last executing test programs:

14.038819619s ago: executing program 2 (id=268):
timer_create(0xfffffffffffffffd, 0x0, &(0x7f00000000c0)=<r0=>0x0)
timer_settime(r0, 0x1, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
timer_create(0xfffffffffffffffd, 0x0, &(0x7f0000000280))
syz_read_part_table(0x407c, &(0x7f0000008140)="$eJzs079KemEYB/BHh98ParHoAt4tAqnjnySnqGhoMAenxgoLQQzSwqWlu+mSuoCuw8AM5FSDFgTx+UzPOd/3efku7+rL00FEFHbuBr1x5BQjYjKd9osRhYioz5JC/ujwutc/v+j237aK+ZiFlb74//A4G/4tfufmWsRpioiV0fPG0Xfa8Uf83zqb/5xMfXzfyzk5bKX2cStljUa1U6mmd7VUyz7fyLJsLvmhGktZL3Wuxum+ezvs3QzS7natnNqXo1TZK6dKs1n/xWYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDKDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rZPo3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG4FAAD//xQHINw=")

10.508647812s ago: executing program 2 (id=280):
socket(0x2a, 0x2, 0x3)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r0, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xe)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x20000800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r5=>0x0})
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00')
lseek(r6, 0x10000000005, 0x0)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x2c, r3, 0x1, 0x80, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r5}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x87}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendfile(r1, r1, 0x0, 0x200000)

9.024449677s ago: executing program 2 (id=282):
r0 = syz_io_uring_setup(0x237, &(0x7f0000000480)={0x0, 0x8901, 0x0, 0x0, 0x2ce}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000600)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
socket$inet_smc(0x2b, 0x1, 0x0)
syz_io_uring_submit(r1, r2, 0x0)
io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0)

8.29407894s ago: executing program 2 (id=285):
r0 = socket(0x2000000000000021, 0x2, 0x10000000000002)
connect$rxrpc(r0, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8, @multicast2}}, 0x24)
sendmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0)
recvmmsg(r0, &(0x7f0000000d00), 0xf000, 0x10002, 0x0)

6.531917202s ago: executing program 1 (id=291):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x20, 0x0, 0x0, 0x12b}, {0x6, 0xff, 0x0, 0xfffffcb9}]})
syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f0000000100), 0x2, 0x528, &(0x7f0000000c00)="$eJzs3U9sI1cZAPBvJsnau02bLfQAqNClFBa0WjvxtquqF8qpQqgSogcOHLYhcaIo9jqKndKEFcoeuSNRiROcOHNA4oDUE3ckDnDjUg5IBVagBgkJVx6PU+ePE2uT2Nv495NG8+eN/b23o3lv9HkzL4CJdSMidiPiSkS8HRFz+fEkX+L17tI576NHD5b2Hj1YSqLdfuufSVbeORZ9n+l4Kv/OYkR8742IHyaHgv4porm9s75Yq1U380PlVn2j3Nzeub1WX1ytrlbvVyp3F+7Ov3rnlcq5tfWF+m8+vBoRv//dFz/44+43ftyp1mxe1t+O89Rt+sx+nI7piPjORQQbg6m8PVce58OP9SHOUxoRn4mIF7P7fy6msqt50MHL9M0R1g4AuAjt9ly05/r3AYDLLs1yYElaynMBs5GmpVI3h/dcXEtrjWbr1kpj6/5yN1d2PWbSlbVadT7PFV6PmWRlbbq6kG339mvVyqH9OxHxbET8rHA1WVn7fkQ0asvjfPABgAn21KHx/z+F7vgPAFxyxU82C+OsBwAwOsVxVwAAGDnjPwBMHuM/AEwe4z8ATB7jPwBMHuM/AEyU7775Zmdp7+Xvv15+Z3trvfHO7eVqc71U31oqLTU2N0qrjcZqrVpaatRP+75ao7Gx8HJsvVtuVZutcnN75169sXW/dS97r/e96sxIWgUAnOTZF97/SxIRu69dzZboe9//qWP18xddO+AipeOuADA2U+OuADA2R2f7AiaFfDxMrv+32+3om7s3Ih7ub/W9DHTgfxF6b6gwqXlD4clz8/NnyP8Dn2ry/zC5Hi//71keLgP5f5hc7XZizn8AmDBy/EBySnn/7//z7b6d4X7/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEtpNluStJTPBT4baVoqRTwdEddjJllZq1XnI+KZiPhzYabQ2V+ICPMGAcCnWfr3JJ//6+bcS7OHS68U/lvI1hHxo1+89fN3F1utzYWIK8m/9o+33suPV8ZRfwDgNL1xujeO93z06MFSbxllfT78Vndy0U7cvXzplkzHdLYuZrmGa/9O8v2uzvPK1DnE330YEZ87rv1Jlhu5ns98ejh+J/bTI42fHoifZmXddeff4rPnUBeYNO93+p/Xj7v/0riRrY+//4tZD3V2vf5v70j/l+73f1MD+r8bw8Z4+Q/fPnKwPdctexjxhemIvd6X9/U/vfjJgPgvDRn/r89/6cVBZe1fRtyM49qfHIhVbtU3ys3tndtr9cXV6mr1fqVyd+Hu/Kt3XqmUsxx1uZepPuofr916ZlD8TvuvDYhfPKX9Xx2y/b/639s/+PIJ8b/+leOv/3MnxO+MiV8bMv7itd8WB5V14i8PaP9p1//WkPE/+NvO8pCnAgAj0NzeWV+s1aqbZ98onnhOeh4h1hdrU3HyOT/Jn1LOr10nbBR+/dM3Tj+5cNHVOOtGDCqaelJqeGk2CkOcc/WJqOq4eybgon1y04+7JgAAAAAAAAAAAAAAwCCj+HOicbcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAy+vjAAAA//+DitLu")
creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x42, &(0x7f0000000100)=0x2, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340), 0x10}, 0x94)
write$vhost_msg_v2(0xffffffffffffffff, 0x0, 0x0)
openat$incfs(0xffffffffffffff9c, 0x0, 0x20000, 0x100)
fanotify_init(0x8, 0x40000)
open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
r2 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
preadv2(r2, &(0x7f0000000a80)=[{&(0x7f00000002c0)=""/46, 0x2e}], 0x1, 0x6, 0x7, 0x0)
poll(&(0x7f0000000080), 0x0, 0xfffffffb)

5.330335343s ago: executing program 0 (id=294):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0xa, 0x801000089}, 0x0)
msgget$private(0x0, 0xc4)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x400c84, &(0x7f0000000340), 0x1, 0x786, &(0x7f0000001900)="$eJzs3c9rHGUfAPDvbJKmTfu+yQsvaL0YEDRQmpgaWwWFigcRLBT0bLtstqFmky3ZTWlCQIsIXgQVD4JeevLgj3rz6o+r/hcexFI1LVY8SGQ2s+2m2U03abIbzecDk32emdl8n+/Or2d3hpkA9qzh9E8u4nBEvJtEDGbjk4joq5V6I06uzndreamQDkmsrLz8a1Kb5+byUiEa3pM6mFUejIhv34o4klsft7KwOJ0vlYpzWX2sOnNhrLKwePT8TH6qOFWcPT4+MXHsxJMnjm9frr//sHjo2nsvPPbFyT/ffODqO98lcTIOZdMa89iyZ9dWh2M4+0z60o9wjefvO9juknS7AWxJumn2rG7lcTgGo6dWAgD+zV6PiBUAYI9JHP8BYI+p/w5wc3mpUB+6+4tEZ11/LiL2r+ZfP7+5OqU3O2e3v3YedOBmsubMSBIRQ9sQfzgiPv7q1c/SIbbrPCRAG964HBFnh4bX7/+TddcsbNbjG0zbl70O3zU+je8MNHTG12n/56lm/b/c7f5PNOn/9DfZdrei2fa/ZsSBbQiygeufRDzTcG3brYb8M0M9We0/tT5fX3LufKmY7tv+GxEj0def1sc3iDFy468braY19v9+e/+1T9P46eudOXI/9/avfc9kvpq/n5wbXb8c8VBvs/yT28s/adH/Pd1mjBeffvujVtPS/NN868P6/CO7OmlnrFyJeLTp8r9zRVuy4fWJY7XVYay+UjTx5Y8fDrSK37j80yGNX/8u0Anp8h/YOP+hpPF6zcrmY3x/ZfCbVtPunX/z9X9f8kqtXO9HXMpXq3PjEfuSl9aPP3bnvZfyD2el1fnT/Eceab79b7T+p98Jz7aZf++1Xz7fev47K81/clPLf/OFq7eme1rFb2/5T9RKI9mYdvZ/7Tbwfj47AAAAAAAAAAAAAAAAAAAAAAAAAGhXLiIORZIbvV3O5UZHV5/h/f8YyJXKleqRc+X52cmoPSt7KPpy9VtdDjbcD3U8ux9+vX7srvoTEfG/iPig/0BSv4/iZJdzBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC6gy2e/5/6qb/brQMAdsz+bjcAAOg4x38A2Hsc/wFg72nv+N+z4+0AADrH938A2Hsc/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANhhp0+dSoeVP5aXCml98uLC/HT54tHJYmV6dGa+MFooz10YnSqXp0rF0UJ55l7/r1QuX5iI2flLY9VipTpWWVg8M1Oen62eOT+TnyqeKfZ1JCsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2JzKwuJ0vlQqzilsobCyO5rR/UJPtjrtlvZ0tJDsjmZsc6HLOyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf4i/AwAA//+3ACFj")
read$msr(0xffffffffffffffff, &(0x7f0000002700)=""/102392, 0x18ff8)
setxattr$trusted_overlay_upper(&(0x7f0000001240)='./file1\x00', &(0x7f0000000180), &(0x7f0000000180)=ANY=[], 0x841, 0x0)

4.866816861s ago: executing program 1 (id=295):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40043, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080))
read$msr(r1, &(0x7f0000004340)=""/102376, 0x18fe8)
openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
getpid()
ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000040), 0xfffffffffffffffe, 0x16ef03)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff})
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000800)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f00000000c0), 0x4)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r4}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008bd6000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xc0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r5, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r6}, 0xc)
syz_emit_ethernet(0x7e, &(0x7f0000000200)={@broadcast, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x1, 0x0, 0x3, 0x0, 0x0, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x4, 0x0, @loopback, @local, {[@timestamp_prespec={0x44, 0x1c, 0xd9, 0x3, 0x0, [{@rand_addr=0x64010101, 0x4}, {@local, 0x8}, {@private=0xa010102, 0x8}]}, @cipso={0x86, 0x6}, @timestamp={0x44, 0x1c, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}}}}}}}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)

4.834648683s ago: executing program 3 (id=296):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000800), 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_io_uring_setup(0x117c, 0x0, 0x0, &(0x7f00000001c0))
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000480)=[@reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40}], 0x0, 0x0, 0x0})
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000000)={0x3c})

