last executing test programs:

11m1.222967119s ago: executing program 3 (id=98):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000040)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x20, 0x0, 0x0, 0xfffff038}, {0x6}]}, 0x10)
sendmmsg(r3, &(0x7f0000000180), 0x4000190, 0x0)

10m57.584459791s ago: executing program 3 (id=102):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
rt_sigpending(0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$tmpfs(0x0, 0x0, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0)
ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f0000000080)={0x0, <r0=>0xffffffffffffffff, 'id1\x00'})
read$ptp(r0, &(0x7f0000000440)=""/4096, 0x1000)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x24}}, 0x0)
r2 = syz_mount_image$exfat(&(0x7f0000001080), &(0x7f0000001040)='./file1\x00', 0x0, &(0x7f00000011c0)=ANY=[@ANYBLOB='utf8,umask=00000000000000000100003,uid=', @ANYRESHEX=0xee01, @ANYBLOB="2c696f636861727365743d6575632d6a702c6572726f72733d72656d6f756e742d726f2c757466382c666d61736b3d30303030303030303030303030303030303030303133332c646d61736b3d30303030303030303030303030303030303030303030332c74696d655f6f66667365743d3078303030303030303030303030303030362c6572726f72733d72656d6f756e742d726f2c00e7f7a64e12768f24588c031e3a7d52e686581692b31c66f5320a14e587a7c28feef0f667bc0421879f8dd03f06fa51770cf06aece55ad1185a9caffc331fae3067bf"], 0x3, 0x152b, &(0x7f0000002f80)="$eJzs3AmYjtXbAPD7Puc8Y0zS2yTLcM65H95kOSZJsiTJkiRJkmRLSJrkLwmJIVvSkIRkGZJlCMkyMWns+74kJEmTJCHZkvNdir/66r8vvuub+3ddzzXnfs9zn+c87/0+8yyzfNN5SI1GNas2ICL4l+AvX5IBIBYABgDANQAQAEDZ+LLxF/pzSkz+1zbC/r0eSrvSM2BXEtc/e+P6Z29c/+yN65+9cf2zN65/9sb1z964/oxlZ5umFbiWl+y78PP/7IzP//+PZJUa88WaUtd3AYj5e1O4/tkb1///reDvWYnrn71x/bOr2Cs9AfZ/AB//2UGOv9jD9c/euP6MZWdX+vnzf36Rf7UfItnhPfgr+88YY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjP0XnPaXKQC41L7S82KMMcYYY4wxxti/j89xpWfAGGOMMcYYY4yx/zwEARIUBBADOSAWckIcCAC4GnLDNRCBayEeroM8cD3khXyQHwpAAhSEQqDBgAWCEApDEYjCDVAUboRiUBxKQElwUAoS4SYoDTdDGbgFysKtUA5ug/JQASpCJbgdKsMdUAXuhKpwF1SD6lADasLdUAvugdpwL9SB+6Au3A/14AGoDw9CA3gIGsLD0AgegcbwKDSBptAMmkOLfyr/BegOL0IP6AnJ0At6w0vQB/pCP+gPA+BlGAivwCB4FVJgMAyB12AovA7D4A0YDiNgJLwJo+AtGA1jYCyMg1QYDxPgbZgI78AkmAxTYCqkwTSYDu/CDJgJs+A9mA3vwxyYC/NgPqTDB7AAFkIGfAiL4CPIhMWwBJbCMlgOK2AlrILVsAbWwjpYDxtgI2yCzbAFtsI22A474GPYCZ/ALtgNe/5cv38k/9Sv8j+FvdAFAQEFClSoMAZjMBZjMQ7jMBfmwtyYGyMYwXiMxzyYB/NiXsyP+TEBE7AQFkKDBgkJC2NhjGIUi2JRLIbFsASWQIcOEzERS+PNWAbLYFksi+WwHJbHClgBK2ElrIyVsQpWwapYFathNayBNfBuvBt7YW2sjXWwDtbFupceT2EDbIANsSE2wkbYGBtjE2yCzbAZtsAW2BJbYitshW2wDbbFttgO22ESJmF7bI8dsAN2xI7YCTthZ+yMXbArds16IQfgi/gi9sRqohf2xt7YB1Ny9MP+2B9fxoH4Cr6Cr2IKDsYh+Bq+hq/jMDyJw3EEjsSRWFm8haNxDJIYh6mYihNwAk7EiTgJJ+NknIppOA2n43ScgTNxJr6Hs/F9fB/n4lycj+mYjgtwIWZgBi7CU5iJi3EJLsVluByX4UpchStxDa7FNbge1+NG3IibcTNuxa24Hbfjx6gA8BPcjbsxBffiXtyH+3A/7scDeACzMAsP4kE8hIfwMB7GI3gEj+IxPI7H8ASewJN4Ck/jaTyLZ/EcPpfwVcOPi69OAXGBEkrEiBgRK2JFnIgTuUQukVvkFhEREfEiXuQReURekVfkF/lFgkgQhUQhYYQRJMIYABBRERVFRVFRTBQTJUQJ4YQTiSJRlBalRRlRRpQVt4py4jZRXlQQrV0lUUlUFm1cFXGnqCqqimqiuqghaoqaopaoJWqL2qKOqCPqirqinnhA1Be9sB8+JC5UppEYjI3FEGwimgp58QhoKYZhK9FatBFPiBE4HNuJli5JPC3ai9HYQfxJjMFnRScxDjuL50UX0VV0Ey+I7qKV6yF6iknYS/QWU7GP6Cv6if5iBlYX7+HsnDXEqyJFDBZDxGtiPr4uhok3xHAxQowUb4pR4i0xWowRY8U4kSrGiwnibTFRvCMmicliipgq0sQ0MV28K2aImWKWeE/MFu+LOWKumCfmi3TxgVggFooM8aFYJD4SmWKxWCKWimViuVghVopVYrVYI9aKdWK92CA2ik1is9gitoptYrvYIT4WO8UnYpfYLfaIT8Ve8ZnYJz4X+8UX4oD4UmSJr8RB8bU4JL4Rh8W34oj4ThwVx8Rx8b04IX4QJ8UpcVqcEWfFj+Kc+EmcF16ARCmklEoGMkbmkLEyp4yTV8lcMrj47l4r4+V1Mo+8XuaV+WR+WUAmyIKykNTSSCtJhrKwLCKj8gZZVN4oi8nisoQsKZ0sJRPlTbK0vFmWkbfIsvJWWU7eJsvLCrKirCRvl5XlHRIiv2yjmqwua8ia8m6ZDPfI2vJeWUfeJ+vK+2U9+YCsLx+UDeRDsqF8WDaSj8jG8lHZRDaVzWRz2UI+JlvKx2Ur2Vq2kU/ItvJJ2U4+JZPk07K99Bc/Is/KTvI52Vk+L7vIrrKb/Emel172kD0l9ALZW74k+8i+sp/sLwfIl+VA+YocJF+VKXKwHCJfk0Pl63KYfEMOlyPkSPmmHCXfkqPlGDlWjpOpcrycIN+WE+U7cpKcLKfIqTJNTpP9Lo40S8q/mf/2r/MvnHrlNDno561vlJvkZrlFbpXb5Ha5Q34sd8qdcpfcJffIPXKv3Cv3yX1yv9wvD8gDMktmyYPyoDwkD8nD8rA8Io/Io/KYPCO/lyfkD/KkPCVPyTPyrDwrz118D0ChEkoqpQIVo3KoWJVTxamrVC51tcqtrlERda2KV9epPOp6lVflU/lVAZWgCqpCSiujrCIVqsKqiIqqG/DiB0aVUCWVU6VUorrpH8lXRdWNqpgq/pv8S/NL/gvza6FaqJaqpWqlWqk2qo1qq9qqdqqdSlJJqr1qrzqoDqqj6qg6qU6qs+qsuqguqpvqprqr7qqH6qGSVbLqrV5SfVRf1U/1VwPUy2qgGqgGqUEqRaWoIWqIGqqGqmFqmBquhquRaqQapUap0Wq0GqvGqlSVqiaoCWqimqgmqUlqipqi0lSamq6mqxlqhpqlZqnZaraao+aoeWqeSlfpaoFaoDJUhlqkFqlMtVgtVkvVUrVcLVcr1Uq1Wq1Wa9VatV6tV5lqk9qktqgtapvapnaoHWqn2ql2qV1qj9qj9qq9ap/ap/ar/eqAOqCyVJY6qA6qQ+qQOqwOqyPqiDqqjqrj6rg6oU6ok+qkOq1Oq7PqrDqnzqnz6ryCQIAIRKACFcQEMUFsEBvEBXFBriBXkDvIHUSCSBAfxAd5guuDvEG+IH9QIEgICgaFAh2YwAbiYtGjwQ1B0eDGoFhQPCgRlAxcUCpIDG4KSgc3B2WCW4Kywa1BueC2oHxQIagYVApuDyoHdwRVgjuDqsFdQbWgelAjqBncHdQK7glqB/cGdYL7grrB/UG94IGgfvBg0CB4KGgYPBw0Ch4JGgePBk2CpkGzoHnQ4t86vvcn8z3ueuieOln30r31S7qP7qv76f56gH5ZD9Sv6EH6VZ2iB+sh+jU9VL+uh+k39HA9Qo/Ub+pR+i09Wo/RY/U4narH6wn6bT1Rv6Mn6cl6ip6q0/Q0PV2/q2fomXqWfk/P1u/rOXqunqfn63T9gV6gF+oM/aFepD/SmXqxXqKX6mV6uV6hV+pVerVeo9fqdXq93qA36k16s96it+pterveoT/WO/UnepferffoT/Ve/Znepz/X+/UX+oD+Umfpr/RB/bU+pL/Rh/W3+oj+Th/Vx/Rx/b0+oX/QJ/UpfVqf0Wf1j/qc/kmf1/7Cxf2F07tRRpkYE2NiTayJM3Eml8llcpvcJmIiJt7Emzwmj8lr8pr8Jr9JMAmmkClkLiBDprApbKImaoqaoqaYKWZKmBLGGWcSTaIpbUqbMqaMKWvKmnKmnClvypuKpqK53dxu7jB3mDvNneYuc5epbqqbmqamqWVqmdqmtqlj6pi6pq6pZ+qZ+qa+aWAamIamoWlkGpnGprFpYpqYZqaZaWFamJampWllWpk2po1pa9qadqadSTJJpr1pbzqYDqaj6Wg6mU6ms+lsupguppvpZrqb7qaH6WGSTbLpbXqbPqaP6Wf6mQFmgBloBppBZpBJMSlmiBlihpqhZpgZZoabEWbkhQtV85YZbcaYsWacSTWpZoKZYCaaiWaSmWSmmCkmzaSZ6Wa6mWFmmFlmlpltZps5Zo6ZZ+aZdJNuFpgFJsNkmEVmkck0mWaJWWKWmWVmhVlhVplVZo1ZY9bBOrPBbDCbzCazxWwx28w2s8PsMDvNTrPL7DJ7zB6z1+w1+8w+s9/sNwfMAZNlssxBc9AcMofMYXPYHDFHzFFz1Bw3x80Jc8KcNCfNaXPanDX5Lp4vvYm1OW2cvcrmslfb3PYa+7/j/LaATbAFbSGrbV6b7zexsdYWs8VtCVvSOlvKJtqbfheXtxVsRVvJ3m4r2ztsld/Ftew9tra919ax99ma9u7fxHXt/baefcTWRwSwTW1D29w2so/YxvZR28Q2tc1sc9vWPmnb2adskn3atrfP/C5eYBfaVXa1XWPX2l12tz1tz9hD9ht71v5oe9iedoB92Q60r9hB9lWbYgf/Lh5p37Sj7Ft2tB1jx9pxv4un2Kk2zU6z0+27doad+bs43X5gZ9sMO8fOtfPs/J/jC3PKsB/aRfYjm2kDWGKX2mV2uV1hV/55rkvtervBbrQ77Sd2i91qt9ntdselC2G72+6xn9q99jN70H5t99sv7AF72GbZr36OL+zfYfutPWK/s0ftMXvcfm9P2B/UpewL+/69/cmet94CIQFJUhRQDOWgWMpJcXQV5aKrKTddQxG6luLpOspD11Neykf5qQAlUEEqRJoMWSIKqTAVoSjdQJemV4JKkqNSlEg3UWm6mcrQLVSWbqVydBuVpwpUkSrR7VSZ7qAqdCdVpbuoGlWnGlST7qZadA/VpnupDt1Hdel+qkcPUH16kBrQQ9SQHqZG9Ag1pkepCTWlZtScWtBj1JIep1bUmtrQE9SWnqR29BQl0dPUnp6hDvQn6kjPUid6jjrT89SFulI3eoG604vUg3pSMvWi3vQS9aG+1I/60wB6mQbSKzSIXqUUGkxD6DUaSq/TMHqDhtMIGklv0ih6i0bTGBpL4yiVxtMEepsm0js0iSbTFJpKaTSNptO7NINm0ix6j2bT+zSH5tI8mk/p9AEtoIWUQR/SIvqIMmkxLaGltIyW0wpaSatoNa2htbSO1tMG2kibaDNtoa20jbbTDvqYdtIntIt20x76lPbSZ7SPPqf99AUdoC8pi76ig/Q1HaJv6DB963vSd3SUjtFx+p5O0A90kk7RaTpDZ+lHOkc/0XnyBCGGIpShCoMwJswRxoY5w7jwqjBXeHWYO7wmjITXhvHhdWGe8Powb5gvzB8WCBPCgmGhUIcmtCGFYVg4LBJGwxvCouGNYbGweFgiLBm6sFSYGN4Ulg5vDsuEt4Rlw1vDcuFtYfmwQvjIfZXC28PK4R1hlfDOsGp4V1gtrB7WCGuGd4e1wnvC2uG9YZ3wvrBMeH9YL3wgrB8+GDYIHwobhg+HjcJHwsbho2GTsGnYLGwetggfC1uGj4etwtZhm/CJsG34ZNgufCpMCp8O24fP/Nx//8K/3J8c9gp7hy+FL4Xe3yvnRedH06MfRBdEF0Yzoh9GF0U/imZGF0eXRJdGl0WXR1dEV0ZXRVdH10TXRtdF10c3RDdGva+ZAxw64aRTLnAxLoeLdTldnLvK5XJXu9zuGhdx17p4d53L4653eV0+l98VcAmuoCvktDPOOnKhK+yKuKi7wRV1N7pirrgr4Uo650q5RNfctXAtXEv3uGvlWrs27gn3hHvSPemeck+5p11794zr4P7kOrpnXSf3nHvOPe+6uK6um3vBdXfjc/9yTCa73q636+P6uH6unxvgBriBbqAb5Aa5FJfihrghbqgb6oa5YW64G+5GupFulBvlRrvRbqwb61JdqpvgJriJbqKb5Ca5KW6KS3Npbrqb7ma4Ga7yzF+2MsfNcfPcPJfu0t0Cd+GaMcMtcotcpst0S9wSt8wtcyvcCrfKrXJr3Bq3zq1zG9wGt8ltclvcFrfNbXM73A630+10u/w1vwzq9rp9bp/b7/a7A+5Ll+W+cgfd1+6Q+8Yddt+6I+47d9Qdc8fd9+6E+8GddKfcaXfGnXU/unPuJ3feeZcaGR+ZEHk7MjHyTmRSZHJkSmRqJC0yLTI98m5kRmRmZFbkvcjsyPuROZG5kXmR+ZH0yAeRBZGFkYzIh5FFkY8imZHFkSWRpZFlkeUR7wtuCX1hX8RH/Q2+qL/RF/PFfQlf0jtfyif6m3xpf7Mv42/xZf2tvpy/zZf3FXxF/6hv4pv6Zr65b+Ef8y39476Vb+3b+Cd8W/+kb+ef8kn+ad/eP+M7+D/5jv5Z38k/5zv7530X39V38y/47v5F38P39Mm+l+/tX/J9fF/fz/f3A/zLfqB/xQ/yr/oUP9gP8a/5of51P8y/4Yf7EX5kzJt+1KVbZBjnU/14P8G/7Sf6d/wkP9lP8VN9mp/mp/t3/Qw/08/y7/nZ/n0/x8/18/x8n+4/8Av8Qp/hP/SL/Ec+0y++9FDSr/Ar/Sq/2q/xa/06v95v8Bv9Jr/Zb/Fb/Ta/3e/wH/ud/hO/y+/2e/ynfq//zO/zn/v9/gt/wH/ps/xX/qD/2h/y3/jD/lt/xH/nj/pj/rj/3p/wP/iT/pQ/7c/4s/5Hf87/5M/z36wxxhhjjP1dxl9uit/2/PI4v9cf5IhfrdwbAK7eWiDr1/0XrijX5f2l3VcktI0AwNM9Oz90aalWLTk5+eK6mRKCInMBLv0k6IIYuBwvhjbwJCRBayj9h/PvK7qepb8xfvRWgLhf5cTC5fjy+J8DYPIfjP/YEyMXlAtPx/+V8ecCFCtyOScnXI4XQ5ufn6+0hjJ/Yf75Wv6N+ef8IhWg1a9ycsHl+PL8E+FxeAaSfrMmY4wxxhhjjDH2i76iYsdL95+XfuPzj+7PE9TlnBxwOf5b9+eMMcYYY4wxxhi78p7t2u2px5KSWnf8xxtV/qmsv7vRGP5TI3PjDxveA1x6RQHAvzggwIWG/G/uxeb/yrZSLh46/7tr2RkfwP+NUv7zjbF/fuUKf2NijDHGGGOM/dtdvvr/7evqSk2IMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhjLhv4b/1fsSu8jY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxdqX9TwAAAP//HmP+kg==")
lstat(&(0x7f00000010c0)='./file1\x00', &(0x7f0000001100)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
quotactl_fd$Q_QUOTAOFF(r2, 0x0, r3, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240), 0x4000)

10m53.528079399s ago: executing program 3 (id=109):
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{&(0x7f0000000240)=@generic={0x21, "1aee2c4f6843c6782466293e62d4f664c2efa8906f0d97822ac0d88ecdd9d47e182b3b523c6243022c1be9fd662325c023ac48a28ae996c41561bb7e9903c408613b4d29da0b9d5af499caa7759c17c667af8acea6dc52148f1233494efd8f08aaab6382d5e33471a107ec47df5b5312764e134c68842fd1a2078151812e"}, 0x80, &(0x7f00000009c0)=[{&(0x7f0000000380)="82f294054d05973abfac6a6f31050418457d017c5fd68b034cf51b9f6a6d71daa5c776bca90037bc7c3d88b151fbf856f69ebd05e750f13f02af646b284953b6640a08c827c6f2ff4ad8e84077f9f03f94792aa17c4743cba3f355bb9c5b04b91ed70d253db68e17cdd561fab504479f723388dda974e2a9fb1bcda474c08d6222179b19e90200", 0x87}, {&(0x7f0000000480)="4ce09043b6aa2ae5946f67306c7f73ed469dfcfc5e1f4d8123a4a8a7b9be82f67f89605cd9bbf7254c156b00437f753a248daf68c5ebdc4a6346d336a6502e98eae72777956d1ebeeb855fae46b3ccb9fb3d593651b95ee00afe0816b3c6e7f3cb3b18fb5198643daa6b9cafde584957dd72ba27cef6604f5df59f0bee60bca63d75a9d812eb699c2d665b7179b22027cf748ac63bcc212703d44cb083", 0x9d}, {&(0x7f0000000780)="8ff2f15bd0017ce4b36b6bc4335634254cffcc40c0312f5ff35991272b79d76712dc0c3cfdc0d7", 0x27}, {&(0x7f0000000900)}], 0x4}}, {{&(0x7f0000000a40)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x80, 0x0, 0x0, &(0x7f0000000cc0)=[@timestamping={{0x14, 0x1, 0x25, 0x101}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}, @txtime={{0x18, 0x1, 0x3d, 0x80}}], 0x48}}], 0x2, 0x20000044)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

10m49.746115798s ago: executing program 3 (id=118):
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0xffffffffffffff7c, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee7, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
mount$binder(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0), 0x1000810, &(0x7f0000000000)={[{@stats}]})

10m48.119358004s ago: executing program 3 (id=121):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@set_irq_handler={0xc8, 0x20, {0x80, 0x2}}, @uexit={0x0, 0x18, 0xaaaa}], 0x38})
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r5 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r4, 0x3, 0x11, r3, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_assert_syzos_uexit$x86(r3, r5, 0xaaaa)
ioctl$KVM_INTERRUPT(r3, 0x4004ae86, &(0x7f0000000100)=0x80)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_assert_syzos_uexit$x86(r3, r5, 0xfffffffffffffffe)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_assert_syzos_uexit$x86(r3, r5, 0xffffffffffffffff)

10m46.422771945s ago: executing program 3 (id=125):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000380)={'syzkaller0\x00', 0x2})
r1 = socket$kcm(0x11, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r3)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000240)=@newqdisc={0x70, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x44, 0x2, [@TCA_TBF_PRATE64={0xc, 0x5, 0x1ff01018ce30c2a5}, @TCA_TBF_RATE64={0xc, 0x4, 0xdcd9be68b5bd509}, @TCA_TBF_PARMS={0x28, 0x1, {{0x81, 0x0, 0xee8, 0x1c, 0x800, 0x8}, {0x7, 0x2, 0x7, 0x1003, 0x5, 0x20000007}, 0x6db6312a, 0x7, 0x1257}}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r1, &(0x7f00000000c0)={&(0x7f0000000580)=@xdp={0x2c, 0x0, r6, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee1611d4b8bf4a31accb", 0xfdef}], 0x1}, 0x0)

10m31.150465887s ago: executing program 32 (id=125):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000380)={'syzkaller0\x00', 0x2})
r1 = socket$kcm(0x11, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r3)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000240)=@newqdisc={0x70, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x44, 0x2, [@TCA_TBF_PRATE64={0xc, 0x5, 0x1ff01018ce30c2a5}, @TCA_TBF_RATE64={0xc, 0x4, 0xdcd9be68b5bd509}, @TCA_TBF_PARMS={0x28, 0x1, {{0x81, 0x0, 0xee8, 0x1c, 0x800, 0x8}, {0x7, 0x2, 0x7, 0x1003, 0x5, 0x20000007}, 0x6db6312a, 0x7, 0x1257}}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r1, &(0x7f00000000c0)={&(0x7f0000000580)=@xdp={0x2c, 0x0, r6, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee1611d4b8bf4a31accb", 0xfdef}], 0x1}, 0x0)

9m49.569226037s ago: executing program 2 (id=238):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000003900), 0x34aa945a513d639, 0x0)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x32, &(0x7f00000001c0)={@local, @random="facfff00716e", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x26, 0x24, 0x2, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x10, 0x0, @gue={{0x2, 0x0, 0x3}}}}}}}, 0x0)
recvmmsg(r3, &(0x7f0000001980)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003680)=""/43, 0x2b}}], 0x400000000000230, 0x2, 0x0)

9m44.736567188s ago: executing program 2 (id=243):
iopl(0x3)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r1, &(0x7f0000000440), 0x10)
listen(r1, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
writev(r2, &(0x7f00000002c0)=[{&(0x7f0000000080)='?', 0x20000081}], 0x2)
writev(r2, 0x0, 0x0)

9m43.708085127s ago: executing program 2 (id=245):
r0 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r0, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r1 = socket$unix(0x1, 0x2, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ff9000/0x3000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x880)
r2 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc07e, 0xc000, 0x8, 0xc1})
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1600000004"], 0x50)
io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x20)
r3 = socket$unix(0x1, 0x2, 0x0)
connect$unix(r3, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
sendmmsg(r3, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0)
connect$unix(r1, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
ppoll(&(0x7f0000000300)=[{r3, 0x3328}, {r1, 0x4236}], 0x2, 0x0, 0x0, 0x0)
close(r0)

9m42.36052281s ago: executing program 2 (id=247):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c)

9m38.75893945s ago: executing program 2 (id=250):
msgget$private(0x0, 0x130)
msgget$private(0x0, 0x193)
r0 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x4c)
setresuid(0x0, r1, r1)
r2 = getgid()
getresgid(0x0, 0x0, 0x0)
semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000000100)={{0xffffffffffffffff, r2, 0xffffffffffffffff, 0x0, 0x100, 0x7}, 0x0, 0x4, 0x0, 0x0, 0x6, 0x0, 0x4})
getpid()
read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020}, 0x2020)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
futex(0xfffffffffffffffc, 0x5, 0x0, 0x0, 0x0, 0x2)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
fanotify_init(0xb, 0x800)

9m36.22742009s ago: executing program 2 (id=253):
r0 = socket$rxrpc(0x21, 0x2, 0xa)
r1 = socket$rxrpc(0x21, 0x2, 0xa)
connect$rxrpc(r1, &(0x7f0000000080)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x0, 0x0, @mcast1}}, 0x24)
sendmsg$inet(r1, 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000000180)={0x0, 0xfffffffffffffd6b, 0x0, 0x0, &(0x7f00000000c0)=[@ip_tos_int={{0x18, 0x110}}], 0x18, 0x4c00}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20040044)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
ioctl$sock_SIOCGIFBR(r0, 0x8940, &(0x7f0000000140)=@generic={0x3, 0x8, 0x4})
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a80000000060a0b0400000000000000000200fffe540004802800018007000100637400001c0002800800014000000002080002400000001405000300010000002800018007000100637400001c0002800800024000000011080004400000000c05000300010000000900010073797a30000000000900020073797a320000000014000000110001"], 0xa8}, 0x1, 0x0, 0x0, 0x840}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="400000000203010100000000000000ffffff7f000800034000000000080004400000000008000540000000000900020000000000020000000800010001"], 0x40}}, 0x0)
close(r2)

