868):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="09000000030000000800000004"], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x3)
setsockopt$sock_int(r0, 0x1, 0x20, &(0x7f0000000000)=0x7f, 0x4)
syz_emit_ethernet(0x36, &(0x7f0000000380)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)

50.244908114s ago: executing program 8 (id=870):
r0 = syz_io_uring_setup(0x4333, &(0x7f0000000000), &(0x7f0000ff5000), &(0x7f0000ff4000))
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1, 0x6, 0x8, 0x8, 0x40, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x18)
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000002300)=[{0x0}], 0x1)
io_uring_register$IORING_UNREGISTER_BUFFERS(r0, 0x1, 0x0, 0x0)

49.964452268s ago: executing program 5 (id=871):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b0000009d000000010001000900000001"], 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000001400)={{r0}, &(0x7f0000001380), &(0x7f00000013c0)='%pB    \x00'}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000a40000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="380000006c0015000000d9fece23b82000000000", @ANYRES32=r2, @ANYBLOB="000080000000000018003480050035"], 0x38}, 0x1, 0x300}, 0x0)

49.112404041s ago: executing program 5 (id=874):
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0xffffffffffffffa8, &(0x7f0000000000)=0x1002)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
unshare(0x28000600)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$sock_int(r3, 0x1, 0x3, &(0x7f0000000200)=0xfffffff9, 0x4)

49.111875191s ago: executing program 8 (id=875):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket(0x200000100000011, 0x803, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x48)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r1}, 0x0, &(0x7f00000002c0)=r2}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, 0x0, 0x0, 0x20048000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xf0667000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="020000000400000008000000010000008000", @ANYRES32=0x0, @ANYBLOB], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r6}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r7}, 0x10)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
madvise(&(0x7f0000e3a000/0x2000)=nil, 0x2000, 0x17)
madvise(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a)
r8 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="4c0000001200010003950000000100000a0900004001000000000000000000000000ffff0000000000000000000000000000ffff"], 0x4c}}, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

47.935572478s ago: executing program 8 (id=877):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000009b6ca206d0414c34000ffff000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000080b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000680)={0x24, &(0x7f0000000500)=ANY=[@ANYBLOB='\x00\f\r'], 0x0, 0x0, 0x0}, 0x0)

47.324838357s ago: executing program 8 (id=881):
syz_mount_image$ext4(&(0x7f0000000540)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x4098, &(0x7f00000005c0)={[{@nogrpid}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x66}}, {@nobarrier}, {@nodiscard}, {@quota}]}, 0x3, 0x438, &(0x7f0000000d80)="$eJzs289rHFUcAPDv7GZT01+Jpf5oWjVaxeCPpElr7cGLouBBQdBDPcYkLbHbRpoItgSNIvUoBe/iUfAv8KQXUU8Fr3oXoUgurZ5WZncm2d1sfnaTrd3PByb5vpm3vPfNzNt9My8bQNcaSn8kEfsj4veI6K8VGysM1X7dXlqY/GdpYTKJSuXtv5NqvVtLC5N51fx1+/JCT0Th8ySOtmh37srVCxPl8vTlrDw6f/GD0bkrV5+fuThxfvr89KXxM2dOnRx78fT4C23JM83r1uDHs8eOvP7u9Tcnz15/75fvkjz/pjzaZGi9g09VKm1urrMO1MVJTwc7wpYUa8M0StXx3x/FWDl5/fHaZx3tHLCjKpVK5cG1Dy9WgHtYEp3uAdAZ+Qd9ev+bb7s09bgr3Hy5dgOU5n0722pHeqKQ1Sk13d+201BEnF389+t0i515DgEA0OCHdP7zXKv5XyHqnwsdzNZQBiLi/og4FBGnI+JwRDwQUa37UEQ8vMX2mxdJVs9/Dm4rr81K538vZWtbjfO/fPYXA8WsdKCafyk5N1OePpH1bDhKe9Ly2Dpt/Pjqb1+2PJA1kc//0i1tP58LZpX+6tnT+LKpifmJO8m53s1PIwZ7WuWfLK8EJBFxJCIGt9nGzDPfHlvr2NCG+a+jDetMlW8inq6d/8Voyj+XrL8+OXpflKdPjOZXxWq/3rj21lrt31H+bZCe/70tr//l/AeS+vXaua23ce2PL9a8p9k4/9bXf2/yTsO+jybm5y+PRfQmb9Q6Xb9/vKne+Er9NP/h463H/6FY+UscjYj0In4kIh6NiMeyvj8eEU9ExPHVqd3ozYKfX3ny/WpQ2k7+OyvNf2pL538l6I3mPa2D4oWfvm9odGAr+afn/1Q1Gs72bOb9bzP92t7VDAAAAP8/hYjYH0lhZDkuFEZGav/Dfzj2Fsqzc/PPnpv98NJU7TsCA1Eq5E+6+uueh45lt/V5ebypfDJ7bvxVsa9aHpmcLU91OnnocvvWGP+pP4ud7h2w43xfC7qX8Q/dy/iH7mX8Q/dqMf77OtEPYPe1+vz/pAP9AHZf0/i37AddxP0/dC/jH7qX8Q9daa4vNv6SvECwKojCXdENwQ4FnX5nAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaI//AgAA//9Lr+a0")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000)
mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil)
mount$bind(0x0, 0x0, 0x0, 0x2040080, 0x0)
madvise(&(0x7f0000f0f000/0x2000)=nil, 0x2000, 0x15)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7a680000)
writev(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f0000000200)="95", 0x1}], 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x18)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r6, 0xc004743e, 0x110e22fff6)
r7 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
ioctl$TUNSETOFFLOAD(r7, 0x4004743d, 0x110e22fff6)
write$cgroup_type(r7, &(0x7f0000000280), 0xfffffeed)

45.824966129s ago: executing program 8 (id=887):
r0 = socket$inet6(0xa, 0x3, 0x8000000003c)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x528, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x458, 0xffffffff, 0xffffffff, 0x458, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x388, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_to_hsr\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x588)
syz_emit_ethernet(0x67, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd608a37f200313a00fe8000000000000000000000000000bbfe8000000000000000000000000000aa", @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0)

38.489029946s ago: executing program 1 (id=905):
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000200)={@dev}, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000740)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
socket$key(0xf, 0x3, 0x2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000300)={'pim6reg1\x00', 0x1})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @link_local})
close(r2)

38.24028895s ago: executing program 1 (id=907):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_VENDOR(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000240)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="a1ab0000000000000e0032"], 0x40}, 0x1, 0x0, 0x0, 0x40}, 0x0)

38.017382943s ago: executing program 1 (id=909):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b0000009d000000010001000900000001"], 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000001400)={{r0}, &(0x7f0000001380), &(0x7f00000013c0)='%pB    \x00'}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000a40000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="380000006c0015000000d9fece23b82000000000", @ANYRES32=r2, @ANYBLOB="000080000000000018003480050035"], 0x38}, 0x1, 0x300}, 0x0)

37.017410948s ago: executing program 1 (id=911):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)

36.780278541s ago: executing program 1 (id=912):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x5, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000000000008500000057"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xffd, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r6}, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_LINK_GET(r7, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={0x0}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r8}, 0x10)
r9 = socket$pppl2tp(0x18, 0x1, 0x1)
r10 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r10, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x3}, 0x1c)
connect$pppl2tp(r9, &(0x7f00000002c0)=@pppol2tpin6={0x18, 0x1, {0x0, r10, 0x8, 0x0, 0x10, 0x0, {0xa, 0x4e20, 0x0, @loopback}}}, 0x32)
writev(r9, &(0x7f0000000180), 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="0000000000000000b7080000000000007b"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

35.229043214s ago: executing program 1 (id=914):
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x92000000000000c4)
r0 = socket$inet6(0xa, 0x3, 0x8000000003c)
r1 = socket$inet6(0xa, 0x3, 0x5)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x528, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x458, 0xffffffff, 0xffffffff, 0x458, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x388, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_to_hsr\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x588)
syz_read_part_table(0x634, &(0x7f0000000000)="$eJzs3DFoXVUYB/D/Td+77yWFpjp2SXUWi51NDUj6qHSqdMtSFTRUHOJUseRFs5ghg4OzSxGytHXR0MFBLeIkTqGDWnEVpKjUIr1y3715fU8QRNOh8PtBuN859/vOd07uzZgbHmkz6SbFKOylk+TES3/L2Mh+Qvp1fpKq2947v7N8+kxVVVVR56ykmyc+P3I9Sact6Y+XqapqfTw4lSsfzt14rxh2d27VTb/cOlRPzzbbOJo8dbjsj5aZWCFVNbWx3kH+Hvhvri7eLIrNsh09+ev9peTaL8vnds9uvX/9hXZ6Pfmqebrv1O/FfvZbuXj8QmcU1k/5zcl1f2subeprU497Np2pPQw31wb167a3P3FssPPpq8/+cfxGqpP5uuzM7N8oynFRmQwP5vzz9du/fWlxdW9weXZ8o/vB419koR3cqaocrVs+ltGfzsIBdAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4GG4unhz/t3NtcF2sro36LWzy+d2z26VSZ5/ZTSeybUTk1WH2uvFXLhdX9ezlvz4SbqTSUX9023Ku0vN3A8L1dOjoLPfvzfbBJcWV/cG9+aS28/cPzZoqpLPTj5otz5eeTfPtdHdqjEabPzTIdsW1XyT9829yfMXnWRtsD3qf/mnotNPspKPi+F4m/VGXu/l5eZ41d2yrf3zwTEAAAAAAAAAAAAAAAAAAADgf1k+feaNO2280k/y89szdVz1mv9yL+aKqfzvesnsqeRKP8VwKcmtF38vvz2y9X376YBhehkmOfzRxvm2pJxaYPyJgCJV+TBPxr/xVwAAAP//mFl59Q==")
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x4ea3, 0x0, @loopback, 0x3}, 0x1c)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f0000000040)={'wg0\x00', <r2=>0x0})
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote, r2}, 0x14)
sendmsg(r0, &(0x7f00000000c0)={0x0, 0x9521, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0xfff2}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)

33.964941803s ago: executing program 38 (id=874):
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0xffffffffffffffa8, &(0x7f0000000000)=0x1002)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
unshare(0x28000600)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$sock_int(r3, 0x1, 0x3, &(0x7f0000000200)=0xfffffff9, 0x4)

29.966064531s ago: executing program 39 (id=887):
r0 = socket$inet6(0xa, 0x3, 0x8000000003c)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x528, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x458, 0xffffffff, 0xffffffff, 0x458, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x388, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_to_hsr\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x588)
syz_emit_ethernet(0x67, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd608a37f200313a00fe8000000000000000000000000000bbfe8000000000000000000000000000aa", @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0)

22.115518976s ago: executing program 6 (id=944):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r0 = getpid()
socket$inet6_tcp(0xa, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f0000070000000000", @ANYBLOB], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x16, &(0x7f0000000780)=ANY=[@ANYBLOB="61128c000000000061134c0000000000bf200000000000002600020007ffffffbd0310000000000095002000000000006916000000000000bf6700000000000004070000b964b01a4607feff00200000540700000ee60000bf150000000000001d5700000000000065070000d23700002c030000000000001f75000000000000bf54000000000000070000000400f9ffad430100000000007c000000000000000500000000000000950000000000000032ed3c5be95e5db67754bb12dc8c4ed68ecf264e0f84f9f17d3c30e3c7bdd2d17f2f175455000078af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd390700000500000000f18c30907d7bee45a0100000fe9de56c9d05000000c6c60bef0d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cac3f1d5af65727546e7c955ccefa1f6ab689ffffff7f63ede202fa4e0a2127b8b83c71a51445dc8dfd13ff15f852a39e5b2ab7bcb8f512036a5ba6d04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916fcecc8158f0200000000c8fb735fd552bdc268694aeb0743e326c819b6cf5c8ac86f8a297dff0445a13d0045fb3cda30a673a6037ed8c85f21ec2c081bdce431e56723888fb126a19bc1172b84b3ebe174aba210d739a018f9bbec63222d20cecac4d03723f1c921b5bbf7949632cacfdd32b3a6aa57f1ad2e99e0e67a993716dbf580469f0f53acbb400001e3738270b315d362ed834f2af97787f696649a462e7e090000000000000045eac1f2014f720e83b7838e3eede14308d582685e1becd6f35154bcb4000000000000000000000000000000bc3af2b170ad3e2b26539cebca8f4ddc211bc3ccf0bd9d42ca019dd5d022cf74686e9fbe2562979eaed840a7afaab43176e65ec1118d46d1e827f3472f4445d353887a5ad103649afa1769080584f800031e03a651bb04000000ab04871bc47287cd31cc43ea0ffb567b4040c1458d0320ce7d0000413a0000000000000000005f37983f84e98a523d80bd56a57fa82b82f639601ae899a559944cb9a62a29ab028acfc138cea0f6a5480a55d624a0c544ba0dc828c22fe30000aa391598000000437d57fcf8295f63a70837f5cd4e5e77964522dc7ca3aa3476b7f2d851d27fd4de6eabb43e0799dc8d9fb7dc6c523ffbd74a6a40e4acb1ac872ade9d1f2ab779b8dbe843aeeda0426c767c00327b8c95b2bb6ddb55117669d9598c0f3598073f3a921c76beceff7e4fbf909a2cabf5b8ea5011db9020823b83abe54346c7af0a99fa077ffe7000feb9e44023a1749eb1d0d572b77d6e0d0fcd74031c8ef2629f5ecff4626746d6abe98a255e92c3c4f79bfcd0d91741380000cfeb73dec68ed56b5d3dfdf0cb8b71ad79000000000000000000000000000000dd434a25e95d0ec29d3adaccf89d0888031ecdfdb4dfbe444673be099ece7e4009c76c7108ef0a7e59fd6d906fbc3c9b412e0478cfee4485f423c63f49db43833c92eeeb647cebd4d7a93a17bcbb6bae5ff876375d4fe39cc2d292691672cc18ca372104ceb83a35ecedd97fc191d8f64d2b1d60c6d12911aada66c26aa4802c3514c3d92ec905000000b13f4a2575fbe943a6c40000000000000000000000000000028026b80c3899543223a6079ee96198b9a326db3be3a48af415ca28ca68c502550044ed8e29af8d763ef9b1f31befcad2ce5394601c7cdc233ba3d4ce26ed703dcb9fb3ad650f77e339768924dfdbeead13b88371154d743544a6091ec93e0d3fd5b4dc42911c1ba322fd4d6fbf19e617d51f964727bfd5cc5ba15370f6e1141d2271eded0b15e4316a1e4623272beb249a0928c417720be14c898f397411c88a7bcf3df46ab3efe7cd5e160c2afd3cc945f75011a102d952c7ad17a58d9be691c334ea35bae71e76e160cc2260bd028162917807ce89e11b5f261052ee0dde18efa1d802af2b7bcf6f8af41933cea0d0343261bccf64ca1c81045153eafbefdb91fbdff9ee3307d4a1837963b2dc2a3698d90e7915b098f19392e792adaea86052f4e948184001b6494e906925a092483adc7e9c8f7a29d226763c100aecae7f00619c36bceb9fb6dd7e55487d8485e498fdfc377fd3d266d21d46ab2f6b2ce22cd0aebba9b0ffbfe8ec3143c3734967c90b16ebbeeae1ce2baaae05aed6bf0f40c8a323f9235dc99698bd0b800067a901a79daada03cc77e74feb98b1586946b452764ff917a8ecc10e529c5bea49cad70e22df522c2803b6ef65df70223c6e22c3433e322d8dbd6e9b040065a9d6b3d5ae276cffe935d559bea88e1aa36b4e6c19e78457904297e77370e013b705a96548d47c609a93c45f4d1382b39c05dcc07d5b49ad75ddb3ce5b5b9416e03995da04647aa5e6fc1a6f5d663380967ccef9de49a90ced031335e3219ebd9d06c257a50497ec523f5ff7361261ccfe239d603364a42e2e81fc068fcbb9792b673827fe7018a988fbce55bb74cdb327ced4b77b8743fb3cb72cc280b9f62e4f92f46a19600b802cba88b7d0a938d9e0e6cfe5d66b874cd004179e5b6025c0e1050faec7ecd9de190a975db2f8c06a551236278c4766d7e22e3b85168c9851de6266c791252f919b4f8b257b5a786734e5142e4666c67aef5b7b2f88c6640995434aa8636993089c73f196c54ae829ad4307132655b075ae534fa7f1ea9a17e62357b0bd2bd1d62d34bfc1364640250136729ba4f763ff25c33e8acc806611792add8254e705fefd2a44d5b15e3b36f6b75c97c9c04c511d8cf9e24c61c8284a913a381cb1a5628878040000000000000017b68afd95d4abf7920de9ebe1c89661f4adc3d83d72b1b778e30c2bf2efbbcd054cf51f5705ebf9a98a0d9f18135cb1d8d567c3436fa697b72c5035d98b9e4f7f3379c0b3339debc78352b2e65299223d7ef2bd540e78167b3ac92a4c4f826f6d0e5c4ebf4f7a70c03e2f5ddbebf168586360c3663531eb5995d228f011a10ffc8b17d716b0c528dab6d0c4fe2ee402348104bc5d4012babedee898c6d3e1017be2e9bc759d3ab4d615f5000000000000000000000000000000000000000000007fff0000000000e693e314adf7dc9f517d04f1e6ca367d30d31d3647c6059db6e1e9529eb1623ef99e2d9ac2ab4872f8e784b07a31110bef6d000000a6f9e89e6d50ee06ce716f94da60f1f22d9669560d296287c13c92070000ee7553eb2df17839542fa88d09f000e88a90cf4406b9000000000000000000000000f441d6a6f516c235c6f5863e7f454ee0e16b9aa2593eb31fa3836703e7765aaeb77a8770e518efaa6d3dd85e03b3b133eb749057cea9af75a0e6f633532f2891b8e263cb6eecea691842827bc7c8c0130187081c8d320642389f5f0c42dba0ff75a257310f2d92cb1d1e16468949f5675262ee6609cf26ae4a8f5eac0ebf318e735930b01d8f586e34537bcff7d6196f494cdcf3a712078d745db0f5687a78ee6d000b3d171a0f08299b52d207f32e9da311ca090000003a42732808515eec574f892622c5be497fc3d9ca122d7c18b9e54637812c8debc61f0e42d838e44a819b74bce1a56108bb0f72c4a02475920532309c55b2c9ae9f281391ec5cc72a5e94cca1cbf1ff01000000000000bdb537a0c52bd45a9f966c25616cec30c3ea3246cb8e6aac7cf273638e6656a3e4ccadc348f0172028c99cc5f6d5c6d09ed65aa54549e73c28b7c8ad06ad3c5e3c27eec0eff1a6c84f1189919eefcee8072d1f88cb781e4cdb04af00ac92f1080211c4bee74381a0e31021918f27863fdbafb50f70857d52a1f7df51935a80b1980a4778d35f183ea517f55a98c5a471f3521956f8da6a4ccf2071095305701ab3f3ae43f06e91bc7d85e3800b46926944fba9805a985e63e53a62232fcd3f01dbe1728f300e247a7ebe344f9749818ff3961b2a42664ccd680a90bbb6ab400e286acc8f9febef64594777f848ed1cf980a3da2f0f7745760a05887d0c28060d613dd6539d392fc21fee0b5131609664b821d7a994e6c5965a4fa1ec1790c54e54586907dcc5e8bac16e79da9c2444420900000000000000f888a94365b99b72796fca1b922fc9aefaf1546c17cbb1d2d2fd12cb1a49cad501a3ca218c595b667b634606c57987ebfb0783a4948e4561d5cda158fe74453ff4a837beeedba483842c57d6005b544b4f80003386edfd3d4a88a667bd41eefe0d808abed08a29e6bc370a80cc0366fb4080bfbaaa946fd47ab662c794846e403950bbc3a48bb276cbb08a8eab145c06221ef16a238e3d50ad18aea9a2cec97d3c2d0569caabe2bffe02506bc9cb7294c5d020536dd5e7a6351642112df3b55d0215aaec7e45598995e79699e47567e353e68b03f82be860b188554b734e1192f9c1a867b815ef52cdc3307c0cc9be05a4fdde69c350e59f11f1d26a4d04d8c8b2c4a4d23ee931d14bc7807db773a614b670acf46f83f7c65a0f8d43c5f64705f0d27c46d4b686e867e9b0be76a7978a8f962bb5a070df97f2bf7612115cfe5ebdc7ad0bc5a5f3ace25347d0e5c347279d55aa67a967380000000000000000000000000000000000000000000000ed0942d980c754c6c69ef65c375ad018824f78b260d5f51bc3feba504408a8c8141d84f3f417603b5081680f346ff0ffbe4ae19e936511966965ce268b6345a0001c0f26a32e0a999fc869292e939dcf89b9bfd794f9c12d41959a00688cca43015a9eec58f647796adea520cd2abeb0b55c22949d10e5a05fee4543fdc1e02554a55b5fef2427a6e5708edc38fac53c2f961945a3f83cdf01979939b49bc6b1aef8c733401bbe473de8d64efbe056e2d686e796aaf09e74f2175c174ada1678c7db79492e8dd0f34e2ccf419cf7f14ffa408b50a52685b36aed14aa22ad928191d5a2697646edc52a1c0c5d720ae690add2b34aed161f51cc1cb424f76098e1e1921e5a405f9d298a8461f2da30e47b7c6ed7c95c84c745f58723e4cddffae3b53b5b947f9435e589f9ae55b30ecd3827b2de5df31976870823da8058c2538c04e397f3d0ef90c11c74da984fa558697ecb57224ce8fa6f79aadbd7dbf3678e74d790bc2ee72769a3ada1dd504f8e4133ce1effd446bc9a2f139e65cc4bd83912af3122352506c7c2191b3705116b2f4fc20d4e93882bdd6ccea97f3a08d3565b00"/3699], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe50, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)