4.599589564s ago: executing program 0 (id=297):
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, 0x0, 0x0)
r0 = syz_open_dev$vim2m(&(0x7f00000000c0), 0x81, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x8000, 0x3000, 0x34343452, 0x4, 0x7, [{0x592e3537, 0x2}, {0xfffffff7, 0x9}, {0x1, 0x9}, {0xe53, 0x7}, {0x7000, 0x8}, {0x7, 0xc}, {0x8, 0x32}, {0x1, 0xfffffff0}], 0xd7, 0x4, 0x3, 0x2, 0x4}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x9, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x9)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x8200, 0x0)
setsockopt$ax25_int(0xffffffffffffffff, 0x101, 0x2, 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
r4 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi1\x00', 0x2180, 0x0)
ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, &(0x7f0000000280)={'pcl812\x00', [0x2f00, 0x5, 0x3, 0x2, 0x0, 0x1, 0x1, 0x9, 0xffe, 0x1, 0xc, 0x1, 0x4, 0x4, 0xffff, 0x6, 0xffffffa7, 0x40000009, 0x832, 0x30000, 0x3ff, 0x9, 0x800, 0xe2df, 0x2, 0x1, 0x80, 0x3, 0x4, 0x7, 0x70f]})
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
r5 = socket$l2tp6(0xa, 0x2, 0x73)
connect$pppl2tp(r3, &(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, r5, 0x4, 0x0, 0x0, 0x0, {0xa, 0x4e23, 0x2, @mcast1, 0x5a89}}}, 0x3a)
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, 0xffffffffffffffff, 0x100000000)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x4)
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000180)='gfs2\x00', 0x2208004, 0x0)
connect$pppoe(0xffffffffffffffff, 0x0, 0x0)
r6 = syz_mount_image$iso9660(&(0x7f00000001c0), &(0x7f0000000280)='./file0\x00', 0x14806, &(0x7f0000000080)=ANY=[], 0x0, 0x702, &(0x7f0000001140)="$eJzs3V2P21gZB/D/STJJJoWqAlStqm7ndMpKUzGkTmabKipIGOckY0jiyPbAjIS0KnRmNWqmQFskmpt2bniRli/A3d5wwYdYiQuu9lvAFUgrEBJiBUJGPrbzMnEykzbtbNn/b7Qbx358/Phl/axn7GMQERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERhNUwjIpA2+7u7MrZrIbrdJIvWUxNj1pbwc1o4Oa8Za6EywVE+A+KRbwVjX7rK6OQy+G/1nE1+nYVxfCjiMGFy5fufjmXSeafk/CLwKINPn46eHCv399/dIbYLBZu/jwhc4agluranmN3zJaStufIeq1m3NpuerJpt5W35/mqIy1XZXzHlRvWTVmp17ekKu85O91Ww2yrZOSdr1cNoya/U4h2NICyZ23b7bbdbemYcHIYc0d+8IMoQJkdKQ8O+/tbY/k8S9vGYVAlJfnMeHAYVD1tdatGtVqpVKuV2u367TuGkZsaYYSEMYSpiKUftPSGWe4JnOglZKzGf4w/CaCNIrrYwS5k6o+FBlw46MyYHkvq/zu31Nzljtf/pMqvjCZfga7/16Jv12bV/xm5SEg9Q9oUMWP8Yj8rOiOJx3iKAR7gHvroYx+PltC2hFx76RbyRrwll5LPzJ8WFLqw4cGBjQ5MtPBFyHiMRB011GDgPWyjCQ8STdhoQ8HDHjz4UOERlQ8zVTDhw4ELiQ1YuAmJCuqoYwsSCmXswcEOumihARP/CoLgAId6u2/F+TxPWWskQZUZK1FALjnu9lGds7az6v8Pn0Vzx/XfYP3/vIqOg0L08fG8GKLPgCC+/l/Q2qvJhoiIiIiIiIheBaF/+y70X+XfBhCgabeVMRFTOLfsiIiIiIiIiGgZBIICrkJEd+XjbYjp638iIiIiIiIierMJ/YydAFDSN/WL0eNSZ/klQPY1pEhEREREREREL0k/+X8tDwT6Lv81iIWu/4mIiIiIiIjoDfCrsT72c9m4j90g+bN+BsDanwvio78V4K6I497uV8WRGU4xj+KYqTsA/OYVcTHuqFd/5AHob5a6KuKlSeCfyW8fQp8cpPf1/zyICCHcEwnks+MNzEhAhEuu5eJv+ADXo1mux/3M3x9koKdEPQqXmnZblS2nfbcC07yY8dWu/7OHhz8H3OF6Hhz298s/+nH/vs7lOBx1fBQ2+mwinUz6xhjl8kT3t6CfuUjr3XgVzWSRv+52SkIv10jWPwvzKDO+oHk7oLYKRGv5C6xH+2w9iGJLg2GP+wJY050/VMp6l02svbsiRllUTq552o6YseZFncWNKObGxo3oI9kmYTsZUfxaFqiWp/fBRBbV8SxO3xbi7ye2//wsIIrhttgKs/hD2NCJLL7/UTTzVm836R7jLFlMHQVEROflYFSFdCfmU33sJ+UhOamdve4gB8RnuRnVfbSUIK4fSXV/8tsgqlBZIBf/bSJ9KUldQXhG3xC6nXzUoXvuSsoZ3Sh/GgSBebGI8TP6f4MgWSFjgep2HATByTP670fvQIrTnsri30EQ3K3oSvKbE1X1w3CGD2cu12tXsyiigCdHP9Ed4Ife339//2G1ulUz3jWM21Ws6P9ViD+yYO0hIqIpp79jR0dk5kSId3E9auP6/b++Ew1NVLwvxbcUaLeAPu5jM3mFwFp6qyUc4Jv/iG5D2IyuWoH1UvRZGsjLl+6GV7XD2EOR02942Zx5VadraRSrb2+oDmOT9w6dvAIcxW694r1ARET0eq3PqMPARP3HZP0vTtT/TWxEERtXUq+7S2O3FG4mV8fDS/rBhePU2MrpyX9ryRuDiIjoc0K5n4iS/0vhunbvvUq9XjH9bSVdx/qudO1GS0m76yvX2ja7LSV7ruM7ltOWPRcFe1V50tvp9RzXl03HlT3Hs3f1m99l/Op3T3XMrm9bXq+tTE9Jy+n6puXLhu1Zsrfz7bbtbStXz+z1lGU3bcv0bacrPWfHtVRZSk+psUC7obq+3bTDwa7suXbHdPfk95z2TkfJhvIs1+75TtRgsiy723Tcjm62jGDhFx0SERH9P3r8dPDgXr+//+jkwGp4aR6NOcaMmOmBfEqD7COIiIjoM2ZUrheYqfgKEyIiIiIiIiIiIiIiIiIiIiIiIiIiIiIioimnP9K34MBK2sOCwHDMTy/GY/Aco0cMp9oReNl8PnX/qDv2e5HZM4suNHkkYvDg4znBq8MxyeYfjzleZKG4BLzw9vnLF4ALegyiMbklHgDTz48uq+Wkx+LUmG8cRBNnza4npk4qDPdFbvn/OYQDD383PUmEaxEEQTB/9sLkNsyf/XgON9aj/JxdsHrK8fM6z0JEdB7+FwAA//9NXDc5")
r7 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi2\x00', 0xa400, 0x0)
ioctl$COMEDI_DEVCONFIG(r7, 0x40946400, &(0x7f0000000140)={'multiq3\x00', [0x9df, 0x2566, 0xfffffffe, 0x100000, 0x15d, 0x0, 0x5, 0x10, 0x1002, 0xffffffff, 0x101, 0x20005, 0x344, 0x1ff, 0x4, 0x0, 0x4, 0x4, 0x9, 0xa, 0x100, 0x1005, 0x7, 0xa, 0x2, 0xffffffff, 0xb0c4, 0x7df, 0x8, 0x400007, 0xffffffff]})
ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f0000000000)={0xf0b, r6, 'id0\x00'})
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000100))
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xb, 0x0, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x94)

4.598515159s ago: executing program 2 (id=298):
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000004340)=""/102376, 0x18fe8)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x48, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x34, 0x1, [@m_sample={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x4, {0x3}}}}]}]}, 0x48}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000340), 0x400000)
sched_setscheduler(0x0, 0x2, 0x0)
ptrace$getregset(0x4204, 0x0, 0x201, &(0x7f0000000180)={&(0x7f0000000040)=""/215, 0xd7})
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(0xffffffffffffffff, 0x10, 0x0, 0x0)
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x310)
r1 = syz_open_dev$vim2m(&(0x7f0000000100), 0x7ff, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f0000000040)={0xd, 0x1, 0x0, "9611e6d6ffc800000000000000000300000000000000010183df4800", 0x38303553})
utimes(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080))
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000096c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=@newtaction={0x50, 0x30, 0xb, 0x0, 0x0, {}, [{0x3c, 0x1, [@m_vlan={0x38, 0x1, 0x0, 0x0, {{0x9}, {0xc, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0xfffd}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000000)=ANY=[], 0x0)

3.677801698s ago: executing program 3 (id=299):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_service_bytes\x00', 0x275a, 0x0)
syz_open_dev$usbfs(&(0x7f0000000040), 0x76, 0x141201)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_io_uring_setup(0x49a, &(0x7f00000003c0)={0x0, 0xdacf, 0x4000, 0x7fff, 0x32c}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000040))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, 0x0, 0x0, 0x4)
r5 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0)
preadv(r5, &(0x7f00000002c0), 0x0, 0x6, 0x9)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0x1)

3.578957882s ago: executing program 1 (id=300):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/comedi5\x00', 0x288200, 0x0)
pwritev2(r0, &(0x7f0000000100)=[{&(0x7f0000000080)='!', 0x1}], 0x1, 0x400003, 0x800004, 0x7)
lseek(r0, 0xe, 0x3)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
io_uring_setup(0x4a86, &(0x7f0000000300)={0x0, 0x4178, 0x40, 0x8001002, 0x3d7})
r1 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc}, 0x10)
r2 = socket(0x1e, 0x4, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx2\x00'}, 0x58)
r5 = accept(r4, 0x0, 0x0)
sendmmsg$alg(r5, &(0x7f0000000740)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000001c0)="564004c6852da7a299e4c397614090d1a6e12edf1767f157", 0xfcdc}], 0x1, &(0x7f0000000480)=[@op={0x18}], 0x18}], 0x1, 0x0)
recvmsg(r5, &(0x7f000000b680)={0x0, 0xfffffe58, &(0x7f000000b600)=[{&(0x7f000000b4c0)=""/5, 0x4}, {&(0x7f000000b500)=""/153, 0xfb7b}], 0x2}, 0x0)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
sendmmsg(r1, &(0x7f0000003240), 0x4000000000000e4, 0x0)

2.119832707s ago: executing program 3 (id=301):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x20, 0x0, 0x0, 0x12b}, {0x6, 0xff, 0x0, 0xfffffcb9}]})
syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f0000000100), 0x2, 0x528, &(0x7f0000000c00)="$eJzs3U9sI1cZAPBvJsnau02bLfQAqNClFBa0WjvxtquqF8qpQqgSogcOHLYhcaIo9jqKndKEFcoeuSNRiROcOHNA4oDUE3ckDnDjUg5IBVagBgkJVx6PU+ePE2uT2Nv495NG8+eN/b23o3lv9HkzL4CJdSMidiPiSkS8HRFz+fEkX+L17tI576NHD5b2Hj1YSqLdfuufSVbeORZ9n+l4Kv/OYkR8742IHyaHgv4porm9s75Yq1U380PlVn2j3Nzeub1WX1ytrlbvVyp3F+7Ov3rnlcq5tfWF+m8+vBoRv//dFz/44+43ftyp1mxe1t+O89Rt+sx+nI7piPjORQQbg6m8PVce58OP9SHOUxoRn4mIF7P7fy6msqt50MHL9M0R1g4AuAjt9ly05/r3AYDLLs1yYElaynMBs5GmpVI3h/dcXEtrjWbr1kpj6/5yN1d2PWbSlbVadT7PFV6PmWRlbbq6kG339mvVyqH9OxHxbET8rHA1WVn7fkQ0asvjfPABgAn21KHx/z+F7vgPAFxyxU82C+OsBwAwOsVxVwAAGDnjPwBMHuM/AEwe4z8ATB7jPwBMHuM/AEyU7775Zmdp7+Xvv15+Z3trvfHO7eVqc71U31oqLTU2N0qrjcZqrVpaatRP+75ao7Gx8HJsvVtuVZutcnN75169sXW/dS97r/e96sxIWgUAnOTZF97/SxIRu69dzZboe9//qWP18xddO+AipeOuADA2U+OuADA2R2f7AiaFfDxMrv+32+3om7s3Ih7ub/W9DHTgfxF6b6gwqXlD4clz8/NnyP8Dn2ry/zC5Hi//71keLgP5f5hc7XZizn8AmDBy/EBySnn/7//z7b6d4X7/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEtpNluStJTPBT4baVoqRTwdEddjJllZq1XnI+KZiPhzYabQ2V+ICPMGAcCnWfr3JJ//6+bcS7OHS68U/lvI1hHxo1+89fN3F1utzYWIK8m/9o+33suPV8ZRfwDgNL1xujeO93z06MFSbxllfT78Vndy0U7cvXzplkzHdLYuZrmGa/9O8v2uzvPK1DnE330YEZ87rv1Jlhu5ns98ejh+J/bTI42fHoifZmXddeff4rPnUBeYNO93+p/Xj7v/0riRrY+//4tZD3V2vf5v70j/l+73f1MD+r8bw8Z4+Q/fPnKwPdctexjxhemIvd6X9/U/vfjJgPgvDRn/r89/6cVBZe1fRtyM49qfHIhVbtU3ys3tndtr9cXV6mr1fqVyd+Hu/Kt3XqmUsxx1uZepPuofr916ZlD8TvuvDYhfPKX9Xx2y/b/639s/+PIJ8b/+leOv/3MnxO+MiV8bMv7itd8WB5V14i8PaP9p1//WkPE/+NvO8pCnAgAj0NzeWV+s1aqbZ98onnhOeh4h1hdrU3HyOT/Jn1LOr10nbBR+/dM3Tj+5cNHVOOtGDCqaelJqeGk2CkOcc/WJqOq4eybgon1y04+7JgAAAAAAAAAAAAAAwCCj+HOicbcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAy+vjAAAA//+DitLu")
creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet6(0xa, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340), 0x10}, 0x94)
write$vhost_msg_v2(0xffffffffffffffff, 0x0, 0x0)
openat$incfs(0xffffffffffffff9c, 0x0, 0x20000, 0x100)
fanotify_init(0x8, 0x40000)
open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
r1 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
preadv2(r1, &(0x7f0000000a80)=[{&(0x7f00000002c0)=""/46, 0x2e}], 0x1, 0x6, 0x7, 0x0)
poll(&(0x7f0000000080), 0x0, 0xfffffffb)