9m19.060796343s ago: executing program 33 (id=253):
r0 = socket$rxrpc(0x21, 0x2, 0xa)
r1 = socket$rxrpc(0x21, 0x2, 0xa)
connect$rxrpc(r1, &(0x7f0000000080)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x0, 0x0, @mcast1}}, 0x24)
sendmsg$inet(r1, 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000000180)={0x0, 0xfffffffffffffd6b, 0x0, 0x0, &(0x7f00000000c0)=[@ip_tos_int={{0x18, 0x110}}], 0x18, 0x4c00}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20040044)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
ioctl$sock_SIOCGIFBR(r0, 0x8940, &(0x7f0000000140)=@generic={0x3, 0x8, 0x4})
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a80000000060a0b0400000000000000000200fffe540004802800018007000100637400001c0002800800014000000002080002400000001405000300010000002800018007000100637400001c0002800800024000000011080004400000000c05000300010000000900010073797a30000000000900020073797a320000000014000000110001"], 0xa8}, 0x1, 0x0, 0x0, 0x840}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="400000000203010100000000000000ffffff7f000800034000000000080004400000000008000540000000000900020000000000020000000800010001"], 0x40}}, 0x0)
close(r2)

3m27.650438078s ago: executing program 6 (id=728):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
mount_setattr(0xffffffffffffffff, 0x0, 0x8100, 0x0, 0x37)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x8042, 0x0)
link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00')

3m25.436061173s ago: executing program 6 (id=730):
syz_emit_vhci(&(0x7f0000000900)=ANY=[@ANYBLOB], 0x1d)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0)

3m24.860867781s ago: executing program 6 (id=733):
r0 = gettid()
timer_create(0x8, &(0x7f00000000c0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0xffff, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r1 = userfaultfd(0x80001)
mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2000009, 0x32, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000002c0)={0xaa, 0x100})
readv(r1, &(0x7f0000000300)=[{&(0x7f0000000100)=""/195, 0xc3}, {0x0}], 0x2)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000000000/0x400000)=nil, 0x400000}, 0x1})
syz_genetlink_get_family_id$tipc2(&(0x7f00000020c0), 0xffffffffffffffff)
syz_genetlink_get_family_id$ethtool(&(0x7f0000001b00), 0xffffffffffffffff)
ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f00000003c0)={&(0x7f0000000000/0x800000)=nil, 0x800000})

3m22.978613911s ago: executing program 6 (id=740):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000480)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
fsopen(&(0x7f0000000000)='rpc_pipefs\x00', 0x0)

3m21.911689118s ago: executing program 6 (id=741):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, <r1=>r0, {<r2=>0x0, 0xee01}}, './file0\x00'})
r3 = open(&(0x7f0000000280)='.\x00', 0x141080, 0x0)
fcntl$notify(r3, 0x402, 0x20)
symlink(0x0, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, &(0x7f0000000240)=@v3={0x3000000, [{0x2fcd, 0x9}, {0x2}], r2}, 0x18, 0x0)
bind$inet6(r0, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, 0x0, 0x0)
syz_mount_image$jfs(&(0x7f0000000180), &(0x7f0000000140)='./file2\x00', 0x0, &(0x7f0000000000)=ANY=[], 0xfd, 0x60d1, &(0x7f0000000340)="$eJzs3UuPHFfZB/CnL9NzyRvbil5ZxmLhOBASQny3IdzisGABSCAhr7E1mUQGB5BtEIksPJEXiAWXjwCbbFjki4Qda8QHwJKHVSQIhWrmHLu6p8c9jme6uuf8flK76ulT1X3K/6np7qmqPgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAxHe+/cOznYi4+st0x5GI/4teRDdiua5PRD1zOS/fj4hjm0tFHI2I3mJEvf7mP4cjLkTER4ciHmzcWa3vPrfLflw8c/vmJ9/91t9/84d7x3785o8+GG3/wf+f//C3dyOOfP+1Dz+5uyebDgAAAMWoqqrqpI/5x9Pn+27bnQIApiK//ldJvl+tVqvVe1r/vjtb/VEXWjdV491tFhGx3lynfs/gcDwAzJn1+LjtLtAi+RetHxHPtN0JYKZ12u4A++LBxp3VTsq303w9OLHVnv9OOZT/eufh9R07TScZPcdkWj9f96IXz+3Qn+Up9WGW5Py7o/lf3WofpOX2O/9p2Sn/QaSLmgqT8++N5j9iKP8/RsTc5t8dm3+pcv79J8l/vTfH+7/8AQAAAAA4+PLf/4+0fPx38ek3ZVd2PP67/HCTAQAAAAAAAGDufMrx/zaP3x9tPpDx/wAAAGBm1Z/Va3869Oi+TsTfDo9Ztv6If6UT8ezI8kBh0sUyK233AwAAAAAAAAAAAABK0t86h/dKJ2IhIp5dWamqqr41jdZP6mnXn3elbz+UrO1f8gAAsOWjQ+la/vtLW3d0Iuq5K+m7/hZWVlaqaml5pVqplhfz+9nB4lK13Phcm6f1fYuDXbwh7g+q+sGWGus1Tfq8PKl99PHq5xpUvV10bDraTh2A0m29Gj3winTAVNXhaPtdDvPB/n/w2P/ZjbZ/TgEAAID9V1VV1Ulf5308HfPvtt0pAGAalvLr/+hxAbVarVar1QevbqrGu9ssImK9uU79nsFw/AAwZ9bj47a7QIvkX7R+RBxruxPATOu03QH2xYONO6udlG+n+XqQxnfP54IM5b/e2Vwvrz9uOsnoOSbT+vm6F714bof+HJ1SH2ZJzr87mv/VrfZBWm6/85+WnfKvt/NIC/1pW86/N5r/iIOTf3ds/qXK+fefKP+e/AEAAAAAYIblv/8fcfw3bzIAAAAAAAAAzJ0HG3dW83Wv+fj/Z8cs12nOuf7zwMj5d3adv+t/D5Kcf3c0/5ETcnqN+ftvPMr/Xxt3Vj+4/c/P5OnM57/QG9TPvdDp9vrpnJ9q4a24HjdiLc5sW74/1H52W/vCUPu5Ce3nt7UP6vbl3H4qVuNncSPefNi+OOHEqKUJ7dWE9px/z/5fpJx/v3Gr819J7Z2Rae3++91t+31zOu55Lv/lPy9u37v22mDiEvei93DbmurtO7kvfXq8zf+TZwbxi1trN0/96trt2zfPRpoM3Xsu0mSP5fwX0i3n/9ILW+35935zf73//uCJ858V96K/Y/4vNObr7X15yn1rQ85/kG45//wKNH7/n+f8d97/X2mhPwAAAAAAAAAAAAAAAPA4VVVtXiJ6OSIupet/2ro2EwCYqt99L81USajVarVard6ruj9j/RlSjfd6s4il4XUuRcSvxz0YADDL/hsR/2i7E7RG/gXL3/dXTz/XdmeAqbr17ns/uXbjxtrNW233BAAAAAAAAAD4tPL4nyca4z9vngc0Mm700Pivb8SJuR3/szvobY51njbo+Xj8+N8n4/Hjf/cnPN/ChPZJIxYvTmhfmtA+9kKPhpz/8ynjnP/xtGEljf/6Ugv9aVvO/2Qa6znn/4WR5Zr5V3+e5/y7Q/mfvv3Oz0/feve9V6+/c+3ttbfXfnr2zKUL5y9eOH/x4um3rt9YO7P1b4s93l85/zz2tfNAy5Lzz5nLvyw5/8+nWv5lyfm/mGr5lyXnn9/vyb8sOf/82Uf+Zcn5v5xq+Zcl5//FVMu/LDn/V1It/7Lk/L+UavmXJef/aqrlX5ac/6lUy78sOf/TqZZ/WXL++QiX/MuS889nNsi/LDn/c6mWf1ly/udTLf+y5PwvpFr+Zcn5X0y1/MuS87+UavmXJef/5VTLvyw5/6+kWv5lyfm/lmr5lyXn/9VUy78sOf+vpVr+Zcn5fz3V8i9Lzv8bqZZ/WXL+30y1/MuS83891fIvy6Pv/zcz5Zl//zViBrqxHzNVVVUz0A0zTzHT9m8mAAAAAAAAAAAAAGDUNE4nbnsbAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4HztwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwt7dxchV3mcAP/tlrw0JbvgmDqyNAQOLd9df4BCDSUJKSZtSEtKkJTWOvTZO/FWvnQBCZSm0JQpSkdoLetE0idIoUluBokhNJRohNVJ7V64SoUpRK3FhqVA5KGmVNrDVmfO+787Mzs7s2rvemXN+P4T/3p0zM++eOTO7z1rPHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDeho9M/klflmX5/7U/1mXZxfnf12R78g+nd670CgEAAIDz9U7tz7+9JH1izwKuVLfNP1/7r9+bmZmZyT7/9pl3/2xmJl0wkmUDq7Osdln0L7/4+Uz9NsEz2XBff93H/R3ufqDD5YMdLh/qcPmqDpev7nD5cIfL5+yAOdYUv4+p3dim2l/XFbs0uywbql22qcW1nulb3d8ff5dT01e7zszQwexwdiSbzMbnXKev9l+WvbIhv6/7snhf/XX3tT7LsrM/fXJ/XENf2MebsoY7q6l/7N66Jxt5+6dP7v/2qTevbjU77oY5K82yzRvzdT6bZbO/rsr6stVpn8R19tetc32LdQ40rLOvdr38783rPLvAdcavezis87U261wfPvfY9VmWTWfzbtPsmaw/W9t0r2l/DxdHRH4b+UP5vmxwUcfJhgUcJ/l13ri+8ThpPibj/t8Q9sngPGuofzjeenrVnP1+rsdJ/lV3w7Ga3/YD+Z0OD9f/arXhWM23efKG+Y+Blo9di2MgHct1x8DGTsdA/6qB2jHQP7vmjQ3HwMSc6/RnfbX7OnND+2Ng7NTRE2NTjz9x2+Gj+w5NHpo8NjG+c/u2Hdu37dgxdvDwkcnx4s/F7dIesjbrT8fgxvBaE4/Bm5q2rT8kZ76xdM+D4S55HuRf+6duzBd0cX82zzGeb/Ps5vN/HqTv+3XPg8G650HL19QWz4PBBTwP8m3Obl7Y98zBuv9brWG5XgvX1R0DK/n9ML/Ph2+e/7VwfVjXc7cs9vvhwJxjIH5ZfeG5l38m/bw3fEfYL3OPi2vyCy5alZ2emjy55bF9p06dnMjCuCAurXusmo+XtXVfUzbneOlf9PGy529+eeM1LT6/Luyr4VvbP1b5NttH2z9WtVf3xv25Kiv2Z8Nnt2ZhLLELvT9bfTfL92fKEm32Z77Ns7ed/8+CKZfUvf4NdXr9GxgaLF7/BtLeGGp4/Zv70AzUVpZlZ29b2OvfUPj/Qr/+XdYlr3/5vnp4S/tjIN/mubHFHgODbV//rg+zL6zn5pAYhuty/7u1y6eLw7Tusex43AwODoXjZjDeY+Nxs23OdfJby+978/i5HTebr298rBp+binhcZPvqz8fb3/c5Nu8OnH+rx1r4l/rXjtWdToGhgZW5esdSgdB8Xo3syYeA1uy/dnx7Eh2IF0nf5Tz+xrdurBjYFX4/0K/dlzVJcdAvq9e3Nr+GMi3+eG2pf3ZaXP4TNqm7men5t8vzJf5rxmcvb3m3bbUmT9f50d/9In0uVYZIt/mze2LzRnt99Ot4TMXtdhPzc+f+Y7pA9ki9lN2fsd0vs4jO9r/birf5rKdCzye9mRZ9vrE67Xfd4Xf73739I++1/B731a/U3594vX7xx788WLWDwDAuXu39uf0quJnzbp/sV7Iv/8DAAAAPSHm/v4wE/kfAAAASiPm/oEwE/kfAAAASiPm/sEwk4rk/0fv2PXSO09l6d0AZ4J4edwND9xVbBc73tPh45GZWfnnP/ytoZe+8tTC7rs/y7Jf3v/+lts/eldcV+FEXOcHGz8/x1XXLej+H3lodrv69084u6u4/fj1LPQwiF3lV8a21m535PGJ2nz1/qw2H5x+7pni9ouP4/ZnthXb/2V405I9B/sarr85rGdTmCPhPWUe2DO7H/IZr/fS+mv/6dJPz95fvF7fxvfWvswX/6C43fgeUS9cWmwfv+751v+PX/3OS/n2j93Qev1P9bde/5lwu2+E+Yvdxfb1+/wrdev/o7D+eH/xelu++YOW63/5ymL7l8Nx8fUwm9d/z59+4J1Wj1e8nz13FteL9z/+39tr14u3F2+/ef3DT0007I/m23/17eJ2dn/pZwP128fPx/uJHrmz8fjuC49vQ488y7Lv/HHWsJ+zDxXX+4em9cfbO3Fn6/Xf2rTOE33X1a4/+/Wsa/i6vvbXW1t+vXE9e/5uXcPX88K9Yf+9PfbD/HbPPBiOx3D5/75W3F7ze5m+fG/j603c/uvriudtvL2xpvW/0LT+6evyfdd5/fe9Xaz/5btXN6x/z8fC8XRfMTut/9BfXdJw/W98u3g8Tn559NjxqdOHD9Tt1frn8erhNWsvuvg9770kvJY2f7z3+KlHJ0+OjI+MZ9lID75l4HKv/5th/lcxppf+Hgo//llx3D3/8eL71k0/Lz5+IXz+kfB4xu+PX/uLoYbjtflxn767mOe7/lvCOhbqyq/+x3UL2vDM5145/fd/+GbzzwXx6zlx+XDt63txwxW1y/peLS5vfr3q5N8vb3xe/2RwvDa/H/brTHhn5o1XFPfXfPvxvUme/2Tx/I0/ycXrZ03vJ7JuoPHrON/1/yT8HPODqxpf/+Lx8f2nmt7NeV3Wly9hOrw+ZNPF5XGruL+fP3tFy/uL78OTTV+9mGXOa+rxqbEjh4+dfmzs1OTUqbGpx5/Ye/T46WOn9tbeu3TvFzpdf/b5vbb2/D4wuXN7Vnu2Hy/GMlvp9Z94aP+B28dvPDB5cN/pg6ceOjF58tD+qan9kwembtx38ODklztd//CB3RNbd227fevoocMHdt+xa9e2XaOHjx3Pl1EsqoOd418cPXZyb+0qU7u375rYsWP7+OjR4wcmd98+Pj56utP1a9+bRvNrf2n05OSRfacOH50cnTr8xOTuiV07d27t+O6PR08cnBoZO3n62NjpqcmTY8XXMnKq9un8e1+n61MNU8fD612TvvDT+Wdv3ZneHzf3rafnvalik8YfT7O3wntBxe9vnT6OuX8ozKQi+R8AAACqIOb+8Mb/sxfI/wAAAFAaMfevDjOR/wEAAKA0Yu4vkv9wOv17VfL/UvX/n9b/r9H/1//P9P8T/X/9/0z/X/+/A/1//f9eXr/+v/4/nXVb/z/k/mxNlvn3fwAAACipmPvXhpnI/wAAAFAaMfdfFGYi/wMAAEBpxNx/cZhJRfK/8//r/+v/t+v/x231/zP9/27o/2/6T/3/OfT/9f8z/f9zttL9+V5ffxf2/9fo/9Ntuq3/H3P/e8JMKpL/AQAAoApi7n9vmIn8DwAAAKURc/8lYSbyPwAAAJRGzP3rwkwqkv/1//X/9f+d/1//v5v6//Hazv+/UPr/+v+Z/v85m6c/n/9QqP/fm/1/5/+n63Rb/z/m/l8JM6lI/gcAAIAqiLn/fWEm8j8AAACURsz9l4aZyP8AAABQGjH3XxZmUpH8X83+/xtZlun/Z/r/+v9N69T/74b+f9vz/+v/t6D/r/+f6f+fs5Xuz/f6+vX/9f/prNv6/zH3Xx5mUpH8DwAAAFUQc/8VYSbyPwAAAJRGzP1XhpnI/wAAAFAaMfdfFWZSkfxfzf6/8//r/xf0/xvXqf+v/78c9P/1/9vR/9f/7+X16//r/9NZt/X/Y+6/OsykIvkfAAAAqiDm/mvCTOR/AAAAKI2Y+98fZiL/AwAAQGnE3L8+zKQi+V//X/9f/1//X/9f/3859Vb/v3/eS/T/C/r/jZau/z89uwD9/55Zv/6//j+ddVv/P+b+D4SZVCT/AwAAQBXE3H9tmIn8DwAAAKURc/91YSbyPwAAAJRGzP0jYSYVyf/6//r/+v/6//r/+v/Lqbf6//PT/y/o/zdaWP+/b3B2Ac7/v5RWev36//r/dNZt/f+Y+zeEmVQk/wMAAEAVxNy/McxE/gcAAIDSiLn/+jAT+R8AAABKI+b+TWEmFcn/+v/6//r/+v/6//r/y0n/X/+/nWr0/+sXoP+/lFZ6/fr/+v901m39/5j7bwgzqUj+BwAAgCqIuf/GMBP5HwAAAEoj5v6bwkzkfwAAACiNmPs3h5lUJP/r/+v/6//3cP9/QP8/0//vevr/+v/t6P93V/9/UP9f/1//nyXWbf3/mPtvDjOpSP4HAACAKoi5/5YwE/kfAAAASiPm/lvDTOR/AAAAKI2Y+0fDTCqS//X/9f/1/3u4/+/8/w3rX4L+/1D95/X/l4b+v/5/O/r/3dX/d/5//X/9f5Zat/X/Y+6/LcykIvkfAAAAqiDm/i1hJvI/AAAAlEbM/WNhJvI/AAAAlEbM/eNhJmXI//92tuMm+v8Xsv9f28f6//r/+v/h8i7s/zv//zLQ/9f/b0f/X/+/l9ev/6//T2fd1v+PuX8izKQM+R8AAACoibl/a5iJ/A8AAAClEXP/tjAT+R8AAABKI+b+7WEmFcn/PdL/35IKUD3d/3f+f/1//f9K9P//J7wo6v/X6P/r/7ej/6//38vrX4H+/2D9B/r/dJv+Fp/rtv5/zP07wkwqkv8BAACgCmLu3xlmIv8DAABAacTcf3uYifwPAAAApRFz/x1hJhXJ/z3S/y/J+f/1//X/9f8r0f8PnP+/oP+v/9+O/r/+fy+vf3H9/880f7tz/n8qodv6/zH37wozqUj+BwAAgCqIuf+DYSbyPwAAAJRGzP13hpnI/wAAANBTWp2HMIq5/0NhJhXJ//r/Ze//z6zW/9f/1/9vv379/+Wl/6//347+v/5/L69/Bc7/30D/n17Qbf3/mPt3h5lUJP8DAABAFcTcf1eYifwPAAAApRFz/91hJvI/AAAAlEbM/XvCTCqS//X/y97/r8z5/2uX6//r/+v/dx/9/0X0/1fr/+v/90b/P/zYov/fRf3//BjS/6cbdVv/P+b+e8JMKpL/AQAAoApi7v9wmIn8DwAAAKURc/9HwkzkfwAAACiNmPs/GmZSkfyv/6//X5L+v/P/6//r/3cp/f9lO/9/7aVQ/78wb/9/jf5/O7P9+Uuc/7/H+//O/0+36rb+f8z994aZVCT/AwAAQBXE3P+xMBP5HwAAAEoj5v5fDTOR/wEAAKA0Yu6/L8ykIvlf/1//X/9f/1//X/9/Oen/L1v/v0b/v+D8/+dmpfvzvb5+/X/9fzrrtv5/zP2/FmZSkfwPAAAAVRBz//1hJvI/AAAAlEbM/R8PM5H/AQAAoMesmveSmPt/PcykIvm/9/r/Iz3Z/+9Pt6//r/+v/6//r/+/lPT/9f8z/f9zttL9+V5fv/6//j+ddVv/P+b+3wgzqUj+BwAAgCqIuf8TYSbyPwAAAJRGzP2/GWYi/wMAAEBpxNz/QJhJRfL/Uvf/m6/fjvP/6/9n+v/6//r/+v/nqZf6/0P6/3Po/+v/9/L69f/1/+ms2/r/Mff/VphJRfI/AAAAVEHM/Q+Gmcj/AAAA0KUeXfQ1Yu7/ZJiJ/A8AAAClEXP/p8JMKpL/e+/8/73X/89vX/9f/z/T/9f/r9ur+v9Lp5f6/87/P5f+v/5/L69f/1//n866rf8fc/9DYSYVyf8AAABQBTH3fzrMRP4HAACA0oi5/7fDTOR/AAAAKI2Y+z8TZlKR/K//7/z/+v/6//r/+v/LSf9/bv8/fw3T/y/o/+v/9/L69f/1/+ms2/r/Mfd/NsykIvkfAAAAqiDm/t8JM5H/AQAAoDRi7v/dMBP5HwAAAEoj5v6Hw0wqkv/1//X/9f/1//X/9f+Xk/6/8/+3o/+v/9/L69f/1/+ns27r/8fc/7kwk4rkfwAAAKiCmPt/L8xE/gcAAIDSiLl/b5iJ/A8AAAClEXP/I2EmFcn/+v/6//r/1e3/r25ap/6//v9y0P/X/29H/1//v5fXr/+v/09n3db/j7l/X5jJnsa7AQAAAHpXzP2fDzOpyL//AwAAQBXE3L8/zET+BwAAgNKIuf9AmElF8r/+v/6//n91+//O/1/Q/19e+v/6/+3o/+v/9/L69f/1/+nsQvf/4/eB+fr/MfdPZlkl8z8AAABUQcz9B8NM5H8AAAAojZj7D4WZyP8AAABQGjH3PxpmUpH8r/+v/6//X9n+/2vfbVqn/r/+/3LQ/9f/b0f/X/+/l9ev/6//T2fddv7/mPsPh5lUJP8DAABAFcTc/4UwE/kfAAAASiPm/i+Gmcj/AAAAUBox9x8JM6lI/tf/1//X/z+n/v//zfR+/39h5/9fM3u/+v/6/+dC/1//vx39f/3/Xl6//r/+P511W/8/5v6jYSYVyf8AAABQBTH3Hwszkf8BAACgNGLuPx5mIv8DAABAacTcfyLMpCL5X/9/cf3/vnm6gfr/rddf4v5/TSX6/3X0//X/z4X+v/5/Oxeg//9u/VX0/xutdH++19ev/6//T2dd0f8fmv045v7fDzOpSP4HAACAKoi5/2SYSef8P7x8qwL+n737WrKsLP84vmlmGKh/Uf9b4MhjPfLQS/AarOIOzBnMmBVzVkTMipgxYM45J8wRUVQMqFVY0/08zzA902vt6d57+l3v+/kc8MgemFnojPqr5ssCAADYpNz9D41bfP0fAAAAupG7/2FxyyD7/+z+/4T+3/v/9f/6f/1/0P9vhv5f/z/F+//1/0t+fv2//p95TfT/9/n93P0Pj1sG2f8AAAAwgtz9j4hb7H8AAADoRu7+R8Yt9j8AAAB0I3f/o+KWQfa/9//r//X/+n/9v/5/m/T/+v+D5H8X6f/1/0t9fv2//p95rfX/ufsfHbcMsv8BAABgBLn7HxO32P8AAADQjdz9j41b7H8AAADoRu7+x8Utg+x//b/+X/+v/9f/n7f/v1v/vxn6f/3/FO//1/8v+fn1/xfe/5+Y+07pTmv9f+7+x8ctg+x/AAAAGEHu/ifELfY/AAAAdCN3/xPjFvsfAAAAupG7/5q4ZYj9f0L/r//X/y+x/z+h//f+/+XQ/+v/p+j/9f/H9/xXrlYr/b/3/7NtrfX/ufuvjVuG2P8AAAAwhtz9T4pb7H8AAABYgJ21/qjc/U+OW+x/AAAA6Ebu/qfELYPsf/2//l//v8D+3/v/9f8Lov/vv////0P286f0//r/hT+//l//z7zW+v/c/U+NWwbZ/wAAADCC3P1Pi1vsfwAAAOhG7v6nxy32PwAAAHQjd/8z4pZB9r/+X/+v/9f/6//1/9uk/++g/z9x5uO13/9/ar3n0f/r/5fy/Jec878e+n/9P+vYev//4Ot277r9f+7+6+KWQfY/AAAAjCB3/zPjFvsfAAAAupG7/1lxi/0PAAAA3cjd/+y4ZZD9r//X/5/p/++9RP+v/9f/n/lc/78Z+v8O+v+Z9/+vjtDP6//1/0t+fv2//p95W+//Z3r//b+fu/85ccsg+x8AAABGkLv/uXGL/Q8AAADdyN3/vLjF/gcAAIBu5O5/ftwyyP7X/+v/vf9f/6//1/9vk/6/2f5//y+9s+n/16L/1/8f1P8/aI3n1/8zgtb6/9z9L4hbBtn/AAAAMILc/S+MW+x/AAAA6Ebu/uvjFvsfAAAAupG7/0VxyyD7f5j+f1/Op//fo//X/6/O6f93huz/T3+m/98O/X+z/f80/f9a9P/6f+//1/8zrbX+P3f/i+OWQfY/AAAAjCB3/0viFvsfAAAAupG7/6Vxi/0PAAAA3cjd/7K4ZZD9P0z/v4/+f8+R+/9T+v/++v8LfP//pX30/97/vz36f/3/FP2//n/Jz6//1/8zr7X+P3f/y+OWQfY/AAAAdG9nVbv/FXGL/Q8AAADdyN3/yrjF/gcAAIBu5O5/VdwyyP7X/+v/vf9f/3+k/r+T9//r/7dH/6//n7Ju/7/S/9dfi/6/nefX/+v/mdda/5+7/9VxyyD7HwAAAEaQu/81cYv9DwAAAN3I3f/auMX+BwAAgG7k7n9d3DLI/tf/6//1//p//b/+f5v0//r/Kd7/r/9f8vPr//X/zGut/8/d//q4ZZD9DwAAACPI3f+GuMX+BwAAgG7k7r8hbrH/AQAAoBu5+98Yt+zf/zsX86kuHv2//l//r//X/+v/t0n/r/+f0nP/f++pw/f/lx/w4+n/13z+W07q/7fY/+evKf0/62it/8/df2Pc4uv/AAAA0I3c/W+KW+x/AAAA6Ebu/pviFvsfAAAAupG7/81xyyD7/6D+/67/2/t2/f969P/nf379v/5/3f7/ntvP/Hn6f/3/hdD/6/9Xjfb/3v/v/f9zf/5S+/+k/2cdrfX/ufvfErcMsv8BAABgBLn73xq32P8AAADQjdz9b4tb7H8AAADoRu7+t8ctg+z/zb///yr9v/5f/x9X/+/9//p//b/+f5r+X/+/5OfX/+v/mbeZ/v/S1ab6/9z974hbBtn/AAAAMILc/e+MW+x/AAAA6Ebu/nfFLfY/AAAAdCN3/7vjlkH2/+b7f+//1/9fYP+/M1j/f8Nt+v/4dv2//n8T9P/6/5X+/9COu59f+vPr//X/zGvt/f+5+2/enXrj7X8AAAAYwc27v7189Z64xf4HAACAbuTuvyVusf8BAACgG7n73xu3DLL/9f/6/2Pv/73/v+j/4z9X/b/+/wLo//X/K/3/oR13P7/059f/6/+Z11r/n7v/fXHLIPsfAAAARpC7//1xi/0PAAAA3Yjdv/c3v9v/AAAA0KUP7P728tUH45ZB9v/A/f9VR+3/r7jPv9b/n//59f8b6f9v3v9zT/+v/18S/b/+f4r+X/+/5Odvp/+PD67R/9Oe1vr/3P0filsG2f8AAAAwgtz9H45b7H8AAADoRu7+W+MW+x8AAAC6kbv/I3HLIPt/4P6/k/f/P+TOeAL9f7/9v/f/x11U/3+X/j/p//X/U/T/+v8lP387/b/3/9Ou1vr/3P0fjVsG2f8AAAAwgtz9H4tb7H8AAADoRu7+j8ct9j8AAAB0I3f/bXHLIPtf/7/0/t/7//X/+v8m+3/v/y/6f/3/FP3/zu7/E9H/L/P59f/6f+a11v/n7v9E3DLI/gcAAIAR5O7/ZNxi/wMAAEA3cvd/Km6x/wEAAKAbufs/HbcMsv/77f9v2pn6sfX/e7bZ/5/+QfT/g/T/1+r/V/r/A+n/9f9T9P/e/7/k59f/6/+Z11r/n7v/M3HLIPsfAAAARpC7/7Nxi/0PAAAA3cjd/7m4xf4HAACAbuTu/3zc8IArj++RNuvkAZ9Hb95v/z/trP7/PvGx/t/7//X/3v+f9P+bof/X/0/R/+v/l/z8+n/9P/Na6/9z938hbvH1fwAAAOhG7v4vxi32PwAAAHQjd/+X4hb7HwAAALqRu//Lccsg+1//7/3/+v/F9v9X6P/Pfn79f5v0//r/Kfp//f+Sn1//r/9nXmv9f+7+r8Qtg+x/AAAAGEHu/q/GLfY/AAAAdCN3/9fiFvsfAAAAupG7/+txyyD7X/+v/9f/L7b/9/7/fc+v/2+T/l//P0X/r/9f8vPr//X/zGut/8/d/424ZZD9DwAAACPI3f/NuMX+BwAAgG7k7v9W3GL/AwAAQDdy9387bhlk/+v/9f/6f/2//l//v036//76/9O/BvT/e/T/TfT/+dNE/6//p0Gt9f+5+78Ttwyy/wEAAGAEufu/G7fY/wAAANC6/X9754Fy938vbrH/AQAAoBu5+78ftwyy/3vu/6f+MP3/Hv2//n+l/9f/b5n+v7/+3/v/z1in/z/rnwCg/9+o435+/b/+n3mt9f+5+38Qtwyy/wEAAGAEuft/GLfY/wAAANCN3P0/ilvsfwAAAOhG7v4fxy2D7P+e+/8p+v89+n/9/0r/r//fMv2//n/KCP3/WfT/G3Xcz6//1/8z75j6/5OrA/r/3P0/iVsG2f8AAAAwgtz9t8ct9j8AAAB0I3f/T+MW+x8AAAC6kbv/Z3FLP/v/6lsnvlH/v/H+f/cnkf5f/7/S/+v/9f+79P/6/yn6f/3/kp9f/6//Z15r7//P3f/zuKWf/Q8AAADDy93/i7jF/gcAAIBu5O7/Zdxi/wMAAEA3cvf/Km4ZZP+32v/v/7d/Qf3/od7/n8+g/9f/b7n/v3Sl/9f/X2T6f/3/lOX0/yfO+6n+X/+v/9f/M621/j93/6/jlkH2PwAAAIwgd/9v4hb7HwAAALqRu/+3cYv9DwAAAN3I3f+7uGWQ/d9q/7/g9/8fqv8/2vv/z9TT+v/j7P93zvn+G+z/vf9f/3/R6f/1/1OW0/+fn/5f///A+9/v6vx5p//X/3Ou1vr/3P2/j1sG2f8AAAAwgtz9f4hb7H8AAADoRu7+O+IW+x8AAAC6kbv/j3HLIPtf/99D/+/9/230/+d+//r/7fX/pz/T/y+D/l//P0X/r/9f8vN7/7/+n3mt9f+5+++MWwbZ/wAAADCC3P1/ilvsfwAAAOhG7v4/xy2x/y87lqcCAAAANil3/11xSydf/9/f1e6n/9f/d9n/nxq3/79jkP7f+/+XQ/+v/5+i/9f/L/n59f/6f+a11v/n7v9L3NLJ/gcAAABWtfv/GrfY/wAAANCN3P1/i1vsfwAAAOhG7v6745ZB9r/+X/9/4f3/yfrrbrb/9/5//b/+vxn99v+X6f/1/0fu/6+/ce9j/f8yn1//r/9nXmv9f+7+v8ctg+x/AAAAGEHu/n/ELfY/AAAAdCN3/z/jFvsfAAAAupG7/19xyyD7X/+v/+/y/f/6f/2//r8Z/fb/3v+v//f+/6P18zsLf379v/6fdbTW/+fuvyduGWT/AwAAwAhy9/87brH/AQAAoBu5+/8Tt9j/AAAA0I3c/f+NWwbZ//p//b/+X/+v/9f/b5P+X/8/Rf8/cv+//OfX/+v/mdda/5+7/38BAAD//wDYMus=")
epoll_pwait(r1, &(0x7f0000000100), 0x3c, 0x103, 0x0, 0x0)
landlock_restrict_self(0xffffffffffffffff, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r4, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)