20.950425483s ago: executing program 6 (id=948):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0xffff, 0x0, 0x1c42}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @xfrm={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_XFRM_LINK={0x8, 0x1, 0x4}]}}}]}, 0x3c}}, 0x4048010)

20.675374427s ago: executing program 6 (id=951):
syz_mount_image$vfat(&(0x7f00000005c0), &(0x7f00000002c0)='./bus\x00', 0x1800840, &(0x7f0000000140)={[{@numtail}, {@shortname_winnt}, {@uni_xlate}, {@iocharset={'iocharset', 0x3d, 'cp860'}}, {@shortname_win95}, {@numtail}, {@iocharset={'iocharset', 0x3d, 'cp950'}}, {@uni_xlateno}, {@iocharset={'iocharset', 0x3d, 'iso8859-14'}}, {@fat=@codepage={'codepage', 0x3d, '936'}}, {@iocharset={'iocharset', 0x3d, 'maccenteuro'}}, {@fat=@errors_continue}, {@shortname_lower}]}, 0x1, 0x362, &(0x7f0000000900)="$eJzs3U9oXFUXAPAzfUkmKfRLFh8UBeHpTtDQP7jQVUpJoTgblaHqQhxsqpKJhQwOpotO40ZcCi515UZc6MJF1yIo4s6FWytIVVxodwWLV2bmTeZNZpKmwrQWf7/FcHLuPe/eO3nJvLxkbl5eifXzs3Hhxo3rMT9fiZmV0ytxsxJLkcXAlRg3NyEHANwfbqYUf6S+A5ZUpjwlAGDKeq//rx4pZd7+ar/+yas/ANz3ip//F/brM79Xw8WpTAkAmLKx+/+PjDTPjf6qf6b0VwEAwP3quRdefPpULeLZPJ+P2HinXW/X46lh+6kL8Xo0Yy2OxWLciuhfKHQfKr3HM2drq8fyPO/Ez0tR71a06xEbnXa9f6VwKuvVV+N4LMZSUV9cbaSUsjOf11aP5z0RcaXTGz82Ku36bBwuxv/hcKzFicjj/2P1EWdrqyfy4gD1jUF9J2J7eN+iO//lWIzvXomL0YzzC+cipcFlTW318vE8P51qI/XtejXO7zwLe94BAQAAAAAAAAAAAAAAAAAAAACAf2Q537G0s/9NGu7fs7w8ob23P06/vtgfaLu/P1Cqpkjp97cer7+bxcj+QLv352nXZ+LQvV06AAAAAAAAAAAAAAAAAAAA/Gu0tuai0Wyubba2Lq2Xg85ma+tQRHQzb3zz6ZcLMd7nNsFMMUapKS9Sl9YbKRt0TtlInyLIuoMPMp9c3ZlxuU91ZxUTp1Hdu6nZPPLwTx8MMw9lgyP/NeyTxeQFZrumUQ42/tef0p08UZdOFsGJ23S+llLa6ziXXxqvikrEzJ1/4vYPUjf4+vprD5xsHX2il/ki9T362OK5a+9/9Ot6o9kduav58dxm61ZabxQfTz7Z9g6y0vlTiX5QKZ8JM/uVb49mGtn3vz3/4HvfHmz0VM68OaFP1l/OZ5utrUrxldJrmusH3dyuqoXm2Sxi13FmJ5z8UwiOfrjSuHr5x18OWlX6JmGjDgAAAAAAAAAAAAAAAAAAuCtK7xUvFG/2nd2v6slnpj8zAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALh7hv//vxRsj2UOEvzZifGm6tpmK2LuXi8TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/uL8DAAD//2Kpa7U=")
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x4c, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x9)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)

20.058287126s ago: executing program 6 (id=952):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x11, &(0x7f0000000000)=0x808b, 0x4)

20.036979906s ago: executing program 40 (id=914):
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x92000000000000c4)
r0 = socket$inet6(0xa, 0x3, 0x8000000003c)
r1 = socket$inet6(0xa, 0x3, 0x5)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x528, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x458, 0xffffffff, 0xffffffff, 0x458, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x388, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_to_hsr\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x588)
syz_read_part_table(0x634, &(0x7f0000000000)="$eJzs3DFoXVUYB/D/Td+77yWFpjp2SXUWi51NDUj6qHSqdMtSFTRUHOJUseRFs5ghg4OzSxGytHXR0MFBLeIkTqGDWnEVpKjUIr1y3715fU8QRNOh8PtBuN859/vOd07uzZgbHmkz6SbFKOylk+TES3/L2Mh+Qvp1fpKq2947v7N8+kxVVVVR56ykmyc+P3I9Sact6Y+XqapqfTw4lSsfzt14rxh2d27VTb/cOlRPzzbbOJo8dbjsj5aZWCFVNbWx3kH+Hvhvri7eLIrNsh09+ev9peTaL8vnds9uvX/9hXZ6Pfmqebrv1O/FfvZbuXj8QmcU1k/5zcl1f2subeprU497Np2pPQw31wb167a3P3FssPPpq8/+cfxGqpP5uuzM7N8oynFRmQwP5vzz9du/fWlxdW9weXZ8o/vB419koR3cqaocrVs+ltGfzsIBdAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4GG4unhz/t3NtcF2sro36LWzy+d2z26VSZ5/ZTSeybUTk1WH2uvFXLhdX9ezlvz4SbqTSUX9023Ku0vN3A8L1dOjoLPfvzfbBJcWV/cG9+aS28/cPzZoqpLPTj5otz5eeTfPtdHdqjEabPzTIdsW1XyT9829yfMXnWRtsD3qf/mnotNPspKPi+F4m/VGXu/l5eZ41d2yrf3zwTEAAAAAAAAAAAAAAAAAAADgf1k+feaNO2280k/y89szdVz1mv9yL+aKqfzvesnsqeRKP8VwKcmtF38vvz2y9X376YBhehkmOfzRxvm2pJxaYPyJgCJV+TBPxr/xVwAAAP//mFl59Q==")
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x4ea3, 0x0, @loopback, 0x3}, 0x1c)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f0000000040)={'wg0\x00', <r2=>0x0})
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote, r2}, 0x14)
sendmsg(r0, &(0x7f00000000c0)={0x0, 0x9521, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0xfff2}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)

19.06805915s ago: executing program 6 (id=955):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000180)=@ipv4_newroute={0x24, 0x1a, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, [@RTA_DPORT={0x6}]}, 0x24}}, 0x0)

18.964167892s ago: executing program 6 (id=956):
syz_mount_image$ext4(&(0x7f0000000040)='ext2\x00', &(0x7f0000000080)='./file0\x00', 0x180c081, &(0x7f0000000000), 0x2c, 0x516, &(0x7f0000000740)="$eJzs3c9vG1kdAPCvnV9umm6ysIcFAVuWhYKq2om7G632wnJBQqvVIi2cEGqjxI2i2HEUO6UJkUjPXJGoxAn+BA5IHJB64s4NblzKAalABWqQEPJq7HGbOHFiNXHcxp+PNPJ7MxN/v8/SvBc/2/MCGFpXI2I3IsYj4nZETKf7M+kWH7a25LynT3YW957sLGai0fj0n6PpmTuL7fPbLqfPmYv4JKlPHBG3trW9ulAulzbSeqFeWS/UtrZvrFQWlkvLpbVicX5ufvb9m+8Vz6ytb1V++/i7Kx/98A+///KjP+1+66dJzt9OjyVtO7NA+7Rel7GY2rcveeU+6kewARhJ2zM+6ER4IdmI+FxEvJ2Wn8kNLicAoL8ajeloTO+vd5fp4RwA4OWXvOefikw2n77/n4psNp9vzuHl3ojJbLlaq1+/U91cW4rmHNZMjGXvrJRLs+lc4UyMZZL6XLP8vF7sqN+MiNcj4hcTl5r1/GK1vDSof3oAYMhd7hj//zPRGv974BMCAHiVGckBYPgcHv/HBpIHAHB+vP8HgOGzb/w/6re6AMAFlOv47T8AcPGdOP//Zvzsx+eTCgBwTnz+DwBD5fsff5xsjb30/tdLd7c2V6t3byyVaqv5yuZifrG6sZ5frlaXm/fsqZz0fOVqdX3u3di8V6iXavVCbWv7VqW6uVa/1byv962SHxYAwOC9/tbDv2QiYveDS80t2ms5+EIAXHgucxheI4NOABiY0UEnAAyM+Xggc8Lxrl8RetD9by6dIh+g/659ocv8//H/G/y/cT7pAX1k/h+G1+nm/80ewKvM/D8Mr0YjYz1/ABgyPbyD9xVBuOBe+PN/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGGJTzS2TzadrgU9FNpvPR1yJiJkYy9xZKZdmI+K1iPjzxNhEUp8bdNIAwCll/55J1/+6Nv3OVOfR8cx/J5qPEfGTX336y3sL9frGXLL/X8/21x+k+4tHBpjofxsAgH1GO3e0x+n2ON5e3/fpk53F9naeCT7+Tmtx0STuXrq1U28ln4uxiJj8d+ZAYzJntDDx7v2IeLOz/dlnx2fSlU874yexr/QtfjRbOHUgfvZA/GzzWOsxeS0+fwa5wLB5mPQ/Hx51/WXjavMxvf4yBzvTXPz8cOf6Atr9316js/9rXe+fXMk1+5qj+r+rvcZ494/f63rs/kjji6MRe4f63/aK0Llm6aj47/QY/69f+srb3Y41fh1xLY6L3yoV6pX1Qm1r+8ZKZWG5tFxaKxbn5+Zn37/5XrHQnKMutGeqD/vHB9df697+iMku8XMntP/rPbb/N/+7/aOvHhP/m187Kn423jgmfjImfqPH+AuTv+u6fHcSf6lL+0cPxB8/8HfJvus9xn/0t+2lHk8FAM5BbWt7daFcLm0onLaQ69czX35JGqhwTGEkyu35qJcin1MXBtwxAX33/KIfdCYAAAAAAAAAAAAAAEA3tR+kt/zr44/hBt1GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALq7PAgAA//+iDcmp")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000640)='kfree\x00', r1}, 0x18)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000500)={'syzkaller0\x00', 0x7101})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa802, 0x0)
close(r3)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0xb, 0xd}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004)
recvmmsg(r6, &(0x7f0000005140)=[{{0x0, 0x0, &(0x7f0000001a80)=[{&(0x7f0000000640)=""/216, 0xd8}, {&(0x7f0000003080)=""/4096, 0x1000}], 0x2}, 0x3}], 0x1, 0x0, 0x0)
getdents64(r0, 0x0, 0x0)

16.842503143s ago: executing program 0 (id=959):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="1201000000000040de28421100000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
syz_usb_control_io(r0, &(0x7f00000001c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000005000000aafabb05"], 0x0, 0x0, 0x0, 0x0}, 0x0)

16.268909582s ago: executing program 0 (id=960):
syz_mount_image$vfat(&(0x7f00000005c0), &(0x7f00000002c0)='./bus\x00', 0x1800840, &(0x7f0000000140)={[{@numtail}, {@shortname_winnt}, {@uni_xlate}, {@iocharset={'iocharset', 0x3d, 'cp860'}}, {@shortname_win95}, {@numtail}, {@iocharset={'iocharset', 0x3d, 'cp950'}}, {@uni_xlateno}, {@iocharset={'iocharset', 0x3d, 'iso8859-14'}}, {@fat=@codepage={'codepage', 0x3d, '936'}}, {@iocharset={'iocharset', 0x3d, 'maccenteuro'}}, {@fat=@errors_continue}, {@shortname_lower}]}, 0x1, 0x362, &(0x7f0000000900)="$eJzs3U9oXFUXAPAzfUkmKfRLFh8UBeHpTtDQP7jQVUpJoTgblaHqQhxsqpKJhQwOpotO40ZcCi515UZc6MJF1yIo4s6FWytIVVxodwWLV2bmTeZNZpKmwrQWf7/FcHLuPe/eO3nJvLxkbl5eifXzs3Hhxo3rMT9fiZmV0ytxsxJLkcXAlRg3NyEHANwfbqYUf6S+A5ZUpjwlAGDKeq//rx4pZd7+ar/+yas/ANz3ip//F/brM79Xw8WpTAkAmLKx+/+PjDTPjf6qf6b0VwEAwP3quRdefPpULeLZPJ+P2HinXW/X46lh+6kL8Xo0Yy2OxWLciuhfKHQfKr3HM2drq8fyPO/Ez0tR71a06xEbnXa9f6VwKuvVV+N4LMZSUV9cbaSUsjOf11aP5z0RcaXTGz82Ku36bBwuxv/hcKzFicjj/2P1EWdrqyfy4gD1jUF9J2J7eN+iO//lWIzvXomL0YzzC+cipcFlTW318vE8P51qI/XtejXO7zwLe94BAQAAAAAAAAAAAAAAAAAAAACAf2Q537G0s/9NGu7fs7w8ob23P06/vtgfaLu/P1Cqpkjp97cer7+bxcj+QLv352nXZ+LQvV06AAAAAAAAAAAAAAAAAAAA/Gu0tuai0Wyubba2Lq2Xg85ma+tQRHQzb3zz6ZcLMd7nNsFMMUapKS9Sl9YbKRt0TtlInyLIuoMPMp9c3ZlxuU91ZxUTp1Hdu6nZPPLwTx8MMw9lgyP/NeyTxeQFZrumUQ42/tef0p08UZdOFsGJ23S+llLa6ziXXxqvikrEzJ1/4vYPUjf4+vprD5xsHX2il/ki9T362OK5a+9/9Ot6o9kduav58dxm61ZabxQfTz7Z9g6y0vlTiX5QKZ8JM/uVb49mGtn3vz3/4HvfHmz0VM68OaFP1l/OZ5utrUrxldJrmusH3dyuqoXm2Sxi13FmJ5z8UwiOfrjSuHr5x18OWlX6JmGjDgAAAAAAAAAAAAAAAAAAuCtK7xUvFG/2nd2v6slnpj8zAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALh7hv//vxRsj2UOEvzZifGm6tpmK2LuXi8TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/uL8DAAD//2Kpa7U=")
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x4c, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x9)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)

16.089629115s ago: executing program 0 (id=961):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
dup(r0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
fcntl$dupfd(r2, 0x0, r2)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r3, 0x400455c8, 0x8)

16.011254575s ago: executing program 0 (id=962):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x11, &(0x7f0000000000)=0x808b, 0x4)

15.03291071s ago: executing program 0 (id=963):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000040000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'wg1\x00', <r3=>0x0})
setsockopt$packet_int(r2, 0x107, 0x14, &(0x7f0000000000)=0xf3e, 0x4)
sendto$packet(r2, &(0x7f0000000240)='\x00', 0x1, 0x800, &(0x7f0000000080)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xfc}}, 0x14)

15.03229042s ago: executing program 0 (id=964):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x6)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000c00)=@framed={{}, [@printk={@llu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
bpf$OBJ_GET_PROG(0x7, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
r4 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect)
sendmsg$TIPC_CMD_RESET_LINK_STATS(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x51}, 0x40000)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000000, 0x10010, 0xffffffffffffffff, 0xa6750000)
r5 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r5, &(0x7f0000000180), 0x10)
sendmsg$can_bcm(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="05"], 0x48}, 0x1, 0x0, 0x0, 0x50}, 0x0)
sendmsg$can_bcm(r5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='rss_stat\x00', r6}, 0x10)
syz_clone(0x40100000, 0x0, 0x0, 0x0, 0x0, 0x0)

3.001286476s ago: executing program 41 (id=956):
syz_mount_image$ext4(&(0x7f0000000040)='ext2\x00', &(0x7f0000000080)='./file0\x00', 0x180c081, &(0x7f0000000000), 0x2c, 0x516, &(0x7f0000000740)="$eJzs3c9vG1kdAPCvnV9umm6ysIcFAVuWhYKq2om7G632wnJBQqvVIi2cEGqjxI2i2HEUO6UJkUjPXJGoxAn+BA5IHJB64s4NblzKAalABWqQEPJq7HGbOHFiNXHcxp+PNPJ7MxN/v8/SvBc/2/MCGFpXI2I3IsYj4nZETKf7M+kWH7a25LynT3YW957sLGai0fj0n6PpmTuL7fPbLqfPmYv4JKlPHBG3trW9ulAulzbSeqFeWS/UtrZvrFQWlkvLpbVicX5ufvb9m+8Vz6ytb1V++/i7Kx/98A+///KjP+1+66dJzt9OjyVtO7NA+7Rel7GY2rcveeU+6kewARhJ2zM+6ER4IdmI+FxEvJ2Wn8kNLicAoL8ajeloTO+vd5fp4RwA4OWXvOefikw2n77/n4psNp9vzuHl3ojJbLlaq1+/U91cW4rmHNZMjGXvrJRLs+lc4UyMZZL6XLP8vF7sqN+MiNcj4hcTl5r1/GK1vDSof3oAYMhd7hj//zPRGv974BMCAHiVGckBYPgcHv/HBpIHAHB+vP8HgOGzb/w/6re6AMAFlOv47T8AcPGdOP//Zvzsx+eTCgBwTnz+DwBD5fsff5xsjb30/tdLd7c2V6t3byyVaqv5yuZifrG6sZ5frlaXm/fsqZz0fOVqdX3u3di8V6iXavVCbWv7VqW6uVa/1byv962SHxYAwOC9/tbDv2QiYveDS80t2ms5+EIAXHgucxheI4NOABiY0UEnAAyM+Xggc8Lxrl8RetD9by6dIh+g/659ocv8//H/G/y/cT7pAX1k/h+G1+nm/80ewKvM/D8Mr0YjYz1/ABgyPbyD9xVBuOBe+PN/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGGJTzS2TzadrgU9FNpvPR1yJiJkYy9xZKZdmI+K1iPjzxNhEUp8bdNIAwCll/55J1/+6Nv3OVOfR8cx/J5qPEfGTX336y3sL9frGXLL/X8/21x+k+4tHBpjofxsAgH1GO3e0x+n2ON5e3/fpk53F9naeCT7+Tmtx0STuXrq1U28ln4uxiJj8d+ZAYzJntDDx7v2IeLOz/dlnx2fSlU874yexr/QtfjRbOHUgfvZA/GzzWOsxeS0+fwa5wLB5mPQ/Hx51/WXjavMxvf4yBzvTXPz8cOf6Atr9316js/9rXe+fXMk1+5qj+r+rvcZ494/f63rs/kjji6MRe4f63/aK0Llm6aj47/QY/69f+srb3Y41fh1xLY6L3yoV6pX1Qm1r+8ZKZWG5tFxaKxbn5+Zn37/5XrHQnKMutGeqD/vHB9df697+iMku8XMntP/rPbb/N/+7/aOvHhP/m187Kn423jgmfjImfqPH+AuTv+u6fHcSf6lL+0cPxB8/8HfJvus9xn/0t+2lHk8FAM5BbWt7daFcLm0onLaQ69czX35JGqhwTGEkyu35qJcin1MXBtwxAX33/KIfdCYAAAAAAAAAAAAAAEA3tR+kt/zr44/hBt1GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALq7PAgAA//+iDcmp")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000640)='kfree\x00', r1}, 0x18)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000500)={'syzkaller0\x00', 0x7101})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa802, 0x0)
close(r3)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0xb, 0xd}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004)
recvmmsg(r6, &(0x7f0000005140)=[{{0x0, 0x0, &(0x7f0000001a80)=[{&(0x7f0000000640)=""/216, 0xd8}, {&(0x7f0000003080)=""/4096, 0x1000}], 0x2}, 0x3}], 0x1, 0x0, 0x0)
getdents64(r0, 0x0, 0x0)