2.044941146s ago: executing program 1 (id=302):
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000ac0)={0x6, 0xb, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000510"], 0x0, 0x7, 0x0, 0x0, 0x40f00, 0x65}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000004340)=""/102376, 0x18fe8)
getpid()
r1 = socket$rds(0x15, 0x5, 0x0)
r2 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r2, &(0x7f00000008c0)=[{{&(0x7f0000000000)={0xa, 0x4e1e, 0x1, @rand_addr=' \x01\x00', 0x3}, 0x1c, 0x0}}, {{&(0x7f00000004c0)={0xa, 0x4e24, 0x0, @private0, 0x10000001}, 0x1c, &(0x7f0000000740)=[{&(0x7f0000000500)='l', 0x1}], 0x1}}], 0x2, 0x240040c4)
shutdown(r2, 0x1)
setsockopt(r2, 0x84, 0x80, &(0x7f00000002c0)="1a00", 0x2)
setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r2, 0x84, 0x5, &(0x7f0000005400)={0x0, @in6={{0xa, 0x4e23, 0x46, @mcast1, 0x40}}}, 0x84)
bind$rds(r1, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000000400)=[@mask_cswp={0x58, 0x114, 0x9, {{0x8, 0x8}, &(0x7f0000000140)=0x6, 0x0, 0x6, 0x2, 0x7ff, 0x4, 0x22, 0xfffffffffffffffa}}], 0x58, 0x8004}, 0x0)
r3 = socket$kcm(0x29, 0x5, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x89e2, 0x0)
close(0xffffffffffffffff)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b29, &(0x7f0000000000)={'wlan1\x00', @random="010000000700"})
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x4048aec9, &(0x7f0000001480)={0x3, 0x0, @ioapic={0x4, 0x1, 0xfffffffd, 0x7, 0x0, [{0x8, 0x7, 0x4, '\x00', 0x5}, {0x7, 0x80, 0x7, '\x00', 0x4}, {0x3, 0x0, 0x6, '\x00', 0x4}, {0x8, 0x6, 0x40, '\x00', 0xd}, {0x1, 0x4, 0x4, '\x00', 0x10}, {0x8, 0x6, 0x0, '\x00', 0x2}, {0x5, 0x7, 0x3, '\x00', 0x4}, {0xb4, 0x3, 0x7f, '\x00', 0x9}, {0x80, 0x3, 0x7, '\x00', 0x4}, {0x9, 0x3, 0xa, '\x00', 0x17}, {0x2, 0x33, 0xde, '\x00', 0x2}, {0x0, 0xa3, 0x3, '\x00', 0x4}, {0x6, 0x9, 0x6, '\x00', 0x4}, {0x20, 0x9, 0x10, '\x00', 0x7}, {0x6, 0x1, 0x4, '\x00', 0xc}, {0x8, 0x5, 0xf6, '\x00', 0x2}, {0x9, 0x2, 0x1, '\x00', 0x52}, {0x10, 0x5, 0xa0}, {0xca, 0x4, 0x4, '\x00', 0xe6}, {0x50, 0x1, 0x44, '\x00', 0xc}, {0x8f, 0x5, 0x0, '\x00', 0x1}, {0x6, 0x0, 0x5, '\x00', 0x3}, {0x40, 0xe, 0xa, '\x00', 0x1}, {0x9, 0x5, 0x1, '\x00', 0x7f}]}})
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00', @ANYRES32=0x0], 0x48)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000300)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

2.030576751s ago: executing program 0 (id=303):
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, 0x0, 0x0)
r0 = syz_open_dev$vim2m(&(0x7f00000000c0), 0x81, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x8000, 0x3000, 0x34343452, 0x4, 0x7, [{0x592e3537, 0x2}, {0xfffffff7, 0x9}, {0x1, 0x9}, {0xe53, 0x7}, {0x7000, 0x8}, {0x7, 0xc}, {0x8, 0x32}, {0x1, 0xfffffff0}], 0xd7, 0x4, 0x3, 0x2, 0x4}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x9, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x9)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x8200, 0x0)
setsockopt$ax25_int(0xffffffffffffffff, 0x101, 0x2, 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
r4 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi1\x00', 0x2180, 0x0)
ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, &(0x7f0000000280)={'pcl812\x00', [0x2f00, 0x5, 0x3, 0x2, 0x0, 0x1, 0x1, 0x9, 0xffe, 0x1, 0xc, 0x1, 0x4, 0x4, 0xffff, 0x6, 0xffffffa7, 0x40000009, 0x832, 0x30000, 0x3ff, 0x9, 0x800, 0xe2df, 0x2, 0x1, 0x80, 0x3, 0x4, 0x7, 0x70f]})
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
r5 = socket$l2tp6(0xa, 0x2, 0x73)
connect$pppl2tp(r3, &(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, r5, 0x4, 0x0, 0x0, 0x0, {0xa, 0x4e23, 0x2, @mcast1, 0x5a89}}}, 0x3a)
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, 0xffffffffffffffff, 0x100000000)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x4)
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000180)='gfs2\x00', 0x2208004, 0x0)
connect$pppoe(0xffffffffffffffff, 0x0, 0x0)
r6 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi2\x00', 0xa400, 0x0)
ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, &(0x7f0000000140)={'multiq3\x00', [0x9df, 0x2566, 0xfffffffe, 0x100000, 0x15d, 0x0, 0x5, 0x10, 0x1002, 0xffffffff, 0x101, 0x20005, 0x344, 0x1ff, 0x4, 0x0, 0x4, 0x4, 0x9, 0xa, 0x100, 0x1005, 0x7, 0xa, 0x2, 0xffffffff, 0xb0c4, 0x7df, 0x8, 0x400007, 0xffffffff]})
ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f0000000000)={0xf0b, 0xffffffffffffffff, 'id0\x00'})
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000100))
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xb, 0x0, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x94)

1.891290103s ago: executing program 1 (id=304):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), r0)
sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000000)={0x4c, r1, 0x1, 0x1000, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}, {0x5, 0x87}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40000}, 0x4800)
unshare(0x20000400)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r3)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r4)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r5)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0xffff, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70b927, 0x25dfdc01, {0x0, 0x0, 0x0, r7, {0x0, 0xe}, {0x2, 0xb}, {0xd, 0xb}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000)
ioctl$SIOCSIFHWADDR(r5, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a94000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000259000/0x4000)=nil)
r8 = socket$inet6(0xa, 0x3, 0x6)
setsockopt$inet6_buf(r8, 0x29, 0x39, &(0x7f0000000040)="ff02040000b5ffffffffffffffff2e2be82db1af00000000", 0x18)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r8, 0x29, 0x37, &(0x7f0000000440)=ANY=[], 0x8)
r9 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r10 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
writev(r9, &(0x7f0000000380)=[{&(0x7f0000000340)="7ae0c6d4ea38398e", 0x8}], 0x1)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r10, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={0xffffffffffffffff, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], 0x0, 0x0, 0x1}}, 0x40)

1.297775341s ago: executing program 2 (id=305):
bpf$TOKEN_CREATE(0x24, &(0x7f0000000040), 0x8)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x400000bce)
socket$inet_tcp(0x2, 0x1, 0x0)
io_uring_enter(0xffffffffffffffff, 0x5a3a, 0x85f0, 0x16, &(0x7f0000000100)={[0x9]}, 0x8)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=<r2=>0x0)
r3 = socket$pptp(0x18, 0x1, 0x2)
getpeername(r3, 0x0, &(0x7f00000000c0))
timer_settime(r2, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
io_setup(0x8, &(0x7f0000004200)=<r4=>0x0)
io_submit(r4, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0x0}])
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[], &(0x7f0000000180), 0x0)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x200000000000000)

1.186830722s ago: executing program 3 (id=306):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0xa, 0x801000089}, 0x0)
msgget$private(0x0, 0xc4)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040))
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x400c84, &(0x7f0000000340), 0x1, 0x786, &(0x7f0000001900)="$eJzs3c9rHGUfAPDvbJKmTfu+yQsvaL0YEDRQmpgaWwWFigcRLBT0bLtstqFmky3ZTWlCQIsIXgQVD4JeevLgj3rz6o+r/hcexFI1LVY8SGQ2s+2m2U03abIbzecDk32emdl8n+/Or2d3hpkA9qzh9E8u4nBEvJtEDGbjk4joq5V6I06uzndreamQDkmsrLz8a1Kb5+byUiEa3pM6mFUejIhv34o4klsft7KwOJ0vlYpzWX2sOnNhrLKwePT8TH6qOFWcPT4+MXHsxJMnjm9frr//sHjo2nsvPPbFyT/ffODqO98lcTIOZdMa89iyZ9dWh2M4+0z60o9wjefvO9juknS7AWxJumn2rG7lcTgGo6dWAgD+zV6PiBUAYI9JHP8BYI+p/w5wc3mpUB+6+4tEZ11/LiL2r+ZfP7+5OqU3O2e3v3YedOBmsubMSBIRQ9sQfzgiPv7q1c/SIbbrPCRAG964HBFnh4bX7/+TddcsbNbjG0zbl70O3zU+je8MNHTG12n/56lm/b/c7f5PNOn/9DfZdrei2fa/ZsSBbQiygeufRDzTcG3brYb8M0M9We0/tT5fX3LufKmY7tv+GxEj0def1sc3iDFy468braY19v9+e/+1T9P46eudOXI/9/avfc9kvpq/n5wbXb8c8VBvs/yT28s/adH/Pd1mjBeffvujVtPS/NN868P6/CO7OmlnrFyJeLTp8r9zRVuy4fWJY7XVYay+UjTx5Y8fDrSK37j80yGNX/8u0Anp8h/YOP+hpPF6zcrmY3x/ZfCbVtPunX/z9X9f8kqtXO9HXMpXq3PjEfuSl9aPP3bnvZfyD2el1fnT/Eceab79b7T+p98Jz7aZf++1Xz7fev47K81/clPLf/OFq7eme1rFb2/5T9RKI9mYdvZ/7Tbwfj47AAAAAAAAAAAAAAAAAAAAAAAAAGhXLiIORZIbvV3O5UZHV5/h/f8YyJXKleqRc+X52cmoPSt7KPpy9VtdDjbcD3U8ux9+vX7srvoTEfG/iPig/0BSv4/iZJdzBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC6gy2e/5/6qb/brQMAdsz+bjcAAOg4x38A2Hsc/wFg72nv+N+z4+0AADrH938A2Hsc/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANhhp0+dSoeVP5aXCml98uLC/HT54tHJYmV6dGa+MFooz10YnSqXp0rF0UJ55l7/r1QuX5iI2flLY9VipTpWWVg8M1Oen62eOT+TnyqeKfZ1JCsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2JzKwuJ0vlQqzilsobCyO5rR/UJPtjrtlvZ0tJDsjmZsc6HLOyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf4i/AwAA//+3ACFj")
read$msr(0xffffffffffffffff, &(0x7f0000002700)=""/102392, 0x18ff8)
setxattr$trusted_overlay_upper(&(0x7f0000001240)='./file1\x00', &(0x7f0000000180), &(0x7f0000000180)=ANY=[], 0x841, 0x0)

1.072012291s ago: executing program 0 (id=307):
bpf$TOKEN_CREATE(0x24, &(0x7f0000000040), 0x8)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x2, 0x3, &(0x7f0000000040)=ANY=[], 0x0}, 0x94)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x400000bce)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
sendfile(r0, r1, 0x0, 0x7ffff004)
io_uring_enter(r1, 0x5a3a, 0x85f0, 0x16, &(0x7f0000000100)={[0x9]}, 0x8)
write$sndseq(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)=<r4=>0x0)
r5 = socket$pptp(0x18, 0x1, 0x2)
getpeername(r5, 0x0, &(0x7f00000000c0))
timer_settime(r4, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_open_dev$video4linux(&(0x7f0000000040), 0x100, 0xd0a6487eb0247c42)
io_setup(0x8, &(0x7f0000004200)=<r6=>0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
io_submit(r6, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x0, r7, 0x0}])
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[], &(0x7f0000000180), 0x0)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x200000000000000)
syz_mount_image$nilfs2(&(0x7f0000000240), &(0x7f00000003c0)='./file0\x00', 0x10, &(0x7f0000000480)=ANY=[], 0x5, 0xa6c, &(0x7f0000000900)="$eJzs3U1sXEfhAPB5a68TJ2mz6d/516ShTSi05aN2Y5vwEQGpmgtRU3GrVHGJErdEOAGRSpCqhyQnxIVWVbjyeeqlfKgSuaCoJy6VaCQu5VI4cCAKUiUO0JAYeT2z3h3v5q0d2+v1/n7S29l5M7szb/e9t2/fezMTgIFVqT/OzIwXIVy5+saxfzz299EQro4t5ajVH4ebYtUQQhHjw9n7fTC0GN7+8NVT7cIiTNUfUzw8d7Px2p0hhIvhQLgWamHfleuvvzv17IlLxy8ffO/NIzfWZ+kBAGCwfOPakZm9f/3TQ3s+euvho2FbY346Pq/F+K543H80Hvin4/9KaI0XTVOzkSzfcJwqWb6hNvmay6lm+YY7lD+SvW+1Q75tJeUPNc1rt9zQz9J6XAtFZaIlXqlMTCz+Jw/1//UjxcS5M3Mvnu9RRYE1969HQggHTKaBny7VN4je12NDp/ndvd4DASzKrxcuczE/s3BvGu823F35N5+utH89rIGNXv+V31/l/+qSPQ5rZ6uuTWm50na0K8abriOcDW3uX8q3v/n8jbPtP71ffj2i2mU9O11H6JfrC53qObTB9VitTvXP14ut6isxTJ/DV7P05u0n/0775TsG2vu38/8m08BOy45v7yK/VwbY2vL75uajlJ7f15enbytJ316SPlqSvqMl1/L0nSWvh0H2u5d/HF4rlv7n5//pV3o+PJ1nuy+G96+wPvn5yJWWP3KX2EaU7xiJfvL7k8/PfvH0C9cX7/8vGuv/nbi+H4jxWtyarsUM6Xxhfl69ce9/rbWcSod8D2T1ua9N/vrzsdZ8xdjS+4Sm/cyyeoy3vm53p3z7W/PVsnyjcdqe1Tc/PtmRvS4df6T9avq8hrPlrWbLMZLVI+1X9sQwrwesRlofO93/n9bP8VAtXjwzN/tUjKf19I9D1W0L8w+VF/Xrta47cG+6bf8zHlrb/+xqzK9WmvcLu5fmF837hVo2f6rD/OkYT79z3xoarc+fOPWdudNrvfAw4M5feOXbJ+fmZr/niSeeeNJ40us9E7DeJl8++93J8xdeefLM2ZMvzb40e2768OHpqanDX5qemawf1082H90DW8nSj36vawIAAAAAAAAAAAB06/vHj13/8ztfeH+x/f9S+7/U/j/d+Zva//+wWGzrXmmaH9qMA5jaAe5pk17Pk3WwOpLlq8bp/7L6jmXl7M1e9/8xbIzjF9v/p+Lyfl1TfR7M5uf996Z8WXcCy/pLGcl6HcnHC/xEDC/H8BcBeqgYbT87hmX9W6d1PfVPsYJ+KdoXTE+k7y19Kakfk9T+u1O/Tmn/v2cD6sja24jmhL1eRqC9f3bo/7v+O78J+idez2lknZfxl/f3fhm3d07b1uu6bc7pLz8KA7Dup2l+3igewObQ6/E/03nPFJ77w9e3L0wp282nW/eXef+lcC82+/iTyt9a4382xr/rav93a/noCbXVlfufn954v6nYsK/b/W++/Kkf6LG8hLufif5oofxbS4vyeOiu/PmfZ+XnF4S6dCsuf/r8d3RZ/rLl319W0oW32839byw/fWxPPNpt+Ys1Liqt9cjPG6frf/l54+R2tvynV7v8qxyo8U4sHwZZv4wzu1JdjP9bVzb+7zJrPP5vJ/l9GJ+P8bQjTPc55COcrLD+jUj6HdibvX9R8vtm/N/+9uUYlm0PafzftD7W2sQrTfFqm892q+5roF99sHnH/136oep9XUzdfl+9r4dpBdP8/Pz6ntAq0dPC6fnn3+v/Cb0uv9eff5l8/N/8GD4f/zdPz8f/zdPz8X/z9Hx8vTx9R5aef575+L95+oPZ++bjA49nf7Dz9I+VvH5fSfpDJen7S9I/XpJ+sCT94ZL0R0rSHyhJf7Qk/ZMl6Z8qSX+sJP2JkvRPl6Rvdak9yqAuPwyyvH2e7R8GR2pf22n7HytJB/rXT9469MwLv/1mbbH9/0jjfEi6jnc0xqvxv/MPYjy/7h2a4gtp78T437L0zX6+AwZJ3n9G/vv+eEk60L/SfV62bxhARft2Et32W9XpOJ/+8pkYfjaGn4vhkzGciOFkDA/FcGqD6sf6eOY3bx95rVj6v787S+/2fvK8PVDeT9R0l/XJzw+s9H78vB+/lbrX8lfZHAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBnKvXHmZnxIoQrV9849vyJM5MLc77WyFGrPw43xaqN14XwVAyHYviz+OT2h6+eag7vxLAIU6EIRWN+eO5mo6SdIYSL4UC4Fmph35Xrr7879eyJS8cvH3zvzSM31u8TAAAAgK3vfwEAAP//FVAd+g==")
creat(&(0x7f00000002c0)='./file0\x00', 0x0)