3m21.115881351s ago: executing program 6 (id=744):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, 0x0)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x1)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x79})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xffffffffffffff2c}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r1 = io_uring_setup(0x64a, &(0x7f0000000040)={0x0, 0x8835c, 0xc000, 0x20000a, 0x33c})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x8, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {0x3}, {0x5, 0xe}}}, 0x24}, 0x1, 0x0, 0x0, 0x40005}, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0)
syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f00008e5000/0x400000)=nil)

3m5.465259182s ago: executing program 34 (id=744):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, 0x0)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x1)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x79})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xffffffffffffff2c}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r1 = io_uring_setup(0x64a, &(0x7f0000000040)={0x0, 0x8835c, 0xc000, 0x20000a, 0x33c})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x8, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {0x3}, {0x5, 0xe}}}, 0x24}, 0x1, 0x0, 0x0, 0x40005}, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0)
syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f00008e5000/0x400000)=nil)

2m40.61534898s ago: executing program 0 (id=809):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x84}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000280)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="f78d9ca38fff48f3be52163448412ba8", 0x10}], 0x1, &(0x7f0000000a40)=ANY=[@ANYBLOB="1800000000000000170100000300000001"], 0x18}], 0x1, 0x0)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0)

2m39.292012151s ago: executing program 0 (id=811):
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a50000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc0c000980080001400000000508000840000000011400000011000100"], 0x78}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r2, 0x114, 0x8, &(0x7f0000000380)=0x2, 0x4)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0})
getxattr(0x0, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="2c0000000d0a010300000000000000000aefff000900020073797a310000ffdf0900010073797a31"], 0x2c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000)
recvmmsg(r3, &(0x7f0000001f00)=[{{0x0, 0x0, 0x0}, 0x3}], 0x1, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
setregid(0x0, 0x0)

2m36.558329831s ago: executing program 0 (id=817):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="041cf700c900"], 0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r3, 0x0, 0x0)
writev(r3, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1)

2m29.70093674s ago: executing program 0 (id=826):
syz_emit_vhci(&(0x7f0000000900)=ANY=[@ANYBLOB], 0x1d)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102384, 0x18ff0)
mkdir(&(0x7f0000000040)='./bus\x00', 0xa0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
write$FUSE_CREATE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0xa0, 0x0, 0x0, {{0x4, 0x0, 0x5, 0x1ff, 0x2, 0x1, {0x6, 0xfd, 0x20ff, 0x8, 0xe, 0xf33a, 0x9, 0x4, 0xfffffffc, 0x6000, 0x6, 0x0, 0x0, 0x5, 0x8}}, {0x0, 0x13}}}, 0xa0)

2m28.338607153s ago: executing program 0 (id=833):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000004c0)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x3e}, 0x94)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000080)=@o_path={&(0x7f0000000040)='./file0\x00', r0}, 0x18)

2m28.206945697s ago: executing program 0 (id=834):
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="18020000004000000000000000000000850000001100000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x4}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48)
socket$kcm(0x10, 0x2, 0x4)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
listen(r0, 0xcc)
socket$vsock_stream(0x28, 0x1, 0x0)
accept(r0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="120000000400000004000000a4"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0a00000007000000060000008c"], 0x50)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x1f, 0xd, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000fcffffff000000008000000018010000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000020000207b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000100000085000000a6000000850000000e00000095"], &(0x7f0000000080)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x11}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)

2m11.90510638s ago: executing program 35 (id=834):
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="18020000004000000000000000000000850000001100000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x4}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48)
socket$kcm(0x10, 0x2, 0x4)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
listen(r0, 0xcc)
socket$vsock_stream(0x28, 0x1, 0x0)
accept(r0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="120000000400000004000000a4"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0a00000007000000060000008c"], 0x50)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x1f, 0xd, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000fcffffff000000008000000018010000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000020000207b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000100000085000000a6000000850000000e00000095"], &(0x7f0000000080)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x11}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)

1m50.096186036s ago: executing program 1 (id=895):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x1208002, &(0x7f0000000100)={[{@grpquota}, {@delalloc}, {@resuid}, {@debug}, {@dioread_nolock}, {}, {@nomblk_io_submit}, {@dax}]}, 0x1, 0x5d8, &(0x7f00000005c0)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
sched_setscheduler(0x0, 0x1, &(0x7f00000001c0)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = creat(&(0x7f00000000c0)='./file0\x00', 0xdafbe5d6891b6e4)
r4 = inotify_init1(0x0)
r5 = inotify_add_watch(r4, &(0x7f0000000440)='.\x00', 0x20000000)
write$binfmt_elf32(r3, &(0x7f0000005640)=ANY=[@ANYRES16=r5], 0x69)
close(r3)
execve(&(0x7f0000019140)='./file0\x00', 0x0, 0x0)

1m47.137420713s ago: executing program 1 (id=899):
fsopen(&(0x7f00000000c0)='devtmpfs\x00', 0x1)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x105042, 0x18a)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0xe8381, 0x0)
socket$tipc(0x1e, 0x5, 0x0)
socket$tipc(0x1e, 0x5, 0x0)
socket$tipc(0x1e, 0x5, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
pipe(&(0x7f0000000200))
close(0xffffffffffffffff)
socket$key(0xf, 0x3, 0x2)
pipe2$9p(&(0x7f0000000240), 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000140)=ANY=[@ANYRES8=r1], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000001, 0x12, r1, 0x0)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_GETKMSGREDIRECT(r2, 0x541c, &(0x7f0000000000))

1m45.892300172s ago: executing program 1 (id=902):
socket$inet6_sctp(0xa, 0x801, 0x84)
socket$packet(0x11, 0xa, 0x300)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/partitions\x00', 0x0, 0x0)
socket$inet6(0xa, 0x1, 0x8010000000000084)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_connect(0x5, 0x27, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04050400c900", @ANYRES16=r0], 0x7)
syz_emit_ethernet(0x7d, &(0x7f0000000000)={@local, @remote, @void, {@ipv6={0x86dd, @gre_packet={0x1, 0x6, "5cca06", 0x47, 0x2f, 0x0, @remote, @mcast2, {[], {{0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x88be, 0x0, 0xfffe}, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88a8, [], "0080d5"}, {}, {0x8, 0x88be, 0x3, {{0xc, 0x1, 0x8, 0x1, 0x1, 0x0, 0x4, 0x17}, 0x1, {0x7b40}}}, {0x8, 0x22eb, 0x0, {{0x3, 0x2, 0x6, 0x3, 0x0, 0x0, 0x1, 0x9}, 0x2, {0x3, 0xeb, 0x0, 0xd, 0x1, 0x1, 0x1, 0x1, 0x1}}}, {0x8, 0x6558, 0x6}}}}}}}, 0x0)

1m42.137093792s ago: executing program 1 (id=908):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x0, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4b4a, 0xffffffffffffffff)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48890}, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x2, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x700}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3, 0x9, 0x0, 0x1, 0x98}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {0x7, 0x0, 0x0, 0x9}, {0x7, 0x0, 0xc}, {0x18, 0x9, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff1, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

1m37.513957804s ago: executing program 1 (id=909):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xe, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)={0x1c, r4, 0x705, 0x70bd2b, 0x25dfdbff, {}, [@ETHTOOL_A_STRSET_STRINGSETS={0x8, 0x2, 0x0, 0x1, [{0x4}]}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x0)
r5 = io_uring_setup(0x1ddd, 0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r5, 0x16, 0x0, 0x1)
futex(0x0, 0x9, 0x4, 0x0, 0x0, 0x2)
futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000040), 0x0, 0x0)

1m36.259477938s ago: executing program 1 (id=913):
socket$nl_netfilter(0x10, 0x3, 0xc)
keyctl$set_reqkey_keyring(0x6, 0xfffffffffffffff4)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r1, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x1, @private}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x0)
syz_usb_connect(0x6, 0x0, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000b00)={0x2020}, 0x2020)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)

1m21.198965615s ago: executing program 36 (id=913):
socket$nl_netfilter(0x10, 0x3, 0xc)
keyctl$set_reqkey_keyring(0x6, 0xfffffffffffffff4)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r1, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x1, @private}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x0)
syz_usb_connect(0x6, 0x0, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000b00)={0x2020}, 0x2020)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)

42.450804421s ago: executing program 4 (id=981):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
socket(0x25, 0x5, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = fsopen(&(0x7f0000000040)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
fchownat(r4, &(0x7f0000000080)='.\x00', 0x0, 0x0, 0x0)

41.159142832s ago: executing program 4 (id=983):
socket$inet_sctp(0x2, 0x1, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$rtc(0xffffff9c, &(0x7f0000000040), 0xa200, 0x0)
pread64(r0, &(0x7f0000001080)=""/236, 0xec, 0x4)
ioctl$BTRFS_IOC_TREE_SEARCH(r0, 0x7005, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]})
close_range(r1, 0xffffffffffffffff, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$inet(r3, 0x0, 0x0)
recvmsg$unix(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000014c0), 0xe8}, 0x0)
landlock_create_ruleset(0x0, 0x24, 0x2)

39.650776972s ago: executing program 4 (id=986):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37}, 0x28)
bpf$MAP_CREATE(0x0, &(0x7f0000000980)=@base={0x1, 0x4, 0x4, 0x7, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0, 0x2, 0x1}, 0x50)

39.447877773s ago: executing program 4 (id=987):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000000780)=ANY=[@ANYBLOB="7a0af8ff75257000bfa100000000000007010000f8ffffffb702000005000000bf130000000000008500000006000000b700000000000000950000ff00000000b25952850a84a70002b2ab3d6ffaa6ead0169191d54f8196217fc563e2fc91f6da4dad4fdc2eb1b5986fc44bc25fb591cf77b9dfb379a3f611dbc2a364916f098dab10b1a297cf528666d1ddd73f30f2382f6cda4bfdd45be583823c0f092248a57d48621f3c1c65ee19ee875daf45006a4c4ea5e15b2f9618d547244a22000000000800db583620ce7243d1aebdb638d91dbef6619358399aa9c2acd068c03efefd8bc77edf2d34b12cd48a1b20fb7dd843267e0331759f4ec6b5b0af58e604f494eff289026d5045ef08000000000000007718a09f4886afc26abba34635d0e8b598a51bc742135a6e1d33fe226c944bc76be40d435aa8b5202db761014b1b999a12df6bee431a6681000000263b6233e1c0fe30e384c3cb07b74a72291a1a2b523dd81b6651b1ee48e999bb004823ebcd8c65743f31f84b263ab9b3426692d01ad194f302d7a658e9e54687d3c56d7bedb6b2f25ddb8c640bb321a402058c9221b6870814cf4ee23ddb79fff5eb156e0a000000000000f2bd1d4a178d86d6935eb8b75bc4eb680d10e8b6a54c6c8674caf63ff76622939a20d4aadf85db40179c2cf83ee07e30a279d8f9f3bc282deb43a03409f8e6972f3f720d045923702cede0f3e91411f3f1b16f065624f280a7dcce8db910f93c49b9e0b6dd7356aa79d5fabb5c0d0da6d719d7e0efb2bb713d18242cd5df6ca53307a4cdd91be4587f90e317c8de5e5c3933fd5d5bf38f6b9fc39fc829dcfe4af8ac5fbb7314a7a433e0182767d1786eda2b20"], &(0x7f0000000100)='GPL\x00'}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x10003}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000001d40)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r6}, &(0x7f0000000200), &(0x7f0000000240)=r0}, 0x20)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f00000000c0)=r7, 0x4)
sendmsg$inet(r5, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="98"], 0x98}, 0x80)

38.05511826s ago: executing program 4 (id=990):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000280)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ptrace$peekuser(0x3, r0, 0x1)
r4 = socket(0x2, 0x80805, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000040)={0x84, @rand_addr=0x64010101, 0x4e22, 0x3, 'dh\x00', 0x1, 0x80005, 0x6f}, 0x2c)
r5 = openat$btrfs_control(0xffffffffffffff9c, 0x0, 0x103000, 0x0)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r5, 0x50009404, &(0x7f0000000040))

36.638989423s ago: executing program 4 (id=992):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getrusage(0xffffffffffffffff, &(0x7f0000000380))
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r4)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="01000000"], 0x3c}}, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
pipe(&(0x7f00000002c0))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x1, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x40810, 0x3}, [@IFLA_GROUP={0x8}, @IFLA_GSO_MAX_SIZE={0x8, 0x29, 0x141}]}, 0x30}, 0x1, 0x0, 0x0, 0x24040051}, 0x4000000)

21.257456197s ago: executing program 37 (id=992):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getrusage(0xffffffffffffffff, &(0x7f0000000380))
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r4)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="01000000"], 0x3c}}, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
pipe(&(0x7f00000002c0))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x1, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x40810, 0x3}, [@IFLA_GROUP={0x8}, @IFLA_GSO_MAX_SIZE={0x8, 0x29, 0x141}]}, 0x30}, 0x1, 0x0, 0x0, 0x24040051}, 0x4000000)

10.106526036s ago: executing program 5 (id=1022):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], 0x0, 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c)
listen(r3, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_io_uring_setup(0x370a, &(0x7f00000001c0)={0x0, 0xfffffffc, 0x2, 0x3, 0x2cf}, &(0x7f00000004c0), &(0x7f0000000000), &(0x7f0000000000))
io_uring_register$IORING_UNREGISTER_IOWQ_AFF(r4, 0x12, 0x0, 0x0)

7.406330798s ago: executing program 5 (id=1023):
syz_open_dev$tty1(0xc, 0x4, 0x1)
r0 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x6)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000000000)={0x2, 0x0, 0xfeb, 0x8}, 0x10)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6(0xa, 0x80002, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000140)=[{0x20, 0x8, 0xb, 0xfffff024}, {0x20, 0x81, 0x0, 0xfffff024}, {0x6, 0xfe, 0x0, 0x2000000}]}, 0x10)
sendmmsg(r4, &(0x7f0000001c00), 0x400000000000159, 0x40840)

4.710654382s ago: executing program 5 (id=1024):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000000)={@my=0x0})
ioctl$IOCTL_VMCI_DATAGRAM_SEND(r1, 0x7ab, &(0x7f0000000280)={&(0x7f0000000780)={{@my=0x0}, {@my=0x0, 0x800000}, 0x400, "884fbe2726aa0a32f3e65f909acda971a093228292456e0332e6c11577b514f0bb8db731789d860e9589c4cbdd60b7a851a8a3c55ada2f90c51a69bf4a5c3e32296535dc838ef00dc18a32a79118dc858628f741f107552021e5a81d38e4374a8a717a7ca9015083cfff5d16156ef9cabf4f60c0da46870a10bf520cc5abcf9e3a437761ea75776763139fadd55c46daf5338870951822f6a803ccfbab9c3f507672d7c39ea9ccf81d9bc2b4649e7b44ed9fd7cb9bd389240cd41c415113d1caac4536f05c07e596d6addad2a4d27ba21a3b655753c508caedcc812ca235a7cd1686426b208bdecf8a4265ba8f6824aa60306e2d623481eed301b6dc21041fa8b6592be00bb74de1989a45a5aa32c189e9f5a5bb878281d0129afcfb8410cd1fa5acd080993d2d084213130a9b8d517d13251e6605a03d9b8faf507e820205a1f471af7b261419e79e09c547f7c10fd3f1ad876f59fdcc5e07d0ff4dee6ea2e3856616a352d648b9b5261b6263020fc3ae8eb404bc25703b3d3b83172d07ff22907d6631d226c8247c92c1826ff814590dfe8c7fc54dfb265e906f756846546316b20e0105e2a5355a210b2b7f5db61d8f90bb783b41ce368233bd08044e9283531fffe49e3d305ecfb16075a047557f57bb7baf8babfc02975ad0d60ed8de9cb8adc9f667bc6826cbea8e260e4bff28a5ec19d38d1fc019db3cfaf310e764d78619cb27fb17af05a0e8ae831ce8413721e71138e62cc4ad8e7974d1506b4fb581c549a3dd7b7ef44ac37201aa3bce6f37f648d781bcb4f329fd45ffa640f1b04efb38a36e0ed0e2abcb07e4ad88ae3edfb6d840d75340204243d0e1c1c3139823b0d5ad196430bf4566619a1a97df4376a7e9a9e9c1d97b9f773c921778f2cb5165c02da1423305c502076177e4af50cb3343c10b01b78e3fe5520bdfae2b3dbe42db0f0eb55bbcb19038018d45ccdb8b0df400085a02c61b033f430fb6a7408e090c65798bc49d35e049d276fd1952d2b3dfd92a2548411e21be26216fe68fc3cf1c6625031260153708a53255b3d3d0411d5f0e8ab2102a97e539c34e9c769a7dafb87c5918deb59ef05e928c2c52775de467fa843cbcdabc290097eeb2ee7c58d86e3fccc39a5b694c18a4cc0d6af1e61d9c69e6466bc0cbef15365109e4f67a6268625f8c3f358fb7d567cbea52e1bc289bd8effda4e362a729e8cd3064970b97e3f72535d9ba88e97a14834cfd8dc86b5d2f9b35425a4162e6abe8b785ef462883e716c91b8eb281d81f68f606f16fcbc5cddfdec3b515818a647d86a4c17bae6ad525e95598052c49cdee821ceb45b2350dda13628db0dd266f30285241a2b147d65113b8ed3665a3451f7a56cf430ec98aeac702d9b9f776d97520a9d039e5b2fff34ac4d4e0a32e1f35c8f38e4f4fe1b3212a70f185ad71ec86b8c9"}, 0x418})
openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000002100)='/proc/bus/input/devices\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0)