0s ago: executing program 42 (id=964):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x6)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000c00)=@framed={{}, [@printk={@llu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
bpf$OBJ_GET_PROG(0x7, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
r4 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect)
sendmsg$TIPC_CMD_RESET_LINK_STATS(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x51}, 0x40000)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000000, 0x10010, 0xffffffffffffffff, 0xa6750000)
r5 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r5, &(0x7f0000000180), 0x10)
sendmsg$can_bcm(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="05"], 0x48}, 0x1, 0x0, 0x0, 0x50}, 0x0)
sendmsg$can_bcm(r5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='rss_stat\x00', r6}, 0x10)
syz_clone(0x40100000, 0x0, 0x0, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

eady
[  151.632001][ T4549] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  151.647713][ T4549] bridge0: port 1(bridge_slave_0) entered blocking state
[  151.649756][ T4549] bridge0: port 1(bridge_slave_0) entered forwarding state
[  151.653634][   T27] kauditd_printk_skb: 27 callbacks suppressed
[  151.653645][   T27] audit: type=1326 audit(156.635:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5472 comm="syz.0.248" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91d5a7a8 code=0x7ffc0000
[  151.671336][   T27] audit: type=1326 audit(156.645:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5472 comm="syz.0.248" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91d5a7a8 code=0x7ffc0000
[  151.677240][   T27] audit: type=1326 audit(156.645:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5472 comm="syz.0.248" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=114 compat=0 ip=0xffff91d5a7a8 code=0x7ffc0000
[  151.691060][ T4549] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  151.701687][ T4549] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  151.719401][ T4549] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  151.725640][ T5475] loop7: detected capacity change from 0 to 256
[  151.726081][ T4549] bridge0: port 2(bridge_slave_1) entered blocking state
[  151.727881][ T5475] exfat: Deprecated parameter 'utf8'
[  151.729250][ T4549] bridge0: port 2(bridge_slave_1) entered forwarding state
[  151.730644][ T5475] exfat: Deprecated parameter 'utf8'
[  151.742968][   T27] audit: type=1326 audit(156.645:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5472 comm="syz.0.248" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91d5a7a8 code=0x7ffc0000
[  151.755041][   T27] audit: type=1326 audit(156.645:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5472 comm="syz.0.248" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91d5a7a8 code=0x7ffc0000
[  151.769979][ T4549] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  151.780233][ T5475] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0x7bac8b1f, utbl_chksum : 0xe619d30d)
[  151.796024][ T4549] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  151.799025][ T4549] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  151.809174][ T4549] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  151.826413][ T4549] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  151.829371][ T4549] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  151.832680][ T4549] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  151.847728][ T4549] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  151.850484][ T4549] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  151.856777][ T5482] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  151.859321][ T5482] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  151.881535][ T5253] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  151.884965][ T5253] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  151.917621][ T4389] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  151.920418][ T4389] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  152.045366][ T5490] binder: 5489:5490 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER
[  152.066044][ T5493] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  152.068493][ T5493] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  152.367913][   T39] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  152.548703][   T39] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  152.580367][ T5357] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  152.582903][ T5357] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  152.590379][ T5253] 8021q: adding VLAN 0 to HW filter on device batadv0
[  152.773736][   T39] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  153.593801][   T39] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.706716][ T5546] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  154.729165][ T5546] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  154.887634][ T4685] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  154.899000][ T4685] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  154.922437][ T4569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  154.925107][ T4569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  154.938038][ T4569] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  154.961580][ T4569] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  155.069520][ T5253] device veth0_vlan entered promiscuous mode
[  155.077943][ T5253] device veth1_vlan entered promiscuous mode
[  155.168390][ T5253] device veth0_macvtap entered promiscuous mode
[  155.171357][ T4549] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  155.174119][ T4549] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  155.176671][ T4549] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  155.186783][ T4549] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  155.202166][ T5253] device veth1_macvtap entered promiscuous mode
[  155.215684][ T4549] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  155.218397][ T4549] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  155.223440][ T5253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  155.226344][ T5253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  155.229087][ T5253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  155.243259][ T5253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  155.245985][ T5253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  155.248874][ T5253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  155.262233][ T5253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  155.278052][ T5253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  155.310886][ T5253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  155.313904][ T5253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  155.341913][ T5253] batman_adv: batadv0: Interface activated: batadv_slave_0
[  155.417893][ T4549] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  155.420660][ T4549] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  155.431976][ T5253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  155.434810][ T5253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  155.460494][ T5253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  155.465366][ T5548] loop5: detected capacity change from 0 to 40427
[  155.468528][ T5253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  155.488179][ T5548] F2FS-fs (loop5): invalid crc value
[  155.488201][ T5253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  155.500362][ T5253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  155.509920][ T5548] F2FS-fs (loop5): Found nat_bits in checkpoint
[  155.511495][ T5253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  155.514495][ T5253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  155.517272][ T5253] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  155.544579][ T5548] F2FS-fs (loop5): Start checkpoint disabled!
[  155.551118][ T5253] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  155.556200][ T5253] batman_adv: batadv0: Interface activated: batadv_slave_1
[  155.569565][ T5568] loop7: detected capacity change from 0 to 1024
[  155.576249][ T4549] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  155.579000][ T4549] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  155.588720][ T5568] EXT4-fs: Ignoring removed mblk_io_submit option
[  155.588873][ T5548] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  155.597757][ T5568] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  155.658078][ T5568] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none.
[  155.693609][ T5253] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  155.696105][ T5253] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  155.707533][ T5253] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  155.730393][ T5253] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  155.823985][ T5357] kworker/u4:23: attempt to access beyond end of device
[  155.823985][ T5357] loop5: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  155.828171][ T5357] kworker/u4:23: attempt to access beyond end of device
[  155.828171][ T5357] loop5: rw=2049, sector=40992, nr_sectors = 8 limit=40427
[  156.014149][ T4569] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  156.016617][ T4569] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  156.021290][ T4549] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  156.131581][ T5357] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  156.133995][ T5357] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  156.149699][ T5357] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  156.152336][ T5562] loop6: detected capacity change from 0 to 40427
[  156.236204][ T5562] F2FS-fs (loop6): Unrecognized mount option "whint_mode=fs-based" or missing value
[  156.250738][   T27] audit: type=1326 audit(161.225:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5561 comm="syz.6.268" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbc95a7a8 code=0x7ffc0000
[  156.257185][   T27] audit: type=1326 audit(161.225:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5561 comm="syz.6.268" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbc95a7a8 code=0x7ffc0000
[  156.273395][   T27] audit: type=1326 audit(161.245:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5561 comm="syz.6.268" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffbc95a7a8 code=0x7ffc0000
[  156.279723][   T27] audit: type=1326 audit(161.245:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5561 comm="syz.6.268" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbc95a7a8 code=0x7ffc0000
[  156.847112][   T27] audit: type=1326 audit(161.245:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5561 comm="syz.6.268" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbc95a7a8 code=0x7ffc0000
[  156.988232][   T27] audit: type=1326 audit(161.245:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5561 comm="syz.6.268" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffbc95a7a8 code=0x7ffc0000
[  156.995732][   T27] audit: type=1326 audit(161.255:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5561 comm="syz.6.268" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbc95a7a8 code=0x7ffc0000
[  157.052794][   T27] audit: type=1326 audit(161.255:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5561 comm="syz.6.268" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbc95a7a8 code=0x7ffc0000
[  157.103252][   T27] audit: type=1326 audit(161.255:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5561 comm="syz.6.268" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffbc95a7a8 code=0x7ffc0000
[  157.109484][   T27] audit: type=1326 audit(161.255:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5561 comm="syz.6.268" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbc95a7a8 code=0x7ffc0000
[  157.153973][   T27] audit: type=1326 audit(161.255:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5561 comm="syz.6.268" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbc95a7a8 code=0x7ffc0000
[  157.169387][   T27] audit: type=1326 audit(161.595:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5561 comm="syz.6.268" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffbc95a7a8 code=0x7ffc0000
[  157.209995][   T27] audit: type=1326 audit(161.595:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5561 comm="syz.6.268" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbc95a7a8 code=0x7ffc0000
[  157.343086][   T27] audit: type=1326 audit(161.955:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5561 comm="syz.6.268" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbc95a7a8 code=0x7ffc0000
[  158.198394][ T5603] loop5: detected capacity change from 0 to 512
[  158.204951][ T5605] loop8: detected capacity change from 0 to 128
[  158.229473][ T5603] EXT4-fs (loop5): revision level too high, forcing read-only mode
[  158.235208][ T5603] EXT4-fs (loop5): orphan cleanup on readonly fs
[  158.281527][ T5603] EXT4-fs warning (device loop5): ext4_enable_quotas:7066: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  158.310936][ T5603] EXT4-fs (loop5): Cannot turn on quotas: error -22
[  158.322752][ T5603] EXT4-fs error (device loop5): ext4_orphan_get:1400: inode #16: comm syz.5.275: iget: immutable or append flags not allowed on symlinks
[  158.350313][ T5603] EXT4-fs error (device loop5): ext4_orphan_get:1405: comm syz.5.275: couldn't read orphan inode 16 (err -117)
[  158.411329][ T5603] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  158.417113][ T5603] xt_hashlimit: size too large, truncated to 1048576
[  159.485280][ T5621] loop8: detected capacity change from 0 to 512
[  159.602022][ T5621] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  159.757633][ T5253] EXT4-fs (loop8): unmounting filesystem.
[  159.828698][ T5632] loop6: detected capacity change from 0 to 16
[  159.835243][ T5632] erofs: (device loop6): erofs_superblock_csum_verify: invalid checksum 0x80a9593b, 0x7bbbea8c expected
[  160.121039][ T5627] tipc: Started in network mode
[  160.122621][ T5627] tipc: Node identity 7f000001, cluster identity 4711
[  160.125239][ T5627] tipc: Enabled bearer <udp:syz2>, priority 10
[  160.303008][   T39] device hsr_slave_0 left promiscuous mode
[  160.361084][   T39] device hsr_slave_1 left promiscuous mode
[  160.441753][   T39] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  160.446089][   T39] batman_adv: batadv0: Removing interface: batadv_slave_0
[  160.465549][   T39] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  160.471086][   T39] batman_adv: batadv0: Removing interface: batadv_slave_1
[  160.477865][   T39] device bridge_slave_1 left promiscuous mode
[  160.485961][   T39] bridge0: port 2(bridge_slave_1) entered disabled state
[  160.499064][ T5044] EXT4-fs (loop7): unmounting filesystem.
[  160.521921][   T39] device bridge_slave_0 left promiscuous mode
[  160.527020][   T39] bridge0: port 1(bridge_slave_0) entered disabled state
[  160.724296][ T5633] loop8: detected capacity change from 0 to 40427
[  160.726695][   T39] device veth1_macvtap left promiscuous mode
[  160.728368][   T39] device veth0_macvtap left promiscuous mode
[  160.730084][   T39] device veth1_vlan left promiscuous mode
[  160.731919][   T39] device veth0_vlan left promiscuous mode
[  160.742620][ T5633] F2FS-fs (loop8): invalid crc value
[  160.872268][ T5633] F2FS-fs (loop8): Found nat_bits in checkpoint
[  160.948642][ T5633] F2FS-fs (loop8): Cannot turn on quotas: -2 on 0
[  161.005938][ T5633] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e4
[  161.657497][  T113] tipc: Node number set to 2130706433
[  161.710268][ T5633] syz.8.282: attempt to access beyond end of device
[  161.710268][ T5633] loop8: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  163.912048][ T4313] Bluetooth: hci4: command 0x0406 tx timeout
[  164.493317][   T39] team0 (unregistering): Port device team_slave_1 removed
[  164.704609][   T39] team0 (unregistering): Port device team_slave_0 removed
[  164.891595][   T39] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  165.091717][   T39] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  166.953103][ T4613] EXT4-fs (loop5): unmounting filesystem.
[  167.503531][   T39] bond0 (unregistering): Released all slaves
[  167.716890][ T5632] tipc: Enabled bearer <udp:syz0>, priority 10
[  167.775475][ T5658] netlink: 4 bytes leftover after parsing attributes in process `syz.8.289'.
[  167.792997][ T5659] netlink: 12 bytes leftover after parsing attributes in process `syz.8.289'.
[  167.948155][ T5703] netlink: 'syz.7.303': attribute type 1 has an invalid length.
[  167.950590][ T5703] netlink: 'syz.7.303': attribute type 2 has an invalid length.
[  167.969669][ T5706] netlink: 'syz.7.303': attribute type 1 has an invalid length.
[  167.971925][ T5706] netlink: 'syz.7.303': attribute type 2 has an invalid length.
[  168.112616][ T5716] vhci_hcd: default hub control req: 0000 v0000 i0000 l65535
[  168.158950][ T5711] netlink: 4 bytes leftover after parsing attributes in process `syz.6.306'.
[  168.187048][ T5711] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  170.138721][ T5726] loop7: detected capacity change from 0 to 128
[  170.200522][ T5726] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none.
[  170.209466][ T5733] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  170.231330][ T5733] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  170.236724][ T5735] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  170.280047][ T5735] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  170.356574][ T5044] EXT4-fs (loop7): unmounting filesystem.
[  170.412963][ T5711] batman_adv: batadv0: Removing interface: batadv_slave_1
[  170.537360][ T5749] netlink: 'syz.0.314': attribute type 5 has an invalid length.
[  173.196701][ T5777] loop7: detected capacity change from 0 to 128
[  173.440642][ T5777] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none.
[  173.453208][ T5777] device bridge0 entered promiscuous mode
[  173.455866][ T5777] bridge0: port 3(macsec1) entered blocking state
[  173.457675][ T5777] bridge0: port 3(macsec1) entered disabled state
[  173.461456][ T5777] device bridge0 left promiscuous mode
[  173.527280][ T5783] mmap: syz.8.321 (5783) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  174.711557][ T5790] loop8: detected capacity change from 0 to 512
[  174.747644][ T5790] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  174.810504][ T5790] EXT4-fs (loop8): 1 truncate cleaned up
[  174.814579][ T5790] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  174.866539][   T27] kauditd_printk_skb: 24 callbacks suppressed
[  174.866552][   T27] audit: type=1326 audit(179.775:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5794 comm="syz.6.325" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbc95a7a8 code=0x7ffc0000
[  174.875151][   T27] audit: type=1326 audit(179.775:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5794 comm="syz.6.325" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffbc95a7a8 code=0x7ffc0000
[  174.881068][   T27] audit: type=1326 audit(179.775:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5794 comm="syz.6.325" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbc95a7a8 code=0x7ffc0000
[  174.886564][   T27] audit: type=1326 audit(179.805:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5794 comm="syz.6.325" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffbc95a7a8 code=0x7ffc0000
[  174.892204][   T27] audit: type=1326 audit(179.805:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5794 comm="syz.6.325" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbc95a7a8 code=0x7ffc0000
[  174.897896][   T27] audit: type=1326 audit(179.805:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5794 comm="syz.6.325" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffbc95a7a8 code=0x7ffc0000
[  174.903441][   T27] audit: type=1326 audit(179.805:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5794 comm="syz.6.325" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbc95a7a8 code=0x7ffc0000
[  174.908957][   T27] audit: type=1326 audit(179.805:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5794 comm="syz.6.325" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=144 compat=0 ip=0xffffbc95a7a8 code=0x7ffc0000
[  174.914930][   T27] audit: type=1326 audit(179.805:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5794 comm="syz.6.325" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbc95a7a8 code=0x7ffc0000
[  176.202426][ T5044] EXT4-fs (loop7): unmounting filesystem.
[  176.333102][ T5253] EXT4-fs (loop8): unmounting filesystem.
[  176.377539][ T5820] netlink: 4 bytes leftover after parsing attributes in process `syz.0.331'.
[  178.153374][ T5842] netlink: 12 bytes leftover after parsing attributes in process `syz.7.336'.
[  179.798972][ T5896] loop5: detected capacity change from 0 to 512
[  180.170640][ T5896] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  180.181567][ T5904] futex_wake_op: syz.8.356 tries to shift op by 32; fix this program
[  180.196286][ T5896] EXT4-fs error (device loop5): ext4_get_first_dir_block:3591: inode #12: block 32: comm syz.5.355: bad entry in directory: rec_len is too small for name_len - offset=0, inode=12, rec_len=12, size=2048 fake=0
[  180.212673][ T5896] EXT4-fs (loop5): Remounting filesystem read-only
[  180.215767][ T5896] EXT4-fs error (device loop5): ext4_get_first_dir_block:3594: inode #12: comm syz.5.355: directory missing '.'
[  180.221634][ T5896] EXT4-fs (loop5): Remounting filesystem read-only
[  180.281850][ T5906] tipc: Started in network mode
[  180.283368][ T5906] tipc: Node identity 7f000001, cluster identity 4711
[  180.284598][ T4613] EXT4-fs (loop5): unmounting filesystem.
[  180.292292][ T5906] tipc: Enabled bearer <udp:syz2>, priority 10
[  180.329064][ T5906] tipc: Enabled bearer <udp:syz0>, priority 10
[  180.559686][ T5915] netlink: 96 bytes leftover after parsing attributes in process `syz.5.358'.
[  180.670587][ T5922] loop8: detected capacity change from 0 to 2048
[  180.707952][ T5922] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none.
[  181.634645][   T14] tipc: Node number set to 2130706433
[  181.713374][ T5253] EXT4-fs (loop8): unmounting filesystem.
[  182.896056][ T5917] loop6: detected capacity change from 0 to 40427
[  182.955887][ T5917] F2FS-fs (loop6): Found nat_bits in checkpoint
[  182.977038][ T5926] loop5: detected capacity change from 0 to 40427
[  182.991334][ T5926] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  182.993673][ T5926] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  182.999768][   T27] audit: type=1326 audit(187.975:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5954 comm="syz.0.370" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91d5a7a8 code=0x7ffc0000
[  183.008423][   T27] audit: type=1326 audit(187.985:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5954 comm="syz.0.370" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff91d5a7a8 code=0x7ffc0000
[  183.013450][ T5926] F2FS-fs (loop5): invalid crc value
[  183.044712][ T5926] F2FS-fs (loop5): Found nat_bits in checkpoint