920.056998ms ago: executing program 3 (id=308):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40043, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080))
read$msr(r1, &(0x7f0000004340)=""/102376, 0x18fe8)
openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
getpid()
ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000040), 0xfffffffffffffffe, 0x16ef03)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff})
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000800)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f00000000c0), 0x4)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r4}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008bd6000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xc0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r5, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r6}, 0xc)
syz_emit_ethernet(0x7e, &(0x7f0000000200)={@broadcast, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x1, 0x0, 0x3, 0x0, 0x0, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x4, 0x0, @loopback, @local, {[@timestamp_prespec={0x44, 0x1c, 0xd9, 0x3, 0x0, [{@rand_addr=0x64010101, 0x4}, {@local, 0x8}, {@private=0xa010102, 0x8}]}, @cipso={0x86, 0x6}, @timestamp={0x44, 0x1c, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}}}}}}}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)

349.204384ms ago: executing program 3 (id=309):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000800), 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_io_uring_setup(0x117c, 0x0, 0x0, &(0x7f00000001c0))
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000480)=[@register_looper], 0x0, 0x0, 0x0})
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000000)={0x3c})

260.086949ms ago: executing program 0 (id=310):
r0 = socket$kcm(0x2, 0x3, 0x84)
sendmsg$inet(r0, &(0x7f0000001000)={&(0x7f0000000600)={0x2, 0x2000, @local}, 0x10, &(0x7f0000000080)=[{&(0x7f0000001040)="5346f7f875528ef24043c68e04180a332e94ee4784fffee263c06f2d924e8699b6af71aa257b5a316af31628e5148c7012f4d55ce4c29fea9e5b0b61fdf0b2dc866fa81b4e775e235eaebe330e16114548f147b8a966bf1f1fc6c24b9d47d349c87c3f789d2ba608cd25b17b6c80a7f0ceb4a06ff270ff8c9f0d3a19133f1fdfd51b767b8cef1f36e5490c5df5fcb378a6fb6eb5d8aaf7791ce81f61a05e1ebdd1789eb70ac1f3dfed378f6f3e237120052113a75ab977796117f7e7b2d6ee499f51dc070c820d10a0eaef4fc94ddc648bafae070caf70c465267497b3de963df649e113e2060c82b057abfae0798d424c81aeb42796189eb0936a2c547a5c4d6351ed786c75beb926118fb7af49ecc00b545fe2563bd4294a982980afed3f9cf390f304611db4c6d7b64d64f38db5fde5cf7cadb29c697013b710e0218660671d0051ddd7fb7f5eb72a34f469b2e20600000091817eb5b952af43d1a40f4770e7220fcdfe25d3e9747e2af76ece5922724840afdba6f6f9e1d11db8561e8e836413ee04d6e084700ec1ac0e00569f0e4d4844f4710299aabbef615c33e276544669ce074528938ec0cc6d2af1ce7a47a64ad676f08507aa08d4210f979ef4aacfa4d524c9952d4743d65c3c527302942a8880116ce7ebc6c84778346f02c806bb466db7d313d7ebc7ea87823d4a8de0b697929fb3277012327827801f75ca3c5776d1a81acb160007f73148dfaf05ab7eed5a0e603ac468eb2bcd9de5f140758e74c20a9931187e0cbc857aa62a4cec8a62f7e31af3a78cdb8608551cdd68e83aebb3c9e05519184ff996c336553fa6bf16865cd6c4eacf1e360b029cdae41070f5fd183ea0eaae427505d56994ccfd0737aae3abbc45f56710d2e3f2662bf4514044f7fa03cde28fa1783970d3c676cb23cb1923a9feb233267ef663936ccf25f7597a2270724527bf468d22786d0548b25582180b72c51742c4e5c373a1008dd4cfba508e8f3f8ec35e6f1375a11b1fbe2dc09e9fe609e80112c8f5c895c922cd547def707b7252d7afa0030d008b1dd10fd4a56e30237a6e0229fb4562cb8df3d4e64b28e15c075e59554e9d61a6065d49c1e765a49195cf5d6b1e2b6192447817fedfe41fcdf9a4fc5af567906e4b6453da7b97eac255cc253d7bceba09f67da4815438583c6843366b76d9e9277558e48681e9cfa920b47aea0e5c46ef86ea7f1ef534cf7565b24b833ba2cbfe60e6271614850dd68f2a8a6be4f315b83abb8e2699ed8e2a4b3506f9dacbb180c4deeef7489f49faf34cdf4e91a402956564f854d71c892e4aada1c91647ce45d4834d000e8d5be1773ecae388e511228977a69d4cc67fbab60ee1555a219e41eebc31807a87d9cbe88a8b05959e1a988f6ea6ed73a6ac1ec2f3d74d73eaa91a39308e008b7fa1ecc2a020f495750f9936d9c07130d950a777c0d8d131416ef55a4ec041113df65ba4aea92fcb3e2268510f316bd17f04993b6473338fe7c08fd9874e743a31582162232c7d6c614e7b3513abcc0feb99b2c9111300004fe291f5bd682c039183e61c1fdac90b2a015939a8d10b07a05e99e5772b4b9329275cef8de2b066d4e4d421e4a0a69cdd8f674b12f5b3fa764e4b1e9f4d767e252e37477813a03f18da16d598fddcf4be590d9f65f64c647cb2f330a614fe688d3d80182ed8aa59905a1cb0d3f034d927e070d71f56ee8e5c5bdf23c4f85c7a17834467bd6cf58218868fe53e3675c130bbe44bea271fa67999a0dc3dbf7c40dbba6e7d6cc0936bd8d466a1f041883c093a3a60743d0549b1a989a2fa41ff978388014434909053e279a21e7866bd4efb4a9f46b7a8b0d1d84d83020e9e68936ca3de030269784aa29a3e25146cd5b03d21ca82f961be925c9ad487fb24b1e35c2d043ee4b6a4aaf811c4308a6ced6b4c45e7513a3f0e1421cb3b0fd8571a7085c9a4b454e4ee8b44767428666cd108b78369b871ab32f36943e24976f4bb6bd4068cc19585a2de791e3f950d220b28f4ba268d8c9dbccc1a705b1b1c30881babdbc8cc4cf97b801e4d410fd7c61b34b1f126e6df1b0e9c676d1a", 0x5c8}, {&(0x7f00000004c0)="3001fb90647586f4601659c5ad2644b9947b394c96c29278d097c5f170d77283a744139d2ce2a2f4bb5bb37e7396e7bac14056f25d17145e73bc2461b20ea3fce771f1b32d1585e8a456763cfafcf7189145a6e261af6232014cbf8a0f89b4b48bf6d14136874b6a1fd7caf8ec9966b0419be0420dc6e247d1a44f038ae29eb4bc67d6a00700000000000000a20fcbc57ade23cba05da1fbe4bba675b742472eebaabf356adc000000000000272cef5baf5dfad4a28a01208d9908183ab2085a781e531f1bed4ac9c245ec19be383047656a7d857d364e6f69eccea5aca3964f0000000000e3a4c643546a30ff127e8f87cf00f58aebadcd8acb2273fa88e45d03a514d09ed0de126c9fa1c57147cb959e0023e2a3e1d8a4b624d2721a", 0x11d}, {&(0x7f0000000300)="79dfe4263f037de282e588f3c773eca5f0c383e7425d1573aa90a44223bfeced3ff85afe9d0c0b3b5a7ed7fcdb96a3934fe7af73ee25d5d36ba42e2a858c3d134299abc0393e031db435b2156e55eb2b2b2e2300e0706dfc5c4ec73ba929ffe8a7bb7ce55d95fb6e58560c45d96a58a13aa944b98c481a82927ec071b272b4592616116116527fd2dbc0dfd540810275770aa531098c572f714f6852063afc8358fb31cc7ef5c52565d58643e6805bb8a95460b32b4e26bea604e534d8983790b5e2a180fed88108b0f5a44ec0d0d41482d99dddfa9098d327d9559e82fceb2b1b1c7be309200691488d6616780cd4e9020865ef41a22175dc52d35dac1232ae1164d7fee64a50651978436207fca4a9026a8a903e7857324458b7e8a143e6fdac0823c8d1a3ac864ad2d0402344aee2511247e716436fe118e65455da74ef25627785638dfa4bf365840fe12fbf73f0d42bcc66efc8693855156f6151e49471e1b7cccbfb01344f76cca177551c73147c32615b53f74a0b7c7ac25b86a01ce3da34b9951c5f04c31265648dc93bbe705f69848dc958ff85ae09aec0f2ee1f6d4310f8f00c266dd351dcdeab1cc900"/444, 0x1bc}, {&(0x7f0000000cc0)="f2a0f0f863621b483b19e7ecfce0d34e53fbf295927214684f4d69e90f0ec506442d2126c3f5ab0cdfd79dc1815274c3ee57068b3793c25fab48eb353478689f452328afb023f75f93229060bc2c82dd05d1e8c3a549a06e280ca4eaf77b4aed57a0c5f6120d25a3d5121895638ec5e2e600000000f5be12a64e075c60dd63e0b00e8f42bfb7671a56925477029cec7e7f16b358404edfb5e7a055fdeb2ba044d0d54e341d1d1ef1eb2c317f587f591626ceed08555ca0b2f31a3e7bf5ba7541db275e6a6b6501b87cc74c4804f6da7d3de93327287204cc97f9cb747576d2ab23a6e35c6da6b3240c92ae18b31cb6e7bc60061c76b1840d3e231621355f10ff35ea91ffd463228d000000000000000e454d3c36efee949f6311c6ad78b5a8f091d2ebb008925107e4a4584dab83f7f0cb5ad94266e71e2b7aaa01cf4f9f5e1d52e1e5086e9633cbee8126a200"/344, 0x158}, {0x0}], 0x5}, 0x0)