3.762184746s ago: executing program 5 (id=1025):
socket$nl_netfilter(0x10, 0x3, 0xc)
keyctl$set_reqkey_keyring(0x6, 0xfffffffffffffff4)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r1, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x1, @private}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x0)
syz_usb_connect(0x6, 0x0, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000b00)={0x2020}, 0x2020)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
signalfd(0xffffffffffffffff, 0x0, 0x0)

1.151162351s ago: executing program 5 (id=1026):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x446102)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000240)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x2, [@func_proto={0x0, 0x0, 0x0, 0x9, 0x3}, @func_proto, @const={0x0, 0x0, 0x0, 0xa, 0x2}]}}, 0x0, 0x3e, 0x0, 0x1}, 0x28)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000080)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x6, '\x00', 0x0, r3, 0x1, 0x5}, 0x50)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
r5 = openat$nullb(0xffffffffffffff9c, 0x0, 0x80002, 0x0)
sendfile(r4, r5, 0x0, 0x200002)

0s ago: executing program 5 (id=1027):
openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
io_setup(0x222, &(0x7f0000000180))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f00000009c0)={0x2, 0x4e24, @loopback}, 0x10)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4001, 0x1, @dev={0xfe, 0x80, '\x00', 0x39}, 0x3e}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000000)='veno', 0x4)
sendmmsg$inet6(r3, &(0x7f0000003180)=[{{0x0, 0x0, &(0x7f0000002680)=[{&(0x7f0000001340)='\'', 0x7ab8}], 0x1}}], 0x1, 0x0)

kernel console output (not intermixed with test programs):

