last executing test programs:

24m29.258943532s ago: executing program 32 (id=451):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x123242, 0x0)
truncate(&(0x7f0000000940)='./file1\x00', 0x2fffffd)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_generic(0x10, 0x3, 0x10)
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x85)
ioprio_set$uid(0x3, 0x0, 0x0)
syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000108117980800000000000109024100010000000009040000020308000009210000010122290a0905", @ANYRES64], 0x0)

21m50.530436574s ago: executing program 0 (id=831):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x34041043}, 0x4004000)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x2000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'ip6_vti0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0)
prlimit64(r0, 0xc, 0x0, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000580)='net/fib_trie\x00')
pread64(r4, &(0x7f0000019180)=""/102349, 0x18fcd, 0x80002)
socket$nl_route(0x10, 0x3, 0x0)

21m47.219397285s ago: executing program 0 (id=834):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
timer_create(0x3, 0x0, &(0x7f0000000100))
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000004180)=[{{&(0x7f0000000240)=@abs={0x0, 0x0, 0x4e20}, 0x6e, &(0x7f0000000b80)=[{&(0x7f0000000440)="625edf9226ae463162d6d96b4dd9652b31a862f7beee44e250a65a9971286dd15c84911a9ce1c6ded6c6f06db8ab554c5da5341626dab100b6c39c893cb673a7bb74e3653c6e14c0c6fd052157965d417d6503610c8bf8b0e4b9f3b7a3577e497f3134fd2e4e7d509c4116010f73ed3e5642d9aa38", 0x75}, {&(0x7f0000000540)="2c688c267819b7f220470e98bb6a3f796fe21dbcff022dab96dac32f6280a4", 0x1f}, {&(0x7f0000000600)="3a9ee52298cfb553be221604e95245eef57a87f66685308d47378c421b624a2bff9277867462f4f344ba25963b3b5ce1f8ca571808e40b2a31599a5a0bc3dff3d28cf4f9f7f73c345c590f58fe94267c0eb1d8e25aac44897a774aa9917609a6447400da30d2f1837d1547f8fc73163d429362712fd63f5020d52bb708ffc1520bf677bfbb1bcefa7dae936fdb26da2f3003530617e3d0f5e08123dd9f2e381ee902056f12cc37d57e48d789491faea13cb74b84a449d7e1e8d62b5396433510b688c7b523a1e5780a4770a000d1944cfe2775e213d2e9", 0xd7}, {&(0x7f0000000700)="fccd5557393f4980517920126fda5e3154c1368e531f2d337bad61c752aa47b32f2d402705f0d97776ddd4ef7099a6ca37687207b52b8a68742d2415a3ea516a74337bf82881a81ba5256867df330acc301bead7866bdb76f2e1f5a83e15934326af998f3aa4529fccb70b5037707f703a9bf45e7f8a5387a5a9d908e46d6610509e4d544aa5cb47404be7a7ca01f43d48c4d10b55921284055a929674efbc2f171aca6d204bc95b4c74d30ae125e486ea23d9f350d201e8307a3cb6c438f3ef65c4c1f47399ac6c939ec2464dc8c8b143837858da9a0c0fc008ead87af4825e3517eed5cabdbf39201ef906a7b7740f847284f9190f7c", 0xf7}, {&(0x7f0000000800)="e1544a486fc835b4835078eee66f4fe2b36f577a3474d8c3ab2b1d2aac022ba6c57db7a3f1850b05c2ed51f0", 0x2c}, {&(0x7f0000000840)="ee551d3c3610832243ed07250b11300ed31f515474fab2552f1857c1a9e22ebff276a347d7e77fb8f284183a3e83b88e9364bfaab8dd4307ee3b16401392548fa9d416ef4cad4ead66290872576152a1f963a12bfb9fe2f0df1d0736ba2839a93e788f5ba28f7d1539f092433f1f523da6d117351139818063271c375524890b79bd8789b9a9e1c55255274f191620745558df34137f7fe0f6e6b8e7235ff6e2277178ea209202486459e771814b844fee4a06d0c73f135bd4fa81ff1e0f0deaf1dbdb5cf80ac957318a04120d5022aa4ff53857c88c9fc68d72464b2405f4c31d48af4ec7f6023711db", 0xea}, {&(0x7f0000000940)="f23a7567c6836437fb585178f1e44a072db2723e73fc5236ecc80e5525718e8da7f4ef8f382dfe250c3bd7b9862217db93d8e6317405c95ebc6b535500aca4bfd05711d2c55fbd1ecee44d0d49be5884bfd431aea5d39909e932053d7c8e366e470d02f07127c037ffdd7ced8e2ef84bcfd73075e9d43bd1c6d64a63e6d333c1239d66ce531b79ad0c04b190321914eb5ac477a60eb04b3fde699d6b3bad8713cb176b0021fb9c1d", 0xa8}, {&(0x7f0000000a00)="5ee290cca1b8e3d87fa5904fb483ba1ad55466433baa059fbb3055e55131e2a095b8a38c3cc88bd037961508c50587d82de0501412a314687d8750ca182721e3229fab50dc689d967e5ad75e3b4e76c39f81c2194d0d366effd30ce841b75cc7f9054ef72c1586d837ae134b2de83edbc9d1cc7e5616eebb5c17edf1d49421dffc2aef2e4ec7c713e896dfe4733491ae", 0x90}, {&(0x7f0000000ac0)="3194dff505c785be4d3827f220d6a6789b8a2f203ac4421cd9f193a7a8f83967e80486eb7bf72c5d768a8ef537c82ace7fded932fc570dae5dd0ba22216af5b33a097cddab4fc63d4936841b0663baa87d15f0e28fdd729af3612dc5f735a96c5897a4e957db65b9682983e558d8817cc11a675ac1401611474a6caa37b96654e72df359dd3b21d08cef96749938dd8a216b745443174b8bf875ce461c9128fb", 0xa0}], 0x9, &(0x7f00000040c0)=ANY=[@ANYBLOB="1c000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32=r2, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32=r1, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00'], 0x98, 0x48000}}], 0x1, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f00000002c0)=0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{}, &(0x7f0000000040), &(0x7f0000000580)}, 0x20)
r3 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r3, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x202, 0x4}}, 0x10)
r4 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r4, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x2, {0x42, 0x800, 0xfffffffd}}, 0x10)
r5 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r5, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x42, 0x4}}}, 0x10)
bind$tipc(r5, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x2, {0x42, 0x1, 0x3}}, 0x10)
r6 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r6, &(0x7f00000000c0)={&(0x7f0000000140)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x4, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x804}, 0x4)

21m45.999004929s ago: executing program 0 (id=837):
syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x1901b0d, &(0x7f0000000580)={[{@journal_dev={'journal_dev', 0x3d, 0x3}}, {@jqfmt_vfsold}, {@nobh}, {@data_err_ignore}, {@lazytime}]}, 0xf7, 0x485, &(0x7f0000001040)="$eJzs3M9rHFUcAPDvTJL+bhNrrba2Gq1i8UfSpFV78KCi4EFB0EM9xiSttdtGmgi2BI0i9SgF7+JR8C/w5kXUgwheFTxKoWgQmnqKzK9mu9mkSZpkbfbzgc2+t/Nm3/vOzNt9My+zAbSt3uxPErEjIn6LiO4ie3OB3uJpZnpy+Pr05HASs7Nv/JXk5a5NTw5XRav1tpeZw2lE+mkSzyfz6x2/cPHMUK02er7M90+cfa9//MLFp06fHTo1emr03ODx48eODjz7zODTqxJnFte1/R+OHdj3yluXXxs+cfntH7/JmrX3YLG8Po5but4koCZ6s63292yucdmjy2j7nWBnXTrpbGFDWJaOiMh2V1fe/7ujI+Z2Xne8/ElLGwesqey7afPCi6dmgQ0siVa3AGiN6os+O/+tHus09PhfuPpCxKYyPTM9OTxzI/7OSMvXu9aw/t6IODH175fZI5Z7HQIAYAXysc2TzcZ/aezNn4u5jl3lHEpPRNwVEbsj4u6I2BMR90TkZe+NiPuKlWe7l1h/b0N+/vgnvdK0zaskG/89Vzf2m6mLv3zq6ShzO/P4u5KTp2ujR8ptcji6Nmf5gUXq+O6lXz9faFn9+C97ZPVXY8GyAVc6Gy7QjQxNDK3WRrj6ccT+zmbxJzdmArIjYF9E7F/eW++qEqcf//rAQoVuHf8iVmGeafariMeK/T8VDfFXksXnJ/u3RG30SH91VMz30y+XXl+o/tuKfxVk+3/bzcd/Q4nuf5JivrYrarXR8+PLr+PS758teE6z0uN/U/JmPmf98zvFax8MTUycH4jYlLya56tzuvz1wbl1q3xVPov/8KHm/X93uU4W//0RkR3EByPigYh4sGz7QxHxcEQcWiT+H1585N1F4k8iiZbu/5Gmn383jv+epH6+fgWJjjPff7vQjPnS9v+xmMo/awv5598tLLWBt7n5AAAA4I6QRsSOSNK+It27I9K0r6/4H/49sS2tjY1PPHFy7P1zI8U9Aj3RlVZXurrrrocOJFPlOxb5wfJacbX8aHnd+IuOrXm+b3isNtLi2KHdbb+5/0fV/zN/drS6dcCac78WtK/G/p+2qB3A+lvK979zAdiYmvT/ra1oB7D+nP9D+2rW/z9qyBv/w8Y0v///0eQn64CNyPgf2pf+D+1L/4e2dDv39a88Ud0ssPL32bLkO/zbJVH94sVa1rU15l6JtOUht1Ei6zHrW+ncb6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcyf4LAAD///ss5ts=")
r0 = creat(&(0x7f0000000240)='./file0\x00', 0x179)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x4000, 0xa00}])
r2 = creat(&(0x7f0000000140)='./file0\x00', 0x4)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, 0x0, 0x2c000010)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f00000000c0)={0x0, 0x200000, 0x1000}, 0x20)
poll(&(0x7f0000000440)=[{r5, 0x1000}, {r4, 0x4}, {r2, 0x7041}, {r4, 0x8004}, {}], 0x5, 0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000005580)=""/102392, 0x18ff8)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000180)=ANY=[], 0x10)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
r7 = socket$inet6(0xa, 0x2, 0x0)
r8 = socket$inet6_mptcp(0xa, 0x1, 0x106)
lsetxattr$trusted_overlay_origin(&(0x7f0000000380)='./file2\x00', &(0x7f00000003c0), &(0x7f0000000400), 0x2, 0x2)
ioctl$sock_SIOCETHTOOL(r8, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f0000000100)=@ethtool_flash={0x33, 0x7f, './file0/../file0/file0\x00'}})
ioctl$XFS_IOC_SWAPEXT(r5, 0xc0c0586d, &(0x7f00000002c0)={0x0, r8, r2, 0x29f7, 0x8000000000000001, '\x00', {0x8001, 0x1b1b, 0x5, 0x4, 0x3, 0xfffffff8, 0x6, 0x9, {0x0, 0x8}, {0x5, 0x10000}, {0x4, 0x2c}, 0xffffffffffffffff, 0x400, 0x2400, 0xa13, 0x9, 0x7ff, 0x9, 0x80, 0x1, 0xfffb, '\x00', 0x1, 0x0, 0x9, 0x2}})
connect$inet6(r7, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
rename(&(0x7f0000000b40)='./file2\x00', &(0x7f0000000b00)='./file1\x00')

21m30.326519079s ago: executing program 33 (id=837):
syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x1901b0d, &(0x7f0000000580)={[{@journal_dev={'journal_dev', 0x3d, 0x3}}, {@jqfmt_vfsold}, {@nobh}, {@data_err_ignore}, {@lazytime}]}, 0xf7, 0x485, &(0x7f0000001040)="$eJzs3M9rHFUcAPDvTJL+bhNrrba2Gq1i8UfSpFV78KCi4EFB0EM9xiSttdtGmgi2BI0i9SgF7+JR8C/w5kXUgwheFTxKoWgQmnqKzK9mu9mkSZpkbfbzgc2+t/Nm3/vOzNt9My+zAbSt3uxPErEjIn6LiO4ie3OB3uJpZnpy+Pr05HASs7Nv/JXk5a5NTw5XRav1tpeZw2lE+mkSzyfz6x2/cPHMUK02er7M90+cfa9//MLFp06fHTo1emr03ODx48eODjz7zODTqxJnFte1/R+OHdj3yluXXxs+cfntH7/JmrX3YLG8Po5but4koCZ6s63292yucdmjy2j7nWBnXTrpbGFDWJaOiMh2V1fe/7ujI+Z2Xne8/ElLGwesqey7afPCi6dmgQ0siVa3AGiN6os+O/+tHus09PhfuPpCxKYyPTM9OTxzI/7OSMvXu9aw/t6IODH175fZI5Z7HQIAYAXysc2TzcZ/aezNn4u5jl3lHEpPRNwVEbsj4u6I2BMR90TkZe+NiPuKlWe7l1h/b0N+/vgnvdK0zaskG/89Vzf2m6mLv3zq6ShzO/P4u5KTp2ujR8ptcji6Nmf5gUXq+O6lXz9faFn9+C97ZPVXY8GyAVc6Gy7QjQxNDK3WRrj6ccT+zmbxJzdmArIjYF9E7F/eW++qEqcf//rAQoVuHf8iVmGeafariMeK/T8VDfFXksXnJ/u3RG30SH91VMz30y+XXl+o/tuKfxVk+3/bzcd/Q4nuf5JivrYrarXR8+PLr+PS758teE6z0uN/U/JmPmf98zvFax8MTUycH4jYlLya56tzuvz1wbl1q3xVPov/8KHm/X93uU4W//0RkR3EByPigYh4sGz7QxHxcEQcWiT+H1585N1F4k8iiZbu/5Gmn383jv+epH6+fgWJjjPff7vQjPnS9v+xmMo/awv5598tLLWBt7n5AAAA4I6QRsSOSNK+It27I9K0r6/4H/49sS2tjY1PPHFy7P1zI8U9Aj3RlVZXurrrrocOJFPlOxb5wfJacbX8aHnd+IuOrXm+b3isNtLi2KHdbb+5/0fV/zN/drS6dcCac78WtK/G/p+2qB3A+lvK979zAdiYmvT/ra1oB7D+nP9D+2rW/z9qyBv/w8Y0v///0eQn64CNyPgf2pf+D+1L/4e2dDv39a88Ud0ssPL32bLkO/zbJVH94sVa1rU15l6JtOUht1Ei6zHrW+ncb6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcyf4LAAD///ss5ts=")
r0 = creat(&(0x7f0000000240)='./file0\x00', 0x179)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x4000, 0xa00}])
r2 = creat(&(0x7f0000000140)='./file0\x00', 0x4)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, 0x0, 0x2c000010)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f00000000c0)={0x0, 0x200000, 0x1000}, 0x20)
poll(&(0x7f0000000440)=[{r5, 0x1000}, {r4, 0x4}, {r2, 0x7041}, {r4, 0x8004}, {}], 0x5, 0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000005580)=""/102392, 0x18ff8)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000180)=ANY=[], 0x10)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
r7 = socket$inet6(0xa, 0x2, 0x0)
r8 = socket$inet6_mptcp(0xa, 0x1, 0x106)
lsetxattr$trusted_overlay_origin(&(0x7f0000000380)='./file2\x00', &(0x7f00000003c0), &(0x7f0000000400), 0x2, 0x2)
ioctl$sock_SIOCETHTOOL(r8, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f0000000100)=@ethtool_flash={0x33, 0x7f, './file0/../file0/file0\x00'}})
ioctl$XFS_IOC_SWAPEXT(r5, 0xc0c0586d, &(0x7f00000002c0)={0x0, r8, r2, 0x29f7, 0x8000000000000001, '\x00', {0x8001, 0x1b1b, 0x5, 0x4, 0x3, 0xfffffff8, 0x6, 0x9, {0x0, 0x8}, {0x5, 0x10000}, {0x4, 0x2c}, 0xffffffffffffffff, 0x400, 0x2400, 0xa13, 0x9, 0x7ff, 0x9, 0x80, 0x1, 0xfffb, '\x00', 0x1, 0x0, 0x9, 0x2}})
connect$inet6(r7, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
rename(&(0x7f0000000b40)='./file2\x00', &(0x7f0000000b00)='./file1\x00')

21m27.618793829s ago: executing program 34 (id=839):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7902})
r1 = openat$tun(0xffffffffffffff9c, 0x0, 0xc1842, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
write$cgroup_devices(r1, &(0x7f0000000140)=ANY=[@ANYRES8=r0], 0xffdd)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
userfaultfd(0x801)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x8)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
openat$comedi(0xffffffffffffff9c, 0x0, 0x400, 0x0)
mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000002c0)='pstore\x00', 0x28c2008, 0x0)
ptrace$ARCH_SHSTK_STATUS(0x1e, 0x0, &(0x7f0000000040), 0x5005)
r2 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0)
shmctl$SHM_STAT_ANY(0x0, 0xf, 0x0)
r3 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
write$binfmt_aout(r3, &(0x7f00000000c0)=ANY=[], 0x20)
r4 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
io_setup(0x5, &(0x7f0000000180))
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4, 0x12, r4, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000"], &(0x7f0000000000)='GPL\x00', 0x7, 0x0, 0x0, 0x41100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffc}, 0x94)
mbind(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x4002, &(0x7f0000000000)=0x1, 0x7, 0x0)
mbind(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x0, 0x8, 0x0)

6m47.007121263s ago: executing program 2 (id=2733):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x9, 0x4, 0x7ffc0002}]})
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
mq_timedreceive(0xffffffffffffffff, 0x0, 0xffffffffffffffea, 0x9, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
read(r2, &(0x7f0000000080)=""/1, 0x1)
r3 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r3, 0x6, 0x0, 0x0, 0x0)
socket$unix(0x1, 0x2, 0x0)
setpriority(0x2, 0x0, 0x6)
r4 = fsmount(r3, 0x1, 0x0)
r5 = openat$cgroup_subtree(r4, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000300)=ANY=[@ANYBLOB='-cpu'], 0x5)
close_range(r1, 0xffffffffffffffff, 0x0)

6m46.324928642s ago: executing program 2 (id=2736):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x20004015)
socket(0x40000000015, 0x5, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = socket$unix(0x1, 0x1, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff3, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffffd, 0x40000006}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x2000c040}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56f41, 0x1070b923, 0x80000, {0x0, 0x0, 0x0, r3, {0x0, 0x2}, {0x8, 0xb}, {0xd, 0xd}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1b, 0x7ff, 0x6}}}}]}, 0x48}}, 0x10)
r4 = socket$unix(0x1, 0x1, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r5)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000000)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}})
r6 = socket$kcm(0x11, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$kcm(r6, &(0x7f00000000c0)={&(0x7f0000000840)=@xdp={0x2c, 0x7, r7, 0x3e}, 0x80, &(0x7f0000000480)=[{&(0x7f00000002c0)='\x00@', 0x5e0}], 0x1}, 0x4)
ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)

6m45.618567097s ago: executing program 2 (id=2741):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000280)=0x1)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
syz_io_uring_setup(0x88f, &(0x7f00000010c0)={0x0, 0xc941, 0x0, 0x0, 0xbfdffffc}, &(0x7f0000000000), &(0x7f0000000280), 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0)
ioctl$TCSETS(r0, 0x89f0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x802, 0xd, "5dee0000005940090000000f00"})

6m44.490927137s ago: executing program 2 (id=2751):
set_mempolicy(0x4005, &(0x7f0000000000)=0x7e, 0x8)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x20, &(0x7f00000000c0)="0bbb268dd6ffa80800000002000000000000210d0000aaa8fa017242ba9380d440fe0000000000002900000002000000", 0xfe60)

6m44.098204375s ago: executing program 2 (id=2754):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet_sctp(0x2, 0x5, 0x84)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r0, 0x0)
preadv(r0, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000ff5000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r1 = io_uring_setup(0x524, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7})
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0)

6m43.368446297s ago: executing program 2 (id=2757):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
r2 = pidfd_getfd(r1, r1, 0x0)
setns(r2, 0x66020000)
mount$9p_fd(0x0, &(0x7f0000000980)='.\x00', 0x0, 0x104000, 0x0)
syz_clone(0x498144ee5f62e149, 0x0, 0x17, 0x0, 0x0, 0x0)
syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0)
umount2(&(0x7f0000000040)='.\x00', 0x2)

6m34.905293934s ago: executing program 35 (id=2709):
socket$kcm(0x10, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0), 0x111, 0x6}}, 0x20)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000940), 0x2, 0x0)
socket(0x1, 0x803, 0x0)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001300)={0x38, 0x1403, 0x1, 0x70bd26, 0x25dfdbff, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'gre0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000040}, 0x4008010)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r1, 0x0, 0x0)
sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
clock_gettime(0x5, &(0x7f0000000000))
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c0000001500010320000000000000000c0000000800040001"], 0x1c}}, 0x4000000)
sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=@newlink={0x28, 0x10, 0x1, 0x70bd25, 0x25dfdbf9, {0x0, 0x0, 0x0, 0x0, 0x48815, 0x40103}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x40801}, 0x4000000)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000300), 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x2, 0x13, &(0x7f0000000080)=ANY=[@ANYRESDEC=0x0, @ANYRES32, @ANYBLOB="00000000000000006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f00000001c0)=""/222, 0x40f00, 0x8}, 0x94)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='devices.list\x00', 0x275a, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000500)=ANY=[], 0x32600)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000b00), r5)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000200), 0xffffffffffffffff)
r9 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000c80)={'lo\x00', <r10=>0x0})
sendmsg$WG_CMD_GET_DEVICE(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)={0x1c, r8, 0x301, 0x70bd2c, 0x25dfdc00, {}, [@WGDEVICE_A_IFINDEX={0x8, 0x1, r10}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc0}, 0x404c880)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r5, &(0x7f0000002540)={0x0, 0x0, &(0x7f0000002500)={&(0x7f0000000c80)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010046bd7000020000000c000000180001801400020076657468305f746f5f626f6e6400000018000380140003800c000180080001"], 0x44}, 0x1, 0x0, 0x0, 0x4040084}, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x8, 0x8010, r5, 0xb9730000)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r4, 0x0)
socket$kcm(0x2, 0x8, 0x2)

6m28.249576113s ago: executing program 36 (id=2757):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
r2 = pidfd_getfd(r1, r1, 0x0)
setns(r2, 0x66020000)
mount$9p_fd(0x0, &(0x7f0000000980)='.\x00', 0x0, 0x104000, 0x0)
syz_clone(0x498144ee5f62e149, 0x0, 0x17, 0x0, 0x0, 0x0)
syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0)
umount2(&(0x7f0000000040)='.\x00', 0x2)

4m42.644686967s ago: executing program 6 (id=3445):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={0xffffffffffffffff, 0xfffffffffffffd81}, 0x36)

4m42.421965092s ago: executing program 6 (id=3450):
r0 = socket$inet6(0xa, 0x3, 0x3c)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c)
sendmmsg$inet(r0, &(0x7f0000002840)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000800)="2fae1baf930b4569b9ddef9797ffd935c7d80e6466b3e4e62dc9603583f5d4b61fbc65b6ac744d7319535e75bf552062e4cfde1ba7ce29263322e18ea9740aa82ca692f123993e57cda00d2b1f4e799bd41e3f76258180fa91a42aaa8b1ebc4e0ea8fb12f2c71e6e5bc57a8e91f254005514721d93c13c5606ae1fea7f31f558d562bd5a8dfb0b9fed873efa221fccffa847cd374c92e6cbb03e6a9de890ce323f000000abcc6c01326d588495b7c1a7db31ec4129e6336f26bb9e0b7552af3cd2d5dda1632799bbc98425c433384d8a8e4071ff39a36dfdfdf05af35a4ddd340cfecd7ec935f4ce7d3e851583ba1cf53a90a7f7bce5703de57ce93ddef7849b30a01de0637e6d5e507b801d32e582e0c2d564539ebfc84c098a23e765552767b122885fb1629e9c180be47da7931bd125b80de15aab0c56a2edf2e0483b87f5ab299dc046076203dea10ccbfc631d5bf4a87ce67004519f248f086346ce6a8a9d181789a59f81d9b7f6781daac3e229914b8b8998c15c3b6302a519331cb05995bc60b7cb872dd3b5b43331c77c5d72e21f7bd2b1a915ff3204e3f20d3a20b22d6a58155b5a4ebf6d1d1cd90c656ecada531c07ff91deb3efa91762cdecfbcc43553750f22ac5c18cc5e8b6f790c2f4e6373af9f98d10e6df49ff8e5cbcbd68e11ed0b967add11410dc2e34f08dea658eb95d4d1153b4c6093192a340eb30fcc71619888c6486746a049585d249efb96b9cace83320b8f96b40ebe3a9a788d05a053380d1026b9434df87a3a387549bcabe88684c4dbf0da9a5212f3dbc8d1dff240856691243b203d7edd4d3cc89a38a6c80fdb1229a01044af7aaecb20d5570ebf24b30bbc6dfc3f70d85cd9f0d60ebd8fedd161d199d9997a0e2d18d1c99bc7158564e0ddb4673055de196535d706d142e1dc7d404583923cb1b286cfc5418884ac7e605d93652dc48ff690894405a0b6abc3c4d0f6a16c0a95c0508bd7eeffcd1da0b17f7701448658864b429e9472edfeffbf34d6e7c78f4aa73c0", 0x2de}, {&(0x7f0000000380)="ab29d92826349952eb8f7a2a74f535bc973957144c51a3391625b8b5354134b06ef1355506aeae96e3f097503998f375a054cf3d7de4fe53ea51518955349cdbadca60e1c65cc18dbe99369be03e492fb55fc9067bb6f7f7c3ee1720000000054a63ac58225ed0502f5ac8999e0c74a5dbb320bd54ec813e8bee6bfa5cbfb0726ac1b6ad97d802d5fae186f0769421fb965c7396854e2a3ac866dd70d88449901ba5e2b2da1ff6119aeb26ac204cfc6b54be73b6f195491ae3c0cb26b0cba61dae7a17740e8112ff188919c6e2e31a2a074863edba4a0e58b61faec4a42c29d7f9e48a43b8cb7d3c5a1e5aa67f87538140f8d633a54bceb8b1dda2397ea147d3b26e903f608b6ab1844ea7cf630d828118bba0f0f85e2e6316ae1ed9a2a7d08a05c170cb76bf111930df0cf760f7768571afdefe82a95296cee7c010f748a97046efcc774e7d85edbd5058104fef4942fb4430da89f67d1fea33bf2acfb793a610b3738b393eed8633fc8e8f630932206960e9076c7d7fc99fce018701c50d39b811a7427a7a9fcb340c2755541f228462010ec40ba945a0febd460dad5d548f1be090f5dbaa8ae8835dc47ed2537681827f6129759272574cf58f2f33e47a0e416573cfdcfb44ed9dd4ce41af4de9c471c49f12f090934c3b32f2f4777c65b1574826727f5f620000", 0x1e9}, {&(0x7f0000000b00)="f610e61fc81cc3edc86f2800194d27a5a42cf1880b", 0x15}, {&(0x7f0000000180)="40df3786", 0x4}], 0x4, 0x0, 0x0, 0x900}}], 0x1, 0x0)