[  183.049913][   T27] audit: type=1326 audit(188.015:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5954 comm="syz.0.370" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91d5a7a8 code=0x7ffc0000
[  183.058069][ T5917] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  183.082703][   T27] audit: type=1326 audit(188.015:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5954 comm="syz.0.370" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff91d5a7a8 code=0x7ffc0000
[  183.086186][ T5926] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  183.091522][ T5917] F2FS-fs (loop6): switch extent_cache option is not allowed
[  183.091902][ T5926] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  183.111829][   T27] audit: type=1326 audit(188.015:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5954 comm="syz.0.370" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91d5a7a8 code=0x7ffc0000
[  183.141237][   T27] audit: type=1326 audit(188.015:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5954 comm="syz.0.370" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=102 compat=0 ip=0xffff91d5a7a8 code=0x7ffc0000
[  183.188365][   T27] audit: type=1326 audit(188.015:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5954 comm="syz.0.370" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91d5a7a8 code=0x7ffc0000
[  183.505859][ T4613] syz-executor: attempt to access beyond end of device
[  183.505859][ T4613] loop5: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  183.691335][ T5357] F2FS-fs (loop5): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  184.061564][ T5357] F2FS-fs (loop5): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  184.486875][ T5948] loop8: detected capacity change from 0 to 40427
[  184.490056][ T5948] F2FS-fs (loop8): Invalid Fs Meta Ino: node(1) meta(15) root(3)
[  184.494607][ T5948] F2FS-fs (loop8): Can't find valid F2FS filesystem in 2th superblock
[  184.497023][ T5948] F2FS-fs (loop8): Unrecognized mount option "checkpoint=merge" or missing value
[  185.310163][ T5686] I/O error, dev loop8, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  185.463012][ T5993] loop5: detected capacity change from 0 to 512
[  185.526432][ T5971] loop6: detected capacity change from 0 to 40427
[  185.543201][ T5993] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  185.546319][ T5971] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[  185.548399][ T5971] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  185.637428][ T6002] 9pnet_fd: Insufficient options for proto=fd
[  185.738976][ T6000] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  185.744618][ T6000] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 2 with error 28
[  185.748080][ T6000] EXT4-fs (loop5): This should not happen!! Data will be lost
[  185.748080][ T6000] 
[  185.750605][ T6000] EXT4-fs (loop5): Total free blocks count 0
[  185.752300][ T6000] EXT4-fs (loop5): Free/Dirty block details
[  185.753883][ T6000] EXT4-fs (loop5): free_blocks=65280
[  185.755270][ T6000] EXT4-fs (loop5): dirty_blocks=2
[  185.756641][ T6000] EXT4-fs (loop5): Block reservation details
[  185.758204][ T6000] EXT4-fs (loop5): i_reserved_data_blocks=2
[  186.043884][ T6003] capability: warning: `syz.5.378' uses 32-bit capabilities (legacy support in use)
[  186.602778][ T5971] F2FS-fs (loop6): invalid crc value
[  186.604503][ T5971] F2FS-fs (loop6): Failed to start F2FS issue_checkpoint_thread (-12)
[  186.653337][ T4613] EXT4-fs (loop5): unmounting filesystem.
[  186.924213][ T6024] loop8: detected capacity change from 0 to 512
[  186.948704][ T6024] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  187.004902][ T6024] EXT4-fs (loop8): 1 truncate cleaned up
[  187.006556][ T6024] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  187.523434][ T6040] netlink: 4 bytes leftover after parsing attributes in process `syz.0.389'.
[  187.552362][ T6040] netlink: 12 bytes leftover after parsing attributes in process `syz.0.389'.
[  188.173977][ T2060] ieee802154 phy0 wpan0: encryption failed: -22
[  188.175818][ T2060] ieee802154 phy1 wpan1: encryption failed: -22
[  188.874434][ T5253] EXT4-fs (loop8): unmounting filesystem.
[  188.991117][ T6054] loop6: detected capacity change from 0 to 512
[  189.121336][ T6054] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  189.179159][ T6067] loop7: detected capacity change from 0 to 512
[  189.181624][ T6054] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  189.181844][   T27] audit: type=1326 audit(194.165:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6066 comm="syz.0.396" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff91d5a7a8 code=0x0
[  189.185742][ T6054] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 2 with error 28
[  189.194612][ T6054] EXT4-fs (loop6): This should not happen!! Data will be lost
[  189.194612][ T6054] 
[  189.197229][ T6054] EXT4-fs (loop6): Total free blocks count 0
[  189.198865][ T6054] EXT4-fs (loop6): Free/Dirty block details
[  189.200418][ T6054] EXT4-fs (loop6): free_blocks=65280
[  189.202015][ T6054] EXT4-fs (loop6): dirty_blocks=2
[  189.203373][ T6054] EXT4-fs (loop6): Block reservation details
[  189.204971][ T6054] EXT4-fs (loop6): i_reserved_data_blocks=2
[  189.390254][ T6067] EXT4-fs error (device loop7): __ext4_fill_super:5402: inode #2: comm syz.7.398: iget: bad i_size value: -1
[  189.396979][ T6067] EXT4-fs (loop7): get root inode failed
[  189.398701][ T6067] EXT4-fs (loop7): mount failed
[  190.324051][   T27] audit: type=1326 audit(195.305:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6077 comm="syz.5.399" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff7fd5a7a8 code=0x7ffc0000
[  190.340399][   T27] audit: type=1326 audit(195.315:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6077 comm="syz.5.399" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff7fd5a7a8 code=0x7ffc0000
[  190.341793][ T4626] EXT4-fs (loop6): unmounting filesystem.
[  190.347696][ T6079] process 'syz.5.399' launched './file0' with NULL argv: empty string added
[  190.362738][   T27] audit: type=1326 audit(195.335:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6077 comm="syz.5.399" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=221 compat=0 ip=0xffff7fd5a7a8 code=0x7ffc0000
[  190.408715][   T27] audit: type=1326 audit(195.335:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6077 comm="syz.5.399" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff7fd5a7a8 code=0x7ffc0000
[  190.499339][ T6091] loop5: detected capacity change from 0 to 1024
[  190.584809][ T6091] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  190.658005][ T6097] loop6: detected capacity change from 0 to 2048
[  190.713601][ T4613] EXT4-fs (loop5): unmounting filesystem.
[  190.739979][ T6103] loop8: detected capacity change from 0 to 512
[  190.754251][ T6097] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  190.821091][ T6103] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  190.870590][ T6103] EXT4-fs (loop8): 1 truncate cleaned up
[  190.879173][ T6103] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  190.973239][ T4626] EXT4-fs (loop6): unmounting filesystem.
[  192.582516][ T5253] EXT4-fs (loop8): unmounting filesystem.
[  192.781603][ T6133] loop8: detected capacity change from 0 to 512
[  192.862748][ T6133] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  193.152305][ T6130] EXT4-fs error (device loop8): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  193.157928][ T6130] EXT4-fs (loop8): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 2 with error 28
[  193.171061][ T6130] EXT4-fs (loop8): This should not happen!! Data will be lost
[  193.171061][ T6130] 
[  193.173621][ T6130] EXT4-fs (loop8): Total free blocks count 0
[  193.175212][ T6130] EXT4-fs (loop8): Free/Dirty block details
[  193.176792][ T6130] EXT4-fs (loop8): free_blocks=65280
[  193.178213][ T6130] EXT4-fs (loop8): dirty_blocks=2
[  193.179513][ T6130] EXT4-fs (loop8): Block reservation details
[  193.357512][ T6130] EXT4-fs (loop8): i_reserved_data_blocks=2
[  193.812359][ T5253] EXT4-fs (loop8): unmounting filesystem.
[  194.144869][ T6160] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  194.147431][ T6160] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  194.823723][ T6182] loop8: detected capacity change from 0 to 512
[  194.863954][ T6182] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  194.922637][ T6182] EXT4-fs (loop8): 1 truncate cleaned up
[  194.924310][ T6182] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  195.142205][ T6151] loop5: detected capacity change from 0 to 40427
[  195.150554][ T6151] F2FS-fs (loop5): invalid crc value
[  196.903173][ T6196] netlink: 36 bytes leftover after parsing attributes in process `syz.0.425'.
[  197.054545][ T6151] F2FS-fs (loop5): Failed to start F2FS issue_checkpoint_thread (-12)
[  197.365088][ T6207] bridge: RTM_DELNEIGH with unconfigured vlan 8 on bridge_slave_1
[  197.387553][ T6208] loop7: detected capacity change from 0 to 512
[  197.431716][ T5253] EXT4-fs (loop8): unmounting filesystem.
[  197.465373][ T6208] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback.
[  197.507414][ T6208] EXT4-fs error (device loop7): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  197.511617][ T6208] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 2 with error 28
[  197.514897][ T6208] EXT4-fs (loop7): This should not happen!! Data will be lost
[  197.514897][ T6208] 
[  197.517519][ T6208] EXT4-fs (loop7): Total free blocks count 0
[  197.519177][ T6208] EXT4-fs (loop7): Free/Dirty block details
[  197.520717][ T6208] EXT4-fs (loop7): free_blocks=65280
[  197.522288][ T6208] EXT4-fs (loop7): dirty_blocks=2
[  197.523621][ T6208] EXT4-fs (loop7): Block reservation details
[  197.525189][ T6208] EXT4-fs (loop7): i_reserved_data_blocks=2
[  198.618185][ T5044] EXT4-fs (loop7): unmounting filesystem.
[  198.912393][ T6231] netlink: 500 bytes leftover after parsing attributes in process `syz.7.431'.
[  200.226686][ T6249] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  200.229565][ T6249] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  200.851154][ T6214] loop8: detected capacity change from 0 to 40427
[  200.992252][ T6255] tipc: Started in network mode
[  200.993653][ T6255] tipc: Node identity ac14140f, cluster identity 4711
[  200.995553][ T6255] tipc: New replicast peer: 255.255.255.255
[  200.997519][ T6255] tipc: Enabled bearer <udp:s>, priority 10
[  201.250065][ T6269] loop7: detected capacity change from 0 to 2048
[  201.256339][ T6270] loop5: detected capacity change from 0 to 512
[  201.331779][ T6270] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  201.352935][ T6269] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none.
[  201.400809][ T6269] fs-verity: sha256 using implementation "sha256-ce"
[  201.412587][ T6280] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  201.416687][ T6280] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 2 with error 28
[  201.419811][ T6280] EXT4-fs (loop5): This should not happen!! Data will be lost
[  201.419811][ T6280] 
[  201.422881][ T6280] EXT4-fs (loop5): Total free blocks count 0
[  201.424750][ T6280] EXT4-fs (loop5): Free/Dirty block details
[  201.426297][ T6280] EXT4-fs (loop5): free_blocks=65280
[  201.427640][ T6280] EXT4-fs (loop5): dirty_blocks=2
[  201.428980][ T6280] EXT4-fs (loop5): Block reservation details
[  201.430504][ T6280] EXT4-fs (loop5): i_reserved_data_blocks=2
[  201.508477][ T4613] EXT4-fs (loop5): unmounting filesystem.
[  202.113422][ T4343] tipc: Node number set to 2886997007
[  202.541422][ T6269] fs-verity (loop7, inode 13): Error -4 building Merkle tree
[  202.614319][   T27] audit: type=1326 audit(207.595:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6297 comm="syz.5.451" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff7fd5a7a8 code=0x7ffc0000
[  202.640926][   T27] audit: type=1326 audit(207.595:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6297 comm="syz.5.451" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff7fd5a7a8 code=0x7ffc0000
[  202.646838][   T27] audit: type=1326 audit(207.595:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6297 comm="syz.5.451" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=219 compat=0 ip=0xffff7fd5a7a8 code=0x7ffc0000
[  202.676028][   T27] audit: type=1326 audit(207.595:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6297 comm="syz.5.451" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff7fd5a7a8 code=0x7ffc0000
[  202.693735][   T27] audit: type=1326 audit(207.595:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6297 comm="syz.5.451" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff7fd5a7a8 code=0x7ffc0000
[  202.700209][ T5044] EXT4-fs (loop7): unmounting filesystem.
[  202.878667][ T6314] loop8: detected capacity change from 0 to 1024
[  202.927385][ T6314] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none.
[  204.574577][ T6350] EXT4-fs error (device loop8): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters
[  204.580077][ T6350] EXT4-fs (loop8): Delayed block allocation failed for inode 15 at logical offset 51 with max blocks 1 with error 28
[  204.583534][ T6350] EXT4-fs (loop8): This should not happen!! Data will be lost
[  204.583534][ T6350] 
[  204.586285][ T6350] EXT4-fs (loop8): Total free blocks count 0
[  204.587960][ T6350] EXT4-fs (loop8): Free/Dirty block details
[  204.589741][ T6350] EXT4-fs (loop8): free_blocks=68451041280
[  204.591567][ T6350] EXT4-fs (loop8): dirty_blocks=32
[  204.593105][ T6350] EXT4-fs (loop8): Block reservation details
[  204.594797][ T6350] EXT4-fs (loop8): i_reserved_data_blocks=2
[  204.801005][ T4301] Bluetooth: hci5: command 0x0406 tx timeout
[  204.803027][ T4301] Bluetooth: hci6: command 0x0406 tx timeout
[  205.163241][ T6317] loop7: detected capacity change from 0 to 40427
[  205.188495][ T6317] F2FS-fs (loop7): Invalid log_blocksize (268), supports only 12
[  205.190635][ T6317] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[  205.219184][ T6317] F2FS-fs (loop7): invalid crc value
[  205.298930][ T6317] F2FS-fs (loop7): Found nat_bits in checkpoint
[  205.499523][ T6317] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[  205.505804][ T6317] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  207.527783][ T6400] loop5: detected capacity change from 0 to 512
[  207.577422][ T6400] EXT4-fs: Ignoring removed mblk_io_submit option
[  207.579371][ T6400] EXT4-fs: Conflicting test_dummy_encryption options
[  207.903738][ T6381] loop6: detected capacity change from 0 to 40427
[  207.918977][ T6381] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[  207.927272][ T6381] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  207.976150][ T6381] F2FS-fs (loop6): Found nat_bits in checkpoint
[  208.119465][ T6381] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  208.121713][ T6381] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  208.446679][ T4474] EXT4-fs (loop8): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  208.458425][ T4474] EXT4-fs (loop8): This should not happen!! Data will be lost
[  208.458425][ T4474] 
[  208.476279][ T6432] loop5: detected capacity change from 0 to 512
[  208.477986][ T4474] EXT4-fs (loop8): Total free blocks count 0
[  208.480428][ T4474] EXT4-fs (loop8): Free/Dirty block details
[  208.491393][ T4474] EXT4-fs (loop8): free_blocks=68451041280
[  208.493258][ T4474] EXT4-fs (loop8): dirty_blocks=32
[  208.504172][ T4474] EXT4-fs (loop8): Block reservation details
[  208.509887][ T4474] EXT4-fs (loop8): i_reserved_data_blocks=2
[  208.526849][ T5253] EXT4-fs (loop8): unmounting filesystem.
[  208.532459][ T6432] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  208.706138][ T6441] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  208.730742][ T6441] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 2 with error 28
[  208.767017][ T6441] EXT4-fs (loop5): This should not happen!! Data will be lost
[  208.767017][ T6441] 
[  208.871152][ T6441] EXT4-fs (loop5): Total free blocks count 0
[  208.872995][ T6441] EXT4-fs (loop5): Free/Dirty block details
[  208.877279][ T6441] EXT4-fs (loop5): free_blocks=65280
[  208.879410][ T6441] EXT4-fs (loop5): dirty_blocks=2
[  208.883997][ T6441] EXT4-fs (loop5): Block reservation details
[  208.885806][ T6441] EXT4-fs (loop5): i_reserved_data_blocks=2
[  209.105355][ T4613] EXT4-fs (loop5): unmounting filesystem.
[  209.983263][ T6468] loop6: detected capacity change from 0 to 256
[  209.999336][   T27] audit: type=1326 audit(214.975:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6466 comm="syz.5.493" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff7fd5a7a8 code=0x0
[  210.735290][ T4301] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  210.742009][ T4301] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  210.744735][ T4301] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  210.747841][ T4301] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  210.753933][ T4301] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  210.756532][ T4301] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  211.042587][    T9] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  211.084173][ T6510] netlink: 32 bytes leftover after parsing attributes in process `syz.0.508'.
[  211.144288][    T9] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  211.252903][    T9] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  211.479142][    T9] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  211.539470][ T6496] chnl_net:caif_netlink_parms(): no params data found
[  211.606364][ T6496] bridge0: port 1(bridge_slave_0) entered blocking state
[  211.610575][ T6496] bridge0: port 1(bridge_slave_0) entered disabled state
[  211.616712][ T6496] device bridge_slave_0 entered promiscuous mode
[  211.630502][ T6496] bridge0: port 2(bridge_slave_1) entered blocking state
[  211.636894][ T6496] bridge0: port 2(bridge_slave_1) entered disabled state
[  211.643532][ T6496] device bridge_slave_1 entered promiscuous mode
[  211.692859][ T6496] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  211.698060][ T6496] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  211.754398][ T6496] team0: Port device team_slave_0 added
[  211.758757][ T6496] team0: Port device team_slave_1 added
[  211.864875][ T6496] batman_adv: batadv0: Adding interface: batadv_slave_0
[  211.871163][ T6496] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  211.892889][ T6496] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  211.959688][ T6545] loop8: detected capacity change from 0 to 2048
[  211.971761][ T6545] EXT4-fs: inline encryption not supported
[  211.986142][ T6545] EXT4-fs: Ignoring removed mblk_io_submit option
[  211.988057][ T6545] ext4: Unknown parameter 'audit'
[  211.994514][ T6549] overlayfs: missing 'lowerdir'
[  212.002201][ T6496] batman_adv: batadv0: Adding interface: batadv_slave_1
[  212.007392][ T6496] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  212.046643][ T6496] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  212.050763][    T9] tipc: Disabling bearer <udp:s>
[  212.055444][    T9] tipc: Left network mode
[  212.942214][ T4313] Bluetooth: hci0: command 0x0409 tx timeout
[  213.352737][ T6496] device hsr_slave_0 entered promiscuous mode
[  213.602099][ T6496] device hsr_slave_1 entered promiscuous mode
[  213.641299][ T6496] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  213.717843][   T27] audit: type=1326 audit(218.695:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6568 comm="syz.0.519" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91d5a7a8 code=0x7ffc0000
[  213.729503][   T27] audit: type=1326 audit(218.705:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6568 comm="syz.0.519" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=148 compat=0 ip=0xffff91d5a7a8 code=0x7ffc0000
[  213.765034][   T27] audit: type=1326 audit(218.705:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6568 comm="syz.0.519" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91d5a7a8 code=0x7ffc0000
[  213.771699][ T6496] Cannot create hsr debugfs directory
[  214.639814][ T6607] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  214.648055][ T6607] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  215.449956][ T4301] Bluetooth: hci0: command 0x041b tx timeout
[  215.701138][ T6592] loop5: detected capacity change from 0 to 40427
[  215.704996][ T6592] F2FS-fs (loop5): invalid crc value
[  215.728935][ T6496] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  215.752283][ T6592] F2FS-fs (loop5): Found nat_bits in checkpoint
[  215.786169][ T6592] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  215.814391][ T6496] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  215.822332][ T6592] F2FS-fs (loop5): access invalid blkaddr:4043309056
[  215.824417][ T6592] CPU: 1 PID: 6592 Comm: syz.5.526 Not tainted 6.1.141-syzkaller #0
[  215.826765][ T6592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  215.829526][ T6592] Call trace:
[  215.830407][ T6592]  dump_backtrace+0x1c8/0x1f4
[  215.831700][ T6592]  show_stack+0x2c/0x3c
[  215.832875][ T6592]  __dump_stack+0x30/0x40
[  215.834038][ T6592]  dump_stack_lvl+0xf8/0x160
[  215.835271][ T6592]  dump_stack+0x1c/0x5c
[  215.836417][ T6592]  f2fs_is_valid_blkaddr+0x9fc/0xf5c
[  215.837847][ T6592]  f2fs_map_blocks+0x984/0x2b24
[  215.839181][ T6592]  f2fs_mpage_readpages+0x8d4/0x1a08
[  215.840650][ T6592]  f2fs_readahead+0x190/0x3f8
[  215.841944][ T6592]  read_pages+0x158/0x680
[  215.843155][ T6592]  page_cache_ra_unbounded+0x498/0x57c
[  215.844638][ T6592]  page_cache_ra_order+0x850/0xa1c
[  215.846075][ T6592]  ondemand_readahead+0x600/0xb0c
[  215.847477][ T6592]  page_cache_sync_ra+0x350/0x3d0
[  215.848835][ T6592]  f2fs_readdir+0x378/0xbdc
[  215.850052][ T6592]  iterate_dir+0x1f0/0x4cc
[  215.851280][ T6592]  __arm64_sys_getdents64+0x11c/0x318
[  215.852756][ T6592]  invoke_syscall+0x98/0x2bc
[  215.854033][ T6592]  el0_svc_common+0x138/0x258
[  215.855318][ T6592]  do_el0_svc+0x58/0x13c
[  215.856512][ T6592]  el0_svc+0x58/0x138
[  215.857621][ T6592]  el0t_64_sync_handler+0x84/0xf0
[  215.859001][ T6592]  el0t_64_sync+0x18c/0x190
[  215.882837][ T6496] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  215.989527][ T6625] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  216.000296][ T6625] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  216.009074][ T6496] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  216.068635][ T6592] syz.5.526: attempt to access beyond end of device
[  216.068635][ T6592] loop5: rw=524288, sector=45064, nr_sectors = 8 limit=40427
[  216.089535][ T6592] syz.5.526: attempt to access beyond end of device
[  216.089535][ T6592] loop5: rw=0, sector=45064, nr_sectors = 8 limit=40427
[  216.152688][ T4613] syz-executor: attempt to access beyond end of device
[  216.152688][ T4613] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  216.326912][ T6496] 8021q: adding VLAN 0 to HW filter on device bond0
[  216.349347][ T6634] netlink: 12 bytes leftover after parsing attributes in process `syz.5.534'.
[  217.419829][ T6644] futex_wake_op: syz.8.536 tries to shift op by -1; fix this program