6 audit(1777331183.837:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5925 comm="syz.2.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6e5b1cdd9 code=0x7ffc0000
[  132.859623][   T38] audit: type=1326 audit(1777331183.837:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5925 comm="syz.2.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6e5b1cdd9 code=0x7ffc0000
[  132.859668][   T38] audit: type=1326 audit(1777331183.837:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5925 comm="syz.2.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7ff6e5b1cdd9 code=0x7ffc0000
[  132.859717][   T38] audit: type=1326 audit(1777331183.837:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5925 comm="syz.2.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6e5b1cdd9 code=0x7ffc0000
[  132.915741][ T1335] ieee802154 phy0 wpan0: encryption failed: -22
[  132.915876][ T1335] ieee802154 phy1 wpan1: encryption failed: -22
[  135.271335][ T5941] netlink: 36 bytes leftover after parsing attributes in process `syz.3.32'.
[  135.271356][ T5941] netlink: 16 bytes leftover after parsing attributes in process `syz.3.32'.
[  135.271394][ T5941] netlink: 36 bytes leftover after parsing attributes in process `syz.3.32'.
[  139.822692][ T5945] loop0: detected capacity change from 0 to 40427
[  139.825020][ T5945] f2fs: Unknown parameter 'whint_mode'
[  141.000013][ T5950] loop1: detected capacity change from 0 to 512
[  141.284927][ T5950] =======================================================
[  141.284927][ T5950] WARNING: The mand mount option has been deprecated and
[  141.284927][ T5950]          and is ignored by this kernel. Remove the mand
[  141.284927][ T5950]          option from the mount to silence this warning.
[  141.284927][ T5950] =======================================================
[  141.285048][ T5950] EXT4-fs: Ignoring removed nomblk_io_submit option
[  141.684547][ T5950] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  141.684570][ T5950] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8840c01d, mo2=0102]
[  143.266479][ T5950] EXT4-fs (loop1): couldn't mount RDWR because of unsupported optional features (80)
[  143.266506][ T5950] EXT4-fs (loop1): Skipping orphan cleanup due to unknown ROCOMPAT features
[  143.278875][ T5953] loop2: detected capacity change from 0 to 1024
[  143.312828][ T5953] EXT4-fs: Ignoring removed bh option
[  143.312977][ T5953] EXT4-fs: Ignoring removed bh option
[  143.454002][ T5950] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  143.873453][ T5605] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  143.938956][ T5973] netlink: 12 bytes leftover after parsing attributes in process `syz.4.44'.
[  144.046774][ T5953] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  144.190194][ T5973] vlan2: entered allmulticast mode
[  144.190227][ T5973] veth0_to_team: entered allmulticast mode
[  144.423203][ T5604] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  147.504925][ T5997] loop2: detected capacity change from 0 to 128
[  147.551054][ T5995] syz.1.49 uses obsolete (PF_INET,SOCK_PACKET)
[  147.696329][   T38] kauditd_printk_skb: 5 callbacks suppressed
[  147.696348][   T38] audit: type=1326 audit(1777331198.677:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5999 comm="syz.0.50" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0026e6cdd9 code=0x0
[  147.851558][ T5997] FAT-fs (loop2): bogus number of reserved sectors
[  147.851588][ T5997] FAT-fs (loop2): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero
[  147.851604][ T5997] FAT-fs (loop2): Can't find a valid FAT filesystem
[  152.436458][ T6019] loop0: detected capacity change from 0 to 64
[  154.542191][ T6039] loop2: detected capacity change from 0 to 4096
[  154.563499][ T6039] EXT4-fs: inline encryption not supported
[  154.606534][ T6039] EXT4-fs (loop2): Test dummy encryption mode enabled
[  154.859615][ T6039] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  154.860240][ T6039] System zones: 0-5
[  154.995463][ T6039] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  158.267655][ T5604] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  158.639127][ T6068] loop1: detected capacity change from 0 to 2048
[  159.170772][   T37] IPVS: starting estimator thread 0...
[  159.821598][ T6078] IPVS: lblc: FWM 3 0x00000003 - no destination available
[  160.072614][ T6076] IPVS: using max 10 ests per chain, 24000 per kthread
[  160.111361][ T6068] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  161.334313][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  161.807897][ T6092] loop0: detected capacity change from 0 to 512
[  163.042563][ T6092] EXT4-fs (loop0): 1 truncate cleaned up
[  163.168181][ T6092] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  166.142015][ T5603] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  166.215322][   T37] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  166.690091][   T37] usb 5-1: Using ep0 maxpacket: 16
[  167.542374][   T37] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  167.542432][   T37] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  167.542459][   T37] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  167.542480][   T37] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  167.542502][   T37] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  167.544065][   T37] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  167.544091][   T37] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  167.544111][   T37] usb 5-1: Manufacturer: syz
[  171.409270][   T37] usb 5-1: config 0 descriptor??
[  171.438305][   T37] usb 5-1: can't set config #0, error -71
[  171.470424][   T37] usb 5-1: USB disconnect, device number 2
[  173.328628][ T6147] comedi comedi3: 8255: I/O base address not correctly aligned
[  173.985160][ T6145] netlink: 'syz.3.86': attribute type 4 has an invalid length.
[  177.118071][ T6166] loop1: detected capacity change from 0 to 256
[  177.489557][ T6166] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  177.832466][ T6175] tipc: Started in network mode
[  177.832491][ T6175] tipc: Node identity 4, cluster identity 4711
[  177.832504][ T6175] tipc: Node number set to 4
[  183.415634][   T38] audit: type=1326 audit(1777331234.367:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6204 comm="syz.3.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb3ee5cdd9 code=0x7ffc0000
[  183.415696][   T38] audit: type=1326 audit(1777331234.367:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6204 comm="syz.3.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb3ee5cdd9 code=0x7ffc0000
[  183.415743][   T38] audit: type=1326 audit(1777331234.367:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6204 comm="syz.3.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=127 compat=0 ip=0x7ffb3ee5cdd9 code=0x7ffc0000
[  183.415789][   T38] audit: type=1326 audit(1777331234.367:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6204 comm="syz.3.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb3ee5cdd9 code=0x7ffc0000
[  183.415836][   T38] audit: type=1326 audit(1777331234.367:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6204 comm="syz.3.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb3ee5cdd9 code=0x7ffc0000
[  183.415882][   T38] audit: type=1326 audit(1777331234.367:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6204 comm="syz.3.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7ffb3ee5cdd9 code=0x7ffc0000
[  183.415936][   T38] audit: type=1326 audit(1777331234.367:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6204 comm="syz.3.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb3ee5cdd9 code=0x7ffc0000
[  183.415983][   T38] audit: type=1326 audit(1777331234.367:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6204 comm="syz.3.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb3ee5cdd9 code=0x7ffc0000
[  183.416028][   T38] audit: type=1326 audit(1777331234.367:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6204 comm="syz.3.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7ffb3ee5cdd9 code=0x7ffc0000
[  183.416085][   T38] audit: type=1326 audit(1777331234.367:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6204 comm="syz.3.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb3ee5cdd9 code=0x7ffc0000
[  183.437286][ T6205] loop3: detected capacity change from 0 to 256
[  183.441572][ T6205] exfat: Deprecated parameter 'utf8'
[  183.441676][ T6205] exfat: Deprecated parameter 'utf8'
[  185.544080][ T6205] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d)
[  189.494752][ T6235] netlink: 4 bytes leftover after parsing attributes in process `syz.1.113'.
[  189.521927][ T6235] netlink: 4 bytes leftover after parsing attributes in process `syz.1.113'.
[  190.215043][ T6256] loop0: detected capacity change from 0 to 32768
[  190.997784][ T6256] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  191.100542][ T6265] loop2: detected capacity change from 0 to 2048
[  191.211834][ T6256] XFS (loop0): Ending clean mount
[  191.267471][ T6256] XFS (loop0): Quotacheck needed: Please wait.
[  192.463165][ T6256] XFS (loop0): Quotacheck: Done.
[  192.738405][ T6279] syz_tun: entered allmulticast mode
[  194.104009][ T6297] NILFS error (device loop2): nilfs_check_folio: bad entry in directory #2: unaligned directory entry - offset=0, inode=18446736377128157191, rec_len=65535, name_len=255
[  195.668864][ T1335] ieee802154 phy0 wpan0: encryption failed: -22
[  195.668976][ T1335] ieee802154 phy1 wpan1: encryption failed: -22
[  195.698057][ T6265] NILFS error (device loop2): nilfs_check_folio: bad entry in directory #2: unaligned directory entry - offset=0, inode=18446736377128157191, rec_len=65535, name_len=255
[  195.793914][ T5603] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  195.801677][ T6293] NILFS error (device loop2): nilfs_check_folio: bad entry in directory #2: unaligned directory entry - offset=0, inode=18446736377128157191, rec_len=65535, name_len=255
[  196.301382][ T6306] Driver unsupported XDP return value 0 on prog  (id 17) dev N/A, expect packet loss!
[  197.161012][ T6327] netlink: 'syz.4.129': attribute type 1 has an invalid length.
[  197.161035][ T6327] netlink: 'syz.4.129': attribute type 4 has an invalid length.
[  197.161049][ T6327] netlink: 9462 bytes leftover after parsing attributes in process `syz.4.129'.
[  204.399516][ T6383] netlink: 84 bytes leftover after parsing attributes in process `syz.0.144'.
[  206.616936][   T38] kauditd_printk_skb: 34 callbacks suppressed
[  206.616954][   T38] audit: type=1326 audit(1777331257.597:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6391 comm="syz.0.147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0026e6cdd9 code=0x7fc00000
[  206.619016][   T38] audit: type=1326 audit(1777331257.597:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6391 comm="syz.0.147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f0026e6cdd9 code=0x7fc00000
[  209.319796][ T6313] syzkaller0: entered promiscuous mode
[  209.319825][ T6313] syzkaller0: entered allmulticast mode
[  210.828892][ T5607] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  210.878078][ T5607] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  210.887422][ T5607] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  210.920117][ T5607] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  210.921776][ T5607] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  213.373420][ T5614] Bluetooth: hci5: command tx timeout
[  213.637657][ T6464] lo speed is unknown, defaulting to 1000
[  213.775935][ T6457] netlink: 4 bytes leftover after parsing attributes in process `syz.1.165'.
[  213.822335][ T6457] netlink: 20 bytes leftover after parsing attributes in process `syz.1.165'.
[  213.822382][ T6457] netlink: 4 bytes leftover after parsing attributes in process `syz.1.165'.
[  213.852802][ T6469] loop2: detected capacity change from 0 to 128
[  213.928685][ T6469] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  214.447588][ T6427] lo speed is unknown, defaulting to 1000
[  214.473732][ T6478] loop0: detected capacity change from 0 to 512
[  214.602359][ T6479] loop1: detected capacity change from 0 to 512
[  214.686318][ T6478] EXT4-fs error (device loop0): ext4_get_branch:178: inode #13: block 1024: comm syz.0.169: invalid block
[  214.729660][ T6478] loop0: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117
[  214.774320][    C0] EXT4-fs (loop0): error count since last fsck: 1
[  214.774346][    C0] EXT4-fs (loop0): initial error at time 1777331265: ext4_get_branch:178: inode 13: block 1024
[  214.774391][    C0] EXT4-fs (loop0): last error at time 1777331265: ext4_get_branch:178: inode 13: block 1024
[  214.925458][ T6478] EXT4-fs (loop0): Remounting filesystem read-only
[  214.925815][ T6478] EXT4-fs (loop0): 1 truncate cleaned up
[  214.930418][ T6478] EXT4-fs (loop0): mounted filesystem 0000b300-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  215.176949][ T6479] EXT4-fs: Mount option(s) incompatible with ext2
[  215.627104][   T38] audit: type=1326 audit(1777331266.597:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6475 comm="syz.0.169" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0026e6cdd9 code=0x0
[  215.904492][ T4924] Bluetooth: hci5: command tx timeout
[  216.964804][ T4924] Bluetooth: hci1: command 0x0406 tx timeout
[  216.964841][ T4924] Bluetooth: hci4: command 0x0406 tx timeout
[  216.964863][ T4924] Bluetooth: hci3: command 0x0406 tx timeout
[  217.079336][ T6491] netlink: 172 bytes leftover after parsing attributes in process `syz.4.172'.
[  217.266158][ T5603] EXT4-fs (loop0): unmounting filesystem 0000b300-0000-0000-0000-000000000000.
[  218.218303][ T5607] Bluetooth: hci5: command tx timeout
[  218.702745][ T6507] netlink: 4 bytes leftover after parsing attributes in process `syz.2.176'.
[  218.772319][ T6507] netlink: 4 bytes leftover after parsing attributes in process `syz.2.176'.
[  220.025601][ T6507] veth0_macvtap: left promiscuous mode
[  220.256289][ T5614] Bluetooth: hci5: command tx timeout
[  221.414254][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  225.164639][ T6537] netlink: 8 bytes leftover after parsing attributes in process `syz.2.185'.
[  228.386744][ T6568] loop2: detected capacity change from 0 to 256
[  228.391941][ T6568] vfat: Unknown parameter '&'
[  228.779277][ T6427] bridge0: port 1(bridge_slave_0) entered blocking state
[  228.798574][ T6427] bridge0: port 1(bridge_slave_0) entered disabled state
[  228.798932][ T6427] bridge_slave_0: entered allmulticast mode
[  228.820673][ T6427] bridge_slave_0: entered promiscuous mode
[  228.867862][ T6427] bridge0: port 2(bridge_slave_1) entered blocking state
[  228.872522][ T6427] bridge0: port 2(bridge_slave_1) entered disabled state
[  228.931745][ T6427] bridge_slave_1: entered allmulticast mode
[  228.961941][ T6427] bridge_slave_1: entered promiscuous mode
[  229.237059][ T6427] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  229.257838][ T6427] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  229.389234][ T6427] team0: Port device team_slave_0 added
[  229.409644][   T38] audit: type=1326 audit(1777331280.387:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6577 comm="syz.1.197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f4a7dcdd9 code=0x7ffc0000
[  229.409701][   T38] audit: type=1326 audit(1777331280.387:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6577 comm="syz.1.197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f4a7dcdd9 code=0x7ffc0000
[  229.418979][ T6427] team0: Port device team_slave_1 added
[  229.452273][   T38] audit: type=1326 audit(1777331280.427:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6577 comm="syz.1.197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f4a7dcdd9 code=0x7ffc0000
[  229.452326][   T38] audit: type=1326 audit(1777331280.427:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6577 comm="syz.1.197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f4a7dcdd9 code=0x7ffc0000
[  229.452369][   T38] audit: type=1326 audit(1777331280.427:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6577 comm="syz.1.197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f8f4a7dcdd9 code=0x7ffc0000
[  229.452412][   T38] audit: type=1326 audit(1777331280.427:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6577 comm="syz.1.197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f8f4a7dcb42 code=0x7ffc0000
[  229.453987][   T38] audit: type=1326 audit(1777331280.427:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6577 comm="syz.1.197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f8f4a79d60e code=0x7ffc0000
[  229.458996][   T38] audit: type=1326 audit(1777331280.437:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6577 comm="syz.1.197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f8f4a7dcc07 code=0x7ffc0000
[  229.462591][   T38] audit: type=1326 audit(1777331280.437:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6577 comm="syz.1.197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8f4a79d60e code=0x7ffc0000
[  229.463150][   T38] audit: type=1326 audit(1777331280.437:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6577 comm="syz.1.197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8f4a7dca6b code=0x7ffc0000
[  229.463816][ T6581] loop1: detected capacity change from 0 to 256
[  229.635115][ T6583] Unsupported ieee802154 address type: 0
[  231.821194][ T6427] batman_adv: batadv0: Adding interface: batadv_slave_0
[  231.821211][ T6427] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  231.821237][ T6427] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  231.934508][ T6427] batman_adv: batadv0: Adding interface: batadv_slave_1
[  231.934525][ T6427] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  231.934552][ T6427] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  233.244260][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  234.409574][ T6603] loop2: detected capacity change from 0 to 8
[  235.063492][ T6610] SQUASHFS error: lzo decompression failed, data probably corrupt
[  235.063618][ T6610] SQUASHFS error: Failed to read block 0x0: -5
[  235.063818][ T6610] SQUASHFS error: Failed to read block 0xff: -5
[  235.064558][ T6610] SQUASHFS error: lzo decompression failed, data probably corrupt
[  235.064645][ T6610] SQUASHFS error: Failed to read block 0x0: -5
[  235.069599][ T6610] SQUASHFS error: lzo decompression failed, data probably corrupt
[  235.069634][ T6610] SQUASHFS error: Failed to read block 0x0: -5
[  235.077574][ T6610] SQUASHFS error: Failed to read block 0x6a4: -5
[  235.077625][ T6610] SQUASHFS error: Unable to read metadata cache entry [6a2]
[  235.077642][ T6610] SQUASHFS error: read_indexes: reading block [6a2:0]
[  235.077727][ T6610] SQUASHFS error: Failed to read block 0x0: -5
[  235.078146][ T6610] SQUASHFS error: Unable to read metadata cache entry [6a2]
[  235.078165][ T6610] SQUASHFS error: read_indexes: reading block [6a2:0]
[  235.078257][ T6610] SQUASHFS error: Failed to read block 0x0: -5
[  235.740139][   T38] kauditd_printk_skb: 115 callbacks suppressed
[  235.740158][   T38] audit: type=1800 audit(1777331286.047:190): pid=6610 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.202" name="file2" dev="loop2" ino=3 res=0 errno=0
[  235.740209][   T38] audit: type=1800 audit(1777331286.047:191): pid=6610 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.202" name="file2" dev="loop2" ino=3 res=0 errno=0
[  239.033990][  T150] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  239.314459][ T6614] syz.1.206 (6614) used greatest stack depth: 18040 bytes left
[  243.385354][ T6650] loop1: detected capacity change from 0 to 2048
[  243.441831][ T6650] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  243.461511][ T6650] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  244.658715][  T150] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  245.420862][ T6427] hsr_slave_0: entered promiscuous mode
[  245.432416][ T6427] hsr_slave_1: entered promiscuous mode
[  245.440884][ T6427] debugfs: 'hsr0' already exists in 'hsr'
[  245.440920][ T6427] Cannot create hsr debugfs directory
[  245.566190][ T6667] loop4: detected capacity change from 0 to 256
[  245.971328][ T6678] loop0: detected capacity change from 0 to 256
[  245.972326][ T6678] exfat: Deprecated parameter 'utf8'
[  245.972368][ T6678] exfat: Deprecated parameter 'namecase'
[  246.003811][ T5614] Bluetooth: hci2: unexpected event for opcode 0x0428
[  246.011687][ T6667] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x9059ffb0, utbl_chksum : 0xe619d30d)
[  246.201894][ T6678] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xbcde3a0f, utbl_chksum : 0xe619d30d)
[  246.507668][  T150] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  246.576608][ T6678] tmpfs: Unsupported parameter 'huge'
[  246.812973][ T6685] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0
[  246.813005][ T6685] exFAT-fs (loop0): Filesystem has been set read-only
[  247.581475][  T150] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  247.917187][ T6715] loop4: detected capacity change from 0 to 512
[  247.958513][ T6715] EXT4-fs error (device loop4): ext4_orphan_get:1397: inode #15: comm syz.4.229: inode has both inline data and extents flags
[  247.958548][ T6715] loop4: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[  247.968978][    C0] EXT4-fs (loop4): initial error at time 1777331298: ext4_orphan_get:1397: inode 15
[  247.969018][    C0] EXT4-fs (loop4): last error at time 1777331298: ext4_orphan_get:1397: inode 15
[  248.041241][ T6715] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz.4.229: couldn't read orphan inode 15 (err -117)
[  248.041456][ T6715] loop4: lost filesystem error report for type 5 error -117
[  248.110432][ T6715] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  249.871866][ T5606] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  250.453557][ T5614] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  250.460881][ T5614] Bluetooth: hci2: Injecting HCI hardware error event
[  250.466759][ T5611] Bluetooth: hci2: hardware error 0x00
[  251.175035][ T6738] netlink: 'syz.0.235': attribute type 32 has an invalid length.
[  251.203435][ T5614] Bluetooth: hci1: unexpected event for opcode 0x203d
[  251.206410][ T5614] Bluetooth: hci1: SCO packet for unknown connection handle 200
[  251.215424][ T5614] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  251.225726][ T6737] loop4: detected capacity change from 0 to 40427
[  251.311882][ T6737] F2FS-fs (loop4): invalid crc value
[  251.505567][ T6737] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  251.529736][ T6737] F2FS-fs (loop4): Start checkpoint disabled!
[  251.581558][ T6737] F2FS-fs (loop4): f2fs_disable_checkpoint() finish, err:0
[  251.591708][ T6737] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  252.087954][ T6750] bad cache= option: l
[  252.087954][ T6750] 
[  252.088137][ T6750] CIFS: VFS: bad cache= option: l
[  253.709921][ T5611] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  253.915947][   T98] kworker/u8:5: attempt to access beyond end of device
[  253.915947][   T98] loop4: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  253.953938][   T98] CPU: 0 UID: 0 PID: 98 Comm: kworker/u8:5 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  253.953974][   T98] Tainted: [L]=SOFTLOCKUP
[  253.953982][   T98] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  253.953996][   T98] Workqueue: writeback wb_workfn (flush-7:4)
[  253.954040][   T98] Call Trace:
[  253.954048][   T98]  <TASK>
[  253.954058][   T98]  dump_stack_lvl+0xe8/0x150
[  253.954088][   T98]  f2fs_stop_checkpoint+0x383/0x540
[  253.954123][   T98]  f2fs_write_end_io+0x1274/0x1740
[  253.954170][   T98]  __submit_merged_bio+0x256/0x6a0
[  253.954210][   T98]  f2fs_submit_merged_write+0x284/0x390
[  253.954245][   T98]  ? __pfx_f2fs_submit_merged_write+0x10/0x10
[  253.954291][   T98]  f2fs_sync_node_pages+0x11fe/0x13c0
[  253.954340][   T98]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  253.954369][   T98]  ? __percpu_counter_sum+0x1c2/0x1e0
[  253.954432][   T98]  ? blk_start_plug+0x51/0x1b0
[  253.954459][   T98]  f2fs_write_node_pages+0x312/0x700
[  253.954495][   T98]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  253.954538][   T98]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  253.954568][   T98]  do_writepages+0x32e/0x550
[  253.954603][   T98]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  253.954630][   T98]  ? reacquire_held_locks+0x104/0x190
[  253.954652][   T98]  ? rt_spin_lock+0x1e0/0x400
[  253.954689][   T98]  __writeback_single_inode+0x133/0x10e0
[  253.954721][   T98]  ? rt_spin_unlock+0x160/0x200
[  253.954751][   T98]  writeback_sb_inodes+0x97f/0x1980
[  253.954799][   T98]  ? lockdep_hardirqs_on+0x7a/0x110
[  253.954841][   T98]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  253.954910][   T98]  ? rcu_is_watching+0x15/0xb0
[  253.954942][   T98]  wb_writeback+0x445/0xb00
[  253.954974][   T98]  ? queue_io+0x231/0x440
[  253.955009][   T98]  ? __pfx_wb_writeback+0x10/0x10
[  253.955055][   T98]  wb_workfn+0x3fd/0xf20
[  253.955076][   T98]  ? look_up_lock_class+0x57/0x110
[  253.955113][   T98]  ? __pfx_wb_workfn+0x10/0x10
[  253.955143][   T98]  ? do_raw_spin_unlock+0xf5/0x210
[  253.955182][   T98]  ? process_one_work+0x8b7/0x1710
[  253.955209][   T98]  ? process_one_work+0x8b7/0x1710
[  253.955246][   T98]  ? process_one_work+0x8b7/0x1710
[  253.955270][   T98]  process_one_work+0x9a3/0x1710
[  253.955317][   T98]  ? __pfx_process_one_work+0x10/0x10
[  253.955340][   T98]  ? do_raw_spin_lock+0x12b/0x2f0
[  253.955384][   T98]  worker_thread+0xba8/0x11e0
[  253.955438][   T98]  kthread+0x388/0x470
[  253.955470][   T98]  ? __pfx_worker_thread+0x10/0x10
[  253.955493][   T98]  ? __pfx_kthread+0x10/0x10
[  253.955527][   T98]  ret_from_fork+0x514/0xb70
[  253.955557][   T98]  ? __pfx_ret_from_fork+0x10/0x10
[  253.955583][   T98]  ? __switch_to+0xc79/0x1410
[  253.955609][   T98]  ? __pfx_kthread+0x10/0x10
[  253.955641][   T98]  ret_from_fork_asm+0x1a/0x30
[  253.955688][   T98]  </TASK>
[  254.260015][   T98] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  254.260394][   T98] CPU: 0 UID: 0 PID: 98 Comm: kworker/u8:5 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  254.260427][   T98] Tainted: [L]=SOFTLOCKUP
[  254.260435][   T98] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  254.260451][   T98] Workqueue: writeback wb_workfn (flush-7:4)
[  254.260486][   T98] Call Trace:
[  254.260495][   T98]  <TASK>
[  254.260505][   T98]  dump_stack_lvl+0xe8/0x150
[  254.260538][   T98]  f2fs_stop_checkpoint+0x383/0x540
[  254.260576][   T98]  f2fs_write_end_io+0x1274/0x1740
[  254.260623][   T98]  __submit_merged_bio+0x256/0x6a0
[  254.260663][   T98]  f2fs_submit_merged_write+0x284/0x390
[  254.260702][   T98]  ? __pfx_f2fs_submit_merged_write+0x10/0x10
[  254.260753][   T98]  f2fs_sync_node_pages+0x11fe/0x13c0
[  254.260812][   T98]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  254.260845][   T98]  ? __percpu_counter_sum+0x1c2/0x1e0
[  254.260920][   T98]  ? blk_start_plug+0x51/0x1b0
[  254.260951][   T98]  f2fs_write_node_pages+0x312/0x700
[  254.261000][   T98]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  254.261056][   T98]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  254.261087][   T98]  do_writepages+0x32e/0x550
[  254.261122][   T98]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  254.261148][   T98]  ? reacquire_held_locks+0x104/0x190
[  254.261171][   T98]  ? rt_spin_lock+0x1e0/0x400
[  254.261208][   T98]  __writeback_single_inode+0x133/0x10e0
[  254.261240][   T98]  ? rt_spin_unlock+0x160/0x200
[  254.261270][   T98]  writeback_sb_inodes+0x97f/0x1980
[  254.261317][   T98]  ? lockdep_hardirqs_on+0x7a/0x110
[  254.261359][   T98]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  254.261428][   T98]  ? rcu_is_watching+0x15/0xb0
[  254.261459][   T98]  wb_writeback+0x445/0xb00
[  254.261491][   T98]  ? queue_io+0x231/0x440
[  254.261526][   T98]  ? __pfx_wb_writeback+0x10/0x10
[  254.261571][   T98]  wb_workfn+0x3fd/0xf20
[  254.261593][   T98]  ? look_up_lock_class+0x57/0x110
[  254.261635][   T98]  ? __pfx_wb_workfn+0x10/0x10
[  254.261684][   T98]  ? do_raw_spin_unlock+0xf5/0x210
[  254.261721][   T98]  ? process_one_work+0x8b7/0x1710
[  254.261751][   T98]  ? process_one_work+0x8b7/0x1710
[  254.261792][   T98]  ? process_one_work+0x8b7/0x1710
[  254.261818][   T98]  process_one_work+0x9a3/0x1710
[  254.261871][   T98]  ? __pfx_process_one_work+0x10/0x10
[  254.261897][   T98]  ? do_raw_spin_lock+0x12b/0x2f0
[  254.261953][   T98]  worker_thread+0xba8/0x11e0
[  254.262012][   T98]  kthread+0x388/0x470
[  254.262047][   T98]  ? __pfx_worker_thread+0x10/0x10
[  254.262074][   T98]  ? __pfx_kthread+0x10/0x10
[  254.262111][   T98]  ret_from_fork+0x514/0xb70
[  254.262145][   T98]  ? __pfx_ret_from_fork+0x10/0x10
[  254.262175][   T98]  ? __switch_to+0xc79/0x1410
[  254.262202][   T98]  ? __pfx_kthread+0x10/0x10
[  254.262239][   T98]  ret_from_fork_asm+0x1a/0x30
[  254.262292][   T98]  </TASK>
[  254.362116][   T98] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  255.468233][ T5611] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  255.468646][ T5611] Bluetooth: hci1: Injecting HCI hardware error event
[  255.478426][ T5614] Bluetooth: hci1: hardware error 0x00
[  255.777162][ T1335] ieee802154 phy0 wpan0: encryption failed: -22
[  255.777269][ T1335] ieee802154 phy1 wpan1: encryption failed: -22
[  256.228059][ T6427] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  257.099393][ T6427] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  257.298361][ T6427] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  258.151334][ T5614] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  258.444534][ T6427] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  259.461625][ T6778] syz.2.247 (6778) used greatest stack depth: 17560 bytes left
[  264.486189][  T150] bridge_slave_1: left allmulticast mode
[  264.486330][  T150] bridge_slave_1: left promiscuous mode
[  264.739079][  T150] bridge0: port 2(bridge_slave_1) entered disabled state
[  264.758431][ T6799] faux_driver vkms: [drm] Unknown color mode 11; guessing buffer size.
[  266.402167][  T150] bridge_slave_0: left allmulticast mode
[  266.402203][  T150] bridge_slave_0: left promiscuous mode
[  266.419598][  T150] bridge0: port 1(bridge_slave_0) entered disabled state
[  267.101859][ T6820] netlink: 'syz.1.257': attribute type 31 has an invalid length.
[  268.272542][ T6827] loop0: detected capacity change from 0 to 64
[  271.890756][ T5611] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  272.132309][ T5611] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  272.165468][ T5611] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  272.176774][ T5611] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  272.399207][ T5611] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  274.300386][ T6869] siw: device registration error -23
[  275.271352][ T5614] Bluetooth: hci0: command tx timeout
[  275.497504][ T6873] loop4: detected capacity change from 0 to 512
[  276.776041][ T6873] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  276.776199][ T6873] ext4 filesystem being mounted at /65/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  277.389811][ T5614] Bluetooth: hci0: command tx timeout
[  279.222064][ T5606] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  279.368373][ T6895] loop4: detected capacity change from 0 to 512
[  279.375509][ T6895] EXT4-fs (loop4): DAX unsupported by block device.
[  279.425671][ T5614] Bluetooth: hci0: command tx timeout
[  279.565599][  T150] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  279.585341][ T5827] usb 2-1: new full-speed USB device number 2 using dummy_hcd
[  282.371138][ T5614] Bluetooth: hci0: command tx timeout
[  282.907900][  T150] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  283.104376][ T5827] usb 2-1: device not accepting address 2, error -71
[  283.383453][ T5614] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  283.453905][ T5614] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  283.474483][ T5614] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  283.485981][  T150] bond0 (unregistering): Released all slaves
[  283.487969][ T5614] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  283.490011][ T5614] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  283.628481][ T6427] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  283.921315][ T6908] loop4: detected capacity change from 0 to 32768
[  283.977560][ T6908] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  284.023735][ T6908] XFS (loop4): Ending clean mount