4m42.253410121s ago: executing program 6 (id=3453):
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
write$UHID_CREATE2(r0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$hidraw(&(0x7f0000000000), 0x0, 0x81)
ioctl$HIDIOCGRDESCSIZE(r1, 0x4004480d, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1700000004"], 0x50)
io_uring_enter(0xffffffffffffffff, 0x2219, 0x7721, 0x33, 0x0, 0x0)

4m40.140140228s ago: executing program 6 (id=3466):
syz_mount_image$ext4(&(0x7f00000005c0)='ext4\x00', &(0x7f0000000600)='./file0\x00', 0x0, &(0x7f0000000640), 0x1, 0x5a8, &(0x7f0000000680)="$eJzs3U1sHFcdAPD/rO18OAl2AxWlSGBRBJGi+iNGZINAJD0hFaM2BS5FDUuysd2svZZ3LdUuh0SotDdUxKXqCVk58CWlUhEtFKkSoohD4cAJgcK9qqlUviQQWjSzs6kbb+yETTyV/ftJTzPzZnfff/Y/M5k3b+INYNcaiYiTEdEXEUcjYiivL+UlLrZL+rrVySszaUmi1XrkrSSSiHh28spM57OSfHog/4B9EXF6NaL01MZ2G8srFyq1WnUxXx5rzi2MNZZX7p+dq0xXp6vz5XJ5vFw+fmLi9m3ro4f3H37u11/4z89f++6Hv/K93zyZxnswX7d+O26XkRjJv5OB2Luuvj+JOH+7GytIut/0RzvXN+Pu6nd+eYdD4iZ9/geXSkXHAABsv/QC4HBEfCy7/h+KvuxqLuLkoa+9PRT/fLzo+AAAAIDetYaG4nPpFAAAANixStkzsElpNH8W4GCUSqOj7Wd4PxCDpVq90Tx6vr40f679rOxwDJTOz9aq4/mzwsMxkKTLE9n8O8vHrluejIi7IuKZof3Z8ujZeu1c0Tc/AAAAYIc7GHH10W+9/MEDN+j/p/48VHSUAAAAQC/S/v+hq4PZn+r6u34+AAAA7Ehp///tb//1t6H/DwAAADtWp///0NRUPDQ11VrNf/9qvj49e2Fm4cSx8dG5pbOjZ+uLC6PT9fp09j/257b+3Fq9vjBxLJaeGGtWG82xxvLKmbn60nzzTPa7XmeqA9uwbcDWHj55tlp0DAAAwPa566Ov/jGJiIuf2Z+V1J58nb467Gx+ABx2r76iAwAK0190AEBh9PGBZIv1+2604uLtjwUAALgzPvkh4/+wWxn/h93L+D/sXsb/YffSxweM/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwNZarSRaAAAAwI7WWF65UKnVqotmzJgxc22m6DuTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALyXPTt5ZaZTtqvNV36xXS1xI2unImK4nf/VvLTX9Me+bLovBiJi8G9J9K97XxIRfT22/e97IkbisSdfbF1+KS2R74c9fiy34OKliLin2/GfpLtFDOd7wfX5L2V7Rm9+8sM0/6u/W18n/9url/wP9tj2yx9J8//g3evr5H/3uPfhoiOgSL9/pugIKNIf1oqOgCKdfqToCCjSlz5ddAQU6fm3io6AV09FxHi3/l8p7RZe6+Vf3//ry+4Q9ebISNr/e/ro+rqN/b/SGz02wybWTkV8NiJWN9z/K3VeMtyXLx3K7gcMJOdna9XxiHhfmsMY2JsuT2zSxuUzS491q3/wdJr/Kz9d+NMLP+uUtP10+s6rSm/07333+85VmpVet5u2tUsR9/Z3y39y7f5vcoP7v++/yTZmXv/G493qJ3+V5v+V5zfPP3dS6/sRn+h6/CfXXpPOjTXnFsYayyv3z85VpqvT1flyuTxeLh8/MTGWnQ7GOieFLobWDny1W/3XH0jz/98p+S9OevwPbp7/7PzfWF65UKnVqouNW2/jX2++vtqt/vBTaf4f+Ob/c/7fk3w5C3BPXvdEpdlcnIjYk3xxY/2xW495p+p8H53vK83/kfu6//vfuf5rn/9LG+7/D+fTdP3IJm0OHH/h6W71H78vG/+7+mLr8kuO/2Kk+T+3xfGfvOv4v/WZ5/7yjx91a/vHe9P8v/ZmZ/w3LWn7nbHgtvT4/1QWzJG8xvXf1m42QUXHCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6/0vAAD//wqlOeU=")
syz_open_dev$sg(0x0, 0x0, 0x802)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00'})
r0 = syz_clone(0x20008200, 0x0, 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x12)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1200000005000000000000020400000005000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00!\x00'/28], 0x50)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={0x0}, 0x1, 0x0, 0x0, 0x8018001}, 0x44080)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r1 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1})
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1700000004"], 0x50)
io_uring_enter(r1, 0x2219, 0x7721, 0x33, 0x0, 0x0)

4m39.580803673s ago: executing program 6 (id=3471):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
keyctl$session_to_parent(0x12)
recvmmsg(0xffffffffffffffff, &(0x7f0000001400), 0x0, 0x62, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
setresuid(0xee00, 0x0, 0x0)
keyctl$session_to_parent(0x12)

4m38.09836988s ago: executing program 6 (id=3481):
set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0x7)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000580)={r0, 0x0, 0x30, 0x0, @val=@uprobe_multi={0x0, &(0x7f0000000500), &(0x7f0000000540), 0x8000000000000000}}, 0x40)

4m37.282690194s ago: executing program 37 (id=3481):
set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0x7)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000580)={r0, 0x0, 0x30, 0x0, @val=@uprobe_multi={0x0, &(0x7f0000000500), &(0x7f0000000540), 0x8000000000000000}}, 0x40)

4m2.033593448s ago: executing program 0 (id=3482):
syz_mount_image$ext4(&(0x7f00000005c0)='ext4\x00', &(0x7f0000000600)='./file0\x00', 0x0, &(0x7f0000000640), 0x1, 0x5a8, &(0x7f0000000680)="$eJzs3U1sHFcdAPD/rO18OAl2AxWlSGBRBJGi+iNGZINAJD0hFaM2BS5FDUuysd2svZZ3LdUuh0SotDdUxKXqCVk58CWlUhEtFKkSoohD4cAJgcK9qqlUviQQWjSzs6kbb+yETTyV/ftJTzPzZnfff/Y/M5k3b+INYNcaiYiTEdEXEUcjYiivL+UlLrZL+rrVySszaUmi1XrkrSSSiHh28spM57OSfHog/4B9EXF6NaL01MZ2G8srFyq1WnUxXx5rzi2MNZZX7p+dq0xXp6vz5XJ5vFw+fmLi9m3ro4f3H37u11/4z89f++6Hv/K93zyZxnswX7d+O26XkRjJv5OB2Luuvj+JOH+7GytIut/0RzvXN+Pu6nd+eYdD4iZ9/geXSkXHAABsv/QC4HBEfCy7/h+KvuxqLuLkoa+9PRT/fLzo+AAAAIDetYaG4nPpFAAAANixStkzsElpNH8W4GCUSqOj7Wd4PxCDpVq90Tx6vr40f679rOxwDJTOz9aq4/mzwsMxkKTLE9n8O8vHrluejIi7IuKZof3Z8ujZeu1c0Tc/AAAAYIc7GHH10W+9/MEDN+j/p/48VHSUAAAAQC/S/v+hq4PZn+r6u34+AAAA7Ehp///tb//1t6H/DwAAADtWp///0NRUPDQ11VrNf/9qvj49e2Fm4cSx8dG5pbOjZ+uLC6PT9fp09j/257b+3Fq9vjBxLJaeGGtWG82xxvLKmbn60nzzTPa7XmeqA9uwbcDWHj55tlp0DAAAwPa566Ov/jGJiIuf2Z+V1J58nb467Gx+ABx2r76iAwAK0190AEBh9PGBZIv1+2604uLtjwUAALgzPvkh4/+wWxn/h93L+D/sXsb/YffSxweM/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwNZarSRaAAAAwI7WWF65UKnVqotmzJgxc22m6DuTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALyXPTt5ZaZTtqvNV36xXS1xI2unImK4nf/VvLTX9Me+bLovBiJi8G9J9K97XxIRfT22/e97IkbisSdfbF1+KS2R74c9fiy34OKliLin2/GfpLtFDOd7wfX5L2V7Rm9+8sM0/6u/W18n/9url/wP9tj2yx9J8//g3evr5H/3uPfhoiOgSL9/pugIKNIf1oqOgCKdfqToCCjSlz5ddAQU6fm3io6AV09FxHi3/l8p7RZe6+Vf3//ry+4Q9ebISNr/e/ro+rqN/b/SGz02wybWTkV8NiJWN9z/K3VeMtyXLx3K7gcMJOdna9XxiHhfmsMY2JsuT2zSxuUzS491q3/wdJr/Kz9d+NMLP+uUtP10+s6rSm/07333+85VmpVet5u2tUsR9/Z3y39y7f5vcoP7v++/yTZmXv/G493qJ3+V5v+V5zfPP3dS6/sRn+h6/CfXXpPOjTXnFsYayyv3z85VpqvT1flyuTxeLh8/MTGWnQ7GOieFLobWDny1W/3XH0jz/98p+S9OevwPbp7/7PzfWF65UKnVqouNW2/jX2++vtqt/vBTaf4f+Ob/c/7fk3w5C3BPXvdEpdlcnIjYk3xxY/2xW495p+p8H53vK83/kfu6//vfuf5rn/9LG+7/D+fTdP3IJm0OHH/h6W71H78vG/+7+mLr8kuO/2Kk+T+3xfGfvOv4v/WZ5/7yjx91a/vHe9P8v/ZmZ/w3LWn7nbHgtvT4/1QWzJG8xvXf1m42QUXHCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6/0vAAD//wqlOeU=")
syz_open_dev$sg(0x0, 0x0, 0x802)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00'})
r0 = syz_clone(0x20008200, 0x0, 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x12)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1200000005000000000000020400000005000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00!\x00'/28], 0x50)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={0x0}, 0x1, 0x0, 0x0, 0x8018001}, 0x44080)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r1 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1})
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1700000004"], 0x50)
io_uring_enter(r1, 0x2219, 0x7721, 0x33, 0x0, 0x0)

4m1.211049961s ago: executing program 0 (id=3676):
connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket(0x10, 0x803, 0x0)
socket(0x1, 0x803, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@ipv6_newaddr={0x40, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_ADDRESS={0x14, 0x1, @mcast2}]}, 0x40}}, 0x0)

3m59.384202906s ago: executing program 0 (id=3691):
r0 = gettid()
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000400)={[0xfffffffffffffff5]}, 0x8, 0x80000)
ppoll(&(0x7f0000000000)=[{r1}], 0x1, 0x0, 0x0, 0x0)
timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)

3m58.780713586s ago: executing program 38 (id=3691):
r0 = gettid()
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000400)={[0xfffffffffffffff5]}, 0x8, 0x80000)
ppoll(&(0x7f0000000000)=[{r1}], 0x1, 0x0, 0x0, 0x0)
timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)

3m21.405740993s ago: executing program 3 (id=3874):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
getsockopt$inet_opts(0xffffffffffffffff, 0x84, 0x75, 0xfffffffffffffffe, &(0x7f0000000040)=0x40)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000), 0x0)
sendto$inet6(r0, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f00000002c0), &(0x7f0000000040)=0x8)

3m20.888556812s ago: executing program 3 (id=3876):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001b00)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x98, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x70, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x40, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x30, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_DATA={0xc, 0x7, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, '+f'}]}, @NFTA_BITWISE_OP={0x8, 0x6, 0x1, 0x0, 0x3}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x10c}}, 0x0)

3m20.722961277s ago: executing program 3 (id=3877):
sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x50, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x3, 0x0, @vifc_lcl_addr=@local, @local}, 0x10)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$inet_mreq(r1, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8)
syz_emit_ethernet(0x2a, &(0x7f0000000240)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0xfb, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @echo_reply={0x0, 0x0, 0x0, 0x64, 0xd2}}}}}, 0x0)
syz_emit_ethernet(0x5d, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x3f, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @remote, @multicast1=0xe0000300}, @address_request}}}}, 0x0)
setsockopt$MRT_ADD_MFC_PROXY(r2, 0x0, 0xd2, &(0x7f0000000200)={@empty, @multicast2=0xe0000300, 0x0, "028a3f6c58b274e6d8451697efe42811ee1df06e9264f7d866b1970548fc3c7b", 0xb2, 0xfffffff7, 0x4, 0x40000006}, 0x3c)

3m18.452201261s ago: executing program 3 (id=3886):
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
sendmsg$NL80211_CMD_NEW_MPATH(r0, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000440)={&(0x7f00000005c0)=ANY=[@ANYBLOB="69ea4517cc163c2542c063d66f1664f4"], 0x14}, 0x1, 0x0, 0x0, 0x11}, 0x22040004)
ioctl$sock_SIOCINQ(r0, 0x541b, 0x0)

3m18.099687315s ago: executing program 3 (id=3888):
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000850000005000000095"], 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x94)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000340), 0xc)

3m17.604498583s ago: executing program 3 (id=3892):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c000000020681010000000000000000000000000500050002000000050001000700000005000400030000000900020073797a310000000011000300686173683a6e65742c6e6574"], 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x800)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)={0x50, 0x9, 0x6, 0x201, 0x0, 0x0, {0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x28, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @remote}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @rand_addr=0x64010101}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x1c}}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

3m0.617538775s ago: executing program 39 (id=3892):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c000000020681010000000000000000000000000500050002000000050001000700000005000400030000000900020073797a310000000011000300686173683a6e65742c6e6574"], 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x800)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)={0x50, 0x9, 0x6, 0x201, 0x0, 0x0, {0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x28, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @remote}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @rand_addr=0x64010101}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x1c}}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

1m18.690339098s ago: executing program 7 (id=4385):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x81}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0xc, 0x4}, {}, {0xf, 0x3}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_IPV4_DST={0x8, 0xc, @remote}, @TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x86dd}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x20040054)

1m18.155331838s ago: executing program 7 (id=4392):
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000019240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000519000/0x1000)=nil, 0x1000, 0x66)
keyctl$chown(0x4, 0x0, 0xee01, 0x0)
bind$802154_dgram(r0, &(0x7f0000000040)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14)
connect$802154_dgram(r0, &(0x7f0000000240)={0x24, @none={0x0, 0x1}}, 0x14)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
keyctl$set_reqkey_keyring(0xe, 0x5)
sendmmsg(r0, &(0x7f00000196c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0xd, 0x0}}], 0x4000050, 0x400c010)

1m16.800582646s ago: executing program 7 (id=4396):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0xfffffffffffffe21, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYRES16], 0x16c}}, 0x44000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getrlimit(0x0, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r3, 0x0, 0x2a, 0x0, 0x0)
statfs(&(0x7f0000000040)='./file0\x00', &(0x7f0000000180)=""/38)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000080)={0x8, 0x6, 0x2}, 0x10)
write(0xffffffffffffffff, &(0x7f0000000480)="1c0000001a009b8a140000003b000000000000000000000000000000fda35065733173ae72a0d270d958f739b6d44c893b03599f77a332b446ea93568ae2ff534952656c6a18b6c0fdcec321127ee28705f2496eb43654255c5cc688f71db82bab173f4e19361ac01c1b0a2d2229993c8308ab7721e4c33c5fc214cd64a17d552a0fa33011d3ccceb56738a8c7e690d5843333a2a6d60f38798d000000003991f3787269de5382929be107a698db9edbc0257c0bb0205084640cc1c859d69828feab5d0ac72f62c0bf387044a185428df3ab4cc2525d41adb01c8c13c71b6a98dac98f678e2472d5a6a8a5b2f69ac595a8bea681e962033baf38e57debcb4a900797d1f406f72c22a58b8255e88e662270140fe5646e9e558f594eaf8856161f4815b9948a065b3c8d75913b04ea16c3b0fc01db5e42f8c6b19b2f14994700a509701d4066bf3e07b637c32f260a86c7d383362a41060c965f41a4c3c819342935ca7af09a6fb3bd9cba3459c25d9f8709b0", 0x172)
recvmmsg(0xffffffffffffffff, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400})
bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)

1m15.53658907s ago: executing program 7 (id=4406):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x6, 0xf, &(0x7f0000000500)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r1, 0x0, 0xb4, 0x0, &(0x7f0000000300)="b994bc444b9893b04bf30981fd1a626f7389e32a4a7941c2515284700e44a97c20a00f058be0da09f79b19459fe87a2d1c33b64e62a91efc244b5f1e5f2751a8a71426c42e2819529c68f0cb08d7abcb7517687c402e46f41741ed42cf78d4bb059cdd4cb3b8a6688aec470f364827b2fe1b2f117ffed12a16621878284769347464b039230762fe3606c1f2ad62d657d2280e735362c779b4e7ecf49f3f0f2ba3394636a7f2eb647d3fac6fe0e1360ed0c4e9bb", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1}, 0x50)

1m14.597321048s ago: executing program 7 (id=4409):
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000019240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000519000/0x1000)=nil, 0x1000, 0x66)
keyctl$chown(0x4, 0x0, 0xee01, 0x0)
bind$802154_dgram(r0, &(0x7f0000000040)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14)
connect$802154_dgram(r0, &(0x7f0000000240)={0x24, @none={0x0, 0x1}}, 0x14)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
keyctl$set_reqkey_keyring(0xe, 0x5)
sendmmsg(r0, &(0x7f00000196c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0xd, 0x0}}], 0x4000050, 0x400c010)

1m13.457346862s ago: executing program 7 (id=4414):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x200100c, &(0x7f00000006c0)={[{@jqfmt_vfsv1}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0xeb0}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@lazytime}, {@data_journal}, {@noload}, {@oldalloc}]}, 0x3, 0x44b, &(0x7f00000007c0)="$eJzs271vG2UYAPDn7CSlnwlV+egHECiI8pU0aSkdWEAgsSAhwVDGkKRVqdugJki0qiAgVEZUiYkFMSLxF8ACCwImJFaYWFClCmVpYTI6+y6xHdtNUidO499POvd97859n8d3r/3evbkAetZw+pJE7IqIPyJisFqt32G4+s+thSuT/y5cmUyiXH7zn6Sy382FK5P5rvn7duaVvojCp0kcbNLu7KXL5yZKpemLWX107vx7o7OXLj939vzEmekz0xfGT548fmzshRPjz3ckzzSvmwc+nDm0/7W3r70+eeraO798m+T5N+TRIcPtNj5RLne4ue7aXVNO+roYCKtSrHbT6K/0/8EoxtLBG4xXP+lqcMC6KpfL5ftbb54vA1tYEt2OAOiO/Ic+vf7Nlw0aemwKN16qXgCled/KluqWvihk+/Q3XN920nBEnJr/76t0ifW5DwEAUOeHdPzzbLPxXyFq7wvtyeZQhiLi3ojYGxEnImJfRNwXUdn3gYh4cJXtN06SLB//FK6vKbEVSsd/L2ZzW/Xjv3z0F0PFrLa7kn9/cvpsafpo9pkcif5taX2sTRs/vvL756221Y7/0iVtPx8LZnFc79tW/56pibmJO8m51o2PIw70Ncs/WZwJSCJif0QcWGMbZ5/+5lCrbbfPv40OzDOVv454snr856Mh/1zSfn5y9J4oTR8dzc+K5X797eobrdq/o/w7ID3+O5qe/4v5DyW187Wzq/nfv3wqfb3652ctr2nWev4PJG/VrftgYm7u4ljEwEAsXz++vJ7vn+Z/5HDz/r83lj6JgxGRnsQPRcTDEfFIFvujEfFYRBxu8yn8/PLj7649//WV5j+1quO/VBiIxjXNC8VzP31X12j6IxJ/fb+y/NPjf7xSOpKtafL9t2wyfSVxrfZsBgAAgLtVISJ2RVIYWSwXCiMj1b/h3xc7CqWZ2blnTs+8f2Gq+ozAUPQX8jtdgzX3Q8eyy/q8Pt5QP5bdN/6iuL1SH5mcKU11O3nocTtb9P/U38VuRwesO89rQe/S/6F36f/Qu/R/6F1N+v/2bsQBbLxmv/8fdSEOYOM19H/TftBDXP9D71pL//edAVtD2748sHFxABtqdnvc/iH5u6KwJ8tos8Sz1QtR2BRhKKxToctfTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB3yfwAAAP///H3mgA==")
syz_open_procfs(0x0, &(0x7f0000000140)='net/ip6_flowlabel\x00')
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1700000007"], 0x50)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x13)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r0, &(0x7f0000000000), 0xd)

56.800453753s ago: executing program 4 (id=4489):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x38, r1, 0x1, 0x70bd27, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_TAGLST={0x1c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x1}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x80}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x44000}, 0x20000000)

56.583309068s ago: executing program 4 (id=4490):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = shmget(0x1, 0x4000, 0xa20, &(0x7f0000ffb000/0x4000)=nil)
shmat(r3, &(0x7f0000ffd000/0x2000)=nil, 0x4000)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x3)
accept4$bt_l2cap(r4, &(0x7f0000000200), 0x0, 0x800)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)

55.157580074s ago: executing program 4 (id=4494):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="10000000040000000800000008"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000580)="b9ff03076804268c989e14f088a8", 0x0, 0xab82, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

54.954070448s ago: executing program 4 (id=4496):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_script(r0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
ftruncate(r0, 0x5)

54.841120478s ago: executing program 4 (id=4497):
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="380000001a00010000000000000000000a008000", @ANYRES32=0x0, @ANYRES64], 0x38}}, 0x0)

54.609065073s ago: executing program 4 (id=4499):
sendto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
fallocate(0xffffffffffffffff, 0x6c, 0x5, 0x9)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="600000000206030000001a0000de00000000000014000780080006400000000005001500010000000500010006000000050005000200000005000400030000000900020073797a310000000012000300686173683a6e65742c706f7274"], 0x60}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000700)=ANY=[@ANYBLOB="54000000090601020000000000000000020000000900020073797a310000000005000100070000002c0007800c00018008000140ffffffff0500070084000000060004404e2200000c000280080001407f0000010063f067adc7077d4dc61dc84d8ca3f58217cc99fcc3a428a1f451c377234d408e479e170d753a757a5b8bcf56521069562e"], 0x54}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)

39.473479205s ago: executing program 40 (id=4499):
sendto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
fallocate(0xffffffffffffffff, 0x6c, 0x5, 0x9)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="600000000206030000001a0000de00000000000014000780080006400000000005001500010000000500010006000000050005000200000005000400030000000900020073797a310000000012000300686173683a6e65742c706f7274"], 0x60}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000700)=ANY=[@ANYBLOB="54000000090601020000000000000000020000000900020073797a310000000005000100070000002c0007800c00018008000140ffffffff0500070084000000060004404e2200000c000280080001407f0000010063f067adc7077d4dc61dc84d8ca3f58217cc99fcc3a428a1f451c377234d408e479e170d753a757a5b8bcf56521069562e"], 0x54}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)

14.537235809s ago: executing program 5 (id=4566):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000400)=ANY=[@ANYRES8=r0], 0x64}, 0x1, 0x0, 0x0, 0x94}, 0x24000000)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000ac0)={0x14, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa, 0x0, 0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x4010}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
statx(0xffffffffffffff9c, 0x0, 0x800, 0x1, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f0000000040)={0x0, 0x6d207ee5}, 0x8)
sendmmsg$inet6(r2, &(0x7f0000000200)=[{{&(0x7f0000000580)={0xa, 0x4e23, 0x1, @loopback}, 0x1c, &(0x7f00000006c0)=[{&(0x7f0000001680)='\t', 0x1}], 0x1}}], 0x1, 0x8020)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'tunl0\x00'})
r5 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000000c0)=@o_path={&(0x7f0000000080)='./file0\x00', 0x0, 0x10, r3}, 0x18)
r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000005c0)={0x6, 0x18, &(0x7f0000000300)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x5}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@generic={0xe, 0x9, 0x5, 0x7, 0x9a9a}, @tail_call, @map_fd={0x18, 0x6}, @alu={0x7, 0x1, 0xd, 0x5, 0x2, 0xc, 0x10}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000400)='syzkaller\x00', 0x7, 0x0, 0x0, 0x41000, 0x22, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000480)={0x1, 0x0, 0x0, 0x7}, 0x10, 0x0, 0x0, 0x6, 0x0, &(0x7f00000004c0)=[{0x4, 0x4, 0xe, 0x9}, {0x4, 0x1, 0x7, 0xc}, {0x1, 0x5, 0x7, 0x3}, {0x0, 0x2, 0x3, 0x2}, {0x0, 0x2, 0xd, 0x1}, {0x2, 0x2, 0xb, 0x2}], 0x10, 0x370b}, 0x94)
r7 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x400100, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000a40)=@newlink={0x4c, 0x10, 0x1, 0x70bd25, 0x25dfdbfa, {0x0, 0x0, 0x0, 0x0, 0x40810}, [@IFLA_GROUP={0x8}, @IFLA_XDP={0x24, 0x2b, 0x0, 0x1, [@IFLA_XDP_EXPECTED_FD={0x8, 0x8, r5}, @IFLA_XDP_EXPECTED_FD={0x8, 0x8, r6}, @IFLA_XDP_FD={0x8, 0x1, r7}, @IFLA_XDP_FLAGS={0x8}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4008011}, 0x4004)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000240)={{r7}, 0x0, 0x0}, 0x20)
bpf$PROG_BIND_MAP(0x23, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000000)={0x0, 0x3}, 0x8)
r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]})
close_range(r8, 0xffffffffffffffff, 0x0)

