last executing test programs:

35m56.804954995s ago: executing program 32 (id=94):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder1\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r2 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8)
openat(0xffffffffffffff9c, 0x0, 0xc0042, 0x1fe)
futex(0x0, 0x80, 0x1, &(0x7f0000000840)={0x0, 0x3938700}, &(0x7f0000000880)=0x2, 0x2)
msgctl$MSG_INFO(0x0, 0xc, &(0x7f0000000240)=""/166)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/crypto\x00', 0x0, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x27}}, 0x10)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x100, 0x2})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r3 = dup3(0xffffffffffffffff, r1, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x801})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f00000006c0)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcfffffff7f727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df7938e7ddfdd52"})
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0)

34m6.389887898s ago: executing program 33 (id=332):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8000000000008b}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SNDRV_RAWMIDI_IOCTL_DROP(0xffffffffffffffff, 0x40045730, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_mount_image$cramfs(&(0x7f0000000040), &(0x7f0000000000)='./file1\x00', 0x2200082, &(0x7f0000000140)=ANY=[], 0xfe, 0x15b, &(0x7f0000000280)="$eJzs0UlrGmEcx/HvM/O4QBVbakFKW4UWaisFF9pbKU6pVKgdaOmlJ8FOF1AsEZIclZBbDkKuHrJcQ96CRg8hQS/Jm8jFWyBHw8yYhCwv4f+5ze+/wTyf3k/Siisfm43/C06r5fxKfbMrpe8n/X7RzYNA+Frd7x8U4S+awQuYdsCNR1H4/a/uGLVm3f2eFiEEWPfmOY3YxT0rruloyOHPp5/D8JHXZ3A7cwoEvLnHGqyYn2WBJ5vwkhnWAz9z950CJigVnB97arJaziQfKljuZXZ3Dr+OD8pvXn9w1vKl7qtIwswAW1gqvD/6c2zOpybjyhe7Yk8K+fy7QjZn8PbIW9juoj9HFuGnAu3uM/D2BUk80z9gRcG6d2u6p6LAcOPMboQu/3V7yUyBSvZq1URguxq/b2CmtVuZcQev4j2CEEIIIYQQQgghhBBCCCGEEEIIccN5AAAA//9YP1Ga")
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
creat(&(0x7f0000000340)='./file0\x00', 0x14)

32m4.396081839s ago: executing program 34 (id=629):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000000)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
rseq(0x0, 0x0, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
syz_open_dev$dri(0x0, 0xd21, 0x4000)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
statx(0xffffffffffffff9c, &(0x7f00000000c0)='./file0/file0\x00', 0x1000, 0x20, &(0x7f0000000200))
getegid()

32m4.11846456s ago: executing program 35 (id=627):
openat$apparmor_thread_current(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
syz_open_dev$vim2m(&(0x7f0000000080), 0x1, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, 0x0, 0x0, 0x4000000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x5865, 0x10, 0x2, 0x24d}, &(0x7f00000006c0)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f00000002c0)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r2, 0x100847c0, 0x0, 0x1, 0x0, 0x0)

28m44.74278571s ago: executing program 36 (id=1056):
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/dev_mcast\x00')
pipe2$9p(&(0x7f0000000180), 0x4800)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x2a, 0x2, 0x0)
socket$inet(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20020008008f}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$OSF_MSG_ADD(0xffffffffffffffff, &(0x7f0000001340)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000001300)={&(0x7f0000000740)={0x710, 0x0, 0x5, 0x3, 0x0, 0x0, {0x5, 0x0, 0x6}, [{{0x254, 0x1, {{0x0, 0xe000}, 0x1, 0x2, 0x8000, 0x240, 0x5, 'syz0\x00', "30f1a7f1e7893f5a4c98a01e5c19704caff85e0efcbd7e74a4bf4d298db81a07", "e42a5a426a8ab3da02c7786c5ea6c0ce1d0388c328e5fa67e63bb15252453f34", [{0x0, 0x2, {0x3, 0xfffffff9}}, {0x4, 0x8, {0x2, 0x3be1ae29}}, {0x7f, 0xe, {0x1, 0xb4}}, {0x1, 0x8000, {0x0, 0x5}}, {0x81, 0x10, {0x2, 0x5}}, {0x1, 0x2, {0x1, 0x1000}}, {0x3ff, 0x8, {0x2, 0xffff7fff}}, {0x12, 0x25fd, {0xa078a12dd178018b, 0x10b}}, {0xff, 0x3, {0x2, 0x4}}, {0x6, 0x5, {0x0, 0x2}}, {0xfff, 0xe86, {0x1, 0x1}}, {0x2a73, 0x200, {0x3, 0x3}}, {0x4, 0x7f, {0x2, 0x101}}, {0x9, 0x9, {0x2, 0x9}}, {0x7, 0x80, {0x1, 0x1f}}, {0x4, 0x1, {0x2, 0x9}}, {0x16d, 0x6, {0x1, 0x2a3}}, {0x3, 0x9, {0x2, 0x5}}, {0xfffc, 0xa, {0x2, 0xb}}, {0xb7d, 0x8, {0x0, 0x10001}}, {0x4, 0x749e, {0x3, 0x9}}, {0x8, 0xfff9, {0x3, 0x1}}, {0x5, 0x0, {0x3, 0x2}}, {0x4, 0xec58, {0x24b6c1fde8171efa, 0x8}}, {0x4, 0x1, {0x3, 0x5}}, {0x2, 0xc0cd, {0x3, 0x125896ce}}, {0x55f, 0x4, {0x3, 0x6}}, {0x8, 0x1, {0x0, 0xffffffff}}, {0x400, 0x2, {0x3}}, {0x9e, 0x9, {0x2, 0xe211}}, {0x1, 0x6, {0x1, 0xffffffff}}, {0x3, 0xfffc, {0x3, 0x3}}, {0x8, 0x7, {0x2, 0x4}}, {0x2, 0x0, {0x3, 0x1ff}}, {0x859, 0x2, {0x1, 0xd21}}, {0x9, 0xffff, {0x0, 0xffffff43}}, {0x59, 0x8001, {0x0, 0x80000000}}, {0x3ff, 0x8d82, {0x3, 0x8}}, {0x3e6, 0x7, {0x0, 0x9}}, {0x0, 0x1000, {0x0, 0x75be}}]}}}, {{0x254, 0x1, {{0x0, 0x800}, 0x72, 0x2, 0x3, 0x2c75, 0xf, 'syz1\x00', "7abb81742d91f72562d9ce4aaae1c78250834b54768323fa3b1dab13c3249d7e", "cfb075a789a305ddcfa515eff117634abf180d63379911829b53c9c9d788df59", [{0x7ff, 0x3e0, {0x2, 0x81}}, {0xfffb, 0x200, {0x0, 0x9}}, {0x5, 0xfff7, {0x3, 0x6}}, {0xc, 0x1, {0x1, 0xfffffc00}}, {0x6000, 0x200, {0x2, 0x4}}, {0x6, 0x2, {0x1, 0xfffffff6}}, {0xb, 0x2, {0x2, 0x729}}, {0x1c, 0x9, {0x3, 0x7}}, {0x2, 0x1, {0x1, 0x3}}, {0x9, 0x5}, {0x0, 0x80, {0x1, 0x9}}, {0xd1f, 0x7, {0x1, 0xd2}}, {0x8, 0x2, {0x1, 0x8}}, {0x0, 0xa, {0x0, 0x7f}}, {0x10, 0x5234, {0x0, 0x8}}, {0xd4d7, 0x3ff, {0x0, 0x3003}}, {0x10, 0xfff3, {0x1, 0x8d0}}, {0xb, 0x99, {0x0, 0x7}}, {0xff, 0x3, {0x2, 0x9}}, {0xf, 0x1, {0x1, 0xfffffffe}}, {0xf1, 0x808, {0x2, 0x1}}, {0x6, 0x8, {0x3, 0x889}}, {0x800, 0x0, {0x1, 0x4}}, {0x40, 0x2, {0x1, 0x8}}, {0x4, 0x8001, {0x2, 0x8000}}, {0x5e9b, 0x7ff, {0x1, 0xff}}, {0xa, 0x6, {0x3, 0x5}}, {0xffff, 0x0, {0x2, 0x1}}, {0x7d, 0x1, {0x0, 0x7ff}}, {0x8, 0x737, {0x1, 0x64}}, {0x1ff, 0xb, {0x0, 0xfff}}, {0x0, 0x3, {0x3, 0x7}}, {0xa7b, 0xdff, {0x3, 0xfffffff9}}, {0x18aa, 0x9, {0x0, 0x7f}}, {0x7, 0x1, {0x1, 0x1}}, {0x5, 0x81, {0x1, 0xc6}}, {0x8291, 0x7}, {0xd, 0xfffe, {0x1, 0x1}}, {0x10, 0xb3d, {0x1, 0x1}}, {0x7, 0x5db9, {0x0, 0x8}}]}}}, {{0x254, 0x1, {{0x3, 0x2}, 0x76, 0x1, 0x80, 0x2, 0x1d, 'syz1\x00', "75e4f8cd1ce4f04348e4622059a8c03fd84090119bdef747c01fe49ff6035707", "d09406a0e7096dd6d2395c19e8996b0c2cf760604e36dfa887202f45ec0153f8", [{0x1, 0x7, {0x2, 0x1}}, {0x7ff, 0x8, {0x3, 0xfffffff8}}, {0xed, 0x2dea, {0x2, 0x1}}, {0x2, 0x9, {0x0, 0x8d0}}, {0x4, 0x3, {0x2, 0x1df20000}}, {0x0, 0x3, {0x0, 0xb045}}, {0x89cb, 0x3, {0x0, 0x5}}, {0xaf, 0x6, {0x41998e8385e00d27, 0x4f}}, {0x4, 0x3, {0x1, 0x4}}, {0x7f, 0x666f, {0x0, 0xcf39}}, {0x8001, 0x9, {0x3, 0x8000}}, {0x101, 0x1000, {0x2, 0x8}}, {0xe, 0xfffa, {0x2, 0xf788}}, {0xed4, 0x80, {0x1, 0x8}}, {0x0, 0x9, {0x0, 0x5}}, {0x7ff, 0x901, {0x1, 0x401}}, {0x9, 0x5, {0x1, 0x80000000}}, {0x10, 0xae25, {0x0, 0x7633}}, {0x2, 0x1, {0x3, 0xfffffffd}}, {0x10, 0xfff8, {0x2, 0x8000}}, {0x8001, 0x9, {0x0, 0x10000}}, {0x4, 0x7, {0x2, 0xa0}}, {0x7ff, 0x0, {0x2, 0x9}}, {0x2, 0x3, {0x3, 0x3}}, {0x7fff, 0x1b0, {0x1, 0x6f5a}}, {0x5, 0x499, {0x0, 0x5}}, {0xfff, 0x3, {0x1, 0xa044}}, {0x0, 0x2, {0x3}}, {0x73, 0xb4, {0x3, 0x4e}}, {0x7, 0x56, {0x1, 0x2}}, {0xf, 0x2, {0x1, 0x7}}, {0x2, 0xffff, {0x3, 0x1}}, {0x5, 0x400, {0x2, 0x5}}, {0xb81e, 0x6, {0x2, 0x8}}, {0x10, 0x2, {0x2, 0x8001}}, {0x7, 0x1, {0x3, 0x1}}, {0x8, 0x7, {0x2, 0x2}}, {0xab, 0x9, {0x1, 0x7ff}}, {0x0, 0x3, {0x3, 0x2}}, {0x8, 0x0, {0x0, 0x8001}}]}}}]}, 0x710}, 0x1, 0x0, 0x0, 0x8010}, 0x1)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x17, 0x9, &(0x7f0000000680)=ANY=[@ANYBLOB="18080000040000000000000000000000851000800500000085000000bb0000006d0000000000000018000000ffff0000000000000000000095000000000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x14}, 0x90)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r2}, 0x10)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x281, 0x0)
r3 = syz_init_net_socket$llc(0x1a, 0x801, 0x0)
bind$llc(r3, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x81, 0x42}, 0x10)
connect$llc(r3, &(0x7f0000000340)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @random="48bd00"}, 0x10)
r4 = syz_init_net_socket$llc(0x1a, 0x801, 0x0)
bind$llc(r4, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x10)
dup3(r3, r4, 0x0)
bind$802154_raw(0xffffffffffffffff, 0x0, 0x0)

26m19.924575312s ago: executing program 0 (id=1391):
openat(0xffffffffffffffff, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x8c0802, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x20300000, 0x0, 0x0, 0x0, 0x0, 0x0)

26m19.380113919s ago: executing program 0 (id=1395):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x0, 0x0, 0x10000})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r4}, 0x10)
r5 = fsopen(&(0x7f0000000000)='rpc_pipefs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)

26m17.59504287s ago: executing program 0 (id=1401):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='ns\x00')
move_mount(r1, &(0x7f0000000180)='./mnt\x00', r1, 0x0, 0x114)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0xaf3)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f0000003840)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000003b80)="870b1aaecb", 0x5}], 0x20}}], 0x1, 0x4080)
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
getsockopt$SO_J1939_ERRQUEUE(r4, 0x6b, 0x3, 0x0, 0x0)

26m16.37591329s ago: executing program 0 (id=1403):
mkdir(&(0x7f0000000000)='./file0\x00', 0x2)
openat$vimc2(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_pidfd_open(0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r2 = syz_io_uring_setup(0x110, &(0x7f00000000c0)={0x0, 0x10, 0x0, 0x3, 0x80}, &(0x7f0000000180)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
io_uring_register$IORING_REGISTER_FILES(r2, 0x2, &(0x7f0000000300)=[0xffffffffffffffff], 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_FILES_UPDATE={0x14, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000040), 0x1b})
io_uring_enter(r2, 0x47f6, 0x0, 0x0, 0x0, 0x0)
mount(&(0x7f0000000040)=@nullb, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='befs\x00', 0x4015, 0x0)

26m11.325031868s ago: executing program 0 (id=1417):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d0000008500000050"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000f00)='kfree\x00', r0}, 0x18)
symlinkat(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
quotactl$Q_QUOTAON(0xffffffff80000202, &(0x7f0000000380)=@filename='./file0\x00', 0x0, 0x0)

26m11.171912819s ago: executing program 0 (id=1418):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = dup(r0)
r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r2, 0x40000000af01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000200)={0x1, 0x1, 0x0, &(0x7f0000000740)=""/51, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000340))
ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f0000000000)={0x1, r1})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x400000000003, 0x7ffff, &(0x7f0000006680))
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x800002, 0x10, 0xffffffffffffffff, 0x61083000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x82, 0x0)
write$binfmt_aout(r3, &(0x7f0000000340)=ANY=[], 0xff2e)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$TCXONC(r3, 0x540a, 0x1)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x48c00, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
userfaultfd(0x802)
ioctl$sock_inet_SIOCSIFFLAGS(r4, 0x8914, &(0x7f00000001c0)={'wg2\x00', 0x200})
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)

25m55.913493214s ago: executing program 37 (id=1418):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = dup(r0)
r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r2, 0x40000000af01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000200)={0x1, 0x1, 0x0, &(0x7f0000000740)=""/51, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000340))
ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f0000000000)={0x1, r1})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x400000000003, 0x7ffff, &(0x7f0000006680))
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x800002, 0x10, 0xffffffffffffffff, 0x61083000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x82, 0x0)
write$binfmt_aout(r3, &(0x7f0000000340)=ANY=[], 0xff2e)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$TCXONC(r3, 0x540a, 0x1)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x48c00, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
userfaultfd(0x802)
ioctl$sock_inet_SIOCSIFFLAGS(r4, 0x8914, &(0x7f00000001c0)={'wg2\x00', 0x200})
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)

25m45.507198694s ago: executing program 9 (id=1471):
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, 0x0, &(0x7f0000000040)}, 0x20)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000e40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="14000000000019da2cc7bec5"], 0x18}}], 0x1, 0x40004)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180200000000000000000000000000001801000020"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000580)={'wg1\x00'})
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

25m44.599207249s ago: executing program 9 (id=1476):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0x72, 0x11cfa, 0x9, 0x5, 0x3, 0x4, 0x1, 0x0, 0x7cce8c743ee810df})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeef, 0x8031, 0xffffffffffffffff, 0xee31b000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r5, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
read(r0, &(0x7f0000000840)=""/40, 0x28)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000180)={0x381, @time={0x5, 0x400}, 0x40, {0xc0, 0xff}, 0x46, 0x1, 0x1})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r7, 0x40505330, 0x0)

25m43.229192049s ago: executing program 9 (id=1479):
r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000002c0)={0x1, 0x8}, 0x2)
write$USERIO_CMD_REGISTER(r0, &(0x7f00000000c0), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000100)={0x2, 0xfe}, 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000240)={0x2, 0x1}, 0x2)

25m42.559068432s ago: executing program 9 (id=1480):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000780)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(cast6)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x2, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)

25m41.333739798s ago: executing program 9 (id=1482):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000003c0)={0x1c, 0x1, 0x1, 0x201, 0x0, 0x0, {0x0, 0x0, 0x9}, [@CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x28040}, 0x0)

25m40.223887939s ago: executing program 9 (id=1485):
r0 = socket$netlink(0x10, 0x3, 0x2)
getsockopt$netlink(r0, 0x10e, 0x9, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0xc, 0xe, &(0x7f0000001880)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x1, 0x0, 0x1}, 0x10}, 0x94)
ioctl$SIOCSIFMTU(r4, 0x8923, &(0x7f0000000100)={'vlan0\x00', 0x40})
socket$inet_mptcp(0x2, 0x1, 0x106)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)="5c00000026006bab9a3fe3d86e17aa31106b876c1d0000007ea60864160af36504001a0038001d004231a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb5b64f69853362ac3407173ec", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x4080)
syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000004882, 0x0)
io_setup(0x1, &(0x7f00000004c0)=<r7=>0x0)
io_submit(r7, 0xca, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a0012fb, 0x2759, 0x7, 0x0, 0x0, r6, &(0x7f0000000000)="98", 0x3e8000072a, 0x1000000, 0x0, 0x10}])
openat$nullb(0xffffffffffffff9c, &(0x7f0000000580), 0x7aed979249b5ae9d, 0x0)
rseq(&(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x4, 0x1000000000000, 0x800, 0x7}, 0x6}, 0x20, 0x1, 0x0)
r8 = syz_open_dev$tty1(0xc, 0x4, 0x1)
write$UHID_INPUT(r8, &(0x7f0000002080)={0xfc, {"a2e3ad09ed0d09f91b5e071887f70e09d038e7ff7fc6e5539b0d500a8b089b3f383363030890e0879b0a71c6e70a9b334a959b669a242f0a0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d0773090acd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b2f38f0106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f330000000000000003d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9870af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0xa75}}, 0x1006)

25m24.966897173s ago: executing program 38 (id=1485):
r0 = socket$netlink(0x10, 0x3, 0x2)
getsockopt$netlink(r0, 0x10e, 0x9, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0xc, 0xe, &(0x7f0000001880)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x1, 0x0, 0x1}, 0x10}, 0x94)
ioctl$SIOCSIFMTU(r4, 0x8923, &(0x7f0000000100)={'vlan0\x00', 0x40})
socket$inet_mptcp(0x2, 0x1, 0x106)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)="5c00000026006bab9a3fe3d86e17aa31106b876c1d0000007ea60864160af36504001a0038001d004231a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb5b64f69853362ac3407173ec", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x4080)
syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000004882, 0x0)
io_setup(0x1, &(0x7f00000004c0)=<r7=>0x0)
io_submit(r7, 0xca, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a0012fb, 0x2759, 0x7, 0x0, 0x0, r6, &(0x7f0000000000)="98", 0x3e8000072a, 0x1000000, 0x0, 0x10}])
openat$nullb(0xffffffffffffff9c, &(0x7f0000000580), 0x7aed979249b5ae9d, 0x0)
rseq(&(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x4, 0x1000000000000, 0x800, 0x7}, 0x6}, 0x20, 0x1, 0x0)
r8 = syz_open_dev$tty1(0xc, 0x4, 0x1)
write$UHID_INPUT(r8, &(0x7f0000002080)={0xfc, {"a2e3ad09ed0d09f91b5e071887f70e09d038e7ff7fc6e5539b0d500a8b089b3f383363030890e0879b0a71c6e70a9b334a959b669a242f0a0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d0773090acd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b2f38f0106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f330000000000000003d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9870af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0xa75}}, 0x1006)