[  217.429482][ T6621] loop6: detected capacity change from 0 to 40427
[  217.442770][ T6621] F2FS-fs (loop6): Insane cp_payload (553648128 >= 504)
[  217.444811][ T6621] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  217.456079][ T6496] 8021q: adding VLAN 0 to HW filter on device team0
[  217.459572][ T4474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  217.464496][ T4474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  217.469517][ T6639] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  217.510374][ T6621] F2FS-fs (loop6): invalid crc value
[  217.531033][ T4313] Bluetooth: hci0: command 0x040f tx timeout
[  217.589608][ T6621] F2FS-fs (loop6): Found nat_bits in checkpoint
[  217.597354][   T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  217.600099][   T55] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  217.627367][   T55] bridge0: port 1(bridge_slave_0) entered blocking state
[  217.629341][   T55] bridge0: port 1(bridge_slave_0) entered forwarding state
[  217.657210][ T6654] input: syz1 as /devices/virtual/input/input4
[  217.661031][   T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  217.669095][ T6621] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  217.671478][ T6621] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  217.674880][   T55] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  217.693647][   T55] bridge0: port 2(bridge_slave_1) entered blocking state
[  217.695657][   T55] bridge0: port 2(bridge_slave_1) entered forwarding state
[  218.110507][   T55] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  218.118184][   T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  218.158466][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  218.162925][   T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  218.175607][   T55] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  218.185991][   T55] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  218.279490][ T1709] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  218.284991][ T1709] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  218.297480][    T9] device hsr_slave_0 left promiscuous mode
[  218.331682][    T9] device hsr_slave_1 left promiscuous mode
[  218.383686][ T6667] loop8: detected capacity change from 0 to 128
[  218.427120][ T6667] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none.
[  218.431234][    T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  218.433339][    T9] batman_adv: batadv0: Removing interface: batadv_slave_0
[  218.434286][ T6671] netlink: 44 bytes leftover after parsing attributes in process `syz.5.542'.
[  218.474044][    T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  218.503403][    T9] batman_adv: batadv0: Removing interface: batadv_slave_1
[  218.522397][ T6671] netlink: 'syz.5.542': attribute type 6 has an invalid length.
[  218.537787][    T9] device bridge_slave_1 left promiscuous mode
[  218.550409][ T6671] netlink: 'syz.5.542': attribute type 5 has an invalid length.
[  218.554442][ T6671] netlink: 'syz.5.542': attribute type 4 has an invalid length.
[  218.565649][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[  218.574940][ T6667] fscrypt: AES-128-CTS-CBC using implementation "cts-cbc-aes-ce"
[  218.645469][ T6667] fscrypt: loop8: 1 inode(s) still busy after removing key with identifier 69b2f6edeee720cce0577937eb8a6751, including ino 12
[  218.648283][    T9] device bridge_slave_0 left promiscuous mode
[  218.651258][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[  218.683891][   T27] audit: type=1326 audit(223.665:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6674 comm="syz.0.544" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91d5a7a8 code=0x7ffc0000
[  218.690522][   T27] audit: type=1326 audit(223.665:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6674 comm="syz.0.544" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91d5a7a8 code=0x7ffc0000
[  218.710809][   T27] audit: type=1326 audit(223.675:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6674 comm="syz.0.544" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffff91d5a7a8 code=0x7ffc0000
[  218.717522][   T27] audit: type=1326 audit(223.675:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6674 comm="syz.0.544" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91d5a7a8 code=0x7ffc0000
[  218.743909][   T27] audit: type=1326 audit(223.675:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6674 comm="syz.0.544" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91d5a7a8 code=0x7ffc0000
[  218.749617][   T27] audit: type=1326 audit(223.685:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6674 comm="syz.0.544" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=34 compat=0 ip=0xffff91d5a7a8 code=0x7ffc0000
[  218.761982][ T5253] EXT4-fs (loop8): unmounting filesystem.
[  218.804279][   T27] audit: type=1326 audit(223.685:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6674 comm="syz.0.544" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91d5a7a8 code=0x7ffc0000
[  218.810007][   T27] audit: type=1326 audit(223.685:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6674 comm="syz.0.544" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91d5a7a8 code=0x7ffc0000
[  218.851144][   T27] audit: type=1326 audit(223.695:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6674 comm="syz.0.544" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=276 compat=0 ip=0xffff91d5a7a8 code=0x7ffc0000
[  218.863064][   T27] audit: type=1326 audit(223.705:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6674 comm="syz.0.544" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91d5a7a8 code=0x7ffc0000
[  218.871591][    T9] device veth1_macvtap left promiscuous mode
[  218.873334][    T9] device veth0_macvtap left promiscuous mode
[  218.875044][    T9] device veth1_vlan left promiscuous mode
[  218.876655][    T9] device veth0_vlan left promiscuous mode
[  219.076649][ T6681] loop8: detected capacity change from 0 to 2048
[  219.205448][ T6681] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none.
[  219.620976][ T4313] Bluetooth: hci0: command 0x0419 tx timeout
[  221.492731][ T5253] EXT4-fs (loop8): unmounting filesystem.
[  221.558415][ T6693] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  221.576470][ T6693] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  221.608934][ T6695] loop5: detected capacity change from 0 to 16
[  221.615624][ T6695] erofs: (device loop5): mounted with root inode @ nid 36.
[  222.176591][ T6703] loop8: detected capacity change from 0 to 128
[  222.242635][ T6703] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none.
[  223.329852][    T9] team0 (unregistering): Port device team_slave_1 removed
[  223.347555][ T5253] EXT4-fs (loop8): unmounting filesystem.
[  223.387700][ T6710] loop8: detected capacity change from 0 to 512
[  223.428701][ T6710] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  223.525367][ T5253] EXT4-fs (loop8): unmounting filesystem.
[  223.534863][    T9] team0 (unregistering): Port device team_slave_0 removed
[  223.588247][ T6714] loop8: detected capacity change from 0 to 1024
[  223.601958][ T6714] EXT4-fs: Ignoring removed i_version option
[  223.614156][ T6714] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none.
[  223.630145][ T6714] EXT4-fs error (device loop8): ext4_map_blocks:745: inode #15: block 3: comm syz.8.556: lblock 3 mapped to illegal pblock 3 (length 13)
[  223.637217][ T6714] EXT4-fs (loop8): Remounting filesystem read-only
[  223.670343][ T5253] EXT4-fs (loop8): unmounting filesystem.
[  223.732851][    T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  223.934676][ T6725] loop8: detected capacity change from 0 to 512
[  223.937214][ T6725] EXT4-fs: Ignoring removed bh option
[  223.952429][    T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  223.959627][ T6725] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  224.718732][ T5253] EXT4-fs (loop8): unmounting filesystem.
[  226.375989][    T9] bond0 (unregistering): Released all slaves
[  226.594670][ T4546] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  226.597343][ T4546] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  226.599945][ T4546] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  226.607964][ T4546] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  226.682310][ T6496] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  227.881772][   T27] kauditd_printk_skb: 20 callbacks suppressed
[  227.881784][   T27] audit: type=1326 audit(232.865:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6774 comm="syz.8.573" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9db5a7a8 code=0x7ffc0000
[  227.909883][   T27] audit: type=1326 audit(232.865:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6774 comm="syz.8.573" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=134 compat=0 ip=0xffff9db5a7a8 code=0x7ffc0000
[  227.927895][   T27] audit: type=1326 audit(232.865:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6774 comm="syz.8.573" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9db5a7a8 code=0x7ffc0000
[  227.982469][ T1709] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  227.984624][ T1709] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  227.990316][ T6782] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  227.992232][ T6496] 8021q: adding VLAN 0 to HW filter on device batadv0
[  227.999457][ T6782] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  228.477178][ T4494] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  228.480102][ T4494] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  228.523630][ T5231] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  228.526405][ T5231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  228.529360][ T5231] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  228.539104][ T5231] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  228.547936][ T6496] device veth0_vlan entered promiscuous mode
[  228.570464][ T6496] device veth1_vlan entered promiscuous mode
[  228.611765][ T4546] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  228.614413][ T4546] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  228.637308][ T6496] device veth0_macvtap entered promiscuous mode
[  228.658070][ T6496] device veth1_macvtap entered promiscuous mode
[  228.681476][ T6496] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  228.686882][ T6496] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  228.689647][ T6496] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  228.701011][ T6496] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  228.703718][ T6496] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  228.711173][ T6496] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  228.713912][ T6496] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  228.721500][ T6496] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  228.755268][ T6496] batman_adv: batadv0: Interface activated: batadv_slave_0
[  228.765336][ T4546] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  228.768362][ T4546] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  228.774098][ T4546] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  228.789217][ T4546] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  228.795992][ T4546] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  228.807502][ T4546] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  228.816947][ T6496] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  228.819779][ T6496] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  228.830994][ T6496] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  228.833813][ T6496] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  228.836428][ T6496] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  228.839227][ T6496] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  228.852157][ T6496] batman_adv: batadv0: Interface activated: batadv_slave_1
[  228.857862][ T1709] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  228.862108][ T1709] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  228.871493][ T6496] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  228.873949][ T6496] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  228.876387][ T6496] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  228.878726][ T6496] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  228.967982][ T1709] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  228.971908][ T1709] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  228.987372][ T5231] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  229.032108][ T5231] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  229.034480][ T5231] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  229.048093][ T5231] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  229.702607][   T27] audit: type=1107 audit(234.525:159): pid=6832 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='�'
[  230.434077][ T6849] loop9: detected capacity change from 0 to 512
[  230.461800][ T6849] EXT4-fs (loop9): Test dummy encryption mode enabled
[  231.679868][ T6849] EXT4-fs (loop9): failed to initialize system zone (-117)
[  231.681995][ T6849] EXT4-fs (loop9): mount failed
[  232.319767][   T27] audit: type=1326 audit(237.295:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6863 comm="syz.8.593" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9db5a7a8 code=0x7ffc0000
[  232.348157][   T27] audit: type=1326 audit(237.325:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6863 comm="syz.8.593" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=149 compat=0 ip=0xffff9db5a7a8 code=0x7ffc0000
[  232.385296][   T27] audit: type=1326 audit(237.345:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6863 comm="syz.8.593" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9db5a7a8 code=0x7ffc0000
[  233.683100][ T6881] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  233.685609][ T6881] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  234.926208][ T6939] bridge0: port 3(vlan2) entered blocking state
[  234.937574][ T6939] bridge0: port 3(vlan2) entered disabled state
[  236.109664][ T6955] loop9: detected capacity change from 0 to 512
[  236.151131][ T6955] EXT4-fs (loop9): mounting ext3 file system using the ext4 subsystem
[  236.153676][ T6955] EXT4-fs (loop9): invalid journal inode
[  236.155285][ T6955] EXT4-fs (loop9): can't get journal size
[  236.206655][ T6955] EXT4-fs (loop9): 1 truncate cleaned up
[  236.208257][ T6955] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none.
[  237.154934][ T6982] loop6: detected capacity change from 0 to 256
[  237.191501][ T6982] exFAT-fs (loop6): failed to load upcase table (idx : 0x00011a39, chksum : 0xd7c18d7b, utbl_chksum : 0xe619d30d)
[  237.199467][ T6496] EXT4-fs (loop9): unmounting filesystem.
[  237.625902][ T6997] netlink: 96 bytes leftover after parsing attributes in process `syz.6.624'.
[  238.064203][ T7017] bridge0: port 3(vlan2) entered blocking state
[  238.066353][ T7017] bridge0: port 3(vlan2) entered disabled state
[  238.674868][ T7015] loop5: detected capacity change from 0 to 2048
[  238.780727][ T7015] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  238.888707][ T7034] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  239.003619][ T4613] EXT4-fs (loop5): unmounting filesystem.
[  239.036173][ T7039] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  239.038577][ T7039] IPv6: NLM_F_CREATE should be set when creating new route
[  239.040585][ T7039] IPv6: NLM_F_CREATE should be set when creating new route
[  239.154417][ T7046] x_tables: duplicate underflow at hook 4
[  239.166417][ T7049] loop9: detected capacity change from 0 to 512
[  239.179485][ T7049] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  239.236015][ T7049] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: writeback.
[  239.942227][ T7076] IPv4: Oversized IP packet from 127.202.26.0
[  240.035922][ T7059] EXT4-fs error (device loop9): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[  240.049608][ T7059] EXT4-fs (loop9): Delayed block allocation failed for inode 15 at logical offset 9 with max blocks 8 with error 28
[  240.059657][ T7059] EXT4-fs (loop9): This should not happen!! Data will be lost
[  240.059657][ T7059] 
[  240.062394][ T7059] EXT4-fs (loop9): Total free blocks count 0
[  240.064785][ T7059] EXT4-fs (loop9): Free/Dirty block details
[  240.066412][ T7059] EXT4-fs (loop9): free_blocks=39626
[  240.067860][ T7059] EXT4-fs (loop9): dirty_blocks=2770
[  240.069258][ T7059] EXT4-fs (loop9): Block reservation details
[  240.071620][ T7059] EXT4-fs (loop9): i_reserved_data_blocks=2770
[  240.078646][ T7049] EXT4-fs (loop9): Delayed block allocation failed for inode 15 at logical offset 17 with max blocks 2048 with error 28
[  240.119700][ T7085] loop6: detected capacity change from 0 to 512
[  240.321743][ T7089] loop8: detected capacity change from 0 to 1024
[  240.328188][ T7089] EXT4-fs: Ignoring removed i_version option
[  240.566034][ T7089] EXT4-fs error (device loop8): ext4_read_block_bitmap_nowait:477: comm syz.8.650: Invalid block bitmap block 0 in block_group 0
[  240.576343][ T7089] Quota error (device loop8): write_blk: dquota write failed
[  240.578697][ T7089] Quota error (device loop8): qtree_write_dquot: Error -117 occurred while creating quota
[  240.581719][ T7089] EXT4-fs error (device loop8): ext4_acquire_dquot:6814: comm syz.8.650: Failed to acquire dquot type 0
[  240.592775][ T7089] EXT4-fs error (device loop8): ext4_free_blocks:6210: comm syz.8.650: Freeing blocks not in datazone - block = 0, count = 4096
[  240.603753][ T7089] EXT4-fs error (device loop8): ext4_read_inode_bitmap:140: comm syz.8.650: Invalid inode bitmap blk 0 in block_group 0
[  240.622714][ T7089] EXT4-fs error (device loop8) in ext4_free_inode:362: Corrupt filesystem
[  240.627861][ T7089] EXT4-fs (loop8): 1 orphan inode deleted
[  240.629725][ T7089] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  240.686918][   T55] Quota error (device loop8): do_check_range: Getting block 0 out of range 1-8
[  240.707910][   T55] EXT4-fs error (device loop8): ext4_release_dquot:6850: comm kworker/u4:3: Failed to release dquot type 0
[  241.021102][ T7085] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  241.062817][ T7085] EXT4-fs (loop6): 1 truncate cleaned up
[  241.064622][ T7085] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  241.138872][ T7095] tipc: Started in network mode
[  241.140260][ T7095] tipc: Node identity ac14140f, cluster identity 4711
[  241.292437][ T7095] tipc: New replicast peer: 255.255.255.83
[  241.294266][ T7095] tipc: Enabled bearer <udp:�>, priority 10
[  242.236480][ T7102] loop5: detected capacity change from 0 to 512
[  242.267129][ T7105] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  242.300977][ T4347] tipc: Node number set to 2886997007
[  242.419561][ T7102] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  242.467142][ T7102] EXT4-fs error (device loop5): ext4_validate_block_bitmap:438: comm syz.5.655: bg 0: block 217: padding at end of block bitmap is not set
[  243.642725][ T4613] EXT4-fs (loop5): unmounting filesystem.
[  243.654723][ T4626] EXT4-fs (loop6): unmounting filesystem.
[  243.657267][ T5253] EXT4-fs (loop8): unmounting filesystem.
[  243.742428][ T7121] loop9: detected capacity change from 0 to 128
[  244.781944][ T7139] ipt_CLUSTERIP: Please specify destination IP
[  245.819997][ T7157] loop8: detected capacity change from 0 to 512
[  245.859723][ T7157] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  246.016432][ T7157] EXT4-fs (loop8): 1 truncate cleaned up
[  246.018155][ T7157] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  247.160612][ T7172] loop6: detected capacity change from 0 to 512
[  247.237815][ T7172] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  247.749463][ T7179] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  247.768560][ T7179] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  247.921277][ T5253] EXT4-fs (loop8): unmounting filesystem.
[  248.318183][ T7187] device veth1_macvtap left promiscuous mode
[  248.319926][ T7187] device macsec0 entered promiscuous mode
[  248.803006][ T2060] ieee802154 phy0 wpan0: encryption failed: -22
[  248.804759][ T2060] ieee802154 phy1 wpan1: encryption failed: -22
[  249.606251][ T7160] EXT4-fs error (device loop6): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 496: padding at end of block bitmap is not set
[  250.118997][ T7217] bridge0: port 4(vlan3) entered blocking state
[  250.120793][ T7217] bridge0: port 4(vlan3) entered disabled state
[  250.880948][ T4301] Bluetooth: hci1: command 0x0406 tx timeout
[  251.046949][ T7219] 9pnet_fd: Insufficient options for proto=fd
[  251.050796][ T4626] EXT4-fs (loop6): unmounting filesystem.
[  254.907350][ T7246] loop6: detected capacity change from 0 to 40427
[  254.946103][ T7246] F2FS-fs (loop6): invalid crc value
[  254.948648][ T7246] F2FS-fs (loop6): Found nat_bits in checkpoint
[  254.986326][ T7246] F2FS-fs (loop6): Start checkpoint disabled!
[  255.018786][ T7246] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6
[  257.217624][ T7276] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  257.220079][ T7276] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  257.272978][ T7277] loop6: detected capacity change from 0 to 1024
[  257.275228][ T7277] EXT4-fs: Ignoring removed orlov option
[  257.378124][ T7277] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  257.863185][ T7295] netlink: 8 bytes leftover after parsing attributes in process `syz.8.701'.
[  257.871587][ T7295] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  257.874504][ T7295] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  258.990469][ T7309] bridge0: port 3(vlan2) entered blocking state
[  258.992641][ T7309] bridge0: port 3(vlan2) entered disabled state
[  259.740447][ T7315] loop8: detected capacity change from 0 to 512
[  259.766464][ T4626] EXT4-fs (loop6): unmounting filesystem.
[  259.780371][ T7315] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  259.821950][ T7315] EXT4-fs (loop8): 1 truncate cleaned up
[  259.823551][ T7315] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  260.879063][ T4301] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  260.886293][ T4301] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  260.896610][ T4301] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  260.899858][ T4301] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  260.902563][ T4301] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  260.904669][ T4301] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  261.147231][ T7306] loop5: detected capacity change from 0 to 40427
[  261.154261][ T5253] EXT4-fs (loop8): unmounting filesystem.
[  261.176728][ T7306] F2FS-fs (loop5): invalid crc value
[  261.210349][ T7306] F2FS-fs (loop5): Found nat_bits in checkpoint
[  261.263183][ T7306] F2FS-fs (loop5): Start checkpoint disabled!
[  261.284374][ T7306] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  262.272839][ T7328] chnl_net:caif_netlink_parms(): no params data found
[  262.546302][ T7328] bridge0: port 1(bridge_slave_0) entered blocking state