11.290907349s ago: executing program 5 (id=4574):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_open_procfs(0x0, 0x0)
preadv(r3, &(0x7f0000000340)=[{&(0x7f0000000400)=""/255, 0xff}], 0x1, 0x0, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r4, 0xc400941d, &(0x7f0000000240)={<r5=>0x0, 0xffffffff, 0x0, 0x1})
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r4, 0xc400941d, &(0x7f00000008c0)={r5, 0x4, 0xe4, 0x1})
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="03"], 0x17)

10.590559615s ago: executing program 1 (id=4577):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e22, @empty}, 0x10)
listen(r0, 0x1ff)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10)
sendto$inet(r0, &(0x7f0000000100)="ab", 0x1, 0xe61e2840a154b0c0, &(0x7f0000000000)={0x2, 0x4e22, @remote}, 0x10)

10.001395006s ago: executing program 5 (id=4578):
syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x9, &(0x7f0000000000)={[{@barrier}, {@jqfmt_vfsv0}, {@abort}, {}, {@noquota}, {@usrjquota, 0x2e}], [], 0x2e}, 0x6, 0x48d, &(0x7f0000000980)="$eJzs3EtvG1UbAOB3xnV6/5qv3wV6AQIFEXFJmrRAF2xAIHWDhARIZRnStCpNG9QEiVYVTREqS9RfACyR+AWsYIOAFYgtSGyQEFKFuqGwGjT2TOpcHGzHjil+HsntOTNnfM47M8c+MyfjAAbWSP5PErErIr4fithTzy4vMFL/79bNy9O/37w8nUSWvfRrUiv3283L02XRcrudRWY0jUjfTeLAGvXOX7x0dmp2duZCkR9fOPfG+PzFS4+fOTd1eub0zPnJY8eOHpl46snJJ7oS5+68rfvfnju47/ir11+YPnH9ta8+yZfvKtY3xlE33PJ7b2+yfCRGlu/LBg9F/JRlWct1/N3tbkgnW/rYENpSiYj8cFXz/h97ohK3D96eeP6dvjYO6Kksy7Ktq5ZWysRiBvyDJdF0VbqpDQE2WflFn1//lq9NHH703Y1n6hdAedy3ild9zZZIizLVFde33TQSEScW//ggf8Wa9yEAALrrs3z889ha4780/t9Q7l9Rnxsajoh/R8TeiPhPRPw3Iv4XUSt7V0Tc3Wb9Iyvyq8c/3zabXumKfPz3dDG3dXv8N1SLvzBcKXK7a/FXk1NnZmcOF/tkNKpb8/zEOnV8/tx37y9lti1f1zj+y195/eVYsC79ZcuKG3QnpxamuhB6zY2rS4GuGP8mSzMBSUTsi4j9Hbx/vs/OPPLxwWbr/zr+dXRhnin7KOLh+vFfjBXxl5L15yfHt8XszOHx8qxY7etvrr3YrP4Nxd8FN65G7Fh1/kdj/MNJ43ztfPt1XPvhvabXNJ2e/0PJy7X0ULHsramFhQsTEUPJ4urlk7e3LfNl+Tz+0UNrxZ/W3uPDYrsDEZGfxPdExL0RcV/R9vsj4oGIOLRO/F8+++DrncffW3n8J9s6/u0nKme/+LRZ/a0d/6O11GixpJXPv1YbuJF9BwAAAHeKtPY38Ek6tpRO07GxiFdq93Z3pLNz8wuPnpp78/zJ+t/KD0c1Le90pQ33QyeKe8NlfnJF/kjtvnGWZdn2Wn5sem62V3PqQGt2Nun/uZ8r/W4d0HNtzaM1e6INuCO11f9XPy0E3ME8rw2Dq9X+X+1xO4DN5/sfBtda/f9KxK0+NAXYZL7/YXDp/zC49H8YXPo/DKSNPNe/XmLv8Y43zzZUe/n7Kh1u/mNP9sZ6iUqnm29t42cOepCIdM1V1YjoS3vaSqS9qyI/+drbKj+QrRa+0umJ3XZi2cfEUD8+mwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALrhzwAAAP//dNfhIw==")
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0)

9.19666152s ago: executing program 1 (id=4582):
ioctl$COMEDI_CMD(0xffffffffffffffff, 0x80506409, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)={0x58, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x1}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_MAXELEM={0x8, 0x13, 0x1, 0x0, 0x5}]}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x58}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x48, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x2}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x2}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080)

9.173764266s ago: executing program 5 (id=4583):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
r1 = timerfd_create(0x0, 0x0)
read(r1, &(0x7f0000000240)=""/123, 0x7b)

9.0178736s ago: executing program 1 (id=4584):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000400)=ANY=[@ANYRES8=r0], 0x64}, 0x1, 0x0, 0x0, 0x94}, 0x24000000)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000ac0)={0x14, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa, 0x0, 0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x4010}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
statx(0xffffffffffffff9c, 0x0, 0x800, 0x1, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8)
bind$inet6(r2, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback, 0x2}, 0x1c)
sendmmsg$inet6(r2, &(0x7f0000000200)=[{{&(0x7f0000000580)={0xa, 0x4e23, 0x1, @loopback}, 0x1c, &(0x7f00000006c0)=[{&(0x7f0000001680)='\t', 0x1}], 0x1}}], 0x1, 0x8020)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'tunl0\x00'})
r5 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000000c0)=@o_path={&(0x7f0000000080)='./file0\x00', 0x0, 0x10, r3}, 0x18)
r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000005c0)={0x6, 0x18, &(0x7f0000000300)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x5}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@generic={0xe, 0x9, 0x5, 0x7, 0x9a9a}, @tail_call, @map_fd={0x18, 0x6}, @alu={0x7, 0x1, 0xd, 0x5, 0x2, 0xc, 0x10}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000400)='syzkaller\x00', 0x7, 0x0, 0x0, 0x41000, 0x22, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000480)={0x1, 0x0, 0x0, 0x7}, 0x10, 0x0, 0x0, 0x6, 0x0, &(0x7f00000004c0)=[{0x4, 0x4, 0xe, 0x9}, {0x4, 0x1, 0x7, 0xc}, {0x1, 0x5, 0x7, 0x3}, {0x0, 0x2, 0x3, 0x2}, {0x0, 0x2, 0xd, 0x1}, {0x2, 0x2, 0xb, 0x2}], 0x10, 0x370b}, 0x94)
r7 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x400100, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000a40)=@newlink={0x4c, 0x10, 0x1, 0x70bd25, 0x25dfdbfa, {0x0, 0x0, 0x0, 0x0, 0x40810}, [@IFLA_GROUP={0x8}, @IFLA_XDP={0x24, 0x2b, 0x0, 0x1, [@IFLA_XDP_EXPECTED_FD={0x8, 0x8, r5}, @IFLA_XDP_EXPECTED_FD={0x8, 0x8, r6}, @IFLA_XDP_FD={0x8, 0x1, r7}, @IFLA_XDP_FLAGS={0x8}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4008011}, 0x4004)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000240)={{r7}, 0x0, 0x0}, 0x20)
bpf$PROG_BIND_MAP(0x23, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000000)={0x0, 0x3}, 0x8)
r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]})
close_range(r8, 0xffffffffffffffff, 0x0)

6.929575887s ago: executing program 9 (id=4587):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = shmget(0x1, 0x4000, 0xa20, &(0x7f0000ffb000/0x4000)=nil)
shmat(r3, &(0x7f0000ffd000/0x2000)=nil, 0x4000)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)

6.902223996s ago: executing program 8 (id=4588):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000080)='./file0\x00', 0x234a047, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
r3 = inotify_init1(0x800)
inotify_add_watch(r3, &(0x7f0000000000)='./file0\x00', 0x610001d4)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './bus'}}]})

6.829192894s ago: executing program 5 (id=4589):
socket$phonet_pipe(0x23, 0x5, 0x2)
r0 = syz_io_uring_setup(0x83f, &(0x7f00000000c0)={0x0, 0xa9ee, 0x400, 0x3, 0x8002ae}, &(0x7f0000000140), &(0x7f0000000280), &(0x7f0000000000))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
socket$inet6_icmp(0xa, 0x2, 0x3a)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close(0xffffffffffffffff)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
recvfrom(r3, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x500)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="600000001000010400"/19, @ANYRES32=0x0, @ANYBLOB="0131010000000000400012800e00010069703665727370616e0000002c000280140005f6ff000000000000000000ffff7f00000108001500b9c20a00040012000500160001"], 0x60}}, 0x0)
io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0xfffffdcf)

5.269836548s ago: executing program 9 (id=4590):
socket$inet6_udp(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6(0xa, 0x3, 0x3)
connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendmmsg(r3, &(0x7f0000000480), 0x2e9, 0xffe0)
r4 = socket$inet6(0x10, 0x2, 0x0)
write(r4, &(0x7f0000000040), 0x0)
memfd_create(0x0, 0x6)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x2000000}, 0x0)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)

5.166744064s ago: executing program 8 (id=4591):
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
madvise(&(0x7f0000519000/0x1000)=nil, 0x1000, 0x66)
keyctl$chown(0x4, 0x0, 0xee01, 0x0)
bind$802154_dgram(r0, &(0x7f0000000040)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14)
connect$802154_dgram(r0, &(0x7f0000000240)={0x24, @none={0x0, 0x1}}, 0x14)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
keyctl$set_reqkey_keyring(0xe, 0x5)
sendmmsg(r0, &(0x7f00000196c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0xd, 0x0}}], 0x4000050, 0x400c010)

4.09711455s ago: executing program 8 (id=4592):
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000005600)='./file0\x00', 0x0, &(0x7f0000000040)={[{@compress_algo={'compress', 0x3d, 'zstd'}}]}, 0x5, 0x559a, &(0x7f0000005680)="$eJzs3X2QVWUdB/Bzd1lYZGI3BMGBFShfQEIhpVRS7kBBuDJtkjU2GQtioaAwzBI1ii04WLgam1kz5QxCiwjDUmszGmXlygyQk9PWjIPIgjLThjG9SMXEFjU2e+99Lveey+5eyVxfPh9m99zn/s7znOeeOX/c72WfcyMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACIoujgjtr/rB1ZV75+06hFt199cPSq0RNWVDWdHHWg+rzdl/absWjovuntdw6b0bH6SPX65tsu6IyiRKpfItN/3vSPX/+FufPmlIcBaz+Z3lZWdnfIdNfD6Ub/vCe7+uX/zI+iqCw2QGlmu7s0p52IHyBaXjhgj8pmbVsycEGyduvmp+ouX7J1XOFLp0t5X0+gr2Suq45T11Iy9bsktke2nXPpJfIu0XT/+AX3prwIAOB1mVST2mTfjmbe4mbb9fF6rJ2MtRtj7fAOoTG3cSbS4/bvbp5j4vU+mmcyHRUGdDvPWD1z/rPtmnj/WDsWNV7HPPN3zUSa8u7muSxW76t5AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALyVvFa3Ys34z714sOyX549bvfLk4WvLL3zoq/8uWXrzS68dqlnzl7ah+6a33zlsRsfqI9Xrm2+7oDOKKlP9EunuiWknXr1kYvWcUeuf+N7ETc+OP16aGTds++XsHO0PD66siKIFOZWOMOzRwVFUk19INaPvFhZuTT2YHQoAAAC8k5yb+l2SbafjYFleO5FKk4nUvyAdFstmbVsycEGyduvmp+ouX7J13JmPV9PNeMnTjpdtV576SeQE4xB/4+OdqoddlxeM07P4iPE8P+X5l1+oGHHtT5+pOu+mlde/NPKax9tmfnP48UX7K+8YtGrc2CsK8n9lz/k/nDn5HwAAgP+F/B8fp2e95f/PzK+75Y5HvnJszD2HVw66+8H9G4eVH7nplsn7/jj8hosvvqz2xoL8PybvkAX5P8w45P+S6MzyPwAAALyV/b/zf7JgnJ71lv/bhzff/MB7Di2sbOt4evtlK/b0X3j1RUMOPHTR3In3XjdozPkNBfl/UnH5v1/utMOTz4UJL66IoknFn1QAAAAgT/h/91MfLYS8nv7kIJ7XW+dtGd3y6swvTxj78KH6P1Vtnvj5jUMe37lh5jd2PXf3/RPbzi7I/8ni8n/Zm/NyAQAAgCI0HTpnxNBPJ38e3X/01vnf/+yuR+9b+sWrLtnbOWvC2l9UP72jviD/1xSX/wf0zcsBAAAATuPE+GsW/mPnkd9e1/yJ+5qO/v5Lq0p/NaNp9/62hqZ/bh81e/XkgvxfW1z+Pyuzzax8SHfaE/4K4VsVUVTe9WBZurA3apyWLQAAAABvkJDT75ryfMm9A6edu2Xub06Me+KFPZ/aN3vxhnPWTGp69n2tiz9y4WMF+X9Zz/f/D3c6COv/8+7/V7D+P6eQvuvfVDcGAAAA4N2ocD1/uD1++psLuvv+/WLX///w6xv+mqiqf/ID8342q/P9zT/Z2zr1wZNVf5hz/OGW5MgnL32xIP/XF5f/S3O3b+T3/wEAAMAZeLt9/9+NBeP0rLf7/7c980j1o1d+6GtXza2buuN3H77iz68Mn9qwPXpl+UfbFx342K5fF+T/xuLyf9gOyn15reH83FMRRSO6HmTuJrgtTHdxrNBSllNIn/hYj7mhR6bQMiCnkLIs1uODFVE0tutBfazw3lBojBWODc4UNsYKbaGQuR6yhR/ECq3hSvvO4Mx044Ufh0JmgUVLWEExKLskItbj79316Cqctkd79uAAAADvKiE8Z7JsWX4zikfZlkRvO5zV2w4lve1Q2tsO/WI7xHfs7vmoNr8Qnv/Rt294ecBdD2yom7Jl04KqhrPX/euxyZNuX7Z2Z93SziF/W7euIP9vLC7/h1PRP73pbv1/FNb/Z77XMLv+vzYUKmOFllCoid8xoCYcIx12G8IxKmsyPY6NyBYAAADgHS18LlDax/MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/7J373FW1nXiwL8zzIUZhplRMS+RISaKwTCMKYaZID/TnwQOq6WFJgSDjgxCXEzQTUTd1VzB2+ZtE0jdtIwoNbVUeGnekspLsKl5SfHSK41lS5Js133NnPM9nPOcOc5BQBn3/f5jzvecz/f6nMuc7/M85/sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/N2z85GVfeHmfj/xg3cKBi1eP+krfI4cMn3DMNTceu/jhb0/e777f//8+aw575sydR60955XRi245de+3QmjuKFeSKl5y6F/XNQwePabvotuvGbz0kYF/qUjXm46HXu1/StN3zoutru0dwh0lIZQlA4NrUoHy9P2aWF/fmhB2CJsCmRIt1akSyYbDA1UhLAmbApmq7qoKoSYrcOwT9624uD1xRVUIe4cQKpNtPFuZaqMqGRhQkQpUJwPTy1KBv76TkgncWZoKwBaLb4bMi355c26G+s7LFXj9lW+1jn2wksPrERP1hfO9MXIbdypLRfKB5i162vKqY5vIe3us9G7rBu+2vO18iact+4tU+hvKO5tClaF0csuUiXPaZsdHSkNDQ49CNW2j5/np9WdN2px0t3kdxg7Ub5XX4aoLe49d/OhRw2+tG35Dn0ELN25pNwtt3m2tMqRfc93meYxG+DzpBm+/vG9J/XzpCiHsf9v42798wcs3L7h87K4HPbHTsDc+u/vdLT+75YTxxx++fsVXf//jvPl//bvP/+PLOd6W5uSOrb5dm5qbx0dqYmJdbWpuDgAAAN1Gd9hr+srq/5722X3HDX185OrqW2+659SL7/v8tT9r3a/t4bE77fj8vvN+lDf/71fc8f94yL8me7QrQxjRkTi3LoRdOx5PBW6O3flqXQh7dqSacwMjE4GVIezWkRiYqSpRomcs0S8ReLU2HRiRCDwYA82JwI0xcEkicF4MLE8EJsXAykTgsBgIrbnj2K82PY6iA1UxMCG1EZfHsxD+XBtbS2yrZzJVAQAAbCXp2WF57t2scx22NEOcXi6v6ipDPAO7YIbKRA3JGWxmWlWwhrKuaijtqobMuOe/+/Dzai7pqua80zBKcjNcWXXLpT8aNumNu2e8tOG0Iz7x2quP1S/96afXXfPGU9Mr79/j8ofz5v+N7z7/r+ykIyV5x/9DGNfxN+YuTUfaMvEJzTkZAAAAgC3w1sADvvydsq/NfeH3jwz75K+vfez1lQ9/dO8zb1v7/Bk/+NZ3au4fnTf/H1Hc+f9xn0iPrMxhVdwNMbUuhMbcQKrag/MDqaPevdIBAAAA6A4yx+Mzx8Jb07epU7ST8+n8/M2bmT8e+B/Raf7131p2/Y6feGT2Q7W3zXhqw+NfWTl64bEz3xh05dmP7HvoQU+N/Gze/L+5uPP/q3NvU514MPbi8roQemYFHoq9bA906BcDLxyaG0iP/8G4AS6KVaVPTMhUdVEsMSEGGhOBJYVKPJYpsWtuIP1kZRo/NzOO1nSJrAAAAAC87+LugHhcPp7/v2LBXZf9x41/umzVgUtnnzz98de+V1H5zknL7zyxzwX39li008hJefP/CZt3/n/HPDjv9P62XiEMKQuhR/KHAauqUwsDxkBNSTpxT3Wqrh7JqhZUh3Bw+8CSVb2YXv+/LLnG4JNVqapiYNf+N60f0J64oSqEIdmBNeOXHtCemJMIZBr/YlUIH28fbbLxn/RMNV6ebPyqniHskRXIVDWpZwjtjVUkq7q/Mn0dg2RVyytD2CkrkKlqWGUIcwMA3VX8Xzo5+8FZc+dNndjW1jJzGybiTvyqMKW1raVh0vS2yZUF+jQ50eecdYzOyR9TsZe++V16jaLVx0ytKyad+aFgY3Zb6R35eWcOpu/HL0PlHeNsKs+5u39yyPvuld9EyPoqVWjIpdt4yNXZlWx6EvPqj/krQq/Qc86slpkNZ0ycPXvm0NTfYrM3pf7G40ypbTU0ua2qO+tbES+PgstlJbzXbTUgu5Ihs6fNGDJr7rzBrdMmntxycstpwz7VNKxp6P5NjUPaB5X+28VIB3RWc2Kk7ywtclhbcaS7l2VV8n58aEhISHS3xE2Xj39m0UcXV3538UmXPHH++WefcvrOt1057ft9p48fdOXnlkz9et78f8a7z//jp0784E+vz1Do+H99PMyfenzTYf4JMbCk2OP/9YWO5mdODOiXCMyPgfkO8wMAAPDhEHdHxr2Zcad07SvfOP1/Tjii9NA/HP2LpqGDdrnw1qkDbnx94+kf23vekmvLKvKv/ze/uN//b6X1/zNL1x9VaJn/gbFEY6H1/5PL/GfW/59faP3/5DL/mfX/l3wA6//PyQQSm+TP1v8HAAA+DN6/9f+7XN4/eYGAvAxdLu+fvEBAXoYul/Ev9gIBm73+/89/XrbDx47YrW/ZF56YuNedB/7mpGkP7vKjUVev+3RT/TfPWPPzZXnz/0uKm/9buB8AAAC2Hyfs+6UBC14a8vVzpj/ww8Ezdn7purOfH3HPL4/75MYxfddVr+v76bz5/5Li5v/v//p/odD5//0KBZoLLQxo/T8AAAC6qULr//3t42d987p+O24Y1O/M29+6emrJ8L2fO/XXbRc9NOrwj435xyWTrs2b/y8vbv4fT7sozckde/N2bWpNu5Bc025dbeYnAwAAANA9lIaGhvIi8+YsjDryvbf5dHop0HdLZ9vtE6vWnHvvdX8fcvP5C9Ydf3rtQUf+oeyQOydf99KCU/boX/Pc2rz5/8ri5v85v8tYdWHvsYsfPWr427fWDb+hz6CFGzcd/wcAAAC2nWL3SwAAAAAAAAAAAAAAAB+8Y1b95Kz/+uWY4+4cNu/qR3d+/OT//PqsM1on/aLtiHUHPLv0hk/tk/f7/zCuo1yh3//H6/7F3xf0yckdW+16/b/0/WNHL5vbsWThqtoQ9soOTF0wdYeQvjb/PtmBFScO3KU9sSBZ4u7nDnu5PXFSMnDk4B03tCc+kwhMiIsk7pYMxKsqbuidCMTlFZ9MBuL2WJ4MVKQDF/ZOjaMkua3+UJPaViXJbfV0TQh1WYHMtrqjJtVGSXKAVyQCmQF+LRmIAxybDpQme7WsV6pXMVATiy7uleoVAADbrfgtsDxMaW1raYxf4ePt7mW5t1HOkmXn5FdbUmTzv0svTbb6mKl1xaR7JL+LbrrWeHmobB/C0Lyvq9lZSjpGuXVq6WLT9Skw5K5WeystUC5pczddReERVaVG1DBpetvk8i4Hvn/XWZrKuswyNG+yk52ltGOTFlFLEX0pYkRFbpsiuhzvl4aGhh6JXMNjsD7k6OoVUezv9bPX+Sv0KsjOs3zUQQOOW/bcgRMWPXnQtKnhI5e9M2Li5FmHXPHiU0vnjxw0oUfe/L++uPl/Zfa4NqQvBjA/Xlnv4LoQJhQ5IgAAAPjwO+W05y674P5LX32hecDL04dcuuK3c6+aV1Z783mHP3336W+OX3jSlsYHDHtj6Kl3/ebcjU2jHrqy99X3X7PTkXU//H/Vvea+tWLQmy/cvVfe/L9fcfP/uAcrfSg4tbdjZbz+/7l1IXRcWr8+Fbg5DverdSHs2ZFqjiVSF9Q/KpZoTAVujjtMBsYSE5pzq+oZA8sTgVdr04GVicCDMZDeS3FTSO/KubQ2hAM6UuNyS8yIJeoTgaNjoF8i0BADjYlA7xgYkQi83jsdaE4EHo2B0Jq7rW7tnd5WAAAAmyM9zyrPvRuS87zlZV1lKOkqQ3VXGUq7ylDZVYZCo4j3fxwzlCdOXinJylSerLUqUUtehngx/M3uV16G8FhuzmTBvKbj+QeZ8w1KcjNccWbF9Dc/33/R8UPGrB/ftPhzc38a/uHtOW9d8OYvz6977pqNJXnz/8bi5v/Vubep1h+M8/9N1/9LBR6K3bs8njreLwZeODQ3kN4x8GCc7F6Uqao5XSI9ab8olhgRA/0SgRkxMCIRmDAuHViyS24gPdPONH5upvHWdImsAAAAALzv4g6CuJsmzv+fXTv+iWnjf3vQZX1nLzx/+VFffvrXx736i3t73v3d/osebitZuzpv/j+iuPl/bK9XdmPnxd6s7R3CHSWbepMJDK5JBeJ+jJr48/i+NSHskLWDI1OipTpVoiLRcHigKvUL9YpkVXdVpdYYiPePfeK+FRe3J66oCmHvrL0vmTaerUy1UZUMDKhIBaqTgellqUDc85MJ3FmaCsAWy+wVjC+o9KkuGfWdlyvw+vuwXBM0Oby8faCd5OvsN1fbSmXygfQ+1YzNe9ryqmObyHt7rPRu647vtnrvtuwvUulvKO9sClWG0sktUybOaZsdH8n+JWuebfQ8Z/9KtZj0Vngdzn/vve1aZbIDjYmPj8bOy3X+OiyJ1a26sPfYxY8eNfzWuuE39Bm0cGPR3Sgg/lB45rCr6rM377ZWGdKvuW73edLs86Q7/hvo52kLIYy7d+xFjYfcuHDSiP7X73xH7fDLvzT4lkMbnx1XM2eXw8e89sV5efP/5uLm/2WJ2w4b48acVRfCvlkbd1Xc/KPqUp+DWYHUp+RO+YHUIfeXagt+cgIAAMDWltndkdlf0Jq+TZ0Qnpwn5+dv3sz8cX/FiE7zF9vv/lecsnL0hAN/23f8XoccvM9Zdy04er+/Tbz+tT9Wj5z0wPd+tfr6vPn/hHef//dMdNPxf8f/2UYc/+/U9r4rumfygflbtCs6rzq2Ccf/O7W9v9sc/++U4/+O/3fG8f8uOP7fqe39acv7ljTDl64Qwr9f/vm/vX3Pbv02LC393pQH5vU//rLvL1r2k52f+efH/mn69H33/FXe/H9GcfN/6/91vmhfZv2/CYXW/5tRaP2/+db/AwAAtqkCC80l53l5q/flZUiu3peXocsFArtcYtD6f5u9/t+L/3Lpgr2mjv3GiWc9dnDvR+tHrRkz6O8nvbrnmuuevHLoIyf8/dt58//5xc3/48uhV3br3WX9v37jClR1SQzMsDAgAAAA26NCOwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4YJ31xynnjVjw+J+ap39l/fLx32nd8fGHprzefMQPRy87es0pu5xyb581hz1z5s6j1p7zyuhFt5y691shtHaUK0kVLzn0r+saBo8e03fR7dcMXvrIwL9UpustT99+NCd3bPXt2hCWZD1SExPratvvbAocO3rZ3LL2xKraEPbKDkxdMHWH9sSNtSHskx1YceLAXdoTC5Il7n7usJfbEyclA0cO3nFDe+Iz6UBJsrv/1jvV3ZJkdy/uHUJdViDT3VN751aVaeOIdKA02cZ3a1JtxEBNLHpVTaqNGGiLJVp7hjCkLIQeyaoeqUxV1SNZ1U8rU1X1SFZ1dmUIB4cQypJVPV+RqqosOfLHKlJVxcCu/W9aP6A9sbQihCHZgTXjlx7QnpiZCGQaP6YihI+3v2SSjd9anmq8PNn4v5aHsEcIoSJZ4s2yVImKZIkXy0LYKSuwaSOWhTA38OEQP30mZz84a+68qRPb2lpmbsNERbqtqjClta2lYdL0tsmViT4VUpKVfuec9z72360/a1L77epjptYVky5Llyvv6HJTec7d/bf33sd+VWdXsun5yKs/5q8IvULPObNaZjacMXH27JlDU3+Lzd6U+tsjHU1tq6HdZVsNyK5kyOxpM4bMmjtvcOu0iSe3nNxy2rBPNQ1rGrp/U+OQ9kGl/26NkS59/0e6e1lWJe/H+19CQqK7JUpzPt0at/fP8bwv+ps6Wh4qOz6g86YV2VlKOka5NQY98j2O+L18TelyREPzJg55WZq6zrJ/3mRiU5aqVJaOr3V5k8Psmko7Nmm8XxoaGnoU2g71uXezN+8bW7B5n05vumLTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwv+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwLAAAAAAgzN86jJ4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAD//+GI8JI=")
truncate(&(0x7f00000001c0)='./file2\x00', 0x101)