12m12.325360213s ago: executing program 1 (id=3277):
socket$kcm(0x10, 0x3, 0x10)
syz_open_dev$video(&(0x7f0000000080), 0x7, 0x0)
socket$unix(0x1, 0x2, 0x0)
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000140)={0x28, 0x0, 0x2710, @local}, 0x10)
r0 = syz_open_procfs(0x0, &(0x7f0000000580)='net/fib_trie\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
pread64(r0, 0x0, 0x0, 0xc2a)
socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sysvipc/shm\x00', 0x0, 0x0)
read$FUSE(r3, &(0x7f0000002480)={0x2020}, 0x2020)
r4 = openat2$dir(0xffffffffffffff9c, &(0x7f00000044c0)='./file0/file0\x00', &(0x7f0000004500)={0x80802, 0x5, 0x2a}, 0x18)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r4, 0xc0406618, 0x0)
mount$fuse(0x0, &(0x7f00000025c0)='./file0\x00', &(0x7f0000002600), 0xa0001c, &(0x7f0000002640)=ANY=[@ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000020000,user_id', @ANYRESDEC, @ANYBLOB=',group_id=', @ANYRESDEC, @ANYRESDEC=0x0, @ANYBLOB=',obj_type=,mask=^MAY_EXEC,'])
sendmsg$nl_xfrm(r2, 0x0, 0x2c000010)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r2, 0x8933, &(0x7f0000000200)={'wg0\x00'})
read$FUSE(r3, &(0x7f0000000580)={0x2020}, 0x1614)
r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
getsockopt$IPT_SO_GET_ENTRIES(r5, 0x0, 0x41, 0x0, 0x0)

12m7.858729969s ago: executing program 1 (id=3281):
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
dup3(r0, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042)
dup(0xffffffffffffffff)

12m5.628578281s ago: executing program 1 (id=3283):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x8800)
ioctl$EVIOCREVOKE(r0, 0x40044591, 0x0)
r1 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)={0x60000010})
epoll_pwait(r1, &(0x7f0000000000), 0x0, 0x8001, 0x0, 0x0)

12m5.276770765s ago: executing program 1 (id=3288):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00'}, 0x10)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, &(0x7f00000003c0)=""/73, &(0x7f0000000300)=0x49)

12m3.610947975s ago: executing program 1 (id=3293):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'syz_tun\x00', <r3=>0x0})
sendmsg$ETHTOOL_MSG_LINKINFO_SET(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)={0x28, r1, 0x603, 0x70bd29, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKINFO_PHYADDR={0x5, 0x3, 0x6}, @ETHTOOL_A_LINKINFO_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}]}, 0x28}}, 0x10)

12m1.826125347s ago: executing program 4 (id=3296):
syz_open_dev$dri(0x0, 0x1ff, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r3, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r4, {0x2, 0x0, @multicast2}, 0x2, 0x0, 0x4}}, 0x2e)
r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x2c, r5, 0x1, 0x1070bd2c, 0x4, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa8}, @L2TP_ATTR_SESSION_ID={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40811}, 0x20)

12m0.970160965s ago: executing program 1 (id=3297):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0xd, 0x10, 0x0, &(0x7f00000001c0)='GPL\x00', 0xf, 0x0, 0x0, 0x41100, 0xa, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f000001b700)=""/102400, 0x19000)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000380), 0xffffffffffffffff)
ioctl$BTRFS_IOC_GET_FEATURES(r0, 0x80189439, &(0x7f00000003c0))
setreuid(0xee01, 0x0)
setreuid(0x0, 0x0)

11m59.01740929s ago: executing program 4 (id=3300):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00')
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
read$FUSE(r0, &(0x7f0000000440)={0x2020}, 0x2020)

11m57.962798301s ago: executing program 4 (id=3305):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00'}, 0x10)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, &(0x7f00000003c0)=""/73, &(0x7f0000000300)=0x49)

11m56.453960985s ago: executing program 4 (id=3308):
syz_usb_connect(0x5, 0xff, &(0x7f0000000040)={{0x12, 0x1, 0x201, 0x9c, 0xf8, 0xcd, 0x8, 0x2304, 0x248, 0x7c8c, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xed, 0x2, 0x2, 0xc, 0x50, 0x82, [{{0x9, 0x4, 0x93, 0x1, 0x3, 0x9d, 0xf9, 0x9a, 0xb1, [@cdc_ecm={{0x5}, {0x5, 0x24, 0x0, 0x87}, {0xd, 0x24, 0xf, 0x1, 0x8, 0xe, 0x80, 0x2}}, @generic={0xa, 0x21, "b4f84a93f959f288"}], [{{0x9, 0x5, 0xa, 0x10, 0x200, 0x5, 0xc2, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0x2, 0x54}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0x9}]}}, {{0x9, 0x5, 0x5, 0x4, 0x20, 0x8, 0x0, 0x1, [@generic={0x7a, 0xf, "36d8c0dd4b66e1b16d465a1f1779833c6ff1f4b620b8a6acbc91e131aa08007bc36b01c97a6ee3bb81820f02c50972f8ff9edd18be83c344af733d9b100cc1e125432d5de439a226fcde925d32d7091f4207c7a952866efac711ce4deae13caab81ba537c0980539a56c1a6faf33b199ca830163bb9dfe5e"}]}}, {{0x9, 0x5, 0x6, 0x0, 0x400, 0x5, 0x8, 0xca, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0xa, 0x7}, @uac_iso={0x7, 0x25, 0x1, 0x83, 0x9, 0x1}]}}]}}, {{0x9, 0x4, 0x90, 0x0, 0x0, 0x20, 0x55, 0x45, 0x7}}]}}]}}, 0x0)
syz_usb_connect(0x0, 0x3c, 0x0, 0x0)
r0 = socket$can_raw(0x1d, 0x3, 0x1)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt(r1, 0x65, 0x1, &(0x7f0000000080), 0x1d0)
bind$can_raw(r1, &(0x7f0000000000), 0x10)
r2 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt(r2, 0x65, 0x1, &(0x7f0000000080), 0x1d0)
bind$can_raw(r2, &(0x7f00000001c0), 0x10)
dup3(r0, r1, 0x0)

11m54.424912787s ago: executing program 4 (id=3315):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r2 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, &(0x7f0000000100)={0x4, r1})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

11m53.204496505s ago: executing program 4 (id=3316):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000440)={'syz_tun\x00', 0x101})
close(r0)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x30, 0x1411, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_STAT_MODE={0x8, 0x4a, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @RDMA_NLDEV_ATTR_STAT_RES={0x8, 0x4b, 0x13}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000800}, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f00000001c0)={0x0, r1}, 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x3, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="1802000001000000000000000000000085000000970000001801000020756c2500000020002020207b1af8ff00000000bfa1e9000000000007010000f8ffffffb70200000800bbecbf9300000000000085000000d00000009500000000000000a18c5a484581fb39aebc0f85bfe3e0472d3cc60f32c77dd873a517eef6f49aa07e005b4aca13a95906c2ecde98ffdd6ca7020b1f66f3eb3da00005a54ebb2b8c25b95a8d53f602e976e70d8feb5b4fcf974efcfb014dbd249c0f06a191cb5559b7c36acbd29acc126b845e52f9b9ab6679d545308888f6b2a7db3e40db0bc2c92ecbb72f0b9898ffcb989b93cbfdd9"], &(0x7f0000000040)='GPL\x00', 0x8000004}, 0x94)
r3 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$cgroup_int(r3, &(0x7f0000000180)=0x2, 0x12)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xca02})
preadv(0xffffffffffffffff, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/124, 0xe}], 0x3e8, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r4 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x402)
dup(r4)
r5 = syz_open_dev$evdev(&(0x7f0000000080), 0x1, 0x0)
syz_usb_disconnect(r5)
syz_usb_connect$cdc_ecm(0x4, 0x56, &(0x7f0000000c00)=ANY=[], 0x0)

11m44.647135694s ago: executing program 39 (id=3297):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0xd, 0x10, 0x0, &(0x7f00000001c0)='GPL\x00', 0xf, 0x0, 0x0, 0x41100, 0xa, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f000001b700)=""/102400, 0x19000)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000380), 0xffffffffffffffff)
ioctl$BTRFS_IOC_GET_FEATURES(r0, 0x80189439, &(0x7f00000003c0))
setreuid(0xee01, 0x0)
setreuid(0x0, 0x0)

11m37.967322372s ago: executing program 40 (id=3316):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000440)={'syz_tun\x00', 0x101})
close(r0)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x30, 0x1411, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_STAT_MODE={0x8, 0x4a, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @RDMA_NLDEV_ATTR_STAT_RES={0x8, 0x4b, 0x13}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000800}, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f00000001c0)={0x0, r1}, 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x3, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="1802000001000000000000000000000085000000970000001801000020756c2500000020002020207b1af8ff00000000bfa1e9000000000007010000f8ffffffb70200000800bbecbf9300000000000085000000d00000009500000000000000a18c5a484581fb39aebc0f85bfe3e0472d3cc60f32c77dd873a517eef6f49aa07e005b4aca13a95906c2ecde98ffdd6ca7020b1f66f3eb3da00005a54ebb2b8c25b95a8d53f602e976e70d8feb5b4fcf974efcfb014dbd249c0f06a191cb5559b7c36acbd29acc126b845e52f9b9ab6679d545308888f6b2a7db3e40db0bc2c92ecbb72f0b9898ffcb989b93cbfdd9"], &(0x7f0000000040)='GPL\x00', 0x8000004}, 0x94)
r3 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$cgroup_int(r3, &(0x7f0000000180)=0x2, 0x12)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xca02})
preadv(0xffffffffffffffff, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/124, 0xe}], 0x3e8, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r4 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x402)
dup(r4)
r5 = syz_open_dev$evdev(&(0x7f0000000080), 0x1, 0x0)
syz_usb_disconnect(r5)
syz_usb_connect$cdc_ecm(0x4, 0x56, &(0x7f0000000c00)=ANY=[], 0x0)

16.557070959s ago: executing program 7 (id=5109):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/diskstats\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d)
syz_emit_ethernet(0xbe, &(0x7f0000001040)={@multicast, @random="58a4ab044a92", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x3c, 0xb0, 0x0, 0x0, 0xfc, 0x11, 0x0, @empty, @broadcast}, {0x400, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "4e0ec4d8ec1533548dfb72e1261d7aeb619d49e98f3f4cadcd53ff011dd82418", "80bdd625bd905ba90d0a6927c37cefe3c4b48ef7ded481883e35fd85afe3254b3e1441af5775976715bf29ed4dcc166e", "7cdfd8ec14c7ce8bac951c90fcfaa4d6679b931ed70bb5b50f5b738d", {"fdeca3693c5b2785e92ce602a669b6dd", "af8ff0acae2f2a3d0d0de9d22c2e3cf8"}}}}}}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
shmget$private(0x0, 0x1000, 0x4, &(0x7f0000cac000/0x1000)=nil)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
read$FUSE(r0, &(0x7f0000000200)={0x2020}, 0x2020)

11.30343222s ago: executing program 7 (id=5123):
r0 = socket$kcm(0x10, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, 0x0, 0x0, 0x2, 0x0)
r4 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0)
dup3(r4, 0xffffffffffffffff, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00', 0x800, 0x0, 0x103, 0x1}, 0x20)
sendmsg$inet6(r5, 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000180)="5c00000013006bcd9e3fe3dc4e48aa31086b8703380000001f00000000000000040014000d000a00140000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fc", 0x51}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0)

11.252283059s ago: executing program 8 (id=5124):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r0)
ioctl$SIOCSIFHWADDR(r0, 0x8943, &(0x7f0000002280)={'syzkaller0\x00', @random="110000000002"})

10.695138649s ago: executing program 8 (id=5127):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000000)='./file1\x00', 0x810, &(0x7f00000001c0)={[{@treelog}, {@nodatacow}, {@max_inline={'max_inline', 0x3d, [0x6d, 0x33, 0x78, 0x39, 0x65, 0x36]}}, {@space_cache}, {@nodatasum}, {@nobarrier}, {@nossd}, {@noautodefrag}, {@ref_verify}, {@noenospc_debug}, {@clear_cache}, {@commit={'commit', 0x3d, 0x3}}, {@ssd}, {@nobarrier}, {@max_inline={'max_inline', 0x3d, [0x37, 0x36, 0x38, 0x35, 0x32, 0x25]}}]}, 0x1, 0x50f3, &(0x7f000000a2c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=")
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_dev$rtc(&(0x7f0000000180), 0x7, 0x731040)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(0x0, 0x0)
mkdir(&(0x7f0000000100)='./bus\x00', 0xff)
chdir(&(0x7f0000000140)='./bus\x00')
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f0000000000)=""/83, &(0x7f0000000080)=0x53)
request_key(&(0x7f0000000e80)='dns_resolver\x00', &(0x7f0000000ec0)={'syz', 0x1}, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$unix(0x1, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)

10.646142212s ago: executing program 2 (id=5130):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f00000003c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x54, 0x54, 0x2, [@enum64={0x9, 0x6, 0x0, 0x13, 0x0, 0x1, [{0x9, 0x6, 0x4}, {0xe, 0xffff, 0xfffff800}, {0x4, 0xffffff9d}, {0xd, 0x13, 0xb4b2}, {0x6, 0x8, 0xb79}, {0xb, 0xd3d7, 0x80000001}]}]}}, &(0x7f0000000100)=""/141, 0x6e, 0x8d, 0x1, 0x7}, 0x28)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xb, &(0x7f0000000100)=ANY=[@ANYBLOB="180800ec0c00000000000000000000001801000020"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000100)=ANY=[@ANYRES8, @ANYRES32, @ANYBLOB="0000000000000000400012800c0001"], 0x68}}, 0x0)
r1 = socket$igmp6(0xa, 0x3, 0x2)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000140)={'sit0\x00', &(0x7f0000000040)={'tunl0\x00', 0x0, 0x8000, 0x7800, 0x9, 0x1, {{0x5, 0x4, 0x0, 0x3e, 0x14, 0x64, 0x0, 0x7, 0x29, 0x0, @loopback, @loopback}}}})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00', {0x2}})
write$tun(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="06000000bbbbbbbbbbbbaaaaaaaaaabb88f5"], 0x72)

10.107061719s ago: executing program 7 (id=5131):
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1f, &(0x7f0000000e00)=""/207, &(0x7f0000000040)=0xcf)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000080)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x1b})
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x20080)
ioctl$EVIOCGPHYS(r1, 0x80404507, &(0x7f00000000c0)=""/193)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)

8.623326405s ago: executing program 8 (id=5135):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r1)
sendmsg$NLBL_CIPSOV4_C_LIST(r0, 0x0, 0x20000010)

7.595222052s ago: executing program 7 (id=5136):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/diskstats\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d)
syz_emit_ethernet(0xbe, &(0x7f0000001040)={@multicast, @random="58a4ab044a92", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x3c, 0xb0, 0x0, 0x0, 0xfc, 0x11, 0x0, @empty, @broadcast}, {0x400, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "4e0ec4d8ec1533548dfb72e1261d7aeb619d49e98f3f4cadcd53ff011dd82418", "80bdd625bd905ba90d0a6927c37cefe3c4b48ef7ded481883e35fd85afe3254b3e1441af5775976715bf29ed4dcc166e", "7cdfd8ec14c7ce8bac951c90fcfaa4d6679b931ed70bb5b50f5b738d", {"fdeca3693c5b2785e92ce602a669b6dd", "af8ff0acae2f2a3d0d0de9d22c2e3cf8"}}}}}}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
shmget$private(0x0, 0x1000, 0x4, &(0x7f0000cac000/0x1000)=nil)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
read$FUSE(r0, &(0x7f0000000200)={0x2020}, 0x2020)

7.189994562s ago: executing program 3 (id=5139):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00', @ANYRES16=r0, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r2, @ANYBLOB="08002600940900000800b70099"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="80000000", @ANYRES16=r3, @ANYBLOB="010026bd7000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="0600cd00000000005900330080200900080211000001080211000000"], 0x80}, 0x1, 0x0, 0x0, 0xc0}, 0x0)

7.127524326s ago: executing program 2 (id=5140):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
r1 = mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0x9, 0x0)
fcntl$setlease(r1, 0x400, 0x1)
mq_open(&(0x7f0000000780)='eth0\x00\xdd\xad4=2k\xf1\x05\x9b\x91y\xe1;F\xa2\x8df\xe9\x04\x00\x00\x00\x00\x0078z=\x8f\xd5F\xa4AR\xc7\x9f.\xdc\xdb\"A\x16\xd8\x19\xf1lZ\xc8\x93\xda\xf2\xc9\xe8h[u8\xc6\xfa\x9ep\xbe\a\xe2\xf5\xa3Y\x9f\xe1\x04gM\x99K$\r\xf1G\xee\xe1\xbd\x1e\xdf\xe1\x9c\x19\xda\xd3\x94EL\xca\x88\x85Q\x02\xd9L\x90\xeb%/\xb1\xeb\x11uP7\x1f\xd9b\xebF\xf8\x88\xf0\xac.\x94\xfc\v\xb1W\xef~+n\xb1\x9b\x02n]xr\xb3\x80\xbc>\xe8XX\xe6\x12\xf3\xc9\xd5\xf8\xd1\x8d\xcb9\xbf\xb0(<\xeb\x92\x8a\x16\xb7\x11^\xb6\xb7n\xd5\xb5\x00[\xdf\x94\x00\r\x95\x17\xa1h\xf8\x00\x00\x00\"\xa0\x05\xcc^\x90c\xc9}\xb8\ny\xf4\xe1\xb4.\xa4\a\x05\xbb}\x91\xf4C\xf5O\xf1a\x12\b\x86\xa16\xbb}C\xc9\x1d\\\xedD\x14\xb1w\x1e\xa0\xc1E\xb5\xf8\xab\xfb\xd9\x93\xb8vJ\x85p\xb5n\x1b\xe4\xd5g\xae\xe4\xeb\xca\xae\x1bs\xd4\xf0\xc0\xdag\x19R4\xd4\xd4\x04\xfc\x04Zb\xf6\xba\xf8B\xf6YU\xcd\xf2\xdb\xb5\xa2\xda\xdf\x8dD\xef`\x13\x15$\xceq\xd7j\xd7\xe3V\xf2\xa2\x95\xcf\x18T\xf1\xb0\xf3\xf8O', 0x1, 0x136, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000032680)=""/102400, 0x19000)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, 0x0)
close(0x3)

7.127076994s ago: executing program 8 (id=5141):
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x2, 0x4, 0x4, 0x8, 0x0, 0x1}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0d00000008000000040000000200000040000000", @ANYRES32=r1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000a00)={{r2}, &(0x7f0000000980), &(0x7f00000009c0)=r1}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0)

6.929417858s ago: executing program 5 (id=5142):
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000001c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000100)={@link_local, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @private=0x800001c, @local}, {0x0, 0x17c1, 0x8}}}}}, 0x0)
close(r1)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @broadcast})
write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x2a)