[  262.561674][ T7328] bridge0: port 1(bridge_slave_0) entered disabled state
[  262.564314][ T7328] device bridge_slave_0 entered promiscuous mode
[  262.571287][ T7353] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  262.578879][ T7328] bridge0: port 2(bridge_slave_1) entered blocking state
[  262.581132][ T7328] bridge0: port 2(bridge_slave_1) entered disabled state
[  262.587714][ T7353] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  262.590412][ T7328] device bridge_slave_1 entered promiscuous mode
[  262.678271][ T7328] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  262.698123][ T7328] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  262.765438][ T7328] team0: Port device team_slave_0 added
[  262.788802][ T7328] team0: Port device team_slave_1 added
[  262.849629][ T7328] batman_adv: batadv0: Adding interface: batadv_slave_0
[  262.862050][ T7328] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  262.883330][ T7328] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  262.892946][ T7328] batman_adv: batadv0: Adding interface: batadv_slave_1
[  262.894868][ T7328] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  262.909047][ T7328] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  262.949387][ T7339] loop6: detected capacity change from 0 to 40427
[  262.961213][ T4301] Bluetooth: hci2: command 0x0409 tx timeout
[  263.000023][ T7339] F2FS-fs (loop6): build fault injection attr: rate: 771, type: 0x3ffff
[  263.012758][ T7328] device hsr_slave_0 entered promiscuous mode
[  263.013235][ T7339] F2FS-fs (loop6): invalid crc value
[  263.033396][ T7339] F2FS-fs (loop6): Found nat_bits in checkpoint
[  263.053152][ T7328] device hsr_slave_1 entered promiscuous mode
[  263.054309][ T7342] loop8: detected capacity change from 0 to 40427
[  263.097982][ T7342] F2FS-fs (loop8): build fault injection attr: rate: 690, type: 0x3ffff
[  263.100348][ T7342] F2FS-fs (loop8): build fault injection attr: rate: 0, type: 0x2
[  263.121125][ T7339] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  263.124139][ T7342] F2FS-fs (loop8): invalid crc value
[  263.150406][ T7342] F2FS-fs (loop8): Found nat_bits in checkpoint
[  263.217465][ T4626] syz-executor: attempt to access beyond end of device
[  263.217465][ T4626] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  263.230706][ T7342] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  265.041385][ T4301] Bluetooth: hci2: command 0x041b tx timeout
[  266.197207][ T7393] loop5: detected capacity change from 0 to 40427
[  266.901490][ T7397] loop6: detected capacity change from 0 to 40427
[  266.991038][ T7397] F2FS-fs (loop6): invalid crc value
[  266.996574][ T7393] F2FS-fs (loop5): invalid crc value
[  267.018299][ T7393] F2FS-fs (loop5): Found nat_bits in checkpoint
[  267.026448][   T27] audit: type=1326 audit(272.005:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7419 comm="syz.0.727" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91d5a7a8 code=0x7ffc0000
[  267.035300][   T27] audit: type=1326 audit(272.005:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7419 comm="syz.0.727" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91d5a7a8 code=0x7ffc0000
[  267.042135][ T7397] F2FS-fs (loop6): Found nat_bits in checkpoint
[  267.082110][ T7397] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  267.084475][ T7393] F2FS-fs (loop5): Start checkpoint disabled!
[  267.090323][   T27] audit: type=1326 audit(272.015:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7419 comm="syz.0.727" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=149 compat=0 ip=0xffff91d5a7a8 code=0x7ffc0000
[  267.114472][   T27] audit: type=1326 audit(272.015:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7419 comm="syz.0.727" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91d5a7a8 code=0x7ffc0000
[  267.119001][ T7393] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  267.122494][ T4313] Bluetooth: hci2: command 0x040f tx timeout
[  267.134870][   T27] audit: type=1326 audit(272.015:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7419 comm="syz.0.727" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91d5a7a8 code=0x7ffc0000
[  267.174689][   T27] audit: type=1326 audit(272.045:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7419 comm="syz.0.727" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=279 compat=0 ip=0xffff91d5a7a8 code=0x7ffc0000
[  267.180501][   T27] audit: type=1326 audit(272.045:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7419 comm="syz.0.727" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=222 compat=0 ip=0xffff91d5a7dc code=0x7ffc0000
[  267.201129][ T4626] syz-executor: attempt to access beyond end of device
[  267.201129][ T4626] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  267.214806][   T27] audit: type=1326 audit(272.045:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7419 comm="syz.0.727" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=64 compat=0 ip=0xffff91d58e70 code=0x7ffc0000
[  267.226130][   T27] audit: type=1326 audit(272.045:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7419 comm="syz.0.727" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=215 compat=0 ip=0xffff91d5a84c code=0x7ffc0000
[  267.292526][   T27] audit: type=1326 audit(272.045:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7419 comm="syz.0.727" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffff91d58cd4 code=0x7ffc0000
[  267.300251][   T55] kworker/u4:3: attempt to access beyond end of device
[  267.300251][   T55] loop5: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  267.773989][ T4549] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  267.928036][ T4549] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  267.950361][ T7328] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  267.998906][ T7328] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  268.183024][ T4549] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  268.223048][ T7328] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  268.306513][ T7328] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  269.407107][ T4301] Bluetooth: hci2: command 0x0419 tx timeout
[  269.657526][ T4549] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  269.799373][ T7328] 8021q: adding VLAN 0 to HW filter on device bond0
[  269.828367][  T419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  269.831229][  T419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  269.837715][ T7328] 8021q: adding VLAN 0 to HW filter on device team0
[  269.866469][  T419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  269.881242][  T419] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  269.891399][  T419] bridge0: port 1(bridge_slave_0) entered blocking state
[  269.893382][  T419] bridge0: port 1(bridge_slave_0) entered forwarding state
[  269.895873][  T419] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  269.915050][  T419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  269.921395][  T419] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  269.937583][  T419] bridge0: port 2(bridge_slave_1) entered blocking state
[  269.939785][  T419] bridge0: port 2(bridge_slave_1) entered forwarding state
[  269.956081][  T419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  270.209259][   T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  270.223059][ T7487] device wg2 entered promiscuous mode
[  270.238039][ T7494] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  270.243743][ T7493] netlink: 576 bytes leftover after parsing attributes in process `syz.0.745'.
[  270.262770][   T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  270.266078][   T55] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  270.268854][   T55] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  270.303370][ T4546] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  270.307581][ T4546] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  270.325999][ T7498] loop6: detected capacity change from 0 to 1024
[  270.333343][ T4494] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  270.336121][ T4494] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  270.343410][ T4546] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  270.346061][ T4546] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  270.357821][ T7328] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  270.406868][ T7498] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  271.631751][ T4626] EXT4-fs (loop6): unmounting filesystem.
[  271.924341][  T419] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  271.926593][  T419] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  271.940476][ T7328] 8021q: adding VLAN 0 to HW filter on device batadv0
[  272.030932][  T419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  272.034016][  T419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  272.076590][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  272.095893][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  272.106576][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  272.117346][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  272.139038][ T7328] device veth0_vlan entered promiscuous mode
[  272.264095][ T7328] device veth1_vlan entered promiscuous mode
[  272.297313][ T7572] loop8: detected capacity change from 0 to 512
[  272.305059][ T7572] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  272.315330][ T7574] loop6: detected capacity change from 0 to 256
[  272.347633][ T7574] exFAT-fs (loop6): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x89cb6648, utbl_chksum : 0xe619d30d)
[  272.355341][ T7572] EXT4-fs (loop8): 1 truncate cleaned up
[  272.356972][ T7572] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  272.357070][ T7535] loop5: detected capacity change from 0 to 40427
[  272.371187][ T7535] F2FS-fs (loop5): invalid crc value
[  272.379033][ T7535] F2FS-fs (loop5): Found nat_bits in checkpoint
[  272.451129][ T7535] F2FS-fs (loop5): Start checkpoint disabled!
[  272.475465][ T7535] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  272.537296][ T7535] syz.5.754: attempt to access beyond end of device
[  272.537296][ T7535] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  272.589765][ T7328] device veth0_macvtap entered promiscuous mode
[  272.607665][ T4864] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  272.610228][ T4864] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  273.353352][ T4864] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  273.356209][ T4864] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  273.608384][ T1709] kworker/u4:5: attempt to access beyond end of device
[  273.608384][ T1709] loop5: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  273.612693][ T7328] device veth1_macvtap entered promiscuous mode
[  273.633910][ T4864] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  274.640233][ T7328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  274.647575][ T7328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  274.650454][ T7328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  274.684295][ T7328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  274.687442][ T7328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  274.690361][ T7328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  274.693165][ T7328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  274.695927][ T7328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  274.698577][ T7328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  275.198941][ T7600] loop5: detected capacity change from 0 to 512
[  275.239677][ T7328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  275.240927][ T7600] EXT4-fs (loop5): Test dummy encryption mode enabled
[  275.482589][ T7328] batman_adv: batadv0: Interface activated: batadv_slave_0
[  275.542000][ T7600] EXT4-fs error (device loop5): __ext4_iget:5076: inode #11: block 1: comm syz.5.766: invalid block
[  275.545316][ T7600] EXT4-fs error (device loop5): ext4_orphan_get:1405: comm syz.5.766: couldn't read orphan inode 11 (err -117)
[  275.548807][ T7600] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  275.596817][ T4494] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  275.599586][ T4494] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  275.618097][ T7328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  275.621318][ T7328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  275.626673][ T7328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  275.631918][ T7328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  275.639709][ T7328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  275.646620][ T7328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  275.656346][ T7328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  275.690154][ T7328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  275.710482][ T7328] batman_adv: batadv0: Interface activated: batadv_slave_1
[  275.715592][ T4613] EXT4-fs (loop5): unmounting filesystem.
[  275.733509][ T4494] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  275.745357][ T4494] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  276.179328][ T5253] EXT4-fs (loop8): unmounting filesystem.
[  276.791933][ T7620] loop6: detected capacity change from 0 to 1024
[  276.817389][ T7328] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  276.819861][ T7328] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  276.840027][ T7328] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  276.849805][ T7328] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  276.851110][ T7620] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  276.957873][ T7629] loop5: detected capacity change from 0 to 2048
[  276.991427][ T7629] EXT4-fs: Ignoring removed i_version option
[  277.090337][ T7629] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  277.156820][ T7629] EXT4-fs error (device loop5): ext4_validate_block_bitmap:438: comm syz.5.775: bg 0: block 345: padding at end of block bitmap is not set
[  277.192739][ T7629] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 16 with error 117
[  277.196337][ T7629] EXT4-fs (loop5): This should not happen!! Data will be lost
[  277.196337][ T7629] 
[  277.302967][ T4613] EXT4-fs (loop5): unmounting filesystem.
[  277.351497][ T4626] EXT4-fs (loop6): unmounting filesystem.
[  279.484495][ T5384] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  279.486931][ T5384] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  279.563567][ T4549] device hsr_slave_0 left promiscuous mode
[  279.885476][ T4549] device hsr_slave_1 left promiscuous mode
[  279.993158][ T4549] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  279.996057][ T4549] batman_adv: batadv0: Removing interface: batadv_slave_0
[  280.275955][ T4549] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  280.445260][ T4549] batman_adv: batadv0: Removing interface: batadv_slave_1
[  280.496309][ T4549] device bridge_slave_1 left promiscuous mode
[  280.498116][ T4549] bridge0: port 2(bridge_slave_1) entered disabled state
[  280.567166][ T4549] device bridge_slave_0 left promiscuous mode
[  280.568998][ T4549] bridge0: port 1(bridge_slave_0) entered disabled state
[  280.713738][ T7704] 9pnet: p9_errstr2errno: server reported unknown error �@��hQI���te}
[  280.747966][ T7709] loop8: detected capacity change from 0 to 512
[  280.752906][ T7709] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  280.757328][ T7707] loop5: detected capacity change from 0 to 1024
[  280.771193][ T4549] device veth1_macvtap left promiscuous mode
[  280.772871][ T4549] device veth0_macvtap left promiscuous mode
[  280.775444][ T4549] device veth1_vlan left promiscuous mode
[  280.777259][ T4549] device veth0_vlan left promiscuous mode
[  280.784185][ T7709] EXT4-fs (loop8): 1 truncate cleaned up
[  280.785714][ T7709] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  280.895189][ T7707] EXT4-fs: Ignoring removed nomblk_io_submit option
[  282.527806][ T7707] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  282.594190][ T4613] EXT4-fs (loop5): unmounting filesystem.
[  282.646282][ T7727] tmpfs: Unknown parameter 'nolazytime0000000000000,00000000000005400000000,00000000000000000000000'
[  283.627731][ T7740] loop6: detected capacity change from 0 to 512
[  283.634616][ T7740] EXT4-fs: Ignoring removed i_version option
[  283.647861][ T7740] ext4: Unknown parameter 'seclabel'
[  288.845090][ T4549] team0 (unregistering): Port device team_slave_1 removed
[  289.024131][ T4549] team0 (unregistering): Port device team_slave_0 removed
[  289.232404][ T4549] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  289.434959][ T4549] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  291.742938][ T4549] bond0 (unregistering): Released all slaves
[  291.978982][ T5384] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  292.047627][ T5384] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  292.050030][ T5384] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  292.054585][ T4551] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  292.145297][ T5253] EXT4-fs (loop8): unmounting filesystem.
[  292.423721][ T7792] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  292.426171][ T7792] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  292.694727][ T7799] netlink: 4 bytes leftover after parsing attributes in process `syz.6.816'.
[  293.230542][ T7833] loop5: detected capacity change from 0 to 256
[  293.289081][ T7833] FAT-fs (loop5): Directory bread(block 64) failed
[  293.297630][ T7835] loop8: detected capacity change from 0 to 512
[  293.298240][ T7833] FAT-fs (loop5): Directory bread(block 65) failed
[  293.313215][ T7833] FAT-fs (loop5): Directory bread(block 66) failed
[  293.314972][ T7833] FAT-fs (loop5): Directory bread(block 67) failed
[  293.316767][ T7833] FAT-fs (loop5): Directory bread(block 68) failed
[  293.318618][ T7833] FAT-fs (loop5): Directory bread(block 69) failed
[  293.320473][ T7833] FAT-fs (loop5): Directory bread(block 70) failed
[  293.341012][ T7835] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  293.349842][ T7833] FAT-fs (loop5): Directory bread(block 71) failed
[  293.366901][ T7833] FAT-fs (loop5): Directory bread(block 72) failed
[  293.368848][ T7833] FAT-fs (loop5): Directory bread(block 73) failed
[  293.398388][ T7835] EXT4-fs (loop8): 1 truncate cleaned up
[  293.400015][ T7835] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  294.562299][ T5253] EXT4-fs (loop8): unmounting filesystem.
[  294.955447][ T7857] loop8: detected capacity change from 0 to 512
[  294.958015][ T7857] EXT4-fs: Ignoring removed mblk_io_submit option
[  295.012565][ T7857] EXT4-fs warning (device loop8): ext4_multi_mount_protect:298: Invalid MMP block in superblock
[  296.279509][ T7873] netlink: 16 bytes leftover after parsing attributes in process `syz.8.829'.
[  297.254002][ T7882] device pim6reg1 entered promiscuous mode
[  297.509403][ T7893] loop6: detected capacity change from 0 to 512
[  297.527365][ T7891] loop5: detected capacity change from 0 to 1024
[  297.557628][ T7893] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  297.599025][ T7893] EXT4-fs (loop6): 1 truncate cleaned up
[  297.600683][ T7893] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  297.618606][ T7891] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  297.777307][ T4613] EXT4-fs (loop5): unmounting filesystem.
[  298.613994][ T4626] EXT4-fs (loop6): unmounting filesystem.
[  298.718007][ T7911] loop6: detected capacity change from 0 to 128
[  298.761066][ T7911] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  298.826977][ T4626] EXT4-fs (loop6): unmounting filesystem.
[  299.164232][ T7886] loop8: detected capacity change from 0 to 40427
[  299.201468][ T7886] F2FS-fs (loop8): invalid crc value
[  299.268890][ T7886] F2FS-fs (loop8): Found nat_bits in checkpoint
[  299.355405][ T7886] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  299.471825][ T5253] syz-executor: attempt to access beyond end of device
[  299.471825][ T5253] loop8: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  300.447354][ T7950] loop6: detected capacity change from 0 to 512
[  300.449795][ T7950] EXT4-fs: Ignoring removed mblk_io_submit option
[  300.471354][ T7950] EXT4-fs: inline encryption not supported
[  300.473114][ T7950] EXT4-fs: Ignoring removed mblk_io_submit option
[  300.475020][ T7950] EXT4-fs: Ignoring removed nomblk_io_submit option
[  300.508991][ T7950] EXT4-fs (loop6): Test dummy encryption mode enabled
[  300.511512][ T7950] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  300.546967][ T7955] loop1: detected capacity change from 0 to 512
[  300.549708][ T7955] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  300.600216][ T7955] EXT4-fs (loop1): 1 truncate cleaned up
[  300.602378][ T7950] EXT4-fs (loop6): 1 truncate cleaned up
[  300.604161][ T7950] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  300.609290][ T7955] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  300.747632][ T4626] EXT4-fs (loop6): unmounting filesystem.
[  300.823980][ T7967] loop8: detected capacity change from 0 to 512
[  300.844591][ T7967] EXT4-fs (loop8): external journal device major/minor numbers have changed
[  300.855876][ T7908] loop5: detected capacity change from 0 to 40427
[  300.997177][ T7908] F2FS-fs (loop5): Fix alignment : done, start(4096) end(16896) block(12288)
[  301.702677][ T7908] F2FS-fs (loop5): invalid crc value
[  301.704676][ T7908] F2FS-fs (loop5): Failed to start F2FS issue_checkpoint_thread (-12)
[  301.749963][ T7967] block device autoloading is deprecated and will be removed.
[  301.771523][ T7967] I/O error, dev loop20, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  301.811204][ T7967] EXT4-fs (loop8): couldn't read superblock of external journal
[  301.889063][ T7328] EXT4-fs (loop1): unmounting filesystem.
[  301.901655][ T7765] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  302.207163][ T7989] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  302.209852][ T7989] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  302.315099][ T7998] usb usb1: usbfs: process 7998 (syz.5.853) did not claim interface 0 before use
[  302.348204][ T7987] loop6: detected capacity change from 0 to 512
[  302.354725][ T7987] EXT4-fs (loop6): Test dummy encryption mode enabled
[  302.377721][ T7987] EXT4-fs error (device loop6): __ext4_iget:5076: inode #11: block 1: comm syz.6.855: invalid block
[  302.384169][ T7987] EXT4-fs error (device loop6): ext4_orphan_get:1405: comm syz.6.855: couldn't read orphan inode 11 (err -117)
[  302.387783][ T7987] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  303.185014][ T4626] EXT4-fs (loop6): unmounting filesystem.
[  303.281744][   T27] kauditd_printk_skb: 29 callbacks suppressed
[  303.281757][   T27] audit: type=1326 audit(308.265:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8004 comm="syz.5.860" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff7fd5a7a8 code=0x7ffc0000
[  303.296070][   T27] audit: type=1326 audit(308.275:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8004 comm="syz.5.860" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff7fd5a7a8 code=0x7ffc0000