4.06378971s ago: executing program 9 (id=4593):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r4 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x141000, 0x0)
ioctl$PTP_ENABLE_PPS(r4, 0xc0403d11, 0xffffffffffffffff)
sched_getattr(0x0, 0x0, 0x0, 0x0)
timer_settime(0x0, 0x0, 0x0, 0x0)

2.953343393s ago: executing program 9 (id=4594):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000080)={0x2, 0x3, 0x0, 0x3, 0xe, 0x0, 0x700, 0x0, [@sadb_key={0x4, 0x9, 0xa8, 0x0, "ce45b8add73fd52f35e21bf163fe477120a04a0ecc"}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x1000, @private}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x6, 0xd}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @dev}}]}, 0x70}, 0x1, 0x7}, 0x0)

2.794161565s ago: executing program 1 (id=4595):
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mount$overlay(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@nfs_export_on}]})
setxattr$security_capability(&(0x7f0000000240)='./file0/file1\x00', &(0x7f0000000280), 0x0, 0x0, 0x0)

2.599345822s ago: executing program 1 (id=4596):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x0, 0x20}, 0xc)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x9, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000180)="1a", 0x34000, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmmsg$inet(r0, &(0x7f00000056c0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000280)='~', 0x1}], 0x1}}], 0x1, 0x8)
close(r0)

2.199833516s ago: executing program 9 (id=4597):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xbfb3)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0))
r1 = syz_open_pts(r0, 0x101000)
r2 = dup3(r1, r0, 0x0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000000)=0x17)

2.023229664s ago: executing program 8 (id=4598):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_GET_BYINDEX(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x24, 0xf, 0x6, 0x5, 0x0, 0x0, {0x2, 0x0, 0x3}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_INDEX={0x6}]}, 0x24}, 0x1, 0x0, 0x0, 0x44801}, 0x4010)

1.533037179s ago: executing program 8 (id=4599):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x4000000000091}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close(0xffffffffffffffff)
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f00000000c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x3}}, './file0\x00'})
getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f00000007c0))
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000000), 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0500000005000000fd09000085"], 0x50)
bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x6c, r3}, 0x38)

1.450876114s ago: executing program 1 (id=4600):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = shmget(0x1, 0x4000, 0xa20, &(0x7f0000ffb000/0x4000)=nil)
shmat(r3, &(0x7f0000ffd000/0x2000)=nil, 0x4000)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)

1.224416157s ago: executing program 5 (id=4601):
syz_usb_connect$printer(0x0, 0x2d, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r0 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r0, &(0x7f0000000200)={0x18, 0x2, {0xfeff, @local}}, 0x1e)
connect$pptp(r0, &(0x7f0000000000)={0x18, 0x2, {0xffff, @multicast1}}, 0x1e)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x1d41, 0x0)
ioctl$EVIOCGPROP(r1, 0x40047438, &(0x7f0000000180)=""/246)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, 0x0)

1.544163ms ago: executing program 8 (id=4602):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setfsgid(0xee00)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)

0s ago: executing program 9 (id=4603):
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000019240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
madvise(&(0x7f0000519000/0x1000)=nil, 0x1000, 0x66)
keyctl$chown(0x4, 0x0, 0xee01, 0x0)
bind$802154_dgram(r0, &(0x7f0000000040)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14)
connect$802154_dgram(r0, &(0x7f0000000240)={0x24, @none={0x0, 0x1}}, 0x14)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
keyctl$set_reqkey_keyring(0xe, 0x5)
sendmmsg(r0, &(0x7f00000196c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0xd, 0x0}}], 0x4000050, 0x400c010)

kernel console output (not intermixed with test programs):