6.918905638s ago: executing program 6 (id=5143):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x0, 0xfff2}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000900000000000008000003000000040004001c000180180010"], 0x34}}, 0x84)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40000000000000061113800000000001e0000fbffffffff9400000c00000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r2)
sendmsg$NLBL_MGMT_C_ADD(0xffffffffffffffff, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000c80)={0x2c, r3, 0x1, 0x70bd25, 0x0, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @multicast2}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @private=0xa010101}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000010}, 0x0)
sendmsg$NLBL_MGMT_C_REMOVE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x1c, r3, 0x1, 0x70bd2b, 0x25dfdbfb, {}, [@NLBL_MGMT_A_DOMAIN={0x5, 0x1, '\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004001}, 0x840)
r4 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet_sctp(r4, &(0x7f00000032c0)=[{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000100)="03", 0x1}], 0x1}], 0x1, 0x0)
sendmmsg$inet_sctp(r4, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0xc}}], 0x30}], 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c4400000000000e0feff0085000000b200000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x1})
ioctl$SIOCGIFHWADDR(r6, 0x8927, &(0x7f0000000000)={'team_slave_1\x00'})
bind$inet(r5, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r5, &(0x7f0000000480)={0x2, 0x4e24, @loopback}, 0x10)
sendmmsg$inet(r5, &(0x7f00000005c0)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000003c80)="f50cb6", 0x3}], 0x1}}], 0x1, 0x8011)
recvmmsg(r5, &(0x7f000000a400)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000001c80)=""/4096, 0x1000}], 0x1}, 0x40}], 0x1, 0x10120, 0x0)
shutdown(r5, 0x1)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f00000003c0)=ANY=[@ANYBLOB="2b70696473202b726c695f7072696f208000000100000000"], 0x18)
socket$inet(0x2, 0x3, 0x3d9)
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x24, 0x0, 0x4, 0x70bd2a, 0x25dfdbfd, {}, [@ETHTOOL_A_COALESCE_RX_MAX_FRAMES_LOW={0x8, 0xf, 0x3}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES={0x8, 0x3, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x8015}, 0x48005)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

6.775008229s ago: executing program 3 (id=5144):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x1000000)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = syz_io_uring_setup(0x497, &(0x7f00000002c0)={0x0, 0x89b8, 0x800, 0x0, 0x207}, &(0x7f0000000040)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12})
io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0)

6.296626417s ago: executing program 2 (id=5145):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, 0x0)
ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0)

6.177336806s ago: executing program 8 (id=5146):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newlink={0x5c, 0x10, 0x403, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x74, r1, 0x800, 0x55007}, [@IFLA_LINKINFO={0x3c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERIER={0x5, 0x19, 0x2}, @IFLA_BR_MCAST_STARTUP_QUERY_INTVL={0xc, 0x23, 0xf}, @IFLA_BR_MCAST_QUERY_RESPONSE_INTVL={0xc, 0x22, 0x6}, @IFLA_BR_NF_CALL_IPTABLES={0x5, 0x24, 0x1}]}}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

6.069836469s ago: executing program 3 (id=5147):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r1, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})
ioctl$TUNSETLINK(r0, 0x400454cd, 0x17)

5.879271269s ago: executing program 5 (id=5148):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
ioctl$USBDEVFS_ALLOW_SUSPEND(0xffffffffffffffff, 0x5522)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0)

5.621583908s ago: executing program 2 (id=5149):
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1f, &(0x7f0000000e00)=""/207, &(0x7f0000000040)=0xcf)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000080)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x1b})
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x20080)
ioctl$EVIOCGPHYS(r1, 0x80404507, &(0x7f00000000c0)=""/193)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)

5.585995702s ago: executing program 8 (id=5150):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000001c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000100)={@link_local, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @private=0x800001c, @local}, {0x0, 0x17c1, 0x8}}}}}, 0x0)
close(r1)
syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40000000, 0x0)
socket(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @broadcast})
write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x2a)

4.693912238s ago: executing program 6 (id=5151):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
r1 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r1, 0x0, 0xc8, &(0x7f0000003d40), 0x4)

4.079278779s ago: executing program 5 (id=5152):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0xb8, 0xc0, 0x7d, 0x40, 0xc45, 0x8001, 0x900a, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x80, 0x82, 0x99}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000500)={0x44, &(0x7f0000000280)={0x40, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

4.016728502s ago: executing program 6 (id=5153):
socket$inet_icmp(0x2, 0x2, 0x1)
socket$inet6(0xa, 0x80003, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$sock_int(r1, 0x1, 0x8, 0x0, 0x0)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
accept(r0, 0x0, 0x0)

4.015345583s ago: executing program 3 (id=5154):
openat$tun(0xffffffffffffff9c, 0x0, 0x4000, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000340)=ANY=[@ANYBLOB="f0000000100013070000000000000000fc020000000000000000000000000000fe8000000000000000000000000000100004000000000000000000202c000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe"], 0xf0}, 0x1, 0xe}, 0x10)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @void}, 0x10)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0)
r1 = eventfd(0xffffffff)
ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000600)=""/79, 0x0, 0x10000})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f0000000000)=0x1)

3.847677132s ago: executing program 2 (id=5155):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000000c0)="98a591c63a6efdecc4194d99634ff4eb90c266e83fff7dfbd3568c030612b423a36dbc", 0x23}, {&(0x7f0000000200)="da467702e2520108dcebc5560e4f93142974b51221138c2cdf5b4d5781b800c423ace69c1eba8d0c505baa2acdddff4bc6e17bd735b3576550a4b33160cad82f3df56db53fbf5fbad6125c8b7932af43ba88cd499a6c421696d57ff38d5231dc712a114aaeae76812b1375a1b59f2b669bcf1f5a39f4241eef5d48ba4a16fb354031b55dd47512d0b1c6d02dce620d1cd5bad3ff8d69fe0a9e54a633953fea9e23fdf840a0b9270dfa4799e36a059f53656b65191a14e19c6330c4df5e04ca466ea0b14f3c3a7f72f0f93653f165bd687201ae5aef946d01c988d885ca01f3363483400172d6cbe543ba3b34482febc895d7555beb84884df69da0", 0xfb}, {&(0x7f0000000100)="8d25ca2a98879e57578c3d652f5cf57f904b471f18c14b4d786c4ae155bee597b14455173e5580fb3f47c2e329b126d05465fb165f089b0314439ebfa4200976415972e1c0ebc1a66ad918d8102b667c7c406cc4cd40308fa5aadbd710f76440c0317c7642844c99dd63580c9462552b017ac7fc6b2e1411f1fab222de62016c7b3fa76cbb852128d081d91a31544ddbe5a3921f7df0f077a15863c7b12810b76fb1f549571b1606ed945955bc559ed5598e62", 0xb3}, {&(0x7f0000000300)="f111f39463acbac94f37eaaa931da78c8c414a4edadbcac605b6a5089e71e9b125f3a628ad2cbfd97cb9ad0e6eec571532e87f653961867d41d742ded2a2b2ae459f67d701f481c880e26696407b17b691b17a5045371c8fdcf194192c92774a796d44f528426692f08ed6a6a871569a50134a64119acae16a5b89bb77613f5152bf2faca1ff52082e2e810a084976bf5445384defc7b81efdbc46cc27c6775686e3c7b09331988195a02d1f47f754e9a632886498d9c5bcbfa563151a56ef24", 0xc0}], 0x4, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="d8000000210081", 0x7}], 0x1}, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r2, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r3, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

3.557349346s ago: executing program 2 (id=5156):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r2=>0x0})
setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081)
setsockopt$SO_J1939_FILTER(r1, 0x6b, 0x1, &(0x7f0000000100)=[{0x0, 0x2, {0x1, 0xf0, 0x2}, {0x0, 0x0, 0x4}, 0xfd, 0x2}], 0x20)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x25dfdbfb, {0x0, 0x0, 0x74, r2, {0xfffd, 0xffeb}, {0x1, 0x1}, {0x6, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x44)

3.542594253s ago: executing program 3 (id=5157):
sendmsg$NFT_MSG_GETFLOWTABLE(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c000000170a01080000000000000000020000080900020073797a3200000000090001"], 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000080)

3.397451205s ago: executing program 3 (id=5158):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee1, 0x8031, r0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, 0x0)
r2 = socket(0x14, 0x2, 0x4)
getsockopt$inet6_tcp_buf(r2, 0x6, 0x1a, 0x0, &(0x7f0000000340))

3.000260814s ago: executing program 7 (id=5159):
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
sendmsg$xdp(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[], 0x1c}}, 0x0)

2.808878399s ago: executing program 6 (id=5160):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x1000000)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = syz_io_uring_setup(0x497, &(0x7f00000002c0)={0x0, 0x89b8, 0x800, 0x0, 0x207}, &(0x7f0000000040)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12})
io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0)

2.134484088s ago: executing program 5 (id=5161):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x5)
bind$inet(r1, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10)
sendmmsg$inet(r1, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, 0x0}}], 0x1, 0x20008000)
setsockopt$inet_tcp_TLS_TX(r1, 0x6, 0x1, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
creat(0x0, 0x8)

2.09258664s ago: executing program 6 (id=5162):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
ioctl$USBDEVFS_ALLOW_SUSPEND(0xffffffffffffffff, 0x5522)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x317, 0x1, 0x34, 0x9}, 0x9c)

1.250613956s ago: executing program 7 (id=5163):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r1)
accept$inet(0xffffffffffffffff, 0x0, &(0x7f0000000100))
writev(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f00000000c0)={0xfffffffc, 0x4, 0x3, 0x0, 0x5})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8)
r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
ioctl$FS_IOC_SETFLAGS(r3, 0x40186f40, &(0x7f0000000440)=0x1f)

977.891851ms ago: executing program 5 (id=5164):
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000500)='page_pool_state_release\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r2, 0x2000000, 0xe, 0x0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50)

977.405408ms ago: executing program 6 (id=5165):
socket$igmp(0x2, 0x3, 0x2)
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4)

0s ago: executing program 5 (id=5166):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc)

kernel console output (not intermixed with test programs):