176.07375ms ago: executing program 1 (id=311):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x20, 0x0, 0x0, 0x12b}, {0x6, 0xff, 0x0, 0xfffffcb9}]})
syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f0000000100), 0x2, 0x528, &(0x7f0000000c00)="$eJzs3U9sI1cZAPBvJsnau02bLfQAqNClFBa0WjvxtquqF8qpQqgSogcOHLYhcaIo9jqKndKEFcoeuSNRiROcOHNA4oDUE3ckDnDjUg5IBVagBgkJVx6PU+ePE2uT2Nv495NG8+eN/b23o3lv9HkzL4CJdSMidiPiSkS8HRFz+fEkX+L17tI576NHD5b2Hj1YSqLdfuufSVbeORZ9n+l4Kv/OYkR8742IHyaHgv4porm9s75Yq1U380PlVn2j3Nzeub1WX1ytrlbvVyp3F+7Ov3rnlcq5tfWF+m8+vBoRv//dFz/44+43ftyp1mxe1t+O89Rt+sx+nI7piPjORQQbg6m8PVce58OP9SHOUxoRn4mIF7P7fy6msqt50MHL9M0R1g4AuAjt9ly05/r3AYDLLs1yYElaynMBs5GmpVI3h/dcXEtrjWbr1kpj6/5yN1d2PWbSlbVadT7PFV6PmWRlbbq6kG339mvVyqH9OxHxbET8rHA1WVn7fkQ0asvjfPABgAn21KHx/z+F7vgPAFxyxU82C+OsBwAwOsVxVwAAGDnjPwBMHuM/AEwe4z8ATB7jPwBMHuM/AEyU7775Zmdp7+Xvv15+Z3trvfHO7eVqc71U31oqLTU2N0qrjcZqrVpaatRP+75ao7Gx8HJsvVtuVZutcnN75169sXW/dS97r/e96sxIWgUAnOTZF97/SxIRu69dzZboe9//qWP18xddO+AipeOuADA2U+OuADA2R2f7AiaFfDxMrv+32+3om7s3Ih7ub/W9DHTgfxF6b6gwqXlD4clz8/NnyP8Dn2ry/zC5Hi//71keLgP5f5hc7XZizn8AmDBy/EBySnn/7//z7b6d4X7/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEtpNluStJTPBT4baVoqRTwdEddjJllZq1XnI+KZiPhzYabQ2V+ICPMGAcCnWfr3JJ//6+bcS7OHS68U/lvI1hHxo1+89fN3F1utzYWIK8m/9o+33suPV8ZRfwDgNL1xujeO93z06MFSbxllfT78Vndy0U7cvXzplkzHdLYuZrmGa/9O8v2uzvPK1DnE330YEZ87rv1Jlhu5ns98ejh+J/bTI42fHoifZmXddeff4rPnUBeYNO93+p/Xj7v/0riRrY+//4tZD3V2vf5v70j/l+73f1MD+r8bw8Z4+Q/fPnKwPdctexjxhemIvd6X9/U/vfjJgPgvDRn/r89/6cVBZe1fRtyM49qfHIhVbtU3ys3tndtr9cXV6mr1fqVyd+Hu/Kt3XqmUsxx1uZepPuofr916ZlD8TvuvDYhfPKX9Xx2y/b/639s/+PIJ8b/+leOv/3MnxO+MiV8bMv7itd8WB5V14i8PaP9p1//WkPE/+NvO8pCnAgAj0NzeWV+s1aqbZ98onnhOeh4h1hdrU3HyOT/Jn1LOr10nbBR+/dM3Tj+5cNHVOOtGDCqaelJqeGk2CkOcc/WJqOq4eybgon1y04+7JgAAAAAAAAAAAAAAwCCj+HOicbcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAy+vjAAAA//+DitLu")
creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340), 0x10}, 0x94)
write$vhost_msg_v2(0xffffffffffffffff, 0x0, 0x0)
openat$incfs(0xffffffffffffff9c, 0x0, 0x20000, 0x100)
fanotify_init(0x8, 0x40000)
open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
r1 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
preadv2(r1, &(0x7f0000000a80)=[{&(0x7f00000002c0)=""/46, 0x2e}], 0x1, 0x6, 0x7, 0x0)
poll(&(0x7f0000000080), 0x0, 0xfffffffb)