priority 0
[ 1459.375012][T21524] syzkaller0: entered promiscuous mode
[ 1459.452627][T21524] syzkaller0: entered allmulticast mode
[ 1459.920514][T21522] tipc: Resetting bearer <eth:syzkaller0>
[ 1459.986658][T21521] tipc: Resetting bearer <eth:syzkaller0>
[ 1460.121465][T21521] tipc: Disabling bearer <eth:syzkaller0>
[ 1460.208148][T21554] netlink: 'syz.5.3334': attribute type 1 has an invalid length.
[ 1460.524989][T21560] vlan2: entered allmulticast mode
[ 1460.555677][T21560] veth0_to_bond: entered allmulticast mode
[ 1460.685394][ T5901] page_pool_release_retry() stalled pool shutdown: id 113, 1 inflight 60 sec
[ 1460.720640][T21549] syzkaller0: entered promiscuous mode
[ 1460.738511][T21549] syzkaller0: entered allmulticast mode
[ 1460.867079][T20914] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1461.816730][T21598] loop7: detected capacity change from 0 to 128
[ 1462.504212][T20466] hid-generic 0000:0000:0000.0017: unknown main item tag 0x0
[ 1462.524565][T20466] hid-generic 0000:0000:0000.0017: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1463.429361][T21608] netlink: 'syz.6.3349': attribute type 10 has an invalid length.
[ 1465.554728][T21610] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3350'.
[ 1465.609606][T21608] 8021q: adding VLAN 0 to HW filter on device team0
[ 1465.662018][T21608] bond0: (slave team0): Enslaving as an active interface with an up link
[ 1465.854631][T21610] bond1: entered promiscuous mode
[ 1465.864704][T21610] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1465.957924][T21613] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1466.006375][T21613] bond1: (slave wireguard0): The slave device specified does not support setting the MAC address
[ 1466.053388][T21613] bond1: (slave wireguard0): Error -95 calling set_mac_address
[ 1467.332630][T11061] hid-generic 0000:0000:0000.0018: unknown main item tag 0x0
[ 1467.350849][T21667] netlink: 'syz.7.3361': attribute type 1 has an invalid length.
[ 1467.409399][T11061] hid-generic 0000:0000:0000.0018: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1467.764552][T21675] loop5: detected capacity change from 0 to 128
[ 1469.242136][T21681] loop6: detected capacity change from 0 to 512
[ 1469.377748][T21681] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1469.393675][T21681] ext4 filesystem being mounted at /533/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1469.477483][ T8017] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1469.589856][T21686] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3365'.
[ 1470.699672][T21693] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3367'.
[ 1472.243994][T21693] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR
[ 1472.247247][T21694] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wireguard%d": -EINTR
[ 1472.361011][T20914] veth0_vlan: entered promiscuous mode
[ 1472.496095][T20914] veth1_vlan: entered promiscuous mode
[ 1472.570809][T21705] loop7: detected capacity change from 0 to 512
[ 1472.921603][T20914] veth0_macvtap: entered promiscuous mode
[ 1472.932101][  T800] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[ 1472.977472][T20914] veth1_macvtap: entered promiscuous mode
[ 1472.999418][  T800] hid-generic 0000:0000:0000.0019: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1473.117885][T20914] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1473.157658][T21726] netlink: 'syz.9.3379': attribute type 10 has an invalid length.
[ 1473.177493][T20914] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1473.282124][T21733] loop6: detected capacity change from 0 to 128
[ 1473.306202][T14577] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1473.630121][  T131] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1473.938295][  T131] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1474.056889][  T131] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1474.258336][T21741] netlink: 12 bytes leftover after parsing attributes in process `syz.9.3385'.
[ 1474.577889][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1474.619105][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1474.763890][T21756] loop9: detected capacity change from 0 to 512
[ 1474.780554][ T5906] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1474.803470][ T5906] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1474.867611][T21756] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1475.335438][T21776] loop7: detected capacity change from 0 to 512
[ 1475.561497][T21781] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3398'.
[ 1475.589920][T19568] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1476.037768][T18233] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1476.053568][T18233] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1476.073815][T18233] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1476.089447][T18233] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1476.101220][T18233] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1476.432651][T21808] IPVS: set_ctl: invalid protocol: 59 10.1.0.255:20004
[ 1476.744462][T21820] loop6: detected capacity change from 0 to 512
[ 1476.815029][T21820] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1477.169898][T21826] loop7: detected capacity change from 0 to 4096
[ 1477.199364][T21826] EXT4-fs: Ignoring removed mblk_io_submit option
[ 1477.243905][T21826] EXT4-fs: Ignoring removed orlov option
[ 1477.582856][ T8017] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1478.204713][T14202] Bluetooth: hci2: command tx timeout
[ 1479.705846][T21902] loop9: detected capacity change from 0 to 1024
[ 1479.737828][T21902] EXT4-fs: Ignoring removed nobh option
[ 1479.775937][T21902] EXT4-fs: inline encryption not supported
[ 1479.801101][T21794] gre0 speed is unknown, defaulting to 1000
[ 1479.819850][T21902] EXT4-fs (loop9): bad geometry: bigalloc file system with non-zero first_data_block
[ 1479.819850][T21902] 
[ 1480.299272][T14202] Bluetooth: hci2: command tx timeout
[ 1480.664857][ T5694] hid-generic 0000:0000:0000.001A: unknown main item tag 0x0
[ 1480.719987][ T5694] hid-generic 0000:0000:0000.001A: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1480.998874][ T8864] bridge_slave_1: left allmulticast mode
[ 1481.037107][ T8864] bridge_slave_1: left promiscuous mode
[ 1481.070271][ T8864] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1481.134702][ T8864] bridge_slave_0: left allmulticast mode
[ 1481.162682][ T8864] bridge_slave_0: left promiscuous mode
[ 1481.187178][ T8864] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1481.522095][T21960] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3440'.
[ 1481.905838][ T8864] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1481.919811][ T8864] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1481.940279][ T8864] bond0 (unregistering): (slave team0): Releasing backup interface
[ 1481.950956][ T8864] bond0 (unregistering): Released all slaves
[ 1481.978148][ T8864] bond1 (unregistering): Released all slaves
[ 1482.363714][T14202] Bluetooth: hci2: command tx timeout
[ 1482.398524][T21976] bridge0: port 3(vlan2) entered blocking state
[ 1482.412764][T21976] bridge0: port 3(vlan2) entered disabled state
[ 1482.453589][T21976] vlan2: entered allmulticast mode
[ 1482.488406][T21976] geneve0: entered allmulticast mode
[ 1482.539320][T21980] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3449'.
[ 1482.548093][T21976] vlan2: entered promiscuous mode
[ 1482.573278][T21976] geneve0: entered promiscuous mode
[ 1482.684347][T21987] loop3: detected capacity change from 0 to 1024
[ 1482.728526][T21987] EXT4-fs: Ignoring removed orlov option
[ 1482.855595][T21987] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1483.011795][T20914] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1483.023014][T21980] bond1: entered promiscuous mode
[ 1483.058312][T21980] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1483.088647][T18629] hid-generic 0000:0000:0000.001B: unknown main item tag 0x0
[ 1483.188500][T18629] hid-generic 0000:0000:0000.001B: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1483.268489][T21986] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1483.299583][T21986] bond1: (slave wireguard0): The slave device specified does not support setting the MAC address
[ 1483.351538][T21986] bond1: (slave wireguard0): Error -95 calling set_mac_address
[ 1483.656234][T22022] syz_tun: entered allmulticast mode
[ 1483.810170][ T1309] ieee802154 phy0 wpan0: encryption failed: -22
[ 1483.816696][ T1309] ieee802154 phy1 wpan1: encryption failed: -22
[ 1484.452756][T14202] Bluetooth: hci2: command tx timeout
[ 1484.757448][ T8864] hsr_slave_0: left promiscuous mode
[ 1484.775076][ T8864] hsr_slave_1: left promiscuous mode
[ 1484.807942][ T8864] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1484.839637][ T8864] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1485.108346][T22059] loop6: detected capacity change from 0 to 512
[ 1485.234127][T22059] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1485.436916][T22072] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3470'.
[ 1485.748212][ T8017] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1486.151221][ T8864] team0 (unregistering): Port device team_slave_1 removed
[ 1486.180109][ T8864] team0 (unregistering): Port device team_slave_0 removed
[ 1486.311087][ T5744] hid-generic 0000:0000:0000.001C: unknown main item tag 0x0
[ 1486.346329][ T5744] hid-generic 0000:0000:0000.001C: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1486.580044][T22072] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR
[ 1486.581132][T22075] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wireguard%d": -EINTR
[ 1487.603532][ T8864] IPVS: stop unused estimator thread 0...
[ 1487.680981][T21794] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1487.702469][T21794] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1487.711386][T21794] bridge_slave_0: entered allmulticast mode
[ 1487.729925][T21794] bridge_slave_0: entered promiscuous mode
[ 1487.749002][T21794] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1487.766853][T21794] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1487.782801][T21794] bridge_slave_1: entered allmulticast mode
[ 1487.800153][T21794] bridge_slave_1: entered promiscuous mode
[ 1488.290452][T18233] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1488.296179][ T8864] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1488.316768][T18233] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1488.328279][T18233] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1488.340124][T18233] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1488.349727][T18233] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1488.627861][T21794] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1488.647173][T21794] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1488.786588][ T5281] 8021q: adding VLAN 0 to HW filter on device eth17
[ 1488.816379][T21794] team0: Port device team_slave_0 added
[ 1488.851925][T21794] team0: Port device team_slave_1 added
[ 1488.948150][T22151] netlink: 12 bytes leftover after parsing attributes in process `syz.9.3490'.
[ 1488.965512][ T8864] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1489.014938][T22152] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1489.022323][T22152] IPv6: NLM_F_CREATE should be set when creating new route
[ 1489.029573][T22152] IPv6: NLM_F_CREATE should be set when creating new route
[ 1489.070628][T22152] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1489.222740][T22151] bond1: entered promiscuous mode
[ 1489.242925][T22151] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1489.521126][ T8864] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1489.647171][T21794] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1489.677383][T21794] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1489.783634][T21794] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1489.985625][ T8864] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1490.105374][T21794] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1490.118618][T21794] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1490.193101][T21794] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1490.442416][T14202] Bluetooth: hci3: command tx timeout
[ 1490.554675][T21794] hsr_slave_0: entered promiscuous mode
[ 1490.594747][T21794] hsr_slave_1: entered promiscuous mode
[ 1490.626461][T21794] debugfs: 'hsr0' already exists in 'hsr'
[ 1490.654057][T21794] Cannot create hsr debugfs directory
[ 1490.677342][T22138] gre0 speed is unknown, defaulting to 1000
[ 1491.238388][T22200] loop1: detected capacity change from 0 to 8192
[ 1492.469537][T22236] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1492.469575][T22236] IPv6: NLM_F_CREATE should be set when creating new route
[ 1492.485162][T22236] IPv6: NLM_F_CREATE should be set when creating new route
[ 1492.503663][T22236] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1492.517947][ T8864] bridge_slave_1: left allmulticast mode
[ 1492.518014][ T8864] bridge_slave_1: left promiscuous mode
[ 1492.518255][ T8864] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1492.520995][ T8864] bridge_slave_0: left allmulticast mode
[ 1492.521061][ T8864] bridge_slave_0: left promiscuous mode
[ 1492.521262][ T8864] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1492.523095][T14202] Bluetooth: hci3: command tx timeout
[ 1492.841547][ T8864] bond2 (unregistering): (slave ip6gretap1): Releasing active interface
[ 1492.850949][ T8864] bond2 (unregistering): (slave ip6gretap1): the permanent HWaddr of slave - 16:cb:81:3a:27:c1 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[ 1493.195665][  T996] smc: removing ib device syz1
[ 1493.282667][  T996] smbdirect: ib_dev[syz1] removed
[ 1493.383244][ T8864] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1493.417162][ T8864] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1493.441500][ T8864] bond0 (unregistering): (slave team0): Releasing backup interface
[ 1493.483394][ T8864] bond0 (unregistering): Released all slaves
[ 1493.555736][ T8864] bond1 (unregistering): Released all slaves
[ 1493.681383][ T8864] bond2 (unregistering): (slave veth7): Releasing active interface
[ 1493.712538][ T8864] bond2 (unregistering): Released all slaves
[ 1493.930627][ T5281] 8021q: adding VLAN 0 to HW filter on device eth18
[ 1494.190984][ T5694] gre0 speed is unknown, defaulting to 1000
[ 1494.215579][ T5694] syz1: Port: 1 Link DOWN
[ 1494.602352][T18233] Bluetooth: hci3: command tx timeout
[ 1495.979185][T22303] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1495.988760][T22303] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1496.122770][T18233] Bluetooth: hci5: command 0x0406 tx timeout
[ 1496.682359][T14202] Bluetooth: hci3: command tx timeout
[ 1497.812079][T21794] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1497.871508][T21794] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 1497.886059][T21794] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1498.109424][T21794] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 1498.248280][   T29] IPVS: starting estimator thread 0...
[ 1498.432617][T22367] IPVS: using max 23 ests per chain, 55200 per kthread
[ 1499.184471][T21794] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1499.234001][T21794] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 1499.269799][T22138] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1499.306804][T22138] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1499.334432][T22138] bridge_slave_0: entered allmulticast mode
[ 1499.369495][T22138] bridge_slave_0: entered promiscuous mode
[ 1499.416357][T22138] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1499.457284][T22138] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1499.491865][T22138] bridge_slave_1: entered allmulticast mode
[ 1499.515329][T22138] bridge_slave_1: entered promiscuous mode
[ 1499.533253][T21794] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1499.556955][T21794] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 1499.597266][ T5281] 8021q: adding VLAN 0 to HW filter on device eth21
[ 1499.744945][T22138] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1499.765584][T22138] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1499.971738][T22138] team0: Port device team_slave_0 added
[ 1499.995266][T22138] team0: Port device team_slave_1 added
[ 1500.186602][T22138] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1500.222810][T22138] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1500.335776][T22138] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1500.903151][T22138] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1501.130892][T22138] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1501.223271][T22138] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1501.707800][T22138] hsr_slave_0: entered promiscuous mode
[ 1501.746404][T22138] hsr_slave_1: entered promiscuous mode
[ 1501.763363][T22138] debugfs: 'hsr0' already exists in 'hsr'
[ 1501.780640][T22138] Cannot create hsr debugfs directory
[ 1501.840934][ T8864] hsr_slave_0: left promiscuous mode
[ 1501.855716][ T8864] hsr_slave_1: left promiscuous mode
[ 1501.868834][ T8864] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1501.896851][ T8864] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1501.941344][ T8864] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1501.977472][ T8864] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1502.062750][ T8864] veth1_macvtap: left promiscuous mode
[ 1502.075161][ T8864] veth0_macvtap: left promiscuous mode
[ 1502.094655][ T8864] veth1_vlan: left promiscuous mode
[ 1502.106088][ T8864] veth0_vlan: left promiscuous mode
[ 1503.399667][ T8864] team0 (unregistering): Port device ªªªªªª removed
[ 1503.584443][ T8864] team0 (unregistering): Port device team_slave_1 removed
[ 1503.611584][ T8864] team0 (unregistering): Port device team_slave_0 removed
[ 1503.860813][ T5281] 8021q: adding VLAN 0 to HW filter on device eth22
[ 1504.328128][T22463] loop3: detected capacity change from 0 to 2048
[ 1504.360103][T22463] EXT4-fs: Ignoring removed mblk_io_submit option
[ 1504.408597][T22463] EXT4-fs: Ignoring removed mblk_io_submit option
[ 1504.525319][T22463] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1504.908122][T21794] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1505.270182][T21794] 8021q: adding VLAN 0 to HW filter on device team0
[ 1505.371496][   T48] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1505.378817][   T48] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1505.422411][T20914] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1505.479694][T14577] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1505.486904][T14577] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1506.144699][T22491] netlink: 'syz.9.3584': attribute type 1 has an invalid length.
[ 1507.138547][T22491] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR
[ 1507.149707][T22492] erspan0: entered allmulticast mode
[ 1507.939715][ T5281] 8021q: adding VLAN 0 to HW filter on device eth23
[ 1508.116780][T21794] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1508.510017][T22533] loop1: detected capacity change from 0 to 128
[ 1509.998603][T22541] loop3: detected capacity change from 0 to 4096
[ 1510.156518][T22541] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1510.419112][T20914] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1510.687502][T22570] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3602'.
[ 1510.734011][T22138] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1510.775451][T22138] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 1510.954734][T22580] loop1: detected capacity change from 0 to 128
[ 1510.967899][T22138] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1510.985383][T22580] vfat: Unknown parameter 'ÿÿ0x000000000000ee00'
[ 1511.010087][T22138] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 1511.050040][T22138] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1511.113255][T22138] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 1511.232065][T22138] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1511.339168][T22138] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 1512.407397][ T5281] 8021q: adding VLAN 0 to HW filter on device eth24
[ 1512.721341][T21794] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1513.000135][T22634] Bluetooth: MGMT ver 1.23
[ 1513.205917][T22138] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1513.341287][T22138] 8021q: adding VLAN 0 to HW filter on device team0
[ 1513.472831][T14577] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1513.480067][T14577] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1513.584240][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1513.591466][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1513.729207][T22664] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3620'.
[ 1514.879524][ T5744] hid-generic 0000:0000:0000.001D: unknown main item tag 0x0
[ 1514.941185][ T5744] hid-generic 0000:0000:0000.001D: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1515.072016][T21794] veth0_vlan: entered promiscuous mode
[ 1515.464949][T21794] veth1_vlan: entered promiscuous mode
[ 1515.640725][T21794] veth0_macvtap: entered promiscuous mode
[ 1515.700999][T21794] veth1_macvtap: entered promiscuous mode
[ 1515.781550][T22698] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3628'.
[ 1515.788340][T21794] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1515.957754][T22700] team0 (unregistering): Port device team_slave_0 removed
[ 1516.016471][T22700] team0 (unregistering): Port device team_slave_1 removed
[ 1516.096108][T21794] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1516.234880][ T8864] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1516.278333][ T8864] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1516.789242][ T8864] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1516.809877][ T8864] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1516.898252][T22726] syzkaller0: entered promiscuous mode
[ 1516.920543][T22726] syzkaller0: entered allmulticast mode
[ 1516.947091][T22736] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1517.025377][T22717] tipc: Resetting bearer <eth:syzkaller0>
[ 1517.101199][T22717] tipc: Disabling bearer <eth:syzkaller0>
[ 1517.449091][  T996] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1517.494897][  T996] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1517.621795][T22138] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1517.737093][T13796] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1517.758996][T13796] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1518.113546][   T29] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0
[ 1518.178811][   T29] hid-generic 0000:0000:0000.001E: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1518.270917][T22138] veth0_vlan: entered promiscuous mode
[ 1518.349808][T22138] veth1_vlan: entered promiscuous mode
[ 1518.577524][T22138] veth0_macvtap: entered promiscuous mode
[ 1518.638485][T22138] veth1_macvtap: entered promiscuous mode
[ 1518.748764][T22138] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1518.832225][T22138] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1518.910732][T22797] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3651'.
[ 1518.931430][T13478] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1518.977852][T13478] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1518.994447][T22800] netlink: 'syz.1.3652': attribute type 1 has an invalid length.
[ 1519.060914][T13478] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1519.090431][T13478] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1519.335142][T22800] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1519.375312][T22803] erspan0: entered allmulticast mode
[ 1521.906921][   T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1522.004325][   T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1522.429707][ T8864] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1522.573935][ T8864] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1522.752707][T22852] netlink: 28 bytes leftover after parsing attributes in process `syz.9.3667'.
[ 1522.930138][T22852] vlan3: entered allmulticast mode
[ 1523.275898][T22858] netlink: 'syz.1.3669': attribute type 1 has an invalid length.
[ 1523.381388][T22861] loop0: detected capacity change from 0 to 512
[ 1523.428197][T22858] 8021q: adding VLAN 0 to HW filter on device bond3
[ 1523.546525][T22861] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1523.757700][T22874] loop7: detected capacity change from 0 to 128
[ 1523.808999][T22880] loop1: detected capacity change from 0 to 128
[ 1523.830635][T22882] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3674'.
[ 1524.070261][T22883] erspan0: left allmulticast mode
[ 1524.245713][T22138] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1524.286697][T22883] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1524.300951][T22883] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1524.829834][T22883] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1524.879088][T22883] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1525.361460][  T996] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1525.387448][T22883] bond1: left promiscuous mode
[ 1525.444838][T22888] 8021q: adding VLAN 0 to HW filter on device macvlan0
[ 1525.465729][T22920] usb usb7: usbfs: process 22920 (syz.5.3687) did not claim interface 0 before use
[ 1525.494212][T22921] loop1: detected capacity change from 0 to 512
[ 1525.568279][   T48] netdevsim netdevsim9 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1525.588121][   T48] netdevsim netdevsim9 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1525.608996][   T48] netdevsim netdevsim9 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1525.658359][T22924] loop9: detected capacity change from 0 to 128
[ 1525.681560][   T48] netdevsim netdevsim9 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1526.044962][T13479] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1526.270356][T13479] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1526.565204][T13479] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1526.709261][T22951] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3696'.
[ 1526.916771][ T9870] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1526.930292][ T9870] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1526.939188][ T9870] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1526.948488][ T9870] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1526.957120][ T9870] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1527.034639][T13479] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1527.406573][T18233] Bluetooth: hci3: command 0x1003 tx timeout
[ 1527.407096][T14202] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 1528.660200][T22985] loop1: detected capacity change from 0 to 512
[ 1528.785520][T22989] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1528.792879][T22989] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1528.803214][T22989] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1528.810429][T22989] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1528.921152][T22989] bridge0: left promiscuous mode
[ 1529.002537][T14202] Bluetooth: hci4: command tx timeout
[ 1529.015048][T22998] loop3: detected capacity change from 0 to 128
[ 1529.211613][T22989] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1529.418465][T13479] bridge_slave_1: left allmulticast mode
[ 1529.441693][T13479] bridge_slave_1: left promiscuous mode
[ 1529.461471][T13479] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1529.481843][T13479] bridge_slave_0: left allmulticast mode
[ 1529.489624][T13479] bridge_slave_0: left promiscuous mode
[ 1529.503096][T13479] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1530.239173][T13479] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1530.271019][T13479] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1530.293376][T13479] bond0 (unregistering): Released all slaves
[ 1530.712084][T23014] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1531.084255][T14202] Bluetooth: hci4: command tx timeout
[ 1531.354514][T23059] loop5: detected capacity change from 0 to 512
[ 1531.812675][T23070] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3724'.
[ 1531.967607][T14202] Bluetooth: hci7: command 0x0406 tx timeout
[ 1532.351340][T13479] hsr_slave_0: left promiscuous mode
[ 1532.371382][T13479] hsr_slave_1: left promiscuous mode
[ 1532.393195][T13479] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1532.421345][T13479] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1532.444893][T13479] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1532.464165][T13479] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1532.524999][T13479] veth1_macvtap: left promiscuous mode
[ 1532.544616][T13479] veth0_macvtap: left promiscuous mode
[ 1532.562334][T13479] veth1_vlan: left promiscuous mode
[ 1532.578394][T13479] veth0_vlan: left promiscuous mode
[ 1533.212275][T18233] Bluetooth: hci4: command tx timeout
[ 1533.577462][T13479] team0 (unregistering): Port device team_slave_1 removed
[ 1533.612838][T13479] team0 (unregistering): Port device team_slave_0 removed
[ 1534.868943][T23118] syzkaller0: entered promiscuous mode
[ 1534.874673][T23118] syzkaller0: entered allmulticast mode
[ 1534.926927][T23134] loop1: detected capacity change from 0 to 4096
[ 1534.970621][T23132] loop9: detected capacity change from 0 to 4096
[ 1535.008607][T23132] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1535.253067][T18233] Bluetooth: hci4: command tx timeout
[ 1535.319624][T19568] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1542.253238][T23253] loop1: detected capacity change from 0 to 512
[ 1542.288949][T23253] EXT4-fs: inline encryption not supported
[ 1542.308461][T23249] loop7: detected capacity change from 0 to 1024
[ 1543.395576][T22952] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1543.424274][T22952] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1543.451293][T22952] bridge_slave_0: entered allmulticast mode
[ 1543.494727][T22952] bridge_slave_0: entered promiscuous mode
[ 1543.540603][T22952] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1543.576224][T22952] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1543.595812][T22952] bridge_slave_1: entered allmulticast mode
[ 1543.835473][T22952] bridge_slave_1: entered promiscuous mode
[ 1544.716652][T22952] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1544.740953][T23315] loop5: detected capacity change from 0 to 512
[ 1544.767379][T23315] EXT4-fs: inline encryption not supported
[ 1544.768784][T22952] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1544.930745][T23327] overlayfs: failed to resolve './file1/file0': -2
[ 1545.124514][T22952] team0: Port device team_slave_0 added
[ 1545.256221][ T1309] ieee802154 phy0 wpan0: encryption failed: -22
[ 1545.266923][ T1309] ieee802154 phy1 wpan1: encryption failed: -22
[ 1545.367603][T22952] team0: Port device team_slave_1 added
[ 1546.102615][T23343] syzkaller0: entered promiscuous mode
[ 1546.108263][T23343] syzkaller0: entered allmulticast mode
[ 1546.127258][T23344] tipc: Started in network mode
[ 1546.151477][T23344] tipc: Node identity c2627bf5b2cd, cluster identity 4711
[ 1546.191679][T23344] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1546.238853][T22952] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1546.277762][T22952] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1546.368769][T22952] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1546.426538][T23338] tipc: Resetting bearer <eth:syzkaller0>
[ 1546.548366][T23338] tipc: Disabling bearer <eth:syzkaller0>
[ 1546.626250][T22952] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1546.646208][T22952] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1546.746956][T22952] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1546.938970][T23317] loop7: detected capacity change from 0 to 32768
[ 1546.980551][T23317] workqueue: name exceeds WQ_NAME_LEN. Truncating to: gfs2-glock/__Š°"_½z#²˱1Ä
[ 1547.065016][T23317] gfs2: fsid=__Š°"_½z#²˱1Ä	¢ “I¡3ØÆÆåwÕÊ‚X9: Trying to join cluster "lock_nolock", "__Š°"_½z#²˱1Ä	¢ “I¡3ØÆÆåwÕÊ‚X9"
[ 1547.117921][T22952] hsr_slave_0: entered promiscuous mode
[ 1547.184937][T22952] hsr_slave_1: entered promiscuous mode
[ 1547.193266][T23317] gfs2: fsid=__Š°"_½z#²˱1Ä	¢ “I¡3ØÆÆåwÕÊ‚X9: Now mounting FS (format 0)...
[ 1547.209277][T22952] debugfs: 'hsr0' already exists in 'hsr'
[ 1547.227213][T22952] Cannot create hsr debugfs directory
[ 1547.423163][T23383] netlink: 'syz.1.3794': attribute type 1 has an invalid length.
[ 1547.596500][T23317] gfs2: fsid=__Š°"_½z#²˱1Ä	¢ “I¡3ØÆÆåwÕÊ‚X9.0: fatal: invalid metadata block - bh = 64 (type: exp=5, found=8), function = gfs2_meta_buffer, file = fs/gfs2/meta_io.c, line = 461
[ 1547.625791][T23317] CPU: 0 UID: 0 PID: 23317 Comm: syz.7.3780 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1547.625830][T23317] Tainted: [L]=SOFTLOCKUP
[ 1547.625840][T23317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1547.625857][T23317] Call Trace:
[ 1547.625867][T23317]  <TASK>
[ 1547.625878][T23317]  dump_stack_lvl+0xe8/0x150
[ 1547.625914][T23317]  gfs2_withdraw+0xc3/0x1b0
[ 1547.625956][T23317]  gfs2_meta_buffer+0x250/0x2e0
[ 1547.625996][T23317]  __gfs2_iomap_get+0x756/0x1840
[ 1547.626061][T23317]  ? __pfx___gfs2_iomap_get+0x10/0x10
[ 1547.626098][T23317]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1547.626131][T23317]  ? rcu_is_watching+0x15/0xb0
[ 1547.626172][T23317]  gfs2_block_map+0x2a3/0x750
[ 1547.626228][T23317]  ? __pfx_gfs2_block_map+0x10/0x10
[ 1547.626264][T23317]  ? __pfx_bit_wait_io+0x10/0x10
[ 1547.626301][T23317]  ? __pfx_out_of_line_wait_on_bit+0x10/0x10
[ 1547.626341][T23317]  ? __pfx_wake_bit_function+0x10/0x10
[ 1547.626379][T23317]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1547.626414][T23317]  ? __wait_on_buffer+0xe/0x80
[ 1547.626476][T23317]  gfs2_write_alloc_required+0x3b5/0x690
[ 1547.626513][T23317]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1547.626552][T23317]  ? __pfx_gfs2_write_alloc_required+0x10/0x10
[ 1547.626609][T23317]  ? __pfx_wake_up_bit+0x10/0x10
[ 1547.626650][T23317]  ? __pfx_wake_bit_function+0x10/0x10
[ 1547.626700][T23317]  gfs2_jdesc_check+0x21a/0x2f0
[ 1547.626733][T23317]  init_journal+0xc7e/0x2280
[ 1547.626787][T23317]  ? init_inodes+0xdb/0x320
[ 1547.626831][T23317]  ? __pfx_init_journal+0x10/0x10
[ 1547.626869][T23317]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1547.626900][T23317]  ? vsnprintf+0xdf1/0xee0
[ 1547.626937][T23317]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1547.626968][T23317]  ? snprintf+0xe8/0x140
[ 1547.626996][T23317]  ? init_inodes+0xdb/0x320
[ 1547.627035][T23317]  ? __pfx_snprintf+0x10/0x10
[ 1547.627062][T23317]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1547.627094][T23317]  ? gfs2_glock_nq_num+0x13d/0x170
[ 1547.627126][T23317]  init_inodes+0xdb/0x320
[ 1547.627168][T23317]  gfs2_fill_super+0x1a38/0x21d0
[ 1547.627227][T23317]  ? __pfx_gfs2_fill_super+0x10/0x10
[ 1547.627270][T23317]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1547.627306][T23317]  ? init_locking+0xb8/0x210
[ 1547.627342][T23317]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1547.627371][T23317]  ? sb_set_blocksize+0x155/0x240
[ 1547.627413][T23317]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1547.627443][T23317]  ? setup_bdev_super+0x4c1/0x5b0
[ 1547.627488][T23317]  get_tree_bdev_flags+0x431/0x4f0
[ 1547.627530][T23317]  ? __pfx_gfs2_fill_super+0x10/0x10
[ 1547.627568][T23317]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[ 1547.627607][T23317]  ? __pfx_vfs_parse_comma_sep+0x10/0x10
[ 1547.627649][T23317]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1547.627689][T23317]  gfs2_get_tree+0x51/0x1e0
[ 1547.627732][T23317]  vfs_get_tree+0x92/0x2a0
[ 1547.627775][T23317]  do_new_mount+0x341/0xd30
[ 1547.627805][T23317]  ? apparmor_capable+0x126/0x170
[ 1547.627854][T23317]  ? __pfx_do_new_mount+0x10/0x10
[ 1547.627884][T23317]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1547.627914][T23317]  ? ns_capable+0x89/0xe0
[ 1547.627945][T23317]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1547.627979][T23317]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1547.628016][T23317]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1547.628047][T23317]  ? user_path_at+0xd4/0x160
[ 1547.628086][T23317]  __se_sys_mount+0x31d/0x420
[ 1547.628127][T23317]  ? __pfx___se_sys_mount+0x10/0x10
[ 1547.628158][T23317]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1547.628197][T23317]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1547.628228][T23317]  ? __x64_sys_mount+0x20/0xc0
[ 1547.628266][T23317]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1547.628296][T23317]  do_syscall_64+0x15f/0xf80
[ 1547.628329][T23317]  ? trace_irq_disable+0x3b/0x140
[ 1547.628377][T23317]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1547.628403][T23317] RIP: 0033:0x7f451bf9e04a
[ 1547.628427][T23317] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1547.628449][T23317] RSP: 002b:00007f451cde9e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 1547.628476][T23317] RAX: ffffffffffffffda RBX: 00007f451cde9ee0 RCX: 00007f451bf9e04a
[ 1547.628496][T23317] RDX: 0000200000000000 RSI: 0000200000000040 RDI: 00007f451cde9ea0
[ 1547.628515][T23317] RBP: 0000200000000000 R08: 00007f451cde9ee0 R09: 000000000000881d