1.369656][ T1147] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1833.410137][T18799] Bluetooth: hci2: command tx timeout
[ 1835.538806][T18799] Bluetooth: hci2: command tx timeout
[ 1836.322435][ T5872] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1836.341522][ T5872] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1836.493527][ T5872] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1836.587023][ T5872] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1836.602173][ T5872] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1837.330250][ T1147] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1837.394802][ T1147] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1837.648658][ T5872] Bluetooth: hci2: command tx timeout
[ 1839.420238][ T5872] Bluetooth: hci6: command tx timeout
[ 1839.603871][ T1147] bond0 (unregistering): Released all slaves
[ 1839.878487][T20789] lo speed is unknown, defaulting to 1000
[ 1840.025573][T20873] F2FS-fs (loop13): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 1840.071098][   T30] audit: type=1326 audit(1754591595.744:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20869 comm="syz.3.3866" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4116b8ebe9 code=0x0
[ 1840.114305][T20873] F2FS-fs (loop13): Can't find valid F2FS filesystem in 1th superblock
[ 1840.130945][T20873] F2FS-fs (loop13): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 1840.237642][T20873] F2FS-fs (loop13): Can't find valid F2FS filesystem in 2th superblock
[ 1840.332049][ T5872] Bluetooth: hci2: command tx timeout
[ 1840.455390][ T1147] hsr_slave_0: left promiscuous mode
[ 1840.490131][ T1147] hsr_slave_1: left promiscuous mode
[ 1840.513794][ T1147] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1840.569006][ T1147] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1841.389292][T20882] loop3: detected capacity change from 0 to 4096
[ 1841.397964][T20882] EXT4-fs: Ignoring removed mblk_io_submit option
[ 1841.452004][ T5872] Bluetooth: hci6: command tx timeout
[ 1841.482327][T20882] EXT4-fs (loop3): Test dummy encryption mode enabled
[ 1841.517330][T20882] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1841.561912][   T30] audit: type=1800 audit(1754591597.234:164): pid=20882 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3869" name="bus" dev="loop3" ino=18 res=0 errno=0
[ 1842.580279][T16753] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1843.535153][ T5872] Bluetooth: hci6: command tx timeout
[ 1844.186638][T20901] loop3: detected capacity change from 0 to 40427
[ 1844.526387][T20901] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[ 1844.557617][T20901] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1846.330229][ T5872] Bluetooth: hci6: command tx timeout
[ 1846.837310][T16753] syz-executor: attempt to access beyond end of device
[ 1846.837310][T16753] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1847.069277][T16753] CPU: 0 UID: 0 PID: 16753 Comm: syz-executor Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[ 1847.069316][T16753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1847.069333][T16753] Call Trace:
[ 1847.069344][T16753]  <TASK>
[ 1847.069356][T16753]  dump_stack_lvl+0x189/0x250
[ 1847.069400][T16753]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1847.069433][T16753]  ? __pfx_queue_work_on+0x10/0x10
[ 1847.069458][T16753]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1847.069490][T16753]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1847.069537][T16753]  f2fs_handle_critical_error+0x37c/0x540
[ 1847.069587][T16753]  f2fs_write_end_io+0x886/0xb60
[ 1847.069652][T16753]  __submit_merged_bio+0x27a/0x6a0
[ 1847.069695][T16753]  __submit_merged_write_cond+0x255/0x530
[ 1847.069738][T16753]  f2fs_write_data_pages+0x261d/0x3000
[ 1847.069825][T16753]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1847.069929][T16753]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1847.069959][T16753]  ? trace_sched_exit_tp+0x36/0x110
[ 1847.069994][T16753]  ? __schedule+0x17ae/0x4cc0
[ 1847.070049][T16753]  ? __pfx_preempt_schedule_irq+0x10/0x10
[ 1847.070093][T16753]  ? irqentry_exit+0x74/0x90
[ 1847.070124][T16753]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1847.070153][T16753]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1847.070208][T16753]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1847.070246][T16753]  do_writepages+0x32e/0x550
[ 1847.070291][T16753]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1847.070326][T16753]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1847.070355][T16753]  ? do_raw_spin_unlock+0x122/0x240
[ 1847.070395][T16753]  filemap_fdatawrite+0x199/0x240
[ 1847.070434][T16753]  ? __pfx_filemap_fdatawrite+0x10/0x10
[ 1847.070532][T16753]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1847.070573][T16753]  ? do_raw_spin_unlock+0x122/0x240
[ 1847.070613][T16753]  f2fs_sync_dirty_inodes+0x31f/0x830
[ 1847.070674][T16753]  f2fs_write_checkpoint+0x95a/0x1df0
[ 1847.070749][T16753]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[ 1847.070858][T16753]  ? kill_f2fs_super+0x298/0x6c0
[ 1847.070905][T16753]  kill_f2fs_super+0x2c3/0x6c0
[ 1847.070953][T16753]  ? __pfx_kill_f2fs_super+0x10/0x10
[ 1847.070988][T16753]  ? radix_tree_delete_item+0x2b6/0x400
[ 1847.071030][T16753]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1847.071059][T16753]  ? shrinker_free+0x2ce/0x3e0
[ 1847.071093][T16753]  deactivate_locked_super+0xbc/0x130
[ 1847.071130][T16753]  cleanup_mnt+0x425/0x4c0
[ 1847.071158][T16753]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1847.071188][T16753]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1847.071224][T16753]  task_work_run+0x1d4/0x260
[ 1847.071266][T16753]  ? __pfx_task_work_run+0x10/0x10
[ 1847.071299][T16753]  ? __x64_sys_umount+0x122/0x160
[ 1847.071342][T16753]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1847.071372][T16753]  ? schedule+0x16f/0x360
[ 1847.071405][T16753]  exit_to_user_mode_loop+0xec/0x110
[ 1847.071445][T16753]  do_syscall_64+0x2bd/0x3b0
[ 1847.071478][T16753]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1847.071509][T16753]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1847.071534][T16753]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1847.071568][T16753]  ? exc_page_fault+0x9f/0xf0
[ 1847.071603][T16753]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1847.071629][T16753] RIP: 0033:0x7f4116b8ff17
[ 1847.071653][T16753] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[ 1847.071675][T16753] RSP: 002b:00007ffc0f8411a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 1847.071701][T16753] RAX: 0000000000000000 RBX: 00007f4116c11c05 RCX: 00007f4116b8ff17
[ 1847.071720][T16753] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc0f841260
[ 1847.071737][T16753] RBP: 00007ffc0f841260 R08: 0000000000000000 R09: 0000000000000000
[ 1847.071754][T16753] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc0f8422f0
[ 1847.071773][T16753] R13: 00007f4116c11c05 R14: 00000000001c2c50 R15: 00007ffc0f842330
[ 1847.071818][T16753]  </TASK>
[ 1847.071829][T16753] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[ 1849.053029][ T1147] team0 (unregistering): Port device team_slave_1 removed
[ 1849.437720][ T1147] team0 (unregistering): Port device team_slave_0 removed
[ 1852.577637][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[ 1852.584123][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[ 1855.465184][T20849] lo speed is unknown, defaulting to 1000
[ 1855.909926][T20990] vivid-006: disconnect
[ 1856.427789][T20985] vivid-006: reconnect
[ 1856.665376][T20983] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3899'.
[ 1857.167934][T18799] Bluetooth: hci1: ISO packet too small
[ 1861.566753][ T5872] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1861.745469][ T5872] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1861.781044][ T5872] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1861.880527][ T5872] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1861.947808][ T5872] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1862.833738][T20789] chnl_net:caif_netlink_parms(): no params data found
[ 1863.361470][T20849] chnl_net:caif_netlink_parms(): no params data found
[ 1863.663350][T21011] lo speed is unknown, defaulting to 1000
[ 1864.412091][T18799] Bluetooth: hci4: command tx timeout
[ 1864.723209][T21039] Falling back ldisc for ttyprintk.
[ 1865.461654][T20789] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1865.479648][T20789] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1865.502225][T20789] bridge_slave_0: entered allmulticast mode
[ 1865.510209][T20789] bridge_slave_0: entered promiscuous mode
[ 1865.776706][T20789] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1865.865275][T20789] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1865.874461][T18799] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201'
[ 1865.886032][T18799] CPU: 1 UID: 0 PID: 18799 Comm: kworker/u9:2 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[ 1865.886073][T18799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1865.886094][T18799] Workqueue: hci1 hci_rx_work
[ 1865.886128][T18799] Call Trace:
[ 1865.886139][T18799]  <TASK>
[ 1865.886152][T18799]  dump_stack_lvl+0x189/0x250
[ 1865.886192][T18799]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1865.886228][T18799]  ? __pfx__printk+0x10/0x10
[ 1865.886280][T18799]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1865.886321][T18799]  ? kernfs_path_from_node+0x250/0x290
[ 1865.886356][T18799]  ? kernfs_path_from_node+0x2f/0x290
[ 1865.886395][T18799]  sysfs_create_dir_ns+0x259/0x280
[ 1865.886430][T18799]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 1865.886472][T18799]  ? do_raw_spin_unlock+0x122/0x240
[ 1865.886519][T18799]  kobject_add_internal+0x59f/0xb40
[ 1865.886575][T18799]  kobject_add+0x155/0x220
[ 1865.886613][T18799]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1865.886655][T18799]  ? __pfx_kobject_add+0x10/0x10
[ 1865.886692][T18799]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1865.886720][T18799]  ? _raw_spin_unlock+0x28/0x50
[ 1865.886747][T18799]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1865.886779][T18799]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1865.886807][T18799]  ? get_device_parent+0x366/0x3a0
[ 1865.886849][T18799]  device_add+0x408/0xb50
[ 1865.886891][T18799]  hci_conn_add_sysfs+0xd5/0x1e0
[ 1865.886935][T18799]  le_conn_complete_evt+0xc3a/0x1220
[ 1865.886984][T18799]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1865.887018][T18799]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1865.887048][T18799]  ? __mutex_unlock_slowpath+0x1a1/0x760
[ 1865.887086][T18799]  ? __asan_memcpy+0x40/0x70
[ 1865.887123][T18799]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1865.887153][T18799]  ? skb_pull_data+0xfb/0x200
[ 1865.887184][T18799]  hci_le_conn_complete_evt+0x187/0x450
[ 1865.887222][T18799]  hci_event_packet+0x78f/0x1200
[ 1865.887250][T18799]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1865.887282][T18799]  ? __pfx_hci_event_packet+0x10/0x10
[ 1865.887323][T18799]  ? kcov_remote_start+0x4d3/0x7f0
[ 1865.887359][T18799]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1865.887385][T18799]  ? lockdep_hardirqs_on+0x90/0x150
[ 1865.887411][T18799]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1865.887431][T18799]  ? hci_send_to_monitor+0xe2/0x570
[ 1865.887459][T18799]  hci_rx_work+0x46a/0xe80
[ 1865.887491][T18799]  ? process_scheduled_works+0x9ef/0x17b0
[ 1865.887512][T18799]  process_scheduled_works+0xae1/0x17b0
[ 1865.887557][T18799]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1865.887582][T18799]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1865.887611][T18799]  worker_thread+0x8a0/0xda0
[ 1865.887633][T18799]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1865.887662][T18799]  ? __kthread_parkme+0x7b/0x200
[ 1865.887692][T18799]  kthread+0x711/0x8a0
[ 1865.887718][T18799]  ? __pfx_worker_thread+0x10/0x10
[ 1865.887737][T18799]  ? __pfx_kthread+0x10/0x10
[ 1865.887758][T18799]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1865.887784][T18799]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1865.887803][T18799]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1865.887824][T18799]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1865.887845][T18799]  ? __pfx_kthread+0x10/0x10
[ 1865.887870][T18799]  ret_from_fork+0x3fc/0x770
[ 1865.887893][T18799]  ? __pfx_ret_from_fork+0x10/0x10
[ 1865.887918][T18799]  ? __switch_to_asm+0x39/0x70
[ 1865.887942][T18799]  ? __switch_to_asm+0x33/0x70
[ 1865.887966][T18799]  ? __pfx_kthread+0x10/0x10
[ 1865.887991][T18799]  ret_from_fork_asm+0x1a/0x30
[ 1865.888030][T18799]  </TASK>
[ 1866.226063][T18799] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1866.244205][T18799] Bluetooth: hci1: failed to register connection device
[ 1866.326759][T20789] bridge_slave_1: entered allmulticast mode
[ 1866.451169][T20789] bridge_slave_1: entered promiscuous mode
[ 1866.515763][ T5872] Bluetooth: hci4: command tx timeout
[ 1867.103295][T20849] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1867.111474][T20849] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1867.119794][T20849] bridge_slave_0: entered allmulticast mode
[ 1867.128776][T20849] bridge_slave_0: entered promiscuous mode
[ 1867.244141][T20789] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1867.295849][T20849] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1867.318669][T20849] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1867.336937][T20849] bridge_slave_1: entered allmulticast mode
[ 1867.451341][T20849] bridge_slave_1: entered promiscuous mode
[ 1868.402099][T20789] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1868.545751][T20849] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1868.573118][T21086] loop3: detected capacity change from 0 to 40427
[ 1868.574189][ T5872] Bluetooth: hci4: command tx timeout
[ 1868.586088][T20849] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1868.712154][T21086] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[ 1868.722969][T21086] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1870.653275][ T5872] Bluetooth: hci4: command tx timeout
[ 1871.030461][T20789] team0: Port device team_slave_0 added
[ 1871.052843][T20789] team0: Port device team_slave_1 added
[ 1871.278565][T20849] team0: Port device team_slave_0 added
[ 1871.645908][T20849] team0: Port device team_slave_1 added
[ 1871.740689][T20789] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1871.959883][T20789] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1872.048385][T20789] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1872.464649][T20789] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1872.471646][T20789] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1872.501315][T20789] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1872.536459][T21125] 9pnet_fd: Insufficient options for proto=fd
[ 1872.739759][T20849] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1872.757413][T20849] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1872.783442][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1872.818456][T20849] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1873.053422][T20849] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1873.167974][T20849] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1873.194153][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1873.401880][T20849] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1874.711373][T20789] hsr_slave_0: entered promiscuous mode
[ 1874.774766][T20789] hsr_slave_1: entered promiscuous mode
[ 1875.552449][T21011] chnl_net:caif_netlink_parms(): no params data found
[ 1876.179356][T20849] hsr_slave_0: entered promiscuous mode
[ 1876.230160][T20849] hsr_slave_1: entered promiscuous mode
[ 1876.254259][T20849] debugfs: 'hsr0' already exists in 'hsr'
[ 1876.289935][T20849] Cannot create hsr debugfs directory
[ 1877.066126][T21147] loop3: detected capacity change from 0 to 32768
[ 1877.086308][T21147] XFS: ikeep mount option is deprecated.
[ 1877.209828][T21147] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1877.347537][T21171] Illegal XDP return value 4294967274 on prog  (id 707) dev N/A, expect packet loss!
[ 1877.919025][T21147] XFS (loop3): Ending clean mount
[ 1877.974430][T21147] XFS (loop3): Quotacheck needed: Please wait.
[ 1878.117421][T21147] XFS (loop3): Quotacheck: Done.
[ 1878.305930][T16753] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1879.438412][T21189] Unknown status report in ack skb
[ 1879.445391][T21011] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1880.321255][T21011] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1880.330525][T21011] bridge_slave_0: entered allmulticast mode
[ 1880.338962][T21011] bridge_slave_0: entered promiscuous mode
[ 1880.362137][T21011] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1880.369320][T21011] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1880.377388][T21011] bridge_slave_1: entered allmulticast mode
[ 1880.386625][T21011] bridge_slave_1: entered promiscuous mode
[ 1880.755753][T21262] loop3: detected capacity change from 0 to 40427
[ 1880.865099][T21262] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[ 1880.875795][T21262] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1882.073691][T21275] blktrace: Concurrent blktraces are not allowed on sda1
[ 1882.099875][T21011] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1882.204981][T21011] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1882.534791][T21011] team0: Port device team_slave_0 added
[ 1882.685876][T21011] team0: Port device team_slave_1 added
[ 1882.935983][T21011] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1882.943519][T21011] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1882.970256][T21011] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1882.986892][T21011] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1882.994254][T21011] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1883.021764][T21011] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1883.062744][ T1147] bridge_slave_1: left allmulticast mode
[ 1883.073531][ T1147] bridge_slave_1: left promiscuous mode
[ 1883.079712][ T1147] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1883.098722][ T1147] bridge_slave_0: left allmulticast mode
[ 1883.104673][ T1147] bridge_slave_0: left promiscuous mode
[ 1883.110803][ T1147] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1883.134006][ T1147] bridge_slave_1: left allmulticast mode
[ 1883.142863][ T1147] bridge_slave_1: left promiscuous mode
[ 1883.150786][ T1147] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1883.160906][T18968] usb 7-1: new high-speed USB device number 29 using dummy_hcd
[ 1883.171648][ T1147] bridge_slave_0: left allmulticast mode
[ 1883.180764][ T1147] bridge_slave_0: left promiscuous mode
[ 1883.198188][ T1147] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1883.211408][ T1147] bridge_slave_1: left allmulticast mode
[ 1883.217661][ T1147] bridge_slave_1: left promiscuous mode
[ 1883.226101][ T1147] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1883.263634][ T1147] bridge_slave_0: left allmulticast mode
[ 1883.269944][ T1147] bridge_slave_0: left promiscuous mode
[ 1883.276271][ T1147] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1883.335354][T18968] usb 7-1: config 0 has no interfaces?
[ 1883.340903][T18968] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1883.386107][T18968] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1883.642361][T18968] usb 7-1: config 0 descriptor??
[ 1883.809514][ T1147] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1883.835659][ T1147] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1883.856707][ T1147] bond0 (unregistering): Released all slaves
[ 1884.008544][ T6042] usb 7-1: USB disconnect, device number 29
[ 1884.141926][ T1147] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1884.155232][ T1147] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1884.168900][ T1147] bond0 (unregistering): Released all slaves
[ 1885.322849][ T5872] Bluetooth: hci1: command 0x0406 tx timeout
[ 1885.972460][ T1147] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1885.999229][ T1147] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1886.044207][ T1147] bond0 (unregistering): Released all slaves
[ 1886.410904][T21011] hsr_slave_0: entered promiscuous mode
[ 1886.418167][T21011] hsr_slave_1: entered promiscuous mode
[ 1886.425353][T21011] debugfs: 'hsr0' already exists in 'hsr'
[ 1886.431090][T21011] Cannot create hsr debugfs directory
[ 1886.446344][ T1147] hsr_slave_0: left promiscuous mode
[ 1886.453454][ T1147] hsr_slave_1: left promiscuous mode
[ 1886.459336][ T1147] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1886.467296][ T1147] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1886.479275][ T1147] hsr_slave_0: left promiscuous mode
[ 1886.486945][ T1147] hsr_slave_1: left promiscuous mode
[ 1886.496886][ T1147] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1886.553400][ T1147] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1887.544823][ T1147] hsr_slave_0: left promiscuous mode
[ 1887.827263][ T1147] hsr_slave_1: left promiscuous mode
[ 1887.867811][ T1147] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1887.972552][ T1147] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1888.709736][T18799] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1888.723124][T18799] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1888.731381][T18799] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1888.746187][T18799] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1888.754521][T18799] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1889.723846][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1890.036898][ T1147] team0 (unregistering): Port device team_slave_1 removed
[ 1890.274999][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1890.650825][ T1147] team0 (unregistering): Port device team_slave_0 removed
[ 1890.812056][ T5872] Bluetooth: hci1: command 0x0406 tx timeout
[ 1890.815395][T18799] Bluetooth: hci0: command tx timeout
[ 1891.526830][ T1147] team0 (unregistering): Port device team_slave_1 removed
[ 1891.598582][ T1147] team0 (unregistering): Port device team_slave_0 removed
[ 1892.678362][ T1147] team0 (unregistering): Port device team_slave_1 removed
[ 1892.721792][ T1147] team0 (unregistering): Port device team_slave_0 removed
[ 1892.892132][T18799] Bluetooth: hci0: command tx timeout
[ 1893.378416][T21364] atomic_op ffff88807e033198 conn xmit_atomic 0000000000000000
[ 1893.383964][T21363] 9pnet_fd: Insufficient options for proto=fd
[ 1893.607451][T21327] lo speed is unknown, defaulting to 1000
[ 1894.341347][ T5872] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 1894.351409][ T5872] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 1894.362383][ T5872] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 1894.392318][ T5872] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 1894.401612][ T5872] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 1894.752947][T21375] lo speed is unknown, defaulting to 1000
[ 1894.833249][T21383] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3989'.
[ 1895.062025][ T5872] Bluetooth: hci0: command tx timeout
[ 1896.492346][ T5872] Bluetooth: hci7: command tx timeout
[ 1897.132221][ T5872] Bluetooth: hci0: command tx timeout
[ 1897.655078][T21327] chnl_net:caif_netlink_parms(): no params data found
[ 1898.658124][ T5872] Bluetooth: hci7: command tx timeout
[ 1898.666406][ T5938] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[ 1898.902335][ T5938] usb 4-1: Using ep0 maxpacket: 8
[ 1899.676381][ T5938] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1899.686088][ T5938] usb 4-1: unable to read config index 0 descriptor/start: -71
[ 1899.704628][ T5938] usb 4-1: can't read configurations, error -71