[  284.041509][ T6908] XFS (loop4): Quotacheck needed: Please wait.
[  284.078147][ T6427] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  285.284405][ T6908] XFS (loop4): Quotacheck: Done.
[  286.146215][ T5614] Bluetooth: hci6: command tx timeout
[  287.090467][ T5606] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  287.104720][ T5269] 8021q: adding VLAN 0 to HW filter on device eth1
[  288.232654][ T5614] Bluetooth: hci6: command tx timeout
[  290.976890][ T5614] Bluetooth: hci6: command tx timeout
[  292.433996][ T6981] siw: device registration error -23
[  293.164419][ T5614] Bluetooth: hci6: command tx timeout
[  299.110951][ T5269] 8021q: adding VLAN 0 to HW filter on device eth2
[  299.128509][ T6851] lo speed is unknown, defaulting to 1000
[  300.273627][ T6902] lo speed is unknown, defaulting to 1000
[  304.133557][  T150] hsr_slave_0: left promiscuous mode
[  304.177501][  T150] hsr_slave_1: left promiscuous mode
[  304.178752][  T150] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  304.178831][  T150] batman_adv: batadv0: Removing interface: batadv_slave_0
[  304.338077][  T150] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  304.338105][  T150] batman_adv: batadv0: Removing interface: batadv_slave_1
[  304.393388][ T7081] loop0: detected capacity change from 0 to 4096
[  304.543523][ T7081] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  304.904581][ T5603] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  305.186827][  T150] veth1_macvtap: left promiscuous mode
[  305.187063][  T150] veth0_macvtap: left promiscuous mode
[  305.187318][  T150] veth1_vlan: left promiscuous mode
[  305.187562][  T150] veth0_vlan: left promiscuous mode
[  305.421477][ T7099] Zero length message leads to an empty skb
[  306.200953][ T7109] Unsupported ieee802154 address type: 0
[  309.571004][ T7123] loop1: detected capacity change from 0 to 256
[  311.295132][  T150] team0 (unregistering): Port device team_slave_1 removed
[  311.479088][ T7134] loop4: detected capacity change from 0 to 256
[  311.564613][ T7134] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  311.564660][ T7134] exFAT-fs (loop4): Medium has reported failures. Some data may be lost.
[  312.344810][  T150] team0 (unregistering): Port device team_slave_0 removed
[  312.362513][ T7134] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  312.363400][ T7134] exFAT-fs (loop4): failed to load alloc-bitmap
[  312.363412][ T7134] exFAT-fs (loop4): failed to recognize exfat type
[  314.883940][ T5269] 8021q: adding VLAN 0 to HW filter on device eth3
[  314.943891][ T7098] bridge_slave_0: left allmulticast mode
[  314.943925][ T7098] bridge_slave_0: left promiscuous mode
[  314.971607][ T7098] bridge0: port 1(bridge_slave_0) entered disabled state
[  315.168238][ T7098] bridge_slave_1: left allmulticast mode
[  315.168273][ T7098] bridge_slave_1: left promiscuous mode
[  315.168538][ T7098] bridge0: port 2(bridge_slave_1) entered disabled state
[  315.322625][ T7098] bond0: (slave bond_slave_0): Releasing backup interface
[  315.406385][ T7098] bond0: (slave bond_slave_1): Releasing backup interface
[  315.509558][ T7098] team0: Port device team_slave_0 removed
[  315.557558][ T7098] team0: Port device team_slave_1 removed
[  315.558712][ T7098] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  315.558737][ T7098] batman_adv: batadv0: Removing interface: batadv_slave_0
[  315.633271][ T7098] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  315.633292][ T7098] batman_adv: batadv0: Removing interface: batadv_slave_1
[  315.674012][ T7098] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  315.678429][ T7099] netlink: 830 bytes leftover after parsing attributes in process `syz.0.307'.
[  316.004306][ T5710] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  316.070668][ T7158] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  316.154327][ T5710] usb 2-1: Using ep0 maxpacket: 16
[  316.157243][ T5710] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  316.157271][ T5710] usb 2-1: config 0 has no interfaces?
[  316.157304][ T5710] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  316.157329][ T5710] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  316.281923][ T5710] usb 2-1: config 0 descriptor??
[  317.701204][ T1335] ieee802154 phy0 wpan0: encryption failed: -22
[  317.713779][ T1335] ieee802154 phy1 wpan1: encryption failed: -22
[  317.987967][ T5854] usb 2-1: USB disconnect, device number 4
[  318.346015][ T7171] netlink: 12 bytes leftover after parsing attributes in process `syz.4.326'.
[  324.242732][ T5269] 8021q: adding VLAN 0 to HW filter on device eth4
[  325.425897][ T7234] trusted_key: encrypted_key: insufficient parameters specified
[  325.881311][ T6851] bridge0: port 1(bridge_slave_0) entered blocking state
[  325.881948][ T6851] bridge0: port 1(bridge_slave_0) entered disabled state
[  325.882299][ T6851] bridge_slave_0: entered allmulticast mode
[  325.912285][ T6851] bridge_slave_0: entered promiscuous mode
[  326.032929][ T6851] bridge0: port 2(bridge_slave_1) entered blocking state
[  326.033345][ T6851] bridge0: port 2(bridge_slave_1) entered disabled state
[  326.033647][ T6851] bridge_slave_1: entered allmulticast mode
[  327.236196][ T6851] bridge_slave_1: entered promiscuous mode
[  331.286313][ T6902] bridge0: port 1(bridge_slave_0) entered blocking state
[  331.286639][ T6902] bridge0: port 1(bridge_slave_0) entered disabled state
[  331.287046][ T6902] bridge_slave_0: entered allmulticast mode
[  331.495813][ T6902] bridge_slave_0: entered promiscuous mode
[  331.541695][ T5611] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  331.619918][ T5611] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  331.632461][ T5611] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  331.668163][ T5611] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  331.671803][ T6851] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  331.673262][ T5611] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  331.839473][ T6902] bridge0: port 2(bridge_slave_1) entered blocking state
[  331.839803][ T6902] bridge0: port 2(bridge_slave_1) entered disabled state
[  331.840164][ T6902] bridge_slave_1: entered allmulticast mode
[  331.889493][ T6902] bridge_slave_1: entered promiscuous mode
[  333.825698][ T5611] Bluetooth: hci3: command tx timeout
[  334.314977][ T6902] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  334.384869][ T6902] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  335.904415][ T5611] Bluetooth: hci3: command tx timeout
[  337.984426][ T5611] Bluetooth: hci3: command tx timeout
[  340.064329][ T5611] Bluetooth: hci3: command tx timeout
[  340.268212][ T6902] team0: Port device team_slave_0 added
[  340.362016][ T6902] team0: Port device team_slave_1 added
[  340.620996][ T6902] batman_adv: batadv0: Adding interface: batadv_slave_0
[  340.621029][ T6902] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  340.621049][ T6902] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  340.682055][ T6902] batman_adv: batadv0: Adding interface: batadv_slave_1
[  340.682072][ T6902] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  340.682099][ T6902] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  342.189338][ T7349] loop1: detected capacity change from 0 to 1024
[  342.224336][ T7349] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  342.224373][ T7349] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (38281!=20869)
[  342.224492][ T7349] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  342.224722][ T7349] EXT4-fs error (device loop1): ext4_get_journal_inode:5896: comm syz.1.362: inode #63: comm syz.1.362: iget: illegal inode #
[  342.224746][ T7349] loop1: lost filesystem error report for type 5 error -117
[  342.225022][ T7349] EXT4-fs (loop1): no journal found
[  342.225038][ T7349] EXT4-fs (loop1): can't get journal size
[  342.235085][    C0] EXT4-fs (loop1): error count since last fsck: 1
[  342.235111][    C0] EXT4-fs (loop1): initial error at time 1777331393: ext4_get_journal_inode:5896
[  342.235134][    C0] EXT4-fs (loop1): last error at time 1777331393: ext4_get_journal_inode:5896
[  342.410513][ T7281] lo speed is unknown, defaulting to 1000
[  343.275379][ T7349] EXT4-fs (loop1): failed to initialize system zone (-22)
[  343.275776][ T7349] EXT4-fs (loop1): mount failed
[  344.113551][ T5614] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  344.182260][ T5614] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  344.229340][ T5614] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  344.233992][ T5614] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  344.257522][ T5614] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  344.463568][ T7363] netlink: 164 bytes leftover after parsing attributes in process `syz.1.362'.
[  346.733962][ T5614] Bluetooth: hci0: command tx timeout
[  347.523794][   T38] audit: type=1326 audit(1777331398.497:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7388 comm="syz.0.371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0026e6cdd9 code=0x7ffc0000
[  347.525356][   T38] audit: type=1326 audit(1777331398.497:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7388 comm="syz.0.371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0026e6cdd9 code=0x7ffc0000
[  347.529288][   T38] audit: type=1326 audit(1777331398.507:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7388 comm="syz.0.371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=107 compat=0 ip=0x7f0026e6cdd9 code=0x7ffc0000
[  347.529672][   T38] audit: type=1326 audit(1777331398.507:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7388 comm="syz.0.371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0026e6cdd9 code=0x7ffc0000
[  347.530209][   T38] audit: type=1326 audit(1777331398.507:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7388 comm="syz.0.371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0026e6cdd9 code=0x7ffc0000
[  347.530534][   T38] audit: type=1326 audit(1777331398.507:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7388 comm="syz.0.371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0026e6cdd9 code=0x7ffc0000
[  347.531404][   T38] audit: type=1326 audit(1777331398.507:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7388 comm="syz.0.371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0026e6cdd9 code=0x7ffc0000
[  347.532237][   T38] audit: type=1326 audit(1777331398.507:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7388 comm="syz.0.371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0026e6cdd9 code=0x7ffc0000
[  347.532672][   T38] audit: type=1326 audit(1777331398.507:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7388 comm="syz.0.371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f0026e6cdd9 code=0x7ffc0000
[  347.532972][   T38] audit: type=1326 audit(1777331398.507:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7388 comm="syz.0.371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0026e6cdd9 code=0x7ffc0000
[  347.720692][  T150] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  348.944462][ T5614] Bluetooth: hci0: command tx timeout
[  350.323468][ T7409] binder: 7403:7409 unknown command 0
[  350.323493][ T7409] binder: 7403:7409 ioctl c0306201 200000000640 returned -22
[  350.355591][ T7404] binder: 7403:7404 ioctl c0306201 200000000540 returned -14
[  350.624209][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  350.644227][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  350.793620][  T150] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  351.024277][ T5614] Bluetooth: hci0: command tx timeout
[  351.511816][  T150] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  353.894345][ T5614] Bluetooth: hci0: command tx timeout
[  354.571831][ T7450] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.386'.
[  354.712898][ T7361] lo speed is unknown, defaulting to 1000
[  357.280310][ T7463] loop1: detected capacity change from 0 to 1024
[  357.400797][ T7461] netlink: 4 bytes leftover after parsing attributes in process `syz.4.387'.
[  357.662826][ T7463] EXT4-fs: Ignoring removed nomblk_io_submit option
[  358.377757][ T7463] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  363.532522][  T150] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  366.601300][ T7480] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  366.601328][ T7480] CIFS mount error: No usable UNC path provided in device string!
[  366.601328][ T7480] 
[  366.601460][ T7480] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  367.323448][ T7484] netlink: 4 bytes leftover after parsing attributes in process `syz.0.392'.
[  367.370843][ T5605] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  367.460301][ T7482] loop4: detected capacity change from 0 to 512
[  367.477275][ T7482] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  367.477295][ T7482] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  367.719171][ T7482] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2860: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  367.720483][ T7482] EXT4-fs (loop4): 1 truncate cleaned up
[  367.726199][ T7482] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  368.139023][ T7497] netlink: 84 bytes leftover after parsing attributes in process `syz.1.393'.
[  368.667482][ T5269] 8021q: adding VLAN 0 to HW filter on device eth5
[  369.106337][ T5606] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  372.845273][   T38] kauditd_printk_skb: 23 callbacks suppressed
[  372.845316][   T38] audit: type=1326 audit(1777331423.817:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7537 comm="syz.0.402" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0026e6cdd9 code=0x0
[  373.569309][ T7281] bridge0: port 1(bridge_slave_0) entered blocking state
[  373.569630][ T7281] bridge0: port 1(bridge_slave_0) entered disabled state
[  373.569993][ T7281] bridge_slave_0: entered allmulticast mode
[  373.573738][ T7281] bridge_slave_0: entered promiscuous mode
[  373.788748][ T7281] bridge0: port 2(bridge_slave_1) entered blocking state
[  373.789108][ T7281] bridge0: port 2(bridge_slave_1) entered disabled state
[  373.789512][ T7281] bridge_slave_1: entered allmulticast mode
[  373.793006][ T7281] bridge_slave_1: entered promiscuous mode
[  375.487381][ T7281] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  375.673846][ T7281] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  375.999813][  T150] bridge_slave_1: left allmulticast mode
[  375.999992][  T150] bridge_slave_1: left promiscuous mode
[  376.117773][  T150] bridge0: port 2(bridge_slave_1) entered disabled state
[  376.563357][  T150] bridge_slave_0: left allmulticast mode
[  376.606105][  T150] bridge_slave_0: left promiscuous mode
[  376.607251][  T150] bridge0: port 1(bridge_slave_0) entered disabled state
[  378.285495][ T5827] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  378.474359][ T5827] usb 2-1: Using ep0 maxpacket: 16
[  378.476237][ T5827] usb 2-1: config 0 has no interfaces?
[  378.476268][ T5827] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  378.476287][ T5827] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  379.273550][ T1335] ieee802154 phy0 wpan0: encryption failed: -22
[  379.273660][ T1335] ieee802154 phy1 wpan1: encryption failed: -22
[  379.523969][ T5827] usb 2-1: config 0 descriptor??
[  379.781935][ T5736] usb 2-1: USB disconnect, device number 5
[  380.771418][  T150] bridge_slave_1: left allmulticast mode
[  380.771466][  T150] bridge_slave_1: left promiscuous mode
[  380.828147][  T150] bridge0: port 2(bridge_slave_1) entered disabled state
[  380.985403][  T150] bridge_slave_0: left allmulticast mode
[  380.985431][  T150] bridge_slave_0: left promiscuous mode
[  380.985634][  T150] bridge0: port 1(bridge_slave_0) entered disabled state
[  383.649827][ T7649] netlink: 8 bytes leftover after parsing attributes in process `syz.4.425'.
[  386.562239][ T7651] loop4: detected capacity change from 0 to 40427
[  386.999239][ T7651] F2FS-fs (loop4): build fault injection rate: 771
[  387.835571][ T7651] F2FS-fs (loop4): invalid crc value
[  387.858592][ T7651] F2FS-fs (loop4): Failed to start F2FS issue_checkpoint_thread (-4)
[  388.399961][  T150] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  389.415987][  T150] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  390.651422][  T150] bond0 (unregistering): Released all slaves
[  394.998630][ T5611] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  395.045196][ T5611] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  395.047241][ T5611] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  395.051888][ T5611] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  395.086451][ T5611] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  395.189711][ T7692] loop1: detected capacity change from 0 to 512
[  395.200524][ T7692] EXT4-fs: Ignoring removed nomblk_io_submit option
[  395.245126][ T7692] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  395.245148][ T7692] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8840c01d, mo2=0102]
[  395.245444][ T7692] EXT4-fs (loop1): couldn't mount RDWR because of unsupported optional features (80)
[  395.245462][ T7692] EXT4-fs (loop1): Skipping orphan cleanup due to unknown ROCOMPAT features
[  395.377356][ T7692] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  395.695728][ T7697] loop4: detected capacity change from 0 to 32768
[  396.246940][ T7704] EXT4-fs warning (device loop1): dx_probe:861: inode #2: comm syz.1.435: dx entry: limit 65535 != root limit 120
[  396.247002][ T7704] EXT4-fs warning (device loop1): dx_probe:934: inode #2: comm syz.1.435: Corrupt directory, running e2fsck is recommended
[  397.149983][ T7697] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  397.249436][ T5605] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  397.287247][ T5611] Bluetooth: hci5: command tx timeout
[  397.312535][   T38] audit: type=1326 audit(1777331448.287:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7711 comm="syz.0.438" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0026e6cdd9 code=0x0
[  397.397305][ T7697] XFS (loop4): Ending clean mount
[  397.406544][ T7697] XFS (loop4): Quotacheck needed: Please wait.
[  398.076477][  T150] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  398.221136][ T7697] XFS (loop4): Quotacheck: Done.
[  399.494827][  T150] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  401.977328][ T5611] Bluetooth: hci5: command tx timeout
[  402.035238][  T150] bond0 (unregistering): Released all slaves
[  402.164782][ T5606] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  404.222752][ T5611] Bluetooth: hci5: command tx timeout
[  404.827147][ T5614] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  404.881000][ T5614] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  404.901953][ T5614] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  404.929225][ T5614] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  404.931617][ T5614] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  407.097684][    C1] vcan0: j1939_tp_rxtimer: 0xffff88803b713800: rx timeout, send abort
[  407.108690][ T5614] Bluetooth: hci5: command tx timeout
[  407.325868][ T5611] Bluetooth: hci6: command tx timeout
[  407.853637][    C1] vcan0: j1939_tp_rxtimer: 0xffff88803b713800: abort rx timeout. Force session deactivation
[  409.396772][ T5611] Bluetooth: hci6: command tx timeout
[  411.490974][ T5611] Bluetooth: hci6: command tx timeout
[  413.897239][ T5611] Bluetooth: hci6: command tx timeout
[  414.268884][ T5269] 8021q: adding VLAN 0 to HW filter on device eth6
[  416.923433][ T7825] 9p: Bad value for 'rfdno'
[  419.791585][ T7688] lo speed is unknown, defaulting to 1000
[  419.926572][ T7743] lo speed is unknown, defaulting to 1000
[  420.679020][ T7847] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  420.687861][ T7847] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  420.714523][ T7847] vhci_hcd vhci_hcd.0: Device attached
[  422.715311][ T5618] usb 41-1: new low-speed USB device number 2 using vhci_hcd
[  427.011103][ T7849] vhci_hcd: connection reset by peer
[  427.074544][ T1503] vhci_hcd vhci_hcd.4: stop threads
[  427.093084][ T1503] vhci_hcd vhci_hcd.4: release socket
[  427.236838][ T1503] vhci_hcd vhci_hcd.4: disconnect device
[  427.587622][  T150] hsr_slave_0: left promiscuous mode
[  427.625299][  T150] hsr_slave_1: left promiscuous mode
[  427.626388][  T150] batman_adv: batadv0: Removing interface: batadv_slave_0
[  427.670949][  T150] batman_adv: batadv0: Removing interface: batadv_slave_1
[  428.344581][  T150] hsr_slave_0: left promiscuous mode
[  428.384374][  T150] hsr_slave_1: left promiscuous mode
[  428.385282][  T150] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  428.385299][  T150] batman_adv: batadv0: Removing interface: batadv_slave_0
[  428.804322][ T5618] vhci_hcd vhci_hcd.4: vhci_device speed not set
[  429.252252][  T150] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  429.282781][  T150] batman_adv: batadv0: Removing interface: batadv_slave_1
[  429.951704][  T150] veth1_macvtap: left promiscuous mode
[  429.984681][  T150] veth1_vlan: left promiscuous mode
[  430.049227][  T150] veth0_vlan: left promiscuous mode
[  430.196586][ T7910] netlink: 32 bytes leftover after parsing attributes in process `syz.1.489'.
[  431.161865][ T7915] netlink: 32 bytes leftover after parsing attributes in process `syz.1.489'.
[  432.923859][ T7929] loop4: detected capacity change from 0 to 40427
[  432.977592][ T7929] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  432.977621][ T7929] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  433.049913][ T7929] F2FS-fs (loop4): invalid crc value
[  433.740503][ T7929] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  433.812269][ T7929] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  433.812315][ T7929] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  435.124274][   T38] audit: type=1800 audit(1777331485.347:227): pid=7942 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.486" name="file1" dev="loop4" ino=10 res=0 errno=0
[  435.757257][  T150] team0 (unregistering): Port device team_slave_1 removed
[  435.829957][  T150] team0 (unregistering): Port device team_slave_0 removed
[  436.073085][  T158] kworker/u8:7: attempt to access beyond end of device
[  436.073085][  T158] loop4: rw=1, sector=77824, nr_sectors = 2048 limit=40427
[  437.233050][  T158] kworker/u8:7: attempt to access beyond end of device
[  437.233050][  T158] loop4: rw=1, sector=79872, nr_sectors = 2048 limit=40427
[  437.544498][  T158] kworker/u8:7: attempt to access beyond end of device
[  437.544498][  T158] loop4: rw=1, sector=49152, nr_sectors = 4096 limit=40427
[  438.357191][  T158] kworker/u8:7: attempt to access beyond end of device
[  438.357191][  T158] loop4: rw=1, sector=57344, nr_sectors = 10272 limit=40427
[  439.753060][  T150] team0 (unregistering): Port device team_slave_1 removed
[  439.856989][  T150] team0 (unregistering): Port device team_slave_0 removed
[  440.080880][ T1335] ieee802154 phy0 wpan0: encryption failed: -22
[  440.081140][ T1335] ieee802154 phy1 wpan1: encryption failed: -22
[  443.026973][ T5269] 8021q: adding VLAN 0 to HW filter on device eth7
[  445.946524][ T8022] netlink: 'syz.1.503': attribute type 1 has an invalid length.
[  446.816090][ T8022] 8021q: adding VLAN 0 to HW filter on device bond1
[  446.937459][ T8026] gretap1: entered promiscuous mode
[  446.959699][ T8026] bond1: (slave gretap1): making interface the new active one
[  446.976888][ T8026] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  447.034995][ T8032] macvlan2: entered promiscuous mode
[  447.035025][ T8032] macvlan2: entered allmulticast mode
[  447.036837][ T8032] bond1: entered promiscuous mode
[  447.039938][ T8032] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  447.041851][ T8032] bond1: (slave macvlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[  447.042881][ T8032] bond1: left promiscuous mode
[  449.177459][ T5269] 8021q: adding VLAN 0 to HW filter on device eth8
[  449.626644][ T8058] loop1: detected capacity change from 0 to 2048
[  450.906455][ T8058] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  451.289362][ T8067] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters
[  452.037602][ T5605] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  453.520818][ T7743] bridge0: port 1(bridge_slave_0) entered blocking state
[  453.521130][ T7743] bridge0: port 1(bridge_slave_0) entered disabled state
[  453.521455][ T7743] bridge_slave_0: entered allmulticast mode
[  454.486621][ T7743] bridge_slave_0: entered promiscuous mode
[  454.510008][ T7743] bridge0: port 2(bridge_slave_1) entered blocking state
[  454.510269][ T7743] bridge0: port 2(bridge_slave_1) entered disabled state
[  454.510564][ T7743] bridge_slave_1: entered allmulticast mode
[  454.522215][ T7743] bridge_slave_1: entered promiscuous mode
[  455.084626][ T7743] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  455.104002][ T7743] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  456.490783][ T5614] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  456.521125][ T5614] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  456.568223][ T5614] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  456.569627][ T5614] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  456.570581][ T5614] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  456.758455][ T8107] Bluetooth: MGMT ver 1.23
[  456.758498][ T8107] Bluetooth: hci0: invalid length 0, exp 2 for type 13
[  457.081185][ T8114] loop4: detected capacity change from 0 to 2048
[  457.214581][ T8114] UDF-fs: error (device loop4): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  457.214776][ T8114] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found
[  457.214792][ T8114] UDF-fs: Scanning with blocksize 512 failed
[  457.332260][   T38] audit: type=1800 audit(1777331508.307:228): pid=8119 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.519" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=16689 res=0 errno=0
[  457.457059][ T8114] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  457.705507][ T7743] team0: Port device team_slave_0 added
[  457.759448][ T7743] team0: Port device team_slave_1 added
[  458.172165][ T7743] batman_adv: batadv0: Adding interface: batadv_slave_0
[  458.172184][ T7743] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  458.172210][ T7743] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  458.247731][ T7743] batman_adv: batadv0: Adding interface: batadv_slave_1
[  458.247744][ T7743] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  458.247765][ T7743] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  458.759018][ T7743] hsr_slave_0: entered promiscuous mode
[  458.787060][ T5611] Bluetooth: hci0: command tx timeout
[  458.850209][ T7743] hsr_slave_1: entered promiscuous mode
[  458.861205][ T7743] debugfs: 'hsr0' already exists in 'hsr'
[  458.861238][ T7743] Cannot create hsr debugfs directory
[  460.492495][  T150] bridge_slave_1: left allmulticast mode
[  460.492531][  T150] bridge_slave_1: left promiscuous mode
[  460.492800][  T150] bridge0: port 2(bridge_slave_1) entered disabled state
[  462.488127][ T8146] loop1: detected capacity change from 0 to 40427
[  462.517057][ T8146] F2FS-fs (loop1): Small segment_count (9 < 1 * 24)
[  462.517085][ T8146] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  463.911791][ T5611] Bluetooth: hci0: command tx timeout
[  464.050060][  T150] bridge_slave_0: left allmulticast mode
[  464.050097][  T150] bridge_slave_0: left promiscuous mode
[  464.050375][  T150] bridge0: port 1(bridge_slave_0) entered disabled state
[  464.304022][ T5614] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  464.392015][ T5614] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  464.394605][ T5614] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  464.400059][ T5614] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  464.423992][ T5614] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  465.673206][ T8146] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  465.807404][  T150] bridge_slave_1: left allmulticast mode
[  465.807434][  T150] bridge_slave_1: left promiscuous mode
[  465.807637][  T150] bridge0: port 2(bridge_slave_1) entered disabled state
[  465.812957][ T8146] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  465.812987][ T8146] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  465.854405][ T8188] loop4: detected capacity change from 0 to 512
[  465.856591][ T8188] EXT4-fs: Ignoring removed nobh option
[  465.871142][ T8188] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  465.973256][ T8188] EXT4-fs (loop4): 1 truncate cleaned up
[  465.978688][ T8188] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  466.142266][  T150] bridge_slave_0: left allmulticast mode
[  466.142305][  T150] bridge_slave_0: left promiscuous mode
[  466.142588][  T150] bridge0: port 1(bridge_slave_0) entered disabled state
[  466.305105][ T5611] Bluetooth: hci0: command tx timeout
[  466.643063][ T5611] Bluetooth: hci3: command tx timeout
[  468.084811][  T150] bridge_slave_1: left allmulticast mode
[  468.084846][  T150] bridge_slave_1: left promiscuous mode
[  468.084909][ T5606] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  468.085095][  T150] bridge0: port 2(bridge_slave_1) entered disabled state
[  468.208994][  T150] bridge_slave_0: left allmulticast mode
[  468.209029][  T150] bridge_slave_0: left promiscuous mode
[  468.216334][  T150] bridge0: port 1(bridge_slave_0) entered disabled state
[  468.384309][ T5611] Bluetooth: hci0: command tx timeout
[  468.890910][ T5611] Bluetooth: hci3: command tx timeout
[  470.163886][ T8212] process 'syz.1.535' launched './file1' with NULL argv: empty string added
[  470.375327][ T5736] IPVS: starting estimator thread 0...
[  470.750290][ T8210] IPVS: using max 8 ests per chain, 19200 per kthread
[  471.577164][ T5611] Bluetooth: hci3: command tx timeout
[  471.671846][   T38] audit: type=1326 audit(1777331522.647:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8213 comm="syz.1.539" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8f4a7dcdd9 code=0x0
[  472.364149][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  472.876549][  T150] bond0 (unregistering): Released all slaves
[  473.610451][ T5611] Bluetooth: hci3: command tx timeout
[  473.658308][ T8229] loop4: detected capacity change from 0 to 128
[  473.823022][   T38] audit: type=1800 audit(1777331524.767:230): pid=8229 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.543" name="file1" dev="loop4" ino=1048659 res=0 errno=0
[  475.603498][  T150] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  475.777648][ T5865] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  475.802893][  T150] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  475.866467][  T150] bond0 (unregistering): Released all slaves
[  475.938612][ T5865] usb 1-1: Using ep0 maxpacket: 32
[  475.949140][ T5865] usb 1-1: config 3 has an invalid interface number: 14 but max is 0
[  475.949215][ T5865] usb 1-1: config 3 has no interface number 0
[  475.949320][ T5865] usb 1-1: config 3 interface 14 has no altsetting 0
[  475.989949][ T5865] usb 1-1: New USB device found, idVendor=04b4, idProduct=0002, bcdDevice=ac.d1
[  475.989982][ T5865] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  475.990003][ T5865] usb 1-1: Product: syz
[  475.990017][ T5865] usb 1-1: Manufacturer: syz
[  475.990032][ T5865] usb 1-1: SerialNumber: syz
[  476.054558][   T37] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  476.214346][   T37] usb 5-1: Using ep0 maxpacket: 16
[  476.216740][   T37] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  476.216776][   T37] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  476.216829][   T37] usb 5-1: New USB device found, idVendor=0810, idProduct=0002, bcdDevice= 0.00
[  476.216854][   T37] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  476.220212][  T150] bond0 (unregistering): Released all slaves
[  476.309279][   T37] usb 5-1: config 0 descriptor??
[  476.616469][ T8237] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  476.618713][ T8237] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  476.955907][  T150] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  477.103117][  T150] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  477.189120][  T150] bond0 (unregistering): Released all slaves
[  477.528981][ T5865] cytherm 1-1:3.14: Cypress thermometer device now attached