0s ago: executing program 0 (id=312):
r0 = socket(0x2, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000280)={'batadv0\x00', &(0x7f0000000040)=@ethtool_cmd={0x2, 0x6, 0x10, 0x3, 0xe8, 0x3, 0x0, 0x6, 0x1, 0x2, 0xfffffff9, 0x0, 0x200, 0xb, 0x9, 0x3, [0x100, 0xfffffff9]}})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x2, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="180800"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x1e}, 0x94)
r1 = userfaultfd(0x80001)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000700)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="5d58000000000000140803006970766c616e310000000000000000001c0012800b0001006970766c616e001bff000c00761e9cc458a7f7f6"], 0x50}, 0x1, 0x0, 0x0, 0x840}, 0x0)
r3 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}, 0x1, 0x0, 0x0, 0x400c000}, 0x0)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)={0x14, 0x2, 0x3, 0x3, 0x0, 0x0, {0x1, 0x0, 0x10}}, 0x3}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', <r6=>0x0})
r7 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r8=>0x0}, &(0x7f0000000040)=0x8)
r9 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
ioctl$DRM_IOCTL_SET_VERSION(r9, 0xc0106407, &(0x7f00000000c0)={0x1, 0x8, 0x1, 0x8})
getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r7, 0x84, 0x75, &(0x7f0000000440)={r8, 0x3}, &(0x7f0000000480)=0x8)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f00000003c0)={r8, 0xab, "d7d3ed9c5e5daa5953de2e3af79c8999a499ebeec1f3c5f833b032de4fc15f8f5b215cb55b24dcd4fb78ef03074e2ac85d06147fd3251c8f677275bc4718e13803a7d711e667fc258cc1a254c345652d436f01e352b710d8a2bff9540977a363ab90b4cdfba799eff2de86252848441c2a898dd56203b110c8bef19ba691ab22897e517b8bf31d6b31d01d73dc152075e51009d7d76e7d51c92181fc4da0670f1e71796d8d0606161c4b20"}, &(0x7f0000000100)=0xb3)
sendmsg$nl_route_sched(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0x3, 0x6}, {0x0, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x48080}, 0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x510})
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r10 = openat$tun(0xffffffffffffff9c, 0x0, 0x20702, 0x0)
ioctl$TUNSETIFF(r10, 0x400454ca, &(0x7f0000000080)={'pim6reg1\x00', 0xe511})
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0xe, 0x4, 0x4, 0x20006}, 0x50)
close(r10)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.246' (ED25519) to the list of known hosts.
[   65.209502][ T5777] cgroup: Unknown subsys name 'net'
[   65.351795][ T5777] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   66.793205][ T5777] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   68.450762][ T5799] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   68.460042][ T5796] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   68.469581][ T5798] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   68.477715][ T5799] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   68.478132][ T5796] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   68.488952][ T5800] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   68.493005][ T5798] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   68.500863][ T5800] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   68.507016][ T5798] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   68.512972][ T5799] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   68.519754][ T5796] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   68.527615][ T5799] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   68.535309][ T5796] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   68.542453][ T5799] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   68.548809][ T5796] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   68.555830][ T5799] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   68.561709][ T5798] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   68.569160][ T5800] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   68.583068][ T5796] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   68.583457][ T5799] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   68.590909][ T5796] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   68.597682][ T5800] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   68.611857][ T5799] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   68.622260][ T5792] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   69.084017][ T5789] chnl_net:caif_netlink_parms(): no params data found
[   69.122703][ T5788] chnl_net:caif_netlink_parms(): no params data found
[   69.167913][ T5787] chnl_net:caif_netlink_parms(): no params data found
[   69.255941][ T5786] chnl_net:caif_netlink_parms(): no params data found
[   69.266644][ T5789] bridge0: port 1(bridge_slave_0) entered blocking state
[   69.273832][ T5789] bridge0: port 1(bridge_slave_0) entered disabled state
[   69.281390][ T5789] bridge_slave_0: entered allmulticast mode
[   69.288406][ T5789] bridge_slave_0: entered promiscuous mode
[   69.323583][ T5789] bridge0: port 2(bridge_slave_1) entered blocking state
[   69.330825][ T5789] bridge0: port 2(bridge_slave_1) entered disabled state
[   69.338020][ T5789] bridge_slave_1: entered allmulticast mode
[   69.345283][ T5789] bridge_slave_1: entered promiscuous mode
[   69.423441][ T5788] bridge0: port 1(bridge_slave_0) entered blocking state
[   69.431330][ T5788] bridge0: port 1(bridge_slave_0) entered disabled state
[   69.438570][ T5788] bridge_slave_0: entered allmulticast mode
[   69.445554][ T5788] bridge_slave_0: entered promiscuous mode
[   69.456586][ T5789] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   69.482057][ T5788] bridge0: port 2(bridge_slave_1) entered blocking state
[   69.489299][ T5788] bridge0: port 2(bridge_slave_1) entered disabled state
[   69.496490][ T5788] bridge_slave_1: entered allmulticast mode
[   69.503349][ T5788] bridge_slave_1: entered promiscuous mode
[   69.511662][ T5789] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   69.537472][ T5787] bridge0: port 1(bridge_slave_0) entered blocking state
[   69.544648][ T5787] bridge0: port 1(bridge_slave_0) entered disabled state
[   69.551762][ T5787] bridge_slave_0: entered allmulticast mode
[   69.558769][ T5787] bridge_slave_0: entered promiscuous mode
[   69.602687][ T5787] bridge0: port 2(bridge_slave_1) entered blocking state
[   69.610583][ T5787] bridge0: port 2(bridge_slave_1) entered disabled state
[   69.617783][ T5787] bridge_slave_1: entered allmulticast mode
[   69.625792][ T5787] bridge_slave_1: entered promiscuous mode
[   69.634210][ T5788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   69.647109][ T5789] team0: Port device team_slave_0 added
[   69.676971][ T5788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   69.699476][ T5789] team0: Port device team_slave_1 added
[   69.719444][ T5786] bridge0: port 1(bridge_slave_0) entered blocking state
[   69.726695][ T5786] bridge0: port 1(bridge_slave_0) entered disabled state
[   69.734038][ T5786] bridge_slave_0: entered allmulticast mode
[   69.741227][ T5786] bridge_slave_0: entered promiscuous mode
[   69.797759][ T5786] bridge0: port 2(bridge_slave_1) entered blocking state
[   69.804989][ T5786] bridge0: port 2(bridge_slave_1) entered disabled state
[   69.812124][ T5786] bridge_slave_1: entered allmulticast mode
[   69.819147][ T5786] bridge_slave_1: entered promiscuous mode
[   69.839302][ T5787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   69.851812][ T5788] team0: Port device team_slave_0 added
[   69.859657][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_0
[   69.866736][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   69.892878][ T5789] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   69.906774][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_1
[   69.913767][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   69.940148][ T5789] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   69.964047][ T5787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   69.975583][ T5788] team0: Port device team_slave_1 added
[   69.990470][ T5786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   70.039201][ T5786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   70.073018][ T5787] team0: Port device team_slave_0 added
[   70.112834][ T5787] team0: Port device team_slave_1 added
[   70.130353][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_0
[   70.137607][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   70.163560][ T5788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   70.176723][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_1
[   70.183682][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   70.210686][ T5788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   70.234741][ T5786] team0: Port device team_slave_0 added
[   70.256156][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_0
[   70.263124][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   70.289907][ T5787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   70.310031][ T5789] hsr_slave_0: entered promiscuous mode
[   70.317162][ T5789] hsr_slave_1: entered promiscuous mode
[   70.325996][ T5786] team0: Port device team_slave_1 added
[   70.344190][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_1
[   70.351289][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   70.377284][ T5787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   70.429499][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_0
[   70.436858][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   70.462826][ T5786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   70.479600][ T5788] hsr_slave_0: entered promiscuous mode
[   70.485979][ T5788] hsr_slave_1: entered promiscuous mode
[   70.492115][ T5788] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   70.499971][ T5788] Cannot create hsr debugfs directory
[   70.522071][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_1
[   70.529142][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   70.555618][ T5786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   70.627402][ T5787] hsr_slave_0: entered promiscuous mode
[   70.633975][ T5787] hsr_slave_1: entered promiscuous mode
[   70.640205][ T5787] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   70.648556][ T5787] Cannot create hsr debugfs directory
[   70.659980][ T5791] Bluetooth: hci3: command tx timeout
[   70.663178][ T5792] Bluetooth: hci2: command tx timeout
[   70.671297][ T5106] Bluetooth: hci1: command tx timeout
[   70.718030][ T5786] hsr_slave_0: entered promiscuous mode
[   70.724830][ T5786] hsr_slave_1: entered promiscuous mode
[   70.730877][ T5786] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   70.738736][ T5106] Bluetooth: hci0: command tx timeout
[   70.739024][ T5786] Cannot create hsr debugfs directory
[   71.084917][ T5789] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   71.096681][ T5789] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   71.107558][ T5789] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   71.120743][ T5789] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   71.191996][ T5787] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   71.210770][ T5787] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   71.227614][ T5787] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   71.244196][ T5787] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   71.301151][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[   71.314447][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[   71.337603][ T5788] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   71.349688][ T5788] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   71.370262][ T5788] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   71.380662][ T5788] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   71.448152][ T5786] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   71.458912][ T5786] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   71.470593][ T5786] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   71.482279][ T5786] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   71.505747][ T5789] 8021q: adding VLAN 0 to HW filter on device bond0
[   71.555456][ T5789] 8021q: adding VLAN 0 to HW filter on device team0
[   71.576644][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.583942][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[   71.599301][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.606466][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[   71.711710][ T5787] 8021q: adding VLAN 0 to HW filter on device bond0
[   71.779303][ T5787] 8021q: adding VLAN 0 to HW filter on device team0
[   71.829866][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0
[   71.850680][  T990] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.857828][  T990] bridge0: port 1(bridge_slave_0) entered forwarding state
[   71.879768][ T5786] 8021q: adding VLAN 0 to HW filter on device bond0
[   71.893413][ T1124] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.900609][ T1124] bridge0: port 2(bridge_slave_1) entered forwarding state
[   71.940539][ T5788] 8021q: adding VLAN 0 to HW filter on device team0
[   71.974127][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.981308][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   71.999720][ T5786] 8021q: adding VLAN 0 to HW filter on device team0
[   72.023763][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.030912][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[   72.058060][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.065210][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[   72.078493][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.085625][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[   72.111702][ T5787] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   72.176156][ T5789] 8021q: adding VLAN 0 to HW filter on device batadv0
[   72.276501][ T5788] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   72.351468][ T5789] veth0_vlan: entered promiscuous mode
[   72.392507][ T5789] veth1_vlan: entered promiscuous mode
[   72.469062][ T5787] 8021q: adding VLAN 0 to HW filter on device batadv0
[   72.500049][ T5789] veth0_macvtap: entered promiscuous mode
[   72.530298][ T5789] veth1_macvtap: entered promiscuous mode
[   72.598841][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_0
[   72.618430][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_1
[   72.637665][ T5789] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   72.652279][ T5789] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   72.668310][ T5789] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   72.679843][ T5789] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   72.729800][ T5787] veth0_vlan: entered promiscuous mode
[   72.736378][ T5106] Bluetooth: hci1: command tx timeout
[   72.741912][ T5106] Bluetooth: hci2: command tx timeout
[   72.748755][ T5792] Bluetooth: hci3: command tx timeout
[   72.762720][ T5787] veth1_vlan: entered promiscuous mode
[   72.810745][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0
[   72.821148][ T5106] Bluetooth: hci0: command tx timeout
[   72.833527][ T5786] 8021q: adding VLAN 0 to HW filter on device batadv0
[   72.859028][ T1124] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   72.873100][ T1124] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   72.922125][ T1108] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   72.937689][ T1108] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   72.951846][ T5787] veth0_macvtap: entered promiscuous mode
[   72.963027][ T5787] veth1_macvtap: entered promiscuous mode
[   73.035963][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   73.047485][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.059877][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_0
[   73.070421][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   73.081208][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   73.092177][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_1
[   73.123346][ T5787] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   73.134978][ T5787] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   73.149413][ T5787] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   73.164678][ T5787] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   73.189328][ T5788] veth0_vlan: entered promiscuous mode
[   73.274564][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   73.287283][ T5788] veth1_vlan: entered promiscuous mode
[   73.402311][ T5786] veth0_vlan: entered promiscuous mode
[   73.775302][ T5786] veth1_vlan: entered promiscuous mode
[   73.859592][ T5786] veth0_macvtap: entered promiscuous mode
[   73.868621][ T1133] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.881216][ T5786] veth1_macvtap: entered promiscuous mode
[   73.904362][ T1133] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.929477][ T5788] veth0_macvtap: entered promiscuous mode
[   73.992244][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   74.003712][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   74.014123][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   74.025066][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   74.061384][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_0
[   74.302209][ T1133] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   74.310812][ T1133] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   74.312257][ T5788] veth1_macvtap: entered promiscuous mode
[   74.560187][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   74.600790][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   74.612441][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   74.623101][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   74.639696][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_1
[   74.647599][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   74.659190][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   74.669503][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   74.680680][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   74.690754][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   74.701791][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   74.714830][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0
[   74.732536][ T5786] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   74.749459][ T5786] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   74.760432][ T5786] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   74.773305][ T5786] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   74.799304][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   74.812140][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   74.822292][ T5106] Bluetooth: hci3: command tx timeout
[   74.822340][ T5106] Bluetooth: hci1: command tx timeout
[   74.827973][ T5106] Bluetooth: hci2: command tx timeout
[   74.839620][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   74.851551][ T5881] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   74.851842][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   74.879548][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   74.890474][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   74.900884][ T5106] Bluetooth: hci0: command tx timeout
[   74.903079][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1
[   74.937189][ T5788] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   74.946990][ T5788] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   74.956086][ T5788] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   74.965087][ T5788] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   75.120442][ T1133] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.132342][ T1133] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.190610][ T1133] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.198785][ T1133] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.260236][ T1108] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.278168][ T1108] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.283949][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.334893][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.502092][ T5887] syz.2.6[5887]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[   75.523888][ T5887] loop2: detected capacity change from 0 to 2048