[ 1899.995546][T21375] chnl_net:caif_netlink_parms(): no params data found
[ 1900.197504][T21327] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1900.211591][T21327] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1900.221145][T21327] bridge_slave_0: entered allmulticast mode
[ 1900.229659][T21327] bridge_slave_0: entered promiscuous mode
[ 1900.361177][T21438] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4001'.
[ 1900.611176][T21327] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1900.635472][T21327] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1900.661192][T21327] bridge_slave_1: entered allmulticast mode
[ 1900.703431][T21327] bridge_slave_1: entered promiscuous mode
[ 1900.832043][T18799] Bluetooth: hci7: command tx timeout
[ 1902.133827][T21327] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1902.280176][T21327] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1902.521399][T21327] team0: Port device team_slave_0 added
[ 1902.892440][T18799] Bluetooth: hci7: command tx timeout
[ 1902.942333][T21375] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1902.982658][T21375] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1902.997418][T21375] bridge_slave_0: entered allmulticast mode
[ 1903.006010][T21375] bridge_slave_0: entered promiscuous mode
[ 1903.027858][T21375] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1903.043497][T21375] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1903.070129][T21375] bridge_slave_1: entered allmulticast mode
[ 1903.105160][T21375] bridge_slave_1: entered promiscuous mode
[ 1903.173750][T21478] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4013'.
[ 1903.442565][T21327] team0: Port device team_slave_1 added
[ 1904.467019][T21375] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1905.218884][T21375] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1905.292478][ T1147] bridge_slave_1: left allmulticast mode
[ 1905.298227][ T1147] bridge_slave_1: left promiscuous mode
[ 1905.323778][ T1147] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1905.339193][ T1147] bridge_slave_0: left allmulticast mode
[ 1905.345001][ T1147] bridge_slave_0: left promiscuous mode
[ 1905.353371][ T1147] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1905.400162][ T1147] bridge_slave_1: left allmulticast mode
[ 1905.413617][ T1147] bridge_slave_1: left promiscuous mode
[ 1905.427558][ T1147] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1905.448985][ T1147] bridge_slave_0: left allmulticast mode
[ 1905.462375][ T1147] bridge_slave_0: left promiscuous mode
[ 1905.476156][ T1147] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1905.640773][ T1147] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1905.659599][ T1147] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1905.673905][ T1147] bond0 (unregistering): Released all slaves
[ 1905.818751][ T1147] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1905.831095][ T1147] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1905.841730][ T1147] bond0 (unregistering): Released all slaves
[ 1905.859217][T21327] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1905.866864][T21327] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1905.893920][T21327] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1905.907712][T21327] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1905.940957][T21327] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1905.967439][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1905.975801][T21327] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1906.011577][T21011] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1906.085707][T21375] team0: Port device team_slave_0 added
[ 1906.095207][T21375] team0: Port device team_slave_1 added
[ 1906.312085][T21011] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1906.445286][T21011] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1906.485406][ T1147] hsr_slave_0: left promiscuous mode
[ 1906.757406][T21508] loop6: detected capacity change from 0 to 40427
[ 1906.773888][ T1147] hsr_slave_1: left promiscuous mode
[ 1906.802875][ T1147] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1906.862133][T21508] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[ 1906.877303][T21508] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[ 1906.894331][ T1147] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1907.175375][ T1147] hsr_slave_0: left promiscuous mode
[ 1907.488494][ T1147] hsr_slave_1: left promiscuous mode
[ 1907.512507][ T1147] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1907.740681][T18309] syz-executor: attempt to access beyond end of device
[ 1907.740681][T18309] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1907.774063][T18309] CPU: 1 UID: 0 PID: 18309 Comm: syz-executor Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[ 1907.774103][T18309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1907.774121][T18309] Call Trace:
[ 1907.774132][T18309]  <TASK>
[ 1907.774144][T18309]  dump_stack_lvl+0x189/0x250
[ 1907.774188][T18309]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1907.774220][T18309]  ? __pfx_queue_work_on+0x10/0x10
[ 1907.774247][T18309]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1907.774277][T18309]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1907.774321][T18309]  f2fs_handle_critical_error+0x37c/0x540
[ 1907.774364][T18309]  f2fs_write_end_io+0x886/0xb60
[ 1907.774426][T18309]  __submit_merged_bio+0x27a/0x6a0
[ 1907.774466][T18309]  __submit_merged_write_cond+0x255/0x530
[ 1907.774519][T18309]  f2fs_write_data_pages+0x261d/0x3000
[ 1907.774594][T18309]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1907.774680][T18309]  ? __mod_zone_page_state+0xd7/0x140
[ 1907.774729][T18309]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1907.774759][T18309]  ? folios_put_refs+0x560/0x640
[ 1907.774801][T18309]  ? __pfx_folios_put_refs+0x10/0x10
[ 1907.774828][T18309]  ? rcu_is_watching+0x15/0xb0
[ 1907.774864][T18309]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1907.774893][T18309]  ? __lock_acquire+0xab9/0xd20
[ 1907.774954][T18309]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[ 1907.774991][T18309]  do_writepages+0x32e/0x550
[ 1907.775035][T18309]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1907.775069][T18309]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1907.775098][T18309]  ? do_raw_spin_unlock+0x122/0x240
[ 1907.775136][T18309]  filemap_fdatawrite+0x199/0x240
[ 1907.775177][T18309]  ? __pfx_filemap_fdatawrite+0x10/0x10
[ 1907.775261][T18309]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1907.775295][T18309]  ? do_raw_spin_unlock+0x122/0x240
[ 1907.775333][T18309]  f2fs_sync_dirty_inodes+0x31f/0x830
[ 1907.775388][T18309]  f2fs_write_checkpoint+0x95a/0x1df0
[ 1907.775455][T18309]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[ 1907.775555][T18309]  ? kill_f2fs_super+0x298/0x6c0
[ 1907.775603][T18309]  kill_f2fs_super+0x2c3/0x6c0
[ 1907.775649][T18309]  ? __pfx_kill_f2fs_super+0x10/0x10
[ 1907.775685][T18309]  ? radix_tree_delete_item+0x2b6/0x400
[ 1907.775725][T18309]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1907.775754][T18309]  ? shrinker_free+0x2ce/0x3e0
[ 1907.775786][T18309]  deactivate_locked_super+0xbc/0x130
[ 1907.775822][T18309]  cleanup_mnt+0x425/0x4c0
[ 1907.775851][T18309]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1907.775880][T18309]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1907.775916][T18309]  task_work_run+0x1d4/0x260
[ 1907.775956][T18309]  ? __pfx_task_work_run+0x10/0x10
[ 1907.775990][T18309]  ? __x64_sys_umount+0x122/0x160
[ 1907.776031][T18309]  ? exit_to_user_mode_loop+0x40/0x110
[ 1907.776074][T18309]  exit_to_user_mode_loop+0xec/0x110
[ 1907.776113][T18309]  do_syscall_64+0x2bd/0x3b0
[ 1907.776146][T18309]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1907.776178][T18309]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1907.776202][T18309]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1907.776231][T18309]  ? exc_page_fault+0x9f/0xf0
[ 1907.776264][T18309]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1907.776289][T18309] RIP: 0033:0x7f585158ff17
[ 1907.776313][T18309] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[ 1907.776335][T18309] RSP: 002b:00007ffc66ce8068 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 1907.776362][T18309] RAX: 0000000000000000 RBX: 00007f5851611c05 RCX: 00007f585158ff17
[ 1907.776380][T18309] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc66ce8120
[ 1907.776397][T18309] RBP: 00007ffc66ce8120 R08: 0000000000000000 R09: 0000000000000000
[ 1907.776415][T18309] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc66ce91b0
[ 1907.776433][T18309] R13: 00007f5851611c05 R14: 00000000001d1ad4 R15: 00007ffc66ce91f0
[ 1907.776473][T18309]  </TASK>
[ 1907.777712][T18309] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[ 1908.170027][ T1147] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1908.897670][ T1147] team0 (unregistering): Port device team_slave_1 removed
[ 1908.964716][ T1147] team0 (unregistering): Port device team_slave_0 removed
[ 1909.271874][T21519] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4025'.
[ 1910.148881][T21525] loop6: detected capacity change from 0 to 32768
[ 1910.270527][T21525] bcachefs (loop6): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[ 1910.270556][T21525]   allowing incompatible features above 0.0: (unknown version)
[ 1910.270568][T21525]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[ 1910.315952][T21525] bcachefs (loop6): Using encoding defined by superblock: utf8-12.1.0
[ 1910.324173][T21525] bcachefs (loop6): initializing new filesystem
[ 1910.337267][T21525] bcachefs (loop6): going read-write
[ 1910.354479][T21525] bcachefs (loop6): marking superblocks
[ 1910.371140][T21525] bcachefs (loop6): initializing freespace
[ 1910.379961][T21525] bcachefs (loop6): done initializing freespace
[ 1910.389595][T21525] bcachefs (loop6): reading snapshots table
[ 1910.395637][T21525] bcachefs (loop6): reading snapshots done
[ 1910.438936][T21525] bcachefs (loop6): done starting filesystem
[ 1910.592708][T18309] bcachefs (loop6): shutting down
[ 1910.597795][T18309] bcachefs (loop6): going read-only
[ 1910.617027][T18309] bcachefs (loop6): finished waiting for writes to stop
[ 1910.638911][T18309] bcachefs (loop6): flushing journal and stopping allocators, journal seq 3
[ 1910.784212][T18309] bcachefs (loop6): flushing journal and stopping allocators complete, journal seq 3
[ 1910.878065][T18309] bcachefs (loop6): clean shutdown complete, journal seq 4
[ 1910.903942][T18309] bcachefs (loop6): marking filesystem clean
[ 1910.963807][ T1147] team0 (unregistering): Port device team_slave_1 removed
[ 1910.974312][T18309] bcachefs (loop6): shutdown complete
[ 1911.122757][ T1147] team0 (unregistering): Port device team_slave_0 removed
[ 1911.750503][T21375] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1911.777348][T21375] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1911.868851][T21375] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1911.930350][T21375] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1911.957211][T21375] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1911.993310][T21375] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1912.109355][T21011] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1912.181153][T21327] hsr_slave_0: entered promiscuous mode
[ 1912.258393][T21327] hsr_slave_1: entered promiscuous mode
[ 1912.556729][T21375] hsr_slave_0: entered promiscuous mode
[ 1912.604420][T21375] hsr_slave_1: entered promiscuous mode
[ 1912.610879][T21375] debugfs: 'hsr0' already exists in 'hsr'
[ 1912.632302][T21375] Cannot create hsr debugfs directory
[ 1913.925419][T21564] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4036'.
[ 1914.038583][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[ 1914.050070][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[ 1915.091460][T21573] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4038'.
[ 1915.819861][T21578] loop6: detected capacity change from 0 to 64
[ 1916.084559][T21327] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1916.120025][T21327] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1916.147059][T21327] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1916.166945][T21327] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1917.406989][T21375] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1917.517310][T21375] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1920.097374][T21375] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1920.143431][T21375] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1920.285242][T18799] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1920.297611][T18799] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1920.306307][T18799] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1920.314663][T18799] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1920.327598][T18799] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1920.391207][T21615] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1920.404941][T21615] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1920.935005][T21622] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4050'.
[ 1921.309406][T21611] lo speed is unknown, defaulting to 1000
[ 1921.577518][T21327] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1922.773147][T21327] 8021q: adding VLAN 0 to HW filter on device team0
[ 1922.799831][T18799] Bluetooth: hci2: command tx timeout
[ 1922.949060][T13457] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1922.956226][T13457] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1923.199520][T13417] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1923.206805][T13417] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1923.274561][T21611] chnl_net:caif_netlink_parms(): no params data found
[ 1924.077073][T21658] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4060'.
[ 1924.120741][T13505] bridge_slave_1: left allmulticast mode
[ 1924.150555][T13505] bridge_slave_1: left promiscuous mode
[ 1924.190408][T13505] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1924.243806][T13505] bridge_slave_0: left allmulticast mode
[ 1924.249504][T13505] bridge_slave_0: left promiscuous mode
[ 1924.320797][T13505] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1924.812666][T18799] Bluetooth: hci2: command tx timeout
[ 1924.880724][T13505] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1924.904487][T13505] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1925.637329][T13505] bond0 (unregistering): Released all slaves
[ 1925.734065][T21327] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1925.801752][T21327] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1925.906388][T21611] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1925.922159][T21611] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1925.942692][T21611] bridge_slave_0: entered allmulticast mode
[ 1925.951752][T21611] bridge_slave_0: entered promiscuous mode
[ 1925.992046][T13505] hsr_slave_0: left promiscuous mode
[ 1925.998173][T13505] hsr_slave_1: left promiscuous mode
[ 1926.010408][T13505] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1926.035133][T13505] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1926.224893][T21672] netlink: 'syz.5.4064': attribute type 10 has an invalid length.
[ 1926.892247][T18799] Bluetooth: hci2: command tx timeout
[ 1927.723513][T13505] team0 (unregistering): Port device team_slave_1 removed
[ 1927.810706][T13505] team0 (unregistering): Port device team_slave_0 removed
[ 1928.494863][T21682] F2FS-fs (loop7): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 1928.502841][T21682] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[ 1928.511796][T21682] F2FS-fs (loop7): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 1928.519591][T21682] F2FS-fs (loop7): Can't find valid F2FS filesystem in 2th superblock
[ 1928.763301][T21375] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1928.779125][T21611] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1928.787312][T21611] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1928.810714][T21611] bridge_slave_1: entered allmulticast mode
[ 1928.820957][T21611] bridge_slave_1: entered promiscuous mode
[ 1928.841802][T21672] team0: Port device dummy0 added
[ 1928.966420][T21375] 8021q: adding VLAN 0 to HW filter on device team0
[ 1928.973214][T18799] Bluetooth: hci2: command tx timeout
[ 1929.270504][T21611] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1929.340134][ T1147] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1929.347369][ T1147] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1929.396571][T21611] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1929.641800][T21611] team0: Port device team_slave_0 added
[ 1929.687694][T21611] team0: Port device team_slave_1 added
[ 1929.860623][T21611] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1929.875094][T21611] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1929.901534][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1929.920285][T21611] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1929.966951][T13402] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1929.974151][T13402] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1930.033839][T21611] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1930.048190][T21611] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1930.081676][T21611] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1930.134003][T21327] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1930.383951][   T10] usb 7-1: new high-speed USB device number 30 using dummy_hcd
[ 1930.582330][   T10] usb 7-1: Using ep0 maxpacket: 8
[ 1931.409633][T21611] hsr_slave_0: entered promiscuous mode
[ 1931.427795][T21611] hsr_slave_1: entered promiscuous mode
[ 1931.448893][T21611] debugfs: 'hsr0' already exists in 'hsr'
[ 1931.465038][T21611] Cannot create hsr debugfs directory
[ 1931.484388][   T10] usb 7-1: unable to get BOS descriptor or descriptor too short
[ 1931.531630][   T10] usb 7-1: unable to read config index 0 descriptor/start: -71
[ 1931.547550][   T10] usb 7-1: can't read configurations, error -71
[ 1932.324221][T21327] veth0_vlan: entered promiscuous mode
[ 1932.479443][T21327] veth1_vlan: entered promiscuous mode
[ 1932.677993][T21375] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1932.871455][T21327] veth0_macvtap: entered promiscuous mode
[ 1932.908678][T21327] veth1_macvtap: entered promiscuous mode
[ 1933.164423][T21736] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1933.174560][T21736] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1933.358097][T21327] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1933.477695][T21737] 9pnet: Could not find request transport: fd0x0000000000000003
[ 1934.082438][T21327] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1934.095948][T21611] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1934.134096][T13455] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1934.149253][T13455] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1934.207434][T21611] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1934.231108][T21611] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1934.272033][T13455] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1934.293007][T13455] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1934.418695][T21611] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1935.645590][T21769] overlayfs: missing 'lowerdir'
[ 1935.710693][T13417] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1935.759924][T13417] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1935.895480][T21375] veth0_vlan: entered promiscuous mode
[ 1935.920991][T21375] veth1_vlan: entered promiscuous mode
[ 1935.930673][T21771] loop3: detected capacity change from 0 to 512
[ 1935.949603][T21771] ext4: Unknown parameter 'dont_measure'
[ 1935.986362][T13455] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1936.026354][T13455] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1936.315424][T21375] veth0_macvtap: entered promiscuous mode
[ 1936.361840][T21375] veth1_macvtap: entered promiscuous mode
[ 1936.378907][T21611] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1936.408191][T21611] 8021q: adding VLAN 0 to HW filter on device team0
[ 1936.536317][T13417] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1936.543584][T13417] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1937.606915][T21375] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1937.821329][T13417] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1937.828710][T13417] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1938.301235][T21792] workqueue: Failed to create a rescuer kthread for wq "xfs-reclaim/nullb0": -EINTR
[ 1938.496833][T21375] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1939.505746][ T1147] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1939.768521][ T1147] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1939.781042][ T1147] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1939.807254][ T1147] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1940.388982][T21811] overlayfs: failed to clone upperpath
[ 1940.660062][T13417] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1940.724052][T13417] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1941.198574][T13505] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1941.279959][T13505] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1941.426628][T21822] loop7: detected capacity change from 0 to 512
[ 1941.507345][T21822] ext4: Unknown parameter 'dont_measure'
[ 1941.548937][T21611] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1941.853813][T21611] veth0_vlan: entered promiscuous mode
[ 1941.896814][T21611] veth1_vlan: entered promiscuous mode
[ 1943.971374][T21847] binder: 21844:21847 ioctl c0306201 0 returned -14
[ 1944.007780][T21611] veth0_macvtap: entered promiscuous mode
[ 1944.044868][T21611] veth1_macvtap: entered promiscuous mode
[ 1944.126678][T21611] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1944.166720][T21611] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1944.238940][T21851] overlayfs: failed to clone upperpath
[ 1944.255063][ T9853] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1944.371907][ T9853] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1944.380683][ T9853] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1944.645795][ T9853] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1946.282050][ T1147] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1946.351914][ T1147] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1946.503639][T13401] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1946.511524][T13401] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1946.952089][T21876] loop8: detected capacity change from 0 to 512
[ 1947.601694][T21876] ext4: Unknown parameter 'dont_measure'
[ 1948.087658][T21895] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4123'.
[ 1949.231394][T21914] loop2: detected capacity change from 0 to 32768
[ 1949.313717][T21914] bcachefs: bch2_fs_open() bch_fs_open err opening /dev/loop2: erofs_nochanges
[ 1949.323065][T21914] bcachefs: bch2_fs_get_tree() error: erofs_nochanges
[ 1950.739603][T21929] binder: 21920:21929 ioctl 4018620d 0 returned -22
[ 1951.381890][T18799] Bluetooth: hci5: command 0x0406 tx timeout
[ 1951.829330][T21931] loop2: detected capacity change from 0 to 512
[ 1951.947920][T21931] ext4: Unknown parameter 'dont_measure'
[ 1952.187640][T21940] team0: Port device dummy0 removed
[ 1952.328091][T21940] bridge_slave_0: left allmulticast mode
[ 1952.334556][T21940] bridge_slave_0: left promiscuous mode
[ 1952.340928][T21940] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1952.429630][T21958] loop2: detected capacity change from 0 to 1024
[ 1952.439810][T21940] bridge_slave_1: left allmulticast mode