[  303.330536][ T8009] loop1: detected capacity change from 0 to 256
[  303.358583][   T27] audit: type=1326 audit(308.305:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8004 comm="syz.5.860" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff7fd5a7a8 code=0x7ffc0000
[  303.406795][   T27] audit: type=1326 audit(308.305:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8004 comm="syz.5.860" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff7fd5a7a8 code=0x7ffc0000
[  303.746689][   T27] audit: type=1326 audit(308.305:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8004 comm="syz.5.860" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff7fd5a7a8 code=0x7ffc0000
[  304.051175][   T27] audit: type=1326 audit(308.305:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8004 comm="syz.5.860" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=114 compat=0 ip=0xffff7fd5a7a8 code=0x7ffc0000
[  304.058814][   T27] audit: type=1326 audit(308.305:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8004 comm="syz.5.860" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff7fd5a7a8 code=0x7ffc0000
[  304.077369][ T8009] FAT-fs (loop1): Directory bread(block 64) failed
[  304.079338][ T8009] FAT-fs (loop1): Directory bread(block 65) failed
[  304.091861][ T8014] loop6: detected capacity change from 0 to 128
[  304.101399][ T8009] FAT-fs (loop1): Directory bread(block 66) failed
[  304.103336][ T8009] FAT-fs (loop1): Directory bread(block 67) failed
[  304.110723][ T8009] FAT-fs (loop1): Directory bread(block 68) failed
[  304.131682][ T8009] FAT-fs (loop1): Directory bread(block 69) failed
[  304.133803][ T8009] FAT-fs (loop1): Directory bread(block 70) failed
[  304.157212][ T8009] FAT-fs (loop1): Directory bread(block 71) failed
[  304.159427][ T8009] FAT-fs (loop1): Directory bread(block 72) failed
[  304.161894][ T8009] FAT-fs (loop1): Directory bread(block 73) failed
[  304.196939][ T8014] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  304.263460][ T4626] EXT4-fs (loop6): unmounting filesystem.
[  304.357232][ T8025] loop5: detected capacity change from 0 to 16
[  304.360726][ T8025] erofs: (device loop5): mounted with root inode @ nid 36.
[  304.397400][ T8025] erofs: (device loop5): erofs_find_target_block: corrupted dir block 8200 @ nid 36
[  308.390364][ T8070] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  308.392019][ T8032] loop6: detected capacity change from 0 to 40427
[  308.393107][ T8070] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  308.419373][ T8032] F2FS-fs (loop6): invalid crc value
[  308.453755][ T8032] F2FS-fs (loop6): Found nat_bits in checkpoint
[  308.499015][ T8032] F2FS-fs (loop6): Start checkpoint disabled!
[  308.526665][ T8032] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6
[  308.553789][ T8075] loop1: detected capacity change from 0 to 512
[  308.610714][ T8075] [EXT4 FS bs=4096, gc=1, bpg=71, ipg=32, mo=e04ec018, mo2=0000]
[  308.613696][ T8075] System zones: 0-2, 18-18, 34-34
[  308.624458][ T8032] syz.6.867: attempt to access beyond end of device
[  308.624458][ T8032] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  308.639927][ T8075] Quota error (device loop1): find_tree_dqentry: Cycle in quota tree detected: block 1 index 0
[  308.648249][ T8075] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0
[  308.680730][ T8075] EXT4-fs error (device loop1): ext4_acquire_dquot:6814: comm syz.1.878: Failed to acquire dquot type 0
[  308.695482][ T8075] Quota error (device loop1): find_tree_dqentry: Cycle in quota tree detected: block 1 index 0
[  308.698313][ T8075] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0
[  308.700839][ T8075] EXT4-fs error (device loop1): ext4_acquire_dquot:6814: comm syz.1.878: Failed to acquire dquot type 0
[  308.757919][ T8075] Quota error (device loop1): find_tree_dqentry: Cycle in quota tree detected: block 1 index 0
[  308.777438][ T8075] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0
[  308.780123][ T8075] EXT4-fs error (device loop1): ext4_acquire_dquot:6814: comm syz.1.878: Failed to acquire dquot type 0
[  308.795998][ T4577] kworker/u4:18: attempt to access beyond end of device
[  308.795998][ T4577] loop6: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  308.835431][ T8075] EXT4-fs (loop1): 1 orphan inode deleted
[  308.837103][ T8075] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  308.875408][ T8075] Quota error (device loop1): find_tree_dqentry: Cycle in quota tree detected: block 1 index 0
[  308.878597][ T8075] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0
[  308.898299][ T8075] EXT4-fs error (device loop1): ext4_acquire_dquot:6814: comm syz.1.878: Failed to acquire dquot type 0
[  309.016747][ T8095] loop8: detected capacity change from 0 to 512
[  309.028103][ T7328] EXT4-fs (loop1): unmounting filesystem.
[  309.045777][ T8095] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  309.069336][ T8095] EXT4-fs (loop8): 1 truncate cleaned up
[  309.078508][ T8095] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  310.285248][ T2060] ieee802154 phy0 wpan0: encryption failed: -22
[  310.287109][ T2060] ieee802154 phy1 wpan1: encryption failed: -22
[  310.459397][ T5253] EXT4-fs (loop8): unmounting filesystem.
[  310.562848][ T8119] xt_hashlimit: size too large, truncated to 1048576
[  310.984534][ T8133] ������: renamed from vlan1
[  311.754297][ T8150] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  311.756993][ T8150] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  314.320594][ T8175] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[  314.994699][ T8178] loop6: detected capacity change from 0 to 256
[  315.066926][ T8178] FAT-fs (loop6): Directory bread(block 64) failed
[  315.068932][ T8178] FAT-fs (loop6): Directory bread(block 65) failed
[  315.070793][ T8178] FAT-fs (loop6): Directory bread(block 66) failed
[  315.085716][ T8178] FAT-fs (loop6): Directory bread(block 67) failed
[  315.087570][ T8178] FAT-fs (loop6): Directory bread(block 68) failed
[  315.089803][ T8178] FAT-fs (loop6): Directory bread(block 69) failed
[  315.105703][ T8178] FAT-fs (loop6): Directory bread(block 70) failed
[  315.110956][ T8178] FAT-fs (loop6): Directory bread(block 71) failed
[  315.112898][ T8178] FAT-fs (loop6): Directory bread(block 72) failed
[  315.137058][ T8178] FAT-fs (loop6): Directory bread(block 73) failed
[  317.809481][   T27] audit: type=1326 audit(322.785:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8213 comm="syz.0.904" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91d5a7a8 code=0x7ffc0000
[  317.824306][   T27] audit: type=1326 audit(322.805:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8213 comm="syz.0.904" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91d5a7a8 code=0x7ffc0000
[  317.851762][   T27] audit: type=1326 audit(322.805:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8213 comm="syz.0.904" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=109 compat=0 ip=0xffff91d5a7a8 code=0x7ffc0000
[  317.857426][   T27] audit: type=1326 audit(322.805:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8213 comm="syz.0.904" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91d5a7a8 code=0x7ffc0000
[  317.905064][   T27] audit: type=1326 audit(322.805:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8213 comm="syz.0.904" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff91d5a7a8 code=0x7ffc0000
[  318.217432][ T8227] loop6: detected capacity change from 0 to 512
[  318.225365][ T8229] netlink: 44 bytes leftover after parsing attributes in process `syz.1.907'.
[  318.236191][ T8227] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  318.311372][ T8227] EXT4-fs (loop6): 1 truncate cleaned up
[  318.316959][ T8227] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  319.342470][ T4626] EXT4-fs (loop6): unmounting filesystem.
[  321.102879][ T8259] xt_hashlimit: size too large, truncated to 1048576
[  321.189791][ T8262] loop1: detected capacity change from 0 to 2048
[  321.455738][ T8262]  loop1: p1 < > p3
[  321.459183][ T8262] loop1: p3 size 134217728 extends beyond EOD, truncated
[  322.676178][ T4301] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  322.680612][ T4301] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  322.684021][ T4301] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  322.686634][ T4301] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  322.689104][ T4301] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  322.696702][ T4301] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  323.089207][ T8287] chnl_net:caif_netlink_parms(): no params data found
[  323.298014][ T8287] bridge0: port 1(bridge_slave_0) entered blocking state
[  323.309724][ T8287] bridge0: port 1(bridge_slave_0) entered disabled state
[  323.326778][ T8287] device bridge_slave_0 entered promiscuous mode
[  323.346442][ T8287] bridge0: port 2(bridge_slave_1) entered blocking state
[  323.354774][ T8287] bridge0: port 2(bridge_slave_1) entered disabled state
[  323.367344][ T8287] device bridge_slave_1 entered promiscuous mode
[  323.460557][ T8287] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  323.481348][ T8287] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  323.615896][ T8287] team0: Port device team_slave_0 added
[  323.619439][ T8287] team0: Port device team_slave_1 added
[  323.647111][   T27] audit: type=1326 audit(328.625:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8303 comm="syz.6.919" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbc95a7a8 code=0x7ffc0000
[  323.664246][   T27] audit: type=1326 audit(328.645:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8303 comm="syz.6.919" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffbc95a7a8 code=0x7ffc0000
[  323.670150][   T27] audit: type=1326 audit(328.645:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8303 comm="syz.6.919" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbc95a7a8 code=0x7ffc0000
[  323.716451][ T8287] batman_adv: batadv0: Adding interface: batadv_slave_0
[  323.718395][ T8287] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  323.720907][   T27] audit: type=1326 audit(328.645:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8303 comm="syz.6.919" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffbc95a7a8 code=0x7ffc0000
[  323.759196][ T8287] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  323.770978][   T27] audit: type=1326 audit(328.665:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8303 comm="syz.6.919" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbc95a7a8 code=0x7ffc0000
[  323.781198][   T27] audit: type=1326 audit(328.665:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8303 comm="syz.6.919" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffffbc95a7a8 code=0x7ffc0000
[  323.786934][   T27] audit: type=1326 audit(328.665:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8303 comm="syz.6.919" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbc95a7a8 code=0x7ffc0000
[  323.787177][ T8287] batman_adv: batadv0: Adding interface: batadv_slave_1
[  323.824449][ T8287] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  323.842019][   T27] audit: type=1326 audit(328.665:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8303 comm="syz.6.919" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffffbc95a7a8 code=0x7ffc0000
[  323.848110][   T27] audit: type=1326 audit(328.665:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8303 comm="syz.6.919" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbc95a7a8 code=0x7ffc0000
[  323.858036][ T8308] loop6: detected capacity change from 0 to 512
[  323.873124][ T8287] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  323.881201][ T8308] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  323.891312][   T27] audit: type=1326 audit(328.665:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8303 comm="syz.6.919" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=200 compat=0 ip=0xffffbc95a7a8 code=0x7ffc0000
[  323.939102][ T8308] EXT4-fs (loop6): 1 truncate cleaned up
[  323.940686][ T8308] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  324.815087][ T4313] Bluetooth: hci0: command 0x0409 tx timeout
[  324.860035][ T8287] device hsr_slave_0 entered promiscuous mode
[  324.921343][ T8287] device hsr_slave_1 entered promiscuous mode
[  324.961282][ T8287] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  324.963481][ T8287] Cannot create hsr debugfs directory
[  325.111414][ T4626] EXT4-fs (loop6): unmounting filesystem.
[  326.980953][ T4301] Bluetooth: hci0: command 0x041b tx timeout
[  327.627491][ T4313] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  327.663326][ T4313] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  327.666537][ T4298] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  327.670623][ T4298] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  327.673406][ T4298] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  327.677124][ T4298] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  327.990680][ T8368] loop6: detected capacity change from 0 to 512
[  328.006362][ T8368] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  328.047586][ T8368] EXT4-fs (loop6): 1 truncate cleaned up
[  328.049337][ T8368] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  328.274724][ T1709] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  329.041063][ T4301] Bluetooth: hci0: command 0x040f tx timeout
[  329.133849][ T1709] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  329.143152][ T8379] netlink: 12 bytes leftover after parsing attributes in process `syz.0.934'.
[  329.223159][ T4626] EXT4-fs (loop6): unmounting filesystem.
[  329.424286][ T1709] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  329.522628][ T1709] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  329.744631][ T8351] chnl_net:caif_netlink_parms(): no params data found
[  329.753972][ T8287] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  329.761017][ T4298] Bluetooth: hci3: command 0x0409 tx timeout
[  329.782561][ T8287] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  330.512184][ T8287] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  330.544545][ T8287] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  331.122194][ T4298] Bluetooth: hci0: command 0x0419 tx timeout
[  331.841021][ T4298] Bluetooth: hci3: command 0x041b tx timeout
[  332.334294][ T8351] bridge0: port 1(bridge_slave_0) entered blocking state
[  332.337142][ T8351] bridge0: port 1(bridge_slave_0) entered disabled state
[  332.347340][ T8351] device bridge_slave_0 entered promiscuous mode
[  332.390386][ T8351] bridge0: port 2(bridge_slave_1) entered blocking state
[  332.410077][ T8351] bridge0: port 2(bridge_slave_1) entered disabled state
[  332.421101][ T8351] device bridge_slave_1 entered promiscuous mode
[  332.566647][ T8351] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  332.721789][ T8351] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  333.113886][ T8351] team0: Port device team_slave_0 added
[  333.145487][ T8351] team0: Port device team_slave_1 added
[  333.372306][ T8351] batman_adv: batadv0: Adding interface: batadv_slave_0
[  333.376697][ T8351] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  333.384227][ T8351] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  334.155452][ T8351] batman_adv: batadv0: Adding interface: batadv_slave_1
[  334.157391][ T8351] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  334.174823][ T8351] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  334.192324][ T4298] Bluetooth: hci3: command 0x040f tx timeout
[  334.302830][ T8287] 8021q: adding VLAN 0 to HW filter on device bond0
[  334.443506][ T8287] 8021q: adding VLAN 0 to HW filter on device team0
[  334.451153][ T4683] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  334.453581][ T4683] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  334.455995][ T4683] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  334.458577][ T4683] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  334.471160][ T4683] bridge0: port 1(bridge_slave_0) entered blocking state
[  334.473191][ T4683] bridge0: port 1(bridge_slave_0) entered forwarding state
[  334.475470][ T4683] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  334.482682][ T4683] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  334.500103][ T4683] bridge0: port 2(bridge_slave_1) entered blocking state
[  334.502055][ T4683] bridge0: port 2(bridge_slave_1) entered forwarding state
[  334.562952][ T8351] device hsr_slave_0 entered promiscuous mode
[  334.581850][ T8351] device hsr_slave_1 entered promiscuous mode
[  334.683855][ T8351] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  334.686085][ T8351] Cannot create hsr debugfs directory
[  334.835817][ T4683] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  334.838513][ T4683] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  334.843511][ T4683] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  334.873197][ T4683] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  334.955073][ T4683] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  334.971537][ T4683] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  334.988643][ T4683] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  335.009652][ T4683] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  335.526487][ T8287] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  335.529382][ T8287] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  335.714579][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  335.721323][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  335.724115][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  335.747352][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  335.751029][ T4357] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  335.755550][ T8474] loop6: detected capacity change from 0 to 256
[  335.859825][ T8474] FAT-fs (loop6): Directory bread(block 64) failed
[  335.869480][ T8474] FAT-fs (loop6): Directory bread(block 65) failed
[  335.871556][ T8474] FAT-fs (loop6): Directory bread(block 66) failed
[  335.886035][ T8474] FAT-fs (loop6): Directory bread(block 67) failed
[  335.888037][ T8474] FAT-fs (loop6): Directory bread(block 68) failed
[  335.903722][ T8474] FAT-fs (loop6): Directory bread(block 69) failed
[  335.912179][ T8474] FAT-fs (loop6): Directory bread(block 70) failed
[  335.922023][ T8474] FAT-fs (loop6): Directory bread(block 71) failed
[  335.930341][ T8474] FAT-fs (loop6): Directory bread(block 72) failed
[  335.932645][ T8474] FAT-fs (loop6): Directory bread(block 73) failed
[  336.241451][ T4298] Bluetooth: hci3: command 0x0419 tx timeout
[  336.674071][ T4298] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  336.678755][ T4298] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  336.701546][ T4313] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  336.706401][ T4313] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  336.709756][ T4313] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  336.712412][ T4313] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  337.301443][ T8287] 8021q: adding VLAN 0 to HW filter on device batadv0
[  337.440007][ T8502] loop6: detected capacity change from 0 to 512
[  337.470109][ T8502] EXT2-fs (loop6): warning: feature flags set on rev 0 fs, running e2fsck is recommended
[  337.691296][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  337.693511][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  337.929423][ T8520] syz.6.956: attempt to access beyond end of device
[  337.929423][ T8520] loop6: rw=0, sector=511016, nr_sectors = 4 limit=512
[  337.934295][ T8520] EXT2-fs (loop6): error: ext2_readdir: bad page in #2
[  338.049621][ T8508] device syzkaller0 entered promiscuous mode
[  338.072249][ T1709] device hsr_slave_0 left promiscuous mode
[  338.121374][ T1709] device hsr_slave_1 left promiscuous mode
[  338.220953][ T1709] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  338.223093][ T1709] batman_adv: batadv0: Removing interface: batadv_slave_0
[  338.225586][ T1709] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  338.227590][ T1709] batman_adv: batadv0: Removing interface: batadv_slave_1
[  338.242196][ T1709] device vlan2 left promiscuous mode
[  338.246095][ T1709] bridge0: port 3(vlan2) entered disabled state
[  338.282010][ T1709] device bridge_slave_1 left promiscuous mode
[  338.283873][ T1709] bridge0: port 2(bridge_slave_1) entered disabled state
[  338.322437][ T1709] device bridge_slave_0 left promiscuous mode
[  338.324319][ T1709] bridge0: port 1(bridge_slave_0) entered disabled state
[  338.461682][ T1709] device veth1_macvtap left promiscuous mode
[  338.465534][ T1709] device veth0_macvtap left promiscuous mode
[  338.469335][ T1709] device veth1_vlan left promiscuous mode
[  338.473280][ T1709] device veth0_vlan left promiscuous mode
[  338.721113][ T4313] Bluetooth: hci5: command 0x0409 tx timeout
[  340.808549][ T4313] Bluetooth: hci5: command 0x041b tx timeout
[  341.027872][ T1709] team0 (unregistering): Port device team_slave_1 removed
[  341.211310][ T1709] team0 (unregistering): Port device team_slave_0 removed
[  341.497101][ T1709] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  342.201755][ T1709] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  342.881521][ T4301] Bluetooth: hci5: command 0x040f tx timeout
[  344.584712][ T1709] bond0 (unregistering): Released all slaves
[  344.961256][ T4301] Bluetooth: hci5: command 0x0419 tx timeout
[  353.417455][ T4301] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  353.422967][ T4301] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  353.425560][ T4301] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  353.428132][ T4301] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  353.430460][ T4301] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  353.432934][ T4301] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  355.441028][ T4313] Bluetooth: hci1: command 0x0409 tx timeout
[  356.182509][  T419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  356.185397][  T419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  356.232749][ T8287] device veth0_vlan entered promiscuous mode
[  356.250817][ T8287] device veth1_vlan entered promiscuous mode
[  356.264005][  T419] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  356.266680][  T419] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  356.269356][  T419] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  356.297259][  T419] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  356.299869][  T419] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  356.331364][    C1] ------------[ cut here ]------------
[  356.333080][    C1] refcount_t: addition on 0; use-after-free.
[  356.335024][    C1] WARNING: CPU: 1 PID: 8488 at lib/refcount.c:25 refcount_warn_saturate+0x134/0x1f8
[  356.337655][    C1] Modules linked in:
[  356.338823][    C1] CPU: 1 PID: 8488 Comm: syz-executor Not tainted 6.1.141-syzkaller #0
[  356.341622][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  356.344797][    C1] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[  356.346896][    C1] pc : refcount_warn_saturate+0x134/0x1f8