[ 1547.628533][T23317] R10: 000000000000881d R11: 0000000000000246 R12: 0000200000000040
[ 1547.628551][T23317] R13: 00007f451cde9ea0 R14: 0000000000012771 R15: 0000200000000100
[ 1547.628591][T23317]  </TASK>
[ 1547.629179][T23317] gfs2: fsid=__Š°"_½z#²˱1Ä	¢ “I¡3ØÆÆåwÕÊ‚X9.0: G:  s:SH n:2/13 f:aqo t:SH d:EX/0 a:0 v:0 r:2 m:20 p:5
[ 1548.102626][T23317] gfs2: fsid=__Š°"_½z#²˱1Ä	¢ “I¡3ØÆÆåwÕÊ‚X9.0:  H: s:SH f:eEcH e:0 p:0 [(none)] init_inodes+0xdb/0x320
[ 1548.220112][T23317] gfs2: fsid=__Š°"_½z#²˱1Ä	¢ “I¡3ØÆÆåwÕÊ‚X9.0:  I: n:1/19 t:8 f:0x00 d:0x00000200 s:8388608 p:0
[ 1548.312243][T23317] gfs2: fsid=__Š°"_½z#²˱1Ä	¢ “I¡3ØÆÆåwÕÊ‚X9.0: my journal (0) is bad: -5
[ 1548.469665][T23398] loop5: detected capacity change from 0 to 512
[ 1548.505723][T23398] EXT4-fs: inline encryption not supported
[ 1548.940673][T23411] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3798'.
[ 1550.325215][T23451] netlink: 'syz.7.3807': attribute type 1 has an invalid length.
[ 1550.447859][T23434] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1550.819316][T23451] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1550.883714][T23456] erspan0: entered allmulticast mode
[ 1551.260838][ T5281] 8021q: adding VLAN 0 to HW filter on device eth5
[ 1551.328484][T23482] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1551.367758][T23469] syzkaller0: entered promiscuous mode
[ 1551.373511][T23469] syzkaller0: entered allmulticast mode
[ 1551.970304][T23469] tipc: Resetting bearer <eth:syzkaller0>
[ 1552.108128][T23489] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3815'.
[ 1552.151810][T23492] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3814'.
[ 1552.442350][T18233] Bluetooth: hci0: command 0x0406 tx timeout
[ 1552.557878][T23468] tipc: Resetting bearer <eth:syzkaller0>
[ 1552.649995][T23502] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3819'.
[ 1552.667701][T23468] tipc: Disabling bearer <eth:syzkaller0>
[ 1552.707396][T17280] tipc: Node number set to 1963713619
[ 1552.986219][T23515] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3824'.
[ 1553.170577][T23520] loop1: detected capacity change from 0 to 512
[ 1554.112532][T22952] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1554.277116][T23553] loop3: detected capacity change from 0 to 164
[ 1554.537258][T22952] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 1554.656234][T23556] netlink: 64 bytes leftover after parsing attributes in process `syz.9.3834'.
[ 1554.939631][T22952] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1555.418797][T22952] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 1555.466461][T22952] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1555.608460][T22952] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 1555.616541][T22952] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1555.679429][T22952] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 1555.697080][T23565] loop9: detected capacity change from 0 to 128
[ 1555.731673][T23569] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3838'.
[ 1555.918268][T23565] EXT4-fs (loop9): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[ 1555.946112][T23565] ext4 filesystem being mounted at /146/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[ 1556.073919][T23575] loop1: detected capacity change from 0 to 8
[ 1556.608036][T23565] EXT4-fs error (device loop9): htree_dirblock_to_tree:1080: inode #2: block 4: comm syz.9.3839: bad entry in directory: directory entry overrun - offset=1012, inode=128, rec_len=65544, size=1024 fake=0
[ 1556.690527][T23565] EXT4-fs (loop9): Remounting filesystem read-only
[ 1556.947284][T19568] EXT4-fs (loop9): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[ 1557.058912][ T5281] 8021q: adding VLAN 0 to HW filter on device eth6
[ 1558.135119][T22952] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1558.238286][T22952] 8021q: adding VLAN 0 to HW filter on device team0
[ 1558.365741][  T996] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1558.372964][  T996] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1558.444454][  T996] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1558.451703][  T996] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1558.493459][T23610] loop9: detected capacity change from 0 to 4096
[ 1558.541126][T23617] loop3: detected capacity change from 0 to 128
[ 1558.588539][T23617] EXT4-fs: Ignoring removed nobh option
[ 1558.758073][T23617] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[ 1558.833135][T23617] ext4 filesystem being mounted at /98/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[ 1558.849520][T23617] EXT4-fs (loop3): resizing filesystem from 64 to 2 blocks
[ 1558.857500][T23617] EXT4-fs warning (device loop3): ext4_resize_fs:2041: can't shrink FS - resize aborted
[ 1559.121630][T23630] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3853'.
[ 1559.247555][T20914] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[ 1560.029551][T23641] ntfs3(loop9): ino=21, The size of extended attributes must not exceed 64KiB
[ 1561.291962][T23685] loop5: detected capacity change from 0 to 1024
[ 1561.340874][T23685] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945)
[ 1561.377575][T23685] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[ 1561.458199][ T5281] 8021q: adding VLAN 0 to HW filter on device eth7
[ 1561.478244][T23685] EXT4-fs (loop5): revision level too high, forcing read-only mode
[ 1561.592808][T23685] EXT4-fs (loop5): write access unavailable, skipping orphan cleanup
[ 1562.567423][T23685] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[ 1562.658018][T22952] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1562.691139][T23699] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3869'.
[ 1562.950402][T21794] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1564.028969][T23715] tipc: Started in network mode
[ 1564.060528][T23715] tipc: Node identity 4e1a7edc3d9b, cluster identity 4711
[ 1564.097964][T23715] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1564.132778][T23722] syzkaller0: entered promiscuous mode
[ 1564.155428][T23722] syzkaller0: entered allmulticast mode
[ 1564.272336][T23725] erspan0: left allmulticast mode
[ 1564.445160][T23725] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1564.452900][T23725] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1564.503689][T23725] bridge0: left allmulticast mode
[ 1564.577736][T23710] loop9: detected capacity change from 0 to 32768
[ 1564.611397][T23710] BTRFS: device fsid c6b85f58-0c7e-41ca-a553-c8d9f94f6663 devid 1 transid 8 /dev/loop9 (7:9) scanned by syz.9.3873 (23710)
[ 1564.701583][T23710] BTRFS info (device loop9): first mount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663
[ 1564.720698][T23710] BTRFS info (device loop9): using blake2b checksum algorithm
[ 1564.765349][T23725] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1564.851503][T23725] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1565.593272][T23710] BTRFS info (device loop9): enabling ssd optimizations
[ 1565.610340][T23710] BTRFS info (device loop9): turning on async discard
[ 1565.627556][T23710] BTRFS info (device loop9): enabling free space tree
[ 1565.936971][T19568] BTRFS info (device loop9): last unmount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663
[ 1566.005750][T23725] vlan0: left allmulticast mode
[ 1566.061752][T23731] tipc: Resetting bearer <eth:syzkaller0>
[ 1566.120989][T23714] tipc: Resetting bearer <eth:syzkaller0>
[ 1566.201060][T23714] tipc: Disabling bearer <eth:syzkaller0>
[ 1566.274174][T13478] netdevsim netdevsim7 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[ 1566.306513][T13478] netdevsim netdevsim7 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1566.346542][T13478] netdevsim netdevsim7 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[ 1566.366303][T13478] netdevsim netdevsim7 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1566.400238][  T800] tipc: Node number set to 1937866460
[ 1566.475320][ T5281] 8021q: adding VLAN 0 to HW filter on device eth8
[ 1566.508734][T13478] netdevsim netdevsim7 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[ 1566.558519][T13478] netdevsim netdevsim7 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1566.610532][T13478] netdevsim netdevsim7 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[ 1566.629979][T13478] netdevsim netdevsim7 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1566.900692][T22952] veth0_vlan: entered promiscuous mode
[ 1566.987652][T22952] veth1_vlan: entered promiscuous mode
[ 1567.187418][T22952] veth0_macvtap: entered promiscuous mode
[ 1567.328864][T22952] veth1_macvtap: entered promiscuous mode
[ 1567.375675][T22952] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1567.398410][T22952] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1567.485291][ T8864] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1567.551199][ T8864] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1567.609130][ T8864] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1567.658760][ T8864] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1567.792054][T14202] Bluetooth: hci7: ACL packet for unknown connection handle 200
[ 1568.475681][T13478] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1568.510273][T13478] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1569.035826][T13087] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1569.104485][T13087] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1569.397928][T23846] erspan0: entered allmulticast mode
[ 1570.026034][T23871] syzkaller0: entered promiscuous mode
[ 1570.056365][T23871] syzkaller0: entered allmulticast mode
[ 1570.146074][T23869] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1570.239713][T23874] netlink: 'syz.5.3912': attribute type 10 has an invalid length.
[ 1570.248044][ T5744] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[ 1570.352212][T23867] tipc: Resetting bearer <eth:syzkaller0>
[ 1570.468912][T23867] tipc: Disabling bearer <eth:syzkaller0>
[ 1570.482522][ T5744] usb 10-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 1570.492922][ T5744] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1570.533378][T23874] 8021q: adding VLAN 0 to HW filter on device team0
[ 1570.561457][T23874] bond0: (slave team0): Enslaving as an active interface with an up link
[ 1570.576564][ T5744] usb 10-1: Product: syz
[ 1570.594979][ T5744] usb 10-1: Manufacturer: syz
[ 1570.607070][ T5744] usb 10-1: SerialNumber: syz
[ 1570.635247][ T5744] usb 10-1: config 0 descriptor??
[ 1571.295740][T23904] tipc: Enabled bearer <udp:syz2>, priority 10
[ 1571.500405][ T5744] usb 10-1: Firmware version (0.0) predates our first public release.
[ 1571.527776][ T5744] usb 10-1: Please update to version 0.2 or newer
[ 1572.380670][ T5744] usb 10-1: USB disconnect, device number 2
[ 1573.723278][T23926] syzkaller0: entered promiscuous mode
[ 1573.751841][T23934] netlink: 20 bytes leftover after parsing attributes in process `syz.9.3928'.
[ 1573.761118][T23926] syzkaller0: entered allmulticast mode
[ 1573.811841][T23934] netlink: 20 bytes leftover after parsing attributes in process `syz.9.3928'.
[ 1573.841409][T23934] netlink: 'syz.9.3928': attribute type 10 has an invalid length.
[ 1574.597510][T23939] loop5: detected capacity change from 0 to 1024
[ 1574.809835][T23944] use of bytesused == 0 is deprecated and will be removed in the future,
[ 1574.853592][T23944] use the actual size instead.
[ 1576.306170][T23972] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3941'.
[ 1577.496873][T23990] netlink: 'syz.1.3945': attribute type 1 has an invalid length.
[ 1577.608371][T23993] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3948'.
[ 1577.756852][T23990] 8021q: adding VLAN 0 to HW filter on device bond4
[ 1579.215796][T24022] loop5: detected capacity change from 0 to 128
[ 1580.281339][T24043] loop1: detected capacity change from 0 to 512
[ 1580.652636][T24045] loop7: detected capacity change from 0 to 32768
[ 1580.659853][T24045] btrfs: Deprecated parameter 'usebackuproot'
[ 1580.665977][T24045] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[ 1580.689264][T24045] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.3961 (24045)
[ 1580.702560][T24045] BTRFS error: failed to open device for path /dev/loop7 with flags 0x23: -13
[ 1580.882363][  T800] usb 6-1: new high-speed USB device number 47 using dummy_hcd
[ 1581.110142][  T800] usb 6-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 1581.139264][  T800] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1581.177481][  T800] usb 6-1: Product: syz
[ 1581.184321][  T800] usb 6-1: Manufacturer: syz
[ 1581.201591][  T800] usb 6-1: SerialNumber: syz
[ 1581.230362][  T800] usb 6-1: config 0 descriptor??
[ 1581.688092][T24068] loop9: detected capacity change from 0 to 4096
[ 1581.797985][T24073] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3967'.
[ 1581.850126][T24075] NILFS (loop9): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1581.885356][  T800] usb 6-1: Firmware version (0.0) predates our first public release.
[ 1581.922081][  T800] usb 6-1: Please update to version 0.2 or newer
[ 1582.230908][  T800] usb 6-1: USB disconnect, device number 47
[ 1584.385719][T24087] loop9: detected capacity change from 0 to 512
[ 1584.408930][T24087] EXT4-fs (loop9): Test dummy encryption mode enabled
[ 1584.416866][T24087] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode
[ 1584.460322][T24087] EXT4-fs error (device loop9): ext4_orphan_get:1423: comm syz.9.3971: bad orphan inode 131083
[ 1584.470786][T24087] loop9: lost filesystem error report for type 5 error -117
[ 1584.472179][    C0] EXT4-fs (loop9): error count since last fsck: 1
[ 1584.485957][    C0] EXT4-fs (loop9): initial error at time 1778148505: ext4_orphan_get:1423
[ 1584.494509][    C0] EXT4-fs (loop9): last error at time 1778148505: ext4_orphan_get:1423
[ 1584.630005][T24087] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1584.918184][T19568] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1585.558616][T18233] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1585.596072][T18233] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1585.613491][T18233] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1585.629020][T18233] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1585.654229][T18233] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1586.014922][T24128] loop4: detected capacity change from 0 to 512
[ 1586.094024][T24128] EXT4-fs: Ignoring removed nobh option
[ 1586.141217][T24128] fscrypt (loop4, inode 2): Error -61 getting encryption context
[ 1586.270959][T24128] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -61
[ 1586.310327][T20914] syz_tun (unregistering): left allmulticast mode
[ 1586.317211][T24128] EXT4-fs error (device loop4): ext4_orphan_get:1397: inode #13: comm syz.4.3983: inode has both inline data and extents flags
[ 1586.317251][T24128] loop4: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117
[ 1586.332137][    C1] EXT4-fs (loop4): error count since last fsck: 1
[ 1586.347758][    C1] EXT4-fs (loop4): initial error at time 1778148507: ext4_orphan_get:1397: inode 13
[ 1586.357199][    C1] EXT4-fs (loop4): last error at time 1778148507: ext4_orphan_get:1397: inode 13
[ 1586.387491][T24128] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz.4.3983: couldn't read orphan inode 13 (err -117)
[ 1586.460636][T24128] loop4: lost filesystem error report for type 5 error -117
[ 1586.468872][T24128] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1586.599684][T24136] loop9: detected capacity change from 0 to 256
[ 1586.647740][T24136] vfat: Unknown parameter 'nnonumtail'
[ 1587.093033][T23802] Set syz1 is full, maxelem 65536 reached
[ 1587.259596][T22952] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1587.724666][T18233] Bluetooth: hci3: command tx timeout
[ 1589.822289][T18233] Bluetooth: hci3: command tx timeout
[ 1590.435707][   T36] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1590.968148][   T36] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1591.131541][   T30] audit: type=1800 audit(1778148511.991:198): pid=24180 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.3994" name="file0" dev="fuse" ino=0 res=0 errno=0
[ 1591.929804][T18233] Bluetooth: hci3: command tx timeout
[ 1592.225864][   T36] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1593.588839][   T36] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1593.801970][T24236] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1593.809770][T24236] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1593.962526][T18233] Bluetooth: hci3: command tx timeout
[ 1594.039362][T24227] loop1: detected capacity change from 0 to 32768
[ 1594.085188][T24227] BTRFS info: device /dev/loop1 (7:1) using temp-fsid 8c72d9ec-29bb-4589-93dd-4e53f1d8538b
[ 1594.099751][T24236] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1594.133953][T24227] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.4006 (24227)
[ 1594.155209][T24236] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1594.205510][T24227] BTRFS error: failed to open device for path /dev/loop1 with flags 0x23: -13
[ 1595.683346][T13087] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1595.702572][T13087] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1595.848470][T13087] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1595.874016][T14577] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1596.598365][T24298] loop4: detected capacity change from 0 to 32768
[ 1596.606917][T24298] BTRFS warning: excessive commit interval 65536, use with care
[ 1596.614876][T24298] btrfs: Unknown parameter 'check_int'
[ 1596.745442][   T36] bridge_slave_1: left allmulticast mode
[ 1596.757512][   T36] bridge_slave_1: left promiscuous mode
[ 1596.792485][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1596.842581][T14202] Bluetooth: hci0: command 0x1003 tx timeout
[ 1596.855820][T18233] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 1596.918927][   T36] bridge_slave_0: left allmulticast mode
[ 1596.969226][   T36] bridge_slave_0: left promiscuous mode
[ 1596.989623][T24312] netlink: 'syz.1.4024': attribute type 20 has an invalid length.
[ 1596.997400][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1598.542347][T18233] Bluetooth: hci2: command 0x0406 tx timeout
[ 1598.561941][T24350] loop4: detected capacity change from 0 to 512
[ 1599.248730][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1599.327730][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1599.419013][   T36] bond0 (unregistering): Released all slaves
[ 1599.578192][T24369] loop4: detected capacity change from 0 to 512
[ 1599.750480][T24369] EXT4-fs error (device loop4): ext4_get_branch:178: inode #11: block 4294967295: comm syz.4.4036: invalid block
[ 1599.776498][   T36] tipc: Left network mode
[ 1599.785685][T24369] loop4: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
[ 1599.802129][    C1] EXT4-fs (loop4): error count since last fsck: 1
[ 1599.817793][    C1] EXT4-fs (loop4): initial error at time 1778148520: ext4_get_branch:178: inode 11: block 4294967295
[ 1599.828728][    C1] EXT4-fs (loop4): last error at time 1778148520: ext4_get_branch:178: inode 11: block 4294967295
[ 1599.969931][T24369] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.4036: invalid indirect mapped block 4294967295 (level 1)
[ 1600.019870][T24382] loop9: detected capacity change from 0 to 16
[ 1600.599190][T24369] loop4: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
[ 1600.623810][T24382] erofs (device loop9): mounted with root inode @ nid 36.
[ 1600.717159][T24369] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.4036: invalid indirect mapped block 4294967295 (level 1)
[ 1600.766413][T24369] loop4: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
[ 1600.778100][T24369] EXT4-fs (loop4): 2 truncates cleaned up
[ 1600.797923][T24369] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1600.964369][T24369] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.4036: bg 0: block 5: invalid block bitmap
[ 1601.055071][T24369] overlayfs: failed to verify upper root origin
[ 1601.319668][T22952] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1601.430933][T24394] syzkaller0: entered promiscuous mode
[ 1601.468311][T24394] syzkaller0: entered allmulticast mode
[ 1601.799747][T24413] xt_TPROXY: Can be used only with -p tcp or -p udp
[ 1601.895741][T24413] overlayfs: overlapping lowerdir path
[ 1602.339419][T24397] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1602.446698][T24390] tipc: Resetting bearer <eth:syzkaller0>
[ 1602.605153][T24390] tipc: Disabling bearer <eth:syzkaller0>
[ 1602.841635][   T36] hsr_slave_0: left promiscuous mode
[ 1602.886091][   T36] hsr_slave_1: left promiscuous mode
[ 1602.914333][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1602.923873][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1602.939620][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1602.951009][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1602.979590][   T36] veth1_macvtap: left promiscuous mode
[ 1602.996369][   T36] veth0_macvtap: left promiscuous mode
[ 1603.003917][   T36] veth1_vlan: left promiscuous mode
[ 1603.009370][   T36] veth0_vlan: left promiscuous mode
[ 1605.057371][T24114] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1605.088648][T24114] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1605.181164][T24114] bridge_slave_0: entered allmulticast mode
[ 1605.192470][T24114] bridge_slave_0: entered promiscuous mode
[ 1605.204272][T24114] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1605.211849][T24114] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1605.221453][T24114] bridge_slave_1: entered allmulticast mode
[ 1605.244581][T24114] bridge_slave_1: entered promiscuous mode
[ 1605.283015][T24489] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[ 1606.000350][T24114] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1606.060891][T24114] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1606.242837][T24504] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4069'.
[ 1606.393070][T24503] loop9: detected capacity change from 0 to 512
[ 1607.045353][ T1309] ieee802154 phy0 wpan0: encryption failed: -22
[ 1607.056402][ T1309] ieee802154 phy1 wpan1: encryption failed: -22
[ 1607.126290][T24114] team0: Port device team_slave_0 added
[ 1607.160222][T24503] EXT4-fs (loop9): feature flags set on rev 0 fs, running e2fsck is recommended
[ 1607.178343][T24114] team0: Port device team_slave_1 added
[ 1607.221663][T24503] EXT4-fs (loop9): mounting ext2 file system using the ext4 subsystem
[ 1607.279580][T24503] EXT4-fs (loop9): warning: checktime reached, running e2fsck is recommended
[ 1607.319702][   T36] IPVS: stop unused estimator thread 0...
[ 1607.371519][T24503] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002]
[ 1607.392655][T24503] System zones: 0-2, 18-18, 34-34
[ 1607.443440][T24503] EXT4-fs error (device loop9): ext4_orphan_get:1423: comm syz.9.4071: bad orphan inode 15
[ 1607.494790][T24503] loop9: lost filesystem error report for type 5 error -117
[ 1607.502747][    C1] EXT4-fs (loop9): error count since last fsck: 1
[ 1607.516547][    C1] EXT4-fs (loop9): initial error at time 1778148528: ext4_orphan_get:1423
[ 1607.525085][    C1] EXT4-fs (loop9): last error at time 1778148528: ext4_orphan_get:1423
[ 1607.661103][T24526] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4074'.
[ 1607.698610][T24503] ext4_test_bit(bit=14, block=18) = 1
[ 1607.762540][T24114] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1607.800089][T24503] is_bad_inode(inode)=0
[ 1607.829136][T24114] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1607.882589][T24503] NEXT_ORPHAN(inode)=2264924160
[ 1607.906661][T24503] max_ino=32
[ 1607.964480][T24503] i_nlink=0
[ 1608.249134][T24114] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1608.331442][T24114] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1608.384184][T24114] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1608.413473][T24503] EXT4-fs error (device loop9): ext4_do_update_inode:5690: inode #15: comm syz.9.4071: corrupted inode contents
[ 1608.494374][T24503] loop9: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[ 1608.496197][T24503] EXT4-fs error (device loop9): ext4_dirty_inode:6587: inode #15: comm syz.9.4071: mark_inode_dirty error
[ 1608.540743][T24114] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1608.588336][T24503] loop9: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[ 1608.589008][T24503] EXT4-fs error (device loop9): ext4_do_update_inode:5690: inode #15: comm syz.9.4071: corrupted inode contents
[ 1608.682077][T24503] loop9: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[ 1608.682770][T24503] EXT4-fs error (device loop9): ext4_xattr_delete_inode:3001: inode #15: comm syz.9.4071: mark_inode_dirty error
[ 1608.771711][T24503] loop9: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[ 1608.772317][T24503] EXT4-fs error (device loop9): ext4_xattr_delete_inode:3004: inode #15: comm syz.9.4071: mark inode dirty (error -117)
[ 1608.854978][T24503] loop9: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[ 1608.860407][T24503] EXT4-fs warning (device loop9): ext4_evict_inode:287: xattr delete (err -117)
[ 1608.940420][T24503] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1609.018899][T24114] hsr_slave_0: entered promiscuous mode
[ 1609.075525][T24114] hsr_slave_1: entered promiscuous mode
[ 1610.309019][T24559] syzkaller0: entered promiscuous mode
[ 1610.372775][T24559] syzkaller0: entered allmulticast mode
[ 1610.467236][T24506] EXT4-fs error (device loop9): ext4_search_dir:1474: inode #2: block 3: comm syz.9.4071: bad entry in directory: directory entry overrun - offset=44, inode=262156, rec_len=4096, size=4096 fake=0
[ 1610.514195][T24565] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1610.678912][T24547] tipc: Resetting bearer <eth:syzkaller0>
[ 1610.895319][T24547] tipc: Disabling bearer <eth:syzkaller0>
[ 1611.006649][T19568] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1611.255750][T24588] bridge_slave_0: left allmulticast mode
[ 1611.273453][T24588] bridge_slave_0: left promiscuous mode
[ 1611.294391][T24588] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1611.334514][T24588] bridge_slave_1: left allmulticast mode
[ 1611.340737][T24588] bridge_slave_1: left promiscuous mode
[ 1611.348472][T24588] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1612.175494][T24588] bond0: (slave bond_slave_0): Releasing backup interface
[ 1612.204067][T24588] bond0: (slave bond_slave_1): Releasing backup interface
[ 1612.249643][T24588] team0: Port device team_slave_0 removed
[ 1612.287539][T24588] team0: Port device team_slave_1 removed
[ 1612.301692][T24588] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1612.318775][T24600] netlink: 4 bytes leftover after parsing attributes in process `syz.9.4092'.
[ 1612.340785][T24588] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1612.371931][T24588] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1612.385697][T24588] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1612.396434][T24588] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[ 1612.430459][T24591] bridge0: port 3(vlan2) entered blocking state
[ 1612.437006][T24591] bridge0: port 3(vlan2) entered disabled state
[ 1612.445963][T24591] vlan2: entered allmulticast mode
[ 1612.453175][T24591] geneve0: entered allmulticast mode
[ 1612.485467][T24591] vlan2: entered promiscuous mode
[ 1612.491711][T24591] geneve0: entered promiscuous mode
[ 1612.562732][T24590] ip6gre1: entered allmulticast mode
[ 1612.614717][T24590] team0: Port device ip6gre1 added
[ 1613.615129][T24614] loop1: detected capacity change from 0 to 2048
[ 1614.297120][T24635] loop7: detected capacity change from 0 to 16
[ 1614.973075][T24638] tipc: Started in network mode
[ 1614.989377][T24638] tipc: Node identity 6e2a79e1ab46, cluster identity 4711
[ 1615.004339][T24638] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1615.038082][T24651] syzkaller0: entered promiscuous mode
[ 1615.085299][T24651] syzkaller0: entered allmulticast mode
[ 1615.259489][T24664] netlink: 'syz.9.4106': attribute type 1 has an invalid length.
[ 1615.301517][T24632] tipc: Resetting bearer <eth:syzkaller0>
[ 1615.397548][T24632] tipc: Disabling bearer <eth:syzkaller0>
[ 1616.108895][ T5281] 8021q: adding VLAN 0 to HW filter on device eth9
[ 1616.287131][T24687] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4114'.
[ 1616.647487][T24690] loop5: detected capacity change from 0 to 16
[ 1617.712570][T24114] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1618.384759][T24114] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 1618.403230][T24114] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1618.464560][T24114] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 1618.530917][T24114] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1618.607083][T24114] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 1618.640045][T24114] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1618.651764][ T9870] Bluetooth: hci5: unexpected event for opcode 0x0c25
[ 1618.732001][T24114] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 1619.372406][T24114] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1619.732705][T24114] 8021q: adding VLAN 0 to HW filter on device team0
[ 1620.345005][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1620.352259][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1620.429522][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1620.436740][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1620.542386][T24763] netlink: 'syz.1.4126': attribute type 1 has an invalid length.
[ 1620.669721][T24763] 8021q: adding VLAN 0 to HW filter on device bond5
[ 1620.770217][T24766] vlan2: entered allmulticast mode
[ 1620.781030][T24766] veth0_to_bond: entered allmulticast mode
[ 1620.823118][T24766] bond5: (slave vlan2): Enslaving as an active interface with an up link
[ 1620.890503][ T5281] 8021q: adding VLAN 0 to HW filter on device eth10
[ 1621.559177][T24782] netlink: 64 bytes leftover after parsing attributes in process `syz.7.4130'.
[ 1623.146080][T24773] loop4: detected capacity change from 0 to 32768
[ 1623.191213][T24773] XFS (loop4): invalid logbufsize: 71680 [not 16k,32k,64k,128k or 256k]
[ 1623.601234][T24114] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1623.812402][T24831] loop4: detected capacity change from 0 to 4096
[ 1624.055402][T24831] ntfs3(loop4): ino=21, The size of extended attributes must not exceed 64KiB
[ 1624.878500][T24834] netlink: 'syz.9.4140': attribute type 4 has an invalid length.
[ 1624.964755][T24860] netlink: 64 bytes leftover after parsing attributes in process `syz.5.4143'.
[ 1625.758180][T24114] veth0_vlan: entered promiscuous mode
[ 1625.817813][T24114] veth1_vlan: entered promiscuous mode
[ 1625.916870][T24865] loop4: detected capacity change from 0 to 4096
[ 1625.950517][T24114] veth0_macvtap: entered promiscuous mode
[ 1625.958254][T24871] loop1: detected capacity change from 0 to 8
[ 1625.999799][T24114] veth1_macvtap: entered promiscuous mode
[ 1626.045455][T24874] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1626.147211][T24114] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1626.264869][T24114] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1626.317263][T24865] NILFS (loop4): nilfs_sufile_do_free: segment 3 is already clean
[ 1626.369279][T13479] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1626.414969][T13479] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1626.432283][T24865] NILFS (loop4): nilfs_sufile_do_free: segment 9 is already clean
[ 1626.466475][T13479] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1626.528906][T13479] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1627.312033][T24900] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[ 1628.533597][T24913] netlink: 48 bytes leftover after parsing attributes in process `syz.7.4153'.
[ 1629.126777][  T996] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1629.141572][  T996] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1629.891808][  T996] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1629.979637][  T996] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1630.235659][T24930] loop9: detected capacity change from 0 to 512
[ 1630.248702][T24930] EXT4-fs: Ignoring removed i_version option
[ 1630.277990][T24930] EXT4-fs: Ignoring removed nobh option
[ 1630.432772][T24930] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode
[ 1630.912564][T24930] EXT4-fs (loop9): 1 truncate cleaned up
[ 1630.983120][T24930] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1631.234724][T24944] loop4: detected capacity change from 0 to 8
[ 1632.072220][T19568] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1633.093498][T24984] netlink: 48 bytes leftover after parsing attributes in process `syz.5.4168'.
[ 1633.209962][T24938] loop1: detected capacity change from 0 to 32768
[ 1633.237887][T24938] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.4162 (24938)
[ 1633.279117][T24938] BTRFS error: failed to open device for path /dev/loop1 with flags 0x23: -13
[ 1633.489067][T24992] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4171'.
[ 1635.154793][T25019] loop1: detected capacity change from 0 to 512
[ 1636.610358][T25038] netlink: 'syz.4.4182': attribute type 1 has an invalid length.
[ 1636.746763][T25041] loop9: detected capacity change from 0 to 512
[ 1636.759725][T25046] erspan0: entered allmulticast mode
[ 1636.784700][T25041] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 1636.860264][T25041] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode
[ 1636.975411][T25041] EXT4-fs (loop9): 1 truncate cleaned up
[ 1637.017299][T25041] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1637.064427][T25061] netlink: 48 bytes leftover after parsing attributes in process `syz.5.4186'.
[ 1637.701513][T25076] netlink: 64 bytes leftover after parsing attributes in process `syz.1.4188'.
[ 1638.417422][T19568] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1638.525571][T25078] syzkaller0: entered promiscuous mode
[ 1638.556170][T25078] syzkaller0: entered allmulticast mode
[ 1638.610232][T25080] ip6gre1: entered allmulticast mode
[ 1638.646723][T25080] team0: Device ip6gre1 is of different type
[ 1638.896070][T25085] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1639.039105][T25083] tipc: Disabling bearer <eth:syzkaller0>
[ 1641.110143][T25120] loop1: detected capacity change from 0 to 512
[ 1641.432254][T17280] usb 6-1: new high-speed USB device number 48 using dummy_hcd
[ 1641.677788][T17280] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[ 1641.846480][T17280] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[ 1642.017288][T17280] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[ 1642.094953][T17280] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0
[ 1642.162049][T17280] usb 6-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[ 1642.192195][T17280] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1642.258610][T17280] usb 6-1: config 0 descriptor??
[ 1642.375424][T17280] usb 6-1: can't set config #0, error -71
[ 1642.428248][T17280] usb 6-1: USB disconnect, device number 48
[ 1643.037182][T25161] netlink: 64 bytes leftover after parsing attributes in process `syz.8.4205'.
[ 1643.911084][T25169] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1644.979503][T25168] tipc: Disabling bearer <eth:syzkaller0>
[ 1645.097331][T25191] erspan0: entered allmulticast mode
[ 1645.134010][ T5744] tipc: Node number set to 3312220641
[ 1645.545579][T25217] loop1: detected capacity change from 0 to 16
[ 1645.559490][T25216] loop8: detected capacity change from 0 to 512
[ 1645.581487][T25217] MTD: Attempt to mount non-MTD device "/dev/loop1"
[ 1646.108566][T25211] loop1: detected capacity change from 0 to 512
[ 1646.116282][T25211] msdos: Unknown parameter 'commit'
[ 1648.108654][T25247] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4232'.
[ 1648.296388][T25251] loop1: detected capacity change from 0 to 512
[ 1648.356192][T25251] EXT4-fs: Ignoring removed nobh option
[ 1648.474682][T25255] syzkaller0: entered promiscuous mode
[ 1648.511048][T25255] syzkaller0: entered allmulticast mode
[ 1648.891898][    C0] vxcan0: j1939_tp_rxtimer: 0xffff888053a66800: rx timeout, send abort
[ 1648.975870][T25275] loop9: detected capacity change from 0 to 512
[ 1649.178034][T25274] syzkaller0: entered promiscuous mode
[ 1649.194437][T25274] syzkaller0: entered allmulticast mode
[ 1649.392130][    C0] vxcan0: j1939_tp_rxtimer: 0xffff888052dd1000: rx timeout, send abort
[ 1649.401562][    C0] vxcan0: j1939_tp_rxtimer: 0xffff888053a66800: abort rx timeout. Force session deactivation
[ 1649.829616][T25297] netlink: 40 bytes leftover after parsing attributes in process `syz.8.4250'.
[ 1649.900569][    C0] vxcan0: j1939_tp_rxtimer: 0xffff888052dd1000: abort rx timeout. Force session deactivation
[ 1649.912323][ T9870] Bluetooth: hci4: command 0x0406 tx timeout
[ 1650.958469][T25316] loop7: detected capacity change from 0 to 8
[ 1656.787324][    C1] vxcan0: j1939_tp_rxtimer: 0xffff88807b877000: rx timeout, send abort
[ 1657.265951][T25407] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input67
[ 1657.287567][    C1] vxcan0: j1939_tp_rxtimer: 0xffff88802758c800: rx timeout, send abort
[ 1657.296010][    C1] vxcan0: j1939_tp_rxtimer: 0xffff88807b877000: abort rx timeout. Force session deactivation
[ 1657.765376][T25416] loop5: detected capacity change from 0 to 2048
[ 1657.795940][    C1] vxcan0: j1939_tp_rxtimer: 0xffff88802758c800: abort rx timeout. Force session deactivation