[ 1952.442163][T21958] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 1952.453410][T21958] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[ 1952.464582][T21958] EXT4-fs (loop2): Test dummy encryption mode enabled
[ 1952.477913][T21958] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (37511!=20869)
[ 1952.488726][T21958] EXT4-fs (loop2): group descriptors corrupted!
[ 1952.510831][T21940] bridge_slave_1: left promiscuous mode
[ 1952.555384][T21940] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1952.718191][T21940] bond0: (slave bond_slave_0): Releasing backup interface
[ 1952.839112][T21940] bond0: (slave bond_slave_1): Releasing backup interface
[ 1953.133119][T21940] team0: Port device team_slave_0 removed
[ 1953.206553][T21940] team0: Port device team_slave_1 removed
[ 1953.320816][T21940] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1953.353507][T21940] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1953.368740][T21940] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1953.385101][T21940] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1955.372318][T18799] Bluetooth: hci3: command 0x0405 tx timeout
[ 1955.511045][ T5945] usb 7-1: new high-speed USB device number 32 using dummy_hcd
[ 1955.958186][ T5945] usb 7-1: Using ep0 maxpacket: 8
[ 1956.022372][ T5945] usb 7-1: unable to get BOS descriptor or descriptor too short
[ 1956.057072][ T5945] usb 7-1: unable to read config index 0 descriptor/start: -71
[ 1956.093863][ T5945] usb 7-1: can't read configurations, error -71
[ 1956.354360][T22006] tipc: Started in network mode
[ 1956.359292][T22006] tipc: Node identity 1e8541270a9b, cluster identity 4711
[ 1956.398484][T22006] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1956.959993][T22002] tipc: Disabling bearer <eth:syzkaller0>
[ 1959.150543][T22037] blktrace: Concurrent blktraces are not allowed on sda1
[ 1959.811952][T21814] usb 7-1: new high-speed USB device number 34 using dummy_hcd
[ 1959.993164][T21814] usb 7-1: Using ep0 maxpacket: 16
[ 1960.041623][T21814] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[ 1960.096057][T21814] usb 7-1: config 0 has no interface number 0
[ 1960.124737][T21814] usb 7-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[ 1960.164177][T21814] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1960.226703][T21814] usb 7-1: Product: syz
[ 1960.233655][T22052] loop8: detected capacity change from 0 to 512
[ 1960.270511][T21814] usb 7-1: Manufacturer: syz
[ 1960.277345][T22052] ext4: Unknown parameter 'dont_measure'
[ 1960.285730][T21814] usb 7-1: SerialNumber: syz
[ 1960.319628][T21814] usb 7-1: config 0 descriptor??
[ 1960.405730][T21814] gspca_main: spca1528-2.14.0 probing 04fc:1528
[ 1960.471910][ T5946] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[ 1960.662108][ T5946] usb 8-1: Using ep0 maxpacket: 8
[ 1960.691384][ T5946] usb 8-1: unable to get BOS descriptor or descriptor too short
[ 1960.763336][ T5946] usb 8-1: unable to read config index 0 descriptor/start: -71
[ 1960.789104][ T5946] usb 8-1: can't read configurations, error -71
[ 1961.124331][T21814] gspca_spca1528: reg_w err -110
[ 1961.142061][T21814] spca1528 7-1:0.1: probe with driver spca1528 failed with error -110
[ 1961.303568][T22069] netlink: 44 bytes leftover after parsing attributes in process `syz.6.4174'.
[ 1961.337864][T22069] netlink: 28 bytes leftover after parsing attributes in process `syz.6.4174'.
[ 1963.048279][ T5959] usb 7-1: USB disconnect, device number 34
[ 1965.532042][ T5946] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[ 1966.055345][ T5946] usb 8-1: Using ep0 maxpacket: 8
[ 1966.439188][ T5946] usb 8-1: unable to get BOS descriptor or descriptor too short
[ 1966.472139][ T5946] usb 8-1: unable to read config index 0 descriptor/start: -71
[ 1966.496541][ T5946] usb 8-1: can't read configurations, error -71
[ 1967.901272][T22134] loop7: detected capacity change from 0 to 256
[ 1969.098872][T22138] loop3: detected capacity change from 0 to 512
[ 1969.489102][T22138] ext4: Unknown parameter 'dont_measure'
[ 1973.367916][T21418] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[ 1973.708340][T22177] loop6: detected capacity change from 0 to 512
[ 1973.811912][T21418] usb 4-1: Using ep0 maxpacket: 8
[ 1973.817576][T22177] EXT4-fs error (device loop6): ext4_orphan_get:1392: inode #15: comm syz.6.4217: iget: bad i_size value: 38620345925642
[ 1973.854457][T22177] EXT4-fs error (device loop6): ext4_orphan_get:1397: comm syz.6.4217: couldn't read orphan inode 15 (err -117)
[ 1973.879231][T21418] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1973.898955][T21418] usb 4-1: unable to read config index 0 descriptor/start: -71
[ 1973.922081][T21418] usb 4-1: can't read configurations, error -71
[ 1974.060030][T22186] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4223'.
[ 1974.187505][T22177] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1974.190826][T22187] loop2: detected capacity change from 0 to 256
[ 1975.466656][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[ 1975.475278][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[ 1975.800245][T22200] EXT4-fs error (device loop6): ext4_validate_block_bitmap:432: comm syz.6.4217: bg 0: block 5: invalid block bitmap
[ 1975.978867][T22200] EXT4-fs (loop6): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 212 with error 28
[ 1976.056734][T22200] EXT4-fs (loop6): This should not happen!! Data will be lost
[ 1976.056734][T22200] 
[ 1976.291527][T22200] EXT4-fs (loop6): Total free blocks count 0
[ 1976.595689][T22200] EXT4-fs (loop6): Free/Dirty block details
[ 1976.870172][T22200] EXT4-fs (loop6): free_blocks=0
[ 1976.899789][T22200] EXT4-fs (loop6): dirty_blocks=212
[ 1976.947642][T22200] EXT4-fs (loop6): Block reservation details
[ 1977.122579][T22200] EXT4-fs (loop6): i_reserved_data_blocks=212
[ 1980.739635][T18309] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1981.674181][T22235] loop6: detected capacity change from 0 to 64
[ 1982.186665][T22235] syz.6.4236: attempt to access beyond end of device
[ 1982.186665][T22235] loop6: rw=2049, sector=268435468, nr_sectors = 2 limit=64
[ 1983.157198][T22257] overlayfs: missing 'lowerdir'
[ 1986.726867][T22286] loop7: detected capacity change from 0 to 1024
[ 1986.867903][T22286] EXT4-fs: Ignoring removed nobh option
[ 1986.969459][T22286] EXT4-fs: Ignoring removed bh option
[ 1987.394332][T22286] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1987.748032][   T30] audit: type=1800 audit(1754591743.424:165): pid=22286 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.7.4256" name="file2" dev="overlay" ino=16 res=0 errno=0
[ 1988.370359][T21327] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1988.381205][T22302] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1988.441220][T22302] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1991.305708][T22331] loop8: detected capacity change from 0 to 4096
[ 1991.313390][T22331] EXT4-fs: Ignoring removed mblk_io_submit option
[ 1991.375271][T22331] EXT4-fs (loop8): Test dummy encryption mode enabled
[ 1991.434057][T22331] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1992.165127][   T30] audit: type=1800 audit(1754591747.754:166): pid=22331 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.4271" name="bus" dev="loop8" ino=18 res=0 errno=0
[ 1992.423580][T21375] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1992.522970][T22346] fuse: Bad value for 'rootmode'
[ 1992.921631][T22355] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1992.959685][T22355] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1993.205180][ T6042] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[ 1993.452598][ T6042] usb 8-1: Using ep0 maxpacket: 32
[ 1993.503103][ T6042] usb 8-1: config 0 has an invalid interface number: 184 but max is 0
[ 1993.629268][ T6042] usb 8-1: config 0 has no interface number 0
[ 1993.680118][ T6042] usb 8-1: config 0 interface 184 has no altsetting 0
[ 1993.735648][ T6042] usb 8-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1993.758500][ T6042] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1993.820843][ T6042] usb 8-1: Product: syz
[ 1993.894808][ T6042] usb 8-1: Manufacturer: syz
[ 1994.008889][ T6042] usb 8-1: SerialNumber: syz
[ 1994.070113][ T6042] usb 8-1: config 0 descriptor??
[ 1994.104489][ T6042] smsc75xx v1.0.0
[ 1994.120794][ T6042] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[ 1994.178027][ T6042] smsc75xx 8-1:0.184: probe with driver smsc75xx failed with error -22
[ 1996.903115][ T6042] usb 8-1: USB disconnect, device number 8
[ 1997.800589][T22403] cgroup: fork rejected by pids controller in /syz7
[ 2000.448974][T22713] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4306'.
[ 2000.862284][ T5945] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[ 2001.044450][ T5945] usb 8-1: Using ep0 maxpacket: 32
[ 2001.053712][ T5945] usb 8-1: config 0 has an invalid interface number: 184 but max is 0
[ 2001.063530][ T5945] usb 8-1: config 0 has no interface number 0
[ 2001.069634][ T5945] usb 8-1: config 0 interface 184 has no altsetting 0
[ 2001.113356][ T5945] usb 8-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 2001.185112][ T5945] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2001.247948][ T5945] usb 8-1: Product: syz
[ 2001.277248][ T5945] usb 8-1: Manufacturer: syz
[ 2001.298670][ T5945] usb 8-1: SerialNumber: syz
[ 2001.374970][ T5945] usb 8-1: config 0 descriptor??
[ 2001.396212][ T5945] smsc75xx v1.0.0
[ 2001.399901][ T5945] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[ 2001.507351][ T5945] smsc75xx 8-1:0.184: probe with driver smsc75xx failed with error -22
[ 2001.731631][T22727] blktrace: Concurrent blktraces are not allowed on sda1
[ 2004.655610][T21418] usb 8-1: USB disconnect, device number 9
[ 2007.772038][T22767] netlink: 8 bytes leftover after parsing attributes in process `syz.8.4324'.
[ 2009.286741][T22782] block device autoloading is deprecated and will be removed.
[ 2010.221369][T22795] binder: 22792:22795 ioctl c0306201 200000000080 returned -14
[ 2010.323161][T22795] binder: 22792:22795 ioctl 4018620d 0 returned -22
[ 2012.199153][T22812] loop2: detected capacity change from 0 to 128
[ 2012.525443][T22814] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4342'.
[ 2014.824166][T22838] loop2: detected capacity change from 0 to 128
[ 2016.546424][T22856] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4356'.
[ 2018.506691][T18310] Bluetooth: hci7: command 0x0406 tx timeout
[ 2019.566110][T22879] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4362'.
[ 2019.575348][T22879] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4362'.
[ 2019.646882][T22879] team_slave_0: entered promiscuous mode
[ 2019.652667][T22879] team_slave_1: entered promiscuous mode
[ 2019.659006][T22879] macsec1: entered promiscuous mode
[ 2019.664340][T22879] team0: entered promiscuous mode
[ 2019.673791][T22879] macsec1: entered allmulticast mode
[ 2019.679149][T22879] team0: entered allmulticast mode
[ 2019.684392][T22879] team_slave_0: entered allmulticast mode
[ 2019.690181][T22879] team_slave_1: entered allmulticast mode
[ 2024.158799][T22914] loop2: detected capacity change from 0 to 1024
[ 2024.187578][T22914] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 2024.215920][T22914] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[ 2024.273625][T22914] EXT4-fs (loop2): Test dummy encryption mode enabled
[ 2024.328689][T22914] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (37511!=20869)
[ 2024.392023][T22914] EXT4-fs (loop2): group descriptors corrupted!
[ 2024.533783][T22924] loop8: detected capacity change from 0 to 1024
[ 2024.562983][T22924] EXT4-fs: inline encryption not supported
[ 2024.582879][T22924] EXT4-fs: Ignoring removed i_version option
[ 2024.673869][T22924] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 2025.458574][T21375] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2029.807090][T22964] netlink: 8 bytes leftover after parsing attributes in process `syz.8.4393'.
[ 2031.527469][T22985] fanotify: failed to encode fid (type=0, len=0, err=-2)
[ 2031.849748][T22995] loop2: detected capacity change from 0 to 512
[ 2032.181256][T22995] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2
[ 2032.204240][T22995] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2
[ 2032.523389][T22995] EXT4-fs (loop2): 1 truncate cleaned up
[ 2032.531011][T22995] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 2032.532708][T23004] fuse: Unknown parameter 'user_i00000000000000000000'
[ 2032.612898][T22995] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #2: block 4: comm syz.2.4404: lblock 0 mapped to illegal pblock 4 (length 1)
[ 2032.771850][T22995] EXT4-fs (loop2): Remounting filesystem read-only
[ 2034.013789][T21611] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2034.076744][ T5938] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[ 2034.254415][T23015] loop8: detected capacity change from 0 to 4096
[ 2034.262006][T23015] EXT4-fs: Ignoring removed mblk_io_submit option
[ 2034.263015][ T5938] usb 8-1: Using ep0 maxpacket: 32
[ 2034.285101][T23015] EXT4-fs (loop8): Test dummy encryption mode enabled
[ 2034.346454][T23015] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 2034.400860][   T30] audit: type=1800 audit(1754591790.074:167): pid=23015 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.4412" name="bus" dev="loop8" ino=18 res=0 errno=0
[ 2034.587854][ T5938] usb 8-1: config 0 has no interfaces?
[ 2035.025599][ T5938] usb 8-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 2035.090416][T21375] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2035.092034][ T5938] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2035.139976][ T5938] usb 8-1: Product: syz
[ 2035.202046][ T5938] usb 8-1: Manufacturer: syz
[ 2035.227468][ T5938] usb 8-1: SerialNumber: syz
[ 2035.277663][ T5938] usb 8-1: config 0 descriptor??
[ 2035.516519][ T6042] usb 8-1: USB disconnect, device number 10
[ 2036.793497][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2037.592328][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[ 2037.598695][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[ 2038.110456][T23043] loop6: detected capacity change from 0 to 32768
[ 2038.453178][T23043] bcachefs (loop6): starting version 1.13: inode_has_child_snapshots opts=compression=lz4
[ 2038.453206][T23043]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[ 2038.477713][T23043] bcachefs (loop6): Using encoding defined by superblock: utf8-12.1.0
[ 2038.486230][T23043] bcachefs (loop6): recovering from clean shutdown, journal seq 7
[ 2038.495509][T23043] bcachefs (loop6): Doing compatible version upgrade from 1.13: inode_has_child_snapshots to 1.28: inode_has_case_insensitive
[ 2038.495509][T23043]   running recovery passes: check_allocations,check_extents_to_backpointers,check_inodes
[ 2038.585450][T23043] bcachefs (loop6): error reading btree root btree=accounting level=0: btree_node_read_error, fixing
[ 2038.598755][T23043] bcachefs (loop6): check_topology... done
[ 2038.612783][T23043] bcachefs (loop6): accounting_read... done
[ 2038.766190][T23043] bcachefs (loop6): alloc_read... done
[ 2038.773876][T23043] bcachefs (loop6): snapshots_read... done
[ 2038.781720][T23043] bcachefs (loop6): check_allocations...
[ 2038.797230][T23043] bcachefs (loop6): bucket 0:78 gen 0 has wrong data_type: got btree, should be need_discard, fixing
[ 2038.815054][T23043] bcachefs (loop6): bucket 0:78 gen 0 data type need_discard has wrong dirty_sectors: got 64, should be 0, fixing
[ 2038.839588][T23043]  done
[ 2039.020944][T23043] bcachefs (loop6): going read-write
[ 2039.056670][ T5959] usb 3-1: new full-speed USB device number 9 using dummy_hcd
[ 2039.095479][T23043] bcachefs (loop6): journal_replay...
[ 2039.230930][ T5959] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[ 2039.300818][T23043]  done
[ 2039.310601][T23043] bcachefs (loop6): check_lrus... done
[ 2039.317357][T23043] bcachefs (loop6): check_backpointers_to_extents... done
[ 2039.337935][T23043] bcachefs (loop6): check_extents_to_backpointers... done
[ 2039.350609][T23043] bcachefs (loop6): check_inodes... done
[ 2039.363018][T23043] bcachefs (loop6): resume_logged_ops... done
[ 2039.370906][T23043] bcachefs (loop6): delete_dead_inodes... done
[ 2039.412267][T23043] bcachefs (loop6): Fixed errors, running fsck a second time to verify fs is clean
[ 2039.421655][T23043] bcachefs (loop6): check_extents_to_backpointers...
[ 2039.423271][T23043] bcachefs (loop6): scanning for missing backpointers in 1/512 buckets
[ 2039.443267][T23043]  done
[ 2039.451606][T23043] bcachefs (loop6): check_inodes... done
[ 2039.460298][T23043] bcachefs (loop6): resume_logged_ops... done
[ 2039.468269][T23043] bcachefs (loop6): delete_dead_inodes... done
[ 2039.477579][T23043] bcachefs (loop6): done starting filesystem
[ 2039.500823][ T5959] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2039.703940][ T5959] usb 3-1: Product: syz
[ 2039.708192][ T5959] usb 3-1: Manufacturer: syz
[ 2039.738213][ T5959] usb 3-1: SerialNumber: syz
[ 2039.750822][ T5959] usb 3-1: config 0 descriptor??
[ 2040.656120][ T5959] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[ 2040.683477][T23043] syz.6.4421 (23043) used greatest stack depth: 15112 bytes left
[ 2041.182111][ T5959] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[ 2041.207678][T18309] bcachefs (loop6): shutting down
[ 2041.237822][T18309] bcachefs (loop6): going read-only
[ 2041.246034][ T5959] usb 3-1: USB disconnect, device number 9
[ 2041.247506][T23085] fuse: Unknown parameter 'user_id00000000000000000000'
[ 2041.261909][T18309] bcachefs (loop6): finished waiting for writes to stop
[ 2041.288076][T18309] bcachefs (loop6): flushing journal and stopping allocators, journal seq 17
[ 2041.331134][T18309] bcachefs (loop6): flushing journal and stopping allocators complete, journal seq 17
[ 2041.506385][T18309] bcachefs (loop6): clean shutdown complete, journal seq 18
[ 2041.547996][T18309] bcachefs (loop6): marking filesystem clean
[ 2042.240306][T23089] loop8: detected capacity change from 0 to 4096
[ 2042.718536][T18309] bcachefs (loop6): shutdown complete
[ 2046.611633][T23138] fuse: Unknown parameter 'user_id00000000000000000000'
[ 2047.232954][T23146] loop2: detected capacity change from 0 to 128
[ 2047.269224][T23146] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[ 2047.340600][T23146] ext4 filesystem being mounted at /72/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[ 2048.080859][T21611] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[ 2049.234512][T23161] fanotify: failed to encode fid (type=0, len=0, err=-2)
[ 2050.506126][T23175] loop7: detected capacity change from 0 to 1024
[ 2051.887954][T23175] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 2052.425756][T21327] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2058.839779][T23244] loop7: detected capacity change from 0 to 512
[ 2060.552052][T23244] EXT4-fs error (device loop7): ext4_free_branches:1023: inode #11: comm syz.7.4483: invalid indirect mapped block 4294967295 (level 1)
[ 2061.341899][T23244] EXT4-fs error (device loop7): ext4_free_branches:1023: inode #11: comm syz.7.4483: invalid indirect mapped block 4294967295 (level 1)
[ 2061.418909][T23244] EXT4-fs (loop7): 2 truncates cleaned up
[ 2061.518285][T23244] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 2061.569790][T23264] loop6: detected capacity change from 0 to 64
[ 2061.805568][   T30] audit: type=1804 audit(1754591817.484:168): pid=23264 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.4488" name=2F6E6577726F6F742F3239382F131377C5FC35D41454D5D41D29AD1A6029598146E6BE166E41AD0DBD4054033C9F33BBDA8224A2F3D772E7636E48B33CBF708372E8F1B9933EC5127743BE2206209EF02DF9CBF2F6E880D3382F66696C6530 dev="loop6" ino=3 res=1 errno=0
[ 2061.841579][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2061.944198][T21327] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2062.438172][   T30] audit: type=1326 audit(1754591818.114:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23273 comm="syz.7.4491" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6556d8ebe9 code=0x0
[ 2065.936400][T23290] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4498'.
[ 2069.301791][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2069.371831][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2069.500443][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2069.711864][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2069.821264][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2071.534497][   T30] audit: type=1326 audit(1754591827.214:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23330 comm="syz.3.4514" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4116b8ebe9 code=0x0
[ 2071.843768][T23339] fanotify: failed to encode fid (type=0, len=0, err=-2)
[ 2071.861171][T23341] gretap1: entered promiscuous mode
[ 2071.899216][T23341] gretap1: entered allmulticast mode
[ 2071.919544][    C0] Unknown status report in ack skb
[ 2077.191588][T23379] loop6: detected capacity change from 0 to 512
[ 2077.390810][T23379] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[ 2077.391324][T23379] ext4 filesystem being mounted at /301/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 2078.374538][   T30] audit: type=1800 audit(1754591834.054:171): pid=23394 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.4513" name="file1" dev="loop6" ino=18 res=0 errno=0
[ 2078.430394][T23384] befs: (nbd3): No write support. Marking filesystem read-only
[ 2078.472149][T23384] syz.3.4532: attempt to access beyond end of device
[ 2078.472149][T23384] nbd3: rw=0, sector=0, nr_sectors = 2 limit=0
[ 2078.577996][T23384] befs: (nbd3): unable to read superblock
[ 2078.659851][T18309] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[ 2079.166332][T23405] F2FS-fs (loop7): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 2079.174238][T23405] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[ 2079.182547][T23405] F2FS-fs (loop7): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 2079.190512][T23405] F2FS-fs (loop7): Can't find valid F2FS filesystem in 2th superblock
[ 2079.847444][T23415] tipc: Started in network mode
[ 2079.875275][T23415] tipc: Node identity d6e70747695, cluster identity 4711
[ 2079.995711][T23415] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 2080.076128][T23420] syzkaller0: entered promiscuous mode
[ 2080.084541][T23420] syzkaller0: entered allmulticast mode
[ 2080.655356][T23415] tipc: Resetting bearer <eth:syzkaller0>
[ 2080.784668][T23413] tipc: Resetting bearer <eth:syzkaller0>
[ 2081.141997][T21814] tipc: Node number set to 3216443207
[ 2081.559788][T23413] tipc: Disabling bearer <eth:syzkaller0>
[ 2082.270058][T23449] binder: 23448:23449 ioctl c0306201 200000000080 returned -14
[ 2082.297316][T23451] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4549'.
[ 2082.313080][T23449] binder: 23448:23449 ioctl c0306201 0 returned -14
[ 2090.221944][T21814] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[ 2090.570634][T21814] usb 3-1: config 0 has an invalid interface number: 50 but max is 0
[ 2090.666138][T21814] usb 3-1: config 0 has no interface number 0
[ 2090.713920][T21814] usb 3-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 2090.778414][T21814] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc
[ 2090.920546][T21814] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2091.017796][T21814] usb 3-1: Product: syz
[ 2091.079863][T21814] usb 3-1: Manufacturer: syz
[ 2091.167574][T21814] usb 3-1: SerialNumber: syz
[ 2091.406650][T21814] usb 3-1: config 0 descriptor??
[ 2091.901308][T21814] yurex 3-1:0.50: USB YUREX device now attached to Yurex #0
[ 2092.010555][T21814] usb 3-1: USB disconnect, device number 10
[ 2093.013330][T21814] yurex 3-1:0.50: USB YUREX #0 now disconnected
[ 2095.020482][T23561] Bluetooth: MGMT ver 1.23
[ 2095.462505][T23567] loop6: detected capacity change from 0 to 2048
[ 2095.536469][T23567] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 2096.425491][T18799] block nbd7: Receive control failed (result -107)