[   75.565016][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   75.587408][ T5887] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   75.637817][    T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!!
[   75.646404][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   76.174482][    T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!!
[   76.409175][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   76.511406][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   76.818777][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   76.909893][ T5106] Bluetooth: hci2: command tx timeout
[   76.915474][ T5792] Bluetooth: hci1: command tx timeout
[   76.915622][ T5791] Bluetooth: hci3: command tx timeout
[   77.117792][ T5106] Bluetooth: hci0: command tx timeout
[   77.733674][ T5909] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   78.252361][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   78.342492][ T5914] netlink: 48 bytes leftover after parsing attributes in process `syz.3.11'.
[   78.355101][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   78.356305][ T5909] sctp: [Deprecated]: syz.1.8 (pid 5909) Use of struct sctp_assoc_value in delayed_ack socket option.
[   78.356305][ T5909] Use struct sctp_sack_info instead
[   78.422992][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.895017][ T5917] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11'.
[   78.952910][ T5920] loop2: detected capacity change from 0 to 2048
[   78.997870][ T5920] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   81.125293][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   81.368376][ T5936] loop1: detected capacity change from 0 to 1024
[   81.548146][    T9] cfg80211: failed to load regulatory.db
[   82.314031][ T5936] warning: `syz.1.16' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   82.605724][ T5945] loop1: detected capacity change from 0 to 2048
[   82.640805][ T5945] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   84.235876][ T5788] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   84.423840][ T5957] loop3: detected capacity change from 0 to 1024
[   84.488874][ T5959] netlink: 48 bytes leftover after parsing attributes in process `syz.1.20'.
[   85.178223][ T5960] netlink: 4 bytes leftover after parsing attributes in process `syz.1.20'.
[   87.469640][ T5963] loop0: detected capacity change from 0 to 32768
[   87.510721][ T5963] XFS: ikeep mount option is deprecated.
[   87.559893][ T5963] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   87.579377][ T5975] netlink: 48 bytes leftover after parsing attributes in process `syz.3.26'.
[   87.588727][ T5980] netlink: 4 bytes leftover after parsing attributes in process `syz.3.26'.
[   87.752548][ T5999] syzkaller0: entered promiscuous mode
[   87.758201][ T5999] syzkaller0: entered allmulticast mode
[   87.769099][ T5999] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[   87.850705][ T5997] loop2: detected capacity change from 0 to 2048
[   87.888321][ T5963] XFS (loop0): Ending clean mount
[   87.900025][ T5997] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   87.953182][ T6001] loop1: detected capacity change from 0 to 2048
[   87.979012][ T5963] XFS (loop0): Quotacheck needed: Please wait.
[   88.157033][ T6001] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   89.029283][ T5963] XFS (loop0): Quotacheck: Done.
[   89.130594][ T5789] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   89.223246][ T5788] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   89.223248][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   90.005356][ T6013] loop1: detected capacity change from 0 to 32768
[   90.012405][ T6013] XFS: ikeep mount option is deprecated.
[   90.149477][ T6013] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   90.604386][ T6028] loop0: detected capacity change from 0 to 32768
[   90.611458][ T6028] XFS: ikeep mount option is deprecated.
[   91.153923][ T6028] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   91.189282][ T6013] XFS (loop1): Ending clean mount
[   91.199055][ T6013] XFS (loop1): Quotacheck needed: Please wait.
[   91.259294][ T6013] XFS (loop1): Quotacheck: Done.
[   91.727585][ T6028] XFS (loop0): Ending clean mount
[   91.918357][ T6028] XFS (loop0): Quotacheck needed: Please wait.
[   92.575941][ T6028] XFS (loop0): Quotacheck: Done.
[   93.385872][ T5789] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   93.396546][ T5788] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   93.504197][ T6056] loop2: detected capacity change from 0 to 2048
[   94.212892][ T6056] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   94.810028][ T6059] netlink: 48 bytes leftover after parsing attributes in process `syz.2.41'.
[   95.035720][ T6060] netlink: 4 bytes leftover after parsing attributes in process `syz.2.41'.
[   95.490650][ T6066] loop0: detected capacity change from 0 to 32768
[   95.497711][ T6066] XFS: ikeep mount option is deprecated.
[   95.639316][ T6066] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   95.674424][ T6074] loop1: detected capacity change from 0 to 1024
[   95.789120][ T6066] XFS (loop0): Ending clean mount
[   95.808458][ T6066] XFS (loop0): Quotacheck needed: Please wait.
[   95.920324][ T6066] XFS (loop0): Quotacheck: Done.
[   97.172488][ T5789] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   98.375279][ T6090] netlink: 'syz.1.44': attribute type 1 has an invalid length.
[   98.413205][ T6092] loop0: detected capacity change from 0 to 2048
[   98.459573][ T6092] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   99.208699][ T5789] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   99.415045][ T6101] loop2: detected capacity change from 0 to 32768
[   99.422057][ T6101] XFS: ikeep mount option is deprecated.
[   99.471084][ T6101] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   99.613149][ T6101] XFS (loop2): Ending clean mount
[   99.621706][ T6101] XFS (loop2): Quotacheck needed: Please wait.
[   99.739015][ T6101] XFS (loop2): Quotacheck: Done.
[   99.763555][ T6111] loop0: detected capacity change from 0 to 1024
[  100.502840][ T5787] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  100.702125][ T6118] loop3: detected capacity change from 0 to 32768
[  100.709249][ T6118] XFS: ikeep mount option is deprecated.
[  101.261218][ T6118] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  101.378675][ T6118] XFS (loop3): Ending clean mount
[  101.387014][ T6118] XFS (loop3): Quotacheck needed: Please wait.
[  101.453842][ T6118] XFS (loop3): Quotacheck: Done.
[  103.122419][ T5786] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  103.175549][ T6137] loop1: detected capacity change from 0 to 2048
[  103.245545][ T6137] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  104.368612][ T5788] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  104.777059][ T6152] netlink: 4 bytes leftover after parsing attributes in process `syz.1.56'.
[  106.131210][ T6169] loop0: detected capacity change from 0 to 2048
[  106.187427][ T6169] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  106.913728][ T5789] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  108.698471][ T6195] syzkaller0: entered promiscuous mode
[  108.703989][ T6195] syzkaller0: entered allmulticast mode
[  109.234317][ T6200] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  110.430933][ T6213] sctp: [Deprecated]: syz.2.70 (pid 6213) Use of struct sctp_assoc_value in delayed_ack socket option.
[  110.430933][ T6213] Use struct sctp_sack_info instead
[  110.906381][ T6214] netlink: 36 bytes leftover after parsing attributes in process `syz.3.68'.
[  110.966715][ T6214] sctp: [Deprecated]: syz.3.68 (pid 6214) Use of struct sctp_assoc_value in delayed_ack socket option.
[  110.966715][ T6214] Use struct sctp_sack_info instead
[  114.255802][ T6228] loop3: detected capacity change from 0 to 2048
[  114.318828][ T6228] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  115.361863][ T6237] loop1: detected capacity change from 0 to 32768
[  115.369018][ T6237] XFS: ikeep mount option is deprecated.
[  115.433046][ T6237] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  115.543787][ T6237] XFS (loop1): Ending clean mount
[  115.584669][ T6237] XFS (loop1): Quotacheck needed: Please wait.
[  116.525521][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  116.544461][ T6237] XFS (loop1): Quotacheck: Done.
[  116.556491][ T6251] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.78' sets config #1
[  117.186020][ T5788] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  117.321100][ T6259] netlink: 4 bytes leftover after parsing attributes in process `syz.0.80'.
[  118.627160][ T6265] loop1: detected capacity change from 0 to 32768
[  118.634329][ T6265] XFS: ikeep mount option is deprecated.
[  118.692245][ T6265] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  118.875289][ T6265] XFS (loop1): Ending clean mount
[  118.881862][ T6265] XFS (loop1): Quotacheck needed: Please wait.
[  118.971446][ T6265] XFS (loop1): Quotacheck: Done.
[  119.380166][ T5788] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  119.550823][ T6280] loop0: detected capacity change from 0 to 2048
[  119.618408][ T6280] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  119.631797][   T23] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  119.834365][   T23] usb 4-1: Using ep0 maxpacket: 16
[  119.860455][   T23] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  119.904281][   T23] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0
[  119.916507][   T23] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 1023
[  121.478690][   T23] usb 4-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47
[  121.488023][   T23] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  121.496150][   T23] usb 4-1: Product: syz
[  121.500417][   T23] usb 4-1: Manufacturer: syz
[  121.505206][   T23] usb 4-1: SerialNumber: syz
[  121.515540][   T23] usb 4-1: config 0 descriptor??
[  121.522963][ T6277] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  121.631842][   T23] mcba_usb 4-1:0.0 can0: failed tx_urb -90
[  121.695592][   T23] mcba_usb 4-1:0.0 can0: Failed to send cmd (169)
[  121.704023][   T23] mcba_usb 4-1:0.0 can0: failed tx_urb -90
[  121.715017][   T23] mcba_usb 4-1:0.0 can0: Failed to send cmd (169)
[  121.721794][   T23] mcba_usb 4-1:0.0: Microchip CAN BUS Analyzer connected
[  122.152214][ T5789] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  122.172483][   T27] usb 4-1: USB disconnect, device number 2
[  122.186480][   T27] mcba_usb 4-1:0.0 can0: device disconnected
[  122.364401][ T6304] atomic_op ffff8880787c5998 conn xmit_atomic 0000000000000000
[  124.189794][ T6327] netlink: 4 bytes leftover after parsing attributes in process `syz.1.92'.
[  124.765786][ T6328] loop3: detected capacity change from 0 to 32768
[  124.772901][ T6328] XFS: ikeep mount option is deprecated.
[  124.861267][ T6328] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  124.913575][ T6316] loop2: detected capacity change from 0 to 2048
[  125.011023][ T6328] XFS (loop3): Ending clean mount
[  125.095410][ T6316] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  125.117442][ T6328] XFS (loop3): Quotacheck needed: Please wait.
[  125.232956][ T6328] XFS (loop3): Quotacheck: Done.
[  126.636249][ T5786] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  126.808299][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  127.920808][ T6370] Zero length message leads to an empty skb
[  131.782905][ T6403] netlink: 4 bytes leftover after parsing attributes in process `syz.1.108'.
[  132.587308][ T6407] tipc: Enabling of bearer <eth:syzk> rejected, failed to enable media
[  132.677824][ T6410] syzkaller0: entered promiscuous mode
[  132.683527][ T6410] syzkaller0: entered allmulticast mode
[  132.739715][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  132.747127][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[  132.761533][ T6407] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  138.475153][ T6462] loop1: detected capacity change from 0 to 2048
[  138.574992][ T6462] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  139.071711][ T6469] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.123' sets config #1
[  139.315648][ T6472] loop0: detected capacity change from 0 to 32768
[  139.323399][ T6472] XFS: ikeep mount option is deprecated.
[  139.413975][ T6472] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  139.535987][ T6472] XFS (loop0): Ending clean mount
[  139.543960][ T6472] XFS (loop0): Quotacheck needed: Please wait.
[  139.653222][ T6472] XFS (loop0): Quotacheck: Done.
[  140.251497][ T5788] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  140.354469][  T785] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  140.399475][ T5789] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  140.544339][  T785] usb 4-1: Using ep0 maxpacket: 16
[  140.672853][  T785] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  140.704253][  T785] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0
[  141.453859][  T785] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 1023
[  141.502853][  T785] usb 4-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47
[  141.536976][ T6490] loop1: detected capacity change from 0 to 2048
[  141.544901][  T785] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  141.574471][  T785] usb 4-1: Product: syz
[  141.588037][ T6490] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  141.620306][  T785] usb 4-1: Manufacturer: syz
[  141.639663][  T785] usb 4-1: SerialNumber: syz
[  142.085614][  T785] usb 4-1: config 0 descriptor??
[  142.227344][  T785] usb 4-1: can't set config #0, error -71
[  142.250917][  T785] usb 4-1: USB disconnect, device number 3
[  142.279394][ T6495] netlink: 48 bytes leftover after parsing attributes in process `syz.2.129'.
[  142.709987][ T5788] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  142.763479][ T6500] netlink: 4 bytes leftover after parsing attributes in process `syz.2.129'.
[  143.439104][ T6507] loop1: detected capacity change from 0 to 2048
[  143.475836][ T6507] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  144.737871][ T5788] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  145.002938][ T6523] loop3: detected capacity change from 0 to 32768
[  145.010013][ T6523] XFS: ikeep mount option is deprecated.
[  145.537302][ T6528] loop0: detected capacity change from 0 to 2048
[  145.590900][ T6523] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  145.623566][ T6528] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  145.877433][ T6523] XFS (loop3): Ending clean mount
[  145.885919][ T6523] XFS (loop3): Quotacheck needed: Please wait.
[  145.997538][ T5789] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  146.009348][ T6523] XFS (loop3): Quotacheck: Done.
[  147.626535][ T6548] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.138' sets config #1
[  147.761214][ T5786] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  147.860616][ T6556] loop2: detected capacity change from 0 to 2048
[  147.923509][ T6556] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  148.677131][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  149.751571][ T6571] atomic_op ffff88807d24f198 conn xmit_atomic 0000000000000000
[  150.226798][ T6575] loop0: detected capacity change from 0 to 2048
[  150.242624][ T6576] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.145' sets config #1
[  150.292877][ T6575] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  150.821823][ T6581] loop1: detected capacity change from 0 to 1024
[  151.447077][ T5789] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  151.721156][ T6585] netlink: 48 bytes leftover after parsing attributes in process `syz.0.148'.
[  152.306620][ T6585] netlink: 4 bytes leftover after parsing attributes in process `syz.0.148'.
[  154.042251][ T6604] loop0: detected capacity change from 0 to 512
[  154.329323][ T6604] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  154.518713][ T6604] ext4 filesystem being mounted at /37/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  155.215829][ T6613] loop2: detected capacity change from 0 to 32768
[  155.222916][ T6613] XFS: ikeep mount option is deprecated.
[  155.278059][ T6613] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  155.480149][ T6613] XFS (loop2): Ending clean mount
[  155.487736][ T6613] XFS (loop2): Quotacheck needed: Please wait.
[  155.584759][ T6613] XFS (loop2): Quotacheck: Done.
[  156.241966][ T5789] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  156.823190][ T5787] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  157.994790][    T8] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  158.288736][    T8] usb 4-1: Using ep0 maxpacket: 16
[  158.746233][    T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  158.798943][    T8] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0
[  158.811742][    T8] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 1023
[  158.833283][    T8] usb 4-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47
[  158.854819][    T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  159.043753][    T8] usb 4-1: Product: syz
[  159.049159][    T8] usb 4-1: Manufacturer: syz
[  159.053921][    T8] usb 4-1: SerialNumber: syz
[  159.656767][    T8] usb 4-1: config 0 descriptor??
[  159.683882][ T6636] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  159.726203][    T8] mcba_usb 4-1:0.0 can0: failed tx_urb -90
[  159.732167][    T8] mcba_usb 4-1:0.0 can0: Failed to send cmd (169)
[  159.759606][    T8] mcba_usb 4-1:0.0 can0: failed tx_urb -90
[  159.776526][    T8] mcba_usb 4-1:0.0 can0: Failed to send cmd (169)
[  159.792277][    T8] mcba_usb 4-1:0.0: Microchip CAN BUS Analyzer connected
[  160.405982][  T785] usb 4-1: USB disconnect, device number 4
[  160.436099][  T785] mcba_usb 4-1:0.0 can0: device disconnected
[  160.817079][ T6664] loop3: detected capacity change from 0 to 2048
[  161.948231][ T6664] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  163.018252][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  164.253692][ T6702] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.176' sets config #1
[  164.300154][ T6701] loop1: detected capacity change from 0 to 2048
[  164.452173][ T6701] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  165.720801][ T5788] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  166.180270][ T6721] loop1: detected capacity change from 0 to 32768
[  166.187564][ T6721] XFS: ikeep mount option is deprecated.
[  166.238677][ T6721] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  166.326439][ T6721] XFS (loop1): Ending clean mount
[  166.337025][ T6721] XFS (loop1): Quotacheck needed: Please wait.
[  166.352686][ T6732] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.184' sets config #1
[  166.412613][ T6721] XFS (loop1): Quotacheck: Done.
[  166.927055][ T5788] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  168.773059][ T6744] loop1: detected capacity change from 0 to 2048
[  168.995677][ T6744] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  169.716358][ T5788] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  172.656573][ T6786] loop0: detected capacity change from 0 to 164
[  175.543085][ T6799] loop0: detected capacity change from 0 to 32768
[  175.550783][ T6799] XFS: ikeep mount option is deprecated.
[  175.659963][ T6799] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  176.090829][ T6799] XFS (loop0): Ending clean mount
[  176.106824][ T6812] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.198' sets config #1
[  176.207790][ T6799] XFS (loop0): Quotacheck needed: Please wait.
[  176.262279][ T6799] XFS (loop0): Quotacheck: Done.