[  477.667870][ T5865] usb 1-1: USB disconnect, device number 2
[  477.693465][ T5865] cytherm 1-1:3.14: Cypress thermometer now disconnected
[  477.847084][  T150] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  477.930350][  T150] bond0 (unregistering): Released all slaves
[  478.173665][   T37] usbhid 5-1:0.0: can't add hid device: -71
[  478.190973][   T37] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  478.334262][   T37] usb 5-1: USB disconnect, device number 3
[  481.031707][ T8100] lo speed is unknown, defaulting to 1000
[  483.688602][ T8297] comedi comedi3: adq12b: I/O base address or length out of range
[  483.855270][ T8297] netlink: 27 bytes leftover after parsing attributes in process `syz.1.557'.
[  484.321204][ T5590] hid-generic 0000:0000:0004.0001: unknown main item tag 0x0
[  484.321246][ T5590] hid-generic 0000:0000:0004.0001: unknown main item tag 0x0
[  484.321271][ T5590] hid-generic 0000:0000:0004.0001: unknown main item tag 0x0
[  484.321295][ T5590] hid-generic 0000:0000:0004.0001: unknown main item tag 0x0
[  484.321320][ T5590] hid-generic 0000:0000:0004.0001: unknown main item tag 0x0
[  484.321344][ T5590] hid-generic 0000:0000:0004.0001: unknown main item tag 0x0
[  484.321368][ T5590] hid-generic 0000:0000:0004.0001: unknown main item tag 0x0
[  484.321391][ T5590] hid-generic 0000:0000:0004.0001: unknown main item tag 0x0
[  484.321416][ T5590] hid-generic 0000:0000:0004.0001: unknown main item tag 0x0
[  484.321440][ T5590] hid-generic 0000:0000:0004.0001: unknown main item tag 0x0
[  484.539344][ T5590] hid-generic 0000:0000:0004.0001: hidraw0: <UNKNOWN> HID v0.03 Device [syz1] on syz0
[  485.530467][ T8174] lo speed is unknown, defaulting to 1000
[  485.641693][ T5269] 8021q: adding VLAN 0 to HW filter on device eth9
[  489.315973][  T150] batman_adv: batadv0: Removing interface: batadv_slave_0
[  489.342016][  T150] batman_adv: batadv0: Removing interface: batadv_slave_1
[  490.834162][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  490.854160][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  490.864164][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  490.874156][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  493.428282][  T150] team0 (unregistering): Port device team_slave_1 removed
[  494.397947][  T150] team0 (unregistering): Port device team_slave_0 removed
[  497.700298][ T8377] loop4: detected capacity change from 0 to 32768
[  497.732984][ T8377] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.576 (8377)
[  497.858183][ T8377] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  497.858230][ T8377] BTRFS info (device loop4): using sha256 checksum algorithm
[  498.182592][ T8377] BTRFS info (device loop4): enabling ssd optimizations
[  498.182623][ T8377] BTRFS info (device loop4): turning on async discard
[  498.182639][ T8377] BTRFS info (device loop4): enabling free space tree
[  498.998388][   T38] audit: type=1800 audit(1777331549.967:231): pid=8411 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.576" name="file2" dev="loop4" ino=261 res=0 errno=0
[  501.511705][ T1335] ieee802154 phy0 wpan0: encryption failed: -22
[  501.511814][ T1335] ieee802154 phy1 wpan1: encryption failed: -22
[  501.997502][ T5269] 8021q: adding VLAN 0 to HW filter on device eth10
[  502.538247][ T8437] nbd0: detected capacity change from 0 to 128
[  502.573366][ T5611] block nbd0: Receive control failed (result -32)
[  502.609443][ T5614] block nbd0: Receive control failed (result -32)
[  502.661977][ T8100] bridge0: port 1(bridge_slave_0) entered blocking state
[  502.662293][ T8100] bridge0: port 1(bridge_slave_0) entered disabled state
[  502.679448][ T8100] bridge_slave_0: entered allmulticast mode
[  502.778058][ T8100] bridge_slave_0: entered promiscuous mode
[  502.909643][ T8396] block nbd0: Dead connection, failed to find a fallback
[  502.909671][ T8396] block nbd0: shutting down sockets
[  502.911627][ T8396] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  502.934502][ T8396] Buffer I/O error on dev nbd0, logical block 0, async page read
[  502.935209][ T8396] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  502.935239][ T8396] Buffer I/O error on dev nbd0, logical block 0, async page read
[  502.935405][ T8396] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  502.935429][ T8396] Buffer I/O error on dev nbd0, logical block 0, async page read
[  502.935575][ T8396] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  502.935598][ T8396] Buffer I/O error on dev nbd0, logical block 0, async page read
[  502.935744][ T8396] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  502.935767][ T8396] Buffer I/O error on dev nbd0, logical block 0, async page read
[  502.935943][ T8396] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  502.935965][ T8396] Buffer I/O error on dev nbd0, logical block 0, async page read
[  502.939998][ T8396] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  502.940097][ T8396] Buffer I/O error on dev nbd0, logical block 0, async page read
[  502.940646][ T8396] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  502.940713][ T8396] Buffer I/O error on dev nbd0, logical block 0, async page read
[  502.940977][ T8396] ldm_validate_partition_table(): Disk read failed.
[  502.941183][ T8396] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  502.941239][ T8396] Buffer I/O error on dev nbd0, logical block 0, async page read
[  502.941680][ T8396] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  502.941742][ T8396] Buffer I/O error on dev nbd0, logical block 0, async page read
[  502.942444][ T8396] Dev nbd0: unable to read RDB block 0
[  502.980074][ T8396]  nbd0: unable to read partition table
[  502.987905][  T822] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  503.162964][ T8396] ldm_validate_partition_table(): Disk read failed.
[  503.163392][ T8396] Dev nbd0: unable to read RDB block 0
[  503.163917][ T8396]  nbd0: unable to read partition table
[  503.172679][  T822] usb 1-1: Using ep0 maxpacket: 16
[  503.175319][  T822] usb 1-1: config 1 has an invalid descriptor of length 189, skipping remainder of the config
[  503.175344][  T822] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  503.196786][  T822] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  503.196834][  T822] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  503.196855][  T822] usb 1-1: Product: syz
[  503.196870][  T822] usb 1-1: Manufacturer: syz
[  503.196885][  T822] usb 1-1: SerialNumber: syz
[  503.289987][ T8100] bridge0: port 2(bridge_slave_1) entered blocking state
[  503.290364][ T8100] bridge0: port 2(bridge_slave_1) entered disabled state
[  503.290713][ T8100] bridge_slave_1: entered allmulticast mode
[  503.375380][ T8100] bridge_slave_1: entered promiscuous mode
[  503.613387][  T822] usb 1-1: 0:2 : does not exist
[  503.751539][  T822] usb 1-1: 5:0: failed to get current value for ch 0 (-22)
[  503.859200][ T8174] bridge0: port 1(bridge_slave_0) entered blocking state
[  503.859512][ T8174] bridge0: port 1(bridge_slave_0) entered disabled state
[  503.859887][ T8174] bridge_slave_0: entered allmulticast mode
[  503.888373][ T8174] bridge_slave_0: entered promiscuous mode
[  504.025594][ T8100] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  504.028367][ T8174] bridge0: port 2(bridge_slave_1) entered blocking state
[  504.028747][ T8174] bridge0: port 2(bridge_slave_1) entered disabled state
[  504.029066][ T8174] bridge_slave_1: entered allmulticast mode
[  504.103879][ T8174] bridge_slave_1: entered promiscuous mode
[  504.212903][ T8100] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  504.333840][ T5606] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  504.640903][  T822] usb 1-1: USB disconnect, device number 3
[  506.330790][ T8455] netlink: 32 bytes leftover after parsing attributes in process `syz.0.586'.
[  506.559076][ T8174] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  506.570819][ T8100] team0: Port device team_slave_0 added
[  506.638192][ T8174] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  506.687951][ T8100] team0: Port device team_slave_1 added
[  507.945731][ T8174] team0: Port device team_slave_0 added
[  507.965713][ T8100] batman_adv: batadv0: Adding interface: batadv_slave_0
[  507.965727][ T8100] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  507.965748][ T8100] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  508.127317][ T8465] loop1: detected capacity change from 0 to 512
[  508.128378][ T8465] ext4: Unknown parameter 'obj_role'
[  508.128579][ T8174] team0: Port device team_slave_1 added
[  508.168908][ T8100] batman_adv: batadv0: Adding interface: batadv_slave_1
[  508.168925][ T8100] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  508.168952][ T8100] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  509.826838][ T8174] batman_adv: batadv0: Adding interface: batadv_slave_0
[  509.826855][ T8174] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  509.826882][ T8174] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  509.891501][ T8174] batman_adv: batadv0: Adding interface: batadv_slave_1
[  509.891513][ T8174] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  509.891530][ T8174] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  511.413026][ T8100] hsr_slave_0: entered promiscuous mode
[  511.417866][ T8100] hsr_slave_1: entered promiscuous mode
[  511.421539][ T8100] debugfs: 'hsr0' already exists in 'hsr'
[  511.421566][ T8100] Cannot create hsr debugfs directory
[  512.577833][ T8174] hsr_slave_0: entered promiscuous mode
[  512.580763][ T8174] hsr_slave_1: entered promiscuous mode
[  512.582833][ T8174] debugfs: 'hsr0' already exists in 'hsr'
[  512.582856][ T8174] Cannot create hsr debugfs directory
[  512.872310][ T5269] 8021q: adding VLAN 0 to HW filter on device eth11
[  514.471709][ T5614] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  514.551981][ T5614] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  514.555136][ T5710] usb 1-1: new full-speed USB device number 4 using dummy_hcd
[  514.606068][ T5614] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  514.609234][ T5614] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  514.610174][ T5614] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  516.735042][ T5611] Bluetooth: hci5: command tx timeout
[  517.180226][ T5710] usb 1-1: unable to get BOS descriptor or descriptor too short
[  517.182403][ T5710] usb 1-1: unable to read config index 0 descriptor/start: -71
[  517.182438][ T5710] usb 1-1: can't read configurations, error -71
[  518.364954][  T150] bridge_slave_1: left allmulticast mode
[  518.364988][  T150] bridge_slave_1: left promiscuous mode
[  518.365258][  T150] bridge0: port 2(bridge_slave_1) entered disabled state
[  518.519496][ T8557] loop1: detected capacity change from 0 to 128
[  518.541849][ T8557] EXT4-fs (loop1): Test dummy encryption mode enabled
[  518.569797][  T150] bridge_slave_0: left allmulticast mode
[  518.569832][  T150] bridge_slave_0: left promiscuous mode
[  518.570192][  T150] bridge0: port 1(bridge_slave_0) entered disabled state
[  518.750098][ T8557] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  518.768591][ T8557] ext4 filesystem being mounted at /159/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  518.932918][ T5611] Bluetooth: hci5: command tx timeout
[  521.275075][ T5611] Bluetooth: hci5: command tx timeout
[  521.348879][ T5605] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  521.423370][ T8572] loop1: detected capacity change from 0 to 2048
[  521.492902][  T150] bridge_slave_1: left allmulticast mode
[  521.492939][  T150] bridge_slave_1: left promiscuous mode
[  521.493208][  T150] bridge0: port 2(bridge_slave_1) entered disabled state
[  521.550139][ T4974] Alternate GPT is invalid, using primary GPT.
[  521.550227][ T4974]  loop1: p1 p2 p3
[  521.550252][ T4974] loop1: partition table partially beyond EOD, truncated
[  521.599924][  T150] bridge_slave_0: left allmulticast mode
[  521.599960][  T150] bridge_slave_0: left promiscuous mode
[  521.600217][  T150] bridge0: port 1(bridge_slave_0) entered disabled state
[  521.910011][ T8572] Alternate GPT is invalid, using primary GPT.
[  521.910099][ T8572]  loop1: p1 p2 p3
[  521.910125][ T8572] loop1: partition table partially beyond EOD, truncated
[  523.643417][ T5611] Bluetooth: hci5: command tx timeout
[  523.911717][  T150] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  524.035863][  T150] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  524.192363][  T150] bond0 (unregistering): Released all slaves
[  526.249077][ T5614] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  526.478541][ T5614] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  526.482059][ T5614] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  526.483275][ T5614] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  526.509387][ T5614] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  526.589381][ T8359] udevd[8359]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory
[  526.596959][ T8396] udevd[8396]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory
[  526.867217][ T8401] udevd[8401]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory
[  527.023828][  T150] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  527.224280][ T5618] usb 5-1: new full-speed USB device number 4 using dummy_hcd
[  527.252245][  T150] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  527.306269][  T150] bond0 (unregistering): Released all slaves
[  527.342801][ T5269] 8021q: adding VLAN 0 to HW filter on device eth12
[  529.010036][ T5618] usb 5-1: unable to get BOS descriptor or descriptor too short
[  529.011944][ T5618] usb 5-1: unable to read config index 0 descriptor/start: -71
[  529.011980][ T5618] usb 5-1: can't read configurations, error -71
[  529.086490][ T5614] Bluetooth: hci0: command tx timeout
[  531.107278][ T5614] Bluetooth: hci0: command tx timeout
[  531.455978][  T150] hsr_slave_0: left promiscuous mode
[  531.538019][  T150] hsr_slave_1: left promiscuous mode
[  531.538778][  T150] batman_adv: batadv0: Removing interface: batadv_slave_0
[  531.639705][  T150] batman_adv: batadv0: Removing interface: batadv_slave_1
[  531.900151][  T150] hsr_slave_0: left promiscuous mode
[  531.934243][  T150] hsr_slave_1: left promiscuous mode
[  531.935098][  T150] batman_adv: batadv0: Removing interface: batadv_slave_0
[  532.675662][  T150] batman_adv: batadv0: Removing interface: batadv_slave_1
[  533.184214][ T5614] Bluetooth: hci0: command tx timeout
[  534.467646][  T150] team0 (unregistering): Port device team_slave_1 removed
[  535.264405][ T5614] Bluetooth: hci0: command tx timeout
[  535.367684][  T150] team0 (unregistering): Port device team_slave_0 removed
[  537.267462][ T8671] loop4: detected capacity change from 0 to 32768
[  537.337588][ T8671] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  537.418094][ T8671] XFS (loop4): Ending clean mount
[  537.456169][ T8671] XFS (loop4): Quotacheck needed: Please wait.
[  537.815772][  T150] team0 (unregistering): Port device team_slave_1 removed
[  538.351685][  T150] team0 (unregistering): Port device team_slave_0 removed
[  538.449291][ T8671] XFS (loop4): Quotacheck: Done.
[  538.724509][ T8688] loop1: detected capacity change from 0 to 512
[  538.733046][ T8688] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  539.411511][ T8688] EXT4-fs (loop1): 1 truncate cleaned up
[  539.424716][ T8688] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  539.608931][ T5606] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  539.691715][ T8523] lo speed is unknown, defaulting to 1000
[  540.801181][ T5605] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  542.438663][ T8604] lo speed is unknown, defaulting to 1000
[  544.776019][ T8730] loop1: detected capacity change from 0 to 32768
[  544.826396][ T8730] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.635 (8730)
[  544.954045][ T8730] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  544.954115][ T8730] BTRFS info (device loop1): using sha256 checksum algorithm
[  545.179765][ T8730] BTRFS info (device loop1): setting nodatasum
[  545.179793][ T8730] BTRFS info (device loop1): enabling ssd optimizations
[  545.179812][ T8730] BTRFS info (device loop1): turning on async discard
[  545.179828][ T8730] BTRFS info (device loop1): enabling free space tree
[  546.156477][   T38] audit: type=1800 audit(1777331596.853:232): pid=8759 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.635" name="file1" dev="loop1" ino=260 res=0 errno=0
[  548.153762][ T8779] blk_print_req_error: 27 callbacks suppressed
[  548.153784][ T8779] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  548.153812][ T8779] buffer_io_error: 27 callbacks suppressed
[  548.153823][ T8779] Buffer I/O error on dev nbd0, logical block 0, async page read
[  548.561996][ T8779] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  548.562030][ T8779] Buffer I/O error on dev nbd0, logical block 0, async page read
[  548.562182][ T8779] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  548.562208][ T8779] Buffer I/O error on dev nbd0, logical block 0, async page read
[  548.562351][ T8779] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  548.562376][ T8779] Buffer I/O error on dev nbd0, logical block 0, async page read
[  548.562519][ T8779] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  548.562543][ T8779] Buffer I/O error on dev nbd0, logical block 0, async page read
[  548.562809][ T8779] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  548.562843][ T8779] Buffer I/O error on dev nbd0, logical block 0, async page read
[  548.563014][ T8779] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  548.563040][ T8779] Buffer I/O error on dev nbd0, logical block 0, async page read
[  548.563193][ T8779] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  548.571379][ T8779] Buffer I/O error on dev nbd0, logical block 0, async page read
[  548.571504][ T8779] ldm_validate_partition_table(): Disk read failed.
[  548.571614][ T8779] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  548.571642][ T8779] Buffer I/O error on dev nbd0, logical block 0, async page read
[  548.571805][ T8779] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  548.571851][ T8779] Buffer I/O error on dev nbd0, logical block 0, async page read
[  548.572205][ T8779] Dev nbd0: unable to read RDB block 0
[  548.635474][ T8779]  nbd0: unable to read partition table
[  549.893518][ T5605] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  549.929674][ T8523] bridge0: port 1(bridge_slave_0) entered blocking state
[  549.930020][ T8523] bridge0: port 1(bridge_slave_0) entered disabled state
[  549.930433][ T8523] bridge_slave_0: entered allmulticast mode
[  549.933928][ T8523] bridge_slave_0: entered promiscuous mode
[  549.970316][ T8523] bridge0: port 2(bridge_slave_1) entered blocking state
[  549.970789][ T8523] bridge0: port 2(bridge_slave_1) entered disabled state
[  549.971115][ T8523] bridge_slave_1: entered allmulticast mode
[  549.995592][ T8523] bridge_slave_1: entered promiscuous mode
[  550.051000][ T8523] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  550.067581][ T8523] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  550.255225][ T8523] team0: Port device team_slave_0 added
[  550.276679][ T8523] team0: Port device team_slave_1 added
[  551.401438][ T8805] loop4: detected capacity change from 0 to 16
[  551.616575][ T8805] erofs (device loop4): mounted with root inode @ nid 36.
[  551.640795][ T8523] batman_adv: batadv0: Adding interface: batadv_slave_0
[  551.640813][ T8523] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  551.640841][ T8523] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  551.808200][ T8523] batman_adv: batadv0: Adding interface: batadv_slave_1
[  551.808218][ T8523] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  551.808245][ T8523] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  551.953728][ T8807] netlink: 216 bytes leftover after parsing attributes in process `syz.4.644'.
[  552.190683][ T8807] netlink: 24 bytes leftover after parsing attributes in process `syz.4.644'.
[  553.529184][ T8523] hsr_slave_0: entered promiscuous mode
[  553.548940][ T8523] hsr_slave_1: entered promiscuous mode
[  553.552979][ T8523] debugfs: 'hsr0' already exists in 'hsr'
[  553.553009][ T8523] Cannot create hsr debugfs directory
[  553.617545][ T8604] bridge0: port 1(bridge_slave_0) entered blocking state
[  553.618556][ T8604] bridge0: port 1(bridge_slave_0) entered disabled state
[  553.618836][ T8604] bridge_slave_0: entered allmulticast mode
[  553.622582][ T8604] bridge_slave_0: entered promiscuous mode
[  553.635092][ T8604] bridge0: port 2(bridge_slave_1) entered blocking state
[  553.642236][ T8604] bridge0: port 2(bridge_slave_1) entered disabled state
[  553.642612][ T8604] bridge_slave_1: entered allmulticast mode
[  553.684615][ T8604] bridge_slave_1: entered promiscuous mode
[  554.610075][ T8831] loop4: detected capacity change from 0 to 128
[  555.905617][ T8831] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  555.936554][ T8831] ext4 filesystem being mounted at /197/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  558.773230][ T8604] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  559.342860][ T5606] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  559.819717][ T8604] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  560.546758][ T8604] team0: Port device team_slave_0 added
[  564.326231][ T1335] ieee802154 phy0 wpan0: encryption failed: -22
[  564.326329][ T1335] ieee802154 phy1 wpan1: encryption failed: -22
[  565.072589][ T8604] team0: Port device team_slave_1 added
[  570.237007][ T8930] loop4: detected capacity change from 0 to 128
[  570.262333][ T8930] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  570.280875][ T8930] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  573.819579][ T8604] batman_adv: batadv0: Adding interface: batadv_slave_0
[  573.819597][ T8604] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  573.819627][ T8604] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  573.918153][ T8604] batman_adv: batadv0: Adding interface: batadv_slave_1
[  573.918171][ T8604] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  573.918200][ T8604] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  575.098420][ T8604] hsr_slave_0: entered promiscuous mode
[  575.130897][ T8604] hsr_slave_1: entered promiscuous mode
[  575.178462][ T8604] debugfs: 'hsr0' already exists in 'hsr'
[  575.178482][ T8604] Cannot create hsr debugfs directory
[  576.692378][ T5611] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  576.754453][ T5611] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  576.764762][ T5611] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  576.813837][ T5611] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  576.818257][ T5611] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  578.508854][ T8997] netlink: 16 bytes leftover after parsing attributes in process `syz.4.679'.
[  581.854293][ T5611] Bluetooth: hci3: command tx timeout
[  582.161384][ T9018] netlink: 20 bytes leftover after parsing attributes in process `syz.0.682'.
[  582.303196][   T38] audit: type=1800 audit(1777331633.273:233): pid=9022 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.683" name="file1" dev="overlay" ino=1102 res=0 errno=0
[  584.044415][ T5611] Bluetooth: hci3: command tx timeout
[  585.258900][ T8396] block nbd64: NBD_DISCONNECT
[  585.753047][ T9043] tipc: Failed to remove unknown binding: 66,0,0/0:2129877038/2129877040
[  585.753090][ T9043] tipc: Failed to remove unknown binding: 66,0,0/0:2129877038/2129877039
[  585.965320][ T9046] tipc: Failed to remove unknown binding: 66,0,0/0:2129877038/2129877040
[  585.965360][ T9046] tipc: Failed to remove unknown binding: 66,0,0/0:2129877038/2129877039
[  586.069312][ T5611] Bluetooth: hci3: command tx timeout
[  586.500522][ T8974] lo speed is unknown, defaulting to 1000
[  586.781821][ T5614] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  587.398053][ T5614] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  587.509582][ T5614] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  587.633491][ T5614] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  587.694237][ T5614] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  588.147780][ T5611] Bluetooth: hci3: command tx timeout
[  588.261839][ T9068] kernel profiling enabled (shift: 6)
[  588.305350][  T150] bridge_slave_1: left allmulticast mode
[  588.305387][  T150] bridge_slave_1: left promiscuous mode
[  588.305673][  T150] bridge0: port 2(bridge_slave_1) entered disabled state
[  588.502651][  T150] bridge_slave_0: left allmulticast mode
[  588.502690][  T150] bridge_slave_0: left promiscuous mode
[  588.503093][  T150] bridge0: port 1(bridge_slave_0) entered disabled state
[  590.001305][ T5611] Bluetooth: hci5: command tx timeout
[  592.331602][ T5611] Bluetooth: hci5: command tx timeout
[  593.793090][  T150] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  593.907850][  T150] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  595.348210][ T5611] Bluetooth: hci5: command tx timeout
[  595.505023][  T150] bond0 (unregistering): Released all slaves
[  597.434686][ T5611] Bluetooth: hci5: command tx timeout
[  601.954300][  T150] hsr_slave_0: left promiscuous mode
[  601.994317][  T150] hsr_slave_1: left promiscuous mode
[  601.995430][  T150] batman_adv: batadv0: Removing interface: batadv_slave_0
[  602.035823][  T150] batman_adv: batadv0: Removing interface: batadv_slave_1
[  602.415273][  T150] team0 (unregistering): Port device team_slave_1 removed
[  602.474969][  T150] team0 (unregistering): Port device team_slave_0 removed
[  602.954241][ T9054] lo speed is unknown, defaulting to 1000
[  603.627496][ T8974] bridge0: port 1(bridge_slave_0) entered blocking state
[  603.627807][ T8974] bridge0: port 1(bridge_slave_0) entered disabled state
[  603.628107][ T8974] bridge_slave_0: entered allmulticast mode
[  603.631886][ T8974] bridge_slave_0: entered promiscuous mode
[  603.670026][ T8974] bridge0: port 2(bridge_slave_1) entered blocking state
[  603.670376][ T8974] bridge0: port 2(bridge_slave_1) entered disabled state
[  603.670734][ T8974] bridge_slave_1: entered allmulticast mode
[  603.699722][ T8974] bridge_slave_1: entered promiscuous mode
[  603.893861][ T8974] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  603.981400][ T8974] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  604.137150][ T8974] team0: Port device team_slave_0 added
[  604.172640][ T8974] team0: Port device team_slave_1 added
[  604.354440][  T150] bridge_slave_1: left allmulticast mode
[  604.354477][  T150] bridge_slave_1: left promiscuous mode
[  604.362856][  T150] bridge0: port 2(bridge_slave_1) entered disabled state
[  604.447676][  T150] bridge_slave_0: left allmulticast mode
[  604.447714][  T150] bridge_slave_0: left promiscuous mode
[  604.448004][  T150] bridge0: port 1(bridge_slave_0) entered disabled state
[  604.655016][  T150] bridge_slave_1: left allmulticast mode
[  604.655046][  T150] bridge_slave_1: left promiscuous mode
[  604.655251][  T150] bridge0: port 2(bridge_slave_1) entered disabled state
[  604.715421][  T150] bridge_slave_0: left allmulticast mode
[  604.715448][  T150] bridge_slave_0: left promiscuous mode
[  604.715633][  T150] bridge0: port 1(bridge_slave_0) entered disabled state
[  604.995011][  T150] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  605.075276][  T150] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  605.136169][  T150] bond0 (unregistering): Released all slaves
[  605.295151][  T150] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  605.395073][  T150] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  605.455965][  T150] bond0 (unregistering): Released all slaves
[  605.612341][ T8974] batman_adv: batadv0: Adding interface: batadv_slave_0
[  605.612355][ T8974] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  605.612374][ T8974] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  605.683967][ T8974] batman_adv: batadv0: Adding interface: batadv_slave_1
[  605.683984][ T8974] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  605.684009][ T8974] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  605.850743][ T9054] bridge0: port 1(bridge_slave_0) entered blocking state
[  605.851045][ T9054] bridge0: port 1(bridge_slave_0) entered disabled state
[  605.851359][ T9054] bridge_slave_0: entered allmulticast mode
[  605.875563][ T9054] bridge_slave_0: entered promiscuous mode
[  605.887331][ T9054] bridge0: port 2(bridge_slave_1) entered blocking state
[  605.887912][ T9054] bridge0: port 2(bridge_slave_1) entered disabled state
[  605.888162][ T9054] bridge_slave_1: entered allmulticast mode
[  605.891247][ T9054] bridge_slave_1: entered promiscuous mode
[  606.176932][ T8974] hsr_slave_0: entered promiscuous mode
[  606.179424][ T8974] hsr_slave_1: entered promiscuous mode
[  606.181487][ T8974] debugfs: 'hsr0' already exists in 'hsr'
[  606.181512][ T8974] Cannot create hsr debugfs directory
[  606.251292][ T9054] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  606.299169][ T9054] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  606.574354][  T150] hsr_slave_0: left promiscuous mode
[  606.614401][  T150] hsr_slave_1: left promiscuous mode
[  606.616330][  T150] batman_adv: batadv0: Removing interface: batadv_slave_0
[  606.635320][  T150] batman_adv: batadv0: Removing interface: batadv_slave_1
[  606.794293][  T150] hsr_slave_0: left promiscuous mode
[  606.834217][  T150] hsr_slave_1: left promiscuous mode
[  606.835476][  T150] batman_adv: batadv0: Removing interface: batadv_slave_0
[  606.859245][  T150] batman_adv: batadv0: Removing interface: batadv_slave_1
[  607.295224][  T150] team0 (unregistering): Port device team_slave_1 removed
[  607.345037][  T150] team0 (unregistering): Port device team_slave_0 removed
[  607.824876][  T150] team0 (unregistering): Port device team_slave_1 removed
[  607.875321][  T150] team0 (unregistering): Port device team_slave_0 removed
[  608.083081][ T9054] team0: Port device team_slave_0 added
[  608.229709][ T9054] team0: Port device team_slave_1 added
[  608.391052][ T9054] batman_adv: batadv0: Adding interface: batadv_slave_0
[  608.391065][ T9054] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  608.391086][ T9054] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  608.444830][ T9054] batman_adv: batadv0: Adding interface: batadv_slave_1
[  608.444842][ T9054] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  608.444861][ T9054] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  608.704613][ T9054] hsr_slave_0: entered promiscuous mode
[  608.706304][ T9054] hsr_slave_1: entered promiscuous mode
[  608.707643][ T9054] debugfs: 'hsr0' already exists in 'hsr'
[  608.707681][ T9054] Cannot create hsr debugfs directory
[  609.666978][ T5269] 8021q: adding VLAN 0 to HW filter on device eth13
[  611.127588][ T5269] 8021q: adding VLAN 0 to HW filter on device eth14
[  611.781298][ T5269] 8021q: adding VLAN 0 to HW filter on device eth15
[  613.462311][ T8974] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  613.524703][ T8974] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  613.533309][ T8974] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  613.586961][ T8974] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  613.609324][ T8974] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  613.661615][ T8974] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  613.683027][ T8974] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  613.753268][ T8974] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  614.301275][ T9054] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  614.338909][ T9054] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  614.347916][ T9054] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  614.430984][ T9054] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  614.441861][ T9054] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  614.471695][ T9054] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  614.491923][ T9054] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  614.578840][ T9054] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  615.011492][ T8974] 8021q: adding VLAN 0 to HW filter on device bond0
[  615.094630][ T8974] 8021q: adding VLAN 0 to HW filter on device team0
[  615.198302][  T150] bridge0: port 1(bridge_slave_0) entered blocking state
[  615.217886][  T150] bridge0: port 1(bridge_slave_0) entered forwarding state
[  615.307534][  T164] bridge0: port 2(bridge_slave_1) entered blocking state