[ 2096.509070][T23578] nbd7: detected capacity change from 0 to 8589934592
[ 2096.573733][T23573] block nbd7: shutting down sockets
[ 2098.336280][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[ 2098.347387][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[ 2104.299230][T23642] loop6: detected capacity change from 0 to 512
[ 2104.453841][T23642] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 2104.466529][T23642] ext4 filesystem being mounted at /314/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 2106.870629][T18309] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2110.459634][T23692] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4630'.
[ 2111.953572][T23704] binder: 23702:23704 ioctl 4018620d 0 returned -22
[ 2112.174446][T23708] sctp: [Deprecated]: syz.5.4635 (pid 23708) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2112.174446][T23708] Use struct sctp_sack_info instead
[ 2112.688388][T23704] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 2112.694900][T23704] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[ 2112.710050][T23704] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 2112.716183][T23704] Bluetooth: hci5: Error when powering off device on rfkill (-4)
[ 2112.729944][T23704] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 2112.735946][T23704] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[ 2113.140481][T23704] Bluetooth: hci7: Opcode 0x0c1a failed: -4
[ 2113.147450][T23704] Bluetooth: hci7: Error when powering off device on rfkill (-4)
[ 2113.269878][T23704] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 2113.276528][T23704] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[ 2115.987474][T12947] usb 8-1: new high-speed USB device number 11 using dummy_hcd
[ 2116.421809][T12947] usb 8-1: Using ep0 maxpacket: 32
[ 2116.474832][T12947] usb 8-1: config 0 has no interfaces?
[ 2116.519771][T12947] usb 8-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 2116.553371][T12947] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2116.561661][T12947] usb 8-1: Product: syz
[ 2116.608596][T12947] usb 8-1: Manufacturer: syz
[ 2116.632455][T12947] usb 8-1: SerialNumber: syz
[ 2116.879889][T12947] usb 8-1: config 0 descriptor??
[ 2117.316273][T21814] usb 8-1: USB disconnect, device number 11
[ 2118.457525][T21814] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[ 2118.586078][T23792] loop8: detected capacity change from 0 to 7
[ 2118.633352][T23792] Dev loop8: unable to read RDB block 7
[ 2118.639004][T23792]  loop8: unable to read partition table
[ 2118.671836][T21814] usb 9-1: Using ep0 maxpacket: 8
[ 2118.672177][T23792] loop8: partition table beyond EOD, truncated
[ 2118.698922][T21814] usb 9-1: unable to get BOS descriptor or descriptor too short
[ 2118.725776][T23792] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[ 2118.744775][T21814] usb 9-1: unable to read config index 0 descriptor/start: -71
[ 2118.767271][T21814] usb 9-1: can't read configurations, error -71
[ 2121.615917][   T30] audit: type=1326 audit(1754591876.694:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23815 comm="syz.7.4672" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6556d8ebe9 code=0x0
[ 2127.983611][ T5945] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[ 2128.538100][ T5945] usb 9-1: Using ep0 maxpacket: 8
[ 2128.585560][ T5945] usb 9-1: unable to get BOS descriptor or descriptor too short
[ 2128.602615][ T5945] usb 9-1: unable to read config index 0 descriptor/start: -71
[ 2128.646420][ T5945] usb 9-1: can't read configurations, error -71
[ 2131.302309][ T5872] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 2131.330565][ T5872] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 2131.342385][ T5872] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 2131.358242][ T5872] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 2131.383353][ T5872] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 2131.416675][T18799] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 2131.427938][T18799] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 2131.453111][T18799] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 2131.507858][T18799] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 2131.515858][T18799] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 2131.527336][T23888] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4693'.
[ 2131.826967][T23871] loop6: detected capacity change from 0 to 32768
[ 2132.646744][T23871] bcachefs (loop6): starting version 1.13: inode_has_child_snapshots opts=compression=lz4
[ 2132.646765][T23871]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[ 2132.796086][T23871] bcachefs (loop6): Using encoding defined by superblock: utf8-12.1.0
[ 2132.825953][T23871] bcachefs (loop6): recovering from clean shutdown, journal seq 7
[ 2132.826260][T13505] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2132.877192][T23871] bcachefs (loop6): Doing compatible version upgrade from 1.13: inode_has_child_snapshots to 1.28: inode_has_case_insensitive
[ 2132.877192][T23871]   running recovery passes: check_allocations,check_extents_to_backpointers,check_inodes
[ 2132.933879][T23871] syz.6.4688: vmalloc error: size 8388608, failed to allocated page array size 16384, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 2132.959432][T23871] CPU: 0 UID: 0 PID: 23871 Comm: syz.6.4688 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[ 2132.959466][T23871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 2132.959479][T23871] Call Trace:
[ 2132.959488][T23871]  <TASK>
[ 2132.959497][T23871]  dump_stack_lvl+0x189/0x250
[ 2132.959531][T23871]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2132.959562][T23871]  ? __pfx__printk+0x10/0x10
[ 2132.959601][T23871]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 2132.959624][T23871]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 2132.959648][T23871]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2132.959670][T23871]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[ 2132.959695][T23871]  warn_alloc+0x214/0x310
[ 2132.959746][T23871]  ? __pfx_warn_alloc+0x10/0x10
[ 2132.959789][T23871]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2132.959811][T23871]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2132.959833][T23871]  ? __get_vm_area_node+0x28f/0x300
[ 2132.959860][T23871]  ? bch2_fs_journal_start+0x2b4/0x12b0
[ 2132.959890][T23871]  __vmalloc_node_range_noprof+0x67e/0x12f0
[ 2132.959939][T23871]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2132.959968][T23871]  ? alloc_pages_mpol+0x3cd/0x4a0
[ 2132.960008][T23871]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 2132.960039][T23871]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2132.960060][T23871]  ? rcu_is_watching+0x15/0xb0
[ 2132.960082][T23871]  ? bch2_fs_journal_start+0x2b4/0x12b0
[ 2132.960107][T23871]  ? bch2_fs_journal_start+0x2b4/0x12b0
[ 2132.960131][T23871]  __kvmalloc_node_noprof+0x3b8/0x5f0
[ 2132.960160][T23871]  ? bch2_fs_journal_start+0x2b4/0x12b0
[ 2132.960192][T23871]  bch2_fs_journal_start+0x2b4/0x12b0
[ 2132.960232][T23871]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2132.960254][T23871]  ? bch2_journal_log_msg+0xd9/0x120
[ 2132.960283][T23871]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2132.960306][T23871]  ? __pfx_bch2_fs_journal_start+0x10/0x10
[ 2132.960332][T23871]  ? __pfx_bch2_journal_log_msg+0x10/0x10
[ 2132.960362][T23871]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2132.960384][T23871]  ? bch2_fs_resize_on_mount+0x404/0x4d0
[ 2132.960415][T23871]  bch2_fs_recovery+0x2298/0x3a50
[ 2132.960463][T23871]  ? __pfx_bch2_fs_recovery+0x10/0x10
[ 2132.960498][T23871]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2132.960524][T23871]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2132.960546][T23871]  ? __lock_acquire+0xab9/0xd20
[ 2132.960582][T23871]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2132.960603][T23871]  ? __mutex_trylock_common+0x153/0x260
[ 2132.960627][T23871]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 2132.960651][T23871]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2132.960672][T23871]  ? rcu_is_watching+0x15/0xb0
[ 2132.960695][T23871]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2132.960722][T23871]  ? __lock_acquire+0xab9/0xd20
[ 2132.960768][T23871]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2132.960792][T23871]  ? bch2_fs_start+0xa0f/0xda0
[ 2132.960816][T23871]  ? up_write+0x1c4/0x420
[ 2132.960835][T23871]  ? bch2_fs_start+0x5e7/0xda0
[ 2132.960859][T23871]  bch2_fs_start+0xaaf/0xda0
[ 2132.960882][T23871]  ? bch2_fs_start+0x5e7/0xda0
[ 2132.960905][T23871]  ? __pfx_bch2_fs_start+0x10/0x10
[ 2132.960944][T23871]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2132.960966][T23871]  ? sget+0x267/0x620
[ 2132.960995][T23871]  bch2_fs_get_tree+0xb39/0x1520
[ 2132.961039][T23871]  ? __pfx_bch2_fs_get_tree+0x10/0x10
[ 2132.961075][T23871]  ? vfs_parse_fs_string+0x101/0x170
[ 2132.961104][T23871]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2132.961131][T23871]  ? __pfx_vfs_parse_comma_sep+0x10/0x10
[ 2132.961164][T23871]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2132.961189][T23871]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2132.961213][T23871]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2132.961239][T23871]  vfs_get_tree+0x92/0x2b0
[ 2132.961268][T23871]  do_new_mount+0x2a2/0x9e0
[ 2132.961300][T23871]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2132.961321][T23871]  ? ns_capable+0x8a/0xf0
[ 2132.961340][T23871]  ? __pfx_do_new_mount+0x10/0x10
[ 2132.961367][T23871]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2132.961389][T23871]  ? path_mount+0x61c/0xfe0
[ 2132.961415][T23871]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2132.961447][T23871]  __se_sys_mount+0x317/0x410
[ 2132.961482][T23871]  ? __pfx___se_sys_mount+0x10/0x10
[ 2132.961509][T23871]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2132.961536][T23871]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2132.961558][T23871]  ? __x64_sys_mount+0x20/0xc0
[ 2132.961589][T23871]  do_syscall_64+0xfa/0x3b0
[ 2132.961615][T23871]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2132.961638][T23871]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2132.961656][T23871]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2132.961678][T23871]  ? exc_page_fault+0x9f/0xf0
[ 2132.961707][T23871]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2132.961730][T23871] RIP: 0033:0x7f585159038a
[ 2132.961753][T23871] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2132.961776][T23871] RSP: 002b:00007f58523e0e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 2132.961803][T23871] RAX: ffffffffffffffda RBX: 00007f58523e0ef0 RCX: 00007f585159038a
[ 2132.961822][T23871] RDX: 0000200000006780 RSI: 00002000000067c0 RDI: 00007f58523e0eb0
[ 2132.961841][T23871] RBP: 0000200000006780 R08: 00007f58523e0ef0 R09: 0000000000000000
[ 2132.961859][T23871] R10: 0000000000000000 R11: 0000000000000246 R12: 00002000000067c0
[ 2132.961871][T23871] R13: 00007f58523e0eb0 R14: 000000000000676f R15: 0000200000006800
[ 2132.961901][T23871]  </TASK>
[ 2133.526927][T23871] Mem-Info:
[ 2133.530133][T23871] active_anon:10527 inactive_anon:0 isolated_anon:0
[ 2133.530133][T23871]  active_file:19548 inactive_file:40877 isolated_file:0
[ 2133.530133][T23871]  unevictable:768 dirty:168 writeback:0
[ 2133.530133][T23871]  slab_reclaimable:12207 slab_unreclaimable:107942
[ 2133.530133][T23871]  mapped:34716 shmem:5467 pagetables:1129
[ 2133.530133][T23871]  sec_pagetables:0 bounce:0
[ 2133.530133][T23871]  kernel_misc_reclaimable:0
[ 2133.530133][T23871]  free:1279170 free_pcp:9598 free_cma:0
[ 2133.580568][T23871] Node 0 active_anon:42108kB inactive_anon:0kB active_file:78060kB inactive_file:163312kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:138732kB dirty:668kB writeback:0kB shmem:20332kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12048kB pagetables:4380kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 2133.613233][T18799] Bluetooth: hci4: command tx timeout
[ 2133.625688][T23871] Node 1 active_anon:0kB inactive_anon:0kB active_file:132kB inactive_file:196kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:132kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:136kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 2133.659926][T23871] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2133.692593][T23871] lowmem_reserve[]: 0 2497 2499 2499 2499
[ 2133.698425][T23871] Node 0 DMA32 free:1183900kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:42084kB inactive_anon:0kB active_file:78060kB inactive_file:161744kB unevictable:1536kB writepending:664kB present:3129332kB managed:2557520kB mlocked:0kB bounce:0kB free_pcp:38424kB local_pcp:13812kB free_cma:0kB
[ 2133.733499][T23871] lowmem_reserve[]: 0 0 1 1 1
[ 2133.738350][T23871] Node 0 Normal free:12kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1568kB unevictable:0kB writepending:4kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB
[ 2133.768147][T23871] lowmem_reserve[]: 0 0 0 0 0
[ 2133.773280][T23871] Node 1 Normal free:3917408kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:132kB inactive_file:196kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2133.804652][T23871] lowmem_reserve[]: 0 0 0 0 0
[ 2133.809492][T23871] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 2133.824084][T23871] Node 0 DMA32: 1963*4kB (UME) 1428*8kB (UME) 1391*16kB (UME) 975*32kB (UM) 660*64kB (UME) 339*128kB (UM) 96*256kB (UM) 81*512kB (UM) 23*1024kB (UME) 7*2048kB (UM) 225*4096kB (UM) = 1183900kB
[ 2133.843478][T23871] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB
[ 2133.856060][T23871] Node 1 Normal: 178*4kB (UE) 53*8kB (UME) 37*16kB (UME) 219*32kB (UME) 89*64kB (UME) 24*128kB (UE) 14*256kB (UME) 8*512kB (UME) 3*1024kB (UME) 3*2048kB (UE) 948*4096kB (M) = 3917408kB
[ 2133.874976][T23871] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2133.884642][T23871] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 2133.894172][T23871] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2133.903815][T23871] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 2133.913289][T23871] 65849 total pagecache pages
[ 2133.918010][T23871] 0 pages in swap cache
[ 2133.922251][T23871] Free swap  = 124996kB
[ 2133.927930][T23871] Total swap = 124996kB
[ 2133.932255][T23871] 2097051 pages RAM
[ 2133.936104][T23871] 0 pages HighMem/MovableOnly
[ 2133.940874][T23871] 425645 pages reserved
[ 2133.945109][T23871] 0 pages cma reserved
[ 2133.959333][T23871] bcachefs (loop6): error reallocating journal fifo (32768 open entries)
[ 2133.968548][T23871] bcachefs (loop6): error in recovery: ENOMEM_journal_pin_fifo
[ 2133.968562][T23871]   emergency read only at seq 0
[ 2133.981287][T23871] bcachefs (loop6): bch2_fs_start(): error starting filesystem ENOMEM_journal_pin_fifo
[ 2133.991143][T23871] bcachefs (loop6): shutting down
[ 2134.012905][T23871] bcachefs (loop6): shutdown complete
[ 2134.170495][T13505] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2134.241463][T23886] lo speed is unknown, defaulting to 1000
[ 2134.363464][T13505] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2134.521962][T13505] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2134.667665][T23886] chnl_net:caif_netlink_parms(): no params data found
[ 2135.701788][T18799] Bluetooth: hci4: command tx timeout
[ 2136.966407][T23871] bcachefs: bch2_fs_get_tree() error: ENOMEM_journal_pin_fifo
[ 2137.740823][T21814] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[ 2137.772570][T18799] Bluetooth: hci4: command tx timeout
[ 2137.955101][T21814] usb 9-1: Using ep0 maxpacket: 8
[ 2139.005016][T13505] bond0 (unregistering): Released all slaves
[ 2139.078556][T23886] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2139.142065][T23886] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2139.163073][T23886] bridge_slave_0: entered allmulticast mode
[ 2139.282803][T23886] bridge_slave_0: entered promiscuous mode
[ 2139.344060][T23886] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2139.351919][T21814] usb 9-1: unable to get BOS descriptor or descriptor too short
[ 2139.359858][T21814] usb 9-1: unable to read config index 0 descriptor/start: -71
[ 2139.380256][T21814] usb 9-1: can't read configurations, error -71
[ 2139.397371][T23886] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2139.428808][T23886] bridge_slave_1: entered allmulticast mode
[ 2139.538574][T23886] bridge_slave_1: entered promiscuous mode
[ 2139.854009][T18799] Bluetooth: hci4: command tx timeout
[ 2141.591155][T23886] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2141.887489][T23886] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2142.746842][T13505] hsr_slave_0: left promiscuous mode
[ 2142.776980][T13505] hsr_slave_1: left promiscuous mode
[ 2142.824744][T13505] veth1_macvtap: left promiscuous mode
[ 2143.039932][T13505] veth0_macvtap: left promiscuous mode
[ 2143.049231][T13505] veth1_vlan: left allmulticast mode
[ 2143.082334][T13505] veth1_vlan: left promiscuous mode
[ 2143.467503][T13505] veth0_vlan: left promiscuous mode
[ 2143.874283][T23960] loop6: detected capacity change from 0 to 32768
[ 2143.958649][T23984] loop7: detected capacity change from 0 to 4096
[ 2143.967825][T23984] EXT4-fs: Ignoring removed mblk_io_submit option
[ 2143.989078][T23984] EXT4-fs (loop7): Test dummy encryption mode enabled
[ 2144.476934][T23960] workqueue: Failed to create a rescuer kthread for wq "bcachefs_btree_read_complete": -EINTR
[ 2144.548914][T23960] bcachefs (loop6): shutdown complete
[ 2144.759773][T23984] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 2144.762643][T23960] bcachefs: bch2_fs_get_tree() error: ENOMEM_fs_other_alloc
[ 2144.918430][   T30] audit: type=1800 audit(1754591900.474:173): pid=23984 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.4717" name="bus" dev="loop7" ino=18 res=0 errno=0
[ 2145.561574][T21327] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2146.082159][T23998] loop6: detected capacity change from 0 to 32768
[ 2146.098874][T23998] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.4722 (23998)
[ 2146.374578][T23998] BTRFS info (device loop6): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 2146.384908][T23998] BTRFS info (device loop6): using crc32c (crc32c-lib) checksum algorithm
[ 2146.393678][T23998] BTRFS info (device loop6): disk space caching is enabled
[ 2146.401333][T23998] BTRFS warning (device loop6): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[ 2147.203417][T23998] BTRFS info (device loop6): rebuilding free space tree
[ 2147.222128][T23998] BTRFS info (device loop6): disabling free space tree
[ 2147.229076][T23998] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[ 2147.240267][T23998] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[ 2147.455268][T24023] IPVS: length: 83 != 24
[ 2147.759766][T24025] loop8: detected capacity change from 0 to 512
[ 2147.878276][T18309] BTRFS info (device loop6): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 2147.931620][T24025] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 2147.995748][T24025] ext4 filesystem being mounted at /101/bus supports timestamps until 2038-01-19 (0x7fffffff)
[ 2148.826726][T21375] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2153.030658][T23886] team0: Port device team_slave_0 added
[ 2153.048235][T23886] team0: Port device team_slave_1 added
[ 2153.204044][T24042] lo speed is unknown, defaulting to 1000
[ 2153.402459][T23886] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2153.409618][T23886] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2153.438992][T23886] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2153.621509][T24042] lo speed is unknown, defaulting to 1000
[ 2153.622719][T23886] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2153.658267][T23886] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2153.688705][T23886] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2153.711218][T24042] lo speed is unknown, defaulting to 1000
[ 2153.827799][T24042] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[ 2154.041411][T23886] hsr_slave_0: entered promiscuous mode
[ 2154.090967][T23886] hsr_slave_1: entered promiscuous mode
[ 2154.142147][T23886] debugfs: 'hsr0' already exists in 'hsr'
[ 2154.166954][T23886] Cannot create hsr debugfs directory
[ 2154.202395][T24042] lo speed is unknown, defaulting to 1000
[ 2154.324813][T24042] lo speed is unknown, defaulting to 1000
[ 2154.402002][T24042] lo speed is unknown, defaulting to 1000
[ 2154.856568][T24085] loop7: detected capacity change from 0 to 764
[ 2154.863667][T24085] iso9660: Unknown parameter '
'
[ 2156.047635][T24042] lo speed is unknown, defaulting to 1000
[ 2156.065518][T24042] lo speed is unknown, defaulting to 1000
[ 2156.153981][T24042] lo speed is unknown, defaulting to 1000
[ 2156.182695][T24086] netdevsim netdevsim7: loading /lib/firmware/. failed with error -22
[ 2156.216250][T24086] netdevsim netdevsim7: Direct firmware load for . failed with error -22
[ 2156.231283][T24086] netdevsim netdevsim7: Falling back to sysfs fallback for: .
[ 2156.707185][T24092] loop8: detected capacity change from 0 to 1024
[ 2159.969559][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[ 2159.978483][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[ 2160.897270][ T6042] usb 9-1: new full-speed USB device number 8 using dummy_hcd
[ 2160.908727][T24119] loop2: detected capacity change from 0 to 164
[ 2161.102282][ T6042] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 2161.258832][ T6042] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2161.450002][ T6042] usb 9-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[ 2161.513923][ T6042] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2161.898654][   T30] audit: type=1326 audit(1754591917.484:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24121 comm="syz.6.4756" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f585158ebe9 code=0x0
[ 2162.132557][ T6042] usb 9-1: config 0 descriptor??
[ 2162.566728][T24142] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4761'.
[ 2164.608711][ T6042] savu 0003:1E7D:2D5A.0003: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.8-1/input0
[ 2164.633632][ T6042] usb 9-1: USB disconnect, device number 8
[ 2164.710712][T23886] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 2164.808239][T23886] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 2164.872619][T23886] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 2164.963706][T24152] fido_id[24152]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.8/usb9/report_descriptor': No such file or directory
[ 2165.198094][T23886] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 2165.733057][T23886] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2165.798842][T23886] 8021q: adding VLAN 0 to HW filter on device team0
[ 2165.904075][T13460] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2165.911390][T13460] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2166.140876][T13460] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2166.148139][T13460] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2166.596242][T23886] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 2166.915916][   T30] audit: type=1326 audit(1754591922.594:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24186 comm="syz.8.4773" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f708498ebe9 code=0x0
[ 2167.443210][T24161] loop7: detected capacity change from 0 to 32768
[ 2167.606256][T24161] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.4769 (24161)
[ 2167.659069][T24161] BTRFS info (device loop7): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[ 2167.696687][T24161] BTRFS info (device loop7): using blake2b (blake2b-256-generic) checksum algorithm
[ 2167.772609][T24161] BTRFS info (device loop7): using free-space-tree