syzkaller
syzkaller login: [ 1659.045309][T25433] loop9: detected capacity change from 0 to 2048
[ 1659.143009][T25433] UDF-fs: error (device loop9): udf_process_sequence: Primary Volume Descriptor not found!
[ 1659.256239][T25433] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1660.145150][T25461] loop7: detected capacity change from 0 to 512
[ 1661.035376][T25472] netlink: 'syz.1.4287': attribute type 10 has an invalid length.
[ 1661.152436][T25472] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1661.210093][T25472] 8021q: adding VLAN 0 to HW filter on device team0
[ 1661.220146][T25475] loop4: detected capacity change from 0 to 2048
[ 1661.264810][T25475] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=3932051, location=3932051
[ 1661.303349][T25472] bond0: (slave team0): Enslaving as an active interface with an up link
[ 1661.361043][T25475] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1663.237638][T25433] UDF-fs: error (device loop9): udf_truncate_tail_extent: Extent after EOF in inode 1346
[ 1663.485800][T25501] loop1: detected capacity change from 0 to 512
[ 1663.826152][T25477] loop7: detected capacity change from 0 to 32768
[ 1665.258030][   T48] kworker/u8:3: attempt to access beyond end of device
[ 1665.258030][   T48] loop9: rw=1, sector=2048, nr_sectors = 1 limit=2048
[ 1665.286013][   T48] Buffer I/O error on dev loop9, logical block 2048, lost async page write
[ 1665.329258][   T48] kworker/u8:3: attempt to access beyond end of device
[ 1665.329258][   T48] loop9: rw=1, sector=2048, nr_sectors = 1 limit=2048
[ 1665.425372][   T48] Buffer I/O error on dev loop9, logical block 2048, lost async page write
[ 1665.516794][T25535] netlink: 4 bytes leftover after parsing attributes in process `syz.8.4306'.
[ 1666.082216][   T48] kworker/u8:3: attempt to access beyond end of device
[ 1666.082216][   T48] loop9: rw=1, sector=2053, nr_sectors = 1 limit=2048
[ 1666.237852][   T48] Buffer I/O error on dev loop9, logical block 2053, lost async page write
[ 1666.970036][   T48] kworker/u8:3: attempt to access beyond end of device
[ 1666.970036][   T48] loop9: rw=1, sector=2053, nr_sectors = 1 limit=2048
[ 1666.983841][   T48] Buffer I/O error on dev loop9, logical block 2053, lost async page write
[ 1666.992634][   T48] kworker/u8:3: attempt to access beyond end of device
[ 1666.992634][   T48] loop9: rw=1, sector=2053, nr_sectors = 1 limit=2048
[ 1667.006721][   T48] Buffer I/O error on dev loop9, logical block 2053, lost async page write
[ 1667.017841][   T48] kworker/u8:3: attempt to access beyond end of device
[ 1667.017841][   T48] loop9: rw=1, sector=2054, nr_sectors = 1 limit=2048
[ 1667.043363][   T48] Buffer I/O error on dev loop9, logical block 2054, lost async page write
[ 1667.093024][   T48] kworker/u8:3: attempt to access beyond end of device
[ 1667.093024][   T48] loop9: rw=1, sector=2054, nr_sectors = 1 limit=2048
[ 1667.158148][T25545] loop1: detected capacity change from 0 to 2048
[ 1667.167444][   T48] Buffer I/O error on dev loop9, logical block 2054, lost async page write
[ 1667.180124][ T5281] 8021q: adding VLAN 0 to HW filter on device eth11
[ 1667.206492][   T48] kworker/u8:3: attempt to access beyond end of device
[ 1667.206492][   T48] loop9: rw=1, sector=2054, nr_sectors = 1 limit=2048
[ 1667.281972][   T48] Buffer I/O error on dev loop9, logical block 2054, lost async page write
[ 1667.338317][   T48] kworker/u8:3: attempt to access beyond end of device
[ 1667.338317][   T48] loop9: rw=1, sector=2055, nr_sectors = 1 limit=2048
[ 1667.420061][   T48] Buffer I/O error on dev loop9, logical block 2055, lost async page write
[ 1667.467775][   T48] kworker/u8:3: attempt to access beyond end of device
[ 1667.467775][   T48] loop9: rw=1, sector=2055, nr_sectors = 1 limit=2048
[ 1667.537064][   T48] Buffer I/O error on dev loop9, logical block 2055, lost async page write
[ 1668.126993][ T1309] ieee802154 phy0 wpan0: encryption failed: -22
[ 1669.513948][T25579] netlink: 72 bytes leftover after parsing attributes in process `syz.9.4304'.
[ 1669.598604][T25580] netlink: 'syz.9.4304': attribute type 10 has an invalid length.
[ 1669.976421][T25594] loop1: detected capacity change from 0 to 164
[ 1670.122144][T25556] loop4: detected capacity change from 0 to 40427
[ 1671.735096][T25608] loop1: detected capacity change from 0 to 2048
[ 1671.896406][T25614] loop8: detected capacity change from 0 to 512
[ 1671.939002][T25614] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[ 1672.152925][T25614] EXT4-fs error (device loop8): ext4_iget_extra_inode:5128: inode #11: comm syz.8.4328: corrupted in-inode xattr: invalid ea_ino
[ 1672.455244][T25614] loop8: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
[ 1672.462162][    C1] EXT4-fs (loop8): error count since last fsck: 1
[ 1672.477860][    C1] EXT4-fs (loop8): initial error at time 1778148593: ext4_iget_extra_inode:5128: inode 11
[ 1672.487844][    C1] EXT4-fs (loop8): last error at time 1778148593: ext4_iget_extra_inode:5128: inode 11
[ 1672.630397][T25614] EXT4-fs error (device loop8): ext4_orphan_get:1402: comm syz.8.4328: couldn't read orphan inode 11 (err -117)
[ 1672.793682][T25626] loop4: detected capacity change from 0 to 512
[ 1672.839327][T25614] loop8: lost filesystem error report for type 5 error -117
[ 1672.867519][T25614] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1672.912299][T25626] EXT4-fs (loop4): Test dummy encryption mode enabled
[ 1672.964158][T25626] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[ 1673.287030][T25626] EXT4-fs error (device loop4): xattr_find_entry:337: inode #15: comm syz.4.4331: corrupted xattr entries
[ 1673.479461][T25641] netlink: 64 bytes leftover after parsing attributes in process `syz.7.4333'.
[ 1674.047659][T25626] loop4: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[ 1674.052112][    C0] EXT4-fs (loop4): error count since last fsck: 1
[ 1674.067865][    C0] EXT4-fs (loop4): initial error at time 1778148594: xattr_find_entry:337: inode 15
[ 1674.077323][    C0] EXT4-fs (loop4): last error at time 1778148594: xattr_find_entry:337: inode 15
[ 1674.126412][T25626] EXT4-fs (loop4): 1 orphan inode deleted
[ 1674.186986][T25626] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1674.436000][T24114] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1674.470492][T22952] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1676.422502][T25677] loop1: detected capacity change from 0 to 2048
[ 1677.984809][T25704] netlink: 64 bytes leftover after parsing attributes in process `syz.5.4350'.
[ 1678.820364][T25713] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4352'.
[ 1679.317260][T25729] loop5: detected capacity change from 0 to 16
[ 1679.324484][T25729] MTD: Attempt to mount non-MTD device "/dev/loop5"
[ 1679.608895][T25729] loop5: detected capacity change from 0 to 32768
[ 1679.616349][T25729] BTRFS warning: excessive commit interval 65536, use with care
[ 1679.624078][T25729] btrfs: Unknown parameter 'check_int'
[ 1679.785185][T25737] loop9: detected capacity change from 0 to 2048
[ 1679.841558][T25737] UDF-fs: error (device loop9): udf_read_tagged: read failed, block=3932051, location=3932051
[ 1680.016264][T25737] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1682.382748][T25776] netlink: 64 bytes leftover after parsing attributes in process `syz.8.4366'.
[ 1683.002483][T25774] lo speed is unknown, defaulting to 1000
[ 1683.008633][T25774] lo speed is unknown, defaulting to 1000
[ 1683.017460][T25774] lo speed is unknown, defaulting to 1000
[ 1683.024132][T25774] smbdirect: ib_dev[syz2]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000
[ 1683.039477][T25774] smbdirect: ib_dev[syz2]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6
[ 1683.056419][T25774] smbdirect: ib_dev[syz2]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008
[ 1683.068664][T25774] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[ 1683.088345][T25774] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[ 1683.128086][T25774] lo speed is unknown, defaulting to 1000
[ 1683.136938][T25774] lo speed is unknown, defaulting to 1000
[ 1683.144290][T25774] lo speed is unknown, defaulting to 1000
[ 1683.151517][T25774] lo speed is unknown, defaulting to 1000
[ 1683.161162][T25774] lo speed is unknown, defaulting to 1000
[ 1683.172674][T25774] lo speed is unknown, defaulting to 1000
[ 1683.855292][T25793] netlink: 56 bytes leftover after parsing attributes in process `syz.8.4373'.
[ 1683.916328][T25793] netlink: 'syz.8.4373': attribute type 10 has an invalid length.
[ 1684.021492][T25793] 8021q: adding VLAN 0 to HW filter on device team0
[ 1684.059385][T25801] loop5: detected capacity change from 0 to 16
[ 1684.066996][T25801] MTD: Attempt to mount non-MTD device "/dev/loop5"
[ 1684.145815][T25793] bond0: (slave team0): Enslaving as an active interface with an up link
[ 1684.351714][T25801] loop5: detected capacity change from 0 to 32768
[ 1684.359405][T25801] BTRFS warning: excessive commit interval 65536, use with care
[ 1684.367230][T25801] btrfs: Unknown parameter 'check_int'
[ 1684.588874][T25801] loop5: detected capacity change from 0 to 512
[ 1684.595945][T25801] msdos: Unknown parameter 'commit'
[ 1684.860578][T25816] loop8: detected capacity change from 0 to 128
[ 1684.878775][T25816] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[ 1684.890593][T25816] hpfs: filesystem error: improperly stopped
[ 1684.896969][T25816] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[ 1684.904830][T25816] hpfs: You really don't want any checks? You are crazy...
[ 1684.912487][T25816] hpfs: hpfs_map_sector(): read error
[ 1684.917862][T25816] hpfs: code page support is disabled
[ 1684.932137][T25816] hpfs: hpfs_map_4sectors(): unaligned read
[ 1684.938223][T25816] hpfs: hpfs_map_4sectors(): unaligned read
[ 1684.944251][T25816] hpfs: filesystem error: unable to find root dir
[ 1684.961767][T25816] hpfs: hpfs_map_4sectors(): unaligned read
[ 1685.551744][T25824] netlink: 108 bytes leftover after parsing attributes in process `syz.8.4376'.
[ 1685.924667][T25818] loop5: detected capacity change from 0 to 2048
[ 1687.022260][T25859] loop8: detected capacity change from 0 to 16
[ 1687.029482][T25859] MTD: Attempt to mount non-MTD device "/dev/loop8"
[ 1687.052589][T25859] cramfs: unsupported filesystem features
[ 1687.123793][T25863] netlink: 56 bytes leftover after parsing attributes in process `syz.1.4388'.
[ 1687.172727][T25863] netlink: 'syz.1.4388': attribute type 10 has an invalid length.
[ 1687.337950][T25859] loop8: detected capacity change from 0 to 32768
[ 1687.345529][T25859] BTRFS warning: excessive commit interval 65536, use with care
[ 1687.353322][T25859] btrfs: Unknown parameter 'check_int'
[ 1687.479465][ T5281] 8021q: adding VLAN 0 to HW filter on device eth12
[ 1688.010295][T25859] loop8: detected capacity change from 0 to 512
[ 1688.017525][T25859] msdos: Unknown parameter 'commit'
[ 1688.437770][T25879] evm: overlay not supported
[ 1688.484335][T25887] overlay: filesystem on ./file0 not supported as upperdir
[ 1688.510228][T25880] loop5: detected capacity change from 0 to 2048
[ 1688.603209][T25894] loop8: detected capacity change from 0 to 512
[ 1689.377640][T25906] loop8: detected capacity change from 0 to 164
[ 1690.822626][T18233] Bluetooth: hci5: ACL packet for unknown connection handle 200
[ 1691.638850][T25940] netlink: 56 bytes leftover after parsing attributes in process `syz.8.4411'.
[ 1691.648829][T25940] netlink: 'syz.8.4411': attribute type 10 has an invalid length.
[ 1691.777320][T25945] loop7: detected capacity change from 0 to 512
[ 1691.983171][T17280] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[ 1692.169200][T17280] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1692.221259][T17280] usb 10-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00
[ 1692.266464][T17280] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1692.313931][T17280] usb 10-1: config 0 descriptor??
[ 1692.396806][T17280] usbhid 10-1:0.0: couldn't find an input interrupt endpoint
[ 1692.540924][ T9870] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1692.563958][ T9870] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1692.574088][ T9870] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1692.582285][ T9870] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1692.590081][ T9870] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1694.692818][T18233] Bluetooth: hci0: command tx timeout
[ 1694.836925][ T5901] usb 10-1: USB disconnect, device number 3
[ 1696.180985][T26017] netlink: 64 bytes leftover after parsing attributes in process `syz.9.4428'.
[ 1696.233108][T26021] netlink: 'syz.9.4428': attribute type 10 has an invalid length.
[ 1696.291264][T25962] lo speed is unknown, defaulting to 1000
[ 1696.763556][T18233] Bluetooth: hci0: command tx timeout
[ 1696.792367][T26043] loop1: detected capacity change from 0 to 512
[ 1696.891822][T26043] Bluetooth: MGMT ver 1.23
[ 1698.447707][T14577] bridge_slave_1: left allmulticast mode
[ 1698.470189][T26066] loop1: detected capacity change from 0 to 512
[ 1698.482500][T14577] bridge_slave_1: left promiscuous mode
[ 1698.511201][T14577] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1698.648975][T14577] bridge_slave_0: left allmulticast mode
[ 1698.678952][T14577] bridge_slave_0: left promiscuous mode
[ 1698.711378][T14577] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1698.820674][T26081] netlink: 64 bytes leftover after parsing attributes in process `syz.1.4447'.
[ 1698.843273][T18233] Bluetooth: hci0: command tx timeout
[ 1698.914981][T26083] netlink: 'syz.1.4447': attribute type 10 has an invalid length.
[ 1699.907426][T26093] loop9: detected capacity change from 0 to 512
[ 1700.417898][T14577] bond0 (unregistering): Released all slaves
[ 1700.503511][T14577] bond1 (unregistering): Released all slaves
[ 1700.524598][T14577] bond2 (unregistering): Released all slaves
[ 1700.633368][T26104] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[ 1700.752174][T26094] virt_wifi0 speed is unknown, defaulting to 1000
[ 1700.759328][T26094] virt_wifi0 speed is unknown, defaulting to 1000
[ 1700.777864][T26094] virt_wifi0 speed is unknown, defaulting to 1000
[ 1700.797687][T26094] smbdirect: ib_dev[syz1]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000
[ 1700.812029][T26094] smbdirect: ib_dev[syz1]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6
[ 1700.829117][T26094] smbdirect: ib_dev[syz1]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008
[ 1700.956927][T26094] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[ 1701.224284][T26094] virt_wifi0 speed is unknown, defaulting to 1000
[ 1701.232782][T26094] virt_wifi0 speed is unknown, defaulting to 1000
[ 1701.241197][T26094] virt_wifi0 speed is unknown, defaulting to 1000
[ 1701.249631][T26094] virt_wifi0 speed is unknown, defaulting to 1000
[ 1701.258396][T26094] virt_wifi0 speed is unknown, defaulting to 1000
[ 1701.266798][T26094] virt_wifi0 speed is unknown, defaulting to 1000
[ 1701.275227][T26094] virt_wifi0 speed is unknown, defaulting to 1000
[ 1701.403954][T18233] Bluetooth: hci0: command tx timeout
[ 1701.981549][T14577] tipc: Left network mode
[ 1702.927153][T26125] loop5: detected capacity change from 0 to 8
[ 1702.944762][T26124] netlink: 8 bytes leftover after parsing attributes in process `syz.8.4455'.
[ 1703.054201][T26128] netlink: 16 bytes leftover after parsing attributes in process `syz.8.4455'.
[ 1703.087855][ T5281] 8021q: adding VLAN 0 to HW filter on device eth13
[ 1703.178461][T26127] bond0: (slave team0): Releasing backup interface
[ 1703.209805][T26127] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[ 1703.227646][T25962] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1703.240149][T25962] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1703.257044][T25962] bridge_slave_0: entered allmulticast mode
[ 1703.279608][T25962] bridge_slave_0: entered promiscuous mode
[ 1703.324722][   T29] lo speed is unknown, defaulting to 1000
[ 1703.352719][T25962] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1703.407909][T25962] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1703.420881][T25962] bridge_slave_1: entered allmulticast mode
[ 1703.450592][T25962] bridge_slave_1: entered promiscuous mode
[ 1703.753811][T14577] hsr_slave_0: left promiscuous mode
[ 1703.781589][T18233] Bluetooth: hci4: connection err: -111
[ 1703.828582][T14577] hsr_slave_1: left promiscuous mode
[ 1703.849841][T26149] netlink: 64 bytes leftover after parsing attributes in process `syz.1.4464'.
[ 1703.892860][T14577] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1703.982823][T14577] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1704.020963][T26156] netlink: 'syz.1.4464': attribute type 10 has an invalid length.
[ 1704.135989][T26159] loop8: detected capacity change from 0 to 256
[ 1704.241857][T26159] FAT-fs (loop8): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[ 1705.168285][T25962] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1705.183187][T26156] 8021q: adding VLAN 0 to HW filter on device team0
[ 1705.196969][T26156] bond0: (slave team0): Enslaving as an active interface with an up link
[ 1705.224700][T26176] bond0: (slave team0): Releasing backup interface
[ 1705.258212][T26176] bridge_slave_0: left allmulticast mode
[ 1705.264062][T26176] bridge_slave_0: left promiscuous mode
[ 1705.270056][T26176] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1705.315168][T26176] bridge_slave_1: left allmulticast mode
[ 1705.329408][T26176] bridge_slave_1: left promiscuous mode
[ 1705.336447][T26176] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1705.354686][T26176] bond0: (slave bond_slave_0): Releasing backup interface
[ 1705.406550][T26176] bond0: (slave bond_slave_1): Releasing backup interface
[ 1705.463577][T26176] team0: Port device team_slave_0 removed
[ 1705.560154][T26176] team0: Port device team_slave_1 removed
[ 1705.579231][T26176] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1705.606446][T26176] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1705.626558][T26176] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1705.647922][T26176] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1705.678320][T26176] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[ 1705.721754][T26179] ip6gre1: entered allmulticast mode
[ 1705.734973][T26179] team0: Port device ip6gre1 added
[ 1705.767957][T25962] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1705.971808][T26194] syzkaller0: entered promiscuous mode
[ 1706.004037][T26194] syzkaller0: entered allmulticast mode
[ 1706.019334][T25962] team0: Port device team_slave_0 added
[ 1706.223407][T25962] team0: Port device team_slave_1 added
[ 1706.690915][T25962] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1706.732845][T25962] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1706.813656][T25962] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1709.389058][T18233] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201'
[ 1709.404207][T18233] CPU: 1 UID: 0 PID: 18233 Comm: kworker/u9:2 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1709.404248][T18233] Tainted: [L]=SOFTLOCKUP
[ 1709.404258][T18233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1709.404277][T18233] Workqueue: hci4 hci_rx_work
[ 1709.404319][T18233] Call Trace:
[ 1709.404335][T18233]  <TASK>
[ 1709.404347][T18233]  dump_stack_lvl+0xe8/0x150
[ 1709.404381][T18233]  sysfs_create_dir_ns+0x271/0x2a0
[ 1709.404416][T18233]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1709.404452][T18233]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 1709.404490][T18233]  ? do_raw_spin_unlock+0xf5/0x210
[ 1709.404538][T18233]  kobject_add_internal+0x62b/0xd00
[ 1709.404595][T18233]  kobject_add+0x163/0x240
[ 1709.404632][T18233]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1709.404667][T18233]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1709.404703][T18233]  ? __pfx_kobject_add+0x10/0x10
[ 1709.404744][T18233]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1709.404775][T18233]  ? _raw_spin_unlock+0x3f/0x50
[ 1709.404804][T18233]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1709.404841][T18233]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1709.404872][T18233]  ? get_device_parent+0x366/0x3a0
[ 1709.404909][T18233]  device_add+0x408/0xbb0
[ 1709.404946][T18233]  hci_conn_add_sysfs+0xd5/0x210
[ 1709.404988][T18233]  le_conn_complete_evt+0x10e6/0x16b0
[ 1709.405032][T18233]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1709.405060][T18233]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1709.405092][T18233]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1709.405123][T18233]  ? irqentry_exit+0x218/0x730
[ 1709.405158][T18233]  ? rcu_is_watching+0x15/0xb0
[ 1709.405192][T18233]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1709.405227][T18233]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1709.405258][T18233]  ? skb_pull_data+0xfb/0x200
[ 1709.405308][T18233]  hci_le_conn_complete_evt+0x187/0x470
[ 1709.405353][T18233]  hci_event_packet+0x659/0xef0
[ 1709.405402][T18233]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1709.405428][T18233]  ? __pfx_hci_event_packet+0x10/0x10
[ 1709.405480][T18233]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1709.405512][T18233]  ? hci_send_to_monitor+0xe2/0x590
[ 1709.405548][T18233]  hci_rx_work+0x3ee/0x1040
[ 1709.405590][T18233]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1709.405622][T18233]  ? preempt_schedule_thunk+0x16/0x30
[ 1709.405668][T18233]  ? process_scheduled_works+0xa70/0x1860
[ 1709.405701][T18233]  process_scheduled_works+0xb5d/0x1860
[ 1709.405730][T18233]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1709.405798][T18233]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1709.405834][T18233]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1709.405866][T18233]  ? assign_work+0x3d5/0x5e0
[ 1709.405901][T18233]  worker_thread+0xa53/0xfc0
[ 1709.405932][T18233]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1709.405981][T18233]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1709.406024][T18233]  kthread+0x388/0x470
[ 1709.406061][T18233]  ? __pfx_worker_thread+0x10/0x10
[ 1709.406088][T18233]  ? __pfx_kthread+0x10/0x10
[ 1709.406126][T18233]  ret_from_fork+0x514/0xb70
[ 1709.406155][T18233]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1709.406193][T18233]  ? __pfx_ret_from_fork+0x10/0x10
[ 1709.406222][T18233]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1709.406254][T18233]  ? __switch_to+0xc79/0x1410
[ 1709.406299][T18233]  ? __pfx_kthread+0x10/0x10
[ 1709.406341][T18233]  ret_from_fork_asm+0x1a/0x30
[ 1709.406395][T18233]  </TASK>
[ 1709.406913][T18233] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1709.872377][T18233] Bluetooth: hci4: failed to register connection device
[ 1710.202370][T26264] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4495'.
[ 1712.048566][ T5787] page_pool_release_retry() stalled pool shutdown: id 171, 1 inflight 60 sec
[ 1713.407467][T26283] loop1: detected capacity change from 0 to 40427
[ 1718.348257][T25962] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1718.357055][T25962] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1718.411626][T25962] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1718.480898][T26259] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[ 1718.851597][T25962] hsr_slave_0: entered promiscuous mode
[ 1719.073709][T25962] hsr_slave_1: entered promiscuous mode
[ 1719.080907][T25962] debugfs: 'hsr0' already exists in 'hsr'
[ 1719.086753][T25962] Cannot create hsr debugfs directory
[ 1720.093172][T26320] netlink: 64 bytes leftover after parsing attributes in process `syz.5.4512'.
[ 1720.144510][T26325] netlink: 'syz.5.4512': attribute type 10 has an invalid length.
[ 1720.552883][T26329] netlink: 64 bytes leftover after parsing attributes in process `syz.8.4513'.
[ 1720.738281][T26325] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1720.775067][T26325] 8021q: adding VLAN 0 to HW filter on device team0
[ 1720.784713][T26325] bond0: (slave team0): Enslaving as an active interface with an up link
[ 1723.181813][T26364] loop1: detected capacity change from 0 to 128
[ 1725.978746][ T9870] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1726.025441][ T9870] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1726.036575][ T9870] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1726.071131][ T9870] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1726.083472][ T9870] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1727.714239][T26382] netlink: 64 bytes leftover after parsing attributes in process `syz.5.4528'.
[ 1728.216765][ T9870] Bluetooth: hci1: command tx timeout
[ 1729.325784][T26359] ip6erspan0: entered promiscuous mode
[ 1729.525177][T26369] vlan3: entered promiscuous mode
[ 1729.544300][T26369] hsr0: entered promiscuous mode
[ 1729.570193][ T1309] ieee802154 phy0 wpan0: encryption failed: -22
[ 1729.692873][T26369] vlan3: entered allmulticast mode
[ 1729.715338][T26369] hsr0: entered allmulticast mode
[ 1729.736543][T26389] netlink: 4 bytes leftover after parsing attributes in process `syz.9.4530'.
[ 1729.746727][T26369] hsr_slave_0: entered allmulticast mode
[ 1729.782534][T26369] hsr_slave_1: entered allmulticast mode
[ 1730.382411][ T9870] Bluetooth: hci1: command tx timeout
[ 1730.983793][ T9870] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci7/hci7:201'
[ 1730.994050][ T9870] CPU: 0 UID: 0 PID: 9870 Comm: kworker/u9:0 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1730.994090][ T9870] Tainted: [L]=SOFTLOCKUP
[ 1730.994100][ T9870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1730.994120][ T9870] Workqueue: hci7 hci_rx_work
[ 1730.994164][ T9870] Call Trace:
[ 1730.994174][ T9870]  <TASK>
[ 1730.994186][ T9870]  dump_stack_lvl+0xe8/0x150
[ 1730.994220][ T9870]  sysfs_create_dir_ns+0x271/0x2a0
[ 1730.994260][ T9870]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 1730.994296][ T9870]  ? kobject_add_internal+0x615/0xd00
[ 1730.994354][ T9870]  kobject_add_internal+0x62b/0xd00
[ 1730.994406][ T9870]  kobject_add+0x163/0x240
[ 1730.994443][ T9870]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1730.994479][ T9870]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1730.994516][ T9870]  ? __pfx_kobject_add+0x10/0x10
[ 1730.994557][ T9870]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1730.994589][ T9870]  ? _raw_spin_unlock+0x3f/0x50
[ 1730.994619][ T9870]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1730.994656][ T9870]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1730.994687][ T9870]  ? get_device_parent+0x366/0x3a0
[ 1730.994724][ T9870]  device_add+0x408/0xbb0
[ 1730.994760][ T9870]  hci_conn_add_sysfs+0xd5/0x210
[ 1730.994803][ T9870]  le_conn_complete_evt+0x10e6/0x16b0
[ 1730.994846][ T9870]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1730.994876][ T9870]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1730.994907][ T9870]  ? irqentry_exit+0x218/0x730
[ 1730.994942][ T9870]  ? rcu_is_watching+0x15/0xb0
[ 1730.994976][ T9870]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1730.995027][ T9870]  hci_le_conn_complete_evt+0x187/0x470
[ 1730.995066][ T9870]  hci_event_packet+0x659/0xef0
[ 1730.995114][ T9870]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1730.995141][ T9870]  ? __pfx_hci_event_packet+0x10/0x10
[ 1730.995193][ T9870]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1730.995225][ T9870]  ? hci_send_to_monitor+0xe2/0x590
[ 1730.995262][ T9870]  hci_rx_work+0x3ee/0x1040
[ 1730.995311][ T9870]  ? process_scheduled_works+0xa70/0x1860
[ 1730.995349][ T9870]  process_scheduled_works+0xb5d/0x1860
[ 1730.995379][ T9870]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1730.995448][ T9870]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1730.995485][ T9870]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1730.995517][ T9870]  ? assign_work+0x3d5/0x5e0
[ 1730.995551][ T9870]  worker_thread+0xa53/0xfc0
[ 1730.995601][ T9870]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1730.995645][ T9870]  kthread+0x388/0x470
[ 1730.995682][ T9870]  ? __pfx_worker_thread+0x10/0x10
[ 1730.995709][ T9870]  ? __pfx_kthread+0x10/0x10
[ 1730.995747][ T9870]  ret_from_fork+0x514/0xb70
[ 1730.995776][ T9870]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1730.995811][ T9870]  ? __pfx_ret_from_fork+0x10/0x10
[ 1730.995840][ T9870]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1730.995872][ T9870]  ? __switch_to+0xc79/0x1410
[ 1730.995917][ T9870]  ? __pfx_kthread+0x10/0x10