[  356.348426][    C1] lr : refcount_warn_saturate+0x134/0x1f8
[  356.349936][    C1] sp : ffff8000080178c0
[  356.351044][    C1] x29: ffff8000080178c0 x28: ffff0000f18bc400 x27: ffff0000c9fd8208
[  356.353202][    C1] x26: ffff0000f7dc3c70 x25: dfff800000000000 x24: 1fffe000193fb041
[  356.355381][    C1] x23: ffff0000f42dac00 x22: ffff0000f7c20154 x21: ffff0000dbbaf880
[  356.357569][    C1] x20: ffff0000f7c20154 x19: ffff800017a32000 x18: 00000000500194e2
[  356.359904][    C1] x17: 0000000000000000 x16: ffff8000082d1c00 x15: 0000000000000000
[  356.362181][    C1] x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000ff0100
[  356.364294][    C1] x11: ff0080000819149c x10: 0000000000000000 x9 : 96e36b602793be00
[  356.366435][    C1] x8 : 96e36b602793be00 x7 : 0000000000000001 x6 : 0000000000000001
[  356.368603][    C1] x5 : ffff800008017358 x4 : ffff800015154700 x3 : ffff80000852da40
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  356.370727][    C1] x2 : 0000000000000001 x1 : 0000000000000101 x0 : 0000000000000000
[  356.372841][    C1] Call trace:
[  356.373710][    C1]  refcount_warn_saturate+0x134/0x1f8
[  356.375199][    C1]  tipc_crypto_xmit+0x1518/0x2014
[  356.376554][    C1]  tipc_bearer_xmit_skb+0x1f0/0x384
[  356.377962][    C1]  tipc_disc_timeout+0x4c8/0x608
[  356.379293][    C1]  call_timer_fn+0x1b8/0x964
[  356.380511][    C1]  __run_timers+0x460/0x6bc
[  356.381733][    C1]  run_timer_softirq+0x7c/0x114
[  356.383012][    C1]  handle_softirqs+0x318/0xc6c
[  356.384288][    C1]  __do_softirq+0x14/0x20
[  356.385432][    C1]  ____do_softirq+0x14/0x20
[  356.386694][    C1]  call_on_irq_stack+0x24/0x4c
[  356.388003][    C1]  do_softirq_own_stack+0x20/0x2c
[  356.389312][    C1]  __irq_exit_rcu+0x23c/0x43c
[  356.390567][    C1]  irq_exit_rcu+0x14/0x84
[  356.391697][    C1]  el1_interrupt+0x38/0x54
[  356.392931][    C1]  el1h_64_irq_handler+0x18/0x24
[  356.394237][    C1]  el1h_64_irq+0x64/0x68
[  356.395415][    C1]  _raw_spin_unlock_irqrestore+0x58/0xac
[  356.396965][    C1]  debug_check_no_obj_freed+0x450/0x46c
[  356.398463][    C1]  slab_free_freelist_hook+0x104/0x1ec
[  356.399899][    C1]  kmem_cache_free+0x11c/0x324
[  356.401198][    C1]  kfree_skbmem+0x10c/0x19c
[  356.402370][    C1]  consume_skb+0xa8/0x104
[  356.403556][    C1]  netlink_broadcast+0xebc/0x1018
[  356.404842][    C1]  nlmsg_notify+0xf4/0x1d8
[  356.406067][    C1]  rtnl_notify+0xa0/0xd8
[  356.407185][    C1]  inet_netconf_notify_devconf+0x1f0/0x25c
[  356.408697][    C1]  __devinet_sysctl_register+0x280/0x2f0
[  356.410221][    C1]  devinet_sysctl_register+0x14c/0x1c0
[  356.411645][    C1]  inetdev_init+0x268/0x4a8
[  356.412831][    C1]  inetdev_event+0xf0c/0x12ec
[  356.414068][    C1]  raw_notifier_call_chain+0xd4/0x164
[  356.415463][    C1]  call_netdevice_notifiers+0x10c/0x18c
[  356.416936][    C1]  register_netdevice+0x1188/0x15cc
[  356.418377][    C1]  ip6gre_newlink_common+0x31c/0x4a0
[  356.419843][    C1]  ip6gre_newlink+0x19c/0x448
[  356.421152][    C1]  rtnl_newlink+0x102c/0x1a1c
[  356.422461][    C1]  rtnetlink_rcv_msg+0x734/0xce4
[  356.423790][    C1]  netlink_rcv_skb+0x208/0x3c4
[  356.425087][    C1]  rtnetlink_rcv+0x28/0x38
[  356.426251][    C1]  netlink_unicast+0x600/0x818
[  356.427520][    C1]  netlink_sendmsg+0x6e8/0x9b0
[  356.428804][    C1]  __sys_sendto+0x304/0x3fc
[  356.430077][    C1]  __arm64_sys_sendto+0xd8/0xf8
[  356.431376][    C1]  invoke_syscall+0x98/0x2bc
[  356.432564][    C1]  el0_svc_common+0x138/0x258
[  356.433811][    C1]  do_el0_svc+0x58/0x13c
[  356.434932][    C1]  el0_svc+0x58/0x138
[  356.436009][    C1]  el0t_64_sync_handler+0x84/0xf0
[  356.437450][    C1]  el0t_64_sync+0x18c/0x190
[  356.438642][    C1] irq event stamp: 15593
[  356.439784][    C1] hardirqs last  enabled at (15592): [<ffff800008307d18>] __up_console_sem+0xb4/0x100
[  356.442302][    C1] hardirqs last disabled at (15593): [<ffff80001191c930>] el1_dbg+0x24/0x80
[  356.444646][    C1] softirqs last  enabled at (15316): [<ffff80000fd427f8>] neigh_parms_alloc+0x328/0x45c
[  356.447204][    C1] softirqs last disabled at (15341): [<ffff800008020164>] __do_softirq+0x14/0x20
[  356.449633][    C1] ---[ end trace 0000000000000000 ]---
[  356.451228][    C1] ------------[ cut here ]------------
[  356.452637][    C1] refcount_t: underflow; use-after-free.
[  356.454321][    C1] WARNING: CPU: 1 PID: 8488 at lib/refcount.c:28 refcount_warn_saturate+0x154/0x1f8
[  356.456841][    C1] Modules linked in:
[  356.457900][    C1] CPU: 1 PID: 8488 Comm: syz-executor Tainted: G        W          6.1.141-syzkaller #0
[  356.460461][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  356.463032][    C1] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[  356.465100][    C1] pc : refcount_warn_saturate+0x154/0x1f8
[  356.466617][    C1] lr : refcount_warn_saturate+0x154/0x1f8
[  356.468103][    C1] sp : ffff8000080178c0
[  356.469204][    C1] x29: ffff8000080178c0 x28: ffff0000f18bc400 x27: 0000000000000000
[  356.471317][    C1] x26: ffff0000f7dc3c70 x25: dfff800000000000 x24: 1fffe0001efb8798
[  356.473463][    C1] x23: 1fffe00019fb7379 x22: ffff0000c9fd8200 x21: 00000000c0000000
[  356.475537][    C1] x20: ffff0000f7c20154 x19: ffff800017a32000 x18: 00000000500194e2
[  356.477637][    C1] x17: 0000000000000000 x16: ffff8000082d1c00 x15: 0000000000000000
[  356.479733][    C1] x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000ff0100
[  356.481783][    C1] x11: ff0080000819149c x10: 0000000000000000 x9 : 96e36b602793be00
[  356.483882][    C1] x8 : 96e36b602793be00 x7 : 0000000000000001 x6 : 0000000000000001
[  356.485977][    C1] x5 : ffff800008017358 x4 : ffff800015154700 x3 : ffff8000083115f4
[  356.488132][    C1] x2 : 0000000000000001 x1 : 0000000000000101 x0 : 0000000000000000
[  356.490282][    C1] Call trace:
[  356.491119][    C1]  refcount_warn_saturate+0x154/0x1f8
[  356.492523][    C1]  tipc_crypto_xmit+0x1664/0x2014
[  356.493858][    C1]  tipc_bearer_xmit_skb+0x1f0/0x384
[  356.495215][    C1]  tipc_disc_timeout+0x4c8/0x608
[  356.496493][    C1]  call_timer_fn+0x1b8/0x964
[  356.497715][    C1]  __run_timers+0x460/0x6bc
[  356.498912][    C1]  run_timer_softirq+0x7c/0x114
[  356.500154][    C1]  handle_softirqs+0x318/0xc6c
[  356.501367][    C1]  __do_softirq+0x14/0x20
[  356.502493][    C1]  ____do_softirq+0x14/0x20
[  356.503682][    C1]  call_on_irq_stack+0x24/0x4c
[  356.504974][    C1]  do_softirq_own_stack+0x20/0x2c
[  356.506262][    C1]  __irq_exit_rcu+0x23c/0x43c
[  356.507543][    C1]  irq_exit_rcu+0x14/0x84
[  356.508636][    C1]  el1_interrupt+0x38/0x54
[  356.509789][    C1]  el1h_64_irq_handler+0x18/0x24
[  356.511074][    C1]  el1h_64_irq+0x64/0x68
[  356.512220][    C1]  _raw_spin_unlock_irqrestore+0x58/0xac
[  356.513709][    C1]  debug_check_no_obj_freed+0x450/0x46c
[  356.515210][    C1]  slab_free_freelist_hook+0x104/0x1ec
[  356.516635][    C1]  kmem_cache_free+0x11c/0x324
[  356.517886][    C1]  kfree_skbmem+0x10c/0x19c
[  356.519060][    C1]  consume_skb+0xa8/0x104
[  356.520211][    C1]  netlink_broadcast+0xebc/0x1018
[  356.521522][    C1]  nlmsg_notify+0xf4/0x1d8
[  356.522700][    C1]  rtnl_notify+0xa0/0xd8
[  356.523815][    C1]  inet_netconf_notify_devconf+0x1f0/0x25c
[  356.525358][    C1]  __devinet_sysctl_register+0x280/0x2f0
[  356.526929][    C1]  devinet_sysctl_register+0x14c/0x1c0
[  356.528432][    C1]  inetdev_init+0x268/0x4a8
[  356.529618][    C1]  inetdev_event+0xf0c/0x12ec
[  356.530879][    C1]  raw_notifier_call_chain+0xd4/0x164
[  356.532333][    C1]  call_netdevice_notifiers+0x10c/0x18c
[  356.533800][    C1]  register_netdevice+0x1188/0x15cc
[  356.535230][    C1]  ip6gre_newlink_common+0x31c/0x4a0
[  356.536683][    C1]  ip6gre_newlink+0x19c/0x448
[  356.537965][    C1]  rtnl_newlink+0x102c/0x1a1c
[  356.539232][    C1]  rtnetlink_rcv_msg+0x734/0xce4
[  356.540559][    C1]  netlink_rcv_skb+0x208/0x3c4
[  356.541851][    C1]  rtnetlink_rcv+0x28/0x38
[  356.543034][    C1]  netlink_unicast+0x600/0x818
[  356.544283][    C1]  netlink_sendmsg+0x6e8/0x9b0
[  356.545571][    C1]  __sys_sendto+0x304/0x3fc
[  356.546832][    C1]  __arm64_sys_sendto+0xd8/0xf8
[  356.548156][    C1]  invoke_syscall+0x98/0x2bc
[  356.549339][    C1]  el0_svc_common+0x138/0x258
[  356.550566][    C1]  do_el0_svc+0x58/0x13c
[  356.551677][    C1]  el0_svc+0x58/0x138
[  356.552707][    C1]  el0t_64_sync_handler+0x84/0xf0
[  356.554065][    C1]  el0t_64_sync+0x18c/0x190
[  356.555287][    C1] irq event stamp: 15625
[  356.556341][    C1] hardirqs last  enabled at (15624): [<ffff800008307d18>] __up_console_sem+0xb4/0x100
[  356.558893][    C1] hardirqs last disabled at (15625): [<ffff80001191c930>] el1_dbg+0x24/0x80
[  356.561246][    C1] softirqs last  enabled at (15316): [<ffff80000fd427f8>] neigh_parms_alloc+0x328/0x45c
[  356.563822][    C1] softirqs last disabled at (15341): [<ffff800008020164>] __do_softirq+0x14/0x20
[  356.566269][    C1] ---[ end trace 0000000000000000 ]---
[  357.041783][    C0] ------------[ cut here ]------------
[  357.043438][    C0] refcount_t: saturated; leaking memory.
[  357.045266][    C0] WARNING: CPU: 0 PID: 8351 at lib/refcount.c:22 refcount_warn_saturate+0x1b4/0x1f8
[  357.047790][    C0] Modules linked in:
[  357.048882][    C0] CPU: 0 PID: 8351 Comm: syz-executor Tainted: G        W          6.1.141-syzkaller #0
[  357.051379][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  357.054192][    C0] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[  357.056285][    C0] pc : refcount_warn_saturate+0x1b4/0x1f8
[  357.057800][    C0] lr : refcount_warn_saturate+0x1b4/0x1f8
[  357.059347][    C0] sp : ffff8000080078c0
[  357.060487][    C0] x29: ffff8000080078c0 x28: ffff0000d2f4f000 x27: ffff0000c9fd8208
[  357.062644][    C0] x26: ffff0000d15c94f0 x25: dfff800000000000 x24: 1fffe000193fb041
[  357.064807][    C0] x23: ffff0000f3592400 x22: ffff0000f7c20154 x21: 000000007ffffffe
[  357.066933][    C0] x20: ffff0000f7c20154 x19: ffff800017a32000 x18: ffff800011a7bce0
[  357.069136][    C0] x17: 0000000000000000 x16: ffff8000082d1c00 x15: 0000000000000000
[  357.071321][    C0] x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000ff0100
[  357.073526][    C0] x11: ff0080000819149c x10: 0000000000000000 x9 : c6debebdd16bc400
[  357.075742][    C0] x8 : c6debebdd16bc400 x7 : 0000000000000001 x6 : 0000000000000001
[  357.077958][    C0] x5 : ffff800008007358 x4 : ffff800015154700 x3 : ffff80000852da40
[  357.080153][    C0] x2 : 0000000000000001 x1 : 0000000000000103 x0 : 0000000000000000
[  357.082355][    C0] Call trace:
[  357.083241][    C0]  refcount_warn_saturate+0x1b4/0x1f8
[  357.084649][    C0]  tipc_crypto_xmit+0x1518/0x2014
[  357.085985][    C0]  tipc_bearer_xmit_skb+0x1f0/0x384
[  357.087377][    C0]  tipc_disc_timeout+0x4c8/0x608
[  357.088668][    C0]  call_timer_fn+0x1b8/0x964
[  357.089891][    C0]  __run_timers+0x460/0x6bc
[  357.091109][    C0]  run_timer_softirq+0x7c/0x114
[  357.092376][    C0]  handle_softirqs+0x318/0xc6c
[  357.093659][    C0]  __do_softirq+0x14/0x20
[  357.094858][    C0]  ____do_softirq+0x14/0x20
[  357.096082][    C0]  call_on_irq_stack+0x24/0x4c
[  357.097316][    C0]  do_softirq_own_stack+0x20/0x2c
[  357.098716][    C0]  __irq_exit_rcu+0x23c/0x43c
[  357.099977][    C0]  irq_exit_rcu+0x14/0x84
[  357.101144][    C0]  el1_interrupt+0x38/0x54
[  357.102349][    C0]  el1h_64_irq_handler+0x18/0x24
[  357.103709][    C0]  el1h_64_irq+0x64/0x68
[  357.104802][    C0]  _raw_spin_unlock_irqrestore+0x58/0xac
[  357.106327][    C0]  free_pcppages_bulk+0x6ec/0x73c
[  357.107651][    C0]  free_unref_page_commit+0x284/0x3e8
[  357.109089][    C0]  free_unref_page+0x18c/0x3a0
[  357.110339][    C0]  __free_pages+0x1a4/0x1d0
[  357.111540][    C0]  __vunmap+0x81c/0x9f0
[  357.112640][    C0]  vfree+0xbc/0x150
[  357.113659][    C0]  kcov_close+0x3c/0x98
[  357.114741][    C0]  __fput+0x1bc/0x7c0
[  357.115788][    C0]  ____fput+0x20/0x30
[  357.116877][    C0]  task_work_run+0x1ec/0x270
[  357.118098][    C0]  do_exit+0x544/0x19a8
[  357.119179][    C0]  do_group_exit+0x194/0x22c
[  357.120392][    C0]  get_signal+0x11d0/0x1310
[  357.121609][    C0]  do_notify_resume+0x340/0x2b0c
[  357.122915][    C0]  el0_svc+0x98/0x138
[  357.123987][    C0]  el0t_64_sync_handler+0x84/0xf0
[  357.125317][    C0]  el0t_64_sync+0x18c/0x190
[  357.126485][    C0] irq event stamp: 163287
[  357.127618][    C0] hardirqs last  enabled at (163286): [<ffff800008307d18>] __up_console_sem+0xb4/0x100
[  357.130169][    C0] hardirqs last disabled at (163287): [<ffff80001191c930>] el1_dbg+0x24/0x80
[  357.132515][    C0] softirqs last  enabled at (157410): [<ffff8000081a8e70>] handle_softirqs+0xaf8/0xc6c
[  357.135062][    C0] softirqs last disabled at (163251): [<ffff800008020164>] __do_softirq+0x14/0x20
[  357.137520][    C0] ---[ end trace 0000000000000000 ]---
[  357.142227][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  358.703738][ T1709] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  358.783731][ T1709] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  358.883731][ T1709] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  358.994644][ T1709] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  359.820783][ T1709] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  359.932665][ T1709] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  360.022645][ T1709] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  360.132770][ T1709] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  360.353729][ T1709] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  360.444148][ T1709] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  360.535497][ T1709] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  360.622662][ T1709] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  360.830569][ T1709] ------------[ cut here ]------------
[  360.832604][ T1709] refcount_t: saturated; leaking memory.
[  360.835802][ T1709] WARNING: CPU: 0 PID: 1709 at lib/refcount.c:19 refcount_warn_saturate+0x174/0x1f8
[  360.838315][ T1709] Modules linked in:
[  360.839340][ T1709] CPU: 0 PID: 1709 Comm: kworker/u4:5 Tainted: G        W          6.1.141-syzkaller #0
[  360.841979][ T1709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  360.844697][ T1709] Workqueue: netns cleanup_net
[  360.845992][ T1709] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[  360.848088][ T1709] pc : refcount_warn_saturate+0x174/0x1f8
[  360.849657][ T1709] lr : refcount_warn_saturate+0x174/0x1f8
[  360.851188][ T1709] sp : ffff800025727280
[  360.852265][ T1709] x29: ffff800025727280 x28: 1ffff00004ae4e58 x27: dfff800000000000
[  360.854375][ T1709] x26: 00000000c0000000 x25: 00000000c0000000 x24: ffff0000f7c20154
[  360.856516][ T1709] x23: 0000000000000046 x22: 0000000000000cc0 x21: 000000007ffffffe
[  360.858624][ T1709] x20: ffff0000f7c20154 x19: ffff800017a32000 x18: ffff800011a7bce0
[  360.860802][ T1709] x17: 1fffe00033ee2f76 x16: ffff8000082d1c00 x15: 0000000040000000
[  360.862984][ T1709] x14: 0000000000000002 x13: 1ffff00002a0e0b1 x12: 0000000000ff0100
[  360.865127][ T1709] x11: ff0080000a88a3b4 x10: 0000000000000003 x9 : 86a1dbef85504500
[  360.867221][ T1709] x8 : 86a1dbef85504500 x7 : ffff8000082516dc x6 : 0000000000000000
[  360.869346][ T1709] x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000
[  360.871486][ T1709] x2 : 0000000000000006 x1 : ffff800011a7d7e0 x0 : ffff80018a752000
[  360.873622][ T1709] Call trace:
[  360.874490][ T1709]  refcount_warn_saturate+0x174/0x1f8
[  360.875954][ T1709]  nf_nat_masq_schedule+0x478/0x54c
[  360.877355][ T1709]  masq_device_event+0x9c/0xe0
[  360.878646][ T1709]  raw_notifier_call_chain+0xd4/0x164
[  360.880099][ T1709]  dev_close_many+0x2cc/0x440
[  360.881455][ T1709]  unregister_netdevice_many+0x3c4/0x1740
[  360.882984][ T1709]  unregister_netdevice_queue+0x2ac/0x2f8
[  360.884501][ T1709]  nsim_destroy+0x58/0x164
[  360.885666][ T1709]  __nsim_dev_port_del+0x144/0x1a4
[  360.887066][ T1709]  nsim_dev_reload_destroy+0x240/0x43c
[  360.888577][ T1709]  nsim_dev_reload_down+0x9c/0xd4
[  360.889966][ T1709]  devlink_reload+0x1b4/0x570
[  360.891180][ T1709]  devlink_pernet_pre_exit+0x118/0x2a8
[  360.892604][ T1709]  cleanup_net+0x470/0xa74
[  360.893814][ T1709]  process_one_work+0x7f4/0x13a8
[  360.895161][ T1709]  worker_thread+0x8c8/0xfbc
[  360.896407][ T1709]  kthread+0x250/0x2d8
[  360.897513][ T1709]  ret_from_fork+0x10/0x20
[  360.898661][ T1709] irq event stamp: 4981058
[  360.899843][ T1709] hardirqs last  enabled at (4981057): [<ffff800008251770>] finish_lock_switch+0xb0/0x1c4
[  360.902453][ T1709] hardirqs last disabled at (4981058): [<ffff80001191c930>] el1_dbg+0x24/0x80
[  360.904812][ T1709] softirqs last  enabled at (4981040): [<ffff8000081a8e70>] handle_softirqs+0xaf8/0xc6c
[  360.907455][ T1709] softirqs last disabled at (4980927): [<ffff800008020164>] __do_softirq+0x14/0x20
[  360.909886][ T1709] ---[ end trace 0000000000000000 ]---
[  360.914160][ T1709] ------------[ cut here ]------------
[  360.915625][ T1709] WARNING: CPU: 0 PID: 1709 at lib/ref_tracker.c:77 ref_tracker_alloc+0x230/0x3cc
[  360.918063][ T1709] Modules linked in:
[  360.919069][ T1709] CPU: 0 PID: 1709 Comm: kworker/u4:5 Tainted: G        W          6.1.141-syzkaller #0
[  360.921520][ T1709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  360.924247][ T1709] Workqueue: netns cleanup_net
[  360.925571][ T1709] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[  360.927682][ T1709] pc : ref_tracker_alloc+0x230/0x3cc
[  360.929114][ T1709] lr : ref_tracker_alloc+0x230/0x3cc
[  360.930494][ T1709] sp : ffff800025727160
[  360.931594][ T1709] x29: ffff800025727240 x28: 1ffff00004ae4e58 x27: dfff800000000000
[  360.933738][ T1709] x26: dfff800000000000 x25: ffff700004ae4e2c x24: ffff0000e512f008
[  360.935879][ T1709] x23: ffff800025727160 x22: ffff0000f7c201a4 x21: ffff0000e512f050
[  360.938016][ T1709] x20: 0000000000000cc0 x19: ffff0000f7c20158 x18: ffff800011a7bce0
[  360.940152][ T1709] x17: 1fffe00033ee2f76 x16: ffff8000082d1c00 x15: ffff800010a233ec
[  360.942267][ T1709] x14: ffff80000d4f3814 x13: 1ffff00002a0e0b1 x12: 0000000000ff0100
[  360.944400][ T1709] x11: ff0080000aa23d44 x10: 0000000000000000 x9 : ffff80000aa23d44
[  360.946573][ T1709] x8 : ffff0000cfdbd340 x7 : 0000000000000000 x6 : 000000000000003f
[  360.948761][ T1709] x5 : 0000000000000040 x4 : 0000000000000000 x3 : 0000000000000004
[  360.950861][ T1709] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff800025727180
[  360.952991][ T1709] Call trace:
[  360.953848][ T1709]  ref_tracker_alloc+0x230/0x3cc
[  360.955179][ T1709]  nf_nat_masq_schedule+0x328/0x54c
[  360.956554][ T1709]  masq_device_event+0x9c/0xe0
[  360.957799][ T1709]  raw_notifier_call_chain+0xd4/0x164
[  360.959204][ T1709]  dev_close_many+0x2cc/0x440
[  360.960449][ T1709]  unregister_netdevice_many+0x3c4/0x1740
[  360.961988][ T1709]  unregister_netdevice_queue+0x2ac/0x2f8
[  360.963498][ T1709]  nsim_destroy+0x58/0x164
[  360.964640][ T1709]  __nsim_dev_port_del+0x144/0x1a4
[  360.965980][ T1709]  nsim_dev_reload_destroy+0x240/0x43c
[  360.967407][ T1709]  nsim_dev_reload_down+0x9c/0xd4
[  360.968722][ T1709]  devlink_reload+0x1b4/0x570
[  360.969973][ T1709]  devlink_pernet_pre_exit+0x118/0x2a8
[  360.971417][ T1709]  cleanup_net+0x470/0xa74
[  360.972630][ T1709]  process_one_work+0x7f4/0x13a8
[  360.974013][ T1709]  worker_thread+0x8c8/0xfbc
[  360.975214][ T1709]  kthread+0x250/0x2d8
[  360.976266][ T1709]  ret_from_fork+0x10/0x20
[  360.977451][ T1709] irq event stamp: 4981390
[  360.978616][ T1709] hardirqs last  enabled at (4981389): [<ffff800011a07d24>] _raw_spin_unlock_irqrestore+0x48/0xac
[  360.981429][ T1709] hardirqs last disabled at (4981390): [<ffff80001191c930>] el1_dbg+0x24/0x80
[  360.983767][ T1709] softirqs last  enabled at (4981380): [<ffff8000081a8e70>] handle_softirqs+0xaf8/0xc6c
[  360.986349][ T1709] softirqs last disabled at (4981063): [<ffff800008020164>] __do_softirq+0x14/0x20
[  360.988833][ T1709] ---[ end trace 0000000000000000 ]---
[  360.999677][    T7] ------------[ cut here ]------------
[  361.001335][    T7] WARNING: CPU: 0 PID: 7 at lib/ref_tracker.c:110 ref_tracker_free+0x484/0x694
[  361.003722][    T7] Modules linked in:
[  361.004735][    T7] CPU: 0 PID: 7 Comm: kworker/0:0 Tainted: G        W          6.1.141-syzkaller #0
[  361.007248][    T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  361.009926][    T7] Workqueue: events iterate_cleanup_work
[  361.011412][    T7] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[  361.013508][    T7] pc : ref_tracker_free+0x484/0x694
[  361.014929][    T7] lr : ref_tracker_free+0x484/0x694
[  361.016321][    T7] sp : ffff80001c7f7940
[  361.017441][    T7] x29: ffff80001c7f7a40 x28: ffff00019f72f800 x27: ffff0000e512f000
[  361.019636][    T7] x26: dfff800000000000 x25: ffff7000038fef2c x24: ffff80001c7f7aa0
[  361.021763][    T7] x23: ffff7000038fef54 x22: ffff80001c7f7960 x21: ffff0000f7c201a4
[  361.023929][    T7] x20: ffff0000e512f050 x19: ffff0000f7c20158 x18: ffff800011a7bce0
[  361.026105][    T7] x17: ffff8000181a1000 x16: ffff8000082d0750 x15: ffff800017c81fc0
[  361.028203][    T7] x14: ffff0000cfdbddd8 x13: 1ffff00002a0e0b1 x12: 0000000000ff0100
[  361.030395][    T7] x11: ff0080000aa2441c x10: 0000000000000000 x9 : ffff80000aa2441c
[  361.032598][    T7] x8 : ffff0000c09a3780 x7 : 0000000000000000 x6 : 000000000000003f
[  361.034756][    T7] x5 : 0000000000000040 x4 : 0000000000000000 x3 : 0000000000000004
[  361.036877][    T7] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff80001c7f7980
[  361.039059][    T7] Call trace:
[  361.039978][    T7]  ref_tracker_free+0x484/0x694
[  361.041273][    T7]  iterate_cleanup_work+0xe8/0x230
[  361.042625][    T7]  process_one_work+0x7f4/0x13a8
[  361.043929][    T7]  worker_thread+0x8c8/0xfbc
[  361.045179][    T7]  kthread+0x250/0x2d8
[  361.046284][    T7]  ret_from_fork+0x10/0x20
[  361.047537][    T7] irq event stamp: 97270
[  361.048659][    T7] hardirqs last  enabled at (97269): [<ffff8000081a8044>] __local_bh_enable_ip+0x1f8/0x380
[  361.051407][    T7] hardirqs last disabled at (97270): [<ffff80001191c930>] el1_dbg+0x24/0x80
[  361.053871][    T7] softirqs last  enabled at (97268): [<ffff80001007e6c4>] local_bh_enable+0x10/0x34
[  361.056384][    T7] softirqs last disabled at (97266): [<ffff80001007e1e4>] local_bh_disable+0x10/0x34
[  361.058893][    T7] ---[ end trace 0000000000000000 ]---
[  361.114769][ T1709] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  361.203016][ T1709] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  361.359099][ T1709] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  361.482714][ T1709] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  362.011080][ T1709] tipc: Disabling bearer <udp:�>
[  362.012589][ T1709] tipc: Left network mode
[  362.281008][ T1709] tipc: Disabling bearer <udp:syz2>
[  362.282560][ T1709] tipc: Disabling bearer <udp:syz0>
[  362.283998][ T1709] tipc: Left network mode
[  362.541027][ T1709] tipc: Disabling bearer <udp:syz2>
[  362.542584][ T1709] tipc: Disabling bearer <udp:syz0>
[  362.544145][ T1709] tipc: Left network mode