[ 2167.977948][T23886] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2169.171359][T21327] BTRFS info (device loop7): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[ 2171.861865][ T5938] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[ 2172.482519][ T5938] usb 4-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[ 2172.491614][ T5938] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2172.530811][ T5938] usb 4-1: Product: syz
[ 2172.561827][ T5938] usb 4-1: Manufacturer: syz
[ 2172.567631][ T5938] usb 4-1: SerialNumber: syz
[ 2172.616173][ T5938] usb 4-1: config 0 descriptor??
[ 2173.239634][T23886] veth0_vlan: entered promiscuous mode
[ 2173.338820][ T5938] usb 4-1: USB disconnect, device number 18
[ 2173.370709][T23886] veth1_vlan: entered promiscuous mode
[ 2173.858536][T23886] veth0_macvtap: entered promiscuous mode
[ 2173.886999][T23886] veth1_macvtap: entered promiscuous mode
[ 2173.959816][T23842] udevd[23842]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 2174.029598][T23886] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2174.037166][ T5959] usb 8-1: new high-speed USB device number 12 using dummy_hcd
[ 2174.114980][T23886] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2174.196904][ T5959] usb 8-1: New USB device found, idVendor=0c45, idProduct=8001, bcdDevice=90.0a
[ 2174.214583][ T9853] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2174.216501][ T5959] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2175.297327][ T5959] usb 8-1: config 0 descriptor??
[ 2175.825939][ T5959] gspca_main: sn9c2028-2.14.0 probing 0c45:8001
[ 2175.838130][T13455] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2175.888796][T13455] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2175.968994][T13455] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2176.030334][ T5959] gspca_sn9c2028: read1 error -32
[ 2176.261393][ T5959] gspca_sn9c2028: read1 error -71
[ 2176.295723][ T5959] sn9c2028 8-1:0.0: probe with driver sn9c2028 failed with error -71
[ 2176.336920][ T5959] usb 8-1: USB disconnect, device number 12
[ 2176.338595][T13456] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2176.387578][T13456] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2177.009893][ T9853] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2177.041806][ T9853] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2180.452831][T24324] loop2: detected capacity change from 0 to 32768
[ 2180.497145][T24324] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.4811 (24324)
[ 2180.527160][T24324] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 2180.537500][T24324] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm
[ 2180.546130][T24324] BTRFS info (device loop2): disk space caching is enabled
[ 2180.553404][T24324] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[ 2180.894229][T24324] BTRFS info (device loop2): rebuilding free space tree
[ 2181.251381][T24324] BTRFS info (device loop2): disabling free space tree
[ 2181.258418][T24324] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[ 2181.268167][T24324] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[ 2182.094325][T21611] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 2182.975589][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2185.724450][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2186.021855][T21814] usb 9-1: new high-speed USB device number 9 using dummy_hcd
[ 2186.172252][T21814] usb 9-1: Using ep0 maxpacket: 32
[ 2186.203136][T21814] usb 9-1: config 0 has an invalid interface number: 85 but max is 0
[ 2186.229488][T21814] usb 9-1: config 0 has no interface number 0
[ 2186.263151][T21814] usb 9-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 2186.299006][T21814] usb 9-1: config 0 interface 85 altsetting 7 endpoint 0x82 has invalid wMaxPacketSize 0
[ 2186.338338][T21814] usb 9-1: config 0 interface 85 has no altsetting 0
[ 2186.361426][T21814] usb 9-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 2186.394800][T21814] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2186.403502][T21814] usb 9-1: Product: syz
[ 2186.407823][T21814] usb 9-1: Manufacturer: syz
[ 2186.413398][T21814] usb 9-1: SerialNumber: syz
[ 2186.436425][T21814] usb 9-1: config 0 descriptor??
[ 2186.689526][T21814] appletouch 9-1:0.85: Failed to read mode from device.
[ 2186.710992][T21814] appletouch 9-1:0.85: probe with driver appletouch failed with error -5
[ 2186.991932][T21814] usb 9-1: USB disconnect, device number 9
[ 2193.647850][T24478] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[ 2198.485197][T24507] loop2: detected capacity change from 0 to 32768
[ 2199.313589][T24507] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.4871 (24507)
[ 2199.346972][T24507] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 2199.358870][T24507] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm
[ 2199.367463][T24507] BTRFS info (device loop2): disk space caching is enabled
[ 2199.374688][T24507] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[ 2199.596346][T24507] BTRFS info (device loop2): rebuilding free space tree
[ 2199.616106][T24507] BTRFS info (device loop2): disabling free space tree
[ 2199.623126][T24507] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[ 2199.633008][T24507] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[ 2199.812458][T24531] IPVS: length: 83 != 24
[ 2200.523601][T21611] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 2206.230361][T24567] loop8: detected capacity change from 0 to 4096
[ 2206.262863][T24567] EXT4-fs: Ignoring removed mblk_io_submit option
[ 2207.458660][T24567] EXT4-fs (loop8): Test dummy encryption mode enabled
[ 2207.509650][T24567] workqueue: Failed to create a rescuer kthread for wq "ext4-rsv-conversion": -EINTR
[ 2207.545931][T24567] EXT4-fs: failed to create workqueue
[ 2207.843051][T24567] EXT4-fs (loop8): mount failed
[ 2209.551931][T24590] Bluetooth: hci4: Opcode 0x0401 failed: -4
[ 2210.412314][T18799] Bluetooth: hci4: command 0x0401 tx timeout
[ 2210.991906][ T6042] usb 9-1: new high-speed USB device number 10 using dummy_hcd
[ 2211.265133][ T6042] usb 9-1: Using ep0 maxpacket: 32
[ 2211.277971][ T6042] usb 9-1: config 0 has an invalid interface number: 85 but max is 0
[ 2211.296887][ T6042] usb 9-1: config 0 has no interface number 0
[ 2211.306035][ T6042] usb 9-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 2211.410296][ T6042] usb 9-1: config 0 interface 85 has no altsetting 0
[ 2211.444055][ T6042] usb 9-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 2211.486632][ T6042] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2211.495286][ T6042] usb 9-1: Product: syz
[ 2211.511840][ T6042] usb 9-1: Manufacturer: syz
[ 2211.530331][ T6042] usb 9-1: SerialNumber: syz
[ 2211.551474][ T6042] usb 9-1: config 0 descriptor??
[ 2212.191081][ T6042] appletouch 9-1:0.85: Failed to request geyser raw mode
[ 2212.779965][ T6042] appletouch 9-1:0.85: probe with driver appletouch failed with error -5
[ 2212.824340][ T6042] usb 9-1: USB disconnect, device number 10
[ 2218.298159][T24666] loop7: detected capacity change from 0 to 512
[ 2218.511998][T24668] loop2: detected capacity change from 0 to 32768
[ 2218.528468][T24668] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.4919 (24668)
[ 2218.554948][T24668] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 2218.567896][T24668] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm
[ 2218.576930][T24668] BTRFS info (device loop2): disk space caching is enabled
[ 2218.584169][T24668] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[ 2218.884407][T24668] BTRFS info (device loop2): rebuilding free space tree
[ 2218.894948][T24666] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 2218.908661][T24668] BTRFS info (device loop2): disabling free space tree
[ 2218.917067][T24668] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[ 2218.926847][T24668] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[ 2219.062280][T24693] IPVS: length: 83 != 24
[ 2219.212481][T24666] ext4 filesystem being mounted at /143/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 2220.078443][T21611] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 2220.881639][   T30] audit: type=1326 audit(1754591976.514:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24702 comm="syz.8.4925" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f708498ebe9 code=0x0
[ 2221.275616][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[ 2221.282096][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[ 2221.458620][T21327] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2224.126286][T24741] loop7: detected capacity change from 0 to 512
[ 2224.182996][T24741] EXT4-fs: Ignoring removed bh option
[ 2224.273978][T24746] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4937'.
[ 2224.294140][T24741] EXT4-fs (loop7): mounting ext3 file system using the ext4 subsystem
[ 2224.399858][T24741] EXT4-fs (loop7): 1 truncate cleaned up
[ 2224.444184][T24741] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 2225.361987][   T30] audit: type=1800 audit(1754591981.034:177): pid=24741 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.4936" name="file1" dev="loop7" ino=15 res=0 errno=0
[ 2226.018875][T21327] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2226.167043][T24767] loop8: detected capacity change from 0 to 764
[ 2226.174358][T24767] iso9660: Unknown parameter '
'
[ 2226.190230][T24767] netdevsim netdevsim8: loading /lib/firmware/. failed with error -22
[ 2226.198891][T24767] netdevsim netdevsim8: Direct firmware load for . failed with error -22
[ 2226.207660][T24767] netdevsim netdevsim8: Falling back to sysfs fallback for: .
[ 2226.548898][T24761] netlink: 'syz.3.4941': attribute type 16 has an invalid length.
[ 2226.620483][T24761] netlink: 'syz.3.4941': attribute type 17 has an invalid length.
[ 2227.502483][T24780] workqueue: Failed to create a rescuer kthread for wq "xfs-conv/nullb0": -EINTR
[ 2227.716584][T24761] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 2227.894499][T21814] lo speed is unknown, defaulting to 1000
[ 2228.582596][T21814] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[ 2229.197139][T21814] usb 8-1: Using ep0 maxpacket: 32
[ 2229.224895][T21814] usb 8-1: config 0 has no interfaces?
[ 2229.269499][T21814] usb 8-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 2229.308277][T21814] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2229.379655][T21814] usb 8-1: Product: syz
[ 2229.402188][T21814] usb 8-1: Manufacturer: syz
[ 2229.423499][T21814] usb 8-1: SerialNumber: syz
[ 2229.452643][T21814] usb 8-1: config 0 descriptor??
[ 2229.619732][T24777] loop2: detected capacity change from 0 to 40427
[ 2229.681306][   T10] usb 8-1: USB disconnect, device number 13
[ 2229.780913][T24806] loop5: detected capacity change from 0 to 512
[ 2229.812893][T24806] EXT4-fs: Ignoring removed bh option
[ 2229.869584][T24806] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[ 2230.408740][T24806] EXT4-fs (loop5): 1 truncate cleaned up
[ 2230.455281][T24806] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 2231.087732][   T30] audit: type=1800 audit(1754591986.744:178): pid=24806 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.4956" name="file1" dev="loop5" ino=15 res=0 errno=0
[ 2231.611130][T23886] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2236.826883][   T30] audit: type=1326 audit(1754591992.504:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24874 comm="syz.3.4979" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4116b8ebe9 code=0x0
[ 2246.340048][T24922] loop6: detected capacity change from 0 to 40427
[ 2246.369118][T24922] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[ 2246.377538][T24922] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[ 2246.393908][T24922] F2FS-fs (loop6): invalid crc value
[ 2246.905944][T24922] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[ 2246.918229][T24922] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[ 2246.926162][T24922] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[ 2246.996904][   T30] audit: type=1804 audit(1754592002.674:180): pid=24922 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.4996" name="/newroot/374/bus/bus" dev="loop6" ino=10 res=1 errno=0
[ 2247.944257][   T30] audit: type=1804 audit(1754592002.714:181): pid=24922 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.6.4996" name="/newroot/374/bus/bus" dev="loop6" ino=10 res=1 errno=0
[ 2248.035216][   T30] audit: type=1804 audit(1754592003.674:182): pid=24967 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.5007" name="/newroot/172/file1" dev="fuse" ino=1 res=1 errno=0
[ 2249.747693][T24989] netdevsim netdevsim8: loading /lib/firmware/. failed with error -22
[ 2249.756072][T24989] netdevsim netdevsim8: Direct firmware load for . failed with error -22
[ 2249.764611][T24989] netdevsim netdevsim8: Falling back to sysfs fallback for: .
[ 2253.816711][T25041] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 2253.826966][T25041] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 2255.182965][T25054] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5038'.
[ 2255.958396][   T30] audit: type=1804 audit(1754592011.634:183): pid=25081 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.5045" name="/newroot/178/file1" dev="fuse" ino=1 res=1 errno=0
[ 2256.099887][T25076] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[ 2257.191255][ T5938] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[ 2257.524739][ T5938] usb 4-1: Using ep0 maxpacket: 32
[ 2257.684982][ T5938] usb 4-1: config 0 has an invalid interface number: 184 but max is 0
[ 2257.769899][ T5938] usb 4-1: config 0 has no interface number 0
[ 2257.815506][ T5938] usb 4-1: config 0 interface 184 has no altsetting 0
[ 2257.973414][ T5938] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 2257.997553][ T5938] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2258.035955][ T5938] usb 4-1: Product: syz
[ 2258.041183][T25104] syzkaller0: entered promiscuous mode
[ 2258.064384][ T5938] usb 4-1: Manufacturer: syz
[ 2258.069044][ T5938] usb 4-1: SerialNumber: syz
[ 2258.082454][T25104] syzkaller0: entered allmulticast mode
[ 2258.155638][ T5938] usb 4-1: config 0 descriptor??
[ 2258.206410][ T5938] smsc75xx v1.0.0
[ 2258.720690][T25086] loop8: detected capacity change from 0 to 40427
[ 2258.761482][T25086] F2FS-fs (loop8): Invalid log_blocksize (268), supports only 12
[ 2258.795131][T25086] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock
[ 2258.848452][T25086] F2FS-fs (loop8): invalid crc value
[ 2258.860118][ T5938] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[ 2258.913989][ T5938] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 2259.125185][T25126] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5061'.
[ 2259.368031][ T5938] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[ 2259.389056][T25086] F2FS-fs (loop8): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[ 2259.408116][ T5938] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[ 2259.418129][ T5938] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[ 2259.497357][ T5938] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[ 2259.570172][ T5938] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -71
[ 2259.641655][ T5938] usb 4-1: USB disconnect, device number 19
[ 2261.213463][T25161] netdevsim netdevsim6: loading /lib/firmware/. failed with error -22
[ 2261.313221][T25161] netdevsim netdevsim6: Direct firmware load for . failed with error -22
[ 2261.354818][T25161] netdevsim netdevsim6: Falling back to sysfs fallback for: .
[ 2264.785335][T25214] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5089'.
[ 2265.622229][ T5938] usb 8-1: new high-speed USB device number 14 using dummy_hcd
[ 2266.022731][ T5938] usb 8-1: Using ep0 maxpacket: 32
[ 2266.184233][T25231] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5094'.
[ 2266.502764][ T5938] usb 8-1: config 0 has no interfaces?
[ 2266.573879][ T5938] usb 8-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 2266.909645][ T5938] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2267.141162][ T5938] usb 8-1: Product: syz
[ 2267.141193][ T5938] usb 8-1: Manufacturer: syz
[ 2267.141213][ T5938] usb 8-1: SerialNumber: syz
[ 2267.169273][ T5938] usb 8-1: config 0 descriptor??
[ 2267.394399][ T5959] usb 8-1: USB disconnect, device number 14
[ 2268.431393][T25248] workqueue: Failed to create a rescuer kthread for wq "xfs-reclaim/nullb0": -EINTR
[ 2272.674381][T25289] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5113'.
[ 2273.636878][T25267] loop5: detected capacity change from 0 to 40427
[ 2273.792396][T25267] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[ 2273.910837][T25267] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[ 2274.291168][T25267] F2FS-fs (loop5): invalid crc value
[ 2274.332270][T25267] F2FS-fs (loop5): Failed to start F2FS issue_checkpoint_thread (-4)
[ 2277.961831][T25330] loop8: detected capacity change from 0 to 32768
[ 2277.983003][T25330] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.5127 (25330)
[ 2278.154400][T25330] BTRFS info (device loop8): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 2278.164804][T25330] BTRFS info (device loop8): using crc32c (crc32c-lib) checksum algorithm
[ 2278.173538][T25330] BTRFS info (device loop8): disk space caching is enabled
[ 2278.180730][T25330] BTRFS warning (device loop8): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[ 2278.384880][T25341] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5128'.
[ 2278.899502][T25330] BTRFS info (device loop8): rebuilding free space tree
[ 2278.935641][T25330] BTRFS info (device loop8): disabling free space tree
[ 2278.942725][T25330] BTRFS info (device loop8): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[ 2278.952636][T25330] BTRFS info (device loop8): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[ 2279.361189][T25359] IPVS: length: 83 != 24
[ 2279.958293][T25365] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 2279.994944][T25365] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 2280.421216][T25366] workqueue: Failed to create a rescuer kthread for wq "xfs-blockgc/nullb0": -EINTR
[ 2280.471957][T21375] BTRFS info (device loop8): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 2281.877626][T25398] openvswitch: netlink: Key type 16144 is out of range max 32
[ 2282.198323][T25404] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[ 2282.254998][T25404] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2282.264515][T25404] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2282.692982][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[ 2284.387703][T25423] syzkaller0: entered promiscuous mode
[ 2284.443379][T25423] syzkaller0: entered allmulticast mode
[ 2284.611934][   T10] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[ 2284.730660][T25443] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5156'.
[ 2284.794752][   T10] usb 6-1: New USB device found, idVendor=0c45, idProduct=8001, bcdDevice=90.0a
[ 2284.824232][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2284.849137][   T10] usb 6-1: config 0 descriptor??
[ 2284.884208][   T10] gspca_main: sn9c2028-2.14.0 probing 0c45:8001
[ 2285.067722][   T10] gspca_sn9c2028: read1 error -32
[ 2285.096961][   T10] gspca_sn9c2028: read1 error -32
[ 2285.112745][   T10] gspca_sn9c2028: read1 error 0
[ 2285.117929][   T10] sn9c2028 6-1:0.0: probe with driver sn9c2028 failed with error -5
[ 2285.324278][ T5938] usb 6-1: USB disconnect, device number 3
[ 2287.406106][T25471] ubi31: attaching mtd0
[ 2287.508781][T25471] ubi31: scanning is finished
[ 2287.513651][T25471] ubi31: empty MTD device detected
[ 2288.101221][T25471] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[ 2288.109525][T25471] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[ 2288.141132][T25471] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[ 2288.141200][T25471] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[ 2288.141221][T25471] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[ 2288.168463][T25471] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[ 2288.201987][T25471] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3832227436
[ 2288.219664][T25471] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[ 2288.265333][T25474] 
[ 2288.268095][T25474] =============================
[ 2288.273423][T25474] WARNING: suspicious RCU usage
[ 2288.278493][T25474] 6.16.0-syzkaller-11952-g6e64f4580381 #0 Not tainted
[ 2288.285817][T25474] -----------------------------
[ 2288.290674][T25474] kernel/events/callchain.c:163 suspicious rcu_dereference_check() usage!
[ 2288.299605][T25474] 
[ 2288.299605][T25474] other info that might help us debug this:
[ 2288.299605][T25474] 
[ 2288.310589][T25474] 
[ 2288.310589][T25474] rcu_scheduler_active = 2, debug_locks = 1
[ 2288.319120][T25474] 1 lock held by syz.5.5166/25474:
[ 2288.324746][T25474]  #0: ffffffff8e13a0c0 (rcu_read_lock_trace){....}-{0:0}, at: rcu_read_lock_trace+0x38/0x80
[ 2288.335081][T25474] 
[ 2288.335081][T25474] stack backtrace:
[ 2288.340985][T25474] CPU: 1 UID: 0 PID: 25474 Comm: syz.5.5166 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[ 2288.341025][T25474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 2288.341043][T25474] Call Trace:
[ 2288.341054][T25474]  <TASK>
[ 2288.341064][T25474]  dump_stack_lvl+0x189/0x250
[ 2288.341108][T25474]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2288.341143][T25474]  ? __pfx__printk+0x10/0x10
[ 2288.341180][T25474]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2288.341216][T25474]  lockdep_rcu_suspicious+0x140/0x1d0
[ 2288.341244][T25474]  get_callchain_entry+0x2b6/0x3c0
[ 2288.341285][T25474]  get_perf_callchain+0xa1/0x6b0
[ 2288.341320][T25474]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2288.341352][T25474]  ? __pfx_get_perf_callchain+0x10/0x10
[ 2288.341395][T25474]  ? preempt_schedule+0xae/0xc0
[ 2288.341427][T25474]  __bpf_get_stack+0x3fc/0xa60
[ 2288.341474][T25474]  ? __pfx___bpf_get_stack+0x10/0x10
[ 2288.341510][T25474]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2288.341535][T25474]  ? __lock_acquire+0xab9/0xd20
[ 2288.341582][T25474]  bpf_get_stack+0x33/0x50
[ 2288.341616][T25474]  ? bpf_prog_b8a90dd1efcc4ad9+0x46/0x4e
[ 2288.341638][T25474]  bpf_get_stack_raw_tp+0x1a9/0x220
[ 2288.341679][T25474]  bpf_prog_b8a90dd1efcc4ad9+0x46/0x4e
[ 2288.341703][T25474]  bpf_prog_run_pin_on_cpu+0xbf/0x150
[ 2288.341744][T25474]  bpf_prog_test_run_syscall+0x312/0x4b0
[ 2288.341784][T25474]  ? __pfx_bpf_prog_test_run_syscall+0x10/0x10
[ 2288.341818][T25474]  ? __fget_files+0x2a/0x420
[ 2288.341864][T25474]  ? __pfx_bpf_prog_test_run_syscall+0x10/0x10
[ 2288.341901][T25474]  bpf_prog_test_run+0x2c7/0x340
[ 2288.341942][T25474]  __sys_bpf+0x581/0x870
[ 2288.341978][T25474]  ? __pfx___sys_bpf+0x10/0x10
[ 2288.342027][T25474]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2288.342052][T25474]  ? rcu_is_watching+0x15/0xb0
[ 2288.342083][T25474]  __x64_sys_bpf+0x7c/0x90
[ 2288.342111][T25474]  do_syscall_64+0xfa/0x3b0
[ 2288.342140][T25474]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2288.342167][T25474]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2288.342188][T25474]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2288.342214][T25474]  ? exc_page_fault+0x9f/0xf0
[ 2288.342243][T25474]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2288.342265][T25474] RIP: 0033:0x7f8b3038ebe9
[ 2288.342285][T25474] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2288.342304][T25474] RSP: 002b:00007f8b31264038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 2288.342327][T25474] RAX: ffffffffffffffda RBX: 00007f8b305b5fa0 RCX: 00007f8b3038ebe9
[ 2288.342344][T25474] RDX: 000000000000000c RSI: 00002000000004c0 RDI: 000000000000000a
[ 2288.342359][T25474] RBP: 00007f8b30411e19 R08: 0000000000000000 R09: 0000000000000000
[ 2288.342374][T25474] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2288.342388][T25474] R13: 00007f8b305b6038 R14: 00007f8b305b5fa0 R15: 00007ffdab70e238
[ 2288.342422][T25474]  </TASK>
[ 2288.681832][T25472] ubi31: background thread "ubi_bgt31d" started, PID 25472