[  615.307711][  T164] bridge0: port 2(bridge_slave_1) entered forwarding state
[  615.408257][ T9054] 8021q: adding VLAN 0 to HW filter on device bond0
[  615.508175][ T9054] 8021q: adding VLAN 0 to HW filter on device team0
[  615.582051][   T67] bridge0: port 1(bridge_slave_0) entered blocking state
[  615.582226][   T67] bridge0: port 1(bridge_slave_0) entered forwarding state
[  615.733030][  T164] bridge0: port 2(bridge_slave_1) entered blocking state
[  615.733197][  T164] bridge0: port 2(bridge_slave_1) entered forwarding state
[  617.144874][ T8974] 8021q: adding VLAN 0 to HW filter on device batadv0
[  617.385715][ T9054] 8021q: adding VLAN 0 to HW filter on device batadv0
[  618.076568][ T8974] veth0_vlan: entered promiscuous mode
[  618.145996][ T8974] veth1_vlan: entered promiscuous mode
[  618.396711][ T9054] veth0_vlan: entered promiscuous mode
[  618.476248][ T9054] veth1_vlan: entered promiscuous mode
[  618.496641][ T8974] veth0_macvtap: entered promiscuous mode
[  618.536079][ T8974] veth1_macvtap: entered promiscuous mode
[  618.663158][ T8974] batman_adv: batadv0: Interface activated: batadv_slave_0
[  618.719705][ T8974] batman_adv: batadv0: Interface activated: batadv_slave_1
[  618.827770][ T9054] veth0_macvtap: entered promiscuous mode
[  618.838565][   T67] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  618.839959][   T67] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  618.841563][   T67] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  618.843114][   T67] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  618.912868][ T9054] veth1_macvtap: entered promiscuous mode
[  619.515087][ T9054] batman_adv: batadv0: Interface activated: batadv_slave_0
[  619.717299][ T9054] batman_adv: batadv0: Interface activated: batadv_slave_1
[  620.130302][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  620.130325][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  620.146122][ T3408] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  620.309643][ T3408] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  620.309851][ T3408] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  620.310025][ T3408] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  620.912212][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  620.912231][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  621.476868][ T1482] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  621.476892][ T1482] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  621.767679][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  621.767701][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  622.143200][ T9459] netlink: 16 bytes leftover after parsing attributes in process `syz.1.721'.
[  625.366289][ T1335] ieee802154 phy0 wpan0: encryption failed: -22
[  625.366439][ T1335] ieee802154 phy1 wpan1: encryption failed: -22
[  626.276752][ T9487] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  630.178225][ T9505] loop6: detected capacity change from 0 to 32768
[  630.179406][ T9505] btrfs: Deprecated parameter 'usebackuproot'
[  630.179679][ T9505] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  630.580767][ T9505] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.276 (9505)
[  631.254154][ T9505] BTRFS info (device loop6): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  631.254194][ T9505] BTRFS info (device loop6): using crc32c checksum algorithm
[  631.254227][ T9505] BTRFS warning (device loop6): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  632.207978][ T9505] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR
[  632.215009][ T9505] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR
[  632.215328][ T9505] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR
[  632.215646][ T9505] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR
[  632.215944][ T9505] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[  632.216237][ T9505] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[  632.216589][ T9505] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[  632.216934][ T9505] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[  632.217297][ T9505] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[  632.217610][ T9505] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  632.390883][ T9505] BTRFS error (device loop6): open_ctree failed: -12
[  636.565755][ T9588] tipc: Failed to remove unknown binding: 66,0,0/4:466516216/466516218
[  636.566217][ T9587] tipc: Failed to remove unknown binding: 66,0,0/4:2406041178/2406041179
[  636.566249][ T9587] tipc: Failed to remove unknown binding: 66,0,0/4:2406041178/2406041179
[  639.143741][ T9612] loop6: detected capacity change from 0 to 32768
[  639.379698][ T9612] ialloc: diAlloc returned -5!
[  647.058066][ T9674] atomic_op ffff88803bde3218 conn xmit_atomic 0000000000000000
[  657.940443][ T5614] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  658.952328][ T5614] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  658.960392][ T5614] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  658.961609][ T5614] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  659.208768][ T5614] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  661.414386][ T5611] Bluetooth: hci0: command tx timeout
[  663.609596][ T5611] Bluetooth: hci0: command tx timeout
[  665.328252][ T9748] lo speed is unknown, defaulting to 1000
[  665.374860][ T9810] IPv6: NLM_F_CREATE should be specified when creating new route
[  667.086748][ T5611] Bluetooth: hci0: command tx timeout
[  667.158168][ T9817] overlayfs: failed to clone upperpath
[  669.213197][ T5611] Bluetooth: hci0: command tx timeout
[  679.780690][   T44] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  682.846648][ T9916] overlayfs: failed to clone upperpath
[  685.535664][   T44] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  686.745208][ T1335] ieee802154 phy0 wpan0: encryption failed: -22
[  686.745319][ T1335] ieee802154 phy1 wpan1: encryption failed: -22
[  690.474537][ T5611] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  691.867642][ T9971] overlayfs: failed to resolve './file1': -2
[  694.697019][   T38] audit: type=1800 audit(1777331745.673:234): pid=10001 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.836" name="bus" dev="tmpfs" ino=161 res=0 errno=0
[  697.155613][   T38] audit: type=1326 audit(1777331748.133:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9995 comm="syz.5.836" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f502a4ccdd9 code=0x0
[  697.433324][T10016] overlayfs: failed to clone upperpath
[  703.273420][ T5611] Bluetooth: hci3: command 0x0406 tx timeout
[  711.468119][ T5611] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  711.523288][ T5611] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  711.533582][ T5611] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  711.580114][ T5611] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  711.581420][ T5611] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  715.834058][ T5611] Bluetooth: hci5: command tx timeout
[  716.948481][ T5614] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  717.953465][ T5614] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  717.976538][ T5614] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  718.240367][ T5614] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  718.241310][ T5614] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  719.743163][ T5611] Bluetooth: hci5: command tx timeout
[  722.192857][ T5614] Bluetooth: hci5: command tx timeout
[  722.212445][ T5614] Bluetooth: hci6: command tx timeout
[  725.795959][ T5611] Bluetooth: hci5: command tx timeout
[  725.849771][ T5611] Bluetooth: hci6: command tx timeout
[  728.074879][ T5611] Bluetooth: hci6: command tx timeout
[  730.309864][ T5611] Bluetooth: hci6: command tx timeout
[  747.383127][ T1335] ieee802154 phy0 wpan0: encryption failed: -22
[  747.383230][ T1335] ieee802154 phy1 wpan1: encryption failed: -22
[  762.892989][ T5614] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  763.185179][ T5614] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  763.187095][ T5614] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  763.188385][ T5614] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  763.232650][ T5614] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  764.078309][T10335] netlink: 132 bytes leftover after parsing attributes in process `syz.4.922'.
[  766.004260][ T5611] Bluetooth: hci7: command tx timeout
[  768.072375][ T5611] Bluetooth: hci7: command tx timeout
[  769.114188][T10371] trusted_key: syz.5.934 sent an empty control message without MSG_MORE.
[  769.318803][ T5614] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  769.361881][ T5614] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  769.363708][ T5614] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  769.365001][ T5614] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  769.372212][ T5614] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  769.944532][   T38] audit: type=1800 audit(1777331820.923:236): pid=10383 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.938" name="file1" dev="overlay" ino=345 res=0 errno=0
[  770.995039][ T5614] Bluetooth: hci7: command tx timeout
[  772.072048][ T5614] Bluetooth: hci2: command tx timeout
[  772.477955][T10393] netlink: 'syz.5.939': attribute type 2 has an invalid length.
[  773.069092][ T5614] Bluetooth: hci7: command tx timeout
[  775.359282][ T5614] Bluetooth: hci2: command tx timeout
[  775.799932][ T5611] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  775.911069][ T5611] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  775.925970][ T5611] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  775.927451][ T5611] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  775.929626][ T5611] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  777.687381][ T5614] Bluetooth: hci2: command tx timeout
[  779.631338][T10427] netlink: 164 bytes leftover after parsing attributes in process `syz.5.946'.
[  779.916506][ T5611] Bluetooth: hci8: command tx timeout
[  779.926656][ T5614] Bluetooth: hci2: command tx timeout
[  781.453251][T10437] loop5: detected capacity change from 0 to 256
[  781.630441][T10437] FAT-fs (loop5): Directory bread(block 64) failed
[  781.630472][T10437] FAT-fs (loop5): Directory bread(block 65) failed
[  781.630559][T10437] FAT-fs (loop5): Directory bread(block 66) failed
[  781.630576][T10437] FAT-fs (loop5): Directory bread(block 67) failed
[  781.630650][T10437] FAT-fs (loop5): Directory bread(block 68) failed
[  781.630667][T10437] FAT-fs (loop5): Directory bread(block 69) failed
[  781.630734][T10437] FAT-fs (loop5): Directory bread(block 70) failed
[  781.630750][T10437] FAT-fs (loop5): Directory bread(block 71) failed
[  781.630878][T10437] FAT-fs (loop5): Directory bread(block 72) failed
[  781.630895][T10437] FAT-fs (loop5): Directory bread(block 73) failed
[  783.193583][ T5611] Bluetooth: hci8: command tx timeout
[  786.636658][ T5611] Bluetooth: hci8: command tx timeout
[  786.636693][ T5611] Bluetooth: hci0: command 0x0406 tx timeout
[  788.934147][ T5614] Bluetooth: hci8: command tx timeout
[  790.390132][   T38] audit: type=1800 audit(1777331841.363:237): pid=10482 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.960" name="file1" dev="overlay" ino=414 res=0 errno=0
[  794.029406][T10506] overlayfs: failed to clone upperpath
[  797.743459][T10531] overlayfs: failed to clone upperpath
[  802.863692][T10572] comedi comedi0: Minor 3 could not be opened
[  804.047630][T10579] loop5: detected capacity change from 0 to 22
[  804.052572][T10579] MTD: Attempt to mount non-MTD device "/dev/loop5"
[  804.144756][T10581] netlink: 4 bytes leftover after parsing attributes in process `syz.4.992'.
[  805.095663][T10579] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  808.718736][ T1335] ieee802154 phy0 wpan0: encryption failed: -22
[  808.718813][ T1335] ieee802154 phy1 wpan1: encryption failed: -22
[  812.144214][ T5736] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  812.294606][ T5736] usb 6-1: Using ep0 maxpacket: 32
[  812.297278][ T5736] usb 6-1: config 0 has an invalid interface number: 51 but max is 0
[  812.297304][ T5736] usb 6-1: config 0 has no interface number 0
[  812.299595][ T5736] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  812.299626][ T5736] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  812.299640][ T5736] usb 6-1: Product: syz
[  812.299649][ T5736] usb 6-1: Manufacturer: syz
[  812.299659][ T5736] usb 6-1: SerialNumber: syz
[  812.370497][ T5736] usb 6-1: config 0 descriptor??
[  812.398925][ T5736] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  812.746921][ T5736] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  812.790610][ T5736] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  815.227900][    C0] usb 6-1: qt2_read_bulk_callback - non-zero urb status: -71
[  815.270825][ T5827] usb 6-1: USB disconnect, device number 2
[  815.392650][ T5827] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  815.432090][ T5827] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  815.483620][ T5827] quatech2 6-1:0.51: device disconnected
[  815.849674][T10621] loop5: detected capacity change from 0 to 16
[  816.553718][T10621] erofs (device loop5): mounted with root inode @ nid 36.
[  816.690417][T10621] syz.5.1004: attempt to access beyond end of device
[  816.690417][T10621] loop5: rw=524288, sector=1056, nr_sectors = 16 limit=16
[  817.188640][   T38] audit: type=1800 audit(1777331868.113:238): pid=10621 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.1004" name="file2" dev="loop5" ino=89 res=0 errno=0
[  819.628003][T10164] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  819.686781][T10164] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  819.691056][T10164] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  819.710063][T10164] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  819.751304][T10164] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  820.313618][T10164] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1
[  820.401568][T10164] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9
[  820.412546][T10164] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9
[  820.424799][T10164] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4
[  820.425603][T10164] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2
[  822.088124][ T5614] Bluetooth: hci9: command tx timeout
[  822.599953][ T5614] Bluetooth: hci10: command tx timeout
[  824.144127][ T5614] Bluetooth: hci9: command tx timeout
[  824.704195][ T5614] Bluetooth: hci10: command tx timeout
[  825.785153][T10667] loop5: detected capacity change from 0 to 512
[  825.787280][T10667] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  825.825459][T10667] EXT4-fs (loop5): 1 truncate cleaned up
[  825.830943][T10667] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  827.112052][ T5614] Bluetooth: hci9: command tx timeout
[  827.112091][ T5614] Bluetooth: hci10: command tx timeout
[  827.337513][ T8974] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  827.461553][T10673] loop5: detected capacity change from 0 to 512
[  827.493382][T10673] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  827.493530][T10673] ext4 filesystem being mounted at /108/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  827.679262][ T8974] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  829.897283][T10164] Bluetooth: hci9: command tx timeout
[  829.897319][T10164] Bluetooth: hci10: command tx timeout
[  830.387928][T10164] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1
[  830.439032][T10164] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9
[  830.441964][T10164] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9
[  830.472988][T10164] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4
[  830.473619][T10164] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2
[  832.624216][ T5614] Bluetooth: hci11: command tx timeout
[  835.748128][ T5614] Bluetooth: hci11: command tx timeout
[  836.136989][T10164] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1
[  836.140809][T10164] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9
[  836.142637][T10164] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9
[  836.143764][T10164] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4
[  836.187341][T10164] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2
[  837.835230][ T5611] Bluetooth: hci5: command 0x0406 tx timeout
[  837.835240][T10164] Bluetooth: hci11: command tx timeout
[  838.384093][ T5614] Bluetooth: hci12: command tx timeout
[  840.384212][ T5614] Bluetooth: hci11: command tx timeout
[  840.565582][ T5614] Bluetooth: hci12: command tx timeout
[  841.602884][   T39] INFO: task kworker/1:2:822 blocked for more than 151 seconds.
[  841.602915][   T39]       Tainted: G             L      syzkaller #0
[  841.602927][   T39] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  841.602950][   T39] task:kworker/1:2     state:D stack:20960 pid:822   tgid:822   ppid:2      task_flags:0x4208060 flags:0x00080000
[  841.603009][   T39] Workqueue: events_power_efficient reg_check_chans_work
[  841.603041][   T39] Call Trace:
[  841.603049][   T39]  <TASK>
[  841.603062][   T39]  __schedule+0x169e/0x54f0
[  841.603103][   T39]  ? __lock_acquire+0x6b5/0x2cf0
[  841.603133][   T39]  ? __pfx_sched_clock_cpu+0x10/0x10
[  841.603166][   T39]  ? __pfx___schedule+0x10/0x10
[  841.603191][   T39]  ? rt_mutex_slowlock_block+0x2e9/0x680
[  841.603229][   T39]  rt_mutex_schedule+0x76/0xf0
[  841.603251][   T39]  rt_mutex_slowlock_block+0x508/0x680
[  841.603286][   T39]  ? rt_mutex_slowlock_block+0x2e9/0x680
[  841.603312][   T39]  rt_mutex_slowlock+0x2dc/0x780
[  841.603338][   T39]  ? rt_mutex_slowlock+0x1fd/0x780
[  841.603363][   T39]  ? __pfx_rt_mutex_slowlock+0x10/0x10
[  841.603397][   T39]  ? reg_check_chans_work+0x197/0x1090
[  841.603423][   T39]  ? reg_check_chans_work+0x197/0x1090
[  841.603449][   T39]  ? reg_check_chans_work+0x197/0x1090
[  841.603467][   T39]  mutex_lock_nested+0x168/0x1d0
[  841.603496][   T39]  reg_check_chans_work+0x197/0x1090
[  841.603531][   T39]  ? __pfx_reg_check_chans_work+0x10/0x10
[  841.603572][   T39]  ? process_one_work+0x8b7/0x1710
[  841.603603][   T39]  ? preempt_schedule_thunk+0x16/0x30
[  841.603628][   T39]  ? process_one_work+0x8b7/0x1710
[  841.603651][   T39]  process_one_work+0x9a3/0x1710
[  841.603700][   T39]  ? __pfx_process_one_work+0x10/0x10
[  841.603721][   T39]  ? do_raw_spin_lock+0x12b/0x2f0
[  841.603762][   T39]  worker_thread+0xba8/0x11e0
[  841.603796][   T39]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  841.603830][   T39]  ? __kthread_parkme+0x7a/0x1f0
[  841.603857][   T39]  ? __kthread_parkme+0x19c/0x1f0
[  841.603889][   T39]  kthread+0x388/0x470
[  841.603918][   T39]  ? __pfx_worker_thread+0x10/0x10
[  841.604154][   T39]  ? __pfx_kthread+0x10/0x10
[  841.604194][   T39]  ret_from_fork+0x514/0xb70
[  841.604225][   T39]  ? __pfx_ret_from_fork+0x10/0x10
[  841.604252][   T39]  ? __switch_to+0xc79/0x1410
[  841.604294][   T39]  ? __pfx_kthread+0x10/0x10
[  841.604327][   T39]  ret_from_fork_asm+0x1a/0x30
[  841.604371][   T39]  </TASK>
[  841.604538][   T39] INFO: task syz-executor:9748 blocked for more than 151 seconds.
[  841.604559][   T39]       Tainted: G             L      syzkaller #0
[  841.604572][   T39] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  841.604582][   T39] task:syz-executor    state:D stack:22560 pid:9748  tgid:9748  ppid:1      task_flags:0x400140 flags:0x00080002
[  841.604642][   T39] Call Trace:
[  841.604649][   T39]  <TASK>
[  841.604669][   T39]  __schedule+0x169e/0x54f0
[  841.604701][   T39]  ? is_bpf_text_address+0x26/0x2b0
[  841.604746][   T39]  ? kernel_text_address+0xa5/0xe0
[  841.604769][   T39]  ? __kernel_text_address+0xd/0x30
[  841.604802][   T39]  ? __pfx___schedule+0x10/0x10
[  841.604847][   T39]  rt_mutex_schedule+0x76/0xf0
[  841.604871][   T39]  rt_mutex_slowlock_block+0x508/0x680
[  841.604915][   T39]  rt_mutex_slowlock+0x2dc/0x780
[  841.604944][   T39]  ? rt_mutex_slowlock+0x1fd/0x780
[  841.604972][   T39]  ? __pfx_rt_mutex_slowlock+0x10/0x10
[  841.605018][   T39]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  841.605055][   T39]  ? rtnl_newlink+0x883/0x1bb0
[  841.605082][   T39]  mutex_lock_nested+0x168/0x1d0
[  841.605108][   T39]  ? rtnl_newlink+0x883/0x1bb0
[  841.605139][   T39]  rtnl_newlink+0x883/0x1bb0
[  841.605180][   T39]  ? __pfx_rtnl_newlink+0x10/0x10
[  841.605208][   T39]  ? __lock_acquire+0x6b5/0x2cf0
[  841.610612][   T39]  ? __lock_acquire+0x6b5/0x2cf0
[  841.610656][   T39]  ? __lock_acquire+0x6b5/0x2cf0
[  841.610706][   T39]  ? unwind_next_frame+0xa6/0x2550
[  841.610743][   T39]  ? unwind_next_frame+0xa6/0x2550
[  841.610776][   T39]  ? is_bpf_text_address+0x26/0x2b0
[  841.610822][   T39]  ? __lock_acquire+0x6b5/0x2cf0
[  841.610858][   T39]  ? kernel_text_address+0xa5/0xe0
[  841.610880][   T39]  ? __kernel_text_address+0xd/0x30
[  841.610916][   T39]  ? unwind_get_return_address+0x4d/0x90
[  841.610945][   T39]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  841.610972][   T39]  ? arch_stack_walk+0xfb/0x150
[  841.611009][   T39]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[  841.611053][   T39]  ? __pfx_rtnl_newlink+0x10/0x10
[  841.611080][   T39]  rtnetlink_rcv_msg+0x7d5/0xbe0
[  841.611107][   T39]  ? kasan_save_track+0x3e/0x80
[  841.611137][   T39]  ? kmem_cache_alloc_node_noprof+0x22a/0x6e0
[  841.611171][   T39]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[  841.611198][   T39]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  841.611227][   T39]  ? __lock_acquire+0x6b5/0x2cf0
[  841.611279][   T39]  netlink_rcv_skb+0x232/0x4b0
[  841.611309][   T39]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  841.611336][   T39]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  841.611375][   T39]  ? netlink_deliver_tap+0x2e/0x1b0
[  841.611403][   T39]  ? netlink_deliver_tap+0x2e/0x1b0
[  841.611436][   T39]  netlink_unicast+0x780/0x920
[  841.611471][   T39]  netlink_sendmsg+0x813/0xb40
[  841.611507][   T39]  ? __pfx_netlink_sendmsg+0x10/0x10
[  841.611538][   T39]  ? tomoyo_socket_sendmsg_permission+0x1e0/0x300
[  841.611566][   T39]  ? aa_sock_msg_perm+0x122/0x200
[  841.611586][   T39]  ? __pfx_netlink_sendmsg+0x10/0x10
[  841.611614][   T39]  sock_sendmsg_nosec+0x112/0x150
[  841.611640][   T39]  __sys_sendto+0x402/0x590
[  841.611677][   T39]  ? __pfx___sys_sendto+0x10/0x10
[  841.611703][   T39]  ? file_init_path+0x3b/0x5b0
[  841.611756][   T39]  ? rcu_is_watching+0x15/0xb0
[  841.611780][   T39]  __x64_sys_sendto+0xde/0x100
[  841.611827][   T39]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  841.611849][   T39]  do_syscall_64+0x15f/0xf80
[  841.611868][   T39]  ? trace_irq_disable+0x3b/0x140
[  841.611895][   T39]  ? clear_bhb_loop+0x40/0x90
[  841.611920][   T39]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  841.611940][   T39] RIP: 0033:0x7f4a9612d60e
[  841.611976][   T39] RSP: 002b:00007ffd61621ba8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  841.611998][   T39] RAX: ffffffffffffffda RBX: 0000555576f90500 RCX: 00007f4a9612d60e
[  841.612013][   T39] RDX: 000000000000004c RSI: 00007f4a96f14670 RDI: 0000000000000003
[  841.612026][   T39] RBP: 0000000000000001 R08: 00007ffd61621c24 R09: 000000000000000c
[  841.612039][   T39] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
[  841.612051][   T39] R13: 0000000000000000 R14: 00007f4a96f14670 R15: 0000000000000000
[  841.617261][   T39]  </TASK>
[  841.617864][   T39] 
[  841.617864][   T39] Showing all locks held in the system:
[  841.617878][   T39] 1 lock held by khungtaskd/39:
[  841.617891][   T39]  #0: ffffffff8dfc81c0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  841.617957][   T39] 6 locks held by kworker/u8:2/44:
[  841.617967][   T39]  #0: ffff88801b686138 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x890/0x1710
[  841.618018][   T39]  #1: ffffc90000b67c40 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x8b7/0x1710
[  841.618070][   T39]  #2: ffffffff8f35d780 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf4/0x800
[  841.618125][   T39]  #3: ffff88801b742160 (&dev->mutex){....}-{4:4}, at: devlink_pernet_pre_exit+0x129/0x420
[  841.618193][   T39]  #4: ffff88803f934310 (&devlink->lock_key#9){+.+.}-{4:4}, at: devlink_pernet_pre_exit+0x142/0x420
[  841.618246][   T39]  #5: ffffffff8f36cc38 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_dev_lock+0x257/0x2f0
[  841.618299][   T39] 3 locks held by kworker/u8:4/67:
[  841.618310][   T39]  #0: ffff888033095138 ((wq_completion)krdsd){+.+.}-{0:0}, at: process_one_work+0x890/0x1710
[  841.618357][   T39]  #1: ffffc9000152fc40 ((work_completion)(&rtn->rds_tcp_accept_w)){+.+.}-{0:0}, at: process_one_work+0x8b7/0x1710
[  841.618405][   T39]  #2: ffff88802b4e0a58 (&rtn->rds_tcp_accept_lock){+.+.}-{4:4}, at: rds_tcp_accept_one+0xa9/0xd70
[  841.618467][   T39] 4 locks held by kworker/1:2/822:
[  841.618478][   T39]  #0: ffff88813fe3e538 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x890/0x1710
[  841.618533][   T39]  #1: ffffc900053efc40 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work+0x8b7/0x1710
[  841.618588][   T39]  #2: ffffffff8f36cc38 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0xab/0x1090
[  841.618670][   T39]  #3: ffff88807db708b8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: reg_check_chans_work+0x197/0x1090
[  841.618745][   T39] 3 locks held by kworker/u8:10/1438:
[  841.618757][   T39]  #0: ffff88813fe7c138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x890/0x1710
[  841.618811][   T39]  #1: ffffc90006bd7c40 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_one_work+0x8b7/0x1710
[  841.618866][   T39]  #2: ffff88807db708b8 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xb4/0x460
[  841.618945][   T39] 2 locks held by getty/5362:
[  841.618956][   T39]  #0: ffff888036d460a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  841.619018][   T39]  #1: ffffc90003cb62e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x462/0x13a0
[  841.619079][   T39] 3 locks held by kworker/u8:17/6836:
[  841.619091][   T39]  #0: ffff888032e61938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x890/0x1710
[  841.619145][   T39]  #1: ffffc9000571fc40 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8b7/0x1710
[  841.619201][   T39]  #2: ffffffff8f36cc38 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30
[  841.635904][   T39] 1 lock held by syz.1.672/8946:
[  841.635922][   T39]  #0: ffffffff8f36cc38 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0
[  841.635991][   T39] 2 locks held by syz-executor/9748:
[  841.636002][   T39]  #0: ffffffff8f8a74e0 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250
[  841.636060][   T39]  #1: ffffffff8f36cc38 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x883/0x1bb0
[  841.636110][   T39] 2 locks held by kworker/0:0/9790:
[  841.636121][   T39]  #0: ffff88813fe3e538 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x890/0x1710
[  841.636169][   T39]  #1: ffffc90005ebfc40 ((gc_work).work){+.+.}-{0:0}, at: process_one_work+0x8b7/0x1710
[  841.636215][   T39] 1 lock held by syz.0.834/9982:
[  841.636226][   T39]  #0: ffffffff8f36cc38 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0
[  841.636277][   T39] 1 lock held by syz-executor/10120:
[  841.636287][   T39]  #0: ffffffff8f36cc38 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0
[  841.636340][   T39] 1 lock held by syz-executor/10152:
[  841.636351][   T39]  #0: ffffffff8f36cc38 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0
[  841.636405][   T39] 1 lock held by syz-executor/10325:
[  841.636416][   T39]  #0: ffffffff8f36cc38 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0
[  841.636468][   T39] 1 lock held by syz-executor/10374:
[  841.636479][   T39]  #0: ffffffff8f36cc38 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0
[  841.636531][   T39] 1 lock held by syz-executor/10407:
[  841.636542][   T39]  #0: ffffffff8f36cc38 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0
[  841.636593][   T39] 1 lock held by syz.4.992/10581:
[  841.636603][   T39]  #0: ffffffff8f36cc38 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x883/0x1bb0
[  841.636651][   T39] 1 lock held by syz-executor/10633:
[  841.636668][   T39]  #0: ffffffff8f36cc38 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0
[  841.636720][   T39] 1 lock held by syz-executor/10640:
[  841.636730][   T39]  #0: ffffffff8f36cc38 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0
[  841.636782][   T39] 1 lock held by syz-executor/10687:
[  841.636793][   T39]  #0: ffffffff8f36cc38 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0
[  841.636844][   T39] 1 lock held by syz-executor/10706:
[  841.636854][   T39]  #0: ffffffff8f36cc38 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0
[  841.636927][   T39] 
[  841.636932][   T39] =============================================
[  841.636932][   T39] 
[  841.636956][   T39] NMI backtrace for cpu 0
[  841.636979][   T39] CPU: 0 UID: 0 PID: 39 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  841.637006][   T39] Tainted: [L]=SOFTLOCKUP
[  841.637014][   T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  841.637025][   T39] Call Trace:
[  841.637033][   T39]  <TASK>
[  841.637041][   T39]  dump_stack_lvl+0xe8/0x150
[  841.637073][   T39]  nmi_cpu_backtrace+0x274/0x2d0
[  841.637099][   T39]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  841.637126][   T39]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  841.637155][   T39]  sys_info+0x135/0x170
[  841.637176][   T39]  watchdog+0xfd3/0x1030
[  841.637209][   T39]  ? watchdog+0x1c9/0x1030
[  841.637239][   T39]  kthread+0x388/0x470
[  841.637268][   T39]  ? __pfx_watchdog+0x10/0x10
[  841.637291][   T39]  ? __pfx_kthread+0x10/0x10
[  841.637321][   T39]  ret_from_fork+0x514/0xb70
[  841.637348][   T39]  ? __pfx_ret_from_fork+0x10/0x10
[  841.637373][   T39]  ? __switch_to+0xc79/0x1410
[  841.637396][   T39]  ? __pfx_kthread+0x10/0x10
[  841.637427][   T39]  ret_from_fork_asm+0x1a/0x30
[  841.637469][   T39]  </TASK>
[  841.637494][   T39] Sending NMI from CPU 0 to CPUs 1:
[  841.637525][    C1] NMI backtrace for cpu 1
[  841.637542][    C1] CPU: 1 UID: 0 PID: 10719 Comm: syz.5.1027 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  841.637566][    C1] Tainted: [L]=SOFTLOCKUP
[  841.637573][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  841.637584][    C1] RIP: 0033:0x7f502a39d295
[  841.637601][    C1] Code: 00 48 39 f2 72 65 66 0f c6 c0 01 0f 11 45 00 4c 89 e6 eb 09 90 48 8b 4b 08 48 83 c3 08 48 39 d1 72 f3 48 8d 46 f8 48 8b 76 f8 <48> 39 f2 73 13 66 0f 1f 44 00 00 48 8b 70 f8 48 83 e8 08 48 39 f2
[  841.637617][    C1] RSP: 002b:00007ffdac4cf400 EFLAGS: 00000246
[  841.637631][    C1] RAX: 00007f502a032590 RBX: 00007f502a031fb8 RCX: ffffffff845ce4f2
[  841.637645][    C1] RDX: ffffffff845ce4f2 RSI: ffffffff845ce4e8 RDI: 00007f502a031ac8
[  841.637658][    C1] RBP: 00007f502a030130 R08: 00007f502a730000 R09: 00007f502a746038
[  841.637671][    C1] R10: 0000000000000001 R11: 000000000000000a R12: 00007f502a033468
[  841.637683][    C1] R13: 0000000000000016 R14: 0000000000000667 R15: 0000000000000001
[  841.637694][    C1] FS:  00005555718f5500 GS:  0000000000000000
[  841.663363][   T39] Kernel panic - not syncing: hung_task: blocked tasks
[  841.663395][   T39] CPU: 0 UID: 0 PID: 39 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  841.663425][   T39] Tainted: [L]=SOFTLOCKUP
[  841.663432][   T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  841.663444][   T39] Call Trace:
[  841.663452][   T39]  <TASK>
[  841.663460][   T39]  vpanic+0x56c/0xa60
[  841.663493][   T39]  ? __pfx___schedule+0x10/0x10
[  841.663523][   T39]  ? __pfx_vpanic+0x10/0x10
[  841.663556][   T39]  panic+0xc5/0xd0
[  841.663580][   T39]  ? __pfx_panic+0x10/0x10
[  841.663607][   T39]  ? preempt_schedule_thunk+0x16/0x30
[  841.663631][   T39]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[  841.663675][   T39]  watchdog+0x102c/0x1030
[  841.663706][   T39]  ? watchdog+0x1c9/0x1030
[  841.663735][   T39]  kthread+0x388/0x470
[  841.663764][   T39]  ? __pfx_watchdog+0x10/0x10
[  841.663786][   T39]  ? __pfx_kthread+0x10/0x10
[  841.663819][   T39]  ret_from_fork+0x514/0xb70
[  841.663846][   T39]  ? __pfx_ret_from_fork+0x10/0x10
[  841.663868][   T39]  ? __switch_to+0xc79/0x1410
[  841.663890][   T39]  ? __pfx_kthread+0x10/0x10
[  841.663918][   T39]  ret_from_fork_asm+0x1a/0x30
[  841.663958][   T39]  </TASK>
[  841.664617][   T39] Kernel Offset: disabled