[ 1730.995955][ T9870]  ret_from_fork_asm+0x1a/0x30
[ 1730.996009][ T9870]  </TASK>
[ 1731.000111][ T9870] kobject: kobject_add_internal failed for hci7:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1731.307355][ T9870] Bluetooth: hci7: failed to register connection device
[ 1731.960910][T26426] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4537'.
[ 1732.442427][T18233] Bluetooth: hci1: command tx timeout
[ 1732.574366][T26424] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[ 1732.609202][T26438] loop8: detected capacity change from 0 to 512
[ 1732.623173][T26424] block device autoloading is deprecated and will be removed.
[ 1732.642962][T26438] EXT4-fs: Ignoring removed i_version option
[ 1732.650672][T26421] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[ 1732.665805][T26438] EXT4-fs: Ignoring removed nobh option
[ 1732.706850][T26421] block device autoloading is deprecated and will be removed.
[ 1732.734183][T26438] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[ 1732.790183][T26438] EXT4-fs (loop8): 1 truncate cleaned up
[ 1732.829625][T26438] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1732.991700][T26446] loop1: detected capacity change from 0 to 512
[ 1733.310892][T26372] lo speed is unknown, defaulting to 1000
[ 1733.901601][T24114] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1734.522932][T18233] Bluetooth: hci1: command tx timeout
[ 1736.532846][ T9870] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201'
[ 1736.543043][ T9870] CPU: 0 UID: 0 PID: 9870 Comm: kworker/u9:0 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1736.543091][ T9870] Tainted: [L]=SOFTLOCKUP
[ 1736.543102][ T9870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1736.543119][ T9870] Workqueue: hci2 hci_rx_work
[ 1736.543162][ T9870] Call Trace:
[ 1736.543175][ T9870]  <TASK>
[ 1736.543187][ T9870]  dump_stack_lvl+0xe8/0x150
[ 1736.543222][ T9870]  sysfs_create_dir_ns+0x271/0x2a0
[ 1736.543257][ T9870]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1736.543293][ T9870]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 1736.543331][ T9870]  ? do_raw_spin_unlock+0xf5/0x210
[ 1736.543377][ T9870]  kobject_add_internal+0x62b/0xd00
[ 1736.543430][ T9870]  kobject_add+0x163/0x240
[ 1736.543467][ T9870]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1736.543501][ T9870]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1736.543538][ T9870]  ? __pfx_kobject_add+0x10/0x10
[ 1736.543578][ T9870]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1736.543610][ T9870]  ? _raw_spin_unlock+0x3f/0x50
[ 1736.543640][ T9870]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1736.543676][ T9870]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1736.543707][ T9870]  ? get_device_parent+0x366/0x3a0
[ 1736.543743][ T9870]  device_add+0x408/0xbb0
[ 1736.543779][ T9870]  hci_conn_add_sysfs+0xd5/0x210
[ 1736.543824][ T9870]  le_conn_complete_evt+0x10e6/0x16b0
[ 1736.543854][ T9870]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1736.543897][ T9870]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1736.543926][ T9870]  ? __mutex_unlock_slowpath+0x1be/0x6f0
[ 1736.543971][ T9870]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1736.544003][ T9870]  ? skb_pull_data+0xfb/0x200
[ 1736.544052][ T9870]  hci_le_conn_complete_evt+0x187/0x470
[ 1736.544094][ T9870]  hci_event_packet+0x659/0xef0
[ 1736.544143][ T9870]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1736.544168][ T9870]  ? __pfx_hci_event_packet+0x10/0x10
[ 1736.544220][ T9870]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1736.544251][ T9870]  ? hci_send_to_monitor+0xe2/0x590
[ 1736.544287][ T9870]  hci_rx_work+0x3ee/0x1040
[ 1736.544328][ T9870]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1736.544360][ T9870]  ? preempt_schedule_thunk+0x16/0x30
[ 1736.544403][ T9870]  ? process_scheduled_works+0xa70/0x1860
[ 1736.544435][ T9870]  process_scheduled_works+0xb5d/0x1860
[ 1736.544464][ T9870]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1736.544532][ T9870]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1736.544568][ T9870]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1736.544600][ T9870]  ? assign_work+0x3d5/0x5e0
[ 1736.544634][ T9870]  worker_thread+0xa53/0xfc0
[ 1736.544684][ T9870]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1736.544727][ T9870]  kthread+0x388/0x470
[ 1736.544764][ T9870]  ? __pfx_worker_thread+0x10/0x10
[ 1736.544792][ T9870]  ? __pfx_kthread+0x10/0x10
[ 1736.544830][ T9870]  ret_from_fork+0x514/0xb70
[ 1736.544858][ T9870]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1736.544894][ T9870]  ? __pfx_ret_from_fork+0x10/0x10
[ 1736.544922][ T9870]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1736.544954][ T9870]  ? __switch_to+0xc79/0x1410
[ 1736.544998][ T9870]  ? __pfx_kthread+0x10/0x10
[ 1736.545035][ T9870]  ret_from_fork_asm+0x1a/0x30
[ 1736.545093][ T9870]  </TASK>
[ 1736.545620][ T9870] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1736.876188][ T9870] Bluetooth: hci2: failed to register connection device
[ 1737.482990][T14202] Bluetooth: hci7: command 0x0406 tx timeout
[ 1738.017456][T26275] Set syz1 is full, maxelem 65536 reached
[ 1741.935248][T26372] virt_wifi0 speed is unknown, defaulting to 1000
[ 1742.178674][T25962] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1742.313012][T25962] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 1742.560192][T25962] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1742.587183][T25962] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 1742.614008][T25962] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1742.660140][T25962] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 1742.894556][T25962] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1742.914663][T25962] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 1743.003555][T14202] Bluetooth: hci2: command 0x0406 tx timeout
[ 1743.430214][T26546] loop9: detected capacity change from 0 to 256
[ 1743.567287][T26546] FAT-fs (loop9): Directory bread(block 64) failed
[ 1743.629148][T26546] FAT-fs (loop9): Directory bread(block 65) failed
[ 1743.674954][T26546] FAT-fs (loop9): Directory bread(block 66) failed
[ 1743.714094][T26546] FAT-fs (loop9): Directory bread(block 67) failed
[ 1743.760180][T26546] FAT-fs (loop9): Directory bread(block 68) failed
[ 1743.796664][T26546] FAT-fs (loop9): Directory bread(block 69) failed
[ 1743.841752][T26546] FAT-fs (loop9): Directory bread(block 70) failed
[ 1743.886323][T26546] FAT-fs (loop9): Directory bread(block 71) failed
[ 1743.961416][T26546] FAT-fs (loop9): Directory bread(block 72) failed
[ 1744.014845][T26546] FAT-fs (loop9): Directory bread(block 73) failed
[ 1745.067732][T26558] loop5: detected capacity change from 0 to 256
[ 1745.234100][T26560] NILFS (nullb0): couldn't find nilfs on the device
[ 1750.654367][T26583] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1750.713593][T26583] Bluetooth: hci5: Opcode 0x0406 failed: -4
[ 1750.732140][T26583] Bluetooth: hci7: Opcode 0x0c1a failed: -4
[ 1750.745204][T26583] Bluetooth: hci7: Opcode 0x0406 failed: -4
[ 1750.779122][T26583] Bluetooth: hci7: Opcode 0x0406 failed: -4
[ 1750.800884][T26583] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1750.810819][T26583] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1750.871074][T26583] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1750.914685][T26583] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1750.938521][T26583] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1750.994885][T26583] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1751.041080][T26583] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1751.066026][T26583] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 1751.101207][T26583] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 1751.141345][T26583] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1751.157873][T26583] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1751.216115][T26583] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1751.398819][   T30] audit: type=1326 audit(1778148672.261:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26610 comm="syz.8.4569" exe="/root/ci-upstream-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f172cd9cdd9 code=0x7ffc0000
[ 1752.496746][   T30] audit: type=1326 audit(1778148672.301:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26610 comm="syz.8.4569" exe="/root/ci-upstream-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f172cd9cdd9 code=0x7ffc0000
[ 1752.607105][T26617] loop1: detected capacity change from 0 to 128
[ 1752.639376][   T30] audit: type=1326 audit(1778148672.301:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26610 comm="syz.8.4569" exe="/root/ci-upstream-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f172cd9cdd9 code=0x7ffc0000
[ 1752.684460][T14202] Bluetooth: hci5: command 0x0406 tx timeout
[ 1752.762379][T14202] Bluetooth: hci7: command 0x0406 tx timeout
[ 1752.803520][   T30] audit: type=1326 audit(1778148672.301:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26610 comm="syz.8.4569" exe="/root/ci-upstream-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f172cd9cdd9 code=0x7ffc0000
[ 1752.846964][T14202] Bluetooth: hci2: command 0x0406 tx timeout
[ 1752.922638][T14202] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1752.934299][   T30] audit: type=1326 audit(1778148672.301:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26610 comm="syz.8.4569" exe="/root/ci-upstream-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f172cd9cdd9 code=0x7ffc0000
[ 1752.995397][   T30] audit: type=1326 audit(1778148672.301:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26610 comm="syz.8.4569" exe="/root/ci-upstream-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f172cd9cdd9 code=0x7ffc0000
[ 1753.086871][T14202] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1753.142298][T18233] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1753.158310][T18233] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1753.165863][ T9870] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1753.174622][T18233] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1753.186674][T18233] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1753.194716][T18233] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1753.691944][T26598] ip6gre1: left allmulticast mode
[ 1753.743434][T13479] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1753.770931][T13479] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1753.981227][T26639] netlink: 'syz.1.4576': attribute type 10 has an invalid length.
[ 1753.995800][T13479] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1754.113462][T13479] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1754.388433][T18233] Bluetooth: hci2: SCO packet for unknown connection handle 0
[ 1754.772497][T18233] Bluetooth: hci5: command 0x0406 tx timeout
[ 1754.913726][T18233] Bluetooth: hci7: command 0x0406 tx timeout
[ 1754.922220][T18233] Bluetooth: hci2: command 0x0406 tx timeout
[ 1755.011561][T18233] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1755.166489][T18233] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1755.242960][T18233] Bluetooth: hci4: command tx timeout
[ 1755.243281][T14202] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1755.347222][T26656] loop5: detected capacity change from 0 to 512
[ 1755.430431][T26656] EXT4-fs (loop5): write access unavailable, skipping orphan cleanup
[ 1755.497922][T26656] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[ 1755.641049][T26656] EXT4-fs error (device loop5): ext4_lookup:1782: inode #2: comm syz.5.4578: 'file1' linked to parent dir
[ 1755.898520][T26671] overlayfs: failed to resolve './bus': -2
[ 1756.425938][T21794] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1756.738998][T26689] loop8: detected capacity change from 0 to 1764
[ 1756.929181][T14202] Bluetooth: hci7: command 0x0406 tx timeout
[ 1757.003842][T14202] Bluetooth: hci2: command 0x0406 tx timeout
[ 1757.112406][T14202] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1757.426803][T14202] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1757.435622][T14202] Bluetooth: hci4: command tx timeout
[ 1757.973780][T26680] erspan0: left allmulticast mode
[ 1759.712121][T18233] Bluetooth: hci4: command tx timeout
[ 1759.861837][T26707] netlink: 64 bytes leftover after parsing attributes in process `syz.5.4589'.
[ 1761.383113][T26680] ip6gre1: left allmulticast mode
[ 1761.782911][T18233] Bluetooth: hci4: command tx timeout
[ 1762.012670][T26680] vlan2: left allmulticast mode
[ 1762.023590][T26680] veth0_to_bond: left allmulticast mode
[ 1762.140783][T26680] vlan3: left promiscuous mode
[ 1762.155360][T26680] hsr0: left promiscuous mode
[ 1762.160863][T26680] vlan3: left allmulticast mode
[ 1762.185710][T26680] hsr0: left allmulticast mode
[ 1762.209377][T26680] hsr_slave_0: left allmulticast mode
[ 1762.215739][T26680] hsr_slave_1: left allmulticast mode
[ 1762.229947][ T5906] vlan2: left allmulticast mode
[ 1762.244263][ T5906] geneve0: left allmulticast mode
[ 1762.269374][ T5906] vlan2: left promiscuous mode
[ 1762.277824][ T5906] geneve0: left promiscuous mode
[ 1762.299973][ T5906] bridge0: port 3(vlan2) entered disabled state
[ 1762.349550][ T5906] bridge_slave_1: left allmulticast mode
[ 1762.383075][ T5906] bridge_slave_1: left promiscuous mode
[ 1762.401840][ T5906] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1762.424522][ T5906] bridge_slave_0: left allmulticast mode
[ 1762.436722][ T5906] bridge_slave_0: left promiscuous mode
[ 1762.448294][ T5906] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1762.568699][T26717] loop8: detected capacity change from 0 to 32768
[ 1762.596415][T26717] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.4592 (26717)
[ 1762.658285][T26717] BTRFS info (device loop8): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[ 1762.688828][T26717] BTRFS info (device loop8): using blake2b checksum algorithm
[ 1762.813763][T26717] BTRFS info (device loop8): enabling ssd optimizations
[ 1762.827727][T26717] BTRFS info (device loop8): turning on async discard
[ 1762.840848][T26717] BTRFS info (device loop8): enabling free space tree
[ 1762.869171][T26717] BTRFS info (device loop8): use zstd compression, level 3
[ 1763.089280][ T5906] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1763.098219][T24114] BTRFS info (device loop8): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[ 1763.118568][ T5906] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1763.131806][ T5906] bond0 (unregistering): Released all slaves
[ 1763.171393][T26622] lo speed is unknown, defaulting to 1000
[ 1763.192460][T20466] lo speed is unknown, defaulting to 1000
[ 1763.204740][T20466] syz2: Port: 1 Link DOWN
[ 1763.269186][ T5906] tipc: Left network mode
[ 1763.287199][ T5833] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1763.351995][ T5833] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1763.384661][T26622] virt_wifi0 speed is unknown, defaulting to 1000
[ 1763.450664][ T5833] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1763.496230][ T5833] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1765.085970][T26372] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1765.228371][T18233] ==================================================================
[ 1765.236482][T18233] BUG: KASAN: slab-use-after-free in l2cap_sock_new_connection_cb+0x1f9/0x2e0
[ 1765.245353][T18233] Read of size 8 at addr ffff88807c4885a8 by task kworker/u9:2/18233
[ 1765.253507][T18233] 
[ 1765.255833][T18233] CPU: 1 UID: 0 PID: 18233 Comm: kworker/u9:2 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1765.255870][T18233] Tainted: [L]=SOFTLOCKUP
[ 1765.255881][T18233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1765.255900][T18233] Workqueue: hci7 hci_rx_work
[ 1765.255941][T18233] Call Trace:
[ 1765.255952][T18233]  <TASK>
[ 1765.255963][T18233]  dump_stack_lvl+0xe8/0x150
[ 1765.255993][T18233]  print_address_description+0x55/0x1e0
[ 1765.256022][T18233]  ? l2cap_sock_new_connection_cb+0x1f9/0x2e0
[ 1765.256060][T18233]  print_report+0x58/0x70
[ 1765.256090][T18233]  kasan_report+0x117/0x150
[ 1765.256134][T18233]  ? l2cap_sock_new_connection_cb+0x1f9/0x2e0
[ 1765.256177][T18233]  l2cap_sock_new_connection_cb+0x1f9/0x2e0
[ 1765.256217][T18233]  l2cap_connect_cfm+0x368/0x1560
[ 1765.256256][T18233]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[ 1765.256294][T18233]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[ 1765.256327][T18233]  hci_connect_cfm+0x95/0x140
[ 1765.256355][T18233]  le_conn_complete_evt+0x1134/0x16b0
[ 1765.256391][T18233]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1765.256419][T18233]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1765.256451][T18233]  ? irqentry_exit+0x218/0x730
[ 1765.256485][T18233]  ? rcu_is_watching+0x15/0xb0
[ 1765.256518][T18233]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1765.256552][T18233]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1765.256584][T18233]  ? skb_pull_data+0xfb/0x200
[ 1765.256628][T18233]  hci_le_conn_complete_evt+0x187/0x470
[ 1765.256661][T18233]  hci_event_packet+0x659/0xef0
[ 1765.256704][T18233]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1765.256729][T18233]  ? __pfx_hci_event_packet+0x10/0x10
[ 1765.256771][T18233]  ? kcov_remote_start+0x49a/0x7a0
[ 1765.256811][T18233]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1765.256843][T18233]  ? hci_send_to_monitor+0xe2/0x590
[ 1765.256877][T18233]  hci_rx_work+0x3ee/0x1040
[ 1765.256916][T18233]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1765.256948][T18233]  ? preempt_schedule_thunk+0x16/0x30
[ 1765.256988][T18233]  ? process_scheduled_works+0xa70/0x1860
[ 1765.257018][T18233]  process_scheduled_works+0xb5d/0x1860
[ 1765.257046][T18233]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1765.257104][T18233]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1765.257135][T18233]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1765.257166][T18233]  ? assign_work+0x3d5/0x5e0
[ 1765.257195][T18233]  worker_thread+0xa53/0xfc0
[ 1765.257225][T18233]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1765.257266][T18233]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1765.257303][T18233]  kthread+0x388/0x470
[ 1765.257338][T18233]  ? __pfx_worker_thread+0x10/0x10
[ 1765.257365][T18233]  ? __pfx_kthread+0x10/0x10
[ 1765.257400][T18233]  ret_from_fork+0x514/0xb70
[ 1765.257429][T18233]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1765.257463][T18233]  ? __pfx_ret_from_fork+0x10/0x10
[ 1765.257491][T18233]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1765.257522][T18233]  ? __switch_to+0xc79/0x1410
[ 1765.257563][T18233]  ? __pfx_kthread+0x10/0x10
[ 1765.257599][T18233]  ret_from_fork_asm+0x1a/0x30
[ 1765.257642][T18233]  </TASK>
[ 1765.257652][T18233] 
[ 1765.351514][T26372] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1765.356581][T18233] Allocated by task 18233:
[ 1765.356597][T18233]  kasan_save_track+0x3e/0x80
[ 1765.356636][T18233]  __kasan_kmalloc+0x93/0xb0
[ 1765.356671][T18233]  __kmalloc_noprof+0x35c/0x760
[ 1765.356704][T18233]  sk_prot_alloc+0xe7/0x210
[ 1765.356736][T18233]  sk_alloc+0x3a/0x390
[ 1765.356766][T18233]  bt_sock_alloc+0x3b/0x310
[ 1765.356805][T18233]  l2cap_sock_new_connection_cb+0xe2/0x2e0
[ 1765.356838][T18233]  l2cap_connect_cfm+0x368/0x1560
[ 1765.356868][T18233]  hci_connect_cfm+0x95/0x140
[ 1765.356890][T18233]  le_conn_complete_evt+0x1134/0x16b0
[ 1765.356917][T18233]  hci_le_conn_complete_evt+0x187/0x470
[ 1765.356941][T18233]  hci_event_packet+0x659/0xef0
[ 1765.356975][T18233]  hci_rx_work+0x3ee/0x1040
[ 1765.357010][T18233]  process_scheduled_works+0xb5d/0x1860
[ 1765.357036][T18233]  worker_thread+0xa53/0xfc0
[ 1765.357061][T18233]  kthread+0x388/0x470
[ 1765.636684][T18233]  ret_from_fork+0x514/0xb70
[ 1765.641283][T18233]  ret_from_fork_asm+0x1a/0x30
[ 1765.646053][T18233] 
[ 1765.648370][T18233] Freed by task 26766:
[ 1765.652423][T18233]  kasan_save_track+0x3e/0x80
[ 1765.657105][T18233]  kasan_save_free_info+0x46/0x50
[ 1765.662124][T18233]  __kasan_slab_free+0x5c/0x80
[ 1765.666891][T18233]  kfree+0x1c5/0x640
[ 1765.670791][T18233]  __sk_destruct+0x748/0x9d0
[ 1765.675388][T18233]  l2cap_sock_cleanup_listen+0xe0/0x440
[ 1765.680937][T18233]  l2cap_sock_release+0x6a/0x230
[ 1765.685872][T18233]  sock_close+0xc3/0x240
[ 1765.690112][T18233]  __fput+0x44f/0xa60
[ 1765.694099][T18233]  task_work_run+0x1d9/0x270
[ 1765.698695][T18233]  exit_to_user_mode_loop+0xed/0x480
[ 1765.703972][T18233]  do_syscall_64+0x33e/0xf80
[ 1765.708562][T18233]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1765.714446][T18233] 
[ 1765.716758][T18233] The buggy address belongs to the object at ffff88807c488000
[ 1765.716758][T18233]  which belongs to the cache kmalloc-2k of size 2048
[ 1765.730807][T18233] The buggy address is located 1448 bytes inside of
[ 1765.730807][T18233]  freed 2048-byte region [ffff88807c488000, ffff88807c488800)
[ 1765.744784][T18233] 
[ 1765.747106][T18233] The buggy address belongs to the physical page:
[ 1765.753503][T18233] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7c488
[ 1765.762257][T18233] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1765.770750][T18233] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 1765.778291][T18233] page_type: f5(slab)
[ 1765.782273][T18233] raw: 00fff00000000040 ffff88813fe1a000 dead000000000100 dead000000000122
[ 1765.790853][T18233] raw: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000
[ 1765.799439][T18233] head: 00fff00000000040 ffff88813fe1a000 dead000000000100 dead000000000122
[ 1765.808113][T18233] head: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000
[ 1765.816819][T18233] head: 00fff00000000003 fffffffffffffe01 00000000ffffffff 00000000ffffffff
[ 1765.825489][T18233] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 1765.834152][T18233] page dumped because: kasan: bad access detected
[ 1765.840557][T18233] page_owner tracks the page as allocated
[ 1765.846271][T18233] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5620, tgid 5620 (syz-executor), ts 83976370377, free_ts 83931718809
[ 1765.867469][T18233]  post_alloc_hook+0x231/0x280
[ 1765.872256][T18233]  get_page_from_freelist+0x24ba/0x2540
[ 1765.877822][T18233]  __alloc_frozen_pages_noprof+0x18d/0x380
[ 1765.883642][T18233]  allocate_slab+0x77/0x660
[ 1765.888146][T18233]  refill_objects+0x339/0x3d0
[ 1765.892833][T18233]  __pcs_replace_empty_main+0x321/0x720
[ 1765.898390][T18233]  __kmalloc_node_track_caller_noprof+0x572/0x7b0
[ 1765.904857][T18233]  pskb_expand_head+0x230/0x1390
[ 1765.909808][T18233]  netlink_trim+0x1b3/0x2c0
[ 1765.914307][T18233]  netlink_broadcast_filtered+0x80/0xeb0
[ 1765.919940][T18233]  nlmsg_notify+0xf0/0x1a0
[ 1765.924356][T18233]  rtnetlink_event+0x224/0x270
[ 1765.929123][T18233]  notifier_call_chain+0x1ad/0x3d0
[ 1765.934243][T18233]  netif_change_name+0x5e5/0x960
[ 1765.939182][T18233]  do_setlink+0xb75/0x45a0
[ 1765.943604][T18233]  rtnl_newlink+0x15ad/0x1bb0
[ 1765.948280][T18233] page last free pid 5628 tgid 5628 stack trace:
[ 1765.954599][T18233]  __free_frozen_pages+0xbc7/0xd30
[ 1765.959729][T18233]  __slab_free+0x274/0x2c0
[ 1765.964151][T18233]  qlist_free_all+0x99/0x100
[ 1765.968744][T18233]  kasan_quarantine_reduce+0x148/0x160
[ 1765.974211][T18233]  __kasan_slab_alloc+0x22/0x80
[ 1765.979075][T18233]  __kmalloc_cache_noprof+0x2ba/0x660
[ 1765.984460][T18233]  ref_tracker_alloc+0x15a/0x4c0
[ 1765.989444][T18233]  netdev_queue_update_kobjects+0x1d1/0x6c0
[ 1765.995351][T18233]  netdev_register_kobject+0x258/0x310
[ 1766.000825][T18233]  register_netdevice+0x1456/0x1ec0
[ 1766.006034][T18233]  geneve_configure+0x611/0xa30
[ 1766.010899][T18233]  geneve_newlink+0x1b9/0x260
[ 1766.015597][T18233]  rtnl_newlink_create+0x329/0xb70
[ 1766.020712][T18233]  rtnl_newlink+0x166a/0x1bb0
[ 1766.025391][T18233]  rtnetlink_rcv_msg+0x7d5/0xbe0
[ 1766.030328][T18233]  netlink_rcv_skb+0x232/0x4b0
[ 1766.035097][T18233] 
[ 1766.037411][T18233] Memory state around the buggy address:
[ 1766.043070][T18233]  ffff88807c488480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1766.051139][T18233]  ffff88807c488500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1766.059201][T18233] >ffff88807c488580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1766.067257][T18233]                                   ^
[ 1766.072624][T18233]  ffff88807c488600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1766.080676][T18233]  ffff88807c488680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1766.088728][T18233] ==================================================================
[ 1766.118697][T18233] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1766.125947][T18233] CPU: 1 UID: 0 PID: 18233 Comm: kworker/u9:2 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1766.137084][T18233] Tainted: [L]=SOFTLOCKUP
[ 1766.141407][T18233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1766.151472][T18233] Workqueue: hci7 hci_rx_work
[ 1766.156182][T18233] Call Trace:
[ 1766.159454][T18233]  <TASK>
[ 1766.162380][T18233]  vpanic+0x56c/0xa60
[ 1766.166371][T18233]  ? __pfx_vpanic+0x10/0x10
[ 1766.170875][T18233]  ? __pfx___schedule+0x10/0x10
[ 1766.175737][T18233]  panic+0xc5/0xd0
[ 1766.179462][T18233]  ? __pfx_panic+0x10/0x10
[ 1766.183880][T18233]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1766.189519][T18233]  ? preempt_schedule_common+0x82/0xd0
[ 1766.194992][T18233]  ? l2cap_sock_new_connection_cb+0x1f9/0x2e0
[ 1766.201072][T18233]  check_panic_on_warn+0x89/0xb0
[ 1766.206028][T18233]  ? l2cap_sock_new_connection_cb+0x1f9/0x2e0
[ 1766.212118][T18233]  end_report+0x73/0x170
[ 1766.216380][T18233]  ? l2cap_sock_new_connection_cb+0x1f9/0x2e0
[ 1766.222459][T18233]  kasan_report+0x128/0x150
[ 1766.226979][T18233]  ? l2cap_sock_new_connection_cb+0x1f9/0x2e0
[ 1766.233060][T18233]  l2cap_sock_new_connection_cb+0x1f9/0x2e0
[ 1766.238978][T18233]  l2cap_connect_cfm+0x368/0x1560
[ 1766.244017][T18233]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[ 1766.249486][T18233]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[ 1766.254948][T18233]  hci_connect_cfm+0x95/0x140
[ 1766.259624][T18233]  le_conn_complete_evt+0x1134/0x16b0
[ 1766.265008][T18233]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1766.270734][T18233]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1766.276369][T18233]  ? irqentry_exit+0x218/0x730
[ 1766.281148][T18233]  ? rcu_is_watching+0x15/0xb0
[ 1766.285928][T18233]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1766.291607][T18233]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1766.297252][T18233]  ? skb_pull_data+0xfb/0x200
[ 1766.301954][T18233]  hci_le_conn_complete_evt+0x187/0x470
[ 1766.307507][T18233]  hci_event_packet+0x659/0xef0
[ 1766.312375][T18233]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1766.317655][T18233]  ? __pfx_hci_event_packet+0x10/0x10
[ 1766.323038][T18233]  ? kcov_remote_start+0x49a/0x7a0
[ 1766.328170][T18233]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1766.333803][T18233]  ? hci_send_to_monitor+0xe2/0x590
[ 1766.339006][T18233]  hci_rx_work+0x3ee/0x1040
[ 1766.343522][T18233]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1766.349160][T18233]  ? preempt_schedule_thunk+0x16/0x30
[ 1766.354550][T18233]  ? process_scheduled_works+0xa70/0x1860
[ 1766.360277][T18233]  process_scheduled_works+0xb5d/0x1860
[ 1766.365831][T18233]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1766.371490][T18233]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1766.377486][T18233]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1766.383132][T18233]  ? assign_work+0x3d5/0x5e0
[ 1766.387730][T18233]  worker_thread+0xa53/0xfc0
[ 1766.392330][T18233]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1766.397979][T18233]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1766.403623][T18233]  kthread+0x388/0x470
[ 1766.407703][T18233]  ? __pfx_worker_thread+0x10/0x10
[ 1766.412849][T18233]  ? __pfx_kthread+0x10/0x10
[ 1766.417450][T18233]  ret_from_fork+0x514/0xb70
[ 1766.422041][T18233]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1766.427684][T18233]  ? __pfx_ret_from_fork+0x10/0x10
[ 1766.432792][T18233]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1766.438428][T18233]  ? __switch_to+0xc79/0x1410
[ 1766.443120][T18233]  ? __pfx_kthread+0x10/0x10
[ 1766.447714][T18233]  ret_from_fork_asm+0x1a/0x30
[ 1766.452492][T18233]  </TASK>
[ 1766.455920][T18233] Kernel Offset: disabled
[ 1766.460238][T18233] Rebooting in 86400 seconds..