[  176.810512][ T6817] loop2: detected capacity change from 0 to 2048
[  176.842791][ T6817] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  176.889692][ T6819] loop1: detected capacity change from 0 to 2048
[  176.920310][ T6819] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  177.124611][ T5789] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  177.868507][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  177.968527][ T6828] netlink: 48 bytes leftover after parsing attributes in process `syz.3.205'.
[  178.745566][ T5788] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  178.953181][ T6836] loop2: detected capacity change from 0 to 32768
[  178.960413][ T6836] XFS: ikeep mount option is deprecated.
[  179.045807][ T6828] netlink: 4 bytes leftover after parsing attributes in process `syz.3.205'.
[  179.064147][ T6836] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  179.175870][ T6836] XFS (loop2): Ending clean mount
[  179.183991][ T6836] XFS (loop2): Quotacheck needed: Please wait.
[  179.227941][ T6836] XFS (loop2): Quotacheck: Done.
[  179.824139][ T5787] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  180.400175][ T6857] loop0: detected capacity change from 0 to 32768
[  180.407283][ T6857] XFS: ikeep mount option is deprecated.
[  180.581607][ T6857] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  180.702762][ T6857] XFS (loop0): Ending clean mount
[  180.711162][ T6857] XFS (loop0): Quotacheck needed: Please wait.
[  180.819278][ T6857] XFS (loop0): Quotacheck: Done.
[  181.342752][ T5789] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  181.713487][ T6876] loop3: detected capacity change from 0 to 2048
[  181.910138][ T6876] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  182.481880][ T6883] loop0: detected capacity change from 0 to 512
[  182.754934][ T6885] loop2: detected capacity change from 0 to 32768
[  182.762051][ T6885] XFS: ikeep mount option is deprecated.
[  182.823360][ T6889] loop1: detected capacity change from 0 to 512
[  182.831251][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  182.845580][ T6883] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  182.875263][ T6885] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  182.885821][ T6883] ext4 filesystem being mounted at /50/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  183.006167][ T6885] XFS (loop2): Ending clean mount
[  183.014431][ T6885] XFS (loop2): Quotacheck needed: Please wait.
[  183.055746][ T6889] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  183.100689][ T6885] XFS (loop2): Quotacheck: Done.
[  183.107018][ T6889] ext4 filesystem being mounted at /58/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  183.611259][ T6902] loop3: detected capacity change from 0 to 2048
[  184.186552][ T6902] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  185.029846][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  185.050287][ T5789] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  185.062892][ T5787] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  185.077875][ T5788] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  185.547842][ T6914] loop3: detected capacity change from 0 to 32768
[  185.554924][ T6914] XFS: ikeep mount option is deprecated.
[  185.607062][ T6913] loop1: detected capacity change from 0 to 2048
[  185.680617][ T6914] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  185.697132][ T6913] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  186.150252][ T6914] XFS (loop3): Ending clean mount
[  186.209259][ T6914] XFS (loop3): Quotacheck needed: Please wait.
[  186.322657][ T6914] XFS (loop3): Quotacheck: Done.
[  187.063395][ T5788] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  187.638732][ T5786] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  187.918867][ T6943] loop1: detected capacity change from 0 to 32768
[  187.926429][ T6943] XFS: ikeep mount option is deprecated.
[  187.990782][ T6943] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  188.198196][ T6943] XFS (loop1): Ending clean mount
[  188.208219][ T6943] XFS (loop1): Quotacheck needed: Please wait.
[  188.248893][ T6943] XFS (loop1): Quotacheck: Done.
[  188.699262][ T6961] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.229' sets config #1
[  188.897644][   T28] audit: type=1800 audit(1756766286.243:2): pid=6963 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.225" name="file1" dev="loop1" ino=9286 res=0 errno=0
[  188.937943][ T5788] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  188.982280][ T6967] loop0: detected capacity change from 0 to 2048
[  189.032770][ T6967] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  189.864020][ T5789] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  190.946788][ T6980] loop1: detected capacity change from 0 to 512
[  190.992380][ T6980] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  191.009507][ T6980] ext4 filesystem being mounted at /62/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  191.142492][ T5791] Bluetooth: hci2: command 0x0406 tx timeout
[  191.150398][ T5791] Bluetooth: hci1: command 0x0406 tx timeout
[  191.156660][ T5791] Bluetooth: hci0: command 0x0406 tx timeout
[  191.162819][ T5791] Bluetooth: hci3: command 0x0406 tx timeout
[  191.840340][ T5788] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  191.980205][ T6987] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.235' sets config #1
[  192.068603][ T6989] netlink: 48 bytes leftover after parsing attributes in process `syz.1.236'.
[  192.767082][ T6997] netlink: 48 bytes leftover after parsing attributes in process `syz.3.238'.
[  192.806130][ T6998] netlink: 4 bytes leftover after parsing attributes in process `syz.1.236'.
[  193.093061][ T6999] netlink: 4 bytes leftover after parsing attributes in process `syz.3.238'.
[  194.127880][ T7013] loop3: detected capacity change from 0 to 512
[  194.183760][ T7013] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  194.235059][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  194.295809][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[  194.325615][ T7013] ext4 filesystem being mounted at /51/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  194.459828][ T7018] loop1: detected capacity change from 0 to 512
[  194.563497][ T7019] loop0: detected capacity change from 0 to 2048
[  194.955909][ T7019] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  195.045740][ T7018] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  195.064431][ T7018] ext4 filesystem being mounted at /65/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  195.218491][ T7024] netlink: 48 bytes leftover after parsing attributes in process `syz.2.245'.
[  195.563499][ T7027] netlink: 4 bytes leftover after parsing attributes in process `syz.2.245'.
[  196.189579][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  196.345173][ T7033] loop3: detected capacity change from 0 to 2048
[  196.415888][ T7033] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  196.909963][ T5788] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  196.929343][ T7038] netlink: 48 bytes leftover after parsing attributes in process `syz.2.248'.
[  197.072574][ T7040] netlink: 4 bytes leftover after parsing attributes in process `syz.2.248'.
[  197.546151][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  197.610740][ T7044] loop1: detected capacity change from 0 to 2048
[  197.663037][ T7044] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  199.282974][ T7067] loop2: detected capacity change from 0 to 512
[  199.355141][ T7070] loop3: detected capacity change from 0 to 2048
[  199.400895][ T7070] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  199.802603][ T7067] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  199.825425][ T7067] ext4 filesystem being mounted at /68/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  200.061034][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  201.282532][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  203.625782][ T7126] netlink: 48 bytes leftover after parsing attributes in process `syz.0.267'.
[  203.690674][ T7131] netlink: 4 bytes leftover after parsing attributes in process `syz.0.267'.
[  204.430968][ T7141] process 'syz.0.269' launched './file0' with NULL argv: empty string added
[  204.930436][ T7128] loop2: detected capacity change from 0 to 32768
[  205.030411][ T7128]  loop2: p9 p11 p16
[  206.741183][ T7163] netlink: 48 bytes leftover after parsing attributes in process `syz.3.279'.
[  207.460680][ T7163] netlink: 4 bytes leftover after parsing attributes in process `syz.3.279'.
[  210.093477][ T7198] netlink: 48 bytes leftover after parsing attributes in process `syz.3.290'.
[  210.470070][ T7201] netlink: 4 bytes leftover after parsing attributes in process `syz.3.290'.
[  214.956531][ T7233] capability: warning: `syz.0.297' uses deprecated v2 capabilities in a way that may be insecure
[  215.149629][ T7237] loop3: detected capacity change from 0 to 512
[  215.199044][ T7237] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  215.223816][ T7241] atomic_op ffff888024dab198 conn xmit_atomic 0000000000000000
[  215.239949][ T7237] ext4 filesystem being mounted at /67/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  216.006153][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  216.187993][ T7256] loop3: detected capacity change from 0 to 2048
[  216.216108][ T7256] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  216.271359][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  217.621927][   T59] ------------[ cut here ]------------
[  217.627777][   T59] WARNING: CPU: 0 PID: 59 at net/mac80211/chan.c:92 ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[  217.638872][   T59] Modules linked in:
[  217.642801][   T59] CPU: 0 PID: 59 Comm: kworker/u4:4 Not tainted syzkaller #0
[  217.650352][   T59] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  217.660462][   T59] Workqueue: phy8 ieee80211_csa_finalize_work
[  217.666637][   T59] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[  217.674133][   T59] Code: 48 89 df e8 1a 06 ea f7 e9 dc fc ff ff e8 f0 bf 92 f7 eb 24 e8 e9 bf 92 f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 d8 bf 92 f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 ca bf 92 f7 48 8b 7c 24 08 4c 8b 7c
[  217.693897][   T59] RSP: 0018:ffffc900015a79c0 EFLAGS: 00010293
[  217.700146][   T59] RAX: ffffffff89f2cbce RBX: 0000000000000001 RCX: ffff88801a2eda00
[  217.708181][   T59] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  217.716507][   T59] RBP: dffffc0000000000 R08: ffff88805db815af R09: 1ffff1100bb702b5
[  217.721546][    C1] ------------[ cut here ]------------
[  217.725894][   T59] R10: dffffc0000000000 R11: ffffed100bb702b6 R12: 0000000000000001
[  217.730114][    C1] WARNING: CPU: 1 PID: 7273 at net/mac80211/tx.c:5031 __ieee80211_beacon_get+0x1233/0x1600
[  217.738180][   T59] R13: ffff88805db825d9 R14: ffff888023c7ac70 R15: ffff888023c7ace8
[  217.748102][    C1] Modules linked in:
[  217.748116][    C1] CPU: 1 PID: 7273 Comm: syz.3.309 Not tainted syzkaller #0
[  217.748135][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  217.748147][    C1] RIP: 0010:__ieee80211_beacon_get+0x1233/0x1600
[  217.756141][   T59] FS:  0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
[  217.760022][    C1] Code: 24 4c 89 e7 e8 0e 88 d4 f7 45 31 f6 4c 8b bc 24 a0 00 00 00 e9 7a fe ff ff e8 19 65 97 f7 0f 0b e9 f6 f7 ff ff e8 0d 65 97 f7 <0f> 0b e9 48 fb ff ff e8 01 65 97 f7 48 c7 c7 a0 09 24 8e 4c 89 e6
[  217.767329][   T59] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  217.777378][    C1] RSP: 0018:ffffc900001f0a18 EFLAGS: 00010246
[  217.777400][    C1] RAX: ffffffff89ee2a93 RBX: ffffffff89ee1896 RCX: ffff888022588000
[  217.777415][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
[  217.777439][    C1] RBP: 0000000000000000 R08: ffff888022588000 R09: 0000000000000003
[  217.777451][    C1] R10: 0000000000000007 R11: 0000000000000100 R12: ffff88805d02e3c0
[  217.777463][    C1] R13: dffffc0000000000 R14: ffff88805d02e8b0 R15: ffff8880307f5024
[  217.777479][    C1] FS:  00007f5f07ca76c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[  217.783800][   T59] CR2: 0000001b2eb19ff8 CR3: 000000002ff6d000 CR4: 00000000003506f0
[  217.792738][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  217.792755][    C1] CR2: 0000200000011000 CR3: 000000002ff6d000 CR4: 00000000003506e0
[  217.792773][    C1] Call Trace:
[  217.812414][   T59] Call Trace:
[  217.819006][    C1]  <IRQ>
[  217.819026][    C1]  ? __ieee80211_beacon_get+0x36/0x1600
[  217.825687][   T59]  <TASK>
[  217.833080][    C1]  ieee80211_beacon_get_tim+0xb8/0x560
[  217.841161][   T59]  ieee80211_link_use_reserved_context+0x383/0x5c0
[  217.849063][    C1]  ? ieee80211_beacon_get_template_ema_list+0x90/0x90
[  217.849104][    C1]  mac80211_hwsim_beacon_tx+0x3c7/0x780
[  217.857327][   T59]  ieee80211_csa_finalize+0x59a/0xf00
[  217.865072][    C1]  __iterate_interfaces+0x243/0x500
[  217.865096][    C1]  ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0
[  217.865119][    C1]  ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180
[  217.865144][    C1]  ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0
[  217.865168][    C1]  ieee80211_iterate_active_interfaces_atomic+0xdb/0x180
[  217.865196][    C1]  mac80211_hwsim_beacon+0xbb/0x1b0
[  217.865221][    C1]  __hrtimer_run_queues+0x51e/0xc40
[  217.865249][    C1]  ? hw_scan_work+0xf40/0xf40
[  217.865278][    C1]  ? hrtimer_interrupt+0x9c0/0x9c0
[  217.865298][    C1]  ? ktime_get_update_offsets_now+0x3d2/0x3f0
[  217.865331][    C1]  hrtimer_run_softirq+0x187/0x2b0
[  217.874303][   T59]  ? mutex_lock_nested+0x20/0x20
[  217.882265][    C1]  handle_softirqs+0x280/0x820
[  217.888887][   T59]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  217.896846][    C1]  ? __irq_exit_rcu+0xc7/0x190
[  217.900124][   T59]  ? ieee80211_csa_finalize_work+0x140/0x140
[  217.903413][    C1]  ? do_softirq+0x180/0x180
[  217.906297][   T59]  ? read_lock_is_recursive+0x20/0x20
[  217.911810][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  217.914772][   T59]  ieee80211_csa_finalize_work+0xf6/0x140
[  217.920292][    C1]  __irq_exit_rcu+0xc7/0x190
[  217.927322][   T59]  ? process_scheduled_works+0x957/0x15b0
[  217.933549][    C1]  ? irq_exit_rcu+0x20/0x20
[  217.939746][   T59]  process_scheduled_works+0xa45/0x15b0
[  217.944539][    C1]  irq_exit_rcu+0x9/0x20
[  217.944558][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  217.949786][   T59]  ? assign_work+0x400/0x400
[  217.956006][    C1]  </IRQ>
[  217.956016][    C1]  <TASK>
[  217.963217][   T59]  ? assign_work+0x39e/0x400
[  217.969467][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  217.969491][    C1] RIP: 0010:check_preemption_disabled+0x26/0x110
[  217.976534][   T59]  worker_thread+0xa55/0xfc0
[  217.981705][    C1] Code: 00 00 66 90 55 41 57 41 56 53 48 83 ec 10 65 48 8b 04 25 28 00 00 00 48 89 44 24 08 65 8b 05 ad ab 95 75 65 8b 0d a2 ab 95 75 <f7> c1 ff ff ff 7f 74 1f 65 48 8b 0c 25 28 00 00 00 48 3b 4c 24 08
[  217.986961][   T59]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  217.991594][    C1] RSP: 0018:ffffc9000530fac8 EFLAGS: 00000282
[  217.996721][   T59]  ? _raw_spin_unlock+0x40/0x40
[  218.002763][    C1] 
[  218.002771][    C1] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000080000001
[  218.007898][   T59]  ? _raw_spin_unlock_irqrestore+0x86/0x110
[  218.012799][    C1] RDX: 0000000000000000 RSI: ffffffff8afc7020 RDI: ffffffff8afc6fe0
[  218.017679][   T59]  kthread+0x2fa/0x390
[  218.023531][    C1] RBP: ffffc9000530fc30 R08: ffffffff8e4a8f2f R09: 1ffffffff1c951e5
[  218.028927][   T59]  ? pr_cont_work+0x560/0x560
[  218.034374][    C1] R10: dffffc0000000000 R11: fffffbfff1c951e6 R12: 1ffff92000a61f70
[  218.034408][    C1] R13: ffff888030d714a0 R14: 0000000000000001 R15: dffffc0000000000
[  218.034441][    C1]  rcu_is_watching+0x15/0xb0
[  218.034473][    C1]  lock_acquire+0xcb/0x410
[  218.038971][   T59]  ? kthread_blkcg+0xd0/0xd0
[  218.044357][    C1]  ? __might_sleep+0xe0/0xe0
[  218.044381][    C1]  ? read_lock_is_recursive+0x20/0x20
[  218.044405][    C1]  ? __lock_acquire+0x7c80/0x7c80
[  218.049600][   T59]  ret_from_fork+0x48/0x80
[  218.055336][    C1]  ? __might_fault+0xaa/0x120
[  218.059915][   T59]  ? kthread_blkcg+0xd0/0xd0
[  218.065658][    C1]  __might_fault+0xc6/0x120
[  218.065679][    C1]  ? __might_fault+0xaa/0x120
[  218.070158][   T59]  ret_from_fork_asm+0x11/0x20
[  218.075713][    C1]  do_recvmmsg+0x389/0x7d0
[  218.079957][   T59]  </TASK>
[  218.085601][    C1]  ? __sys_recvmmsg+0x280/0x280
[  218.090204][   T59] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  218.090215][   T59] CPU: 0 PID: 59 Comm: kworker/u4:4 Not tainted syzkaller #0
[  218.090234][   T59] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  218.090248][   T59] Workqueue: phy8 ieee80211_csa_finalize_work
[  218.090287][   T59] Call Trace:
[  218.090295][   T59]  <TASK>
[  218.090303][   T59]  dump_stack_lvl+0x16c/0x230
[  218.090334][   T59]  ? show_regs_print_info+0x20/0x20
[  218.090359][   T59]  ? load_image+0x3b0/0x3b0
[  218.090399][   T59]  panic+0x2c0/0x710
[  218.090437][   T59]  ? bpf_jit_dump+0xd0/0xd0
[  218.090487][   T59]  ? ret_from_fork_asm+0x11/0x20
[  218.090519][   T59]  __warn+0x2e0/0x470
[  218.090544][   T59]  ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[  218.090576][   T59]  ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[  218.090605][   T59]  report_bug+0x2be/0x4f0
[  218.090628][   T59]  ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[  218.090657][   T59]  ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[  218.090685][   T59]  ? ieee80211_vif_use_reserved_switch+0x10ea/0x28f0
[  218.090713][   T59]  handle_bug+0xcf/0x120
[  218.090736][   T59]  exc_invalid_op+0x1a/0x50
[  218.090759][   T59]  asm_exc_invalid_op+0x1a/0x20
[  218.090789][   T59] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[  218.090818][   T59] Code: 48 89 df e8 1a 06 ea f7 e9 dc fc ff ff e8 f0 bf 92 f7 eb 24 e8 e9 bf 92 f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 d8 bf 92 f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 ca bf 92 f7 48 8b 7c 24 08 4c 8b 7c
[  218.090834][   T59] RSP: 0018:ffffc900015a79c0 EFLAGS: 00010293
[  218.090850][   T59] RAX: ffffffff89f2cbce RBX: 0000000000000001 RCX: ffff88801a2eda00
[  218.090868][   T59] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  218.090880][   T59] RBP: dffffc0000000000 R08: ffff88805db815af R09: 1ffff1100bb702b5
[  218.090892][   T59] R10: dffffc0000000000 R11: ffffed100bb702b6 R12: 0000000000000001
[  218.090906][   T59] R13: ffff88805db825d9 R14: ffff888023c7ac70 R15: ffff888023c7ace8
[  218.090928][   T59]  ? ieee80211_vif_use_reserved_switch+0xcee/0x28f0
[  218.090979][   T59]  ieee80211_link_use_reserved_context+0x383/0x5c0
[  218.091013][   T59]  ieee80211_csa_finalize+0x59a/0xf00
[  218.091062][   T59]  ? mutex_lock_nested+0x20/0x20
[  218.091092][   T59]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  218.091115][   T59]  ? ieee80211_csa_finalize_work+0x140/0x140
[  218.091148][   T59]  ? read_lock_is_recursive+0x20/0x20
[  218.091181][   T59]  ieee80211_csa_finalize_work+0xf6/0x140
[  218.091215][   T59]  ? process_scheduled_works+0x957/0x15b0
[  218.091240][   T59]  process_scheduled_works+0xa45/0x15b0
[  218.091297][   T59]  ? assign_work+0x400/0x400
[  218.091329][   T59]  ? assign_work+0x39e/0x400
[  218.091360][   T59]  worker_thread+0xa55/0xfc0
[  218.091385][   T59]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  218.091424][   T59]  ? _raw_spin_unlock+0x40/0x40
[  218.091452][   T59]  ? _raw_spin_unlock_irqrestore+0x86/0x110
[  218.091508][   T59]  kthread+0x2fa/0x390
[  218.091525][   T59]  ? pr_cont_work+0x560/0x560
[  218.091550][   T59]  ? kthread_blkcg+0xd0/0xd0
[  218.091570][   T59]  ret_from_fork+0x48/0x80
[  218.091592][   T59]  ? kthread_blkcg+0xd0/0xd0
[  218.091613][   T59]  ret_from_fork_asm+0x11/0x20
[  218.091657][   T59]  </TASK>
[  218.093428][   T59] Kernel Offset: disabled